Red Hat Security Advisory 2014-0949-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. It was found that the Linux kernel's ptrace subsystem allowed a traced process' instruction pointer to be set to a non-canonical memory address without forcing the non-sysret code path when returning to user space. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system. Note: The CVE-2014-4699 issue only affected systems using an Intel CPU.
f9777ca1631aa2e4c1e414fb55781fb71e7081b5f670f58256119195823e51daDebian Linux Security Advisory 2991-1 - Martin Holst Swende discovered a flaw in the way chunked requests are handled in ModSecurity, an Apache module whose purpose is to tighten the Web application security. A remote attacker could use this flaw to bypass intended mod_security restrictions by using chunked transfer coding with a capitalized Chunked value in the Transfer-Encoding HTTP header, allowing to send requests containing content that should have been removed by mod_security.
0825c96504b99d210fe961acdb714473b46a1f7fcddf8251e31b0490e8e42c0cDebian Linux Security Advisory 2990-1 - It was discovered that the web interface in CUPS, the Common UNIX Printing System, incorrectly validated permissions on rss files and directory index files. A local attacker could possibly use this issue to bypass file permissions and read arbitrary files, possibly leading to a privilege escalation.
cc938fc7d54d51a015c06e68ed74d219f09c0baf6016e28dce18fb4e2629a93bGentoo Linux Security Advisory 201407-5 - Multiple vulnerabilities have been found in OpenSSL, possibly allowing remote attackers to execute arbitrary code. Versions less than 1.0.1h-r1 are affected.
058715fbe6887e5fa7531493f741e2281a8b6fbd10beffa54560903e427c61b1Android's SDK suffers from a SQL injection vulnerability in the delete() method.
046033dbaaf5bdd27428cd7cdb0cfd8935c69d769ad6e6b0e0901db8c882e245Bugzilla Security Advisory - Bugzilla versions 3.7.1 to 4.0.13, 4.1.1 to 4.2.9, 4.3.1 to 4.4.4, and 4.5.1 to 4.5.4 suffer from a cross site request forgery vulnerability.
cd0337a3196b87e65a4382c3d46665e5a07957324bbe8fa092ed144b51893ab0Debian Linux Security Advisory 2989-1 - Several security issues were found in the Apache HTTP server.
6a2e0fe2e7dd2939b32d62124cbffac15ed98b20d36d18e10fd6076278bcd60cDebian Linux Security Advisory 2988-1 - Ben Hawkes discovered that incorrect handling of peer messages in the Transmission bittorrent client could result in denial of service or the execution of arbitrary code.
9cd5b0aa71fa0a9673cbbc99e208e5bb93e7fd049bfa2868f05da44789369498HP Security Bulletin HPSBMU03076 - Potential security vulnerabilities have been identified with HP Systems Insight Manager running on Linux and Windows which could be exploited remotely resulting in multiple vulnerabilities. Revision 1 of this advisory.
9b97ca3342a8fe043d011e3fbc87f0bef6c8bf5869678631e38d1bc64e95c33bHP Security Bulletin HPSBMU03074 - Potential security vulnerabilities have been identified with HP Insight Control server migration running on Linux and Windows which could be exploited remotely resulting in denial of service (DoS), code execution, unauthorized access, or disclosure of information. Revision 1 of this advisory.
1a4d710e9dd7291eeed8fb57906255564db16e374b955cf64cee067d9ffb017eUbuntu Security Notice 2300-1 - Don A. Bailey discovered that LZO incorrectly handled certain input data. An attacker could use this issue to cause LZO to crash, resulting in a denial of service, or possibly execute arbitrary code.
052eb44f42d6cd5dd14d059c17c5bf9a8bc99472168ac85239a8e82354f16e46Ubuntu Security Notice 2301-1 - It was discovered that Jinja2 incorrectly handled temporary cache files and directories. A local attacker could use this issue to possibly gain privileges.
3a91ff5ebd149d7e0aab5ae4a428957385901e2a8fa50facfe13ef486970061aRed Hat Security Advisory 2014-0888-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM in environments managed by Red Hat Enterprise Linux OpenStack Platform. Multiple buffer overflow, input validation, and out-of-bounds write flaws were found in the way the virtio, virtio-net, virtio-scsi, and usb drivers of QEMU handled state loading after migration. A user able to alter the savevm data could use either of these flaws to corrupt QEMU process memory on the host, which could potentially result in arbitrary code execution on the host with the privileges of the QEMU process.
195082a4a46ffe4559088354e4d5d5cc6eb186e63237e778eda10ca9584098abRed Hat Security Advisory 2014-0941-01 - OpenStack Object Storage provides object storage in virtual containers, which allows users to store and retrieve files. It was found that Swift did not escape all HTTP header values, allowing data to be injected into the responses sent from the Swift server. This could lead to cross-site scripting attacks if a user were tricked into clicking on a malicious URL.
d30f5bfd8905d8674b1d746649a38df392d90111e0b2c428837a01b20f20c092Red Hat Security Advisory 2014-0940-01 - OpenStack Compute launches and schedules large networks of virtual machines, creating a redundant and scalable cloud computing platform. A side-channel timing attack flaw was found in Nova. An attacker could possibly use this flaw to guess valid instance ID signatures, giving them access to details of another instance, by analyzing the response times of requests for instance metadata. This issue only affected configurations that proxy metadata requests via Neutron.
0dea30bc1e9c22fe2fa05d20778c0dea310d9d7295170dd8826f16158c433de1Red Hat Security Advisory 2014-0939-01 - OpenStack Dashboard provides administrators and users with a graphical interface to access, provision, and automate cloud-based resources. A cross-site scripting flaw was found in the way orchestration templates were handled. An owner of such a template could use this flaw to perform XSS attacks against other Horizon users. It was found that network names were not sanitized. A malicious user could use this flaw to perform XSS attacks against other Horizon users by creating a network with a specially crafted name.
13312916ca2068b863e545e519d448ced8d30583209b6ecc7061d6772b243f3cSlackware Security Advisory - New mozilla-thunderbird packages are available for Slackware 14.1 and -current to fix security issues.
800b88b6e669b68b95c950719ea21eea841a6a017de7043e0fe01ed0e04856c5Slackware Security Advisory - New mozilla-firefox packages are available for Slackware 14.1 and -current to fix security issues.
5749f434a5e46d39aece443e0baac9e8e1e5bf270e85ab57d73bb8f77029cdd2Slackware Security Advisory - New httpd packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues.
8b2ce2fa4eaa2da3d41503e0ff66afd040e6de3710d8ec4fb82e11f6fde37915Debian Linux Security Advisory 2987-1 - Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in the execution of arbitrary code, breakouts of the Java sandbox, information disclosure or denial of service.
faa288d612eeef5bf4c9f58961bc2f8a33f1a0148d0997c3924c7b9e14b513eeDebian Linux Security Advisory 2986-1 - Multiple security issues have been found in Iceweasel, Debian's version use-after-frees may lead to the execution of arbitrary code or denial of service.
a4eb9120a7e71d7ea237528df4080150da04d22d7c5825f8d7976d867f97602dInsufficient input sanitization on the parameters passed to the application web gui leads to arbitrary command injection on the LPAR2RRD application server. Versions 4.53 and below and 3.5 and below are affected.
1a1002b04f4d303d72eb47b9c4e32b31388ec73b29abfea315a4fb3c871f89eaHP Security Bulletin HPSBMU03073 - A potential security vulnerability has been identified with HP Network Vitalization. The vulnerability could be exploited remotely to allow execution of code and disclosure of information. Revision 1 of this advisory.
317d2933e8c75481a45e48b6b953256ef0359b24b49d3bd039fe3998e19fa24aDebian Linux Security Advisory 2984-1 - CESG discovered a root escalation flaw in the acpi-support package. An unprivileged user can inject the DBUS_SESSION_BUS_ADDRESS environment variable to run arbitrary commands as root user via the policy-funcs script.
adaf1b772581837925185b0f8fb07ac5691d61ada127b8bcdfcadbfe95eb3291Red Hat Security Advisory 2014-0921-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. A race condition flaw, leading to heap-based buffer overflows, was found in the mod_status httpd module. A remote attacker able to access a status page served by mod_status on a server using a threaded Multi-Processing Module could send a specially crafted request that would cause the httpd child process to crash or, possibly, allow the attacker to execute arbitrary code with the privileges of the "apache" user. A NULL pointer dereference flaw was found in the mod_cache httpd module. A malicious HTTP server could cause the httpd child process to crash when the Apache HTTP Server was used as a forward proxy with caching.
5f6342d6a0ba942fed1212f30532f2a6f06b9ce40839eb606fcaa582d6020ed3
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed