Ubuntu Security Notice 2505-2 - USN-2505-1 fixed vulnerabilities in Firefox. This update removed the deprecated "-remote" command-line switch that some older software still depends on. This update fixes the problem. Matthew Noorenberghe discovered that whitelisted Mozilla domains could make UITour API calls from background tabs. If one of these domains were compromised and open in a background tab, an attacker could potentially exploit this to conduct clickjacking attacks. Jan de Mooij discovered an issue that affects content using the Caja Compiler. If web content loads specially crafted code, this could be used to bypass sandboxing security measures provided by Caja. Armin Razmdjou discovered that opening hyperlinks with specific mouse and key combinations could allow a Chrome privileged URL to be opened without context restrictions being preserved. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass security restrictions. Various other issues were also addressed.
2b5fbf69a3d49b8f50e0fe82874162c2Red Hat Security Advisory 2015-0662-01 - Red Hat Enterprise MRG is a next-generation IT infrastructure for enterprise computing. MRG offers increased performance, reliability, interoperability, and faster computing for enterprise customers. The Qpid packages provide a message broker daemon that receives, stores and routes messages using the open AMQP messaging protocol along with run-time libraries for AMQP client applications developed using Qpid C++. Clients exchange messages with an AMQP message broker using the AMQP protocol. It was discovered that the Qpid daemon did not restrict access to anonymous users when the ANONYMOUS mechanism was disallowed.
b2da050a290e0a944ef54f60edf1dfbfRed Hat Security Advisory 2015-0660-01 - Red Hat Enterprise MRG is a next-generation IT infrastructure for enterprise computing. MRG offers increased performance, reliability, interoperability, and faster computing for enterprise customers. The Qpid packages provide a message broker daemon that receives, stores and routes messages using the open AMQP messaging protocol along with run-time libraries for AMQP client applications developed using Qpid C++. Clients exchange messages with an AMQP message broker using the AMQP protocol. It was discovered that the Qpid daemon did not restrict access to anonymous users when the ANONYMOUS mechanism was disallowed.
eecea3eb6c8fd693fd5972480ebd50a8Red Hat Security Advisory 2015-0661-01 - Red Hat Enterprise MRG is a next-generation IT infrastructure for enterprise computing. MRG offers increased performance, reliability, interoperability, and faster computing for enterprise customers. The Qpid packages provide a message broker daemon that receives, stores and routes messages using the open AMQP messaging protocol along with run-time libraries for AMQP client applications developed using Qpid C++. Clients exchange messages with an AMQP message broker using the AMQP protocol. It was discovered that the Qpid daemon did not restrict access to anonymous users when the ANONYMOUS mechanism was disallowed.
1fde4fc3dfa9463afaa561bf7637f567Mandriva Linux Security Advisory 2015-056 - It was found that RPM wrote file contents to the target installation directory under a temporary name, and verified its cryptographic signature only after the temporary file has been written completely. Under certain conditions, the system interprets the unverified temporary file contents and extracts commands from it. This could allow an attacker to modify signed RPM files in such a way that they would execute code chosen by the attacker during package installation. It was found that RPM could encounter an integer overflow, leading to a stack-based buffer overflow, while parsing a crafted CPIO header in the payload section of an RPM file. This could allow an attacker to modify signed RPM files in such a way that they would execute code chosen by the attacker during package installation.
9b74f3ef8bf2b7546483f824a18b9262HP Security Bulletin HPSBGN03277 1 - Potential security vulnerabilities have been identified with the NTP service that is present on HP Virtualization Performance Viewer (vPV). These could be exploited remotely to execute code, create a Denial of Service (DoS), and other vulnerabilities. Revision 1 of this advisory.
7bfec74b7eb740ce72064a922627025bHP Security Bulletin HPSBUX03235 SSRT101750 3 - A potential security vulnerability has been identified with HP-UX running BIND. This vulnerability could be exploited remotely to create a Denial of Service (DoS). Revision 3 of this advisory.
703febf71aa71dd5696c81603c15a90aHP Security Bulletin HPSBPI03107 2 - A potential security vulnerability has been identified with certain HP LaserJet Printers, MFPs and certain HP OfficeJet Enterprise Printers using OpenSSL. The vulnerability could be exploited remotely to allow remote unauthorized access. Note: This OpenSSL vulnerability was detected in specific OpenSSL versions. OpenSSL is a 3rd party product that is embedded with some HP printer products. This bulletin notifies HP Printer customers about impacted products. Revision 2 of this advisory.
a26fa68ef801b0d0766ccd5fefe1e021HP Security Bulletin HPSBHF03279 1 - Potential security vulnerabilities have been identified with certain HP Point of Sale PCs Running Windows with OLE Point of Sale (OPOS) Drivers. These vulnerabilities could be remotely exploited resulting in execution of code. Revision 1 of this advisory.
c2e15219944d1ae20d2e57307461675cSlackware Security Advisory - New samba packages are available for Slackware 14.1 and -current to fix security issues.
33cda39142a4674adfba7cb7fd2c1b27Debian Linux Security Advisory 3180-1 - Alexander Cherepanov discovered that bsdcpio, an implementation of the 'cpio' program part of the libarchive project, is susceptible to a directory traversal vulnerability via absolute paths.
2549b30240537064da6a9c22219c5d06Gentoo Linux Security Advisory 201503-5 - Multiple vulnerabilities have been found in FreeType, possibly resulting in Denial of Service. Versions less than 2.5.5 are affected.
642c76b9fc1398a01b35e7b0c4b277f6Gentoo Linux Security Advisory 201503-4 - Multiple vulnerabilities have been found in GNU C Library, the worst of which allowing a local attacker to execute arbitrary code or cause a Denial of Service. Versions less than 2.19-r1 are affected.
f85fc2ac92288c38034eb6f805166308Gentoo Linux Security Advisory 201503-3 - Multiple vulnerabilities have been discovered in PHP, the worst of which could lead to remote execution of arbitrary code. Versions less than 5.5.21 are affected.
55ff9905198d6314743a5399a390af53Gentoo Linux Security Advisory 201503-2 - A vulnerability has been found in D-Bus, possibly resulting in local Denial of Service. Versions less than 1.8.16 are affected.
f03110e534cf4ea3815071df157b019dThis is a proof-of-concept exploit that is able to gain kernel privileges on machines that are susceptible to the DRAM "rowhammer" problem. It runs as an unprivileged userland process on x86-64 Linux. It works by inducing bit flips in page table entries (PTEs).
d7fe41707769b3dece28e753e47286ccocPortal version 9.0.16 suffers from multiple cross site scripting vulnerabilities.
b5929b5ae8aa78559e6a5ed359bffdbcOverCoffee Instant version 2.0 suffers from a remote SQL injection vulnerability.
73ec0917baa3565954bf9a7fef014e98
© 2018 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed