Ubuntu Security Notice 2712-1 - Gary Kwong, Christian Holler, and Byron Campen discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. Ronald Crane reported 3 security issues. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit these, in combination with another security vulnerability, to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. Various other issues were also addressed.
674b2e26a251f35dbda3345884ca92e8bd282ae9ac9699767bce9224e7a9d691
Red Hat Security Advisory 2015-1682-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. Note: All of the above issues cannot be exploited by a specially crafted HTML mail message because JavaScript is disabled by default for mail messages. However, they could be exploited in other ways in Thunderbird .
4c069329c01d5dd2b23d438ea15fb2cf2ddb55af9e97c1998eb05ee9cd900538
Red Hat Security Advisory 2015-1685-01 - Python-keystoneclient is a client library and a command-line utility for interacting with the OpenStack Identity API. It was discovered that some items in the S3Token configuration as used by python-keystoneclient were incorrectly evaluated as strings, an issue similar to CVE-2014-7144. If the "insecure" option was set to "false", the option would be evaluated as true, resulting in TLS connections being vulnerable to man-in-the-middle attacks. Note: The "insecure" option defaults to false, so setups that do not specifically define "insecure=false" are not affected.
f7c56d4b381ea910926af2ea30028853daff29cd7f8167099a0f0009a6fa3119
Red Hat Security Advisory 2015-1683-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM. An information leak flaw was found in the way QEMU's RTL8139 emulation implementation processed network packets under RTL8139 controller's C+ mode of operation. An unprivileged guest user could use this flaw to read up to 65 KB of uninitialized QEMU heap memory.
05e8000a6206bbfbe20a766ed07087904157b0283a55bcc3b13dd5695debb6d1
Red Hat Security Advisory 2015-1684-01 - OpenStack Object Storage provides object storage in virtual containers, which allows users to store and retrieve files. The service's distributed architecture supports horizontal scaling; redundancy as failure-proofing is provided through software-based data replication. Because Object Storage supports asynchronous eventual consistency replication, it is well suited to multiple data-center deployment. A flaw was found in OpenStack Object Storage that could allow an authenticated user to delete the most recent version of a versioned object regardless of ownership. To exploit this flaw, an attacker must know the name of the object and have listing access to the x-versions-location container.
ee39183a3ea994aeff17098083ebe2a8492a6ee3bf022511868c02167de39768
HP Security Bulletin HPSBMU03397 1 - Potential security vulnerabilities have been identified with HP Version Control Agent (VCA) on Windows and Linux. The vulnerabilities could be exploited remotely resulting in Denial of Service (DoS), unauthorized modification, unauthorized access, or disclosure of information. Revision 1 of this advisory.
4b42962930ba66e223d79373611361d9e3b5d02e2010fe34205524553f22c3d5
HP Security Bulletin HPSBMU03413 1 - Potential security vulnerabilities have been identified with HP Virtual Connect Enterprise Manager SDK. The vulnerabilities could be exploited remotely resulting in Denial of Service (DoS), unauthorized modification, unauthorized access, or disclosure of information. Revision 1 of this advisory.
6b5a85f0a3835e211788a83e13c0d0712017e6346f21143164be00789078748c
HP Security Bulletin HPSBMU03396 1 - Potential security vulnerabilities have been identified with HP Version Control Repository Manager (VCRM) on Windows and Linux. The vulnerabilities could be exploited remotely resulting in Denial of Service (DoS), execution of arbitrary code, unauthorized modification, unauthorized access, disclosure of information, cross-site request forgery (CSRF), or elevation of privilege. Revision 1 of this advisory.
619deaf4049b64ca228d248eccdea1ecdfa933166df8d4b18aafd081c1b4ca8f
Red Hat Security Advisory 2015-1686-01 - Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY principle. A flaw was found in the Django session backend, which could allow an unauthenticated attacker to create session records in the configured session store, causing a denial of service by filling up the session store.
acf60870374e52838ceb79bf380b03c1f8262786630a6240d6a305c27b59d945
Microsoft Office 2007 suffers from a RTF XML SmartTags use-after-free vulnerability.
9112fd06f8a9594124ac555685a4c390b42d8b36cbf029a9deca63894f80b49e
Dell SonicWall NetExtender version 7.5.215 suffers from a privilege escalation vulnerability.
f0b514cab106db17e65e6afa1d98fdd80dad6bd4d518110c106cfcff55f1bcd3
UNIT4TETA TETA WEB version 22.62.3.4 suffers from a session fixation vulnerability.
7ea165d8dbfe2db8ab49a36cb0239ff0625d1fa350d20ed811a0272d3c0ea128
Red Hat Security Advisory 2015-1681-01 - OpenStack Object Storage provides object storage in virtual containers, which allows users to store and retrieve files. The service's distributed architecture supports horizontal scaling; redundancy as failure-proofing is provided through software-based data replication. Because Object Storage supports asynchronous eventual consistency replication, it is well suited to multiple data-center deployment. A flaw was found in openstack-swift where an authenticated user may delete the most recent version of a versioned object regardless of ownership. To exploit this flaw an attacker most know the name of the object and have listing access to the x-versions-location container.
b4620e51dac253858c6c6dd8a14325faa2787471f9702c33b9acaf4a45839e74
HP Security Bulletin HPSBGN03395 1 - A potential security vulnerability has been identified with HP KeyView running on HP-UX, Linux, Solaris, Windows, FreeBSD, and AIX. The vulnerability could be exploited remotely to allow execution of code. Revision 1 of this advisory.
d4943331c6e9bd04dfbd5d772d43f3cfb604cd0b207c5e286fdb599dbf4649c0
Slackware Security Advisory - New gnutls packages are available for Slackware 14.0, 14.1, and -current to fix security issues. IMPORTANT: On Slackware 14.0, install the new updated nettle package first.
4dae198e1d37c02254ad3217d06551652e88d99bc14c29e717e8d4d153644a2a
HP Security Bulletin HPSBGN03395 1 - A potential security vulnerability has been identified with HP KeyView running on HP-UX, Linux, Solaris, Windows, FreeBSD, and AIX. The vulnerability could be exploited remotely to allow execution of code. Revision 1 of this advisory.
d4943331c6e9bd04dfbd5d772d43f3cfb604cd0b207c5e286fdb599dbf4649c0
Red Hat Security Advisory 2015-1680-01 - OpenStack Networking is a pluggable, scalable, and API-driven system that provisions networking services to virtual machines. Its main function is to manage connectivity to and from virtual machines. A Denial of Service flaw was found in the L2 agent when using the IPTables firewall driver. By submitting an address pair that will be rejected as invalid by the ipset tool, an attacker may cause the agent to crash.
1c900b64c1c046c15100d973b3f2c7c656a176c607769bcf507d218f35dac18e
Red Hat Security Advisory 2015-1678-01 - Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY principle. A flaw was found in the Django session backends whereby an unauthenticated attacker could cause session records to be created in the configured session store, leading to a Denial of Service.
da0bd1ff67bde2125708c6affce9b0c3dddf75822665f35c77de69c65d52fb71
Red Hat Security Advisory 2015-1679-01 - OpenStack Dashboard provides administrators and users with a graphical interface to access, provision, and automate cloud-based resources. Two security issues were discovered in the Horizon dashboard and are addressed in this update: A cross-site scripting flaw was found in the Horizon Orchestration dashboard. An attacker able to trick a Horizon user into using a malicious template during the stack creation could use this flaw to perform an XSS attack on that user.
049a53c2f8b49daf6583db34ebce131b70093bb11ff93f3c7cb8322e2b815093
Red Hat Security Advisory 2015-1676-01 - Redis is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. A flaw was discovered in redis that could allow an authenticated user, who was able to use the EVAL command to run Lua code, to break out of the Lua sandbox and execute arbitrary code on the system. All users of redis are advised to upgrade to these updated packages, which correct this issue.
7542ff0f7f8591ac2b7496069338aeb5f02634351c90ab819dece762771db9f3
Red Hat Security Advisory 2015-1674-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM. Qemu emulator built with the RTL8139 emulation support is vulnerable to an information leakage flaw, while processing network packets under RTL8139 controller's C+ mode of operation. A guest user could use this flaw to read upto 65KB of uninitialised Qemu heap memory.
655ce68a55cb52082be13dff04d401b89873b55d5d3ba57ecfc23516472286eb
Red Hat Security Advisory 2015-1677-01 - Python-keystonemiddleware is a client library and a command line utility for interacting with the OpenStack Identity API. Red Hat Enterprise OpenStack Platform 6.0 contains and uses both the python-keystonemiddleware and python-keystoneclient versions of this package. It was discovered that some items in the the S3Token configuration as used by python-keystonemiddleware and python-keystoneclient were incorrectly evaluated as strings, an issue similar to CVE-2014-7144. This would result in a setting for 'insecure=false' to evaluate as true and leave TLS connections open to MITM.
a1617b37a82aaba4dffd76c93a797fec5f99a0e2790e814aeaca542becd1f2b4
Red Hat Security Advisory 2015-1675-01 - Libunwind provides a C ABI to determine the call-chain of a program. An off by one array indexing error was found in libunwind. It is unlikely that any exploitable attack vector exists in current builds or supported usage. This issue was discovered by Paolo Bonzini of Red Hat. All users of libunwind are advised to upgrade to these updated packages, which correct this issue.
5dbbc250256bba423718ba8da49fa8ff4d3663ff32e09800903aec59408ece1b
Red Hat Security Advisory 2015-1669-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. This release serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.2 and includes bug fixes and enhancements.
ac6ff0c26dd0931f2a4b7dfc9c63aafe984926db6d86c345b37bec42e474e86e
Red Hat Security Advisory 2015-1671-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. This release serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.2 and includes bug fixes and enhancements. Documentation for these changes is available from the Red Hat JBoss Enterprise Application Platform 6.4.3 Release Notes, linked to in the References. It was discovered that under specific conditions that PicketLink IDP ignores role based authorization. This could lead to an authenticated user being able to access application resources that are not permitted for a given role.
41db18bc723de61d5540e8ea0a2e0522fa12f7fbdb8f4a0f896ef9d5138a2012