IT Security Alerts Weekly Digest (15 Jun ~ 21 Jun 2014)

1. Information Updates on Microsoft Security Advisory (2960358)
[20/06/2014] Microsoft has updated information on the Security Advisory for Microsoft .NET Framework. KB2960358 added link to Microsoft Knowledge Base Article 2978675 under Known Issues in the Executive Summary.

URL:technet.microsoft.com/library/security/2960358
2. Vulnerability in Cisco WebEx Meetings Server
[20/06/2014] Vulnerability was identified in the Cisco WebEx Meetings Server. An attacker could obtain sensitive information. This vulnerability affects multiple versions of the mentioned product. Security patches are available to resolve this vulnerability.

URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3296
URL:xforce.iss.net/xforce/xfdb/93871
3. Vulnerability in F5 ARX Series Products (SOL15320)
[20/06/2014] Vulnerability was identified in the bundled Apache HTTP Server in F5 ARX Series products. An attacker could cause a denial of service condition. This vulnerability affects versions 6.0.0 through 6.4.0 of the mentioned product.

URL:support.f5.com/kb/en-us/solutions/public/15000/300/sol15320.html
URL:secunia.com/advisories/59219/
4. Vulnerabilities in IBM Products (1675818, 1675820, 1675821)
[20/06/2014] Vulnerabilities were identified in the IBM Tivoli Netcool System Service Monitors and IBM Tivoli Netcool Application Service Monitors. An attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, perform spoofing attacks, cause a denial of service condition and compromise a vulnerable system. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.

URL:www.ibm.com/support/docview.wss?uid=swg21675818
URL:www.ibm.com/support/docview.wss?uid=swg21675820
URL:www.ibm.com/support/docview.wss?uid=swg21675821
URL:secunia.com/advisories/58615/
URL:secunia.com/advisories/59376/
5. Vulnerability in Novell Identity Manager (5187310)
[20/06/2014] Vulnerability was identified in the Novell Identity Manager. An attacker could execute arbitrary code. This vulnerability affects versions prior to 4.0.2 of the mentioned product. Security patches are available to resolve this vulnerability.

URL:download.novell.com/Download?buildid=Gdv7rveQBiE~
6. Vulnerability in AlogoSec FireFlow (93839)
[20/06/2014] Vulnerability was identified in the AlogoSec FireFlow. An attacker could perform cross-site scripting attacks. This vulnerability affects version 6.3 of the mentioned product.

URL:xforce.iss.net/xforce/xfdb/93839
7. Vulnerabilities in Parallels Plesk Panel
[20/06/2014] Vulnerabilities were identified in the Parallels Plesk Panel. An attacker could perform cross-site scripting attacks and obtain sensitive information. These vulnerabilities affect multiple versions of the mentioned product.

URL:www.hkcert.org/my_url/en/alert/14062001
URL:secunia.com/advisories/58819/
8. Vulnerabilities in KDE kdelibs (93875)
[20/06/2014] Vulnerabilities were identified in the KDE kdelibs. An attacker could bypass security restrictions. This vulnerability affects version 4.6 of the mentioned product. Security patches are available to resolve this vulnerability.

URL:xforce.iss.net/xforce/xfdb/93875
URL:www.securityfocus.com/bid/68113
9. Vulnerability in Linux Kernel (93870)
[20/06/2014] Vulnerability was identified in the Linux Kernel. An attacker could cause a denial of service condition. The affected version was not specified. Security patches are available to resolve this vulnerability.

URL:xforce.iss.net/xforce/xfdb/93870
10. Security Updates in Gentoo Linux (GLSA 201406-18)
[20/06/2014] Gentoo has released security update packages for fixing the vulnerability identified in the rxvt-unicode package for multiple versions of Gentoo Linux. An attacker could execute arbitrary code.

URL:www.gentoo.org/security/en/glsa/glsa-201406-18.xml
11. Security Updates in Red Hat Products (RHSA-2014:0770-1, RHSA-2014:0771-1, RHSA-2014:0772-1)
[20/06/2014] Red Hat has released security update packages for fixing the vulnerabilities identified in the foreman-proxy package for Red Hat OpenStack 3.0 and 4.0, and the kernel package for Red Hat Enterprise Linux 5 and 6. Due to multiple errors, an attacker could obtain sensitive information, execute arbitrary code, gain elevated privileges and cause a denial of service condition.

URL:rhn.redhat.com/errata/RHSA-2014-0770.html
URL:rhn.redhat.com/errata/RHSA-2014-0771.html
URL:rhn.redhat.com/errata/RHSA-2014-0772.html
12. Security Updates in Ubuntu GNU/Linux (usn-2250-1)
[20/06/2014] Ubuntu has released security update packages for fixing the vulnerabilities identified in the thunderbird package for versions 12.04 LTS, 13.10 and 14.04 LTS of Ubuntu GNU/Linux. Due to multiple errors, an attacker could execute arbitrary code, gain elevated privileges and cause a denial of service condition.

URL:www.ubuntu.com/usn/usn-2250-1/
13. Vulnerability in Apache Hive
[19/06/2014] Vulnerability was identified in the Apache Hive. An attacker could bypass security restrictions and obtain sensitive information. This vulnerability affects versions prior to 0.13.1 of the mentioned product. Security patches are available to resolve this vulnerability.

URL:cwiki.apache.org/confluence/download/attachments/40509928/hivecve_signed.txt
URL:secunia.com/advisories/59181/
14. Vulnerabilities in HP Executive Scorecard (c04341295)
[19/06/2014] Vulnerabilities were identified in the HP Executive Scorecard. An attacker could bypass security restrictions, execute arbitrary code and compromise a vulnerable system. This vulnerability affects versions 9.40 and 9.41 of the mentioned product. Security patches are available to resolve these vulnerabilities.

URL:h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c04341295
URL:secunia.com/advisories/59363/
15. Vulnerability in Novell Identity Manager (5187330)
[19/06/2014] Vulnerability was identified in the Novell Identity Manager. An attacker could execute arbitrary code. This vulnerability affects version 4.0.2 of the mentioned product. Security patches are available to resolve this vulnerability.

URL:download.novell.com/Download?buildid=5XLmBl54_Rg~
16. Vulnerabilities in Juniper Networks NetScreen Firewalls (JSA10631, JSA10632)
[19/06/2014] Vulnerabilities were identified in the Juniper Networks NetScreen Firewalls. An attacker could cause a denial of service condition. These vulnerabilities affect versions prior to 6.3r17 of the mentioned products. Security patches are available to resolve these vulnerabilities.

URL:kb.juniper.net/InfoCenter/index?page=content&id=JSA10631
URL:kb.juniper.net/InfoCenter/index?page=content&id=JSA10632
URL:secunia.com/advisories/59026/
17. Vulnerability in Trend Micro InterScan Messaging Security Virtual Appliance (93784)
[19/06/2014] Vulnerability was identified in the Trend Micro InterScan Messaging Security Virtual Appliance. An attacker could perform cross-site scripting attacks. This vulnerability affects version 8.5.1.1516 and possibly other versions of the mentioned product. Security patches are available to resolve this vulnerability.

URL:seclists.org/fulldisclosure/2014/May/164
URL:secunia.com/advisories/58491/
18. Vulnerability in Belkin N150 wireless routers
[19/06/2014] Vulnerability was identified in the Belkin N150 wireless routers. An attacker could obtain sensitive information. This vulnerability affects firmware versions prior to 1.00.08 of the mentioned products. Security patches are available to resolve this vulnerability.

URL:www.belkin.com/us/support-article?articleNum=109400
URL:www.kb.cert.org/vuls/id/774788
19. Vulnerabilities in Gitlab
[19/06/2014] Vulnerabilities were identified in the Gitlab. An attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and compromise a vulnerable system. These vulnerabilities affect versions prior to 6.6.2 of the mentioned product. Security patches are available to resolve these vulnerabilities.

URL:www.gitlab.com/2014/02/27/gitlab-ee-6-6-2-security-release/
URL:secunia.com/advisories/58903/
20. Vulnerabilities in EMC RSA BSAFE Toolkits (93831, 93832, 93833)
[19/06/2014] Vulnerabilities were identified in the EMC RSA BSAFE Toolkits. An attacker could obtain sensitive information. The affected version was not specified.

URL:xforce.iss.net/xforce/xfdb/93831
URL:xforce.iss.net/xforce/xfdb/93832
URL:xforce.iss.net/xforce/xfdb/93833
21. Vulnerability in OpenStack Neutron (93854)
[19/06/2014] Vulnerability was identified in the OpenStack Neutron. An attacker could cause a denial of service condition. This vulnerability affects versions 2013.2.3 and 2014.1 of the mentioned product. Security patches are available to resolve this vulnerability.

URL:xforce.iss.net/xforce/xfdb/93854
22. Security Updates in Debian (DSA-2963-1)
[19/06/2014] Debian has released security update packages for fixing the vulnerabilities identified in the lucene-solr package for multiple versions of Debian GNU/Linux. Due to multiple errors, an attacker could obtain sensitive information and execute arbitrary code.

URL:www.debian.org/security/2014/dsa-2963
23. Security Updates in Red Hat Products (RHSA-2014:0762-1, RHSA-2014:0763-1, RHSA-2014:0764-1)
[19/06/2014] Red Hat has released security update packages for fixing the vulnerability identified in the rubygem-openshift-origin-node package for Red Hat OpenShift Enterprise 1 and 2. An attacker could gain elevated privileges and execute arbitrary code.

URL:rhn.redhat.com/errata/RHSA-2014-0762.html
URL:rhn.redhat.com/errata/RHSA-2014-0763.html
URL:rhn.redhat.com/errata/RHSA-2014-0764.html
24. Security Updates in Ubuntu GNU/Linux (usn-2248-1, usn-2249-1)
[19/06/2014] Ubuntu has released security update packages for fixing the vulnerabilities identified in the cinder and heat packages for versions 13.10 and 14.04 LTS of Ubuntu GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, gain elevated privileges and obtain sensitive information.

URL:www.ubuntu.com/usn/usn-2248-1/
URL:www.ubuntu.com/usn/usn-2249-1/
25. Vulnerability in Microsoft Malware Protection Engine (2974294)
[18/06/2014] Vulnerability was identified in the Microsoft Malware Protection Engine. An attacker could cause a denial of service condition. This vulnerability affects versions prior to 1.1.10701.0 of the mentioned product. Security patches are available to resolve this vulnerability.

URL:technet.microsoft.com/library/security/2974294
URL:www.hkcert.org/my_url/en/alert/14061801
URL:www.us-cert.gov/ncas/current-activity/2014/06/17/Microsoft-Releases-Security-Advisory-Microsoft-Malware-Protection
26. Information Updates on Microsoft Security Bulletins (2969262, 2967487)
[18/06/2014] Microsoft has updated information on the Security Bulletins for Microsoft Internet Explorer, Microsoft Windows, Microsoft Office and Microsoft Lync. (a) MS14-035 corrected the severity table and vulnerability information to add CVE-2014-2782 as a vulnerability addressed by this update. (b) MS14-036 clarified in the Update FAQ for Microsoft Office section what updates will be offered to systems that are running Microsoft Office 2010.

URL:technet.microsoft.com/library/security/ms14-035
URL:technet.microsoft.com/library/security/ms14-036
27. Vulnerability in F5 ARX Data Manager (SOL15310)
[18/06/2014] Vulnerability was identified in the F5 ARX Data Manager. An attacker could execute arbitrary code. This vulnerability affects versions 3.0.0 through 3.1.0 of the mentioned product. Security patches are available to resolve this vulnerability.

URL:support.f5.com/kb/en-us/solutions/public/15000/300/sol15310.html
URL:www.kb.cert.org/vuls/id/210884
28. Vulnerabilities in IBM Products (1671544, 1674905, 1675343, 1675689, 1675972, 1676110)
[18/06/2014] Vulnerabilities were identified in the IBM GSKit, IBM Rational DOORS, IBM Tivoli Application Dependency Discovery Manager, IBM Multi-Enterprise Integration Gateway, IBM Tivoli Integrated Portal, IBM Tivoli Storage Productivity Center, IBM WEB interface for Content Management and IBM InfoSphere Identity Insight. An attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and compromise a vulnerable system. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.

URL:www.ibm.com/support/docview.wss?uid=swg21671544
URL:www.ibm.com/support/docview.wss?uid=swg21674905
URL:www.ibm.com/support/docview.wss?uid=swg21675343
URL:www.ibm.com/support/docview.wss?uid=swg21675689
URL:www.ibm.com/support/docview.wss?uid=swg21675972
URL:www.ibm.com/support/docview.wss?uid=swg21676110
URL:secunia.com/advisories/57477/
URL:secunia.com/advisories/58710/
URL:secunia.com/advisories/58947/
URL:secunia.com/advisories/59106/
URL:secunia.com/advisories/59118/
URL:secunia.com/advisories/59250/
29. Vulnerabilities in Novell Products (5187150, 7010867)
[18/06/2014] Vulnerabilities were identified in the Novell NetIQ Access Manager and Novell Open Enterprise Server 11. An attacker could bypass security restrictions, traverse directories, perform cross-site scripting attacks and execute arbitrary code. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.

URL:download.novell.com/Download?buildid=JDgXUx7Fg-w~
URL:www.novell.com/support/kb/doc.php?id=7010867
URL:secunia.com/advisories/59113/
30. Vulnerabilities in Symantec Web Gateway (SYM14-010)
[18/06/2014] Vulnerabilities were identified in the Symantec Web Gateway. An attacker could bypass security restrictions, execute arbitrary code and perform code injection attacks. These vulnerabilities affect versions prior to 5.2.1 of the mentioned product. Security patches are available to resolve these vulnerabilities.

URL:www.symantec.com/security_response/securityupdates/detail.jsp?fid=securit%20y_advisory&pvid=security_advisory&year=&suid=20140616_00
URL:www.kb.cert.org/vuls/id/719172
URL:xforce.iss.net/xforce/xfdb/93818
URL:xforce.iss.net/xforce/xfdb/93819
URL:xforce.iss.net/xforce/xfdb/93820
URL:xforce.iss.net/xforce/xfdb/93821
URL:secunia.com/advisories/59281/
31. Vulnerability in GNU C Library (93784)
[18/06/2014] Vulnerability was identified in the GNU C Library. An attacker could execute arbitrary code on the system. This vulnerability affects version 2.19 of the mentioned product. Security patches are available to resolve this vulnerability.

URL:xforce.iss.net/xforce/xfdb/93784
32. Security Updates in Oracle Solaris
[18/06/2014] Oracle has released security update packages for fixing the vulnerabilities identified in the libXtsol, LibTIFF, WAN Boot, OpenSSL and Bind packages for Oracle Solaris 8, 9, 10 and 11.1. Due to multiple errors, an attacker could bypass security restrictions, overflow a buffer, obtain sensitive information and cause a denial of service condition.

URL:blogs.oracle.com/sunsecurity/entry/cve_2014_0397_buffer_errors
URL:blogs.oracle.com/sunsecurity/entry/cve_2012_5581_denial_of
URL:blogs.oracle.com/sunsecurity/entry/cve_2014_0224_cryptographic_issues
URL:blogs.oracle.com/sunsecurity/entry/cve_2014_0224_cryptographic_issues1
URL:blogs.oracle.com/sunsecurity/entry/cve_2014_0591_buffer_errors1
33. Security Updates in Debian (DSA-2962-1)
[18/06/2014] Debian has released security update packages for fixing the vulnerability identified in the nspr package for multiple versions of Debian GNU/Linux. An attacker could execute arbitrary code.

URL:www.debian.org/security/2014/dsa-2962
34. Security Updates in Gentoo Linux (GLSA 201406-17)
[18/06/2014] Gentoo has released security update packages for fixing the vulnerabilities identified in the adobe-flash package for multiple versions of Gentoo Linux. Due to multiple errors, an attacker could bypass security restrictions, gain elevated privileges, execute arbitrary code, perform cross-site scripting attacks and cause a denial of service condition.

URL:www.gentoo.org/security/en/glsa/glsa-201406-17.xml
35. Security Updates in SUSE (SUSE-SU-2014:0806-1, SUSE-SU-2014:0807-1, openSUSE-SU-2014:0798-1, openSUSE-SU-2014:0799-1 )
[18/06/2014] SUSE has released security update packages for fixing the vulnerabilities identified in the flash-player and linux kernel packages for SUSE Linux Enterprise 11, and the flash-player package for openSUSE 11.4, 12.3 and 13.1. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, perform cross-site-scripting attacks, cause a denial of service condition and compromise a user's system.

URL:lists.opensuse.org/opensuse-security-announce/2014-06/msg00021.html
URL:lists.opensuse.org/opensuse-security-announce/2014-06/msg00022.html
URL:lists.opensuse.org/opensuse-updates/2014-06/msg00029.html
URL:lists.opensuse.org/opensuse-updates/2014-06/msg00030.html
URL:secunia.com/advisories/59304
36. Security Updates in Ubuntu GNU/Linux (usn-2214-3, usn-2246-1, usn-2247-1)
[18/06/2014] Ubuntu has released security update packages for fixing the vulnerabilities identified in the libxml2, apt and OpenStack nova packages for versions 10.04 LTS, 12.04 LTS, 13.10 and 14.04 LTS of Ubuntu GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, gain elevated privileges, obtain sensitive information, execute arbitrary code and cause a denial of service condition.

URL:www.ubuntu.com/usn/usn-2214-3/
URL:www.ubuntu.com/usn/usn-2246-1/
URL:www.ubuntu.com/usn/usn-2247-1/
37. Vulnerability in Apache Continuum
[17/06/2014] Vulnerability was identified in the Apache Continuum. An attacker could bypass security restrictions and execute arbitrary code. This vulnerability affects versions 1.3.1 through 1.4.1 of the mentioned product. Security patches are available to resolve this vulnerability.

URL:continuum.apache.org/security.html
URL:secunia.com/advisories/59209/
38. Vulnerability in Cisco Product
[17/06/2014] Vulnerability was identified in the Cisco Adaptive Security Appliance (ASA) Software. An attacker could obtain sensitive information. This vulnerability affects multiple versions of the mentioned product. Security patches are available to resolve this vulnerability.

URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2151
39. Vulnerabilities in Novell Products (5184170, 5184172, 5184173, 5184174, 5184175 5187050)
[17/06/2014] Vulnerabilities were identified in the Novell eDirectory, Novell NetIQ eDirectory and Novell Filr. An attacker could bypass security restrictions and execute arbitrary code. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.

URL:download.novell.com/Download?buildid=CugpfhQ-7lM~
URL:download.novell.com/Download?buildid=La-1NmYxKNM~
URL:download.novell.com/Download?buildid=mvIy6f0xgh8~
URL:download.novell.com/Download?buildid=V1WjO7ephTg~
URL:download.novell.com/Download?buildid=w0C5wM3x7Kg~
URL:download.novell.com/Download?buildid=xCwYSGC5aB0~
40. Vulnerabilities in IBM Products (1673620, 1674448, 1674812, 1675415, 1675454, 1675470, 1675472)
[17/06/2014] Vulnerabilities were identified in the IBM InfoSphere Information Services Catalog web application, IBM InfoSphere Information Server, IBM InfoSphere Information Server Information Services Director, IBM InfoSphere Information Server Business Glossary, IBM InfoSphere Information Server Metadata Workbench, IBM InfoSphere Data Click and IBM Curam Social Program Management. An attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and compromise a vulnerable system. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.

URL:www.ibm.com/support/docview.wss?uid=swg21673620
URL:www.ibm.com/support/docview.wss?uid=swg21674448
URL:www.ibm.com/support/docview.wss?uid=swg21674812
URL:www.ibm.com/support/docview.wss?uid=swg21675415
URL:www.ibm.com/support/docview.wss?uid=swg21675454
URL:www.ibm.com/support/docview.wss?uid=swg21675470
URL:www.ibm.com/support/docview.wss?uid=swg21675472
URL:secunia.com/advisories/59228/
URL:secunia.com/advisories/59252/
URL:secunia.com/advisories/59253/
URL:secunia.com/advisories/59256/
URL:secunia.com/advisories/59257/
URL:secunia.com/advisories/59259/
41. Vulnerability in Oracle Database
[17/06/2014] Vulnerability was identified in the Oracle Database. An attacker could gain elevated privileges and execute arbitrary code. This vulnerability affects versions 11.2.0.1.0, 11.2.0.4.5, 12.1.0.1.0 and 12.1.0.1.9 of the mentioned product.

URL:www.hkcert.org/my_url/en/alert/14061701
42. Vulnerability in Huawei eSap Platform (Huawei-SA-20140616-01-eSap)
[17/06/2014] Vulnerability was identified in the Huawei eSap software platform. An attacker could a denial of service condition. This vulnerability affects multiple versions of the mentioned product. Security patches are available to resolve this vulnerability.

URL:www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-345171.htm
43. Vulnerability in Core FTP (93754)
[17/06/2014] Vulnerability was identified in the Core FTP. An attacker could execute arbitrary code and cause a denial of service condition. This vulnerability affects version 2.2 of the mentioned product.

URL:xforce.iss.net/xforce/xfdb/93754
44. Vulnerability in Parallels Plesk Panel (93793)
[17/06/2014] Vulnerability was identified in the Parallels Plesk Panel. An attacker could obtain sensitive information. This vulnerability affects version 11.0.9 of the mentioned product.

URL:xforce.iss.net/xforce/xfdb/93793
45. Vulnerability in PowerDNS (93800)
[17/06/2014] Vulnerability was identified in the PowerDNS. An attacker could cause a denial of service condition. This vulnerability affects multiple versions of the mentioned product. Security patches are available to resolve this vulnerability.

URL:xforce.iss.net/xforce/xfdb/93800
46. Vulnerability in Spring Framework (93774)
[17/06/2014] Vulnerability was identified in the Spring Framework. An attacker could bypass security restrictions and obtain sensitive information. This vulnerability affects version 3.2.3 of the mentioned product. Security patches are available to resolve this vulnerability.

URL:xforce.iss.net/xforce/xfdb/93774
47. Vulnerability in OpenStack Keystone (93791)
[17/06/2014] Vulnerability was identified in the OpenStack Keystone. An attacker could gain elevated privileges. This vulnerability affects version 2014.1 of the mentioned product. Security patches are available to resolve this vulnerability.

URL:xforce.iss.net/xforce/xfdb/93791
48. Vulnerability in ZeroCMS (93785)
[17/06/2014] Vulnerability was identified in the ZeroCMS. An attacker could bypass security restrictions and gain elevated privileges. This vulnerability affects version 1.0 of the mentioned product.

URL:xforce.iss.net/xforce/xfdb/93785
49. Vulnerability in PHP
[17/06/2014] Vulnerability was identified in the PHP. An attacker could execute arbitrary code, cause a denial of service condition and compromise a vulnerable system. This vulnerability affects multiple versions of the mentioned product. Security patches are available to resolve this vulnerability.

URL:github.com/php/php-src/commit/4f73394fdd95d3165b4391e1b0dedd57fced8c3b
URL:secunia.com/advisories/58683/
50. Security Updates in Oracle Linux (ELSA-2014-0740, ELSA-2014-0740-1, ELSA-2014-0747)
[17/06/2014] Oracle has released security update packages for fixing the vulnerabilities identified in the kernel and python-jinja2 packages for Oracle Linux 5 and 6. Due to multiple errors, an attacker could bypass security restrictions, cause a denial of service condition and gain elevated privileges.

URL:linux.oracle.com/errata/ELSA-2014-0740.html
URL:linux.oracle.com/errata/ELSA-2014-0740-1.html
URL:oss.oracle.com/pipermail/el-errata/2014-June/004192.html
URL:secunia.com/advisories/58780/
URL:secunia.com/advisories/58783/
51. Security Updates in Debian (DSA-2960-1, DSA-2961-1)
[17/06/2014] Debian has released security update packages for fixing the vulnerabilities identified in the icedove and php5 packages for multiple versions of Debian GNU/Linux. Due to multiple errors, an attacker could execute arbitrary code, cause a denial of service condition and crash the application.

URL:www.debian.org/security/2014/dsa-2960
URL:www.debian.org/security/2014/dsa-2961
52. Security Updates in Gentoo Linux (GLSA 201406-16)
[17/06/2014] Gentoo has released security update packages for fixing the vulnerabilities identified in the cups-filters package for multiple versions of Gentoo Linux. Due to multiple errors, an attacker could gain elevated privileges and execute arbitrary code.

URL:www.gentoo.org/security/en/glsa/glsa-201406-16.xml
53. Security Updates in SUSE (openSUSE-SU-2014:0797-1, SUSE-SU-2014:0800-1)
[17/06/2014] SUSE has released security update packages for fixing the vulnerabilities identified in the Mozilla Firefox, Mozilla Thunderbird and Mozilla Netscape Portable Runtime (NSPR) packages for openSUSE 11.4, the GnuTLS package for SUSE CORE 9. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise a user's system.

URL:lists.opensuse.org/opensuse-security-announce/2014-06/msg00019.html
URL:lists.opensuse.org/opensuse-security-announce/2014-06/msg00020.html
URL:secunia.com/advisories/59229/
54. Vulnerability in Novell Sentinel (5186771)
[16/06/2014] Vulnerability was identified in the Novell Sentinel. An attacker could bypass security restrictions, traverse directories and execute arbitrary code. This vulnerability affects versions prior to 7.2.0.0 of the mentioned product. Security patches are available to resolve this vulnerability.

URL:download.novell.com/Download?buildid=-SNDQrCun2A~
55. Vulnerabilities in IBM Products
[16/06/2014] Vulnerabilities were identified in the IBM AIX and IBM Virtual I/O Server. An attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and compromise a vulnerable system. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.

URL:aix.software.ibm.com/aix/efixes/security/openssl_advisory9.asc
URL:secunia.com/advisories/58714/
56. Vulnerabilities in Huawei Products (Huawei-SA-20140613-OpenSSL)
[16/06/2014] Vulnerabilities were identified in multiple Huawei products. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code and compromise a vulnerable system. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.

URL:www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-345106.htm
57. Vulnerability in SEIL routers (93771)
[16/06/2014] Vulnerability was identified in the SEIL routers. An attacker could cause a denial of service condition. This vulnerability affects firmware version 1.80 ja of the mentioned product. Security patches are available to resolve this vulnerability.

URL:xforce.iss.net/xforce/xfdb/93771
58. Vulnerabilities in Openfiler (93761, 93762, 93763, 93764)
[16/06/2014] Vulnerabilities were identified in the Openfiler. An attacker could obtain sensitive information and execute arbitrary code. These vulnerabilities affect version 2.99 of the mentioned product.

URL:xforce.iss.net/xforce/xfdb/93761
URL:xforce.iss.net/xforce/xfdb/93762
URL:xforce.iss.net/xforce/xfdb/93763
URL:xforce.iss.net/xforce/xfdb/93764
59. Vulnerabilities in PHP
[16/06/2014] Vulnerabilities were identified in the PHP. An attacker could execute arbitrary code, cause a denial of service condition and crash the system. These vulnerabilities affect versions 5.3 and 5.4.0 of the mentioned product. Security patches are available to resolve these vulnerabilities.

URL:github.com/php/php-src/commit/b34d7849ed90ced9345f8ea1c59bc8d101c18468
URL:xforce.iss.net/xforce/xfdb/93769
60. Security Updates in Debian (DSA-2959-1)
[16/06/2014] Debian has released security update packages for fixing the vulnerabilities identified in the chromium-browser package for multiple versions of Debian GNU/Linux. Due to multiple errors, an attacker could execute arbitrary code, cause a denial of service condition and crash the application.

URL:www.debian.org/security/2014/dsa-2959
61. Security Updates in Gentoo Linux (GLSA 201406-09, GLSA 201406-10, GLSA 201406-11, GLSA 201406-12, GLSA 201406-13, GLSA 201406-14, GLSA 201406-15)
[16/06/2014] Gentoo has released security update packages for fixing the vulnerabilities identified in the gnutls, lighttpd, libXfont, freeradius, memcached, opera and kdirstat packages for multiple versions of Gentoo Linux. Due to multiple errors, an attacker could bypass security restrictions, gain elevated privileges, obtain sensitive information, execute arbitrary code, cause a denial of service condition and crash the system.

URL:www.gentoo.org/security/en/glsa/glsa-201406-09.xml
URL:www.gentoo.org/security/en/glsa/glsa-201406-10.xml
URL:www.gentoo.org/security/en/glsa/glsa-201406-11.xml
URL:www.gentoo.org/security/en/glsa/glsa-201406-12.xml
URL:www.gentoo.org/security/en/glsa/glsa-201406-13.xml
URL:www.gentoo.org/security/en/glsa/glsa-201406-14.xml
URL:www.gentoo.org/security/en/glsa/glsa-201406-15.xml
62. Security Updates in Mandriva (MDVSA-2014:124, MDVSA-2014:125)
[16/06/2014] Mandriva has released security update packages for fixing the vulnerabilities identified in the kernel and Mozilla Netscape Portable Runtime (NSPR) packages for version MBS1 and MES5 of Mandriva GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, gain elevated privileges, obtain sensitive information, execute arbitrary code, cause a denial of service condition and crash the system.

URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2014:124/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2014:125/
63. Security Updates in SUSE (openSUSE-SU-2014:0782-1, openSUSE-SU-2014:0783-1, SUSE-SU-2014:0788-2, SUSE-SU-2014:0796-1)
[16/06/2014] SUSE has released security update packages for fixing the vulnerabilities identified in the GnuTLS and Linux Kernel packages for SUSE Linux Enterprise 10 and 11, the apache2-mod_wsgi and chromium packages for openSUSE 12.3 and 13.1. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, perform spoofing and cross-site scripting attacks, cause a denial of service condition and compromise a user's system.

URL:lists.opensuse.org/opensuse-security-announce/2014-06/msg00017.html
URL:lists.opensuse.org/opensuse-security-announce/2014-06/msg00018.html
URL:lists.opensuse.org/opensuse-updates/2014-06/msg00022.html
URL:lists.opensuse.org/opensuse-updates/2014-06/msg00023.html
URL:secunia.com/advisories/59155/
URL:secunia.com/advisories/59159/