Ubuntu Security Notice 2214-3 - USN-2214-1 fixed vulnerabilities in libxml2. The upstream fix introduced a number of regressions. This update fixes the problem. Daniel Berrange discovered that libxml2 would incorrectly perform entity substitution even when requested not to. If a user or automated system were tricked into opening a specially crafted document, an attacker could possibly cause resource consumption, resulting in a denial of service. Various other issues were also addressed.
b8ca3b18f9831d34c0464420a76c23b14a760faa58fe6f074b4b06d29b558801Debian Linux Security Advisory 2961-1 - It was discovered that PHP, a general-purpose scripting language commonly used for web application development, is vulnerable to a heap-based buffer overflow in the DNS TXT record parsing. A malicious server or man-in-the-middle attacker could possibly use this flaw to execute arbitrary code as the PHP interpreter if a PHP application uses dns_get_record() to perform a DNS query.
946b22608c26f85311d93ae2c51a26d572a981793976824e42be9b3507f437beDebian Linux Security Advisory 2950-2 - This update updates the upstream fix for CVE-2014-0224 to address problems with CCS which could result in problems with the Postgres database.
f151f5f5f15dae8af04e0f433f6ad6ef33c50c6d4e2928146538a0f0cb46b400Gentoo Linux Security Advisory 201406-17 - Multiple vulnerabilities have been found in Adobe Flash Player, worst of which allows remote attackers to execute arbitrary code. Versions less than 11.2.202.378 are affected.
63b09a8eb3d0f4e8d7b16baa8c238f63b29aa9870472b974cfe306e898b67d31Debian Linux Security Advisory 2960-1 - Multiple security issues have been found in Icedove, Debian's version of errors and buffer overflows may lead to the execution of arbitrary code or denial of service.
17a5516df97cd62eafe928d857603c22edb142c9e24d12b0325f49525e461256Gentoo Linux Security Advisory 201406-16 - Multiple vulnerabilities have been found in cups-filters, worst of which allows remote attackers to execute arbitrary code. Versions less than 1.0.53 are affected.
1b81d6c0f90bf8f5f757a2c8aaa3970d168ae016fb743b12ea93ed626eff7051Onnto RAID Master utility suffers from cross site request forgery, command execution, unauthenticated access, and vulnerable package installation issues.
245ae267b5a4bcb84d07d5fb689669d76d58afeb1cdc937e302915c6d435bf05Security Explorations discovered multiple security issues in the implementation of a Java VM embedded in Oracle Database software. Among a total of 20 weaknesses discovered, there are issues that allow to create a specific Java security bypass condition or that facilitate the execution of arbitrary Java code on Oracle Database server without proper privileges.
67ffba97eac0feeeb493a67dcadb70bec07aaba89ec8cdc1f47731fb6432f1c2Gentoo Linux Security Advisory 201406-14 - Multiple vulnerabilities have been found in Opera, the worst of which may allow remote execution of arbitrary code. Versions less than 12.13_p1734 are affected.
417d2dd5bab6a258d8ba249e8f5a88e89268922b4857ee657c17a5ca9734c766Gentoo Linux Security Advisory 201406-13 - Multiple vulnerabilities have been found in memcached, allowing remote attackers to execute arbitrary code or cause Denial of Service. Versions less than 1.4.17 are affected.
05cfaf212de31fc2d8fac7f61b07b5e97592a8e4949897646e3931bdc59185a3Gentoo Linux Security Advisory 201406-12 - A vulnerability in FreeRADIUS can lead to arbitrary code execution or Denial of Service by authenticated users. Versions less than 2.2.5 are affected.
010ad86173718670617073a898022afc8bae419c0a34107d6a83d1dc5cd8e6c5Gentoo Linux Security Advisory 201406-11 - Multiple vulnerabilities have been found in libXfont, the worst of which allow for local privilege escalation. Versions less than 1.4.8 are affected.
c5838a2ea4a6b02286e313707132334a31d109aefb518319fc0fa4e27a985a26Gentoo Linux Security Advisory 201406-10 - Multiple vulnerabilities have been found in lighttpd, allowing remote attackers cause a Denial of Service condition or execute arbitrary SQL statements. Versions less than 1.4.35 are affected.
e017516a6f3a848b9abd4c61f5d7bd6822ea6e44021b22c85ae960c93b959e14Gentoo Linux Security Advisory 201406-9 - Multiple vulnerabilities have been discovered in GnuTLS, the worst of which could lead to arbitrary code execution. Versions less than 2.12.23-r6 are affected.
c9e57007e1e2c16ca271f1ad218866fe2a98937c85f28534d1b3cafa77b79278Debian Linux Security Advisory 2959-1 - Several vulnerabilities have been discovered in the chromium web browser.
5e90eb570fe8150554998a53918d38209bb72732f8a13bb227a276828a83b53dGentoo Linux Security Advisory 201406-15 - A vulnerability in KDirStat could allow local attackers to execute arbitrary shell commands. Versions less than 2.7.5 are affected.
0cd26004decec0355c19d117cabe258fe1ce10e9d050e2db5dcd0177c1acda41Mandriva Linux Security Advisory 2014-124 - Multiple vulnerabilities has been found and corrected in the Linux kernel. The updated packages provides a solution for these security issues.
73e79f50856da66b94dc300dcf75b8e4967914b79209768459dcab2e0db44614Mandriva Linux Security Advisory 2014-125 - Mozilla Netscape Portable Runtime before 4.10.6 allows remote attackers to execute arbitrary code or cause a denial of service via vectors involving the sprintf and console functions. The updated nspr packages have been upgraded to the 4.10.6 version which is unaffected by this issue.
920fede0411a1a0bcc21b4e57061b9623745ffea51d8d4553d6c70d950c0a435Apache Hive version 0.13.0 suffers from an authorization failure issue. In SQL standards based authorization mode, the URIs used in Hive queries are expected to be authorized on the file system permissions. However, the directory used in import/export statements is not being authorized.
61ed4103a143c74a694ee44973c4370db7fea80bb79bfce00f4a89e58f49ccb0Asterisk Project Security Advisory - When a SIP transaction timeout caused a subscription to be terminated, the action taken by Asterisk was guaranteed to deadlock the thread on which SIP requests are serviced. Note that this behavior could only happen on established subscriptions, meaning that this could only be exploited if an attacker bypassed authentication and successfully subscribed to a real resource on the Asterisk server.
e21cdaf3769c98aa4d94fbad230c4dee902998f19cff528885690e12ebe7363aAsterisk Project Security Advisory - Establishing a TCP or TLS connection to the configured HTTP or HTTPS port respectively in http.conf and then not sending or completing a HTTP request will tie up a HTTP session. By doing this repeatedly until the maximum number of open HTTP sessions is reached, legitimate requests are blocked.
e6779aabe2219ce71ab967736150fa4798031e2d5a8f66d132a104297bd2b824Asterisk Project Security Advisory - Manager users can execute arbitrary shell commands with the MixMonitor manager action. Asterisk does not require system class authorization for a manager user to use the MixMonitor action, so any manager user who is permitted to use manager commands can potentially execute shell commands as the user executing the Asterisk process.
930cf84fa176bf5c4db20b34cce8c5d33a35ed70742265a86ef2b9f3ab699974Asterisk Project Security Advisory - A remotely exploitable crash vulnerability exists in the PJSIP channel driver's pub/sub framework. If an attempt is made to unsubscribe when not currently subscribed and the endpoint's "sub_min_expiry" is set to zero, Asterisk tries to create an expiration timer with zero seconds, which is not allowed, so an assertion raised.
6b85765fc735a00c686484dac76731431461bf16a925d2e52ab0d28b8d4331feHP Security Bulletin HPSBUX03046 SSRT101590 - Potential security vulnerabilities have been identified with HP-UX running OpenSSL. These vulnerabilities could be exploited remotely to create a Denial of Service (DoS), execute code, bypass security restrictions, disclose information, or allow unauthorized access. Revision 1 of this advisory.
d75f304dc6572576f762b5741032d4dc9efdd2bc7c88b604e7c4c29467b6abe9HP Security Bulletin HPSBST03016 4 - A potential security vulnerability has been identified in HP P2000 G3 MSA Array Systems, HP MSA 2040 Storage, and HP MSA 1040 Storage running OpenSSL.This is the OpenSSL vulnerability known as "Heartbleed" which could be exploited remotely resulting in disclosure of information. Revision 4 of this advisory.
c824c58a9d51692dcb8aa9df7c86fb0c1822c96d29fe3b750299904ddbb92a55
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed