Slackware Security Advisory - New curl packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues.
6f8f1ea7ca7722d48810e15411398875a23f2427d517d29aaf9be8d59d9f7ffbSlackware Security Advisory - New ntp packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues.
9e1563e5450015846758e7398735030c758bd3179e6f25263eca88eb9ad6257bDebian Linux Security Advisory 3384-1 - Two vulnerabilities have been discovered in VirtualBox, an x86 virtualisation solution.
2ba577efa7645c3fbb63c3ae8f39544eb64cf665f1a19b8df7a9e00878b1fe27Debian Linux Security Advisory 3383-1 - Several vulnerabilities were discovered in Wordpress, a web blogging tool.
5c112093bf6218a0c2e15cc40a7bd9714b502a4ca135cafa9a4c8cf9452b519eDebian Linux Security Advisory 3332-2 - The patch applied for CVE-2015-5622 in DSA-3332-1 contained a faulty hunk. This update corrects that problem.
7ed79434482d9a30adcebdf34b45d74b939f9e8bd496ef33161939bdc9c7bb03Slackware Security Advisory - New jasper packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues.
3c4a3a5cf1e480feed4b9092b1aa939f9e0eaf1cd0b6da12b95876f269e7e405The yaml_* parsing functions suffers from an exploitable double free caused by the error path for the php_var_unserialize() call on line 797 of pecl/file_formats/yaml.git/parse.c.
222691a6762e7a56ff629bdd866e2f3741c307b8856b25b0efcef4850bb9383fThe PHP unserialize() function is considered unsafe due to its behavior regarding class instantiation; in cases where serialized data is attacker controlled, it can be tampered with, allowing for the instantiation of arbitrary PHP classes and thus code execution via destructor.
25ba50f88dac6d73405bd6b613b421c3efdf062bb33df0303b3857f5a2f462f0This bulletin summary lists two bulletins that have undergone a major revision increment for October, 2015.
dfc6d50a5439219f0823d7272a2dbf8ec52bc5fafadfa2b49a9b018b28c91002Red Hat Security Advisory 2015-1955-01 - In accordance with the Red Hat Enterprise Linux Errata Support Policy, Extended Update Support for Red Hat Enterprise Linux 6.5 will be retired as of November 30, 2015, and support will no longer be provided. Accordingly, Red Hat will no longer provide updated packages, including Critical impact security patches or urgent priority bug fixes, for Red Hat Enterprise Linux 6.5 EUS after November 30, 2015.
8c856795a9fce1c3f213548d0b1010a365f10422954849fe64eeb01346c587daRed Hat Security Advisory 2015-1956-01 - In accordance with the Red Hat Storage Support Life Cycle policy, the Red Hat Storage 2.1 offering will be retired as of October 31, 2015, and support will no longer be provided. Accordingly, Red Hat will not provide Critical impact security patches or urgent priority bug fixes, after this date.
5a3aea5683b1410bf7fb04eacf5b411ad506169e7c8712846e042615e9be734bUbuntu Security Notice 2788-1 - Gustavo Grieco discovered that unzip incorrectly handled certain password protected archives. If a user or automated system were tricked into processing a specially crafted zip archive, an attacker could possibly execute arbitrary code. Gustavo Grieco discovered that unzip incorrectly handled certain malformed archives. If a user or automated system were tricked into processing a specially crafted zip archive, an attacker could possibly cause unzip to hang, resulting in a denial of service. Various other issues were also addressed.
de45b1383c5e5a7528aa33c19008c2e1509e1607e528e06b77d3ad12186a6ab1Privilege escalation can be achieved via a symlink attack on POSIX shared memory with insecure permission in AMD fglrx-driver version 14.4.2.
4e6dcfe5ce3f850f7a06aad8a578e3e8da7469c5142c18444505b01a35ff813cPrivilege escalation can be achieved via a symlink attack on POSIX shared memory with insecure permission in AMD fglrx-driver version 15.7.
16d49a42c76981e04c0c6c2f6da6ae7568dd75790a6bcb587a7e5d388da2e479Oracle E-Business Suite version 12.1.3 suffers from an XXE injection vulnerability in the /OA_HTML/oramipp_lpr servlet.
de8ff071f7c958b91bd1cfd996007fd7b0ecb3dec217f9ae5e66e3d96ad27826Oracle E-Business Suite version 12.1.3 suffers from an XXE injection vulnerability in the /OA_HTML/IspPunchInServlet servlet.
6fb7e76643fd36ba0f6358346bf6ca64dbdedb6d5bcb98f6fd505aead1f86292Oracle E-Business Suite version 12.1.3 suffers from an XXE injection vulnerability in the /OA_HTML/copxml servlet.
64f773023ff0e889e6870ab0b5f1dc0367b44615f3ae94952e1f839c93009706Debian Linux Security Advisory 3382-1 - Several issues have been fixed in phpMyAdmin, the web administration tool for MySQL.
a93f6314c208ca69323c9cf6014b4a03fe8867726f8c572dd496581e32bcf7e7Ubuntu Security Notice 2787-1 - Fabrizio Gennari discovered that audiofile incorrectly handled changing both the sample format and the number of channels. If a user or automated system were tricked into processing a specially crafted file, audiofile could be made to crash, leading to a denial of service, or possibly execute arbitrary code.
76ca345d81163d656979d7736b524cd596a7ffa4f485eeeeb2abd67abab765ccRed Hat Security Advisory 2015-1947-01 - Red Hat JBoss Operations Network is a Middleware management solution that provides a single point of control to deploy, manage, and monitor JBoss Enterprise Middleware, applications, and services. This JBoss Operations Network 3.3.4 release serves as a replacement for JBoss Operations Network 3.3.3, and includes several bug fixes.
7985f8504d33b5359d0cb1b9da5f140779f3d93b6e6829d74931ef9435d3af97Ubuntu Security Notice 2786-1 - It was discovered that the PHP phar extension incorrectly handled certain files. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service.
0de206bddf6f35ef3942536eb6df967551a94280864aed5e1211e819163b1d07Ubuntu Security Notice 2784-1 - Multiple vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity and availability. An attacker could exploit these to cause a denial of service or expose sensitive data over the network. A vulnerability was discovered in the OpenJDK JRE related to information disclosure and data integrity. An attacker could exploit this to expose sensitive data over the network. Various other issues were also addressed.
361521e12f4d7dea04ff6a4125094f31c67ae544ce4049867b34c71e1fdf5cbeDebian Linux Security Advisory 3381-1 - Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in the execution of arbitrary code, breakouts of the Java sandbox, information disclosure, or denial of service.
ae67427fbd3a22aba6a14d7520425068fe4eb2167df41840936e47c3f096d239Debian Linux Security Advisory 3380-1 - Two vulnerabilities were found in PHP, a general-purpose scripting language commonly used for web application development.
73cc38128f5ff928532c8919b7f83e0b4029dbbcbad507a06238d5213b1a3b4dThe Exynos Seiren Audio driver has a device endpoint (/dev/seiren) that is accessible by either the system user or the audio group (such as the mediaserver). It was found that the write() implementation for this driver contains a buffer overflow vulnerability that overflows a static global buffer.
faf34e337128765e7e7cd244e5054952422e46472fdd20baad4de151245624d7
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed