Liferay Portal versions 6.2 EE SP8 and below suffer from a cross site scripting vulnerability.
588c7b3f899dee927dca095f3cb6bd26659601629c29183946a39fcf4cca2ceb
Ubuntu Security Notice 2413-1 - An AppArmor policy miscompilation flaw was discovered in apparmor_parser. Under certain circumstances, a malicious application could use this flaw to perform operations that are not allowed by AppArmor policy. The flaw may also prevent applications from accessing resources that are allowed by AppArmor policy.
cb6348b595c35e29fb92f1184a6f07493140def07694f71a448a48054ceb11f8
Red Hat Security Advisory 2014-1885-01 - The libxml2 library is a development toolbox providing the implementation of various XML standards. A denial of service flaw was found in libxml2, a library providing support to read, modify and write XML and HTML files. A remote attacker could provide a specially crafted XML file that, when processed by an application using libxml2, would lead to excessive CPU consumption based on excessive entity substitutions, even if entity substitution was disabled, which is the parser default behavior. All libxml2 users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. The desktop must be restarted for this update to take effect.
120d63d619224bf9a59430613608c4018524b70c157270d73a38c424b323ecb1
Red Hat Security Advisory 2014-1882-01 - IBM Java SE version 7 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.
739553eebe194c764860fdf7fef41eee3aed9586ecf57cee33e3e900c897fed5
Red Hat Security Advisory 2014-1881-01 - IBM J2SE version 5.0 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.
6d075d501782cf382bcc6edcafdc84e55624414d574fe5b16cd42344ff1b187a
Red Hat Security Advisory 2014-1880-01 - IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.
5d609a90cdea6dcd204ddaeb5da8097ae2d553d12c9f429fe8566cb0ce22c142
Ubuntu Security Notice 2412-1 - Tomas Hoger discovered that Ruby incorrectly handled XML entity expansion. An attacker could use this flaw to cause Ruby to consume large amounts of resources, resulting in a denial of service.
01722294a0b313f8e8afdbc85a33a5bbad3769b7586918f6bcfb791c4d0d0ccf
Debian Linux Security Advisory 3075-1 - Two vulnerabilities were discovered in Drupal, a fully-featured content management framework.
63d4bdbad4a4ce7ba4d2fb743a437a426aa6f86aa2d1044f245f01baa4f1801d
Core Security Technologies Advisory - Advantech WebAccess version 7.2 is vulnerable to a stack-based buffer overflow attack, which can be exploited by remote attackers to execute arbitrary code, by providing a malicious html file with specific parameters for an ActiveX component.
f1107baceb903ca53318f0f5735854c6a5130cf3da81f5840dce6c8afe32091a
Core Security Technologies Advisory - Advantech AdamView version 4.3 has two different fields vulnerable to buffer overflow attacks, which can be exploited by attackers in order to execute arbitrary code by running files with the '.gni' extension that is associated with the AdamView software.
4fe10cda753e8e158ce53fcdfbfe4c893a64dbd2105a91b331e4abac8fc4f063
Mandriva Linux Security Advisory 2014-217 - ClamAV 0.98.5 addresses several reported potential security bugs. Certain javascript files causes ClamAV to segfault when scanned with the -a.
34d90cc32a544a3c929bee3170979f4f877e9ca2a4c8a7645cb877ec7aae1f39
Mandriva Linux Security Advisory 2014-216 - The Zend\Ldap component in Zend 2.x before 2.2.8 and 2.3.x before 2.3.3 allows remote attackers to bypass authentication via a password starting with a null byte, which triggers an unauthenticated bind. The updated packages have been upgraded to the latest ZendFramework version which is not vulnerable to this issue.
fa7b299f23243117c4d5325a9a21dfaa3642ae63ca4f9d8d4a57c626625d3674
Ubuntu Security Notice 2410-1 - A buffer overflow was discovered in Skia. If a user were tricked in to opening a specially crafted website, an attacked could potentially exploit this to cause a denial of service via renderer crash or execute arbitrary code with the privileges of the sandboxed render process. Multiple use-after-frees were discovered in Blink. If a user were tricked in to opening a specially crafted website, an attacked could potentially exploit these to cause a denial of service via renderer crash or execute arbitrary code with the privileges of the sandboxed render process. Various other issues were also addressed.
a0eb2e8f1600102c5ce5d378e991cc151504dd74a6f59142caaba94ac7cf77cc
Red Hat Security Advisory 2014-1877-01 - IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.
03fd13611ccfc856be5e91a62ee8127d21ba187f8ca92810e9d322950c7c3bc1
Red Hat Security Advisory 2014-1876-01 - IBM Java SE version 7 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.
6d221975cabbebbc241b0225aff33a5b993018aaf62f538567c220abef5005dd
Faronics Deep Freeze Standard and Enterprise suffers from an arbitrary code execution vulnerability.
27fb76254363929ae6c1caac2afa6005830a4d1520926bd16a9b059055f1e885
Mandriva Linux Security Advisory 2014-215 - An out-of-bounds memory write flaw was found in the way GnuTLS parsed certain ECC (Elliptic Curve Cryptography) certificates or certificate signing requests (CSR). A malicious user could create a specially crafted ECC certificate or a certificate signing request that, when processed by an application compiled against GnuTLS (for example, certtool), could cause that application to crash or execute arbitrary code with the permissions of the user running the application.
09deb94573db19c2095367b2e4855204d2d7f1f688124b59ab0810ec5e393e7a
Debian Linux Security Advisory 3074-1 - Francisco Alonso of Red Hat Product Security found an issue in the file utility, whose code is embedded in PHP, a general-purpose scripting language. When checking ELF files, note headers are incorrectly checked, thus potentially allowing attackers to cause a denial of service (out-of-bounds read and application crash) by supplying a specially crafted ELF file.
c3c7f83fc8677e848b0cf6cde29652f956a6c07f2e420aedcf4eb8bc70533181
Debian Linux Security Advisory 3074-2 - The previous update for php5, DSA-3074-1, introduced regression in the sessionclean cron script. The change was intended to fix a potential symlink attack using filenames including the NULL character (Debian bug #766147), but depended on sed package version too recent, not in Wheezy.
eb5ca3638356ab944b043dc1e88c1b86cc5025738f16872711478b87772079b4
Apple Security Advisory 2014-11-17-3 - Apple TV 7.0.2 is now available and addresses arbitrary code execution and unsigned code execution security issues.
64ff89b095ba26114a75a346f55bdedfd3112739360aef178b40c75924a28897
Apple Security Advisory 2014-11-17-2 - OS X 10.10.1 is now available and addresses a privacy issue, arbitrary code execution, and various other security issues.
0070a836f0e45939ac86a47d278a19667a9d9d6640d8631bc2fbfc89036c0713
Apple Security Advisory 2014-11-17-1 - iOS 8.1.1 is now available and addresses code execution and various other security flaws.
602e9d605f73315efc5efaf9ac7b45623e8729c43897fd8782af5548bf6439e1
Red Hat Security Advisory 2014-1873-01 - The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. An out-of-bounds read flaw was found in the way libvirt's qemuDomainGetBlockIoTune() function looked up the disk index in a non-persistent disk configuration while a persistent disk configuration was being indexed. A remote attacker able to establish a read-only connection to libvirtd could use this flaw to crash libvirtd or, potentially, leak memory from the libvirtd process.
926fc0cc610c6630f02ce4257be003e8e729f64fc84448045e963d1964416a7a
Red Hat Security Advisory 2014-1872-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A NULL pointer dereference flaw was found in the way the Linux kernel's Stream Control Transmission Protocol implementation handled simultaneous connections between the same hosts. A remote attacker could use this flaw to crash the system. This update fixes several race conditions between PCI error recovery callbacks and potential calls of the ifup and ifdown commands in the tg3 driver. When triggered, these race conditions could cause a kernel crash.
54407e6e9d70167a75066e417334ef0ce14148e42cf5071246c5480fab521ac3
This bulletin summary lists one critical bulletin and two revised bulletins for November, 2014.
4aced037c747d3df6acb8046188592f6842998bc6bb7ab3e901046c2cd2f4d04