1. Vulnerability
in Cisco Products (cisco-sa-20140926-bash)
[26/09/2014] Vulnerability was identified in the Bash contained in
multiple Cisco products. An attacker could bypass security restrictions and
execute arbitrary code. This vulnerability affects multiple versions of multiple
Cisco
products.
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140926-bash
2. Vulnerability in Juniper Products
(JSA10648)
[26/09/2014]
Vulnerability was identified in the Bash
contained in the Juniper Junos Space and Juniper JSA Series devices. An attacker
could bypass security restrictions and execute arbitrary code. This
vulnerability affects all versions of the mentioned
products.
URL:kb.juniper.net/InfoCenter/index?page=content&id=JSA10648&cat=SIRT_1&actp=LIST
3. Vulnerability in IBM Security QRadar SIEM
(1683609)
[26/09/2014]
Vulnerability was identified in the IBM Security
QRadar SIEM. An attacker could gain escalated privileges and execute arbitrary
code. This vulnerability affects versions 7.1 MR2 and 7.2 MR2 of the mentioned
product. Security patches are available to resolve this
vulnerability.
URL:www-01.ibm.com/support/docview.wss?uid=swg21683609
URL:xforce.iss.net/xforce/xfdb/93540
4. Vulnerability in Perl
(96216)
[26/09/2014]
Vulnerability was identified in the Perl. An
attacker could cause a buffer overflow and cause a denial of service condition.
This vulnerability affects versions 5.20.1 and prior of the mentioned product.
Security patches are available to resolve this
vulnerability.
URL:xforce.iss.net/xforce/xfdb/96216
5. Security Updates in Debian (DSA-3033-1,
DSA-3034-1)
[26/09/2014] Debian has
released security update packages for fixing the vulnerabilities identified in
the nss and iceweasel packages for multiple versions of Debian GNU/Linux. Due to
multiple errors, an attacker could perform spoofing
attacks.
URL:www.debian.org/security/2014/dsa-3033
URL:www.debian.org/security/2014/dsa-3034
6. Security Updates in Mandriva (MDVSA-2014:187,
MDVSA-2014:188, MDVSA-2014:189)
[26/09/2014] Mandriva
has released security update packages for fixing the vulnerabilities identified
in the curl, wireshark and nss packages for version MBS1 of Mandriva GNU/Linux.
Due to multiple errors, an attacker could execute arbitrary code, crash the
application and perform spoofing
attacks.
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2014%3A187/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2014%3A188/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2014%3A189/
7. Security Updates in Oracle Linux (ELSA-2014-1293,
ELSA-2014-1294)
[26/09/2014] Oracle has
released security update packages for fixing the vulnerability identified in the
bash packages for Oracle Linux 4, 5, 6 and 7. An attacker could bypass security
restrictions and execute arbitrary
code.
URL:linux.oracle.com/errata/ELSA-2014-1293.html
URL:linux.oracle.com/errata/ELSA-2014-1294.html
8. Security Updates in Gentoo Linux (GLSA 201409-09,
201409-10)
[26/09/2014]
Gentoo has released security update packages for
fixing the vulnerabilities identified in the bash packages for multiple versions
of Gentoo Linux. Due to multiple errors, an attacker could bypass security
restrictions and execute arbitrary
code.
URL:www.gentoo.org/security/en/glsa/glsa-201409-09.xml
URL:www.gentoo.org/security/en/glsa/glsa-201409-10.xml
9. Security Updates in Slackware (SSA:2014-268-01,
SSA:2014-268-02)
[26/09/2014] Slackware
has released security update packages for fixing the vulnerabilities identified
in the bash packages for multiple versions of Slackware Linux. Due to multiple
errors, an attacker could bypass security restrictions and execute arbitrary
code.
URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2014&m=slackware-security.309194
URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2014&m=slackware-security.495008
10.
Security Updates in SUSE
(SUSE-SU-2014:1218-1)
[26/09/2014] SUSE has
released security update packages for fixing the vulnerabilities identified in
the spacewalk-java package for SUSE Manager Server. An attacker could perform
cross-site scripting
attacks.
URL:lists.opensuse.org/opensuse-security-announce/2014-09/msg00031.html
11.
Security Updates in Ubuntu GNU/Linux
(USN-2360-1, USN-2360-2, USN-2361-1, USN-2363-1)
[26/09/2014] Ubuntu has released security update packages for fixing the
vulnerabilities identified in the firefox, thunderbird, nss and bash packages
for versions 10.04 LTS, 12.04 LTS and 14.04 LTS of Ubuntu GNU/Linux. Due to
multiple errors, an attacker could obtain sensitive information, bypass security
restrictions and execute arbitrary
code.
URL:www.ubuntu.com/usn/usn-2360-1/
URL:www.ubuntu.com/usn/usn-2360-2/
URL:www.ubuntu.com/usn/usn-2361-1/
URL:www.ubuntu.com/usn/usn-2363-1/
12.
Information Updates on Microsoft Security
Bulletins (MS14-009, MS14-049)
[25/09/2014] Microsoft
has updated information on the Security Bulletins for Microsoft .NET Framework
and Microsoft Windows. (a) MS14-009 was revised to correct a missing Server Core
installation entry in the Affected Software table. (b) MS14-055 was revised to
change Known issues entry in the Knowledge Base Article
section.
URL:technet.microsoft.com/library/security/ms14-009
URL:technet.microsoft.com/library/security/ms14-049
13.
Vulnerabilities in Mozilla Products (MFSA
2014-73)
[25/09/2014]
Vulnerabilities were identified in Mozilla
Firefox, Thunderbird, SeaMonkey and NSS. An attacker could bypass security
restrictions and perform spoofing attacks. These vulnerabilities affect multiple
versions of the mentioned products. Security patches are available to resolve
these
vulnerabilities.
URL:www.mozilla.org/security/announce/2014/mfsa2014-73.html
URL:www.hkcert.org/my_url/en/alert/14092501
URL:www.kb.cert.org/vuls/id/772676
URL:www.us-cert.gov/ncas/current-activity/2014/09/24/Mozilla-Network-Security-Services-NSS-Library-Vulnerability
14.
Vulnerabilities in Cisco Products
(cisco-sa-20140924-mdns, cisco-sa-20140924-nat, cisco-sa-20140924-sip,
cisco-sa-20140924-metadata, cisco-sa-20140924-dhcpv6,
cisco-sa-20140924-rsvp)
[25/09/2014] Vulnerabilities were identified in the Cisco IOS Software,
Cisco IOS XE Software and Cisco Unified Communications Domain Manager. An
attacker could cause a denial of service condition. These vulnerabilities affect
multiple versions of the mentioned products. Security patches are available to
resolve these
vulnerabilities.
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140924-mdns
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140924-nat
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140924-sip
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140924-metadata
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140924-dhcpv6
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140924-rsvp
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0475
URL:xforce.iss.net/xforce/xfdb/96174
URL:xforce.iss.net/xforce/xfdb/96175
URL:xforce.iss.net/xforce/xfdb/96176
URL:xforce.iss.net/xforce/xfdb/96177
15.
Vulnerabilities in IBM Products
(S1004872, 1672337, 1672717, 1674132, 1674134, 1679930, 1681183, 1681184,
1682120, 1682450, 1682627, 1683296, 1683297, 1683332, 1683334, 1683336, 1683338,
MIGR-5096152)
[25/09/2014] Vulnerabilities were identified in the IBM TSSC, IBM FileNet
Content Manager, IBM Content Foundation, IBM FileNet Process Engine, IBM
InfoSphere Streams, IBM Rational Engineering Lifecycle Manager, IBM Rational
Software Architect Design Manager, IBM Rational Rhapsody Design Manager, IBM
Initiate Master Data Service, IBM InfoSphere Balanced Warehouse, IBM Smart
Analytics System, IBM PureData System for Operational Analytics, IBM Guardium
Database Activity Monitor and IBM Systems Director. An attacker could bypass
security restrictions, obtain sensitive information, execute arbitrary code,
cause a denial of service condition and crash the system. These vulnerabilities
affect multiple versions of the mentioned products. Security patches are
available to resolve these
vulnerabilities.
URL:www.ibm.com/support/docview.wss?uid=ssg1S1004872
URL:www.ibm.com/support/docview.wss?uid=swg21672337
URL:www.ibm.com/support/docview.wss?uid=swg21672717
URL:www.ibm.com/support/docview.wss?uid=swg21674132
URL:www.ibm.com/support/docview.wss?uid=swg21674134
URL:www.ibm.com/support/docview.wss?uid=swg21679930
URL:www.ibm.com/support/docview.wss?uid=swg21681183
URL:www.ibm.com/support/docview.wss?uid=swg21681184
URL:www.ibm.com/support/docview.wss?uid=swg21682120
URL:www.ibm.com/support/docview.wss?uid=swg21682450
URL:www.ibm.com/support/docview.wss?uid=swg21682627
URL:www.ibm.com/support/docview.wss?uid=swg21683296
URL:www.ibm.com/support/docview.wss?uid=swg21683297
URL:www.ibm.com/support/docview.wss?uid=swg21683332
URL:www.ibm.com/support/docview.wss?uid=swg21683334
URL:www.ibm.com/support/docview.wss?uid=swg21683336
URL:www.ibm.com/support/docview.wss?uid=swg21683338
URL:www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096152
16. Vulnerabilities in
Huawei Products (Huawei-SA-20140924-01-VRP,
Huawei-SA-20140924-02-CSRF)
[25/09/2014] Vulnerabilities were identified in multiple Huawei products.
An attacker could bypass security restrictions, obtain sensitive information and
compromise the system. These vulnerabilities affect multiple firmware versions
of the mentioned products. Security patches are available to resolve these
vulnerabilities.
URL:www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-372145.htm
URL:www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-372186.htm
17.
Vulnerability in GNU
Bash
[25/09/2014]
Vulnerability was identified in the GNU bash
(GNU Bourne-Again Shell). An attacker could bypass security restrictions and
execute arbitrary code. This vulnerability affects version 4.3 of the mentioned
product. Security patches are available to resolve this
vulnerability.
URL:www.hkcert.org/my_url/en/alert/14092502
URL:www.us-cert.gov/ncas/current-activity/2014/09/24/Bourne-Again-Shell-Bash-Remote-Code-Execution-Vulnerability
URL:xforce.iss.net/xforce/xfdb/96153
18.
Vulnerability in Xen
(XSA-104)
[25/09/2014]
Vulnerability was identified in the Xen. An
attacker could bypass security restrictions, cause a denial of service condition
and crash the system. This vulnerability affects multiple versions of the
mentioned product. Security patches are available to resolve this
vulnerability.
URL:xenbits.xen.org/xsa/advisory-104.html
URL:xforce.iss.net/xforce/xfdb/96149
19.
Security Updates in Debian (DSA-3031-1,
DSA-3032-1)
[25/09/2014] Debian has
released security update packages for fixing the vulnerabilities identified in
the apt and bash packages for multiple versions of Debian GNU/Linux. Due to
multiple errors, an attacker could bypass security restrictions, obtain
sensitive information, execute arbitrary code, cause a denial of service
condition and crash the
system.
URL:www.debian.org/security/2014/dsa-3031
URL:www.debian.org/security/2014/dsa-3032
20.
Security Updates in Mandriva
(MDVSA-2014:181, MDVSA-2014:182, MDVSA-2014:183, MDVSA-2014:184, MDVSA-2014:185,
MDVSA-2014:186)
[25/09/2014] Mandriva
has released security update packages for fixing the vulnerabilities identified
in the dump, zarafa, phpmyadmin, net-snmp, libgadu and bash packages for version
MBS1 of Mandriva GNU/Linux. Due to multiple errors, an attacker could bypass
security restrictions, obtain sensitive information, gain elevated privileges,
execute arbitrary code, cause a denial of service condition and compromise a
vulnerable
system.
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2014%3A181/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2014%3A182/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2014%3A183/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2014%3A184/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2014%3A185/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2014%3A186/
21.
Security Updates in Mageia
(MGASA-2014-0384, MGASA-2014-0385, MGASA-2014-0386, MGASA-2014-0387,
MGASA-2014-0388)
[25/09/2014] Mageia has
released security update packages for fixing the vulnerabilities identified in
the curl, wireshark, php-pear-CAS and bash packages for multiple versions of
Mageia. Due to multiple errors, an attacker could bypass security restrictions,
obtain sensitive information, execute arbitrary code, cause a denial of service
condition and compromise a vulnerable
system.
URL:advisories.mageia.org/MGASA-2014-0384.html
URL:advisories.mageia.org/MGASA-2014-0385.html
URL:advisories.mageia.org/MGASA-2014-0386.html
URL:advisories.mageia.org/MGASA-2014-0387.html
URL:advisories.mageia.org/MGASA-2014-0388.html
22.
Security Updates in Red Hat Enterprise
Linux (RHSA-2014-1292-1, RHSA-2014-1293-1, RHSA-2014-1294-1,
RHSA-2014-1295-1)
[25/09/2014] Red Hat
has released security update packages for fixing the vulnerabilities identified
in the haproxy, bash and bash Shift_JIS packages for Red Hat Enterprise Linux 5,
6, and 7, and the Red Hat JBoss Data Virtualization. Due to multiple errors, an
attacker could bypass security restrictions, obtain sensitive information, gain
elevated privileges, execute arbitrary code, cause a denial of service condition
and crash the
system.
URL:rhn.redhat.com/errata/RHSA-2014-1292.html
URL:rhn.redhat.com/errata/RHSA-2014-1293.html
URL:rhn.redhat.com/errata/RHSA-2014-1294.html
URL:rhn.redhat.com/errata/RHSA-2014-1295.html
URL:xforce.iss.net/xforce/xfdb/96192
23.
Security Updates in Slackware
(SSA:2014-267-01, SSA:2014-267-02)
[25/09/2014] Slackware
has released security update packages for fixing the vulnerabilities identified
in the mozilla-nss and bash packages for multiple versions of Slackware Linux.
Due to multiple errors, an attacker could bypass security restrictions, obtain
sensitive information, gain elevated privileges, execute arbitrary code and
cause a denial of service
condition.
URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2014&m=slackware-security.387409
URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2014&m=slackware-security.522193
24.
Security Updates in SUSE
(SUSE-SU-2014:1212-1, SUSE-SU-2014:1213-1, SUSE-SU-2014:1214-1,
openSUSE-SU-2014:1151-1)
[25/09/2014] SUSE has
released security update packages for fixing the vulnerabilities identified in
the bash package for SUSE Linux Enterprise 10 and 11, and the chromium package
for openSUSE 12.3 and 13.1. Due to multiple errors, an attacker could bypass
security restrictions, obtain sensitive information, gain elevated privileges,
execute arbitrary code and cause a denial of service
condition.
URL:lists.opensuse.org/opensuse-security-announce/2014-09/msg00028.html
URL:lists.opensuse.org/opensuse-security-announce/2014-09/msg00029.html
URL:lists.opensuse.org/opensuse-security-announce/2014-09/msg00030.html
URL:lists.opensuse.org/opensuse-updates/2014-09/msg00033.html
25.
Security Updates in Ubuntu GNU/Linux
(USN-2362-1)
[25/09/2014] Ubuntu has
released security update packages for fixing the vulnerabilities identified in
the bash packages for versions 10.04 LTS, 12.04 LTS and 14.04 LTS of Ubuntu
GNU/Linux. Due to multiple errors, an attacker could bypass security
restrictions, execute arbitrary code, cause a denial of service condition and
crash the
system.
URL:www.ubuntu.com/usn/usn-2362-1/
26. Information Updates on Microsoft Security Advisory and
Bulletin (2755801, MS14-055)
[24/09/2014] Microsoft
has updated information on the Security Advisory and Bulletin for Microsoft
Internet Explorer and Microsoft Lync Server. (a) KB2755801 added the 2999249
update to the Current Update section. (b) MS14-055 was rereleased to announce
the reoffering of the 2982385 security update file (server.msp) for Microsoft
Lync Server
2010.
URL:technet.microsoft.com/library/security/2755801
URL:technet.microsoft.com/library/security/ms14-055
27.
Vulnerability in Huawei Ascend P6 Mobile
Phones (Huawei-SA-20140923-01-P6)
[24/09/2014] Vulnerability was identified in the Huawei Ascend P6 Mobile
Phones EDGE-U00 and EDGE-T00. An attacker could bypass security restrictions and
obtain sensitive information. This vulnerability affects multiple firmware
versions of the mentioned products. Security patches are available to resolve
this
vulnerability.
URL:www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-372118.htm
28.
Vulnerability in M/Monit
(96122)
[24/09/2014]
Vulnerability was identified in the M/Monit. An
attacker could bypass security restrictions, execute arbitrary code and perform
cross-site scripting attacks. This vulnerability affects version 3.2.2 of the
mentioned
product.
URL:xforce.iss.net/xforce/xfdb/96122
29.
Vulnerability in Debian Apt
(96151)
[24/09/2014]
Vulnerability was identified in the Debian Apt.
An attacker could bypass security restrictions, execute arbitrary code, cause a
denial of service condition and crash the system. This vulnerability affects
versions prior to 0.9.7.9+deb7u5 of the mentioned product. Security patches are
available to resolve this
vulnerability.
URL:xforce.iss.net/xforce/xfdb/96151
30.
Vulnerabilities in Xen (XSA-105,
XSA-106)
[24/09/2014]
Vulnerabilities were identified in the Xen. An
attacker could bypass security restrictions, gain elevated privileges, execute
arbitrary code, cause a denial of service condition and crash the system. These
vulnerabilities affect multiple versions of the mentioned product. Security
patches are available to resolve these
vulnerabilities.
URL:xenbits.xen.org/xsa/advisory-105.html
URL:xenbits.xen.org/xsa/advisory-106.html
URL:xforce.iss.net/xforce/xfdb/96147
URL:xforce.iss.net/xforce/xfdb/96148
31.
Security Updates in Red Hat Enterprise
Linux (RHSA-2014:1285-1, RHSA-2014:1286-1)
[24/09/2014] Red Hat
has released security update packages for fixing the vulnerability identified in
the Red Hat JBoss Enterprise Application Platform 6.3.1 for Red Hat Enterprise
Linux 5 and 6. An attacker could bypass security restrictions, gain elevated
privileges, execute arbitrary code, cause a denial of service condition and
crash the
system.
URL:rhn.redhat.com/errata/RHSA-2014-1285.html
URL:rhn.redhat.com/errata/RHSA-2014-1286.html
32.
Security Updates in Ubuntu GNU/Linux
(USN-2353-1, USN-2354-1, USN-2355-1, USN-2356-1, USN-2357-1, USN-2358-1,
USN-2359-1)
[24/09/2014] Ubuntu has
released security update packages for fixing the vulnerabilities identified in
the apt, linux, linux-ec2, inux-ti-omap4 and linux-lts-trusty packages for
versions 10.04 LTS, 12.04 LTS and 14.04 LTS of Ubuntu GNU/Linux. Due to multiple
errors, an attacker could bypass security restrictions, execute arbitrary code,
cause a denial of service condition and crash the
system.
URL:www.ubuntu.com/usn/usn-2353-1/
URL:www.ubuntu.com/usn/usn-2354-1/
URL:www.ubuntu.com/usn/usn-2355-1/
URL:www.ubuntu.com/usn/usn-2356-1/
URL:www.ubuntu.com/usn/usn-2357-1/
URL:www.ubuntu.com/usn/usn-2358-1/
URL:www.ubuntu.com/usn/usn-2359-1/
33.
Vulnerability in Cisco Unified
Communications Domain Manager Platform
[23/09/2014] Vulnerability was identified in the Cisco Unified
Communications Domain Manager Platform. An attacker could bypass security
restrictions, cause a denial of service condition and crash the system. This
vulnerability affects multiple versions of the mentioned products. Security
patches are available to resolve this
vulnerability.
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3380
34.
Vulnerabilities in NETGEAR Download
Center (96070, 96071)
[23/09/2014] Vulnerabilities were identified in the NETGEAR Download
Center. An attacker could bypass security restrictions, obtain sensitive
information, execute arbitrary code, perform cross-site scripting and phishing
attacks. The affected version was not
specified.
URL:xforce.iss.net/xforce/xfdb/96070
URL:xforce.iss.net/xforce/xfdb/96071
35.
Vulnerability in Asterisk
(AST-2014-010)
[23/09/2014] Vulnerability was identified in the Asterisk. An attacker
could cause a denial of service condition and crash the system. This
vulnerability affects multiple versions of the mentioned product. Security
patches are available to resolve this
vulnerability.
URL:downloads.asterisk.org/pub/security/AST-2014-010.html
URL:xforce.iss.net/xforce/xfdb/96073
36.
Vulnerabilities in Debian Apt (96127,
96128, 96129)
[23/09/2014] Vulnerabilities were identified in the Debian Apt. An
attacker could bypass security restrictions and execute arbitrary code. These
vulnerabilities affect versions prior to 1.0.9 of the mentioned product.
Security patches are available to resolve these
vulnerabilities.
URL:xforce.iss.net/xforce/xfdb/96127
URL:xforce.iss.net/xforce/xfdb/96128
URL:xforce.iss.net/xforce/xfdb/96129
37.
Vulnerability in
Nginx
[23/09/2014]
Vulnerability was identified in the nginx. An
attacker could bypass security restrictions, gain elevated privileges and
execute arbitrary code. This vulnerability affects multiple versions of the
mentioned product. Security patches are available to resolve this
vulnerability.
URL:nginx.org/
URL:xforce.iss.net/xforce/xfdb/96134
38.
Security Updates in Mageia
(MGASA-2014-0380, MGASA-2014-0381, MGASA-2014-0382,
MGASA-2014-0383)
[23/09/2014] Mageia has
released security update packages for fixing the vulnerabilities identified in
the zarafa, gnupg, flash-player-plugin and phpmyadmin packages for multiple
versions of Mageia. Due to multiple errors, an attacker could bypass security
restrictions, obtain sensitive information, execute arbitrary code, cause a
denial of service condition and compromise a vulnerable
system.
URL:advisories.mageia.org/MGASA-2014-0380.html
URL:advisories.mageia.org/MGASA-2014-0381.html
URL:advisories.mageia.org/MGASA-2014-0382.html
URL:advisories.mageia.org/MGASA-2014-0383.html
39.
Security Updates in Mandriva
(MDVSA-2014:180)
[23/09/2014] Mandriva
has released security update packages for fixing the vulnerability identified in
the gnupg packages for version MBS1 of Mandriva GNU/Linux. An attacker could
bypass security restrictions and obtain sensitive
information.
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2014%3A180/
40.
Security Updates in Red Hat Enterprise
Linux (RHSA-2014:1268-1, RHSA-2014:1281-1)
[23/09/2014] Red Hat
has released security update packages for fixing the vulnerabilities identified
in the qemu-kvm-rhev packages for Red Hat Enterprise Linux OpenStack Platform
5.0 for Red Hat Enterprise Linux 7, and the kernel packages for Red Hat
Enterprise Linux 7. Due to multiple errors, an attacker could bypass security
restrictions, gain elevated privileges, execute arbitrary code, cause a denial
of service condition and crash the
system.
URL:rhn.redhat.com/errata/RHSA-2014-1268.html
URL:rhn.redhat.com/errata/RHSA-2014-1281.html
41.
Security Updates in SUSE
(openSUSE-SU-2014:1151-1)
[23/09/2014] SUSE has
released security update packages for fixing the vulnerabilities identified in
the chromium packages for openSUSE 12.3 and 13.1. Due to multiple errors, an
attacker could execute arbitrary code and cause a denial of service
condition.
URL:lists.opensuse.org/opensuse-security-announce/2014-09/msg00027.html
42.
Security Updates in Ubuntu GNU/Linux
(USN-2350-1, USN-2351-1, USN-2352-1)
[23/09/2014] Ubuntu has
released security update packages for fixing the vulnerabilities identified in
the nss, nginx and dbus packages for versions 10.04 LTS, 12.04 LTS and 14.04 LTS
of Ubuntu GNU/Linux. Due to multiple errors, an attacker could bypass security
restrictions, obtain sensitive information, execute arbitrary code and cause a
denial of service
condition.
URL:www.ubuntu.com/usn/usn-2350-1/
URL:www.ubuntu.com/usn/usn-2351-1/
URL:www.ubuntu.com/usn/usn-2352-1/
43.
Information Updates on Microsoft Security
Bulletin (MS14-046)
[22/09/2014] Microsoft
has updated information on the Security Bulletin for Microsoft .NET Framework.
MS14-046 was revised with a change to the Known Issues entry in the Knowledge
Base Article section from "None" to
"Yes".
URL:technet.microsoft.com/library/security/ms14-046
44.
Vulnerability in Cisco Nexus 1000V
InterCloud for VMware
[22/09/2014] Vulnerability was identified in the Cisco Nexus 1000V
InterCloud for VMware. An attacker could bypass security restrictions and
perform cross-site scripting attacks. This vulnerability affects multiple
versions of the mentioned products. Security patches are available to resolve
this
vulnerability.
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3367
45.
