Debian Linux Security Advisory 3271-1 - Tuomas Rasanen discovered that unsafe signal handling in nbd-server, the server for the Network Block Device protocol, could allow remote attackers to cause a deadlock in the server process and thus a denial of service.
567fb50afd9751ca422d2bc84d615c534ab4290c75ef5d129abf23ad4e78b5edHP Security Bulletin HPSBGN03325 - A potential security vulnerability has been identified with HP SiteScope. The vulnerability could be exploited remotely to allow elevation of privilege. Revision 1 of this advisory.
f0623c7da0e57d8ed114c317df5465df0cd4cc455a883ecf6e80f8a1c340a140Ubuntu Security Notice 2620-1 - A flaw was discovered in the Linux kernel's IPv4 networking when using TCP fast open to initiate a connection. An unprivileged local user could exploit this flaw to cause a denial of service (system crash).
edd5f480421b210b457c2499a531a190bccab8ba2c8fbe7e2e7ed8ac17fa7415Ubuntu Security Notice 2619-1 - A flaw was discovered in the Linux kernel's IPv4 networking when using TCP fast open to initiate a connection. An unprivileged local user could exploit this flaw to cause a denial of service (system crash).
3ef6936a70c7ad0d26493e6f0c68650c10610d099531f5352d1c0c438fb0cef7Debian Linux Security Advisory 3270-1 - Several vulnerabilities have been found in PostgreSQL-9.4, a SQL database system.
8873a7dbfa5c7d4cef87a54d372d9f9dca054e3d4a6a2892b4b2e81cb7efebdfUbuntu Security Notice 2617-2 - USN-2617-1 fixed a vulnerability in FUSE. This update provides the corresponding fix for the embedded FUSE copy in NTFS-3G. Tavis Ormandy discovered that FUSE incorrectly filtered environment variables. A local attacker could use this issue to gain administrative privileges. Various other issues were also addressed.
999753c1af436edaf4b010cca89b890cd02bd39ab54ca4d50a31b2b1039d399aDebian Linux Security Advisory 3267-1 - Several vulnerabilities were discovered in the chromium web browser.
13fb1c54b3fd812086ec0f10830e7f77c85dfe9d2207d97d1c96fa6ae51587e4Debian Linux Security Advisory 3268-1 - Tavis Ormandy discovered that NTFS-3G, a read-write NTFS driver for FUSE, does not scrub the environment before executing mount or umount with elevated privileges. A local user can take advantage of this flaw to overwrite arbitrary files and gain elevated privileges by accessing debugging features via the environment that would not normally be safe for unprivileged users.
61313a9cfb45bc2e5acc0db1d9cbaf904414c932f54e3c13ce85700ecd2a1772HP Security Bulletin HPSBMU03336 - A potential security vulnerability has identified with HP Helion OpenStack. The vulnerability could be exploited resulting in Denial of Service (DoS) or execution of arbitrary code. Revision 1 of this advisory.
7704cc07176751fa9734b71a387deda7db02facc204f3c1ed040b34d5919fac8Debian Linux Security Advisory 3261-2 - The update for libmodule-signature-perl issued as DSA-3261-1 introduced a regression in the handling of the --skip option of cpansign. Updated packages are now available to address this regression.
9ffc4469303f301df36794486ac0079019697babb1f1ea0fe27496723ad2f9bcUbuntu Security Notice 2610-1 - Several security issues were discovered in the DOM implementation in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to bypass Same Origin Policy restrictions. A use-after-free was discovered in the WebAudio implementation in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer crash, or execute arbitrary code with the privileges of the sandboxed render process. Various other issues were also addressed.
2a50faac12225b647dab0436c87afb4bd9c0fc7f2a04a3d6ef3ceca5b75660f1Ubuntu Security Notice 2618-1 - It was discovered that python-dbusmock incorrectly handled template loading from shared directories. A local attacker could possibly use this issue to execute arbitrary code.
ae358f0ed8c43202affc6d2a54cee752c5e32f2a4e9b99adbe57dd70437963a2Debian Linux Security Advisory 3266-1 - Tavis Ormandy discovered that FUSE, a Filesystem in Userspace, does not scrub the environment before executing mount or umount with elevated privileges. A local user can take advantage of this flaw to overwrite arbitrary files and gain elevated privileges by accessing debugging features via the environment that would not normally be safe for unprivileged users.
c9b513c810f42744dffe969ba1742503b406d74fc6d9acf60cf4363bf131a9d5Ubuntu Security Notice 2609-1 - Sander Bos discovered that Apport incorrectly handled permissions when the system was configured to generate core dumps for setuid binaries. A local attacker could use this issue to gain elevated privileges. Philip Pettersson discovered that Apport contained race conditions resulting core dumps to be generated with incorrect permissions in arbitrary locations. A local attacker could use this issue to gain elevated privileges. Various other issues were also addressed.
1d961a91e6e6862b495af5e72c592de9ee5d3c3dd5177f97473b7c7b4a16db20This bulletin summary lists one released Microsoft security bulletin for May, 2015.
f279f1bf5e619188ff7097c3321c23c74165e1c6950e7d2cd4e1d1dd445f5710KCodes NetUSB suffers from a kernel stack buffer overflow vulnerability.
23355f32384caa77fd5215fcd1180af3983315488b8385634c6831717e64c2fdUbuntu Security Notice 2617-1 - Tavis Ormandy discovered that FUSE incorrectly filtered environment variables. A local attacker could use this issue to gain administrative privileges.
1ee6d90880ff6d88b3c4bf8024e12cd47acb4ecf6dcf294774b26dc242850139SAP ERPScan has patched buffer overflow, XXE injection, and missing authorization vulnerabilities.
de0cd2f323a3c4f9aa15056db27e15071c37dd9bcf40321c654953ba86e94f21Red Hat Security Advisory 2015-1020-01 - IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Further information about these flaws can be found on the IBM Java Security alerts page, listed in the References section. The CVE-2015-0478 issue was discovered by Florian Weimer of Red Hat Product Security.
b7d2def09d6a78b4b5773552927e06c22239193f9ed1990fc14f946a4e0ffbebRed Hat Security Advisory 2015-1021-01 - IBM J2SE version 5.0 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Further information about these flaws can be found on the IBM Java Security alerts page, listed in the References section. The CVE-2015-0478 issue was discovered by Florian Weimer of Red Hat Product Security.
10ca220cdd88181ecb769acfd07f597ebc5e8fec1ad61aa1d821d8957b3807aaHP Security Bulletin HPSBUX03333 SSRT102029 1 - Potential security vulnerabilities have been identified with HP-UX running NTP. These could be exploited remotely to create a Denial of Service (DoS), or other vulnerabilities. Revision 1 of this advisory.
d5271c40b418bea801c994c27d89bc2fae9ac0aa743450c1e0ec36ed88a20b50HP Security Bulletin HPSBUX03334 SSRT102000 1 - Potential security vulnerabilities have been identified with HP-UX running OpenSSL. These vulnerabilities could be exploited remotely to create a remote Denial of Service (DoS) and other vulnerabilities. Revision 1 of this advisory.
eb46fc96819b54c25b2a92e13c8d15dbf525d9e7dd4c0a8ec10967d4cdf2a74aDebian Linux Security Advisory 3265-1 - Multiple vulnerabilities were discovered in Zend Framework, a PHP framework. Except for CVE-2015-3154, all these issues were already fixed in the version initially shipped with Jessie.
cbf8949170958062f759dd3c0cd87f491f53a82a613a92ce18da29ba930ac6feDebian Linux Security Advisory 3263-1 - Vadim Melihow discovered that in proftpd-dfsg, an FTP server, the mod_copy module allowed unauthenticated users to copy files around on the server, and possibly to execute arbitrary code.
ac6dcf2b8a50d76523a286978d647d532f4c498be4105ebfdf07388d03782759Debian Linux Security Advisory 3264-1 - Multiple security issues have been found in Icedove, Debian's version of buffer overflows and use-after-frees may lead to the execution of arbitrary code, privilege escalation or denial of service.
1a6f9841957ac17613535fd8516b7c9643eed0d4da7d865d3eadb70a9e675a3d
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed