Sunday, June 15, 2014

IT Security Alerts Weekly Digest (8 Jun ~ 14 Jun 2014)

Security Alerts
1. Vulnerabilities in Cisco Products (cisco-sa-20140611-ipv6)
[13/06/2014] Vulnerabilities were identified in the Cisco IOS XR and Cisco IOS XE Software. An attacker could cause a denial of service condition and execute arbitrary code. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.

URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140611-ipv6
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3290
URL:xforce.iss.net/xforce/xfdb/93741
2. Vulnerability in HP Service Virtualization (c04333125)
[13/06/2014] Vulnerability was identified in the HP Service Virtualization. An attacker could execute arbitrary code. This vulnerability affects versions prior to 3.50.1 of the mentioned product. Security patches are available to resolve this vulnerability.

URL:h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04333125
URL:secunia.com/advisories/59207/
3. Vulnerabilities in IBM Products (S1004656, S1004661, 1670960, 1671953, 1672874, 1672880, 1674334, 1674824, 1674825, 1675195, 1675216, 1675223, 1675355, 1675387, 1675496, 1675588)
[13/06/2014] Vulnerabilities were identified in the IBM SONAS, IBM Power Servers incorporated in the IBM DS8870, IBM PureData System for Operational Analytics, IBM FileNet Business Process Framework, IBM Tivoli Storage Manager server, IBM CICS Transaction Server for z/OS, IBM PureApplication System, IBM Security Network Protection, IBM Tivoli Identity Manager, IBM Security Identity Manager, IBM Security SiteProtector System and IBM Lotus Quickr for WebSphere Portal. An attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and compromise a vulnerable system. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.

URL:www.ibm.com/support/docview.wss?uid=ssg1S1004656
URL:www.ibm.com/support/docview.wss?uid=ssg1S1004661
URL:www.ibm.com/support/docview.wss?uid=swg21670960
URL:www.ibm.com/support/docview.wss?uid=swg21671953
URL:www.ibm.com/support/docview.wss?uid=swg21672874
URL:www.ibm.com/support/docview.wss?uid=swg21672880
URL:www.ibm.com/support/docview.wss?uid=swg21674334
URL:www.ibm.com/support/docview.wss?uid=swg21674824
URL:www.ibm.com/support/docview.wss?uid=swg21674825
URL:www.ibm.com/support/docview.wss?uid=swg21675195
URL:www.ibm.com/support/docview.wss?uid=swg21675216
URL:www.ibm.com/support/docview.wss?uid=swg21675223
URL:www.ibm.com/support/docview.wss?uid=swg21675355
URL:www.ibm.com/support/docview.wss?uid=swg21675387
URL:www.ibm.com/support/docview.wss?uid=swg21675496
URL:www.ibm.com/support/docview.wss?uid=swg21675588
URL:secunia.com/advisories/58678/
URL:secunia.com/advisories/59242/
URL:secunia.com/advisories/59243/
URL:secunia.com/advisories/59245/
URL:secunia.com/advisories/59246/
URL:secunia.com/advisories/59247/
URL:secunia.com/advisories/59249/
URL:secunia.com/advisories/59251/
URL:secunia.com/advisories/59254/
URL:secunia.com/advisories/59255/
URL:secunia.com/advisories/59258/
URL:secunia.com/advisories/59260/
4. Vulnerabilities in Stunnel
[13/06/2014] Vulnerabilities were identified in the Stunnel. An attacker could obtain sensitive information, cause a denial of service condition, execute arbitrary code and compromise a vulnerable system. These vulnerabilities affect versions prior to 5.02 of the mentioned product. Security patches are available to resolve these vulnerabilities.

URL:www.marshut.com/ixwnpv/stunnel-5-02-released.html
URL:secunia.com/advisories/58983/
5. Security Updates in Oracle Linux (ELSA-2014-0743)
[13/06/2014] Oracle has released security update packages for fixing the vulnerabilities identified in the qemu-kvm package for Oracle Linux 6. An attacker could bypass security restrictions and gain elevated privileges.

URL:linux.oracle.com/errata/ELSA-2014-0743.html
URL:secunia.com/advisories/59157/
6. Security Updates in Debian (DSA-29571, DSA-2958-1)
[13/06/2014] Debian has released security update packages for fixing the vulnerabilities identified in the mediawiki and apt packages for multiple versions of Debian GNU/Linux. Due to multiple errors, an attacker could bypass security restriction and perform cross-site scripting attacks.

URL:www.debian.org/security/2014/dsa-2957
URL:www.debian.org/security/2014/dsa-2958
7. Security Updates in Slackware (SSA:2014-163-01)
[13/06/2014] Slackware has released security update packages for fixing the vulnerabilities identified in the mozilla-thunderbird packages for versions 14.1 of Slackware Linux. An attacker could bypass security restriction, obtain sensitive information, gain elevated privileges, perform code injection and cross-site scripting attacks, and compromise a user's system.

URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2014&m=slackware-security.360424
8. Security Updates in SUSE (SUSE-SU-2014:0788-1, SUSE-SU-2014:0758-2, openSUSE-SU-2014:0766-1)
[13/06/2014] SUSE has released security update packages for fixing the vulnerabilities identified in the GnuTLS package for SUSE Linux Enterprise 11, and the kernel package for openSUSE 11.4. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and crash the application.

URL:lists.opensuse.org/opensuse-security-announce/2014-06/msg00015.html
URL:lists.opensuse.org/opensuse-security-announce/2014-06/msg00016.html
URL:lists.opensuse.org/opensuse-updates/2014-06/msg00013.html
URL:secunia.com/advisories/59062/
9. Security Updates in Ubuntu GNU/Linux (usn-2232-2, usn-2245-1)
[13/06/2014] Ubuntu has released security update packages for fixing the vulnerabilities identified in the openssl and json-c packages for versions 12.04 LTS, 13.10 and 14.04 LTS of Ubuntu GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, gain elevated privileges, obtain sensitive information, execute arbitrary code and cause a denial of service condition.

URL:www.ubuntu.com/usn/usn-2232-2/
URL:www.ubuntu.com/usn/usn-2245-1/
10. Vulnerability in BIND (AA-01166)
[12/06/2014] Vulnerability was identified in the BIND. An attacker could cause a denial of service condition and crash the application. This vulnerability affects versions prior to 9.10.0-P2 of the mentioned product. Security patches are available to resolve this vulnerability.

URL:kb.isc.org/article/AA-01166/
11. Vulnerabilities in IBM Products (fixinfo136013, 1675454)
[12/06/2014] Vulnerabilities were identified in the IBM AIX and IBM InfoSphere Data Replication Dashboard. An attacker could cause a denial of service condition, obtain sensitive information and execute arbitrary code. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.

URL:www.ibm.com/support/docview.wss?uid=isg1fixinfo136013
URL:www.ibm.com/support/docview.wss?uid=swg21674530
URL:secunia.com/advisories/59104/
URL:secunia.com/advisories/59081/
12. Vulnerability in musl
[12/06/2014] Vulnerability was identified in the musl. An attacker could cause a denial of service condition and compromise a vulnerable application. This vulnerability affects versions prior to 1.0.3 of the mentioned product. Security patches are available to resolve this vulnerability.

URL:www.musl-libc.org/download.html
URL:secunia.com/advisories/58721/
13. Security Updates in Oracle Linux (ELSA-2014-0741, ELSA-2014-0742)
[12/06/2014] Oracle has released security update packages for fixing the vulnerabilities identified in the firefox and thunderbird packages for Oracle Linux 5 and 6. Due to multiple errors, an attacker could bypass security restrictions and compromise a vulnerable system.

URL:linux.oracle.com/errata/ELSA-2014-0741.html
URL:linux.oracle.com/errata/ELSA-2014-0742.html
URL:secunia.com/advisories/59150/
URL:secunia.com/advisories/59149/
14. Security Updates in Debian (DSA-2955-1, DSA-2956-1)
[12/06/2014] Debian has released security update packages for fixing the vulnerabilities identified in the iceweasel and icinga packages for multiple versions of Debian GNU/Linux. Due to multiple errors, an attacker could execute arbitrary code and cause a denial of service condition.

URL:www.debian.org/security/2014/dsa-2955
URL:www.debian.org/security/2014/dsa-2956
15. Security Updates in Gentoo Linux (GLSA 201406-08)
[12/06/2014] Gentoo has released security update packages for fixing the vulnerabilities identified in the adobe-flash package for multiple versions of Gentoo Linux. Due to multiple errors, an attacker could gain elevated privileges, execute arbitrary code and cause a denial of service condition.

URL:www.gentoo.org/security/en/glsa/glsa-201406-08.xml
URL:secunia.com/advisories/59193/
16. Security Updates in Mandriva (MDVSA-2014:122, MDVSA-2014:123)
[12/06/2014] Mandriva has released security update packages for fixing the vulnerabilities identified in the chkrootkit and tor packages for version MBS1 of Mandriva GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, gain elevated privileges and obtain sensitive information.

URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2014:122/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2014:123/
17. Security Updates in Red Hat Products (RHSA-2014:0745-1, RHSA-2014:0747-1, RHSA-2014:0748-1)
[12/06/2014] Red Hat has released security update packages for fixing the vulnerabilities identified in the Adobe Flash Player and python-jinja2 packages for Red Hat Enterprise Linux 5 and 6, the python33-python-jinja2 and python27-python-jinja2 packages for Red Hat Software Collections 1. Due to multiple errors, an attacker could bypass security restrictions, gain elevated privileges, execute arbitrary code, perform cross-site scripting attacks, cause a denial of service condition and crash the application.

URL:rhn.redhat.com/errata/RHSA-2014-0745.html
URL:rhn.redhat.com/errata/RHSA-2014-0747.html
URL:rhn.redhat.com/errata/RHSA-2014-0748.html
18. Security Updates in SUSE (SUSE-SU-2014:0775-1, SUSE-SU-2014:0732-1)
[12/06/2014] SUSE has released security update packages for fixing the vulnerabilities identified in the Linux Kernel package for SUSE Linux Enterprise 11, the IBM Java 5 package for SUSE Linux Enterprise 10. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and crash the application.

URL:lists.opensuse.org/opensuse-security-announce/2014-06/msg00014.html
URL:www.suse.com/support/update/announcement/2014/suse-su-20140732-1.html
URL:secunia.com/advisories/58884/
19. Security Updates in Ubuntu GNU/Linux (usn-2243-1, usn-2244-1)
[12/06/2014] Ubuntu has released security update packages for fixing the vulnerabilities identified in the firefox and libav packages for versions 12.04 LTS, 13.10 and 14.04 LTS of Ubuntu GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, gain elevated privileges, execute arbitrary code and cause a denial of service condition.

URL:www.ubuntu.com/usn/usn-2243-1/
URL:www.ubuntu.com/usn/usn-2244-1/
20. Vulnerabilities in Microsoft Products (2969259, 2962478, 2969258, 2966061, 2969261, 2969262, 2967487)
[11/06/2014] Vulnerabilities were identified in the Microsoft Windows, Microsoft Lync Server, Microsoft Live Meeting, Microsoft Office and Microsoft Internet Explorer. An attacker could obtain sensitive information, execute arbitrary code, bypass security restrictions and crash the system. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.

URL:technet.microsoft.com/library/security/ms14-jun
URL:technet.microsoft.com/library/security/ms14-030
URL:technet.microsoft.com/library/security/ms14-031
URL:technet.microsoft.com/library/security/ms14-032
URL:technet.microsoft.com/library/security/ms14-033
URL:technet.microsoft.com/library/security/ms14-034
URL:technet.microsoft.com/library/security/ms14-035
URL:technet.microsoft.com/library/security/ms14-036
URL:www.hkcert.org/my_url/en/alert/14061101
URL:www.hkcert.org/my_url/en/alert/14061102
URL:www.hkcert.org/my_url/en/alert/14061103
URL:www.hkcert.org/my_url/en/alert/14061104
URL:www.hkcert.org/my_url/en/alert/14061105
URL:www.hkcert.org/my_url/en/alert/14061106
URL:www.hkcert.org/my_url/en/alert/14061107
URL:www.us-cert.gov/ncas/current-activity/2014/06/10/Microsoft-Releases-June-2014-Security-Bulletin
URL:xforce.iss.net/xforce/xfdb/92800
URL:xforce.iss.net/xforce/xfdb/92830
URL:xforce.iss.net/xforce/xfdb/93424
URL:secunia.com/advisories/58524/
URL:secunia.com/advisories/58525/
URL:secunia.com/advisories/58537/
URL:secunia.com/advisories/58538/
URL:secunia.com/advisories/58551/
URL:secunia.com/advisories/58583/
21. Information Updates on Microsoft Security Advisories (2755801, 2862973, 2962824)
[11/06/2014] Microsoft has updated information on the Security Advisories for Microsoft Windows and Internet Explorer. (a) KB2755801 was added the 2966072 update to the Current Update section. (b) KB2862973 was revised to rerelease the 2862973 update for Windows 8 and Windows Server 2012. (c) KB2962824 was revised to announce a detection change for the update rollup (updates 2920189 and 2961908).

URL:technet.microsoft.com/library/security/2755801
URL:technet.microsoft.com/library/security/2862973
URL:technet.microsoft.com/library/security/2962824
URL:secunia.com/advisories/58584/
22. Vulnerabilities in Mozilla Products (MFSA 2014-48, MFSA 2014-49, MFSA 2014-50, MFSA 2014-51, MFSA 2014-52, MFSA 2014-53, MFSA 2014-54, MFSA 2014-55)
[11/06/2014] Vulnerabilities were identified in Mozilla Firefox, Firefox ESR, Thunderbird, and Netscape Portable Runtime. An attacker could execute arbitrary code, perform clickjacking attack and crash the application. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.

URL:www.mozilla.org/security/announce/2014/mfsa2014-48.html
URL:www.mozilla.org/security/announce/2014/mfsa2014-49.html
URL:www.mozilla.org/security/announce/2014/mfsa2014-50.html
URL:www.mozilla.org/security/announce/2014/mfsa2014-51.html
URL:www.mozilla.org/security/announce/2014/mfsa2014-52.html
URL:www.mozilla.org/security/announce/2014/mfsa2014-53.html
URL:www.mozilla.org/security/announce/2014/mfsa2014-54.html
URL:www.mozilla.org/security/announce/2014/mfsa2014-55.html
23. Vulnerabilities in Adobe Products (APSB14-16)
[11/06/2014] Vulnerabilities were identified in the Adobe Flash Player and Adobe AIR. An attacker could bypass security restriction, perform cross-site scripting attacks, execute arbitrary code and compromise a vulnerable system. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.

URL:helpx.adobe.com/security/products/flash-player/apsb14-16.html
URL:www.hkcert.org/my_url/en/alert/14061109
URL:www.us-cert.gov/ncas/current-activity/2014/06/10/Adobe-Releases-Security-Updates-Flash-Player-and-Air
URL:secunia.com/advisories/58390/
URL:secunia.com/advisories/58465/
24. Vulnerability in Cisco NX-OS Software
[11/06/2014] Vulnerability was identified in the Cisco NX-OS Software. An attacker could cause a denial of service condition. This vulnerability affects multiple versions of the mentioned product. Security patches are available to resolve this vulnerability.

URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3295
25. Vulnerabilities in IBM Products (1668509, 1670960, 1674232, 1674428, 1674752, 1675205, 1675216, 1675454)
[11/06/2014] Vulnerabilities were identified in the IBM Connections, IBM PureData System for Operational Analytics, IBM API Management, IBM Financial Transaction Manager Multiplatform, IBM InfoSphere Guardium Database Activity Monitoring, IBM Tivoli System Automation for Integrated Operations Management, IBM PureApplication System and IBM Curam Social Program Management. An attacker could bypass security restrictions, gain elevated privileges, obtain sensitive information, execute arbitrary code, cause a denial of service condition and compromise a vulnerable system. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.

URL:www.ibm.com/support/docview.wss?uid=swg21668509
URL:www.ibm.com/support/docview.wss?uid=swg21670960
URL:www.ibm.com/support/docview.wss?uid=swg21674232
URL:www.ibm.com/support/docview.wss?uid=swg21674428
URL:www.ibm.com/support/docview.wss?uid=swg21674752
URL:www.ibm.com/support/docview.wss?uid=swg21675205
URL:www.ibm.com/support/docview.wss?uid=swg21675216
URL:www.ibm.com/support/docview.wss?uid=swg21675454
URL:xforce.iss.net/xforce/xfdb/92298
URL:xforce.iss.net/xforce/xfdb/92743
URL:xforce.iss.net/xforce/xfdb/93010
URL:secunia.com/advisories/59044/
URL:secunia.com/advisories/59046/
URL:secunia.com/advisories/59047/
URL:secunia.com/advisories/59107/
URL:secunia.com/advisories/59108/
26. Vulnerabilities in Google Chrome
[11/06/2014] Vulnerabilities were identified in the Google Chrome. An attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, perform cross-site scripting attacks and compromise a vulnerable system. These vulnerabilities affect versions prior to 35.0.1916.153 of the mentioned product. Security patches are available to resolve these vulnerabilities.

URL:googlechromereleases.blogspot.hk/2014/06/stable-channel-update.html
URL:www.hkcert.org/my_url/en/alert/14061108
URL:www.us-cert.gov/ncas/current-activity/2014/06/10/Google-Releases-Security-Updates-Chrome-and-Chrome-OS
URL:secunia.com/advisories/58585/
27. Security Updates in Oracle Products (ELSA-2014-3037, ELSA-2014-3038, ELSA-2014-3039)
[11/06/2014] Oracle has released security update packages for fixing the vulnerabilities identified in the bind package for Oracle Solaris 8, 9, 10 and 11.1, the kernel and kernel-uek packages for Oracle Linux 5 and 6. Due to multiple errors, an attacker could bypass security restrictions, overflow a buffer, obtain sensitive information, gain elevated privileges and compromise a vulnerable system.

URL:blogs.oracle.com/sunsecurity/entry/cve_2014_0591_buffer_errors
URL:blogs.oracle.com/sunsecurity/entry/cve_2014_0591_buffer_errors1
URL:linux.oracle.com/errata/ELSA-2014-3037.html
URL:linux.oracle.com/errata/ELSA-2014-3038.html
URL:linux.oracle.com/errata/ELSA-2014-3039.html
URL:secunia.com/advisories/59092/
28. Security Updates in Mandriva (MDVSA-2014:110, MDVSA-2014:111, MDVSA-2014:112, MDVSA-2014:113, MDVSA-2014:114, MDVSA-2014:115, MDVSA-2014:116, MDVSA-2014:117, MDVSA-2014:118, MDVSA-2014:119, MDVSA-2014:120, MDVSA-2014:121)
[11/06/2014] Mandriva has released security update packages for fixing the vulnerabilities identified in the curl, otrs, python-django, squid, php, file, libcap-ng, emacs, mediawiki, miniupnpc and libgadu packages for versions MBS1 and MES5 of Mandriva GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, gain elevated privileges, obtain sensitive information, execute arbitrary code, cause a denial of service condition and crash the system.

URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2014:110/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2014:111/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2014:112/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2014:113/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2014:114/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2014:115/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2014:116/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2014:117/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2014:118/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2014:119/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2014:120/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2014:121/
29. Security Updates in Red Hat Products (RHSA-2014:0740-1, RHSA-2014:0741-1, RHSA-2014:0742-1, RHSA-2014:0743-1, RHSA-2014:0744-1)
[11/06/2014] Red Hat has released security update packages for fixing the vulnerabilities identified in the kernel, firefox, thunderbird and qemu-kvm packages for Red Hat Enterprise Linux 5, 6 and 7, the qemu-kvm-rhev package for Red Hat Enterprise Virtualization 3. Due to multiple errors, an attacker could bypass security restrictions, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the application.

URL:rhn.redhat.com/errata/RHSA-2014-0740.html
URL:rhn.redhat.com/errata/RHSA-2014-0741.html
URL:rhn.redhat.com/errata/RHSA-2014-0742.html
URL:rhn.redhat.com/errata/RHSA-2014-0743.html
URL:rhn.redhat.com/errata/RHSA-2014-0744.html
30. Security Updates in Ubuntu GNU/Linux (usn-2242-1)
[11/06/2014] Ubuntu has released security update packages for fixing the vulnerabilities identified in the dpkg package for versions 10.04 LTS, 12.04 LTS, 13.10 and 14.04 LTS of Ubuntu GNU/Linux. An attacker could execute arbitrary code and cause a denial of service condition.

URL:www.ubuntu.com/usn/usn-2242-1/
31. Vulnerabilities in Cisco Products
[10/06/2014] Vulnerabilities were identified in the Cisco Unified Communications Manager, Cisco Email Security Appliance, Cisco Web Security Appliance, Cisco Content Security Management Appliance and Cisco WebEx Meetings Server. An attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, perform code injection and cross-site scripting attacks. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.

URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3287
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3289
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3292
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3294
32. Vulnerabilities in EMC Documentum Content Server (93655, 93656, 93657)
[10/06/2014] Vulnerabilities were identified in the EMC Documentum Content Server. An attacker could gain elevated privileges, execute arbitrary code and perform code injection attacks. These vulnerabilities affect multiple versions of the mentioned product. Security patches are available to resolve these vulnerabilities.

URL:xforce.iss.net/xforce/xfdb/93655
URL:xforce.iss.net/xforce/xfdb/93656
URL:xforce.iss.net/xforce/xfdb/93657
33. Vulnerability in Lynis (93653)
[10/06/2014] Vulnerability was identified in the Lynis. An attacker could gain elevated privileges, execute arbitrary code and perform a symlink attack. This vulnerability affects versions prior to 1.5.5 of the mentioned product. Security patches are available to resolve this vulnerability.

URL:xforce.iss.net/xforce/xfdb/93653
34. Vulnerability in UEFI systems (VU#758382)
[10/06/2014] Vulnerability was identified in the UEFI systems. An attacker could bypass security restrictions and cause a denial of service condition. This vulnerability affects multiple firmware versions of the mentioned products. Security patches are available to resolve this vulnerability.

URL:security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00038?uageid=en-fr
URL:www.kb.cert.org/vuls/id/758382
35. Vulnerability in PHP (67390)
[10/06/2014] Vulnerability was identified in the PHP. An attacker could gain elevated privileges and perform a symlink attack. This vulnerability affects version 5.5.13 of the mentioned product. Security patches are available to resolve this vulnerability.

URL:bugs.php.net/bug.php?id=67390
URL:xforce.iss.net/xforce/xfdb/93652
36. Vulnerabilities in Rapid7 MetaSploit
[10/06/2014] Vulnerabilities were identified in the Rapid7 MetaSploit. An attacker could obtain sensitive information, execute arbitrary code and cause a denial of service condition. These vulnerabilities affect versions prior to 4.9.3 of the mentioned product. Security patches are available to resolve these vulnerabilities.

URL:community.rapid7.com/community/metasploit/blog/2014/06/05/security-advisory-openssl-vulnerabilities-cve-2014-0224-cve-2014-0221-in-metasploit
URL:secunia.com/advisories/58966/
37. Vulnerabilities in Google Chrome
[10/06/2014] Vulnerabilities were identified in the Google Chrome for Android. An attacker could obtain sensitive information, execute arbitrary code and compromise a vulnerable system. These vulnerabilities affect versions prior to 35.0.1916.141 of the mentioned product. Security patches are available to resolve these vulnerabilities.

URL:googlechromereleases.blogspot.hk/2014/06/chrome-for-android-update.html
URL:www.hkcert.org/my_url/en/alert/14061001
URL:secunia.com/advisories/57709/
38. Vulnerabilities in Oracle Linux (ELSA-2014-0624, ELSA-2014-0626)
[10/06/2014] Vulnerabilities were identified in the openssl, openssl097a and openssl098e packages for Oracle Linux 5 and 6. An attacker could obtain sensitive information and execute arbitrary code. These vulnerabilities affect multiple versions of the mentioned product. Security patches are available to resolve these vulnerabilities.

URL:linux.oracle.com/errata/ELSA-2014-0624.html
URL:linux.oracle.com/errata/ELSA-2014-0626.html
URL:secunia.com/advisories/58965/
39. Security Updates in Debian (DSA-2954-1)
[10/06/2014] Debian has released security update packages for fixing the vulnerability identified in the dovecot package for multiple versions of Debian GNU/Linux. An attacker could cause a denial of service condition.

URL:www.debian.org/security/2014/dsa-2954
40. Security Updates in Slackware (SSA:2014-160-01)
[10/06/2014] Slackware has released security update packages for fixing the vulnerabilities identified in the php package for version 13.0, 13.1, 13.37, 14.0 and 14.1 of Slackware Linux. Due to multiple errors, an attacker could execute arbitrary code and cause a denial of service condition.

URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2014&m=slackware-security.518178
41. Security Updates in Mandriva (MDVSA-2014:105, MDVSA-2014:106, MDVSA-2014:107, MDVSA-2014:108, MDVSA-2014:109)
[10/06/2014] Mandriva has released security update packages for fixing the vulnerabilities identified in the openssl, libtasn1 and gnutls packages for versions MBS1 and MES5 of Mandriva GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code and cause a denial of service condition.

URL:www.mandriva.com/en/support/security/advisories/mes5/MDVSA-2014:105/
URL:www.mandriva.com/en/support/security/advisories/mes5/MDVSA-2014:106/
URL:www.mandriva.com/en/support/security/advisories/mes5/MDVSA-2014:107/
URL:www.mandriva.com/en/support/security/advisories/mes5/MDVSA-2014:108/
URL:www.mandriva.com/en/support/security/advisories/mes5/MDVSA-2014:109/
42. Security Updates in Ubuntu GNU/Linux (usn-2214-2)
[10/06/2014] Ubuntu has released security update packages for fixing the vulnerability identified in the libxml2 package for versions 10.04 LTS, 12.04 LTS, 13.10 and 14.04 LTS of Ubuntu GNU/Linux. An attacker could cause a denial of service condition.

URL:www.ubuntu.com/usn/usn-2214-2/
43. Vulnerabilities in Cisco Products
[09/06/2014] Vulnerabilities were identified in the Cisco Unified Communications Domain Manager, Cisco WebEx Meetings Server and Cisco Wireless LAN Controller (WLC). An attacker could obtain sensitive information, execute arbitrary code and cause a denial of service condition. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.

URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3278
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3281
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3286
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3291
44. Vulnerabilities in IBM Products (1670870, 1673849, 21674894)
[09/06/2014] Vulnerabilities were identified in the IBM Maximo Asset Management, IBM Maximo Asset Management Essentials, IBM Maximo Industry Solutions (including Maximo for Government, Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas and Maximo for Utilities), IBM Tivoli Asset Management for IT, IBM Tivoli Service Request Manager, IBM Maximo Service Desk, IBM Change and Configuration Management Database, IBM SmartCloud Control Desk and IBM Sterling Connect:Direct for Windows. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, perform cross-site scripting and code injection attacks, execute arbitrary code and cause a denial of service condition. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.

URL:www.ibm.com/support/docview.wss?uid=swg21670870
URL:www.ibm.com/support/docview.wss?uid=swg21673849
URL:www.ibm.com/support/docview.wss?uid=swg21674894
URL:secunia.com/advisories/58694/
URL:secunia.com/advisories/59075/
45. Vulnerabilities in Cerberus FTP Server
[09/06/2014] Vulnerabilities were identified in the Cerberus FTP Server. An attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and compromise a vulnerable system. These vulnerabilities affect versions prior to 7.0.0.3 of the mentioned product. Security patches are available to resolve these vulnerabilities.

URL:www.cerberusftp.com/products/releasenotes.html
URL:secunia.com/advisories/58842/
46. Vulnerabilities in FreeBSD (FreeBSD-SA-14:14.openssl)
[09/06/2014] Vulnerabilities were identified in the FreeBSD. An attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and compromise a vulnerable system. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.

URL:www.freebsd.org/security/advisories/FreeBSD-SA-14%3A14.openssl.asc
URL:secunia.com/advisories/58472/
47. Security Updates in Debian (DSA-2952-1, DSA-2953-1)
[09/06/2014] Debian has released security update packages for fixing the vulnerabilities identified in the kfreebsd-9 and dpkg packages for multiple versions of Debian GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, traverse directories, obtain sensitive information, execute arbitrary code and cause a denial of service condition.

URL:www.debian.org/security/2014/dsa-2952
URL:www.debian.org/security/2014/dsa-2953
48. Security Updates in Gentoo Linux (GLSA 201406-06, GLSA 201406-07)
[09/06/2014] Gentoo has released security update packages for fixing the vulnerabilities identified in the mumble and echoping packages for multiple versions of Gentoo Linux. Due to multiple errors, an attacker could gain elevated privileges, execute arbitrary code and cause a denial of service condition.

URL:www.gentoo.org/security/en/glsa/glsa-201406-06.xml
URL:www.gentoo.org/security/en/glsa/glsa-201406-07.xml
49. Security Updates in Slackware (SSA:2014-156-01, SSA:2014-156-02, SSA:2014-156-03, SSA:2014-156-04, SSA:2014-157-01)
[09/06/2014] Slackware has released security update packages for fixing the vulnerabilities identified in the gnutls, libtasn1, openssl, sendmail and mozilla-firefox packages for version 13.0, 13.1, 13.37, 14.0 and 14.1 of Slackware Linux. Due to multiple errors, an attacker could bypass security restriction, obtain sensitive information, execute arbitrary code and cause a denial of service condition.

URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2014&m=slackware-security.311378
URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2014&m=slackware-security.399939
URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2014&m=slackware-security.547936
URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2014&m=slackware-security.728644
URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2014&m=slackware-security.746956
50. Security Updates in SUSE (SUSE-SU-2014:0759-2, SUSE-SU-2014:0762-1, openSUSE-SU-2014:0763-1, openSUSE-SU-2014:0764-1, openSUSE-SU-2014:0765-1, openSUSE-SU-2014:0767-1, SUSE-SU-2014:0768-1, SUSE-SU-2014:0769-1)
[09/06/2014] SUSE has released security update packages for fixing the vulnerabilities identified in the openssl and MySQL packages for SUSE Linux Enterprise 10 and 11, the gnutls and openssl packages for openSUSE 11.4, 12.3 and 13.1, and the openssl package for SUSE CORE 9. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and crash the application.

URL:lists.opensuse.org/opensuse-security-announce/2014-06/msg00006.html
URL:lists.opensuse.org/opensuse-security-announce/2014-06/msg00007.html
URL:lists.opensuse.org/opensuse-security-announce/2014-06/msg00008.html
URL:lists.opensuse.org/opensuse-security-announce/2014-06/msg00009.html
URL:lists.opensuse.org/opensuse-security-announce/2014-06/msg00010.html
URL:lists.opensuse.org/opensuse-security-announce/2014-06/msg00011.html
URL:lists.opensuse.org/opensuse-security-announce/2014-06/msg00012.html
URL:lists.opensuse.org/opensuse-security-announce/2014-06/msg00013.html
Posted by at
Labels: , , , , , , , , , , , , , , , , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)