Red Hat Security Advisory 2015-0991-01 - Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. It was discovered that the ChunkedInputFilter in Tomcat did not fail subsequent attempts to read input after malformed chunked encoding was detected. A remote attacker could possibly use this flaw to make Tomcat process part of the request body as new request, or cause a denial of service.
fbc2da9068ca45ea07b1c725a69c7635dc17156a875fe3366c804d1daa99ceb5
Red Hat Security Advisory 2015-0986-01 - The kexec-tools packages contain the /sbin/kexec binary and utilities that together form the user-space component of the kernel's kexec feature. The /sbin/kexec binary facilitates a new kernel to boot using the kernel's kexec feature either on a normal or a panic reboot. The kexec fastboot mechanism allows booting a Linux kernel from the context of an already running kernel. It was found that the module-setup.sh script provided by kexec-tools created temporary files in an insecure way. A malicious, local user could use this flaw to conduct a symbolic link attack, allowing them to overwrite the contents of arbitrary files.
509cde29180517d190dbca29d66ed3a6e3893d90ebcb625a5243f2447030f6f5
Red Hat Security Advisory 2015-0989-01 - The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. A buffer overflow flaw was found in the way the Linux kernel's Intel AES-NI instructions optimized version of the RFC4106 GCM mode decryption functionality handled fragmented packets. A remote attacker could use this flaw to crash, or potentially escalate their privileges on, a system over a connection with an active AEC-GCM mode IPSec security association. This update provides a build of the kernel-rt package for Red Hat Enterprise MRG 2.5, which is layered on Red Hat Enterprise Linux 6. The kernel-rt sources have been updated to include fixes for the following issues:
45a6336cefaff8acc962cfdca646efdb03bf3b05a003fde645eb5b443b4ae12d
Red Hat Security Advisory 2015-0980-01 - The pcs packages provide a command-line tool and a web UI to configure and manage the Pacemaker and Corosync tools. It was found that the pcs daemon did not sign cookies containing session data that were sent to clients connecting via the pcsd web UI. A remote attacker could use this flaw to forge cookies and bypass authorization checks, possibly gaining elevated privileges in the pcsd web UI. This issue was discovered by Tomas Jelinek of Red Hat.
03c03420fbe5e45cc8de5f1fbab13998201b00a936d8729f3af3e2a6df91c0a0
Red Hat Security Advisory 2015-0990-01 - The pcs packages provide a command-line tool and a web UI to configure and manage the Pacemaker and Corosync tools. It was found that the pcs daemon did not sign cookies containing session data that were sent to clients connecting via the pcsd web UI. A remote attacker could use this flaw to forge cookies and bypass authorization checks, possibly gaining elevated privileges in the pcsd web UI. Note: the pcsd web UI is not enabled by default. This issue was discovered by Tomas Jelinek of Red Hat.
0b625bf3b3ec3b8e6a18100d5d2622d909085f86341392d3149d6b1c4bc0b248
Red Hat Security Advisory 2015-0987-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A buffer overflow flaw was found in the way the Linux kernel's Intel AES-NI instructions optimized version of the RFC4106 GCM mode decryption functionality handled fragmented packets. A remote attacker could use this flaw to crash, or potentially escalate their privileges on, a system over a connection with an active AEC-GCM mode IPSec security association.
319ce6c7974536aaec356cc403add0de0cc51fe530faf6ef91d3d68c957d69a7
Debian Linux Security Advisory 3258-1 - It was discovered that the fix for CVE-2013-4422 in quassel, a distributed IRC client, was incomplete. This could allow remote attackers to inject SQL queries after a database reconnection (e.g. when the backend PostgreSQL server is restarted).
c1488d5b679bb37964f56066e2997ee17a65e2d88a594c168274f880f940141d
Red Hat Security Advisory 2015-0988-01 - Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. A heap-based buffer overflow flaw was found in the way Firefox processed compressed XML data. An attacker could create specially crafted compressed XML content that, when processed by Firefox, could cause it to crash or execute arbitrary code with the privileges of the user running Firefox.
3965dd93d84952f70f2088dce3868edf5d8d8412b69169b247fff8691ac13a0d
HP Security Bulletin HPSBMU03330 1 - A potential security vulnerability has been identified with HP Matrix Operating Environment (MOE). This is the GlibC vulnerability known as "GHOST" which could be exploited remotely resulting in execution of code. Revision 1 of this advisory.
2b7ff05d5d322b1c2f6e571b435ddaca21eee8f65e751fcd8a7713a59a4e520e
Slackware Security Advisory - New mysql packages are available for Slackware 14.0 to fix security issues.
1fbef06cb8149b5c11492bb984fcc4acf1c7b2c8a37188ff1e5dfe652d086f7d