Vulnerabilities in IBM Products
(S1004854, S1004860, S1004861, S1004869, 1683389)
[22/09/2014] Vulnerabilities were identified in the IBM Storwize V7000
Unified and IBM SDK for Node.js. An attacker could bypass security restrictions,
obtain sensitive information, execute arbitrary code, cause a denial of service
condition and crash the system. These vulnerabilities affect multiple versions
of the mentioned products. Security patches are available to resolve these
vulnerabilities.
URL:www.ibm.com/support/docview.wss?uid=ssg1S1004854
URL:www.ibm.com/support/docview.wss?uid=ssg1S1004860
URL:www.ibm.com/support/docview.wss?uid=ssg1S1004861
URL:www.ibm.com/support/docview.wss?uid=ssg1S1004869
URL:www.ibm.com/support/docview.wss?uid=swg21683389
46.
Vulnerabilities in Fortinet Products
(FG-IR-14-006)
[22/09/2014] Vulnerabilities were identified in the Fortinet FortiGate and
FortiWiFi appliances. An attacker could bypass security restrictions, obtain
sensitive information, execute arbitrary code, perform man-in-the-middle
attacks, cause a denial of service condition and crash the system. These
vulnerabilities affect versions 5.0.0 to 5.0.7, 4.3.15 and lower of the FortiOS.
Security patches are available to resolve these
vulnerabilities.
URL:www.fortiguard.com/advisory/FG-IR-14-006/
URL:www.kb.cert.org/vuls/id/730964
47.
Security Updates in Oracle Products
(ELSA-2014-1246)
[22/09/2014] Oracle has
released security update packages for fixing the vulnerabilities identified in
the nss packages for Oracle Linux 5, and the OpenSSL, Python Image Library
(PIL), OpenStack Glance, Wireshark, Apache HTTP Server, Firefox ESR, Net-SNMP
and Samba packages for Oracle Solaris 10 and 11.2. An attacker could bypass
security restrictions, obtain sensitive information, gain elevated privileges,
execute arbitrary code, cause a denial of service condition and compromise the
system.
URL:blogs.oracle.com/sunsecurity/entry/cve_2014_3505_denial_of
URL:blogs.oracle.com/sunsecurity/entry/cve_2014_3506_resource_management
URL:blogs.oracle.com/sunsecurity/entry/cve_2014_3507_resource_management
URL:blogs.oracle.com/sunsecurity/entry/cve_2014_3508_information_disclosure
URL:blogs.oracle.com/sunsecurity/entry/cve_2014_3509_race_conditions
URL:blogs.oracle.com/sunsecurity/entry/cve_2014_3510_denial_of
URL:blogs.oracle.com/sunsecurity/entry/cve_2014_3511_cryptographic_vulnerability
URL:blogs.oracle.com/sunsecurity/entry/cve_2014_3512_buffer_errors
URL:blogs.oracle.com/sunsecurity/entry/cve_2014_3589_input_validation
URL:blogs.oracle.com/sunsecurity/entry/cve_2014_5139_denial_of
URL:blogs.oracle.com/sunsecurity/entry/cve_2014_5356_permissions_privileges
URL:blogs.oracle.com/sunsecurity/entry/multiple_buffer_errors_vulnerabilities_in3
URL:blogs.oracle.com/sunsecurity/entry/multiple_denial_of_service_dos5
URL:blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_fixed_in_firefox
URL:blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_net_snmp
URL:blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_samba1
URL:linux.oracle.com/errata/ELSA-2014-1246.html
48.
Security Updates in Debian (DSA-3029-1,
DSA-3030-1)
[22/09/2014] Debian has
released security update packages for fixing the vulnerabilities identified in
the nginx and mantis packages for multiple versions of Debian GNU/Linux. Due to
multiple errors, an attacker could bypass security restrictions, obtain
sensitive information, gain elevated privileges, execute arbitrary code and
perform code injection
attacks.
URL:www.debian.org/security/2014/dsa-3029
URL:www.debian.org/security/2014/dsa-3030
49.
Security Updates in Gentoo Linux (GLSA
201409-05, GLSA 201409-06, GLSA 201409-07, GLSA
201409-08)
[22/09/2014]
Gentoo has released security update packages for
fixing the vulnerabilities identified in the adobe-flash, chromium, c-icap and
libxml2 packages for multiple versions of Gentoo Linux. Due to multiple errors,
an attacker could bypass security restrictions, execute arbitrary code, cause a
denial of service condition and crash the
system.
URL:www.gentoo.org/security/en/glsa/glsa-201409-05.xml
URL:www.gentoo.org/security/en/glsa/glsa-201409-06.xml
URL:www.gentoo.org/security/en/glsa/glsa-201409-07.xml
URL:www.gentoo.org/security/en/glsa/glsa-201409-08.xml
50.
Security Updates in SUSE
(SUSE-SU-2014:1146-1)
[22/09/2014] SUSE has
released security update packages for fixing the vulnerability identified in the
dbus-1 packages for SUSE Linux Enterprise 11. An attacker could cause a denial
of service
condition.
URL:lists.opensuse.org/opensuse-security-announce/2014-09/msg00026.html
Monday, September 29, 2014
IT Security Alerts Weekly Digest (21 Sep ~ 27 Sep 2014)
Sunday, September 21, 2014
IT Security Alerts Weekly Digest (14 Sep ~ 20 Sep 2014)
1. Information
Updates on Microsoft Security Bulletins (MS14-012,
MS14-053)
[19/09/2014] Microsoft has updated information on the Security Bulletins for Microsoft Internet Explorer and Microsoft .NET Framework. (a) MS14-012 was corrected the severity table and vulnerability information to add CVE-2014-4112 as a vulnerability addressed by this update. (b) MS14-053 was revised to clarify language in the Executive Summary, Mitigating Factors, and Vulnerability FAQ sections that describes the attack vector for CVE-2014-4072.
URL:technet.microsoft.com/library/security/ms14-012
URL:technet.microsoft.com/library/security/ms14-053
2. Vulnerabilities in Cisco IOS XR Software
[19/09/2014] Vulnerabilities were identified in the Cisco IOS XR Software. An attacker could bypass security restrictions, cause a denial of service condition and execute arbitrary code. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3376
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3377
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3378
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3379
3. Vulnerabilities in IBM Products (S1004834, S1004836, S1004847, S1004849, S1004851, S1004853, S1004854, 1683484, 1683518, 1684448)
[19/09/2014] Vulnerabilities were identified in the IBM Storwize V7000 Unified, IBM Scale Out Network Attached Storage (SONAS), IBM Tivoli Provisioning Manager for Software, IBM Financial Transaction Manager and IBM QRadar. An attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and crash the system. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:www.ibm.com/support/docview.wss?uid=ssg1S1004834
URL:www.ibm.com/support/docview.wss?uid=ssg1S1004836
URL:www.ibm.com/support/docview.wss?uid=ssg1S1004847
URL:www.ibm.com/support/docview.wss?uid=ssg1S1004849
URL:www.ibm.com/support/docview.wss?uid=ssg1S1004851
URL:www.ibm.com/support/docview.wss?uid=ssg1S1004853
URL:www.ibm.com/support/docview.wss?uid=ssg1S1004854
URL:www.ibm.com/support/docview.wss?uid=swg21683484
URL:www.ibm.com/support/docview.wss?uid=swg21683518
URL:www.ibm.com/support/docview.wss?uid=swg21684448
4. Security Updates in Oracle Linux (ELSA-2014-1244, ELSA-2014-1245)
[19/09/2014] Oracle has released security update packages for fixing the vulnerabilities identified in the bind97 and krb5 packages for Oracle Linux 5. An attacker could bypass security restrictions, cause a denial of service condition and crash the system.
URL:linux.oracle.com/errata/ELSA-2014-1244.html
URL:linux.oracle.com/errata/ELSA-2014-1245.html
5. Security Updates in Debian (DSA-3027-1, DSA-3028-1)
[19/09/2014] Debian has released security update packages for fixing the vulnerabilities identified in the libav and icedove packages for multiple versions of Debian GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, execute arbitrary code, cause a denial of service condition and crash the system.
URL:www.debian.org/security/2014/dsa-3027
URL:www.debian.org/security/2014/dsa-3028
6. Security Updates in Red Hat Storage (RHSA-2014:1263-1)
[19/09/2014] Red Hat has released security update packages for fixing the vulnerability identified in the glusterfs, geo-replication and native client packages for Red Hat Storage 2.1. An attacker could obtain sensitive information and cause a denial of service condition.
URL:rhn.redhat.com/errata/RHSA-2014-1263.html
7. Vulnerabilities in Apple Products (HT6440, HT6441, HT6442, HT6443, HT6444, HT6448, HT6449)
[18/09/2014] Vulnerabilities were identified in the Apple Safari, Apple iOS, Apple TV, Apple OS X Mavericks, Apple Xcode and Apple OS X Server. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, perform code injection attacks, cause a denial of service condition and compromise a vulnerable system. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:support.apple.com/kb/HT6440
URL:support.apple.com/kb/HT6441
URL:support.apple.com/kb/HT6442
URL:support.apple.com/kb/HT6443
URL:support.apple.com/kb/HT6444
URL:support.apple.com/kb/HT6448
URL:support.apple.com/kb/HT6449
8. Vulnerabilities in IBM Lotus Protector for Mail Security (1683486)
[18/09/2014] Vulnerabilities were identified in the IBM Lotus Protector for Mail Security. An attacker could bypass security restrictions, obtain sensitive information and execute arbitrary code. These vulnerabilities affect versions 2.8.0.0 and 2.8.1.0 of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:www.ibm.com/support/docview.wss?uid=swg21683486
9. Vulnerability in Google Android Browser
[18/09/2014] Vulnerability was identified in the Google Android Browser. An attacker could bypass security restrictions, obtain sensitive information and execute arbitrary code. This vulnerability affects versions prior to 4.4 of Android.
URL:www.hkcert.org/my_url/en/alert/14091801
10. Security Updates in Red Hat Enterprise Linux (RHSA-2014:1255-1)
[18/09/2014] Red Hat has released security update packages for fixing the vulnerability identified in the krb5 packages for Red Hat Enterprise Linux 5. An attacker could execute arbitrary code.
URL:rhn.redhat.com/errata/RHSA-2014-1255.html
11. Security Updates in SUSE (openSUSE-SU-2014:1139-1, SUSE-SU-2014:1140-1)
[18/09/2014] SUSE has released security update packages for fixing the vulnerabilities identified in the curl packages for openSUSE 12.3 and 13.1, the squid3 packages for SUSE Linux Enterprise 11. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information and cause a denial of service condition.
URL:lists.opensuse.org/opensuse-security-announce/2014-09/msg00024.html
URL:lists.opensuse.org/opensuse-security-announce/2014-09/msg00025.html
12. Security Updates in Ubuntu GNU/Linux (USN-2319-3, USN-2349-1)
[18/09/2014] Ubuntu has released security update packages for fixing the vulnerabilities identified in the openjdk-7 and libav packages for versions 12.04 LTS and 14.04 LTS of Ubuntu GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code and cause a denial of service condition.
URL:www.ubuntu.com/usn/usn-2319-3/
URL:www.ubuntu.com/usn/usn-2349-1/
13. Information Updates on Microsoft Security Bulletin (MS14-046)
[17/09/2014] Microsoft has updated information on the Security Bulletin for Microsoft .NET Framework. MS14-046 was revised to announce a detection change in the 2966827 update for Microsoft .NET Framework 3.0 Service Pack 2 on Windows 8 and Windows Server 2012.
URL:technet.microsoft.com/library/security/ms14-046
14. Vulnerabilities in IBM Products (1681998, 1682120)
[17/09/2014] Vulnerabilities were identified in the IBM WebSphere Portal, IBM Rational Engineering Lifecycle Manager, IBM Rational Software Architect Design Manager and IBM Rhapsody Design Manager. An attacker could bypass security restrictions, execute arbitrary code, perform cross-site scripting attacks and cause a denial of service condition. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:www.ibm.com/support/docview.wss?uid=swg21681998
URL:www.ibm.com/support/docview.wss?uid=swg21682120
15. Security Updates in Oracle Linux (ELSA-2014-1193)
[17/09/2014] Oracle has released security update packages for fixing the vulnerability identified in the axis packages for Oracle Linux 5 and 6. An attacker could bypass security restrictions and perform man-in-the-middle attacks.
URL:linux.oracle.com/errata/ELSA-2014-1193.html
16. Security Updates in Debian (DSA-3025-1, DSA-3026-1)
[17/09/2014] Debian has released security update packages for fixing the vulnerabilities identified in the apt and dbus packages for multiple versions of Debian GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, execute arbitrary code, cause a denial of service condition and crash the system.
URL:www.debian.org/security/2014/dsa-3025
URL:www.debian.org/security/2014/dsa-3026
17. Security Updates in FreeBSD (FreeBSD-SA-14:19.tcp)
[17/09/2014] FreeBSD has released security update packages for fixing the vulnerability identified in the inet packages for multiple versions of FreeBSD. An attacker could bypass security restrictions and perform spoofing attacks.
URL:www.freebsd.org/security/advisories/FreeBSD-SA-14:19.tcp.asc
18. Security Updates in Mageia (MGASA-2014-0375, MGASA-2014-0376, MGASA-2014-0377, MGASA-2014-0378, MGASA-2014-0379)
[17/09/2014] Mageia has released security update package for fixing the vulnerabilities identified in the libgadu, glibc, mariadb, dump and moodle packages for multiple versions of Mageia. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and crash the system.
URL:advisories.mageia.org/MGASA-2014-0375.html
URL:advisories.mageia.org/MGASA-2014-0376.html
URL:advisories.mageia.org/MGASA-2014-0377.html
URL:advisories.mageia.org/MGASA-2014-0378.html
URL:advisories.mageia.org/MGASA-2014-0379.html
19. Security Updates in SUSE (SUSE-SU-2014:1137-1, SUSE-SU-2014:1138-1)
[17/09/2014] SUSE has released security update packages for fixing the vulnerabilities identified in the procmail and Linux Kernel packages for SUSE Linux Enterprise 11. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and compromise a vulnerable system.
URL:lists.opensuse.org/opensuse-security-announce/2014-09/msg00022.html
URL:lists.opensuse.org/opensuse-security-announce/2014-09/msg00023.html
20. Security Updates in Ubuntu GNU/Linux (USN-2347-1, USN-2348-1)
[17/09/2014] Ubuntu has released security update packages for fixing the vulnerabilities identified in the python-django and apt packages for versions 10.04 LTS, 12.04 LTS and 14.04 LTS of Ubuntu GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code and cause a denial of service condition.
URL:www.ubuntu.com/usn/usn-2347-1/
URL:www.ubuntu.com/usn/usn-2348-1/
21. Information Updates on Microsoft Security Bulletin (MS14-055)
[16/09/2014] Microsoft has updated information on the Security Bulletin for Microsoft Lync Server. MS14-055 was revised to remove Download Center links for Microsoft security update 2982385 for Microsoft Lync Server 2010.
URL:technet.microsoft.com/en-us/library/security/ms14-055.aspx
22. Vulnerabilities in IBM Products (1682668, 1682669, 1682670, 1682671, 1682904)
[16/09/2014] Vulnerabilities were identified in the multiple IBM InfoSphere Optim Data Masking, Data Growth, Test Data Management and Application Retirement Solution products. An attacker could obtain sensitive information. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:www.ibm.com/support/docview.wss?uid=swg21682668
URL:www.ibm.com/support/docview.wss?uid=swg21682669
URL:www.ibm.com/support/docview.wss?uid=swg21682670
URL:www.ibm.com/support/docview.wss?uid=swg21682671
URL:www.ibm.com/support/docview.wss?uid=swg21682904
23. Security Updates in Oracle Solaris
[16/09/2014] Oracle has released security update packages for fixing the vulnerabilities identified in the GnuTLS, Samba, OpenSSL, Python Imaging Library, OpenStack Horizon, OpenStack Glance, Wireshark, Apache HTTP Server, Firefox and Net-SNMP packages for Oracle Solaris 10, 11.1 and 11.2. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, cause a denial of service condition, gain elevated privileges, crash the system and perform cross-site scripting attacks.
URL:blogs.oracle.com/sunsecurity/entry/cve_2014_0092_cryptographic_issues
URL:blogs.oracle.com/sunsecurity/entry/cve_2014_0178_information_disclosure
URL:blogs.oracle.com/sunsecurity/entry/cve_2014_3505_denial_of
URL:blogs.oracle.com/sunsecurity/entry/cve_2014_3506_resource_management
URL:blogs.oracle.com/sunsecurity/entry/cve_2014_3507_resource_management
URL:blogs.oracle.com/sunsecurity/entry/cve_2014_3508_information_disclosure
URL:blogs.oracle.com/sunsecurity/entry/cve_2014_3509_race_conditions
URL:blogs.oracle.com/sunsecurity/entry/cve_2014_3510_denial_of
URL:blogs.oracle.com/sunsecurity/entry/cve_2014_3511_cryptographic_vulnerability
URL:blogs.oracle.com/sunsecurity/entry/cve_2014_3512_buffer_errors
URL:blogs.oracle.com/sunsecurity/entry/cve_2014_3589_input_validation
URL:blogs.oracle.com/sunsecurity/entry/cve_2014_3594_cross_site
URL:blogs.oracle.com/sunsecurity/entry/cve_2014_5139_denial_of
URL:blogs.oracle.com/sunsecurity/entry/cve_2014_5356_permissions_privileges
URL:blogs.oracle.com/sunsecurity/entry/multiple_buffer_errors_vulnerabilities_in3
URL:blogs.oracle.com/sunsecurity/entry/multiple_denial_of_service_dos5
URL:blogs.oracle.com/sunsecurity/entry/multiple_input_validation_vulnerabilities_in1
URL:blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_fixed_in_firefox
URL:blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_net_snmp
URL:blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_samba1
24. Security Updates in Red Hat Products (RHSA-2014:1187-1, RHSA-2014:1188-1, RHSA-2014:1193-1)
[16/09/2014] Red Hat has released security update packages for fixing the vulnerabilities identified in the qemu-kvm-rhev and python-django-horizon packages for Red Hat Enterprise Linux OpenStack Platform 4.0 and 5.0, and axis package for Red Hat Enterprise Linux 5 and 6. Due to multiple errors, an attacker could crash the system, execute arbitrary code, perform cross-site scripting attacks and man-in-the-middle attacks.br>
URL:rhn.redhat.com/errata/RHSA-2014-1187.html
URL:rhn.redhat.com/errata/RHSA-2014-1188.html
URL:rhn.redhat.com/errata/RHSA-2014-1193.html
25. Security Updates in Ubuntu GNU/Linux (USN-2346-1)
[16/09/2014] Ubuntu has released security update packages for fixing the vulnerabilities identified in the curl package for versions 10.04 LTS, 12.04 LTS and 14.04 LTS of Ubuntu GNU/Linux. Due to multiple errors, an attacker could obtain sensitive information.
URL:www.ubuntu.com/usn/usn-2346-1/
26. Security Updates in SUSE (openSUSE-SU-2014:1126-1, SUSE-SU-2014:1128-1, SUSE-SU-2014:1129-1, openSUSE-SU-2014:1130-1)
[16/09/2014] SUSE has released security update packages for fixing the vulnerabilities identified in the LibreOffice and flash-player packages for openSUSE 11.4, 12.3 and 13.1, and glibc package for SUSE Linux Enterprise Server 10 and 11. Due to multiple errors, an attacker could obtain sensitive information and compromise a user's system.
URL:lists.opensuse.org/opensuse-security-announce/2014-09/msg00018.html
URL:lists.opensuse.org/opensuse-security-announce/2014-09/msg00019.html
URL:lists.opensuse.org/opensuse-security-announce/2014-09/msg00020.html
URL:lists.opensuse.org/opensuse-security-announce/2014-09/msg00021.html
27. Vulnerabilities in IBM Products (S1004837, S1004846, S1004867, 1681449)
[15/09/2014] Vulnerabilities were identified in the IBM Storwize V7000 Unified, IBM SAN Volume Controller, IBM Storwize Family, IBM Flex System and IBM Rational License Key Server Administration and Reporting Tool. An attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, perform cross-site scripting attacks, cause a denial of service condition and crash the system. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:www.ibm.com/support/docview.wss?uid=ssg1S1004837
URL:www.ibm.com/support/docview.wss?uid=ssg1S1004846
URL:www.ibm.com/support/docview.wss?uid=ssg1S1004867
URL:www.ibm.com/support/docview.wss?uid=swg21681449
URL:xforce.iss.net/xforce/xfdb/93906
28. Vulnerabilities in Novell Identity Manager (5191910)
[15/09/2014] Vulnerabilities were identified in the Novell Identity Manager. An attacker could bypass security restrictions, execute arbitrary code and compromise a vulnerable system. These vulnerabilities affect version 4.0.1 of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:download.novell.com/Download?buildid=GnGCyonbyd0~
29. Vulnerability in VMware products (VMSA-2014-0009)
[15/09/2014] Vulnerability was identified in the VMware NSX and vCloud Networking and Security (vCNS). An attacker could obtain sensitive information. This vulnerability affects multiple versions of the mentioned products. Security patches are available to resolve this vulnerability.
URL:www.vmware.com/security/advisories/VMSA-2014-0009.html
URL:xforce.iss.net/xforce/xfdb/95926
30. Vulnerabilities in GNU C Library
[15/09/2014] Vulnerabilities were identified in the GNU C Library (glibc). An attacker could cause a denial of service condition and crash the system. These vulnerabilities affect versions prior to 2.20 of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:www.gnu.org/software/libc/
31. Vulnerabilities in Linux Kernel (95927, 95928)
[15/09/2014] Vulnerabilities were identified in the Linux Kernel. An attacker could bypass security restrictions, execute arbitrary code, cause a denial of service condition and crash the system. These vulnerabilities affect version 3.16.0 of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:xforce.iss.net/xforce/xfdb/95927
URL:xforce.iss.net/xforce/xfdb/95928
32. Security Updates in Oracle Linux (ELSA-2014-3073)
[15/09/2014] Oracle has released security update packages for fixing the vulnerabilities identified in the kernel-uek package for Oracle Linux 5 and 6. An attacker could gain elevated privileges.
URL:linux.oracle.com/errata/ELSA-2014-3073.html
33. Security Updates in Debian (DSA-3023-1, DSA-3024-1)
[15/09/2014] Debian has released security update packages for fixing the vulnerabilities identified in the bind9 and gnupg packages for multiple versions of Debian GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and crash the system.
URL:www.debian.org/security/2014/dsa-3023
URL:www.debian.org/security/2014/dsa-3024
34. Security Updates in SUSE (SUSE-SU-2014:1112-2, SUSE-SU-2014:1120-2, SUSE-SU-2014:1122-1, SUSE-SU-2014:1124-1, SUSE-SU-2014:1125-1)
[15/09/2014] SUSE has released security update packages for fixing the vulnerabilities identified in the glibc, MozillaFirefox and flash-player packages for SUSE Linux Enterprise 10 and 11. Due to multiple errors, an attacker could bypass security restrictions, gain elevated privileges, obtain sensitive information, execute arbitrary code, cause a denial of service condition and compromise a vulnerable system.
URL:lists.opensuse.org/opensuse-security-announce/2014-09/msg00013.html
URL:lists.opensuse.org/opensuse-security-announce/2014-09/msg00014.html
URL:lists.opensuse.org/opensuse-security-announce/2014-09/msg00015.html
URL:lists.opensuse.org/opensuse-security-announce/2014-09/msg00016.html
URL:lists.opensuse.org/opensuse-security-announce/2014-09/msg00017.html
[19/09/2014] Microsoft has updated information on the Security Bulletins for Microsoft Internet Explorer and Microsoft .NET Framework. (a) MS14-012 was corrected the severity table and vulnerability information to add CVE-2014-4112 as a vulnerability addressed by this update. (b) MS14-053 was revised to clarify language in the Executive Summary, Mitigating Factors, and Vulnerability FAQ sections that describes the attack vector for CVE-2014-4072.
URL:technet.microsoft.com/library/security/ms14-012
URL:technet.microsoft.com/library/security/ms14-053
2. Vulnerabilities in Cisco IOS XR Software
[19/09/2014] Vulnerabilities were identified in the Cisco IOS XR Software. An attacker could bypass security restrictions, cause a denial of service condition and execute arbitrary code. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3376
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3377
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3378
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3379
3. Vulnerabilities in IBM Products (S1004834, S1004836, S1004847, S1004849, S1004851, S1004853, S1004854, 1683484, 1683518, 1684448)
[19/09/2014] Vulnerabilities were identified in the IBM Storwize V7000 Unified, IBM Scale Out Network Attached Storage (SONAS), IBM Tivoli Provisioning Manager for Software, IBM Financial Transaction Manager and IBM QRadar. An attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and crash the system. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:www.ibm.com/support/docview.wss?uid=ssg1S1004834
URL:www.ibm.com/support/docview.wss?uid=ssg1S1004836
URL:www.ibm.com/support/docview.wss?uid=ssg1S1004847
URL:www.ibm.com/support/docview.wss?uid=ssg1S1004849
URL:www.ibm.com/support/docview.wss?uid=ssg1S1004851
URL:www.ibm.com/support/docview.wss?uid=ssg1S1004853
URL:www.ibm.com/support/docview.wss?uid=ssg1S1004854
URL:www.ibm.com/support/docview.wss?uid=swg21683484
URL:www.ibm.com/support/docview.wss?uid=swg21683518
URL:www.ibm.com/support/docview.wss?uid=swg21684448
4. Security Updates in Oracle Linux (ELSA-2014-1244, ELSA-2014-1245)
[19/09/2014] Oracle has released security update packages for fixing the vulnerabilities identified in the bind97 and krb5 packages for Oracle Linux 5. An attacker could bypass security restrictions, cause a denial of service condition and crash the system.
URL:linux.oracle.com/errata/ELSA-2014-1244.html
URL:linux.oracle.com/errata/ELSA-2014-1245.html
5. Security Updates in Debian (DSA-3027-1, DSA-3028-1)
[19/09/2014] Debian has released security update packages for fixing the vulnerabilities identified in the libav and icedove packages for multiple versions of Debian GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, execute arbitrary code, cause a denial of service condition and crash the system.
URL:www.debian.org/security/2014/dsa-3027
URL:www.debian.org/security/2014/dsa-3028
6. Security Updates in Red Hat Storage (RHSA-2014:1263-1)
[19/09/2014] Red Hat has released security update packages for fixing the vulnerability identified in the glusterfs, geo-replication and native client packages for Red Hat Storage 2.1. An attacker could obtain sensitive information and cause a denial of service condition.
URL:rhn.redhat.com/errata/RHSA-2014-1263.html
7. Vulnerabilities in Apple Products (HT6440, HT6441, HT6442, HT6443, HT6444, HT6448, HT6449)
[18/09/2014] Vulnerabilities were identified in the Apple Safari, Apple iOS, Apple TV, Apple OS X Mavericks, Apple Xcode and Apple OS X Server. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, perform code injection attacks, cause a denial of service condition and compromise a vulnerable system. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:support.apple.com/kb/HT6440
URL:support.apple.com/kb/HT6441
URL:support.apple.com/kb/HT6442
URL:support.apple.com/kb/HT6443
URL:support.apple.com/kb/HT6444
URL:support.apple.com/kb/HT6448
URL:support.apple.com/kb/HT6449
8. Vulnerabilities in IBM Lotus Protector for Mail Security (1683486)
[18/09/2014] Vulnerabilities were identified in the IBM Lotus Protector for Mail Security. An attacker could bypass security restrictions, obtain sensitive information and execute arbitrary code. These vulnerabilities affect versions 2.8.0.0 and 2.8.1.0 of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:www.ibm.com/support/docview.wss?uid=swg21683486
9. Vulnerability in Google Android Browser
[18/09/2014] Vulnerability was identified in the Google Android Browser. An attacker could bypass security restrictions, obtain sensitive information and execute arbitrary code. This vulnerability affects versions prior to 4.4 of Android.
URL:www.hkcert.org/my_url/en/alert/14091801
10. Security Updates in Red Hat Enterprise Linux (RHSA-2014:1255-1)
[18/09/2014] Red Hat has released security update packages for fixing the vulnerability identified in the krb5 packages for Red Hat Enterprise Linux 5. An attacker could execute arbitrary code.
URL:rhn.redhat.com/errata/RHSA-2014-1255.html
11. Security Updates in SUSE (openSUSE-SU-2014:1139-1, SUSE-SU-2014:1140-1)
[18/09/2014] SUSE has released security update packages for fixing the vulnerabilities identified in the curl packages for openSUSE 12.3 and 13.1, the squid3 packages for SUSE Linux Enterprise 11. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information and cause a denial of service condition.
URL:lists.opensuse.org/opensuse-security-announce/2014-09/msg00024.html
URL:lists.opensuse.org/opensuse-security-announce/2014-09/msg00025.html
12. Security Updates in Ubuntu GNU/Linux (USN-2319-3, USN-2349-1)
[18/09/2014] Ubuntu has released security update packages for fixing the vulnerabilities identified in the openjdk-7 and libav packages for versions 12.04 LTS and 14.04 LTS of Ubuntu GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code and cause a denial of service condition.
URL:www.ubuntu.com/usn/usn-2319-3/
URL:www.ubuntu.com/usn/usn-2349-1/
13. Information Updates on Microsoft Security Bulletin (MS14-046)
[17/09/2014] Microsoft has updated information on the Security Bulletin for Microsoft .NET Framework. MS14-046 was revised to announce a detection change in the 2966827 update for Microsoft .NET Framework 3.0 Service Pack 2 on Windows 8 and Windows Server 2012.
URL:technet.microsoft.com/library/security/ms14-046
14. Vulnerabilities in IBM Products (1681998, 1682120)
[17/09/2014] Vulnerabilities were identified in the IBM WebSphere Portal, IBM Rational Engineering Lifecycle Manager, IBM Rational Software Architect Design Manager and IBM Rhapsody Design Manager. An attacker could bypass security restrictions, execute arbitrary code, perform cross-site scripting attacks and cause a denial of service condition. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:www.ibm.com/support/docview.wss?uid=swg21681998
URL:www.ibm.com/support/docview.wss?uid=swg21682120
15. Security Updates in Oracle Linux (ELSA-2014-1193)
[17/09/2014] Oracle has released security update packages for fixing the vulnerability identified in the axis packages for Oracle Linux 5 and 6. An attacker could bypass security restrictions and perform man-in-the-middle attacks.
URL:linux.oracle.com/errata/ELSA-2014-1193.html
16. Security Updates in Debian (DSA-3025-1, DSA-3026-1)
[17/09/2014] Debian has released security update packages for fixing the vulnerabilities identified in the apt and dbus packages for multiple versions of Debian GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, execute arbitrary code, cause a denial of service condition and crash the system.
URL:www.debian.org/security/2014/dsa-3025
URL:www.debian.org/security/2014/dsa-3026
17. Security Updates in FreeBSD (FreeBSD-SA-14:19.tcp)
[17/09/2014] FreeBSD has released security update packages for fixing the vulnerability identified in the inet packages for multiple versions of FreeBSD. An attacker could bypass security restrictions and perform spoofing attacks.
URL:www.freebsd.org/security/advisories/FreeBSD-SA-14:19.tcp.asc
18. Security Updates in Mageia (MGASA-2014-0375, MGASA-2014-0376, MGASA-2014-0377, MGASA-2014-0378, MGASA-2014-0379)
[17/09/2014] Mageia has released security update package for fixing the vulnerabilities identified in the libgadu, glibc, mariadb, dump and moodle packages for multiple versions of Mageia. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and crash the system.
URL:advisories.mageia.org/MGASA-2014-0375.html
URL:advisories.mageia.org/MGASA-2014-0376.html
URL:advisories.mageia.org/MGASA-2014-0377.html
URL:advisories.mageia.org/MGASA-2014-0378.html
URL:advisories.mageia.org/MGASA-2014-0379.html
19. Security Updates in SUSE (SUSE-SU-2014:1137-1, SUSE-SU-2014:1138-1)
[17/09/2014] SUSE has released security update packages for fixing the vulnerabilities identified in the procmail and Linux Kernel packages for SUSE Linux Enterprise 11. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and compromise a vulnerable system.
URL:lists.opensuse.org/opensuse-security-announce/2014-09/msg00022.html
URL:lists.opensuse.org/opensuse-security-announce/2014-09/msg00023.html
20. Security Updates in Ubuntu GNU/Linux (USN-2347-1, USN-2348-1)
[17/09/2014] Ubuntu has released security update packages for fixing the vulnerabilities identified in the python-django and apt packages for versions 10.04 LTS, 12.04 LTS and 14.04 LTS of Ubuntu GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code and cause a denial of service condition.
URL:www.ubuntu.com/usn/usn-2347-1/
URL:www.ubuntu.com/usn/usn-2348-1/
21. Information Updates on Microsoft Security Bulletin (MS14-055)
[16/09/2014] Microsoft has updated information on the Security Bulletin for Microsoft Lync Server. MS14-055 was revised to remove Download Center links for Microsoft security update 2982385 for Microsoft Lync Server 2010.
URL:technet.microsoft.com/en-us/library/security/ms14-055.aspx
22. Vulnerabilities in IBM Products (1682668, 1682669, 1682670, 1682671, 1682904)
[16/09/2014] Vulnerabilities were identified in the multiple IBM InfoSphere Optim Data Masking, Data Growth, Test Data Management and Application Retirement Solution products. An attacker could obtain sensitive information. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:www.ibm.com/support/docview.wss?uid=swg21682668
URL:www.ibm.com/support/docview.wss?uid=swg21682669
URL:www.ibm.com/support/docview.wss?uid=swg21682670
URL:www.ibm.com/support/docview.wss?uid=swg21682671
URL:www.ibm.com/support/docview.wss?uid=swg21682904
23. Security Updates in Oracle Solaris
[16/09/2014] Oracle has released security update packages for fixing the vulnerabilities identified in the GnuTLS, Samba, OpenSSL, Python Imaging Library, OpenStack Horizon, OpenStack Glance, Wireshark, Apache HTTP Server, Firefox and Net-SNMP packages for Oracle Solaris 10, 11.1 and 11.2. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, cause a denial of service condition, gain elevated privileges, crash the system and perform cross-site scripting attacks.
URL:blogs.oracle.com/sunsecurity/entry/cve_2014_0092_cryptographic_issues
URL:blogs.oracle.com/sunsecurity/entry/cve_2014_0178_information_disclosure
URL:blogs.oracle.com/sunsecurity/entry/cve_2014_3505_denial_of
URL:blogs.oracle.com/sunsecurity/entry/cve_2014_3506_resource_management
URL:blogs.oracle.com/sunsecurity/entry/cve_2014_3507_resource_management
URL:blogs.oracle.com/sunsecurity/entry/cve_2014_3508_information_disclosure
URL:blogs.oracle.com/sunsecurity/entry/cve_2014_3509_race_conditions
URL:blogs.oracle.com/sunsecurity/entry/cve_2014_3510_denial_of
URL:blogs.oracle.com/sunsecurity/entry/cve_2014_3511_cryptographic_vulnerability
URL:blogs.oracle.com/sunsecurity/entry/cve_2014_3512_buffer_errors
URL:blogs.oracle.com/sunsecurity/entry/cve_2014_3589_input_validation
URL:blogs.oracle.com/sunsecurity/entry/cve_2014_3594_cross_site
URL:blogs.oracle.com/sunsecurity/entry/cve_2014_5139_denial_of
URL:blogs.oracle.com/sunsecurity/entry/cve_2014_5356_permissions_privileges
URL:blogs.oracle.com/sunsecurity/entry/multiple_buffer_errors_vulnerabilities_in3
URL:blogs.oracle.com/sunsecurity/entry/multiple_denial_of_service_dos5
URL:blogs.oracle.com/sunsecurity/entry/multiple_input_validation_vulnerabilities_in1
URL:blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_fixed_in_firefox
URL:blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_net_snmp
URL:blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_samba1
24. Security Updates in Red Hat Products (RHSA-2014:1187-1, RHSA-2014:1188-1, RHSA-2014:1193-1)
[16/09/2014] Red Hat has released security update packages for fixing the vulnerabilities identified in the qemu-kvm-rhev and python-django-horizon packages for Red Hat Enterprise Linux OpenStack Platform 4.0 and 5.0, and axis package for Red Hat Enterprise Linux 5 and 6. Due to multiple errors, an attacker could crash the system, execute arbitrary code, perform cross-site scripting attacks and man-in-the-middle attacks.br>
URL:rhn.redhat.com/errata/RHSA-2014-1187.html
URL:rhn.redhat.com/errata/RHSA-2014-1188.html
URL:rhn.redhat.com/errata/RHSA-2014-1193.html
25. Security Updates in Ubuntu GNU/Linux (USN-2346-1)
[16/09/2014] Ubuntu has released security update packages for fixing the vulnerabilities identified in the curl package for versions 10.04 LTS, 12.04 LTS and 14.04 LTS of Ubuntu GNU/Linux. Due to multiple errors, an attacker could obtain sensitive information.
URL:www.ubuntu.com/usn/usn-2346-1/
26. Security Updates in SUSE (openSUSE-SU-2014:1126-1, SUSE-SU-2014:1128-1, SUSE-SU-2014:1129-1, openSUSE-SU-2014:1130-1)
[16/09/2014] SUSE has released security update packages for fixing the vulnerabilities identified in the LibreOffice and flash-player packages for openSUSE 11.4, 12.3 and 13.1, and glibc package for SUSE Linux Enterprise Server 10 and 11. Due to multiple errors, an attacker could obtain sensitive information and compromise a user's system.
URL:lists.opensuse.org/opensuse-security-announce/2014-09/msg00018.html
URL:lists.opensuse.org/opensuse-security-announce/2014-09/msg00019.html
URL:lists.opensuse.org/opensuse-security-announce/2014-09/msg00020.html
URL:lists.opensuse.org/opensuse-security-announce/2014-09/msg00021.html
27. Vulnerabilities in IBM Products (S1004837, S1004846, S1004867, 1681449)
[15/09/2014] Vulnerabilities were identified in the IBM Storwize V7000 Unified, IBM SAN Volume Controller, IBM Storwize Family, IBM Flex System and IBM Rational License Key Server Administration and Reporting Tool. An attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, perform cross-site scripting attacks, cause a denial of service condition and crash the system. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:www.ibm.com/support/docview.wss?uid=ssg1S1004837
URL:www.ibm.com/support/docview.wss?uid=ssg1S1004846
URL:www.ibm.com/support/docview.wss?uid=ssg1S1004867
URL:www.ibm.com/support/docview.wss?uid=swg21681449
URL:xforce.iss.net/xforce/xfdb/93906
28. Vulnerabilities in Novell Identity Manager (5191910)
[15/09/2014] Vulnerabilities were identified in the Novell Identity Manager. An attacker could bypass security restrictions, execute arbitrary code and compromise a vulnerable system. These vulnerabilities affect version 4.0.1 of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:download.novell.com/Download?buildid=GnGCyonbyd0~
29. Vulnerability in VMware products (VMSA-2014-0009)
[15/09/2014] Vulnerability was identified in the VMware NSX and vCloud Networking and Security (vCNS). An attacker could obtain sensitive information. This vulnerability affects multiple versions of the mentioned products. Security patches are available to resolve this vulnerability.
URL:www.vmware.com/security/advisories/VMSA-2014-0009.html
URL:xforce.iss.net/xforce/xfdb/95926
30. Vulnerabilities in GNU C Library
[15/09/2014] Vulnerabilities were identified in the GNU C Library (glibc). An attacker could cause a denial of service condition and crash the system. These vulnerabilities affect versions prior to 2.20 of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:www.gnu.org/software/libc/
31. Vulnerabilities in Linux Kernel (95927, 95928)
[15/09/2014] Vulnerabilities were identified in the Linux Kernel. An attacker could bypass security restrictions, execute arbitrary code, cause a denial of service condition and crash the system. These vulnerabilities affect version 3.16.0 of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:xforce.iss.net/xforce/xfdb/95927
URL:xforce.iss.net/xforce/xfdb/95928
32. Security Updates in Oracle Linux (ELSA-2014-3073)
[15/09/2014] Oracle has released security update packages for fixing the vulnerabilities identified in the kernel-uek package for Oracle Linux 5 and 6. An attacker could gain elevated privileges.
URL:linux.oracle.com/errata/ELSA-2014-3073.html
33. Security Updates in Debian (DSA-3023-1, DSA-3024-1)
[15/09/2014] Debian has released security update packages for fixing the vulnerabilities identified in the bind9 and gnupg packages for multiple versions of Debian GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and crash the system.
URL:www.debian.org/security/2014/dsa-3023
URL:www.debian.org/security/2014/dsa-3024
34. Security Updates in SUSE (SUSE-SU-2014:1112-2, SUSE-SU-2014:1120-2, SUSE-SU-2014:1122-1, SUSE-SU-2014:1124-1, SUSE-SU-2014:1125-1)
[15/09/2014] SUSE has released security update packages for fixing the vulnerabilities identified in the glibc, MozillaFirefox and flash-player packages for SUSE Linux Enterprise 10 and 11. Due to multiple errors, an attacker could bypass security restrictions, gain elevated privileges, obtain sensitive information, execute arbitrary code, cause a denial of service condition and compromise a vulnerable system.
URL:lists.opensuse.org/opensuse-security-announce/2014-09/msg00013.html
URL:lists.opensuse.org/opensuse-security-announce/2014-09/msg00014.html
URL:lists.opensuse.org/opensuse-security-announce/2014-09/msg00015.html
URL:lists.opensuse.org/opensuse-security-announce/2014-09/msg00016.html
URL:lists.opensuse.org/opensuse-security-announce/2014-09/msg00017.html
Subscribe to:
Posts (Atom)