Red Hat Security Advisory 2014-0624-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying material for communication. A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between a client and a server. Note: In order to exploit this flaw, both the server and the client must be using a vulnerable version of OpenSSL; the server must be using OpenSSL version 1.0.1 and above, and the client must be using any version of OpenSSL.
9de9921f2c46c7112e30f97362f8c123c1cae8d849e84f085e552ddd92e58ac3Ubuntu Security Notice 2232-1 - It was discovered that OpenSSL incorrectly handled invalid DTLS fragments. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS, Ubuntu 13.10, and Ubuntu 14.04 LTS. Imre Rad discovered that OpenSSL incorrectly handled DTLS recursions. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service. Various other issues were also addressed.
5424ac7be14ab81fc1bad8ea713e6bf0766f97fa49a732d04ce5a18a3fec7c4eDebian Linux Security Advisory 2946-1 - Multiple vulnerabilities were discovered in the Python wrapper for the Gnu Privacy Guard (GPG). Insufficient sanitising could lead to the execution of arbitrary shell commands.
8ab331da478a59e71bc37b98d278fafce191923402adbe975df597f975c6c1ccDebian Linux Security Advisory 2948-1 - It was discovered that Bottle, a WSGI-framework for Python, performed a too permissive detection of JSON content, resulting a potential bypass of security mechanisms.
d089bdce0a5c3e62859b4c3754b04d792391c0c97330cb84c6654cbb14edca40Debian Linux Security Advisory 2947-1 - Several security issues have been corrected in multiple demuxers and decoders of the libav multimedia library.
6a028e6cd3df07da8a719aa5ee9bf288f971196e755b3197a646627da3ddd079Gentoo Linux Security Advisory 201406-5 - A vulnerability in Mutt could allow remote attackers to execute arbitrary code or cause a Denial of Service condition. Versions less than 1.5.22-r3 are affected.
8b3411484bd5e34999d17e5b7d119af2c8185a3ea0892e62dad5fb8c7f494ba6Gentoo Linux Security Advisory 201406-4 - A vulnerability in SystemTap could allow a local attacker to create a Denial of Service condition. Versions less than 2.0 are affected.
5774848268ed598deea8853ebd682bedcfd62be4a13af00f35a2e21e1ad4385fRed Hat Security Advisory 2014-0634-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way the Linux kernel's netfilter connection tracking implementation for Datagram Congestion Control Protocol packets used the skb_header_pointer() function. A remote attacker could use this flaw to send a specially crafted DCCP packet to crash the system or, potentially, escalate their privileges on the system. A flaw was found in the way the Linux kernel's Adaptec RAID controller checked permissions of compat IOCTLs. A local attacker could use this flaw to bypass intended security restrictions.
4adbe4156cf99b06994f18b8d8b373ee5ccb0bb00681929e0cf8cff5e762e6daUbuntu Security Notice 2230-1 - Thomas Stangner discovered that chkrootkit incorrectly quoted certain values. A local attacker could use this issue to execute arbitrary code when chkrootkit is run and gain root privileges.
f11e85e6894830aa661e658a635b9b5d789438cf8bc381a15e40e48d556a589fWahmShoppes eStore suffers from cross site scripting, information disclosure, and remote SQL injection vulnerabilities.
067a8c9d02bb209e9eab8b81ad2ace8b730a28ca839d8251990b622e1da9f738ABZ Srl CMS suffers from a remote SQL injection vulnerability. Note that this finding houses site-specific data.
8e9db8146c75f7f89c20db0ab712e00f19d4d65f02351ccc753d2ead97e0ff44
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed