Red Hat Security Advisory 2014-0920-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. A race condition flaw, leading to heap-based buffer overflows, was found in the mod_status httpd module. A remote attacker able to access a status page served by mod_status on a server using a threaded Multi-Processing Module could send a specially crafted request that would cause the httpd child process to crash or, possibly, allow the attacker to execute arbitrary code with the privileges of the "apache" user. A denial of service flaw was found in the way httpd's mod_deflate module handled request body decompression. A remote attacker able to send a request whose body would be decompressed could use this flaw to consume an excessive amount of system memory and CPU on the target system.
7a830cef22aa2d0447ea727c0b8c19ebb2b6de8d903602bcceaa93477c2004d8
Red Hat Security Advisory 2014-0922-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. A race condition flaw, leading to heap-based buffer overflows, was found in the mod_status httpd module. A remote attacker able to access a status page served by mod_status on a server using a threaded Multi-Processing Module could send a specially crafted request that would cause the httpd child process to crash or, possibly, allow the attacker to execute arbitrary code with the privileges of the "apache" user. A NULL pointer dereference flaw was found in the mod_cache httpd module. A malicious HTTP server could cause the httpd child process to crash when the Apache HTTP Server was used as a forward proxy with caching.
e474b0462ddaef58ac68027aa2da2ff235007fd49f59f3fd341b94b4a0cbdbb9
Ubuntu Security Notice 2299-1 - Marek Kroemeke discovered that the mod_proxy module incorrectly handled certain requests. A remote attacker could use this issue to cause the server to stop responding, leading to a denial of service. This issue only affected Ubuntu 14.04 LTS. Giancarlo Pellegrino and Davide Balzarotti discovered that the mod_deflate module incorrectly handled body decompression. A remote attacker could use this issue to cause resource consumption, leading to a denial of service. Various other issues were also addressed.
52c1adb5bf8f07e13c58b7beb3414522ce15e2686f455949248cc1c2d9b6f33f
Ubuntu Security Notice 2298-1 - A type confusion bug was discovered in V8. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer crash, or execute arbitrary code with the privileges of the sandboxed render process. A type confusion bug was discovered in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer crash, or execute arbitrary code with the privileges of the sandboxed render process. Various other issues were also addressed.
f04f0d08eabf376cf8df89a6160d58cebda3d1bf4b781e0b5974197ae1cc96ab
Red Hat Security Advisory 2014-0926-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A NULL pointer dereference flaw was found in the rds_iw_laddr_check() function in the Linux kernel's implementation of Reliable Datagram Sockets. A local, unprivileged user could use this flaw to crash the system. It was found that the Xen hypervisor implementation did not properly clean memory pages previously allocated by the hypervisor. A privileged guest user could potentially use this flaw to read data relating to other guests or the hypervisor itself.
64df96cc59f1efde805ebd934314dcedc8fb19134e675f87b2c0c455237419de
Red Hat Security Advisory 2014-0925-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. It was found that the Linux kernel's ptrace subsystem allowed a traced process' instruction pointer to be set to a non-canonical memory address without forcing the non-sysret code path when returning to user space. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system. Note: The CVE-2014-4699 issue only affected systems using an Intel CPU.
7a4b98cc6162c0bbcf1ed682d4479d010efef9351b16d2d8aaec4c5b5754f6b5
Red Hat Security Advisory 2014-0927-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the user-space component for running virtual machines using KVM. Two integer overflow flaws were found in the QEMU block driver for QCOW version 1 disk images. A user able to alter the QEMU disk image files loaded by a guest could use either of these flaws to corrupt QEMU process memory on the host, which could potentially result in arbitrary code execution on the host with the privileges of the QEMU process.
43a93a5808a3210c405d552f4a7fb770b717bc2bfc530c0db6443987ead11ed8
Red Hat Security Advisory 2014-0923-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. It was found that the Linux kernel's ptrace subsystem allowed a traced process' instruction pointer to be set to a non-canonical memory address without forcing the non-sysret code path when returning to user space. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system. Note: The CVE-2014-4699 issue only affected systems using an Intel CPU.
4d9fa3565ece76fb9ea52e62fb528ffab94970fb7731beb9d410ef7eee5e04f9
Red Hat Security Advisory 2014-0924-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. It was found that the Linux kernel's ptrace subsystem allowed a traced process' instruction pointer to be set to a non-canonical memory address without forcing the non-sysret code path when returning to user space. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system. Note: The CVE-2014-4699 issue only affected systems using an Intel CPU.
c438375570283d51bded0b1728d4f457f686151478e25dac149c079f49e029f5
Debian Linux Security Advisory 2985-1 - Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to the new upstream version 5.5.38.
3b51d1398c465f42e11fcde6139c0e15f394f85cee7636d461f42beaa1c45591
Red Hat Security Advisory 2014-0919-01 - Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox.
49a62946225e595f8af013ca9c7361ee2703b561dbf519e4fcdcfd7b43f3d480
The Ansible platform suffers from input sanitization errors that allow arbitrary code execution as well as information leak, in case an attacker is able to control certain playbook variables. Versions 1.6.6 and below are affected.
b465397fc2a757360069751e13b345820b4f62ef4a925ba616292d6bb0511da6
HP Security Bulletin HPSBMU03071 - A potential security vulnerability has been identified with HP Autonomy IDOL. The vulnerability could be exploited to allow remote unauthorized access and disclosure of information. This OpenSSL vulnerability was detected in specific OpenSSL versions. OpenSSL is a 3rd party product that is embedded with some HP Software products. This bulletin notifies HP Software customers about products affected by the OpenSSL vulnerabilities Note: OpenSSL vulnerabilities are vulnerabilities found in the OpenSSL product cryptographic software library product. This weakness potentially allows a Man in the Middle (MITM) attack where the attacker can decrypt and modify traffic from the attacked client and server. The impacted products appear in the list below are vulnerable due to embedding of OpenSSL standard release software. Revision 1 of this advisory.
86619643aa775eaaacbbc1c6a59da6f702723064b8ca9f8ae9e57ae203856bb1
Ubuntu Security Notice 2296-1 - Christian Holler, David Keeler and Byron Campen discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. Atte Kettunen discovered a buffer overflow when interacting with WebAudio buffers. If a user had enabled scripting, an attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking Thunderbird. Various other issues were also addressed.
d89e60a681e2c732b3a6fba0072f5db10566609510d8d0ff13e937fbf870a433
Ubuntu Security Notice 2295-1 - Multiple memory safety issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. Various other issues were also addressed.
5da1dbfd8e9f95ce6c8fc2bed10d5e03eca929b0eee610ca016f5d37e9fa85e2
Red Hat Security Advisory 2014-0918-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird.
449b6353095aa40dbdc59743d96b9e5a95db7728173354ad726db2b58560e011
Red Hat Security Advisory 2014-0917-01 - Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. A race condition was found in the way NSS verified certain certificates. A remote attacker could use this flaw to crash an application using NSS or, possibly, execute arbitrary code with the privileges of the user running that application. A flaw was found in the way TLS False Start was implemented in NSS. An attacker could use this flaw to potentially return unencrypted information from the server.
1fbbded1e323cfe2bc56f39ece91381947f983d3521f4f1a05904aa80a6a7550
Red Hat Security Advisory 2014-0915-01 - Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. A race condition was found in the way NSS verified certain certificates. A remote attacker could use this flaw to crash an application using NSS or, possibly, execute arbitrary code with the privileges of the user running that application.
1cf1f1dfebee6d6e5badf97a1931261a31312cd297dc52d29516494770b49569
Red Hat Security Advisory 2014-0916-01 - Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. A race condition was found in the way NSS verified certain certificates. A remote attacker could use this flaw to crash an application using NSS or, possibly, execute arbitrary code with the privileges of the user running that application.
e475d655916bf05e707cb881640350522517298cab22b2ee4f048576969f72f1
Red Hat Security Advisory 2014-0914-01 - The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. It was found that libvirt passes the XML_PARSE_NOENT flag when parsing XML documents using the libxml2 library, in which case all XML entities in the parsed documents are expanded. A user able to force libvirtd to parse an XML document with an entity pointing to a file could use this flaw to read the contents of that file; parsing an XML document with an entity pointing to a special file that blocks on read access could cause libvirtd to hang indefinitely, resulting in a denial of service on the system.
b6fcc61dfddaf9d23f4a2878fd17d80425194d0b93a2dc75f49e2a5b48cddc15
Red Hat Security Advisory 2014-0913-01 - The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way the Linux kernel's futex subsystem handled the requeuing of certain Priority Inheritance futexes. A local, unprivileged user could use this flaw to escalate their privileges on the system. It was found that the Linux kernel's ptrace subsystem allowed a traced process' instruction pointer to be set to a non-canonical memory address without forcing the non-sysret code path when returning to user space. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system.
c05d77b8bb0fb6653e702993e25b62f141d1901c64377ea8e2757ba943646f2b
Ubuntu Security Notice 2297-1 - CESG discovered that acpi-support incorrectly handled certain privileged operations when checking for power management daemons. A local attacker could use this flaw to execute arbitrary code and elevate privileges to root.
8c0d27477a48444c6aeaeb6b969c4b184ead8f5305a92a2ee3fecf5275bc02d0
Ubuntu Security Notice 2294-1 - It was discovered that Libtasn1 incorrectly handled certain ASN.1 data structures. An attacker could exploit this with specially crafted ASN.1 data and cause applications using Libtasn1 to crash, resulting in a denial of service. It was discovered that Libtasn1 incorrectly handled negative bit lengths. An attacker could exploit this with specially crafted ASN.1 data and cause applications using Libtasn1 to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.
a15de4c2e04bfec1afe8e723c19c93779c39f5421110554b9e8dd54be15fa159
SGMiner versions prior to 4.2.2 and CGMiner versions 3.3.0 through 4.0.1 suffer from a denial of service vulnerability.
5146851e59a5f91d694e0831f5efdf053627cbe4367699bc027ea3d833364679
SGMiner versions prior to 4.2.2, CGMiner versions prior to 4.3.5, and BFGMinter versions prior to 3.3.0 suffer from a stack overflow vulnerability.
dc32fa2fed2ade75dc9dcfbcc249f42532adab5d9397a5a19f9afc47f1fed7b1