Ubuntu Security Notice 2232-3 - USN-2232-1 fixed vulnerabilities in OpenSSL. The upstream fix for CVE-2014-0224 caused a regression for certain applications that use renegotiation, such as PostgreSQL. This update fixes the problem.
cc6733f4fffea0f3b6869064e684111e12bbecad4854424c42c0407cf80705b2Ubuntu Security Notice 2253-1 - It was discovered that LibreOffice unconditionally executed certain VBA macros, contrary to user expectations.
b81ffc82c33e804f6dfee7e601bf1524665c2fbc6e1927ce1e0b5e89796cb3c6Ubuntu Security Notice 2252-1 - A bounds check error was discovered in the socket filter subsystem of the Linux kernel. A local user could exploit this flaw to cause a denial of service (system crash) via crafted BPF instructions. A remainder calculation error was discovered in the socket filter subsystem of the Linux kernel. A local user could exploit this flaw to cause a denial of service (system crash) via crafted BPF instructions.
0a89de935a50d06d0598ec1e19404e3c7fc51c91a4b62f5fe952a46d6118f724Ubuntu Security Notice 2251-1 - A bounds check error was discovered in the socket filter subsystem of the Linux kernel. A local user could exploit this flaw to cause a denial of service (system crash) via crafted BPF instructions. A remainder calculation error was discovered in the socket filter subsystem of the Linux kernel. A local user could exploit this flaw to cause a denial of service (system crash) via crafted BPF instructions.
176d5822ccb535de1f90d669ac5c981cbc29a5fa73a8a6a8af87d1ef1a524c6bHP Security Bulletin HPSBOV03047 - Potential security vulnerabilities have been identified with HP OpenVMS running OpenSSL. The vulnerabilities could be exploited remotely to create a Denial of Service (DoS), execute code, allow unauthorized access, or disclose information. Revision 1 of this advisory.
e545961d2486992ac5cd08c4a4d901c108cc777140b0a87c47be2e344c642f8aRed Hat Security Advisory 2014-0772-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way the Linux kernel's floppy driver handled user space provided data in certain error code paths while processing FDRAWCMD IOCTL commands. A local user with write access to /dev/fdX could use this flaw to free (using the kfree() function) arbitrary kernel memory. It was found that the Linux kernel's floppy driver leaked internal kernel memory addresses to user space during the processing of the FDRAWCMD IOCTL command. A local user with write access to /dev/fdX could use this flaw to obtain information about the kernel heap arrangement.
b39ab59da6eb4cf12abfe7f5da13883f79093f424333564d663bd67f9e433ae8Red Hat Security Advisory 2014-0770-01 - The foreman-proxy package provides a RESTful API to manage DNS, DHCP, TFTP, and Puppet settings, and can be used as part of Foreman. A shell command injection flaw was found in the way foreman-proxy verified URLs in the TFTP module. A remote attacker could use this flaw to execute arbitrary shell commands on the system with the privileges of the user running foreman-proxy. This issue was discovered by Lukas Zapletal of Red Hat. Note that for Red Hat Enterprise Linux OpenStack Platform 3.0, Foreman was released as a Technology Preview.
45d2dd06196dba362bdfc1b1fba8fc39ea1986b37fdf8f3bba736cdd0e23f021Gentoo Linux Security Advisory 201406-18 - A vulnerability in rxvt-unicode may allow a remote attacker to execute arbitrary code. Versions less than 9.20 are affected.
265fd3c25d7c4ae3e599687c6a81d3c09bfb1e5777f345264551bcebcc0ff312Ubuntu Security Notice 2250-1 - Gary Kwong, Christoph Diehl, Christian Holler, Hannes Verschore, Jan de Mooij, Ryan VanderMeulen, Jeff Walden and Kyle Huey discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. Abhishek Arya discovered multiple use-after-free and out-of-bounds read issues in Thunderbird. If a user had enabled scripting, an attacker could potentially exploit these to cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking Thunderbird. Various other issues were also addressed.
dddebba2dc6819014946e60612c0b01c0f17fe3554a8617afe844276d7b32721Red Hat Security Advisory 2014-0771-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way the Linux kernel's futex subsystem handled the requeuing of certain Priority Inheritance futexes. A local, unprivileged user could use this flaw to escalate their privileges on the system. A flaw was found in the way the Linux kernel's floppy driver handled user space provided data in certain error code paths while processing FDRAWCMD IOCTL commands. A local user with write access to /dev/fdX could use this flaw to free (using the kfree() function) arbitrary kernel memory. Various other issues were also addressed.
045975b06f49ae62face7f508bfd20413516dac60cbe25c8914c866298aa5808Ubuntu Security Notice 2249-1 - Jason Dunsmore discovered that OpenStack heat did not properly restrict access to template information. A remote authenticated attacker could exploit this to see URL provider templates of other tenants for a limited time.
8be9fac4ad36b56bcc237a02c24459e6268fc88401496dd72a882fe5be9891e9Red Hat Security Advisory 2014-0764-01 - The rubygem-openshift-origin-node package provides basic OpenShift node functionality. A command injection flaw was found in rubygem-openshift-origin-node. A remote, authenticated user permitted to install cartridges via the web interface could use this flaw to execute arbitrary code with root privileges on the Red Hat OpenShift Enterprise node server. This issue was discovered by Jeremy Choi of the Red Hat HSS Pen-test Team. The rubygem-openshift-origin-node package has been upgraded to version 1.23.9.11. Additionally, the rubygem-openshift-origin-container-selinux package has been upgraded to version 0.8.1.2, as needed by the updated rubygem-openshift-origin-node package.
9efb51187bcf53776704421d89805d50742bcf7b104c1bee8f2470b01e14a698Ubuntu Security Notice 2248-1 - Darragh O'Reilly discovered that the Ubuntu packaging for OpenStack Cinder did not properly set up its sudo configuration. If a different flaw was found in OpenStack Cinder, this vulnerability could be used to escalate privileges.
9a2f0de0000b134ad574967e2bd386f2a93c4dcb9cb13051779edfbef45c99f6CDVI ACAC22 suffers from a lack of transport encryption for authentication and denial of service vulnerabilities.
047f2ac3e771278a841178d716fb08b78428f50401ded7587c85313fcd19564cRed Hat Security Advisory 2014-0763-01 - The rubygem-openshift-origin-node package provides basic OpenShift node functionality. A command injection flaw was found in rubygem-openshift-origin-node. A remote, authenticated user permitted to install cartridges via the web interface could use this flaw to execute arbitrary code with root privileges on the Red Hat OpenShift Enterprise node server. This issue was discovered by Jeremy Choi of the Red Hat HSS Pen-test Team. All rubygem-openshift-origin-node users are advised to upgrade to this updated package, which contains a backported patch to correct this issue.
79473a1f28bbcc4c39fd9388de8288a9e16010e2592fe8e5daab4774863d34eeRed Hat Security Advisory 2014-0762-01 - The rubygem-openshift-origin-node package provides basic OpenShift node functionality. A command injection flaw was found in rubygem-openshift-origin-node. A remote, authenticated user permitted to install cartridges via the web interface could use this flaw to execute arbitrary code with root privileges on the Red Hat OpenShift node server. This issue was discovered by Jeremy Choi of the Red Hat HSS Pen-test Team. All rubygem-openshift-origin-node users are advised to upgrade to this updated package, which contains a backported patch to correct this issue.
ec30fba6c7a4c628bcdf2ec87477ea24857971985c11008a44df152fc67cd6b8PayPal's SecurityKey Card Serialnumber module suffered from a code injection vulnerability.
5a18a5ce198fb752971c12d26f955c587d8e29ca6aae09a17b3ee8a28d3de784SugarCRM versions 6.5.16 and below suffer from an XML external entity attack vulnerability.
75ac9dbf751b5a7e72f7c1007cb231586a2d7bdca087f2e5353448d2f0bdd326Debian Linux Security Advisory 2963-1 - Multiple vulnerabilities were found in Solr, an open source enterprise search server based on Lucene, resulting in information disclosure or code execution.
3226bb057733365b0ea15b5668653bc6949b848105b6f6682ec03fe9ea85782bDebian Linux Security Advisory 2962-1 - Abhiskek Arya discovered an out of bounds write in the cvt_t() function of the NetScape Portable Runtime Library which could result in the execution of arbitrary code.
8ae3868fe8152a96118f4b1e810a8b6126eb04436554c9e5c1037d8e4a07a310HP Security Bulletin HPSBMU03048 - A potential security vulnerability has been identified with HP Executive Scorecard. The vulnerability could be exploited remotely to allow remote code execution and directory traversal. Revision 1 of this advisory.
213e14c884fc213da0fdb80f32a44b94ce6dd87743ec5983bcf3445557d1422eHP Security Bulletin HPSBUX03046 SSRT101590 2 - Potential security vulnerabilities have been identified with HP-UX running OpenSSL. These vulnerabilities could be exploited remotely to create a Denial of Service (DoS), execute code, bypass security restrictions, disclose information, or allow unauthorized access. Revision 2 of this advisory.
82b711db58c11d9acdbe01d1244f27e7cce6fb0f760c5bd171d01059147203d5Ubuntu Security Notice 2247-1 - Darragh O'Reilly discovered that OpenStack Nova did not properly set up its sudo configuration. If a different flaw was found in OpenStack Nova, this vulnerability could be used to escalate privileges. This issue only affected Ubuntu 13.10 and Ubuntu 14.04 LTS. Bernhard M. Wiedemann and Pedraig Brady discovered that OpenStack Nova did not properly verify the virtual size of a QCOW2 images. A remote authenticated attacker could exploit this to create a denial of service via disk consumption. This issue did not affect Ubuntu 14.04 LTS. Various other issues were also addressed.
c061c326f8e2fd51cf3da4f0196f40f3e8ce883bba777d9e41fe4665ea5c141aUbuntu Security Notice 2246-1 - Jakub Wilk discovered that APT did not correctly validate signatures when downloading source packages. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could potentially be used to install altered source packages.
02149d90e10050b8b15bd3bf795cc65698917322da68d3c7a2d6fb0cd74529c6Zabbix versions 1.8.x through 2.2.x suffer from an XML external entity attack vulnerability.
58c8a52d7fba50ef0b5bff2b0868272d62ff90398c6d604f69d6a653058e7dcd
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed