Debian Linux Security Advisory 3032-1 - Stephane Chazelas discovered a vulnerability in bash, the GNU Bourne-Again Shell, related to how environment variables are processed. In many common configurations, this vulnerability is exploitable over the network, especially if bash has been configured as the system shell.
7d7ff0314912c76766865251c1493b2d34d061b327ed6f9d10226a30e97312ddGentoo Linux Security Advisory 201409-9 - A parsing flaw related to functions and environments in Bash could allow attackers to inject code. The unaffected packages listed in GLSA 201409-09 had an incomplete fix. Versions less than 4.2_p48-r1 are affected.
7d34d7be6b922ed985830cc26b5e36adaa147f958aacdbc9a27f6e8fe28f550bSlackware Security Advisory - New bash packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix a security issue.
3d7981c8975006f49b5ad19b36029267c1636583968e19f0348fe0f6d92b8448Slackware Security Advisory - New mozilla-nss packages are available for Slackware 14.0, 14.1, and -current to fix a security issue.
75a5ec233c78a8c40f1c113cad473beb318b798a990321a19251fd7a15c550a1Mandriva Linux Security Advisory 2014-189 - Antoine Delignat-Lavaud, security researcher at Inria Paris in team Prosecco, reported an issue in Network Security Services libraries affecting all versions. He discovered that NSS is vulnerable to a variant of a signature forgery attack previously published by Daniel Bleichenbacher. This is due to lenient parsing of ASN.1 values involved in a signature and could lead to the forging of RSA certificates. The updated NSPR packages have been upgraded to the latest 4.10.7 version. The updated NSS packages have been upgraded to the latest 3.17.1 version which is not vulnerable to this issue. Additionally the rootcerts package has also been updated to the latest version as of 2014-08-05.
46a34a4e8012eab187a9e30838cea24c9c53c4b1295b48500f72627c1291a112Mandriva Linux Security Advisory 2014-187 - In cURL before 7.38.0, libcurl can be fooled to both sending cookies to wrong sites and into allowing arbitrary sites to set cookies for others. For this problem to trigger, the client application must use the numerical IP address in the URL to access the site. In cURL before 7.38.0, libcurl wrongly allows cookies to be set for Top Level Domains , thus making them apply broader than cookies are allowed. This can allow arbitrary sites to set cookies that then would get sent to a different and unrelated site or domain.
b3f22c75a92b1ce4ae6784727ffb767952bc3783b07b4700c6e473764db78e78Mandriva Linux Security Advisory 2014-188 - Updated wireshark packages fix security vulnerabilities related to RTP dissector crash, MEGACO dissector infinite loop, Netflow dissector crash, RTSP dissector crash, SES dissector crash, and sniffer file parser crash.
cc1d84ccf2d7f1872dc08a4d251047211b14fab272f2c2cb9827dd2e396ee6e3Debian Linux Security Advisory 3034-1 - Antoine Delignat-Lavaud from Inria discovered an issue in the way NSS (the Mozilla Network Security Service library, embedded in Wheezy's Iceweasel package), was parsing ASN.1 data used in signatures, making it vulnerable to a signature forgery attack.
79de4320568e4b16d46f128066d3ed5727d30dad9b7432d769bae6befc4bbbaaDebian Linux Security Advisory 3033-1 - Antoine Delignat-Lavaud from Inria discovered an issue in the way NSS (the Mozilla Network Security Service library) was parsing ASN.1 data used in signatures, making it vulnerable to a signature forgery attack.
3bb8562cd39dc6b69437ddb1dc2332a8799a87972d5e22e62be562ece65a14e8Mandriva Linux Security Advisory 2014-186 - A flaw was found in the way Bash evaluated certain specially crafted environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Certain services and applications allow remote unauthenticated attackers to provide environment variables, allowing them to exploit this issue.
dd22cfcf0af7e59f09c6b9d501bda0a7b9030bdd6dc16f7d18f439d3bc864382Mandriva Linux Security Advisory 2014-184 - A remote denial-of-service flaw was found in the way snmptrapd handled certain SNMP traps when started with the -OQ option. If an attacker sent an SNMP trap containing a variable with a NULL type where an integer variable type was expected, it would cause snmptrapd to crash.
0b242c6a63963c589cac2cd1587058f329b89e372158fe7418d20410f8f2ef2fGentoo Linux Security Advisory 201409-9 - A parsing flaw related to functions and environments in Bash could allow attackers to inject code. Versions less than 4.2_p48 are affected.
8551811d553ddfdec75a15ba67cdecb9c82f0b7c97bfce099ffa5852dc723278Ubuntu Security Notice 2360-1 - Antoine Delignat-Lavaud and others discovered that NSS incorrectly handled parsing ASN.1 values. An attacker could use this issue to forge RSA certificates.
8df063b3cb939db382d3432ee23c8bcd73caea7a3cd58b252812d1a99c657ea8Ubuntu Security Notice 2360-2 - USN-2360-1 fixed vulnerabilities in Firefox. This update provides the corresponding updates for Thunderbird. Antoine Delignat-Lavaud and others discovered that NSS incorrectly handled parsing ASN.1 values. An attacker could use this issue to forge RSA certificates. Various other issues were also addressed.
a55a4962a577d8dcb5a441b370937491b9b9fdb5894344155edfb3661a1dfc26Ubuntu Security Notice 2361-1 - Antoine Delignat-Lavaud and others discovered that NSS incorrectly handled parsing ASN.1 values. An attacker could use this issue to forge RSA certificates.
0b164d83886f94da9bbceb2e461fb57b8928713d9bbb2d8fe7894da0839e1b98Red Hat Security Advisory 2014-1298-01 - Red Hat JBoss Data Grid is a distributed in-memory data grid, based on Infinispan. This release of Red Hat JBoss Data Grid 6.3.1 serves as a replacement for Red Hat JBoss Data Grid 6.3.0. It includes various bug fixes which are detailed in the Red Hat JBoss Data Grid 6.3.1 Release Notes.
77f8e8848f2af3253866e59b1a1259b83b7cd5ff39919c125a52301951c12da7Red Hat Security Advisory 2014-1297-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. OpenSSL is a toolkit that implements the Secure Sockets Layer, Transport Layer Security, and Datagram Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. It was discovered that the OBJ_obj2txt() function could fail to properly NUL-terminate its output. This could possibly cause an application using OpenSSL functions to format fields of X.509 certificates to disclose portions of its memory.
e6a52a5860b1db89bab94e8df4cebd26369bf1a6fe701deae6b86897b2ad96c0Ubuntu Security Notice 2362-1 - Stephane Chazelas discovered that Bash incorrectly handled trailing code in function definitions. An attacker could use this issue to bypass environment restrictions, such as SSH forced command environments.
38879f99144687f30726884eb5642eea192bbd07a6ce0db592a56ffdc7e29b5bIt was found out that the application parser for SSH integrated in Suricata version 2.0.3 contains a flaw that might lead to an out-of-bounds access. For this reason a denial of service towards the Suricata monitoring software might be possible using crafted packets on the monitoring interface.
d9284970b7ebf84d7392e3f60e31b6673917978d712e1c5c6bc2048f65607f49Red Hat Security Advisory 2014-1287-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. It was discovered that the implementation of org.hibernate.validator.util.ReflectionHelper together with the permissions required to run Hibernate Validator under the Java Security Manager could allow a malicious application deployed in the same application container to execute several actions with escalated privileges, which might otherwise not be possible. This flaw could be used to perform various attacks, including but not restricted to, arbitrary code execution in systems that are otherwise secured by the Java Security Manager.
8df62525698bc6668060cc1b9b749fa9c3199a924d832bd499f7418d34dec723Red Hat Security Advisory 2014-1290-01 - Red Hat JBoss BRMS is a business rules management system for the management, storage, creation, modification, and deployment of JBoss Rules. This release of Red Hat JBoss BRMS 6.0.3 serves as a replacement for Red Hat JBoss BRMS 6.0.2, and includes bug fixes and enhancements.
4f80131519fa532b2d939ededaed4995c7db19a53b730aec5e8cbebbbe84d586Red Hat Security Advisory 2014-1291-01 - Red Hat JBoss BPM Suite is a business rules and processes management system for the management, storage, creation, modification, and deployment of JBoss rules and BPMN2-compliant business processes. This release of Red Hat JBoss BPM Suite 6.0.3 serves as a replacement for Red Hat JBoss BPM Suite 6.0.2, and includes bug fixes and enhancements.
ba67e16970bb0a46123e301e1f81f50c25821c0c92da96b2a81c3531ecce7e24Red Hat Security Advisory 2014-1286-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. It was discovered that the implementation of org.hibernate.validator.util.ReflectionHelper together with the permissions required to run Hibernate Validator under the Java Security Manager could allow a malicious application deployed in the same application container to execute several actions with escalated privileges, which might otherwise not be possible. This flaw could be used to perform various attacks, including but not restricted to, arbitrary code execution in systems that are otherwise secured by the Java Security Manager.
b9b89d3bdf0d6dc5f868e4f4c0ca0b9c9b012be09000bcdd1cd915e646e3dbbeRed Hat Security Advisory 2014-1284-01 - Red Hat JBoss Data Virtualization is a lean data integration solution that provides easy, real-time, and unified data access across disparate sources to multiple applications and users. JBoss Data Virtualization makes data spread across physically distinct systems—such as multiple databases, XML files, and even Hadoop systems—appear as a set of tables in a local database. This roll up patch serves as a cumulative upgrade for Red Hat JBoss Data Virtualization 6.0.0. It includes various bug fixes, which are listed in the README file included with the patch files.
7d9fe8f6f9c1f706a40f9442301f7e2f501859c472fa8d32b017decb12eaea2fRed Hat Security Advisory 2014-1285-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. It was discovered that the implementation of org.hibernate.validator.util.ReflectionHelper together with the permissions required to run Hibernate Validator under the Java Security Manager could allow a malicious application deployed in the same application container to execute several actions with escalated privileges, which might otherwise not be possible. This flaw could be used to perform various attacks, including but not restricted to, arbitrary code execution in systems that are otherwise secured by the Java Security Manager.
10498041de84d4229d7b188aa858004477c478740f6176bd1e10893834c1c32b
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed