HP Security Bulletin HPSBMU03037 2 - A potential security vulnerability has been identified with HP Multimedia Service Environment (MSE), formerly known as HP Network Interactive Voice Response (NIVR). This is the OpenSSL vulnerability known as "Heartbleed" which could be exploited remotely resulting in disclosure of information. Revision 2 of this advisory.
084b66e055026239b823e5a146253361afc7465060ae9d8e71bda3d8c747d60bHP Security Bulletin HPSBMU03083 - A potential security vulnerability has been identified with HP BladeSystem c-Class Virtual Connect Firmware running OpenSSL. This vulnerability could be exploited remotely resulting in unauthorized access or disclosure of information. Revision 1 of this advisory.
73a42dd1d205af075ac13a53980fa2d8b783c0e087511fc3a802fccf142ae482Red Hat Security Advisory 2014-1008-01 - Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. A heap-based buffer overflow flaw was found in Samba's NetBIOS message block daemon. An attacker on the local network could use this flaw to send specially crafted packets that, when processed by nmbd, could possibly lead to arbitrary code execution with root privileges.
895f5c5ab38ba11c423dfd8da315b61b826d60c28bd9d7889d9f879a38bc85fdRed Hat Security Advisory 2014-1009-01 - Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. A heap-based buffer overflow flaw was found in Samba's NetBIOS message block daemon. An attacker on the local network could use this flaw to send specially crafted packets that, when processed by nmbd, could possibly lead to arbitrary code execution with root privileges. All Samba users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, the smb service will be restarted automatically.
70496a8ebb4dd1731d7edfde1a87d5bddac755a49a265d385ecf721c1029c329Ubuntu Security Notice 2306-2 - USN-2306-1 fixed vulnerabilities in the GNU C Library. On Ubuntu 10.04 LTS, the security update cause a regression in certain environments that use the Name Service Caching Daemon (nscd), such as those configured for LDAP or MySQL authentication. In these environments, the nscd daemon may need to be stopped manually for name resolution to resume working so that updates can be downloaded, including environments configured for unattended updates. Various other issues were also addressed.
85b1f00c2d58351a28e5e5bf4fbb3b0ca4c61a877b00712d9431223f7f23c474Red Hat Security Advisory 2014-1007-01 - Red Hat JBoss BRMS is a business rules management system for the management, storage, creation, modification, and deployment of JBoss Rules. This roll up patch serves as a cumulative upgrade for Red Hat JBoss BRMS 5.3.1. It includes various bug fixes. The following security issues are also fixed with this release: It was found that XStream could deserialize arbitrary user-supplied XML content, representing objects of any type. A remote attacker able to pass XML to XStream could use this flaw to perform a variety of attacks, including remote code execution in the context of the server running the XStream application.
d98d504697aa47b6242efe729363b71b1e6d6ea5e32959c502677616fcef87e6Red Hat Security Advisory 2014-1004-01 - The yum-updatesd package provides a daemon which checks for available updates and can notify you when they are available via email, syslog, or dbus. It was discovered that yum-updatesd did not properly perform RPM package signature checks. When yum-updatesd was configured to automatically install updates, a remote attacker could use this flaw to install a malicious update on the target system using an unsigned RPM or an RPM signed with an untrusted key. All yum-updatesd users are advised to upgrade to this updated package, which contains a backported patch to correct this issue. After installing this update, the yum-updatesd service will be restarted automatically.
ec8a17bf89ea6a89674dde7563f016ec7cbf92c2d068f45ce3c2e5528b449282Vembu Storegrid Backup and Disaster Recovery solution suffers from privilege escalation, information disclosure, remote code execution, cross site scripting, and denial of service vulnerabilities.
d618d75a0f84b532d28659f6547552d0538321f116fca1ea5115a8b5e9f9d91bLinkedIn suffered from multiple user account handling vulnerabilities.
b7e80b64ef8208024ba12901499b3e191a841b53b9be1ea935d1b89ecafb893eIn consequence of an insufficient threat model, ownCloud is storing all user's private RSA keys in clear text in PHP session files. These unencrypted private keys can be accessed by every web application that has the privilege of the web server user. The affected files exposing cryptographic keys will be stored in the PHP session directory for a number of hours until they are removed. All versions of ownCloud since the introduction of the encryption module in version 5.0.7 including version 7.0.0 are affected.
a618a09a68105380a438f404228d67b0045ecb744d155c0bdce6d9697cc0177dGentoo Linux Security Advisory 201408-1 - A vulnerability in Zend Framework could allow a remote attacker to inject SQL commands. Versions less than 1.11.6 are affected.
9c0c283e7d0f28f19d4cf443de50d14d0425f6dffb037bc6186698a42a1f0b97Ubuntu Security Notice 2306-1 - Maksymilian Arciemowicz discovered that the GNU C Library incorrectly handled the getaddrinfo() function. An attacker could use this issue to cause a denial of service. This issue only affected Ubuntu 10.04 LTS. It was discovered that the GNU C Library incorrectly handled the getaddrinfo() function. An attacker could use this issue to cause a denial of service. This issue only affected Ubuntu 10.04 LTS and Ubuntu 12.04 LTS. Various other issues were also addressed.
d3ab72f234d3127e89f898188c884fa871546397dcd29ae63cfb9595750ab3acRed Hat Security Advisory 2014-1002-01 - Red Hat Enterprise Virtualization is a feature-rich server virtualization management system that provides advanced capabilities for managing Red Hat virtualization infrastructure for Servers and Desktops. It was found that the oVirt storage back end did not wipe memory snapshots when VMs were deleted, even if wipe-after-delete was enabled for the VM's disks. A remote attacker with credentials to create a new VM could use this flaw to potentially access the contents of memory snapshots in an uninitialized storage volume, possibly leading to the disclosure of sensitive information.
e2b0bb143c934b487a2077da0836d68548b74cf73eecfbbda32a69f37d9a2a41Debian Linux Security Advisory 2996-1 - Multiple security issues have been found in Icedove, Debian's version of errors and use-after-frees may lead to the execution of arbitrary code or denial of service.
51a454a081f26b9e7f6ccd09d600f777d8fc70d31080869af05545c1ed847c2bDebian Linux Security Advisory 2995-1 - Don A. Bailey from Lab Mouse Security discovered an integer overflow flaw in the way the lzo library decompressed certain archives compressed with the LZO algorithm. An attacker could create a specially crafted LZO-compressed input that, when decompressed by an application using the lzo library, would cause that application to crash or, potentially, execute arbitrary code.
1ead9c8af49a2ce3949b974fafca20251b706d338d7b8b29bd6fb57789bc1b1dSlackware Security Advisory - New dhcpcd packages are available for Slackware 13.1, 13.37, 14.0, 14.1, and -current to fix a security issue.
c2cda06d50c75332ea1743ebb6f843a2f4decb363277cd83b5611ed643fad491Slackware Security Advisory - New samba packages are available for Slackware 14.1 and -current to fix a security issue.
44b8d50a75b2b5a6706aaa08fd9d052bd78665751cd4937c2c3919eb17918b82The Client Access Server (CAS) that services Autodiscover and Outlook Web App (OWA) has been found to be vulnerable to time-based authentication attacks. It has been discovered that when sending authentication requests to the CAS, behavior in the timing of the responses can be used to verify Active Directory (AD) realms and usernames within those realms. Authentication timing issues have been found in specific IIS file paths and OWA form-based authentication. This issue can allow an attacker to confirm the existence of a specific username in the directory, and will make other attacks such as password guessing or social engineering attacks more successful.
061b94a5edc404d05361b21ffb528c06f80aa1cef15fbbc558442730005bf285GCC and CLANG C++11 regex functionality suffers from resource exhaustion issues.
83d7378cceea145fb84e0dfdb032d2cfc6a9b87c7c99948a4ad5a9157744b7d8HP Security Bulletin HPSBMU03081 - A potential security vulnerability has been identified with HP Enterprise Maps. The vulnerability could be exploited remotely to allow disclosure of information. Revision 1 of this advisory.
348b83a0e885bacbae5d2fe36f53bb1f5eaca775a92c3f59b8e2186c7efe365fMandriva Linux Security Advisory 2014-148 - A flaw was reported in D-Bus's file descriptor passing feature. A local attacker could use this flaw to cause a service or application to disconnect from the bus, typically resulting in that service or application exiting. A flaw was reported in D-Bus's file descriptor passing feature. A local attacker could use this flaw to cause an invalid file descriptor to be forwarded to a service or application, causing it to disconnect from the bus, typically resulting in that service or application exiting.
dc16ed0e185538b0d137834a7f5a5dff8511eaa99f5eb556c744b7e42f7e4d17Mandriva Linux Security Advisory 2014-147 - Sendmail before 8.14.9 does not properly close file descriptors before executing programs. This bug could enable local users to interfere with an open SMTP connection if they can execute their own program for mail delivery .
38050eedf4faacfab0f44ea28e7e1035643eb57179399309d8abcc3692cb68dbDebian Linux Security Advisory 2994-1 - Several vulnerabilities have been discovered in nss, the Mozilla Network Security Service library.
528f4677ccb5d5cb94823d6222c7de358ac0c637069400ec308261d6e1822ddbDebian Linux Security Advisory 2993-1 - Several issues have been discovered in Tor, a connection-based low-latency anonymous communication system, resulting in information leaks.
6c6adb3e6dfe0781e5321482545e42a778190cdb225640766b86667d572341efMandriva Linux Security Advisory 2014-146 - file before 5.19 does not properly restrict the amount of data read during a regex search, which allows remote attackers to cause a denial of service via a crafted file that triggers backtracking during processing of an awk rule. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-7345. The updated packages have been patched to correct this issue.
fa290b8e95b59d4f224b945b129eabba35dc04cef583a48ad8ae9a0becee442f
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed