Ubuntu Security Notice 2505-2 - USN-2505-1 fixed vulnerabilities in Firefox. This update removed the deprecated "-remote" command-line switch that some older software still depends on. This update fixes the problem. Matthew Noorenberghe discovered that whitelisted Mozilla domains could make UITour API calls from background tabs. If one of these domains were compromised and open in a background tab, an attacker could potentially exploit this to conduct clickjacking attacks. Jan de Mooij discovered an issue that affects content using the Caja Compiler. If web content loads specially crafted code, this could be used to bypass sandboxing security measures provided by Caja. Armin Razmdjou discovered that opening hyperlinks with specific mouse and key combinations could allow a Chrome privileged URL to be opened without context restrictions being preserved. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass security restrictions. Various other issues were also addressed.
24490ac6e18ae25e02c66d020d2b7428b794509223339ae92458db4bd284fc78Red Hat Security Advisory 2015-0662-01 - Red Hat Enterprise MRG is a next-generation IT infrastructure for enterprise computing. MRG offers increased performance, reliability, interoperability, and faster computing for enterprise customers. The Qpid packages provide a message broker daemon that receives, stores and routes messages using the open AMQP messaging protocol along with run-time libraries for AMQP client applications developed using Qpid C++. Clients exchange messages with an AMQP message broker using the AMQP protocol. It was discovered that the Qpid daemon did not restrict access to anonymous users when the ANONYMOUS mechanism was disallowed.
5f84972629ae28abcc608467e49695feaf6aaa26c0d6c49b2fd593163370f3dbRed Hat Security Advisory 2015-0660-01 - Red Hat Enterprise MRG is a next-generation IT infrastructure for enterprise computing. MRG offers increased performance, reliability, interoperability, and faster computing for enterprise customers. The Qpid packages provide a message broker daemon that receives, stores and routes messages using the open AMQP messaging protocol along with run-time libraries for AMQP client applications developed using Qpid C++. Clients exchange messages with an AMQP message broker using the AMQP protocol. It was discovered that the Qpid daemon did not restrict access to anonymous users when the ANONYMOUS mechanism was disallowed.
ce8b4230442294474edab2cf8ba6500a5f5f05caba1d03101e128b3b00a812adRed Hat Security Advisory 2015-0661-01 - Red Hat Enterprise MRG is a next-generation IT infrastructure for enterprise computing. MRG offers increased performance, reliability, interoperability, and faster computing for enterprise customers. The Qpid packages provide a message broker daemon that receives, stores and routes messages using the open AMQP messaging protocol along with run-time libraries for AMQP client applications developed using Qpid C++. Clients exchange messages with an AMQP message broker using the AMQP protocol. It was discovered that the Qpid daemon did not restrict access to anonymous users when the ANONYMOUS mechanism was disallowed.
e1033a8a290201972f0d28d5caf8c23c4d9ab80f92964540c8a6c9d061697444Mandriva Linux Security Advisory 2015-056 - It was found that RPM wrote file contents to the target installation directory under a temporary name, and verified its cryptographic signature only after the temporary file has been written completely. Under certain conditions, the system interprets the unverified temporary file contents and extracts commands from it. This could allow an attacker to modify signed RPM files in such a way that they would execute code chosen by the attacker during package installation. It was found that RPM could encounter an integer overflow, leading to a stack-based buffer overflow, while parsing a crafted CPIO header in the payload section of an RPM file. This could allow an attacker to modify signed RPM files in such a way that they would execute code chosen by the attacker during package installation.
7e87068c24ee66145d63ce115342713c291da259fa85a94842f8e9f9641c874bHP Security Bulletin HPSBGN03277 1 - Potential security vulnerabilities have been identified with the NTP service that is present on HP Virtualization Performance Viewer (vPV). These could be exploited remotely to execute code, create a Denial of Service (DoS), and other vulnerabilities. Revision 1 of this advisory.
6f8df7e9e5aa2dc95c49d69acba27bcb4e6053d7c678ab167cb1204eb8443695HP Security Bulletin HPSBUX03235 SSRT101750 3 - A potential security vulnerability has been identified with HP-UX running BIND. This vulnerability could be exploited remotely to create a Denial of Service (DoS). Revision 3 of this advisory.
48ab3ea388c95dfd47a9112080b4f0070bbdd1ea48a4360f9fec2342840fcc7aHP Security Bulletin HPSBPI03107 2 - A potential security vulnerability has been identified with certain HP LaserJet Printers, MFPs and certain HP OfficeJet Enterprise Printers using OpenSSL. The vulnerability could be exploited remotely to allow remote unauthorized access. Note: This OpenSSL vulnerability was detected in specific OpenSSL versions. OpenSSL is a 3rd party product that is embedded with some HP printer products. This bulletin notifies HP Printer customers about impacted products. Revision 2 of this advisory.
c1ad504494d3cdd80a5c5cdc4156f38730c673b2d60c7e2e87ea3ef6f4099a3aHP Security Bulletin HPSBHF03279 1 - Potential security vulnerabilities have been identified with certain HP Point of Sale PCs Running Windows with OLE Point of Sale (OPOS) Drivers. These vulnerabilities could be remotely exploited resulting in execution of code. Revision 1 of this advisory.
0337137cf9b6fd38324c4d5c3461f7935b87ac5be078641c497709d7611a1313Slackware Security Advisory - New samba packages are available for Slackware 14.1 and -current to fix security issues.
395f5f75150584b529e443ac6c4239929607552fcf310a6961ec6a0cb5f4515eDebian Linux Security Advisory 3180-1 - Alexander Cherepanov discovered that bsdcpio, an implementation of the 'cpio' program part of the libarchive project, is susceptible to a directory traversal vulnerability via absolute paths.
e3f8345a39ac1135c5240b1070c21fe33a5ed2d8b67c05e4bd6b7322ef6e15f0Gentoo Linux Security Advisory 201503-5 - Multiple vulnerabilities have been found in FreeType, possibly resulting in Denial of Service. Versions less than 2.5.5 are affected.
18c20fc5dea96db94329999ec37cf2a66601bd49860954c458cb8846091c88e5Gentoo Linux Security Advisory 201503-4 - Multiple vulnerabilities have been found in GNU C Library, the worst of which allowing a local attacker to execute arbitrary code or cause a Denial of Service. Versions less than 2.19-r1 are affected.
3be887081cfadc048cd5dd2fed5fc98110f1b24cf929e8adeeecd9c308657613Gentoo Linux Security Advisory 201503-3 - Multiple vulnerabilities have been discovered in PHP, the worst of which could lead to remote execution of arbitrary code. Versions less than 5.5.21 are affected.
f4b1f5999f8e64b5ebece53ea940ad066475808daa6304fe2c13343ae3f4b837Gentoo Linux Security Advisory 201503-2 - A vulnerability has been found in D-Bus, possibly resulting in local Denial of Service. Versions less than 1.8.16 are affected.
a6a8d7ba46ea206d024636d750e906df8bd257cbc82592d349cdaa671b9762a8This is a proof-of-concept exploit that is able to gain kernel privileges on machines that are susceptible to the DRAM "rowhammer" problem. It runs as an unprivileged userland process on x86-64 Linux. It works by inducing bit flips in page table entries (PTEs).
b98de0b89f4234492083f03996c7cb5d72fb3cfcc699889b93c0cd1a61b15025ocPortal version 9.0.16 suffers from multiple cross site scripting vulnerabilities.
2b2de1e09e79b26413838c5bc21bf2c31f196dacf85734cbc5465693bd010e00OverCoffee Instant version 2.0 suffers from a remote SQL injection vulnerability.
6a29f0ab377354d295f0f561c5e802d0cc87e7e9444d82a7b6c12ecd6d5dc0c8
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Subscribe to an RSS Feed