Ubuntu Security Notice 2264-1 - Salva discovered an information leak in the Linux kernel's media-device driver. A local attacker could exploit this flaw to obtain sensitive information from kernel memory. A bounds check error was discovered in the socket filter subsystem of the Linux kernel. A local user could exploit this flaw to cause a denial of service (system crash) via crafted BPF instructions. A remainder calculation error was discovered in the socket filter subsystem of the Linux kernel. A local user could exploit this flaw to cause a denial of service (system crash) via crafted BPF instructions. Various other issues were also addressed.
920a2a06a3de9eacbb25f2d917e0dffafeaf7b29e48f7e24cae1845f7c2c673e
Gentoo Linux Security Advisory 201406-29 - A vulnerability in spice-gtk could allow local attackers to gain escalated privileges. Versions less than 0.14 are affected.
b9413874188c23654847ff370a14d42def91b36b4d09058318892334cd2315fa
Gentoo Linux Security Advisory 201406-27 - A race condition in polkit could allow a local attacker to gain escalated privileges. Versions less than 3.14.1 are affected.
e25d75df9ade95871973ee8eb13ecdc5976b44c82d22212c6566220987e42d0e
Red Hat Security Advisory 2014-0799-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. Apache CXF is an open source services framework, which is a part of Red Hat JBoss Enterprise Application Platform. It was found that the SecurityTokenService, provided as a part of Apache CXF, could under certain circumstances accept invalid SAML tokens as valid. A remote attacker could use a specially crafted SAML token to gain access to an application that uses STS for validation of SAML tokens.
0cd0550f77116d1c59d4591c717a83ad8cdbcaa969bb3bbe9aee718c1d4bb50b
Red Hat Security Advisory 2014-0798-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. Apache CXF is an open source services framework, which is a part of Red Hat JBoss Enterprise Application Platform. It was found that the SecurityTokenService, provided as a part of Apache CXF, could under certain circumstances accept invalid SAML tokens as valid. A remote attacker could use a specially crafted SAML token to gain access to an application that uses STS for validation of SAML tokens.
4027894893d78fcf6d51613b6eb6547eb5ddfe1627ca792ea319f27908c5bf31
Red Hat Security Advisory 2014-0797-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. Apache CXF is an open source services framework, which is a part of Red Hat JBoss Enterprise Application Platform. It was found that the SecurityTokenService, provided as a part of Apache CXF, could under certain circumstances accept invalid SAML tokens as valid. A remote attacker could use a specially crafted SAML token to gain access to an application that uses STS for validation of SAML tokens.
05ee0efa8fd93561e6b04aa8dba65e5e2d2acb7ec219068a7f15f089b82cc7b0
Gentoo Linux Security Advisory 201406-26 - Multiple vulnerabilities have been found Django, the worst of which may allow a remote attacker to execute code. Versions less than 1.6.5 are affected.
404e02910f0bba73ffd124d38235026d2d6b71b9979c90bfa6cd369b3b9e7d66
Ubuntu Security Notice 2257-1 - Christof Schmitt discovered that Samba incorrectly initialized a certain response field when vfs shadow copy was enabled. A remote authenticated attacker could use this issue to possibly obtain sensitive information. This issue only affected Ubuntu 13.10 and Ubuntu 14.04 LTS. It was discovered that the Samba internal DNS server incorrectly handled QR fields when processing incoming DNS messages. A remote attacker could use this issue to cause Samba to consume resources, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS. Various other issues were also addressed.
ee495aec8ec133e39c6bb8c1541534dba3717b1f8a19b4fd91f988c20373902f
Ubuntu Security Notice 2258-1 - Jean-Rene Reinhard, Olivier Levillain and Florian Maury discovered that GnuPG incorrectly handled certain OpenPGP messages. If a user or automated system were tricked into processing a specially-crafted message, GnuPG could consume resources, resulting in a denial of service.
64ebbb4d63462023d548da35764df9fab01791f66fe49abd999b1c7d07f42781
Red Hat Security Advisory 2014-0800-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way the Linux kernel's futex subsystem handled the requeuing of certain Priority Inheritance futexes. A local, unprivileged user could use this flaw to escalate their privileges on the system. A flaw was found in the way the Linux kernel's floppy driver handled user space provided data in certain error code paths while processing FDRAWCMD IOCTL commands. Various other issues were also addressed.
68b3fb1fb5d2a50a6aabb2fe63feed3bc724bdba866925293b9ec244d4b96131
Red Hat Security Advisory 2014-0801-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way the Linux kernel's floppy driver handled user space provided data in certain error code paths while processing FDRAWCMD IOCTL commands. A local user with write access to /dev/fdX could use this flaw to free function) arbitrary kernel memory. It was found that the Linux kernel's floppy driver leaked internal kernel memory addresses to user space during the processing of the FDRAWCMD IOCTL command. A local user with write access to /dev/fdX could use this flaw to obtain information about the kernel heap arrangement.
2d58046f306af9f0cc7dc7fd8e3bfda1967d5aa9658a9b13b62046678768bee4
Gentoo Linux Security Advisory 201406-25 - Multiple vulnerabilities have been discovered in Asterisk, the worst of which could allow privileged users to execute arbitrary system shell commands. Versions less than 11.10.2 are affected.
2f76e2b58cb0cbdbb77bba0f6a0aae5851cfc9aaac21444656a427bd4a831a5b
The Configuration Console of Sophos Antivirus version 9.5.1 (Linux) does not sanitize several input parameters before sending them back to the browser, so an attacker could inject code inside these parameters, including JavaScript code.
d5779939070931292b00a87c8ea949ce6bb287c59c479c89bc4cf5e8803265d9
G Data TotalProtection 2014 version 24.0.2.1 suffers from an arbitrary code execution vulnerability.
d13c4d1c5599bcffe508e75fe31ffdd878a567e0ff4fc55a9e3ea8326e575583
FreeBSD Security Advisory - The file(1) utility attempts to classify file system objects based on filesystem, magic number and language tests. The libmagic(3) library provides most of the functionality of file(1) and may be used by other applications. A specifically crafted Composite Document File (CDF) file can trigger an out-of-bounds read or an invalid pointer dereference. A flaw in regular expression in the awk script detector makes use of multiple wildcards with unlimited repetitions. A malicious input file could trigger infinite recursion in libmagic(3). A specifically crafted Portable Executable (PE) can trigger out-of-bounds read.
55cc6eeed758a444fa53fb8b127508d97e88a58406f30d111d81e9ff1df57c77
FreeBSD Security Advisory - A NULL pointer dereference in the initialization code of the HZ module and an out of bounds array access in the initialization code of the VIQR module make iconv_open(3) calls involving HZ or VIQR result in an application crash.
9bfeb0e4817eb394eec76aa8f4fc00b3d2ab4fd8db2a80a5508e38d04a7226b7
Gentoo Linux Security Advisory 201406-23 - A vulnerability in DenyHosts could allow a remote attacker to create a Denial of Service condition. Versions less than 2.6-r9 are affected.
57dc3e1a285c8fe8b6958526718ba1dc4e63fc27f271542dcf6e8b4fc210723f
Gentoo Linux Security Advisory 201406-24 - A vulnerability in Dnsmasq can lead to a Denial of Service condition. Versions less than 2.66 are affected.
03fe3ef285b1b5d1ff8c208a973714bdf9c38116c4b573b22286d305c570965b
Ubuntu Security Notice 2256-1 - John Dickinson discovered that Swift did not properly quote the WWW-Authenticate header value. If a user were tricked into navigating to a malicious Swift URL, an attacker could conduct cross-site scripting attacks. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data, within the same domain.
852027970b4a45e5e99ddbaa1d4e1623c2a36639b5516a4ace71e95384748ddf
Ubuntu Security Notice 2255-1 - Darragh O'Reilly discovered that the Ubuntu packaging for OpenStack Neutron did not properly set up its sudo configuration. If a different flaw was found in OpenStack Neutron, this vulnerability could be used to escalate privileges. Stephen Ma and Christoph Thiel discovered that the openvswitch-agent in OpenStack Neutron did not properly perform input validation when creating security group rules when specifying --remote-ip-prefix. A remote authenticated attacker could exploit this to prevent application of additional rules. Various other issues were also addressed.
5f775a27ed4d74086084452e073f1d3f9e6287cb5e6b3c509943cf3d9cd94a8a
VMware Security Advisory 2014-0007 - VMware product updates address security vulnerabilities in Apache Struts library.
8cd3d3b5cff06fae69c9f9a484862c9a8161dfc6048ace9c43f4bda1f4c76169
HP Security Bulletin HPSBMU03053 - A potential security vulnerability has been identified with HP Software Database and Middleware Automation (DMA). This vulnerability could be exploited remotely to allow unauthorized access or disclosure of information. Revision 1 of this advisory.
1810640be47e84480c50a8e56837d65eeec140c4910ff22cb30526ada4f2e835
HP Security Bulletin HPSBMU03051 - Potential security vulnerabilities have been identified with HP System Management Homepage running OpenSSL on Linux and Windows. The vulnerabilities could be exploited remotely to create a Denial of Service (DoS), execute code, allow unauthorized access, or disclose information. Revision 1 of this advisory.
385e5e6edf1d7ef7bbc8050d651def4d345aba8a057fa2b355d6c87431ead849
Slackware Security Advisory - New samba packages are available for Slackware 14.0, 14.1, and -current to fix security issues.
f86aa120b172105145f5b723718fabcd5166d7c4730b1069b104b7db69051aec
Slackware Security Advisory - New bind packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues.
0e4965f7bb1d28a71301f19ccc59d0c8f659d4e086810b386a4b957fbf02238a