Red Hat Security Advisory 2015-0052-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities are detailed in the Adobe Security Bulletin APSB15-01, listed in the References section. Multiple flaws were found in the way flash-plugin displayed certain SWF content. An attacker could use these flaws to create a specially crafted SWF file that would cause flash-plugin to crash or, potentially, execute arbitrary code when the victim loaded a page containing the malicious SWF content.
bc4453cfc6f31c7f97d4fb6a35f1826c3f53bc1bf96765f0805f29e89022fdfcDebian Linux Security Advisory 3127-1 - Multiple security issues have been found in Iceweasel, Debian's version and implementation errors may lead to the execution of arbitrary code, information leaks or denial of service.
d5a454c1ff9d073a0144abca0553098b2debbf250896c3501e3f5d0bf9dfb702Kodi/XBMC versions 14 and below suffer from a cross site request forgery vulnerability.
cecacfa36504e9b71f724b2954aff24637057840d82bcf91a6137809b422a665This bulletin summary lists one bulletin that has undergone a major revision increment for January, 2015.
b35e37693f73c2e8b781524b432a3cf64d53b82f7dd69b8c458884d9df656e66This bulletin summary lists eight released Microsoft security bulletins for January, 2015.
2fe73ec475cd8a31081141991b6ee5bce05c41923fbbe4c4dd52789e2e920d24Apache Qpid's qpidd up to and including version 0.30 suffers from a denial of service vulnerability.
93e08a917a4400984c0daa916d80f064f905d79916e53644c6f039af207a0100Ubuntu Security Notice 2470-1 - Matt Mackall and Augie Fackler discovered that Git incorrectly handled certain filesystem paths. A remote attacker could possibly use this issue to execute arbitrary code if the Git tree is stored in an HFS+ or NTFS filesystem. The remote attacker would need write access to a Git repository that the victim pulls from.
85b950ee8227de6144153e9f9d7593a621bb882118bc9fc9f52fbfc82a0d2838Red Hat Security Advisory 2015-0046-01 - Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. It was found that the Beacon interface implementation in Firefox did not follow the Cross-Origin Resource Sharing specification. A web page containing malicious content could allow a remote attacker to conduct a Cross-Site Request Forgery attack.
f4b93c12f58e5c35affaf35be1f54a6e7e80329d12affa6b11389446e5167813Red Hat Security Advisory 2015-0047-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. Two flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. It was found that the Beacon interface implementation in Thunderbird did not follow the Cross-Origin Resource Sharing specification. A web page containing malicious content could allow a remote attacker to conduct a Cross-Site Request Forgery attack.
c4c90cbbcab5333ce920d4813c89f6733d5c1a0c81ef3a8da7a3d197136f93aeRed Hat Security Advisory 2015-0045-01 - In accordance with the Red Hat Enterprise Linux OpenStack Platform Support Policy, the 1.5-year life cycle of Production Support for the 4.0 version will end on June 19, 2015. Accordingly, Red Hat will no longer provide updated packages, including Critical impact security patches or urgent priority bug fixes, for Red Hat Enterprise Linux OpenStack Platform version 4.0 after June 19, 2015. In addition, technical support through Red Hat's Global Support Services will no longer be provided after this date. We encourage customers to upgrade to the latest version of Red Hat Enterprise Linux OpenStack Platform as soon as possible. As of the End of Life date, this is expected to be the 6.0 version, based on the upstream Juno release, and will be supported for 3 years. In addition, the 5.0 version will continue to be in the Production Support phase until its End of Life on June 29, 2017. As a benefit of the Red Hat subscription model, customers can use their active subscriptions to entitle any system on a currently supported Red Hat Enterprise Linux OpenStack Platform version.
58c4da3d86b9a303571a1d44dbac49ef14eaf8cec631e645d8305d189210b02dRed Hat Security Advisory 2015-0043-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way the Linux kernel's SCTP implementation handled malformed or duplicate Address Configuration Change Chunks. A remote attacker could use either of these flaws to crash the system. A flaw was found in the way the Linux kernel's SCTP implementation handled the association's output queue. A remote attacker could send specially crafted packets that would cause the system to use an excessive amount of memory, leading to a denial of service.
