Red Hat Security Advisory 2015-0249-01 - Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. An uninitialized pointer use flaw was found in the Samba daemon. A malicious Samba client could send specially crafted netlogon packets that, when processed by smbd, could potentially lead to arbitrary code execution with the privileges of the user running smbd.
053bc1510a3be04466b10bbd8804b882a6add648db0c66bcfbe4dd30016cdbfeDebian Linux Security Advisory 3166-1 - Jose Duart of the Google Security Team discovered a buffer overflow in in e2fsprogs, a set of utilities for the ext2, ext3, and ext4 file systems. This issue can possibly lead to arbitrary code execution if a malicious device is plugged in, the system is configured to automatically mount it, and the mounting process chooses to run fsck on the device's malicious filesystem.
27227b3cac633bfc9c19baddb259253c2a9c639b7ddd345fada9860a5f161b0cRed Hat Security Advisory 2015-0252-01 - Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. An uninitialized pointer use flaw was found in the Samba daemon. A malicious Samba client could send specially crafted netlogon packets that, when processed by smbd, could potentially lead to arbitrary code execution with the privileges of the user running smbd.
e44b9c545254680c21421cab45a6331b3e099d99facf78667d0a998df43b7c4aDebian Linux Security Advisory 3168-1 - Kousuke Ebihara discovered that redcloth, a Ruby module used to convert Textile markup to HTML, did not properly sanitize its input. This allowed a remote attacker to perform a cross-site scripting attack by injecting arbitrary JavaScript code into the generated HTML.
bdcc66fcdbf536e7ff217fc9a0b031db97b09dc8b706dfb7797a8dc9770884dfRed Hat Security Advisory 2015-0256-01 - Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. An uninitialized pointer use flaw was found in the Samba daemon. A malicious Samba client could send specially crafted netlogon packets that, when processed by smbd, could potentially lead to arbitrary code execution with the privileges of the user running smbd.
ec46e600dcabda559a0e3ba2be776e8ee6d00d84b7580e9b7a7b574ae8035edfRed Hat Security Advisory 2015-0255-01 - Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. An uninitialized pointer use flaw was found in the Samba daemon. A malicious Samba client could send specially crafted netlogon packets that, when processed by smbd, could potentially lead to arbitrary code execution with the privileges of the user running smbd.
d09ca20340cf3e1cfb11f15e9cd087fa31ba7037c053a37f8a76ceebc3b53f29Debian Linux Security Advisory 3165-1 - Jiri Horner discovered a way to cause xdg-open, a tool that automatically opens URLs in a user's preferred application, to execute arbitrary commands remotely.
298e5a07e6894c3e9f9deb239f8a732c5b944f9972048325d4aaa29b057cc979Debian Linux Security Advisory 3167-1 - Jakub Wilk reported that sudo, a program designed to provide limited super user privileges to specific users, preserves the TZ variable from a user's environment without any sanitization. A user with sudo access may take advantage of this to exploit bugs in the C library functions which parse the TZ environment variable or to open files that the user would not otherwise be able to open. The later could potentially cause changes in system behavior when reading certain device special files or cause the program run via sudo to block.
c8ab68f024d041a656114d083d7d34267de02fc254ac8f6877df2a8e726b7843Cisco Security Advisory - A vulnerability in the parsing of malformed IP version 6 (IPv6) packets in Cisco IOS XR Software for Cisco Network Convergence System 6000 (NCS 6000) and Cisco Carrier Routing System (CRS-X) could allow an unauthenticated, remote attacker to cause a reload of a line card that is processing traffic. The vulnerability is due to improper processing of malformed IPv6 packets carrying extension headers. An attacker could exploit this vulnerability by sending a malformed IPv6 packet, carrying extension headers, through an affected Cisco IOS XR device line card. An exploit could allow the attacker to cause a reload of the line card on the affected Cisco IOS XR device. Cisco has released free software updates that address this vulnerability. There are no workarounds that address this vulnerability.
f9aa7d30c2de2cac2c6146829a9ee7f577afc484369915793565a06538f4f0c5Debian Linux Security Advisory 3164-1 - Pierrick Caillon discovered that the authentication could be bypassed in the Typo 3 content management system.
c7d416748a11a800ad18562734439e97fc5c7b23b11f531240da0f1795307876HP Security Bulletin HPSBPV03266 - Potential security vulnerabilities have been identified with certain HP Networking and H3C switches and routers running NTP. The vulnerabilities could be exploited remotely to allow execution of code, disclosure of information and denial of service (DoS). Revision 1 of this advisory.
1e5b7079d340789f718e38872fb41274da4f974274be3c825c5f3e12ddb930a8Red Hat Security Advisory 2015-0246-01 - OpenStack Image service provides discovery, registration, and delivery services for disk and server images. It provides the ability to copy or snapshot a server image, and immediately store it away. Stored images can be used as a template to get new servers up and running quickly and more consistently than installing a server operating system and individually configuring additional services. It was discovered that an authenticated user could use a path traversal flaw in glance to download or delete any file on the glance server that is accessible to the glance process user. Note that only setups using the OpenStack Image V2 API were affected by this flaw.
4b10e1f36554d8953a3c5a43c497178ccb04e8fae974d0fddbfa4cf2f159ff12Ubuntu Security Notice 2504-1 - The NSS package contained outdated CA certificates. This update refreshes the NSS package to version 3.17.4 which includes the latest CA certificate bundle.
9022b804e945f154e3f6d1967e4ffa8b7d7349976e98ce2808681b930e35e1ddHP Security Bulletin HPSBUX03240 SSRT101872 - Potential security vulnerabilities have been identified with HP-UX running NTP. These could be exploited remotely to execute code, create a Denial of Service (DoS), or other vulnerabilities. Revision 1 of this advisory.
abc2b7afc4f8f47e2bf3872b6662dfd3cbd30f380650ada88bbaf256a29a3160Debian Linux Security Advisory 3163-1 - It was discovered that LibreOffice, an office productivity suite, could try to write to invalid memory areas when importing malformed RTF files. This could allow remote attackers to cause a denial of service (crash) or arbitrary code execution via crafted RTF files.
cf591ba3144f2cc4d5e527fce22a32946a8b35589844e3ca830a1e843e8e4c34Debian Linux Security Advisory 3162-1 - Jan-Piet Mens discovered that the BIND DNS server would crash when processing an invalid DNSSEC key rollover, either due to an error on the zone operator's part, or due to interference with network traffic by an attacker. This issue affects configurations with the directives "dnssec-validation auto;" (as enabled in the Debian default configuration) or "dnssec-lookaside auto;".
712f536a8bf23bc5f8d33db7a0de53d43e7ac7b83f25eb9aa8ff4b95164b1dd5Ubuntu Security Notice 2503-1 - Jan-Piet Mens discovered that Bind incorrectly handled Trust Anchor Management. A remote attacker could use this issue to cause bind to crash, resulting in a denial of service.
896f3f1ebb14472afcabb7f719bd450e53bbba558630a1cb3030afc8ce469de1Red Hat Security Advisory 2015-0236-01 - Red Hat JBoss Fuse, based on Apache ServiceMix, provides a small-footprint, flexible, open source enterprise service bus and integration platform. Red Hat JBoss A-MQ, based on Apache ActiveMQ, is a standards compliant messaging system that is tailored for use in mission critical applications. This patch is an update to Red Hat JBoss Fuse 6.1.0 and Red Hat JBoss A-MQ 6.1.0. It includes bug fixes, which are documented in the readme.txt file included with the patch files. The following security issues are addressed in this release: It was found that Apache WSS4J, as used by Apache CXF with the TransportBinding, did not, by default, properly enforce all security requirements associated with SAML SubjectConfirmation methods. A remote attacker could use this flaw to perform various types of spoofing attacks on web service endpoints secured by WSS4J that rely on SAML for authentication.
a6ad49cfc9fa80817b40cd6dc90e6ccb53b55f47cc55c330a334b931986ef67dRed Hat Security Advisory 2015-0235-01 - Red Hat JBoss BRMS is a business rules management system for the management, storage, creation, modification, and deployment of JBoss Rules. This roll up patch serves as a cumulative upgrade for Red Hat JBoss BRMS 6.0.3, and includes bug fixes and enhancements. It includes various bug fixes, which are listed in the README file included with the patch files.
f64f2ca65fbace1e4788ea16f69ecf599345eb34f981247acfbecdcca41d5401Red Hat Security Advisory 2015-0234-01 - Red Hat JBoss BPM Suite is a business rules and processes management system for the management, storage, creation, modification, and deployment of JBoss rules and BPMN2-compliant business processes. This roll up patch serves as a cumulative upgrade for Red Hat JBoss BPM Suite 6.0.3, and includes bug fixes and enhancements. It includes various bug fixes, which are listed in the README file included with the patch files.
89d8125129242bfb26c8918f339b601f902009b742ed74af25c35427a3a89137Gentoo Linux Security Advisory 201502-13 - Multiple vulnerabilities have been found in Chromium, the worst of which can allow remote attackers to cause Denial of Service or gain escalated privileges. Versions less than 40.0.2214.111 are affected.
b141f2ae3308d17a9226400eb6145c29f4202b6063a681a62050f283b886aff1Ubuntu Security Notice 2502-1 - William Robinet discovered that unzip incorrectly handled certain malformed zip archives. If a user or automated system were tricked into processing a specially crafted zip archive, an attacker could possibly execute arbitrary code.
26a756ea3fbaeff19e1d0e0deb700676c0f98e2026f1ad3ff1168c507a5d3260Ubuntu Security Notice 2501-1 - Stefan Esser discovered that PHP incorrectly handled unserializing objects. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. CVE-2015-0231) Brian Carpenter discovered that the PHP CGI component incorrectly handled invalid files. A local attacker could use this issue to obtain sensitive information, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS and Ubuntu 14.10. Various other issues were also addressed.
87581be317b7551f9d11aa00fc90c8ccbf8b821794084bfafde6b9df107ac894Ubuntu Security Notice 2500-1 - Olivier Fourdan discovered that the X.Org X server incorrectly handled XkbSetGeometry requests resulting in an information leak. An attacker able to connect to an X server, either locally or remotely, could use this issue to possibly obtain sensitive information. It was discovered that the X.Org X server incorrectly handled certain trapezoids. An attacker able to connect to an X server, either locally or remotely, could use this issue to possibly crash the server. This issue only affected Ubuntu 12.04 LTS. Various other issues were also addressed.
fe374163e95255581fae4cb946e899828286ba84ef6853a6cf93f337dfe7c699Slackware Security Advisory - New sudo packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix a security issue.
ae47a52f4d6f4b4c43f0e8521a7bc0b89d6ca1a05fdf1ba703c22ad362feb502
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed