Debian Linux Security Advisory 2581-1 - Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to a new upstream version, 5.1.66, which includes additional changes, such as performance improvements and corrections for data loss defects.
2748ff0438a47e32d4a6b316d340dc682a7a93eb1de4bc28cc97456932e6000fUbuntu Security Notice 1653-1 - Rodrigo Freire discovered a flaw in the Linux kernel's TCP illinois congestion control algorithm. A local attacker could use this to cause a denial of service.
25dbc32f4481135cb784c26cf3323fd9be5f2611d4444404eaf7b8702ea2e461Red Hat Security Advisory 2012-1541-01 - These packages contain the Linux kernel. A malicious NFSv4 server could return a crafted reply to a GETACL request, causing a denial of service on the client. A flaw in the dl2k driver could allow a local, unprivileged user to issue potentially harmful IOCTLs, possibly causing Ethernet adapters using the driver to malfunction.
be0924f7d8cbe1f7cf8954b30f8836cc0f44bc53af0db061f11bc5a34bbe9465Red Hat Security Advisory 2012-1542-01 - Red Hat CloudForms is an on-premise hybrid cloud Infrastructure-as-a-Service product that lets you create and manage private and public clouds. Multiple input validation vulnerabilities were discovered in rubygem-activerecored. A remote attacker could possibly use these flaws to perform an SQL injection attack against an application using rubygem-activerecord. Multiple cross-site scripting flaws were found in rubygem-actionpack. A remote attacker could use these flaws to conduct XSS attacks against users of an application using rubygem-actionpack.
f96ce0acf37d0bdcad39fc2ad186927a862b5bffbd7f653a2b6e60984426c0c4Red Hat Security Advisory 2012-1540-01 - These packages contain the Linux kernel. A race condition in the way asynchronous I/O and fallocate() interacted when using ext4 could allow a local, unprivileged user to obtain random data from a deleted file. A flaw in the way the Xen hypervisor implementation range checked guest provided addresses in the XENMEM_exchange hypercall could allow a malicious, para-virtualized guest administrator to crash the hypervisor or, potentially, escalate their privileges, allowing them to execute arbitrary code at the hypervisor level.
906829b1fdfb32f66974a1ab2f6683d5132fe8b3ba63296b4d8f44c8427f38d5Red Hat Security Advisory 2012-1543-01 - Red Hat CloudForms is an on-premise hybrid cloud Infrastructure-as-a-Service product that lets you create and manage private and public clouds. This update fixes bugs in and adds enhancements to the System Engine packages, and upgrades the system to CloudForms 1.1. This update also fixes the following security issues: It was discovered that Katello did not properly check user permissions when handling certain requests. An authenticated remote attacker could use this flaw to download consumer certificates or change settings of other users' systems if they knew the target system's UUID.
22f3f332ed35da1015db8d34aa29e8ec55196a746922e31cf4c92143aa01b2c5Red Hat Security Advisory 2012-1539-01 - This package provides jabberd 2, an Extensible Messaging and Presence Protocol server used for XML based communication. It was discovered that the XMPP Dialback protocol implementation in jabberd 2 did not properly validate Verify Response and Authorization Response messages. A remote attacker able to connect to the jabberd's server-to-server communication port could possibly use this flaw to spoof source domains of the XMPP messages. Users of Red Hat Network Proxy 5.5 are advised to upgrade to this updated jabberd package, which resolves this issue. For this update to take effect, Red Hat Network Proxy must be restarted.
e907f8d70934f8b7ddcdae8908ef3296b5df2bfaec46c912fa4d4da07ce23413Red Hat Security Advisory 2012-1537-01 - JasperReports Server is a reporting server. A flaw was found in the way the Apache Xerces2 Java Parser processed the SYSTEM identifier in DTDs. A remote attacker could provide a specially-crafted XML file, which once parsed by an application using the Apache Xerces2 Java Parser, would lead to a denial of service. This update also fixes the following bugs: Adding a user to any ROLE caused an unexpected exception.
cda5cf73ac28123921171e07794e18b614763addcc34da268f4c05547a3e7c1fRed Hat Security Advisory 2012-1506-01 - Red Hat Enterprise Virtualization Manager is a visual tool for centrally managing collections of virtual servers running Red Hat Enterprise Linux and Microsoft Windows. This package also includes the Red Hat Enterprise Virtualization Manager API, a set of scriptable commands that give administrators the ability to perform queries and operations on Red Hat Enterprise Virtualization Manager. A flaw was found in the way Red Hat Enterprise Linux hosts were added to the Red Hat Enterprise Virtualization environment. The Python scripts needed to configure the host for Red Hat Enterprise Virtualization were stored in the "/tmp/" directory and could be pre-created by an attacker. A local, unprivileged user on the host to be added to the Red Hat Enterprise Virtualization environment could use this flaw to escalate their privileges. This update provides the Red Hat Enterprise Virtualization Manager part of the fix. The RHSA-2012:1508 VDSM update must also be installed to completely fix this issue.
827981ca03784d929de9ef99db03f9cf2d158d195c8885fbc46b4047733ab92cRed Hat Security Advisory 2012-1538-01 - This package provides jabberd 2, an Extensible Messaging and Presence Protocol server used for XML based communication. It was discovered that the XMPP Dialback protocol implementation in jabberd 2 did not properly validate Verify Response and Authorization Response messages. A remote attacker able to connect to the jabberd's server-to-server communication port could possibly use this flaw to spoof source domains of the XMPP messages. Users of Red Hat Network Satellite 5.5 are advised to upgrade to this updated jabberd package, which resolves this issue. For this update to take effect, Red Hat Network Satellite must be restarted.
573e9e8ca5dedf78211e67deacd545deab8f1e99e4fb9bad0557b6012b5aebb0Red Hat Security Advisory 2012-1508-01 - VDSM is a management module that serves as a Red Hat Enterprise Virtualization Manager agent on Red Hat Enterprise Virtualization Hypervisor or Red Hat Enterprise Linux 6.3 hosts. A flaw was found in the way Red Hat Enterprise Linux hosts were added to the Red Hat Enterprise Virtualization environment. The Python scripts needed to configure the host for Red Hat Enterprise Virtualization were stored in the "/tmp/" directory and could be pre-created by an attacker. A local, unprivileged user on the host to be added to the Red Hat Enterprise Virtualization environment could use this flaw to escalate their privileges. This update provides the VDSM part of the fix. The RHSA-2012:1506 Red Hat Enterprise Virtualization Manager update must also be installed to completely fix this issue.
f23aec50bf85d8befcc402c011734c5241da0c3905b76229c047ebe869e86e5bRed Hat Security Advisory 2012-1505-01 - The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine hypervisor. It includes everything necessary to run and manage virtual machines: A subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions. A flaw was found in the way Red Hat Enterprise Virtualization Hypervisor hosts were added to the Red Hat Enterprise Virtualization environment. The Python scripts needed to configure the host for Red Hat Enterprise Virtualization were downloaded in an insecure way, that is, without properly validating SSL certificates during HTTPS connections. An attacker on the local network could use this flaw to conduct a man-in-the-middle attack, potentially gaining root access to the host being added to the Red Hat Enterprise Virtualization environment. This update provides the VDSM part of the fix. The RHSA-2012:1506 Red Hat Enterprise Virtualization Manager update must also be installed to completely fix this issue.
84796c777bb708049ce36a161e0ba33def3d4ed37f76e6574ef10904edf67aa8Red Hat Security Advisory 2012-1491-01 - The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way Netlink messages without SCM_CREDENTIALS data set were handled. When not explicitly set, the data was sent but with all values set to 0, including the process ID and user ID, causing the Netlink message to appear as if it were sent with root privileges. A local, unprivileged user could use this flaw to send spoofed Netlink messages to an application, possibly resulting in the application performing privileged operations if it relied on SCM_CREDENTIALS data for the authentication of Netlink messages.
9fc196ee7e1a6d99be88df166bba11b7dfc2a6af8804a850b507161ce71b9c93ManageEngine MSPCentral version 9 suffers from cross site request forgery, insecure session cookies, and cross site scripting vulnerabilities.
b983739d5c9e6e3348d2323d71a796d500798b6a460b49fa2b179cee9582484fTwitter is apparently vulnerable to an SMS spoofing vulnerability?
f68d4c349c7a270efa26fb68eb4ecbfe690dac850bc158eac09c4abf1aada8e9Panda Internet Security versions 2012 and 2013 suffer from a binary planting privilege escalation vulnerability.
bb5e0bc6193168eed57fb6bbfba969ff0bf9390984a659efaec285d1a2979727Wirtualna Polska S.A. (WP) suffers from cross site request forgery and cross site scripting vulnerabilities.
48204cff42f9e6114adbec6fc76d881ec3f74ff71b09eebcc19e175aaf50773fSecunia Security Advisory - Kingcope has reported a vulnerability in SSH Tectia Server, which can be exploited by malicious people to bypass certain security restrictions.
60635631055ae2dafa997fbc0eb1ab54915b8238d93fc01eb0d738e7408b48b9Secunia Security Advisory - Multiple vulnerabilities have been reported in Xen, which can be exploited by malicious, local users in a guest virtual machine to cause a DoS (Denial of Service) and potentially gain escalated privileges.
1974e25bc570504c384e578590a3f8b6428e458133cf83d3128607ea6676843dSecunia Security Advisory - Two vulnerabilities have been reported in RSA NetWitness Informer, which can be exploited by malicious people to conduct click-jacking and cross-site request forgery attacks.
878bdd7e8065c75a3e41d7635b804dd4f5e860f0fd14f3ea6c6506e45d85ff71Secunia Security Advisory - Debian has issued an update for mysql-5.1. This fixes multiple vulnerabilities, which can be exploited by malicious, local users to disclose potentially sensitive information, by malicious users to cause a DoS (Denial of Service) and potentially execute arbitrary code, and by malicious people to potentially compromise a vulnerable system.
5911ff79791ccbb8767593ad9ed93d096168dcded2b2f56fd47ba787dc462dcbSecunia Security Advisory - Zhao Liang has discovered a vulnerability in SmarterMail, which can be exploited by malicious users to conduct script insertion attacks.
27eee729b112897540ac8c42ad2fe2ab49b45bda7ed9092a058fcf0ab955493aSecunia Security Advisory - A weakness has been reported in The Sleuth Kit, which can be exploited by malicious people to hide certain data.
5316868bdb882e064ebc74fc3f8f9db1ce3f503aedc57f048dbceae5900c9d76Secunia Security Advisory - A vulnerability has been discovered in Newscoop, which can be exploited by malicious people to conduct SQL injection attacks.
2c4019000ff52a63f42e87c599ae4f4d56d88179b8884d446b2b40765374a461Secunia Security Advisory - Matthew Joyce has discovered multiple vulnerabilities in ConcourseConnect, which can be exploited by malicious people to conduct script insertion and cross-site request forgery attacks.
a3812bbf3a4ed50502753925782835a7c267f64d518b1970a3d149b1804ee056
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Subscribe to an RSS Feed