9417d6425fbb2d1b37ec0488e89d2176d4de927c292cf623ef0ff73757c17c62Red Hat Security Advisory 2015-0042-01 - The cloud-init packages provide a set of init scripts for cloud instances. Cloud instances need special scripts to run during initialization to retrieve and install ssh keys and to let the user run various scripts. A denial of service flaw was found in the way Python's SSL module implementation performed matching of certain certificate names. A remote attacker able to obtain a valid certificate that contained multiple wildcard characters could use this flaw to issue a request to validate such a certificate, resulting in excessive consumption of CPU. This issue was discovered by Florian Weimer of Red Hat Product Security.
6706af2caac638d9939aa28f31ae15f6d34e9050051252c075201903cea2c614Red Hat Security Advisory 2015-0044-01 - OpenStack Networking is a pluggable, scalable, and API-driven system that provisions networking services to virtual machines. Its main function is to manage connectivity to and from virtual machines. As of Red Hat Enterprise Linux OpenStack Platform 4.0, 'neutron' replaces 'quantum' as the core component of OpenStack Networking. A denial of service flaw was found in the way neutron handled the 'dns_nameservers' parameter. By providing specially crafted 'dns_nameservers' values, an authenticated user could use this flaw to crash the neutron service.
1dda85bebea21cccfc20796f94883bc7c92a1ae9924506a10d1b3c6408a7d1c8HP Security Bulletin HPSBGN03233 1 - Potential security vulnerabilities have been identified with HP OneView running OpenSSL and Bash Shell. These vulnerabilities (POODLE and Shellshock) could be exploited remotely to create a Denial of Service (DoS), allow unauthorized access, or disclose information. Revision 1 of this advisory.
4b877dbe7e357236881b287abc3a3f36c78913bccdc7212120a575f1c5a5650eUbuntu Security Notice 2469-1 - Jedediah Smith discovered that Django incorrectly handled underscores in WSGI headers. A remote attacker could possibly use this issue to spoof headers in certain environments. Mikko Ohtamaa discovered that Django incorrectly handled user-supplied redirect URLs. A remote attacker could possibly use this issue to perform a cross-site scripting attack. Alex Gaynor discovered that Django incorrectly handled reading files in django.views.static.serve(). A remote attacker could possibly use this issue to cause Django to consume resources, resulting in a denial of service. Various other issues were also addressed.
cf000da88b9863ec2a0ae7af5936ce03f27fabeb8b4e2e9c8f5f08774d6d8b01Debian Linux Security Advisory 3123-2 - In DSA 3123 the binutils package was updated for several security issues. This update adds rebuilt packages for binutils-mingw-w64, so these will take advantage of the fixes.
5f1b17b8fa1cc1cbe8ee53cfee243b9e7be21a8cbf354b93f40f756c375b48f1HP Security Bulletin HPSBMU03230 1 - A potential security vulnerability has been identified with HP Insight Control server deployment that could be exploited remotely resulting in disclosure of information. Revision 1 of this advisory.
2cf200a92faa51490db9c4c86755eb7cfda0237026046639b790c80cfbbfa5d3Ubuntu Security Notice 2468-1 - A null pointer dereference flaw was discovered in the the Linux kernel's SCTP implementation when ASCONF is used. A remote attacker could exploit this flaw to cause a denial of service (system crash) via a malformed INIT chunk. A race condition with MMIO and PIO transactions in the KVM (Kernel Virtual Machine) subsystem of the Linux kernel was discovered. A guest OS user could exploit this flaw to cause a denial of service (guest OS crash) via a specially crafted application. Various other issues were also addressed.
b87ad3513b1b14897c08a8fa67c7f83ae209118a25480a7387424398b46ff1ebUbuntu Security Notice 2467-1 - A null pointer dereference flaw was discovered in the the Linux kernel's SCTP implementation when ASCONF is used. A remote attacker could exploit this flaw to cause a denial of service (system crash) via a malformed INIT chunk. A race condition with MMIO and PIO transactions in the KVM (Kernel Virtual Machine) subsystem of the Linux kernel was discovered. A guest OS user could exploit this flaw to cause a denial of service (guest OS crash) via a specially crafted application. Various other issues were also addressed.
6db7378aa52f1ea3d0d471f8fffba697ae4faed7d96f6528cf50a5bb6e55846eUbuntu Security Notice 2466-1 - A null pointer dereference flaw was discovered in the the Linux kernel's SCTP implementation when ASCONF is used. A remote attacker could exploit this flaw to cause a denial of service (system crash) via a malformed INIT chunk. A race condition with MMIO and PIO transactions in the KVM (Kernel Virtual Machine) subsystem of the Linux kernel was discovered. A guest OS user could exploit this flaw to cause a denial of service (guest OS crash) via a specially crafted application. Various other issues were also addressed.
72ab799039264b012fe56154c3779f8c3a2e0239f77320cbea5170fef033aff4Ubuntu Security Notice 2462-1 - Lars Bull reported a race condition in the PIT (programmable interrupt timer) emulation in the KVM (Kernel Virtual Machine) subsystem of the Linux kernel. A local guest user with access to PIT i/o ports could exploit this flaw to cause a denial of service (crash) on the host. Lars Bull and Nadav Amit reported a flaw in how KVM (the Kernel Virtual Machine) handles noncanonical writes to certain MSR registers. A privileged guest user can exploit this flaw to cause a denial of service (kernel panic) on the host. Various other issues were also addressed.
0f5da1d8a858a44a37ab039d7f2dbbccb1c46685351becb6ec3a4369a865c5f3Ubuntu Security Notice 2465-1 - A null pointer dereference flaw was discovered in the the Linux kernel's SCTP implementation when ASCONF is used. A remote attacker could exploit this flaw to cause a denial of service (system crash) via a malformed INIT chunk. A race condition with MMIO and PIO transactions in the KVM (Kernel Virtual Machine) subsystem of the Linux kernel was discovered. A guest OS user could exploit this flaw to cause a denial of service (guest OS crash) via a specially crafted application. Various other issues were also addressed.
07d103f30d4ad42e9fbba5870ef5da6e4ed83ec02f5cd414821e6b547da1c15bUbuntu Security Notice 2463-1 - A race condition with MMIO and PIO transactions in the KVM (Kernel Virtual Machine) subsystem of the Linux kernel was discovered. A guest OS user could exploit this flaw to cause a denial of service (guest OS crash) via a specially crafted application. The KVM (kernel virtual machine) subsystem of the Linux kernel miscalculates the number of memory pages during the handling of a mapping failure. A guest OS user could exploit this to cause a denial of service (host OS page unpinning) or possibly have unspecified other impact by leveraging guest OS privileges. Various other issues were also addressed.
da3c2be0fdb5fdfe7f461298d822b706d3f2c2d489afa8457ad3302c94e57aceUbuntu Security Notice 2464-1 - Andy Lutomirski discovered that the Linux kernel does not properly handle faults associated with the Stack Segment (SS) register in the x86 architecture. A local attacker could exploit this flaw to gain administrative privileges. An information leak in the Linux kernel was discovered that could leak the high 16 bits of the kernel stack address on 32-bit Kernel Virtual Machine (KVM) paravirt guests. A user in the guest OS could exploit this leak to obtain information that could potentially be used to aid in attacking the kernel. Various other issues were also addressed.
f75d7cc0dcd4758392f8801245cba456c9322b7d08a6a0f867821d681a4df56cHP Security Bulletin HPSBOV03228 1 - A potential security vulnerability has been identified with HP OpenVMS running Bash Shell. This is the Bash Shell vulnerability known as "Shellshock" which could be exploited remotely to allow execution of code. Revision 1 of this advisory.
54602e8de35c6c47fc8c1b533278a3d28121a1b297a194088df4d09262b8ccc0
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed