Red Hat Security Advisory 2014-1893-01 - The libXfont packages provide the X.Org libXfont runtime library. X.Org is an open source implementation of the X Window System. A use-after-free flaw was found in the way libXfont processed certain font files when attempting to add a new directory to the font path. A malicious, local user could exploit this issue to potentially execute arbitrary code with the privileges of the X.Org server. Multiple out-of-bounds write flaws were found in the way libXfont parsed replies received from an X.org font server. A malicious X.org server could cause an X client to crash or, possibly, execute arbitrary code with the privileges of the X.Org server.
ba93cba4862f795071c932fc3c43b83e32cbef7456e8542d73f4034f3242c7cb
Gentoo Linux Security Advisory 201411-8 - Multiple vulnerabilities have been found in Aircrack-ng, possibly resulting in local privilege escalation, remote code execution, or Denial of Service. Versions prior to 1.2_rc1 are affected.
642f3d924ae079e3b509f1421890b09bd3d9ddf87237d95d6d6cb5a9eded2604
Gentoo Linux Security Advisory 201411-9 - Multiple vulnerabilities have been found in Ansible which may allow local privilege escalation. Versions less than 1.6.8 are affected.
2864926da3458a61d02dbe8623f01598e75752b681274d074fedc48f55914d2f
Gentoo Linux Security Advisory 201411-7 - A NULL pointer dereference in Openswan may allow remote attackers to cause Denial of Service. Versions less than or equal to 2.6.39-r1 are affected.
a42a973e98382c25ce8f2f55f8d1cc8e767f20f6c33222680bbb0f05b22722b6
Red Hat Security Advisory 2014-1892-01 - Red Hat JBoss BPM Suite is a business rules and processes management system for the management, storage, creation, modification, and deployment of JBoss rules and BPMN2-compliant business processes. This roll up patch serves as a cumulative upgrade for Red Hat JBoss BPM Suite 6.0.3, and includes bug fixes and enhancements. It includes various bug fixes, which are listed in the README file included with the patch files.
4f5d88b23ad47c15d92aa56c346f2979074c221f17729cbe994092b16ae9f700
Red Hat Security Advisory 2014-1891-01 - Red Hat JBoss BRMS is a business rules management system for the management, storage, creation, modification, and deployment of JBoss Rules. This roll up patch serves as a cumulative upgrade for Red Hat JBoss BRMS 6.0.3, and includes bug fixes and enhancements. It includes various bug fixes, which are listed in the README file included with the patch files. The following security issues are fixed with this release: It was discovered that Jakarta Commons HttpClient incorrectly extracted the host name from an X.509 certificate subject's Common Name field. A man-in-the-middle attacker could use this flaw to spoof an SSL server using a specially crafted X.509 certificate.
b592f8c8ee96a54967e2557353405052d49c187fecc92e620bc4dcf46ba2f8be
A local privilege escalation vulnerability has been identified in the codemeter.exe Windows service. When installed with the default settings, this service allows Read/Write access to any user, meaning any user can modify the location of the binary executed by the service with SYSTEM privileges.
cc5d65935bbbef89a934423df07e12fdb85bb3c9bddcdf415a89cc055a1ac021
HP Security Bulletin HPSBUX03087 SSRT101413 2 - Potential security vulnerabilities have been identified with HP-UX CIFS-Server (Samba). The vulnerabilities could be exploited remotely to cause a Denial of Service (DoS), execution of arbitrary code, or unauthorized access. Revision 2 of this advisory.
a56a13f1ec26735d4d53c5b23bf32116794a56a90a713f7129caca2874101576
Mandriva Linux Security Advisory 2014-222 - Eric Blake discovered that libvirt incorrectly handled permissions when processing the qemuDomainFormatXML command. An attacker with read-only privileges could possibly use this to gain access to certain information from the domain xml file.
b1e46fa67faacfb7e538c3ab47855727400c604063f8f1f9cdcbb61a33e35d27
Mandriva Linux Security Advisory 2014-221 - Although Mandriva forgot to include a problem description in this advisory, it appears that their latest packages for php-smarty may have address cross site scripting and code execution vulnerabilities.
7cbd232472b3b573ab03123f0ac49ea2ed2fdb427ad187747ab9a0211410bd37
Mandriva Linux Security Advisory 2014-220 - Michael S. Tsirkin discovered that QEMU incorrectly handled vmxnet3 devices. A local guest could possibly use this issue to cause a denial of service, or possibly execute arbitrary code on the host. Multiple integer overflow, input validation, logic error, and buffer overflow flaws were discovered in various QEMU block drivers. An attacker able to modify a disk image file loaded by a guest could use these flaws to crash the guest, or corrupt QEMU process memory on the host, potentially resulting in arbitrary code execution on the host with the privileges of the QEMU process. Various other security issues were also addressed.
480666aecbbb024a07215735219c58b0e7f5a12a96b93245aa388fe716692f65
Mandriva Linux Security Advisory 2014-219 - Fernando Russ from Groundworks Technologies reported a buffer overflow flaw in srtp, Cisco's reference implementation of the Secure Real-time Transport Protocol(SRTP), in how the crypto_policy_set_from_profile_for_rtp() function applies cryptographic profiles to an srtp_policy. A remote attacker could exploit this vulnerability to crash an application linked against libsrtp, resulting in a denial of service.
4b5a258db5c599bcb432c7d521bd5c29b7892a1bed1f9afdcb8dc8b676bb2169
HP Security Bulletin HPSBHF03052 2 - Potential security vulnerabilities have been identified with HP Network Products running OpenSSL. The vulnerabilities could be exploited remotely to create a Denial of Service (DoS), execute code, allow unauthorized access, modify or disclose information. Revision 2 of this advisory.
05b5388c45bab42768c86cb307b795bd77831c2a0e62454db751fab2eff1be37
Mandriva Linux Security Advisory 2014-218 - Multiple vulnerabilities have been discovered and corrected in asterisk. The updated packages has been upgraded to the 11.14.1 version which is not vulnerable to these issues.
0534fe5967f21eae7e7046a4d878c5be5ad87b03ce2d780f490b6b44c04c1d6c
Gentoo Linux Security Advisory 201411-6 - Multiple vulnerabilities have been found in Adobe Flash Player, the worst of which allows remote attackers to execute arbitrary code. Versions less than 11.2.202.418 are affected.
83203fb083c7020525f2bfe19e222e1c2c84a7d9fcbe5f3b8712fb38a32e0044
Mandriva Linux Security Advisory 2014-224 - The kadm5_randkey_principal_3 function in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 before 1.13 sends old keys in a response to a -randkey -keepold request, which allows remote authenticated users to forge tickets by leveraging administrative access.
44e0fd2f76775f8cdc8e4d5fe78161fa0d40493711469db9916abe892af3d940
Mandriva Linux Security Advisory 2014-223 - Updated wireshark packages fix a buffer overflow, multiple crashes, and infinite loops.
813c170a97d187887177fada8774c35108d4d1d5eb92bcaa565037e19ac19de7
Asterisk Project Security Advisory - The DB dialplan function when executed from an external protocol (for instance AMI), could result in a privilege escalation.
5f6de459bd80960c973e40d53339c46b02b67d9db5559130f299530051f16340
Asterisk Project Security Advisory - The CONFBRIDGE dialplan function when executed from an external protocol (for instance AMI), could result in a privilege escalation. Also, the AMI action "ConfbridgeStartRecord" could also be used to execute arbitrary system commands without first checking for system access.
eebc8eabd10dc9e3b8bc9523e239a9374c0d69bf823e68db757ae0b2b1368d33
A security flaw in WordPress 3 allows injection of JavaScript into certain text fields. In particular, the problem affects comment boxes on WordPress posts and pages. These do not require authentication by default.
02864c8b1d8ce4fe8f2269a04a424fa54ebc581ac541b6681c57d7abdb8251f1
Asterisk Project Security Advisory - When handling an INVITE with Replaces message the res_pjsip_refer module incorrectly assumes that it will be operating on a channel that has just been created. If the INVITE with Replaces message is sent in-dialog after a session has been established this assumption will be incorrect. The res_pjsip_refer module will then hang up a channel that is actually owned by another thread. When this other thread attempts to use the just hung up channel it will end up using freed channel which will likely cause a crash.
15a4222dbf1ccd2736fba02c722a20bb0de7e9d45367175f41e820c972765349
Asterisk Project Security Advisory - The chan_pjsip channel driver uses a queue approach for actions relating to SIP sessions. There exists a race condition where actions may be queued to answer a session or send ringing AFTER a SIP session has been terminated using a CANCEL request. The code will incorrectly assume that the SIP session is still active and attempt to send the SIP response. The PJSIP library does not expect the SIP session to be in the disconnected state when sending the response and asserts.
55c0f051137922494f6ce7feebfbe8e1ea4b9b2169a67c126fdff6d43bda124a
Asterisk Project Security Advisory - The ConfBridge application uses an internal bridging API to implement conference bridges. This internal API uses a state model for channels within the conference bridge and transitions between states as different things occur. Under load it is possible for some state transitions to be delayed causing the channel to transition from being hung up to waiting for media. As the channel has been hung up remotely no further media will arrive and the channel will stay within ConfBridge indefinitely.
84eb5f3fb7ddc9a0f5ee17c933a15f1ce01cc2ecc88d2c7325407f4bef03640b
Asterisk Project Security Advisory - The Asterisk module res_pjsip_acl provides the ability to configure ACLs that may be used to reject SIP requests from various hosts. In affected versions of Asterisk, this module fails to create and apply ACLs defined in pjsip.conf. This may be worked around by reloading res_pjsip manually after res_pjsip_acl is loaded.
b3b03fb6b4fdfbb86b064255aefc3988d26b8846fa6491e95caf916c96308e46
Asterisk Project Security Advisory - Many modules in Asterisk that service incoming IP traffic have ACL options ("permit" and "deny") that can be used to whitelist or blacklist address ranges. A bug has been discovered where the address family of incoming packets is only compared to the IP address family of the first entry in the list of access control rules. If the source IP address for an incoming packet is not of the same address family as the first ACL entry, that packet bypasses all ACL rules. For ACLs whose rules are all of the same address family, there is no issue.
d63dbc1f4a1555e213fdaf8b7170df0e1ef4f9f7d5de91107a8f9832f1027a68