Ubuntu Security Notice 2317-1 - Eric W. Biederman discovered a flaw with the mediation of mount flags in the Linux kernel's user namespace subsystem. An unprivileged user could exploit this flaw to by-pass mount restrictions, and potentially gain administrative privileges. Kenton Varda discovered a flaw with read-only bind mounds when used with user namespaces. An unprivileged local user could exploit this flaw to gain full write privileges to a mount that should be read only. Various other issues were also addressed.
891094f08750c7ff1ccc2f3aa4fe734c4fae78b401f90a2713af74ba81869398Ubuntu Security Notice 2318-1 - Eric W. Biederman discovered a flaw with the mediation of mount flags in the Linux kernel's user namespace subsystem. An unprivileged user could exploit this flaw to by-pass mount restrictions, and potentially gain administrative privileges. Kenton Varda discovered a flaw with read-only bind mounds when used with user namespaces. An unprivileged local user could exploit this flaw to gain full write privileges to a mount that should be read only. Various other issues were also addressed.
ac47389034e16265b91f850754f4d17ed121b6517b8fb5a79f805b8139d46dffOutlook.com for Android fails to properly validate SSL server certificates allowing for man-in-the-middle attacks. This issue was found in Outlook.com for Android version 7.8.2.12.49.2176 and version 7.8.2.12.49.6434.
feb52f7f3c4f0ae9883f60191249254d8403bfb4759cf2e2b7f8a017088d241aGentoo Linux Security Advisory 201408-7 - Multiple vulnerabilities have been found in ModPlug XMMS Plugin, worst of which allows remote attackers to execute arbitrary code. Versions less than 0.8.8.5 are affected.
5e99c6f9000e6d8756dbbb78e8c7f42650cdadaa457067183d96886a374f5d06This bulletin summary lists one released Microsoft security bulletin for August, 2014.
6f090504ee7a0de14c320dbeeed29e3dd1b67227fa00f610bad729792d17e68eWordPress Disqus versions up to 2.77 suffer from multiple cross site request forgery vulnerabilities.
18ea452355661321f38453a9406d157fc2de6d549d6c0b53601bcd2c5706cd0aRed Hat Security Advisory 2014-1067-01 - Red Hat is transitioning to Red Hat Subscription Management for all Red Hat products by July 31, 2017. All systems registered as clients to Red Hat Network Classic Hosted directly, or indirectly with Red Hat Proxy, must be migrated to Red Hat Subscription Management by July 31, 2017. Customers using Red Hat Satellite to manage their systems are not affected by this transition.
825a6700f33a7aeb7dbe8302077c09fb896971a9fc29ca57d0a13c37ed7c989cRed Hat Security Advisory 2014-1066-01 - Red Hat is transitioning to Red Hat Subscription Management for all Red Hat products by July 31, 2017. All systems registered as clients to Red Hat Network Classic Hosted directly, or indirectly with Red Hat Proxy, must be migrated to Red Hat Subscription Management by July 31, 2017. Customers using Red Hat Satellite to manage their systems are not affected by this transition.
87e80f6531bbf99f9918b60dcc938664bfad0b9768b6032589114990174638f2Red Hat Security Advisory 2014-1064-01 - Red Hat is transitioning to Red Hat Subscription Management for all Red Hat products by July 31, 2017. All systems registered as clients to Red Hat Network Classic Hosted directly, or indirectly with Red Hat Proxy, must be migrated to Red Hat Subscription Management by July 31, 2017. Customers using Red Hat Satellite to manage their systems are not affected by this transition.
f87fc8c811c9901af793c2b803ee9ec190c4d5b1061681c1366684bddea4215dRed Hat Security Advisory 2014-1069-01 - Red Hat is transitioning to Red Hat Subscription Management for all Red Hat products by July 31, 2017. All systems registered as clients to Red Hat Network Classic Hosted directly, or indirectly with Red Hat Proxy, must be migrated to Red Hat Subscription Management by July 31, 2017. Customers using Red Hat Satellite to manage their systems are not affected by this transition.
b73d15a60b691325189ee7a404941138dde069a15c708f8dbbe2c61c1c77515fRed Hat Security Advisory 2014-1061-01 - Red Hat is transitioning to Red Hat Subscription Management for all Red Hat products by July 31, 2017. All systems registered as clients to Red Hat Network Classic Hosted directly, or indirectly with Red Hat Proxy, must be migrated to Red Hat Subscription Management by July 31, 2017. Customers using Red Hat Satellite to manage their systems are not affected by this transition.
8b73e28e6cee2b30601709cc4726c776618ee4213c9267ad7efd794cb469992cRed Hat Security Advisory 2014-1063-01 - Red Hat is transitioning to Red Hat Subscription Management for all Red Hat products by July 31, 2017. All systems registered as clients to Red Hat Network Classic Hosted directly, or indirectly with Red Hat Proxy, must be migrated to Red Hat Subscription Management by July 31, 2017. Customers using Red Hat Satellite to manage their systems are not affected by this transition.
4a6f1b95588c63bd4c128460e0f97c065ef7c2d7e4d2364809e5d3e38cbd7853Red Hat Security Advisory 2014-1062-01 - Red Hat is transitioning to Red Hat Subscription Management for all Red Hat products by July 31, 2017. All systems registered as clients to Red Hat Network Classic Hosted directly, or indirectly with Red Hat Proxy, must be migrated to Red Hat Subscription Management by July 31, 2017. Customers using Red Hat Satellite to manage their systems are not affected by this transition.
130bedf85fec3bf149756226c1f32059ce840acaf16d0c36c09cd2c7d1aaae4dRed Hat Security Advisory 2014-1068-01 - Red Hat is transitioning to Red Hat Subscription Management for all Red Hat products by July 31, 2017. All systems registered as clients to Red Hat Network Classic Hosted directly, or indirectly with Red Hat Proxy, must be migrated to Red Hat Subscription Management by July 31, 2017. Customers using Red Hat Satellite to manage their systems are not affected by this transition.
8416b42ffb69337c3c1db81e69b32005e2e272f3d8ef8095860565247be0259dRed Hat Security Advisory 2014-1065-01 - Red Hat is transitioning to Red Hat Subscription Management for all Red Hat products by July 31, 2017. All systems registered as clients to Red Hat Network Classic Hosted directly, or indirectly with Red Hat Proxy, must be migrated to Red Hat Subscription Management by July 31, 2017. Customers using Red Hat Satellite to manage their systems are not affected by this transition.
2bb3d53b407fadcfc0d7ddf0b58c2b3bba682e41db3dc6469190f72e59620d63Red Hat Security Advisory 2014-1070-01 - Red Hat is transitioning to Red Hat Subscription Management for all Red Hat products by July 31, 2017. All systems registered as clients to Red Hat Network Classic Hosted directly, or indirectly with Red Hat Proxy, must be migrated to Red Hat Subscription Management by July 31, 2017. Customers using Red Hat Satellite to manage their systems are not affected by this transition.
616a767c5feb681f3e69e23b741034f1bc5f1c123749417a81aa37faf9d22e74Apple Security Advisory 2014-08-13-1 - Safari 6.1.6 and Safari 7.0.6 are now available and address unexpected termination and arbitrary code execution issues due to memory corruption issues in WebKit.
55dff61e8b70bc8de4d6e424c252fd7488217fb97f798795384532b36441c0e3Red Hat Security Advisory 2014-1060-01 - Red Hat is transitioning to Red Hat Subscription Management for all Red Hat products by July 31, 2017. All systems registered as clients to Red Hat Network Classic Hosted directly, or indirectly with Red Hat Proxy, must be migrated to Red Hat Subscription Management by July 31, 2017. Customers using Red Hat Satellite to manage their systems are not affected by this transition.
043d624dffcadf977453210e94b542e91887c839c23b0733a71e4655d3e85838Ubuntu Security Notice 2315-1 - Ben Reser discovered that serf did not correctly handle SSL certificates with NUL bytes in the CommonName or SubjectAltNames fields. A remote attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications.
4bdcba1f94fef85007b55290e9cc8ceb6ab7a331befa81d3031e5fabd3a1fc31Ubuntu Security Notice 2316-1 - Lieven Govaerts discovered that the Subversion mod_dav_svn module incorrectly handled certain request methods when SVNListParentPath was enabled. A remote attacker could use this issue to cause the server to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS. Ben Reser discovered that Subversion did not correctly validate SSL certificates containing wildcards. A remote attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications. Various other issues were also addressed.
34a878b1d3886abcc6a12d4b5804a8f3bed05cb128b024c7a2c181220ad326caDebian Linux Security Advisory 3005-1 - Tomas Trnka discovered a heap-based buffer overflow within the gpgsm status handler of GPGME, a library designed to make access to GnuPG easier for applications. An attacker could use this issue to cause an application using GPGME to crash (denial of service) or possibly to execute arbitrary code.
87df4b9703f2842f1b062b2d784fd8523fc34d6925ec04297b57befecdaecbcaRed Hat Security Advisory 2014-1059-01 - JBoss Enterprise Portal Platform is the open source implementation of the Java EE suite of services and Portal services running atop JBoss Enterprise Application Platform. It comprises a set of offerings for enterprise customers who are looking for pre-configured profiles of JBoss Enterprise Middleware components that have been tested and certified together to provide an integrated experience. It was found that XStream could deserialize arbitrary user-supplied XML content, representing objects of any type. A remote attacker able to pass XML to XStream could use this flaw to perform a variety of attacks, including remote code execution in the context of the server running the XStream application.
1f3ff00cdece96e40be750ccd8c912b91aa472d37b31ba4a80e2f2b1eae258a0Gentoo Linux Security Advisory 201408-6 - Multiple vulnerabilities have been discovered in libpng which can allow a remote attacker to cause a Denial of Service condition. Versions less than 1.6.10 are affected.
d30d09fec9bcf10c9b41888af15d3e75411f140253319d7e244b00fb476a98d7Gentoo Linux Security Advisory 201408-5 - Multiple vulnerabilities have been found in Adobe Flash Player, worst of which allows remote attackers to execute arbitrary code. Versions less than 11.2.202.400 are affected.
06388f3efcc46015d604a0f9849667e1d8e086df6c246c41cbd97a35b1a01fe2Red Hat Security Advisory 2014-1054-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer, Transport Layer Security, and Datagram Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A race condition was found in the way OpenSSL handled ServerHello messages with an included Supported EC Point Format extension. A malicious server could possibly use this flaw to cause a multi-threaded TLS/SSL client using OpenSSL to write into freed memory, causing the client to crash or execute arbitrary code.
764aee33222756a8c5691f00ba7d65d359debf2fd22c3e64127636ad640c0504
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed