Red Hat Security Advisory 2014-1905-01 - In accordance with the Red Hat OpenShift Enterprise Life Cycle Policy, the two-year life cycle of Production Support for version 1.2 will end on November 27, 2014. In addition, technical support through Red Hat's Global Support Services will no longer be provided after this date. We encourage customers to plan their migration from Red Hat OpenShift Enterprise 1.2 to the latest version of Red Hat OpenShift Enterprise. To upgrade to Red Hat OpenShift Enterprise, see Chapter "Upgrading from Previous Versions" in the Deployment Guide document linked to in the References section.
34471336d64a9c5139a369fddb38e1039d2d0806937c94e3166737f33fa1d6e1Ubuntu Security Notice 2422-1 - Sebastian Krahmer discovered that the Squid pinger incorrectly handled certain malformed ICMP packets. A remote attacker could possibly use this issue to cause Squid to crash, resulting in a denial of service.
5fdc5acc1edf7df5cda92a56d8dbdf15b46e052c4cb9d59558795e6dd31d2f64Red Hat Security Advisory 2014-1904-01 - Red Hat JBoss Operations Network is a middleware management solution that provides a single point of control to deploy, manage, and monitor JBoss Enterprise Middleware, applications, and services. This JBoss Operations Network 3.3.0 release serves as a replacement for JBoss Operations Network 3.2.3, and includes several bug fixes.
08286d712bd0348c6cd4b0a13b9ab8c187c2b56282df28b0c856697c4f5c3ab8Mandriva Linux Security Advisory 2014-228 - Multiple vulnerabilities has been discovered and corrected in phpmyadmin including cross site scripting, local file inclusion, and more. This upgrade provides the latest phpmyadmin version to address these vulnerabilities.
4ad8db5a3462d8d6458e9ea5a122cd9a183f280fd342ec596d4e7ad7343d37afDebian Linux Security Advisory 3076-1 - Multiple vulnerabilities were discovered in the dissectors/parsers for SigComp UDVM, AMQP, NCP and TN5250, which could result in denial of service.
b5a22abfd28b464fa89973934fb7502afe6c213084a9450d8b4d6fabc7e997a1HP Security Bulletin HPSBUX03166 SSRT101489 1 - A potential security vulnerability has been identified in the HP-UX running PAM using libpam_updbe in pam.conf(4). This vulnerability could allow remote users to bypass certain authentication restrictions. Revision 1 of this advisory.
2ee57559ffe1105bf1578d18543641ed83da279858e40c971fde79a81b4a755bHP Security Bulletin HPSBGN03203 1 - A potential security vulnerability has been identified with HP CMS: UCMDB Browser running OpenSSL. This is the SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" also known as "Poodle", which could be exploited remotely to allow disclosure of information. Revision 1 of this advisory.
8281554f5b51f6acd0e47dfe32db3e2d7d3f99d482865c62907f01596d09e599HP Security Bulletin HPSBGN03201 1 - A potential security vulnerability has been identified with HP Asset Manager running SSLv3. This is the SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" also known as "Poodle", which could be exploited remotely to allow disclosure of information. Revision 1 of this advisory.
8d3005a1b0c642ff69a47c82927bf40817a1e1a51024896e3b5e09498f2f302fHP Security Bulletin HPSBST03148 1 - A potential security vulnerability has been identified with certain HP StoreOnce Gen 2 Backup systems running Bash Shell. This is the Bash Shell vulnerability known as "Shellshock" which could be exploited remotely to allow execution of code. NOTE: Versions of HP StoreOnce Gen 2 Backup software prior to 2.3.02 contain the vulnerable version of Bash. However, HP is unaware of any method that would allow this vulnerability to be exploited on HP StoreOnce Gen 2 Backup systems but is providing an updated version of Bash Shell as a precaution. Revision 1 of this advisory.
004f0402a1b18363987419f90e5d1da127d2865f9f82eb63474f13b373a541c3HP Security Bulletin HPSBMU03214 1 - A potential security vulnerability has been identified with HP Systinet running SSLv3. This is the SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" also known as "Poodle", which could be exploited remotely to allow disclosure of information. Revision 1 of this advisory.
5ee6de586eb2db1855ec3f8ac1c16341e1ee99491b3bc38b16ec20d914ac3e61The libFLAC project, an open source library implementing reference encoders and decoders for native FLAC and Ogg FLAC audio content, suffers from multiple implementation issues. In particular, a stack overflow and a heap overflow condition, which may result in arbitrary code execution, can be triggered by passing a maliciously crafted .flac file to the libFLAC decoder. Versions 1.3.0 and below are affected.
a4032dd6d4a27f7aae901e56831009abf356688af57f4e2a9b1222732ec7ca10Docker versions prior to 1.3.2 suffer from privilege and container escalation vulnerabilities.
f3ea689d0955e5745699f82d7c1d878c1c96110a77a052bec055fa5cc225fbc5Ubuntu Security Notice 2417-1 - Nadav Amit reported that the KVM (Kernel Virtual Machine) mishandles noncanonical addresses when emulating instructions that change the rip (Instruction Pointer). A guest user with access to I/O or the MMIO can use this flaw to cause a denial of service (system crash) of the guest. A flaw was discovered with the handling of the invept instruction in the KVM (Kernel Virtual Machine) subsystem of the Linux kernel. An unprivileged guest user could exploit this flaw to cause a denial of service (system crash) on the guest. Various other issues were also addressed.
d7573d41ea8583522053f3ddf2d29337294c20d6c310ac2be612936e9cc496c9Ubuntu Security Notice 2421-1 - A flaw was discovered in how the Linux kernel's KVM (Kernel Virtual Machine) subsystem handles the CR4 control register at VM entry on Intel processors. A local host OS user can exploit this to cause a denial of service (kill arbitrary processes, or system disruption) by leveraging /dev/kvm access. Don Bailey discovered a flaw in the LZO decompress algorithm used by the Linux kernel. An attacker could exploit this flaw to cause a denial of service (memory corruption or OOPS). Various other issues were also addressed.
f89b5b9c4ee1951650d04c019468034d3d30eff46996b29897b32f06cdcf79a7Ubuntu Security Notice 2420-1 - A flaw was discovered in how the Linux kernel's KVM (Kernel Virtual Machine) subsystem handles the CR4 control register at VM entry on Intel processors. A local host OS user can exploit this to cause a denial of service (kill arbitrary processes, or system disruption) by leveraging /dev/kvm access. Don Bailey discovered a flaw in the LZO decompress algorithm used by the Linux kernel. An attacker could exploit this flaw to cause a denial of service (memory corruption or OOPS). Various other issues were also addressed.
36ffd642f6a006b44d9ce22c4b5a25aaa95783e0f98924dd420e67627387c587Ubuntu Security Notice 2419-1 - A flaw was discovered in how the Linux kernel's KVM (Kernel Virtual Machine) subsystem handles the CR4 control register at VM entry on Intel processors. A local host OS user can exploit this to cause a denial of service (kill arbitrary processes, or system disruption) by leveraging /dev/kvm access. Don Bailey discovered a flaw in the LZO decompress algorithm used by the Linux kernel. An attacker could exploit this flaw to cause a denial of service (memory corruption or OOPS). Various other issues were also addressed.
5e4c864f21c88ee3ebf68fc8b69db852398674b8060f7ec9d1fb969cae712d26Ubuntu Security Notice 2416-1 - Don Bailey discovered a flaw in the LZO decompress algorithm used by the Linux kernel. An attacker could exploit this flaw to cause a denial of service (memory corruption or OOPS). Andy Lutomirski discovered that the Linux kernel was not checking the CAP_SYS_ADMIN when remounting filesystems to read-only. A local user could exploit this flaw to cause a denial of service (loss of writability). Various other issues were also addressed.
a14a2531aa2f07760f992d885a7780d7f6c77ae27d03fcad546fedba18c7a01cUbuntu Security Notice 2418-1 - Nadav Amit reported that the KVM (Kernel Virtual Machine) mishandles noncanonical addresses when emulating instructions that change the rip (Instruction Pointer). A guest user with access to I/O or the MMIO can use this flaw to cause a denial of service (system crash) of the guest. A flaw was discovered with the handling of the invept instruction in the KVM (Kernel Virtual Machine) subsystem of the Linux kernel. An unprivileged guest user could exploit this flaw to cause a denial of service (system crash) on the guest. Various other issues were also addressed.
03a7978ef81c526c9834e89b46bf36cbf2997deaa68a655162066cf8d249724dMandriva Linux Security Advisory 2014-227 - The decode_init function in libavcodec/huffyuv.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via a crafted width in huffyuv data with the predictor set to median and the colorspace set to YUV422P, which triggers an out-of-bounds array access. The parse_picture_segment function in libavcodec/pgssubdec.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted RLE data, which triggers an out-of-bounds array access. The ff_er_frame_end function in libavcodec/error_resilience.c in FFmpeg before 1.0.4 and 1.1.x before 1.1.1 does not properly verify that a frame is fully initialized, which allows remote attackers to trigger a NULL pointer dereference via crafted picture data. The mm_decode_inter function in mmvideo.c in libavcodec in FFmpeg before 1.2.1 does not validate the relationship between a horizontal coordinate and a width value, which allows remote attackers to cause a denial of service via crafted American Laser Games MM Video data. The cdg_decode_frame function in cdgraphics.c in libavcodec in FFmpeg before 1.2.1 does not validate the presence of non-header data in a buffer, which allows remote attackers to cause a denial of service via crafted CD Graphics Video data. The read_header function in libavcodec/ffv1dec.c in FFmpeg before 2.1 does not properly enforce certain bit-count and colorspace constraints, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted FFV1 data. The updated packages have been upgraded to the 0.10.15 version which is not vulnerable to these issues.
cf41dc584dc8f69da805e217d05ba3652ca3aa212448252fb3fd5fc8f26c4777Mandriva Linux Security Advisory 2014-226 - ImageMagick is vulnerable to a denial of service due to out-of-bounds memory accesses in the resize code, PCX parser , DCM decoder, and JPEG decoder.
fd5743ac550041c732ba5f2ec5212d845702c83e55a585bb6f940756db676c6cMandriva Linux Security Advisory 2014-225 - Will Wood discovered that Ruby incorrectly handled the encodes() function. An attacker could possibly use this issue to cause Ruby to crash, resulting in a denial of service, or possibly execute arbitrary code. The default compiler options for affected releases should reduce the vulnerability to a denial of service. Due to an incomplete fix for 100% CPU utilization can occur as a result of recursive expansion with an empty String. When reading text nodes from an XML document, the REXML parser in Ruby can be coerced into allocating extremely large string objects which can consume all of the memory on a machine, causing a denial of service. Additionally ruby has been upgraded to patch level 374.
d2439eb4aac15fb7ad6deed92bf9356a7b28b2c87ab6702fba7654a4613543c6Ubuntu Security Notice 2415-1 - Andy Lutomirski discovered that the Linux kernel was not checking the CAP_SYS_ADMIN when remounting filesystems to read-only. A local user could exploit this flaw to cause a denial of service (loss of writability).
3e554180c5667d7aacf3d3bc2f65d9975859566575d57d2d4037816b562f4ffbUbuntu Security Notice 2414-1 - Tim Brown and Darron Burton discovered that KDE-Runtime incorrectly handled input validation. An attacker could possibly use this issue to execute arbitrary javascript.
a8e4d35135b503e43f7c352287cd61c345c6b291c09a386e9b98a354fd84ea40Red Hat Security Advisory 2014-1894-01 - Chromium is an open-source web browser, powered by WebKit. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash or, potentially, execute arbitrary code with the privileges of the user running Chromium. A flaw was found in the way Chromium parsed certain URL values. A malicious attacker could use this flaw to perform phishing attacks.
02987fb0dfe645698c6602689bde5f7ba35b81d62886d20d882c078fe28b3effGentoo Linux Security Advisory 201411-10 - Multiple vulnerabilities have been found in Asterisk, the worst of which could lead to Denial of Service. Versions less than 11.13.1 are affected.
8cb3b44b05c040b60ed10a544ecb9a25244ce0962746f4d7d96926bcca8015f3
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed