Ubuntu Security Notice 2169-2 - USN-2169-1 fixed vulnerabilities in Django. The upstream security patch for CVE-2014-0472 introduced a regression for certain applications. This update fixes the problem. Benjamin Bach discovered that Django incorrectly handled dotted Python paths when using the reverse() function. An attacker could use this issue to cause Django to import arbitrary modules from the Python path, resulting in possible code execution. Paul McMillan discovered that Django incorrectly cached certain pages that contained CSRF cookies. An attacker could possibly use this flaw to obtain a valid cookie and perform attacks which bypass the CSRF restrictions. Michael Koziarski discovered that Django did not always perform explicit conversion of certain fields when using a MySQL database. An attacker could possibly use this issue to obtain unexpected results. Various other issues were also addressed.
a7b08008b8314bc324c3bac2dbe355fbb780f90950b9918e89cde30052b8e26eApple Security Advisory 2014-04-22-3 - Apple TV 6.1.1 is now available and addresses vulnerabilities related to credential compromise, ASLR bypass, code execution, and more.
d81613426a53f674f7139c2f7f48ccd2a036e3b91520029902421cb35746ef3eApple Security Advisory 2014-04-22-2 - iOS 7.1.1 is now available and addresses vulnerabilities in IOKit Kernel, CFNetwork HTTPProtocol, Secure Transport, and WebKit.
f28da37ecb5c5cd5e4f54bd76a029ed17595e3d1258104a49dc05c23ee23660bApple Security Advisory 2014-04-22-1 - Security Update 2014-002 is now available and addresses vulnerabilities in CFNetwork HTTPProtocol, CoreServicesUIAgent, FontParser, Heimdal Kerberos, ImageIO, Intel Graphics Driver, IOKit Kernel, the kernel, power management, Ruby, and more.
9bfdfa84c349e009ae9cfd6999bec5ea1e79b30268900ea21bdf77c411c8ff36HP Security Bulletin HPSBMU03018 - A potential security vulnerability has been identified with HP Software Asset manager running OpenSSL. The Heartbleed vulnerability was detected in specific OpenSSL versions. OpenSSL is a 3rd party product that is embedded with some of HP Software products. This bulletin objective is to notify HP Software customers about products affected by the Heartbleed vulnerability. Note: The Heartbleed vulnerability (CVE-2014-0160) is a vulnerability found in the OpenSSL product cryptographic software library product. This weakness potentially allows disclosure of information protected, under normal conditions, by the SSL/TLS protocol. The impacted products appear in the list below are vulnerable due to embedding OpenSSL standard release software. Revision 1 of this advisory.
332978aeae4871a3152a70a5202180bdb05e8d1bab52276229dfca74fca337fbHP Security Bulletin HPSBMU03017 - A potential security vulnerability has been identified with HP Software Connect-IT running OpenSSL. The Heartbleed vulnerability was detected in specific OpenSSL versions. OpenSSL is a 3rd party product that is embedded with some of HP Software products. This bulletin objective is to notify HP Software customers about products affected by the Heartbleed vulnerability. Note: The Heartbleed vulnerability (CVE-2014-0160) is a vulnerability found in the OpenSSL product cryptographic software library product. This weakness potentially allows disclosure of information protected, under normal conditions, by the SSL/TLS protocol. The impacted products appear in the list below are vulnerable due to embedding OpenSSL standard release software. Revision 1 of this advisory.
eedf0b7a61c757e800c92074f51a4c6d976e18cc6856501acdf52c8e7f2f3e73HP Security Bulletin HPSBMU03019 - A potential security vulnerability has been identified with HP Software UCMDB Browser and Configuration Manager running OpenSSL. The Heartbleed vulnerability was detected in specific OpenSSL versions. OpenSSL is a 3rd party product that is embedded with some of HP Software products. This bulletin objective is to notify HP Software customers about products affected by the Heartbleed vulnerability. Note: The Heartbleed vulnerability (CVE-2014-0160) is a vulnerability found in the OpenSSL product cryptographic software library product. This weakness potentially allows disclosure of information protected, under normal conditions, by the SSL/TLS protocol. The impacted products appear in the list below are vulnerable due to embedding OpenSSL standard release software. Revision 1 of this advisory.
c477c805172e3484a7c8c365a44202e98084581b278701e1977105ff9030b9feUbuntu Security Notice 2169-1 - Benjamin Bach discovered that Django incorrectly handled dotted Python paths when using the reverse() function. An attacker could use this issue to cause Django to import arbitrary modules from the Python path, resulting in possible code execution. Paul McMillan discovered that Django incorrectly cached certain pages that contained CSRF cookies. An attacker could possibly use this flaw to obtain a valid cookie and perform attacks which bypass the CSRF restrictions. Various other issues were also addressed.
c06fe39660153662ccdc26aee4797b8b2cc6dc27ae9d5dcc5eacfa238b42bcacSlackware Security Advisory - New php packages are available for Slackware 14.0, 14.1, and -current to fix a security issue.
c688410c854937e1a43a107261fcbb759d55218a6cd9f726b13c94f1a629dc79Slackware Security Advisory - New libyaml packages are available for Slackware 13.1, 13.37, 14.0, 14.1, and -current to fix a security issue.
67766d18c7be9bf99a4f145887c9b60870dbfefc692474bde2466c4d0a02c5aaRed Hat Security Advisory 2014-0421-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM in environments managed by Red Hat Enterprise Virtualization Manager. Multiple integer overflow, input validation, logic error, and buffer overflow flaws were discovered in various QEMU block drivers. An attacker able to modify a disk image file loaded by a guest could use these flaws to crash the guest, or corrupt QEMU process memory on the host, potentially resulting in arbitrary code execution on the host with the privileges of the QEMU process.
6bb6017ff037f6088c5db07a13171259bd985f61435dcf170ba95439f45a61c8Red Hat Security Advisory 2014-0420-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the user-space component for running virtual machines using KVM. Multiple integer overflow, input validation, logic error, and buffer overflow flaws were discovered in various QEMU block drivers. An attacker able to modify a disk image file loaded by a guest could use these flaws to crash the guest, or corrupt QEMU process memory on the host, potentially resulting in arbitrary code execution on the host with the privileges of the QEMU process.
5ff929048132cfe17cbd13f84dc1814a3f026c9794cbf817379cf915013f4b76Red Hat Security Advisory 2014-0419-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way the Linux kernel processed an authenticated COOKIE_ECHO chunk during the initialization of an SCTP connection. A remote attacker could use this flaw to crash the system by initiating a specially crafted SCTP handshake in order to trigger a NULL pointer dereference on the system.
671b6cce6fddde41c73ae126802c85a3215d54ece7d82be64e6c0ae54cbef6a2Debian Linux Security Advisory 2911-1 - Multiple security issues have been found in Icedove, Debian's version of the Mozilla Thunderbird mail and news client. Multiple memory safety errors, out of bound reads, use-after-frees and other implementation errors may lead to the execution of arbitrary code, information disclosure or denial of service.
1c270a8efd85aadc9207bdba6fbb4a69a8079128f22ded1fffc00b71264ce953Bugzilla Security Advisory - Bugzilla versions 2.0 through 4.4.2 and 4.5.1 through 4.5.2 suffer from a cross site request forgery vulnerability. Bugzilla versions 2.0 through 4.0.11, 4.1.1 through 4.2.7, 4.3.1 through 4.4.2, and 4.5.1 through 4.5.2 suffer from a social engineering vulnerability.
e3f8c68b0a1bbdf0fb518956a6f0baea7892e0d7d30f6fb5905d155c12849c5bHP Security Bulletin HPSBMU02994 2 - A potential security vulnerability has been identified in HP BladeSystem c-Class Onboard Administrator (OA) running OpenSSL. This is the OpenSSL vulnerability known as "Heartbleed" which could be exploited remotely resulting in disclosure of information. Revision 2 of this advisory.
af46d77b342275c81dad243aee72e2543c47821cf6a2716985ee0ca5b3afb9f6HP Security Bulletin HPSBMU03012 - A potential security vulnerability has been identified with HP Insight Management VCEM Web Client SDK (VCEMSDK) running OpenSSL.This is the OpenSSL vulnerability known as "Heartbleed" which could be exploited remotely resulting in disclosure of information. Revision 1 of this advisory.
6c05a0c36bd187bdcc660daf592bb50425bc02d0f86c606f509cebeb253e72c9HP Security Bulletin HPSBMU02995 4 - The Heartbleed vulnerability was detected in specific OpenSSL versions. OpenSSL is a 3rd party product that is embedded with some of HP Software products. This bulletin objective is to notify HP Software customers about products affected by the Heartbleed vulnerability. Note: The Heartbleed vulnerability (CVE-2014-0160) is a vulnerability found in the OpenSSL product cryptographic software library product. This weakness potentially allows disclosure of information protected, under normal conditions, by the SSL/TLS protocol. Revision 4 of this advisory.
33e0d5284e68173cae785275eb350a4a7bf30068e9220a8329d1a7271fef9654Apache Archiva versions 1.3 through Continuum 1.3.6 and versions 1.2 through 1.2.2 are vulnerable to remote command execution.
6016752b96e92a44c9cf1eebaa5b10137807afe16bffa1cffa6f222ce1c77103Apache Archiva versions 1.3 through Continuum 1.3.6 and versions 1.2 through 1.2.2 are vulnerable to a cross site scripting issue.
f3dd2a6339f2b9cb29bc32104faba46017ede0de57263310b410cddaa5374bbfDebian Linux Security Advisory 2901-3 - The update of wordpress in DSA-2901-2 introduced a wrong versioned dependency on libjs-cropper, making the package uninstallable in the oldstable distribution (squeeze). This update corrects that problem.
0a850496735e1273b3de80b8645aa4ce0b91fe70713d28fd59c990bb6585ba45Debian Linux Security Advisory 2895-2 - The update for prosody in DSA 2895 caused a regression when a client logins with the compression functionality activated. This update corrects that problem.
dd3018edf46d17e0a53e7f8a889c24f627291c94020ff5cde063af76b298b7bdDebian Linux Security Advisory 2901-2 - The update for wordpress in DSA 2901 caused a regression in the Quick Drafts functionality. This update corrects that problem.
d2b698d3c0306b329f5d6fa12b5b30d81ec5aeefe5c0074149ffabaff5159725Debian Linux Security Advisory 2910-1 - Michael S. Tsirkin of Red Hat discovered a buffer overflow flaw in the way qemu processed MAC addresses table update requests from the guest.
52575665baaeb878ce9083fe942d1d6fc71a1cdb48ddddbf66a810e4959d714cDebian Linux Security Advisory 2909-1 - Michael S. Tsirkin of Red Hat discovered a buffer overflow flaw in the way qemu processed MAC addresses table update requests from the guest.
d5a88db7fc21bba30775e197759c2a16f7fc56b2f46b2263b0fa4c19795bc6ad
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed