Red Hat Security Advisory 2014-1294-01 - The GNU Bourne Again shell is a shell and command language interpreter compatible with the Bourne shell. Bash is the default shell for Red Hat Enterprise Linux. A flaw was found in the way Bash evaluated certain specially crafted environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Certain services and applications allow remote unauthenticated attackers to provide environment variables, allowing them to exploit this issue.
367558e0af4bea38e2153ee9ee9c6ce9ff57eb72553269ce1c96319107027e35
Red Hat Security Advisory 2014-1295-01 - The GNU Bourne Again shell is a shell and command language interpreter compatible with the Bourne shell. Bash is the default shell for Red Hat Enterprise Linux. Shift_JIS, also known as "SJIS", is a character encoding for the Japanese language. This package provides bash support for the Shift_JIS encoding. A flaw was found in the way Bash evaluated certain specially crafted environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Certain services and applications allow remote unauthenticated attackers to provide environment variables, allowing them to exploit this issue.
0ab1587f987ce692a6ed8a870be5c168ea32c5c83293ed22e852410b266a93f8
Red Hat Security Advisory 2014-1293-01 - The GNU Bourne Again shell is a shell and command language interpreter compatible with the Bourne shell. Bash is the default shell for Red Hat Enterprise Linux. A flaw was found in the way Bash evaluated certain specially crafted environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Certain services and applications allow remote unauthenticated attackers to provide environment variables, allowing them to exploit this issue.
11602d72b531b9a3376befaf2f40d6b9bc9bb40b1d354a5986c1541d7c56f5cd
Debian Linux Security Advisory 3031-1 - The Google Security Team discovered a buffer overflow vulnerability in the HTTP transport code in apt-get. An attacker able to man-in-the-middle a HTTP request to an apt repository can trigger the buffer overflow, leading to a crash of the 'http' apt method binary, or potentially to arbitrary code execution.
1868df8a88a13239945f034440fe682b0e121f18704c5b892e1bc8e05326064e
Red Hat Security Advisory 2014-1292-01 - HAProxy provides high availability, load balancing, and proxying for TCP and HTTP-based applications. A buffer overflow flaw was discovered in the way HAProxy handled, under very specific conditions, data uploaded from a client. A remote attacker could possibly use this flaw to crash HAProxy. All haproxy users are advised to upgrade to this updated package, which contains a backported patch to correct this issue.
ea9afa70ec341e7cbc76477bb85a10d68d3e96ac7cd0d0fd2f67a7cf2af9b196
Ubuntu Security Notice 2359-1 - Jack Morgenstein reported a flaw in the page handling of the KVM (Kernel Virtual Machine) subsystem in the Linux kernel. A guest OS user could exploit this flaw to cause a denial of service (host OS memory corruption) or possibly have other unspecified impact on the host OS. Jason Gunthorpe reported a flaw with SCTP authentication in the Linux kernel. A remote attacker could exploit this flaw to cause a denial of service (NULL pointer dereference and OOPS). Various other issues were also addressed.
cf16b83f0cf1bc592f97d89975e48b9fc09cdb89e7cbea49009a9915a86c8c9b
Ubuntu Security Notice 2358-1 - Jack Morgenstein reported a flaw in the page handling of the KVM (Kernel Virtual Machine) subsystem in the Linux kernel. A guest OS user could exploit this flaw to cause a denial of service (host OS memory corruption) or possibly have other unspecified impact on the host OS. Jason Gunthorpe reported a flaw with SCTP authentication in the Linux kernel. A remote attacker could exploit this flaw to cause a denial of service (NULL pointer dereference and OOPS). Various other issues were also addressed.
0d19c0cfd635887d874af2d1b5bf9dfce4d6a57b5a3961bb65c05caa2a2a30c8
Ubuntu Security Notice 2355-1 - Chris Evans reported an flaw in the Linux kernel's handling of iso9660 (compact disk filesystem) images. An attacker who can mount a custom iso9660 image either via a CD/DVD drive or a loopback mount could cause a denial of service (system crash or reboot). Chris Evans reported an flaw in the Linux kernel's handling of iso9660 (compact disk filesystem) images. An attacker who can mount a custom iso9660 image, with a self-referential CL entry, either via a CD/DVD drive or a loopback mount could cause a denial of service (unkillable mount process). Various other issues were also addressed.
6bb051a04b06b8f356fa6ace8abe900b0e5f36a2d10b0d99e687194d614f39f8
Ubuntu Security Notice 2357-1 - Jack Morgenstein reported a flaw in the page handling of the KVM (Kernel Virtual Machine) subsystem in the Linux kernel. A guest OS user could exploit this flaw to cause a denial of service (host OS memory corruption) or possibly have other unspecified impact on the host OS. Chris Evans reported an flaw in the Linux kernel's handling of iso9660 (compact disk filesystem) images. An attacker who can mount a custom iso9660 image either via a CD/DVD drive or a loopback mount could cause a denial of service (system crash or reboot). Various other issues were also addressed.
0ebb86614e3898d4a547dc9127eb1ace7ab6fa1c8b81e79dc053df7fce2da65e
Ubuntu Security Notice 2354-1 - Chris Evans reported an flaw in the Linux kernel's handling of iso9660 (compact disk filesystem) images. An attacker who can mount a custom iso9660 image either via a CD/DVD drive or a loopback mount could cause a denial of service (system crash or reboot). Chris Evans reported an flaw in the Linux kernel's handling of iso9660 (compact disk filesystem) images. An attacker who can mount a custom iso9660 image, with a self-referential CL entry, either via a CD/DVD drive or a loopback mount could cause a denial of service (unkillable mount process). Various other issues were also addressed.
cc00d48b3eea531226e9d223ac3a99209cf8c6e5080f17972bfb51e37ce4567e
Ubuntu Security Notice 2356-1 - Jack Morgenstein reported a flaw in the page handling of the KVM (Kerenl Virtual Machine) subsystem in the Linux kernel. A guest OS user could exploit this flaw to cause a denial of service (host OS memory corruption) or possibly have other unspecified impact on the host OS. Chris Evans reported an flaw in the Linux kernel's handling of iso9660 (compact disk filesystem) images. An attacker who can mount a custom iso9660 image either via a CD/DVD drive or a loopback mount could cause a denial of service (system crash or reboot). Various other issues were also addressed.
ce2fd3f7419d213c47c8c6b1fbeea798fbd8c810f8df48d686af866f5ffb68db
Red Hat Security Advisory 2014-1288-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. It was discovered that the implementation of org.hibernate.validator.util.ReflectionHelper together with the permissions required to run Hibernate Validator under the Java Security Manager could allow a malicious application deployed in the same application container to execute several actions with escalated privileges, which might otherwise not be possible. This flaw could be used to perform various attacks, including but not restricted to, arbitrary code execution in systems that are otherwise secured by the Java Security Manager.
c991ced44fef7bb991203a4ead263b61c8c1f6f53e189e60feca71610ed39418
Ubuntu Security Notice 2353-1 - It was discovered that APT incorrectly handled certain http URLs. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to cause APT to crash, resulting in a denial of service, or possibly execute arbitrary code. In addition, this update fixes regressions introduced by the USN-2348-1 security update: APT incorrectly handled file:/// sources on a different partition, incorrectly handled Dir::state::lists set to a relative path, and incorrectly handled cdrom: sources. Various other issues were also addressed.
f18a6d99273ccea43f4ff13505d8b7b64673270f54fc2a22c95b75f5502949bc
This bulletin summary notes that MS14-055 has undergone a major revision increment as of September 23, 2014.
7e49f4a65656a8c1d41f3f15917fef8811b7317a8253711433dd361375197b18
Debian Linux Security Advisory 3030-1 - Multiple SQL injection vulnerabilities have been discovered in the Mantis bug tracking system.
7ec113a935c89ad9a311490ba16351ced2516ceca32df1676255c000535a79fa
Debian Linux Security Advisory 3029-1 - Antoine Delignat-Lavaud and Karthikeyan Bhargavan discovered that it was possible to reuse cached SSL sessions in unrelated contexts, allowing virtual host confusion attacks in some configurations by an attacker in a privileged network position.
686cb84de4ba244efd0ea0a859ce45d3415fd2e9a99661b6e0d82901f605addd
Red Hat Security Advisory 2014-1268-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM. Two integer overflow flaws were found in the QEMU block driver for QCOW version 1 disk images. A user able to supply a malicious image file to QEMU or to helper tools used in image conversion by services such as glance and nova could potentially use these flaws to cause memory corruption, resulting in a crash or possibly arbitrary code execution.
fa9a090f061e49ebd6c9d9180ffd2781fd7e6e5ab6c7769ae73a3ad939cdc81f
Red Hat Security Advisory 2014-1281-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. An out-of-bounds memory access flaw was found in the Linux kernel's system call auditing implementation. On a system with existing audit rules defined, a local, unprivileged user could use this flaw to leak kernel memory to user space or, potentially, crash the system.
9db192dae67115d135082d1c74941604603bf15acde17a51427e55f23152e653
Ubuntu Security Notice 2352-1 - Simon McVittie discovered that DBus incorrectly handled the file descriptors message limit. A local attacker could use this issue to cause DBus to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only applied to Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. Alban Crequy discovered that DBus incorrectly handled a large number of file descriptor messages. A local attacker could use this issue to cause DBus to stop responding, resulting in a denial of service. This issue only applied to Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. Various other issues were also addressed.
578a2d1dfc85b26a2a964420dece270158fce7e3eb1ee68afd5fab19c7aa3d29
Ubuntu Security Notice 2351-1 - Antoine Delignat-Lavaud and Karthikeyan Bhargavan discovered that nginx incorrectly reused cached SSL sessions. An attacker could possibly use this issue in certain configurations to obtain access to information from a different virtual host.
02a8e09de555bdb912d184f6c0aefad2a80152bc1062161322d7a1666becefaa
Ubuntu Security Notice 2350-1 - The NSS package contained outdated CA certificates. This update refreshes the NSS package to version 3.17 which includes the latest CA certificate bundle.
359eef1863967a3b5b7f8d6b8420e45720f540fd85d506dbfbaf0f294396fdda
HP Security Bulletin HPSBPI03107 - A potential security vulnerability has been identified with certain HP LaserJet Printers, MFPs and certain HP OfficeJet Enterprise Printers using OpenSSL. The vulnerability could be exploited remotely to allow remote unauthorized access. Note: This OpenSSL vulnerability was detected in specific OpenSSL versions. OpenSSL is a 3rd party product that is embedded with some HP printer products. This bulletin notifies HP Printer customers about impacted products. Revision 1 of this advisory.
c630d7cb333d249c31f5bfb55e2236a3d8bbab6a9929e9aed07b2ff46802f312
Mandriva Linux Security Advisory 2014-180 - The gnupg program before version 1.4.16 is vulnerable to an ELGAMAL side-channel attack.
03ec5c081a2354c13e32e599e0fef98400dfb6bbc16a191f9eaf5f922d8321ae
Gentoo Linux Security Advisory 201409-8 - A vulnerability in libxml2 allows a remote attacker to cause Denial of Service. Versions less than 2.9.1-r4 are affected.
3d3e51ebf497b1002f4ac43821208f034b3bdc6899d6ce505e3b73fa6133ac3c
Gentoo Linux Security Advisory 201409-7 - A vulnerability in c-icap could result in Denial of Service. Versions less than 0.2.6 are affected.
ed77256c73678e5e8baf81a4a62dd912b81fffb0a62ad82f6ab2495c58dce29f