X.Org Security Advisory - libXfont suffers from a stack buffer overflow vulnerability. A BDF font file containing a longer than expected string could overflow the buffer on the stack. As libXfont is used to read user-specified font files in all X servers distributed by X.Org, including the Xorg server which is often run with root privileges or as setuid-root in order to access hardware, this bug may lead to an unprivileged user acquiring root privileges in some systems.
3bcdecafb3cc1fed2eb1c242b49f5841f609eb24401a54301f9f67a604973ec1
Drupal Media third party module version 7.x suffers from an access bypass vulnerability.
788620c3b1096f9a618f78e9cf1d11b2d3bbac90e91288beb38628472691bed3
Drupal Entity API third party module version 7.x suffers from an access bypass vulnerability.
cb5f1d910f4c06f043f0923aadddd9e47be2671a79f4096660b730ebdba5e10e
Red Hat Security Advisory 2014-0014-01 - In accordance with the Red Hat Enterprise Linux Errata Support Policy, Extended Update Support for Red Hat Enterprise Linux 6.2 is retired as of January 7, 2014, and support is no longer provided. Accordingly, Red Hat will no longer provide updated packages, including critical impact security patches or urgent priority bug fixes, for Red Hat Enterprise Linux 6.2 EUS after that date. In addition, technical support through Red Hat's Global Support Services will no longer be provided after January 7, 2014. Note: This notification applies only to those customers subscribed to the Extended Update Support channel for Red Hat Enterprise Linux 6.2.
09eda764b001c2e5f965444245a89ec3e01a10794b377f1fd81d9162dae15632
Red Hat Security Advisory 2014-0015-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A flaw was found in the way OpenSSL determined which hashing algorithm to use when TLS protocol version 1.2 was enabled. This could possibly cause OpenSSL to use an incorrect hashing algorithm, leading to a crash of an application using the library. It was discovered that the Datagram Transport Layer Security protocol implementation in OpenSSL did not properly maintain encryption and digest contexts during renegotiation. A lost or discarded renegotiation handshake packet could cause a DTLS client or server using OpenSSL to crash.
e810c2f62369368cb293ec77fdf44a3403252f30e6633f76d3085aec1b4a7d94
Red Hat Security Advisory 2014-0016-01 - The GNU Privacy Guard is a tool for encrypting data and creating digital signatures, compliant with the proposed OpenPGP Internet standard and the S/MIME standard. It was found that GnuPG was vulnerable to side-channel attacks via acoustic cryptanalysis. An attacker in close range to a target system that is decrypting ciphertexts could possibly use this flaw to recover the RSA secret key from that system.
92f13729f4b54c534a54e150e068451da996807420be54bf53c58911ac9a5647