HP Security Bulletin HPSBHF03145 - A potential security vulnerability has been identified with HP Integrity Superdome X and HP ConvergedSystem 900 for SAP HANA. This is the Bash Shell vulnerability known as "Shellshock" which could be exploited remotely to allow execution of code. This vulnerability allows users that have been granted access to a shell script to escalate privilege and execute unrestricted commands at the same security level as the Bash script. Revision 1 of this advisory.
2fd50d7e08d80f7519616b15757f4e909dcbfe0263378c1519b97902f322248dHP Security Bulletin HPSBGN03141 - A potential security vulnerability has been identified with HP Automation Insight. This is the Bash Shell vulnerability known as "Shellshock" which could be exploited remotely to allow execution of code. This vulnerability allows users that have been granted access to a shell script to escalate privilege and execute unrestricted commands at the same security level as the Bash script. Revision 1 of this advisory.
24dee4b8f6b5ddb5d65f8c4322c72420242ee64a9c4bb8a0cb9e1a6cbc7f3d0aHP Security Bulletin HPSBGN03142 - A potential security vulnerability has been identified with HP Business Service Automation Essentials. This is the Bash Shell vulnerability known as "Shellshock" which could be exploited remotely to allow execution of code. This vulnerability allows users that have been granted access to a shell script to escalate privilege and execute unrestricted commands at the same security level as the Bash script. Revision 1 of this advisory.
d574847ce7c8fec49d12de9d8ba41f61736d3916c841666ecefa508ce7691a21HP Security Bulletin HPSBST03097 - A potential security vulnerability has been identified with HP Command View for Tape Libraries (CVTL) running OpenSSL with SMI-S client when retrieving information from legacy tape libraries. The OpenSSL vulnerability could be exploited remotely resulting in unauthorized access or disclosure of information. Revision 1 of this advisory.
5eb61de660f6205596a411c2a8cb77b1793adf6289a21507904b04101d7404e9HP Security Bulletin HPSBST03129 - A potential security vulnerability has been identified with HP StoreFabric B-series switches running Bash Shell. This is the Bash Shell vulnerability known as "ShellShock" which could be exploited remotely to allow execution of code. Revision 1 of this advisory.
29cdba50ad78b04a98c9fe494d60a6e306a9c9eeb0944502a88270c9bc2b3672Debian Linux Security Advisory 3050-1 - Multiple security issues have been found in Iceweasel, Debian's version overflows, use-after-frees and other implementation errors may lead to the execution of arbitrary code, denial of service, the bypass of the same-origin policy or a loss of privacy.
3af0ebe22471318cca222592dc0b1896ddec67371f747bb5aa80a307423263b7HP Security Bulletin HPSBST03131 - A potential security vulnerability has been identified with certain HP StoreOnce Backup systems running Bash Shell. This is the Bash Shell vulnerability known as "Shellshock" which could be exploited remotely to allow execution of code. NOTE: Versions of HP StoreOnce Backup software prior to 3.11.4 contain the vulnerable version of Bash. However, HP is unaware of any method that would allow this vulnerability to be exploited on HP StoreOnce Backup systems but is providing an updated version of Bash Shell as a precaution. Revision 1 of this advisory.
4178dafe8e381b36135d2cb121e555aafaf758c401d7f76e00ce10bbf4f709e2HP Security Bulletin HPSBMU03144 - A potential security vulnerability has been identified with HP Operation Agent Virtual Appliance. This is the Bash Shell vulnerability known as "Shellshock" which could be exploited remotely to allow execution of code. This vulnerability allows users that have been granted access to a shell script to escalate privilege and execute unrestricted commands at the same security level as the Bash script. Revision 1 of this advisory.
64edb263b2832abacd7836db8a8ef12dccda691a3aef95347dfd9324eed8d66fHP Security Bulletin HPSBMU03143 - A potential security vulnerability has been identified with HP Virtualization Performance Viewer. This is the Bash Shell vulnerability known as "Shellshock" which could be exploited remotely to allow execution of code. This vulnerability allows users that have been granted access to a shell script to escalate privilege and execute unrestricted commands at the same security level as the Bash script. Revision 1 of this advisory.
794de02c30241366d47f3cc27adf32db27562f26c7bf7597b2338a634f30289eHP Security Bulletin HPSBHF03084 2 - Potential security vulnerabilities have been identified with certain HP consumer notebook PCs, HP commercial notebook PCs, HP consumer desktop PCs, HP commercial workstation PCs, Retail Solutions and Thin Clients with UEFI Firmware. The vulnerabilities could be exploited to allow execution of arbitrary code. Revision 2 of this advisory.
98adb1330be0870e67280711d48ebb095d0df8648cd9d46aa8c96a84f699933fApple Security Advisory 2014-10-16-6 - iTunes 12.0.1 is now available and addresses 83 vulnerabilities.
7e4d7dae770b07ddc94042deda015ef003c365191451010b3a4c97cff9ce09c1Apple Security Advisory 2014-10-16-5 - OS X Server 2.2.5 is now available and addresses the SSL 3.0 Poodle bug. There are known attacks on the confidentiality of SSL 3.0 when a cipher suite uses a block cipher in CBC mode. An attacker could force the use of SSL 3.0, even when the server would support a better TLS version, by blocking TLS 1.0 and higher connection attempts. This issue was addressed by disabling CBC cipher suites when TLS connection attempts fail.
5af3c877f1c0f7d56b5fe70975205827cf0ded076d78c6619f9d8839c352a4e2Apple Security Advisory 2014-10-16-4 - OS X Server 3.2.2 is now available and addresses the SSL 3.0 Poodle bug. There are known attacks on the confidentiality of SSL 3.0 when a cipher suite uses a block cipher in CBC mode. An attacker could force the use of SSL 3.0, even when the server would support a better TLS version, by blocking TLS 1.0 and higher connection attempts. This issue was addressed by disabling CBC cipher suites when TLS connection attempts fail.
46ba22480de002e7aed6c88a776898ea8e7ee920e853511780e2c3865417a2afApple Security Advisory 2014-10-16-3 - OS X Server 4.0 is now available and addresses vulnerabilities in BIND, Wiki server, Xcode server, PostgreSQL, and various other software.
1dbaa2d9e56d6c022558d94920c0f6e967f065a4281ff33a22add0e19be6d2f7Apple Security Advisory 2014-10-16-2 - Security Update 2014-005 is now available and addresses the OS X Mountain Lion 10.8.5 and OS X Mavericks 10.9.5 SSL 3.0 Poodle bug. There are known attacks on the confidentiality of SSL 3.0 when a cipher suite uses a block cipher in CBC mode. An attacker could force the use of SSL 3.0, even when the server would support a better TLS version, by blocking TLS 1.0 and higher connection attempts. This issue was addressed by disabling CBC cipher suites when TLS connection attempts fail.
0b9d9a49021e62db5c8e59801aa541c3c5172c5054a36da24cf3d99dcb08789aApple Security Advisory 2014-10-16-1 - OS X Yosemite v10.10 is now available and addresses 802.1X, AFP file server, Apache, App Sandbox, and various other vulnerabilities.
e17fe6daa6716a8bb996f53f3b9274ff95d249dbc94abe68b17bc7bb23482ad5Debian Linux Security Advisory 3053-1 - Several vulnerabilities have been found in OpenSSL, the Secure Sockets Layer library and toolkit.
be5632a50e45f3cb615e3418c715bac89d088636f75a6a4d5e8803d38f0c311aUbuntu Security Notice 2386-1 - A vulnerability was discovered in the OpenJDK JRE related to information disclosure and data integrity. An attacker could exploit this to expose sensitive data over the network. Several vulnerabilities were discovered in the OpenJDK JRE related to data integrity. Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure. An attacker could exploit these to expose sensitive data over the network. CVE-2014-6531) Various other issues were also addressed.
27516fbfd3750f2c8ef45e526f6e9b25fa9a981360faaca853fc7f641418c225Red Hat Security Advisory 2014-1658-01 - Oracle Java SE version 6 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section.
74b34328e206bb3ad082c05fff6d4e9b00b70ae5ff34acd205d0fe4dab6419bbRed Hat Security Advisory 2014-1657-01 - Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section.
28be6a9b543d73b1ba4ad3c71920043df3d3709d7b4226afe1d43d157a769f7fRed Hat Security Advisory 2014-1654-01 - The rsyslog7 packages provide an enhanced, multi-threaded syslog daemon that supports writing to relational databases, syslog/TCP, RFC 3195, permitted sender lists, filtering on any message part, and fine grained output format control. A flaw was found in the way rsyslog handled invalid log message priority values. In certain configurations, a local attacker, or a remote attacker able to connect to the rsyslog port, could use this flaw to crash the rsyslog daemon or, potentially, execute arbitrary code as the user running the rsyslog daemon.
87bba9d1f39138957704d3a4f521e4a6b01131482af912c7930d56c972a3f1ddRed Hat Security Advisory 2014-1655-01 - The libxml2 library is a development toolbox providing the implementation of various XML standards. A denial of service flaw was found in libxml2, a library providing support to read, modify and write XML and HTML files. A remote attacker could provide a specially crafted XML file that, when processed by an application using libxml2, would lead to excessive CPU consumption based on excessive entity substitutions, even if entity substitution was disabled, which is the parser default behavior. All libxml2 users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. The desktop must be restarted for this update to take effect.
4038436fb1347453ca94b8107b527a57e5053e1cf0610a20dce061db372601ddUbuntu Security Notice 2385-1 - It was discovered that OpenSSL incorrectly handled memory when parsing DTLS SRTP extension data. A remote attacker could possibly use this issue to cause OpenSSL to consume resources, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. It was discovered that OpenSSL incorrectly handled memory when verifying the integrity of a session ticket. A remote attacker could possibly use this issue to cause OpenSSL to consume resources, resulting in a denial of service. Various other issues were also addressed.
3610dab117a43a7b9293af9e167e8bb4af5e8135c2525ce5ca35b38b19320408Red Hat Security Advisory 2014-1653-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer, Transport Layer Security, and Datagram Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. This update adds support for the TLS Fallback Signaling Cipher Suite Value, which can be used to prevent protocol downgrade attacks against applications which re-connect using a lower SSL/TLS protocol version when the initial connection indicating the highest supported protocol version fails.
a790a29bfcef0c25940281bfcea5357db81f4157e9e72d1c827710ad3b781364Red Hat Security Advisory 2014-1652-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer, Transport Layer Security, and Datagram Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. This update adds support for the TLS Fallback Signaling Cipher Suite Value, which can be used to prevent protocol downgrade attacks against applications which re-connect using a lower SSL/TLS protocol version when the initial connection indicating the highest supported protocol version fails.
1ea510abd5c281438bbcbb59438daf1e162e8b1f81ee81f34c73370873c4fe7d
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed