1. Vulnerability
in Cisco Products (cisco-sa-20140926-bash)
[26/09/2014] Vulnerability was identified in the Bash contained in
multiple Cisco products. An attacker could bypass security restrictions and
execute arbitrary code. This vulnerability affects multiple versions of multiple
Cisco
products.
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140926-bash
2. Vulnerability in Juniper Products
(JSA10648)
[26/09/2014]
Vulnerability was identified in the Bash
contained in the Juniper Junos Space and Juniper JSA Series devices. An attacker
could bypass security restrictions and execute arbitrary code. This
vulnerability affects all versions of the mentioned
products.
URL:kb.juniper.net/InfoCenter/index?page=content&id=JSA10648&cat=SIRT_1&actp=LIST
3. Vulnerability in IBM Security QRadar SIEM
(1683609)
[26/09/2014]
Vulnerability was identified in the IBM Security
QRadar SIEM. An attacker could gain escalated privileges and execute arbitrary
code. This vulnerability affects versions 7.1 MR2 and 7.2 MR2 of the mentioned
product. Security patches are available to resolve this
vulnerability.
URL:www-01.ibm.com/support/docview.wss?uid=swg21683609
URL:xforce.iss.net/xforce/xfdb/93540
4. Vulnerability in Perl
(96216)
[26/09/2014]
Vulnerability was identified in the Perl. An
attacker could cause a buffer overflow and cause a denial of service condition.
This vulnerability affects versions 5.20.1 and prior of the mentioned product.
Security patches are available to resolve this
vulnerability.
URL:xforce.iss.net/xforce/xfdb/96216
5. Security Updates in Debian (DSA-3033-1,
DSA-3034-1)
[26/09/2014] Debian has
released security update packages for fixing the vulnerabilities identified in
the nss and iceweasel packages for multiple versions of Debian GNU/Linux. Due to
multiple errors, an attacker could perform spoofing
attacks.
URL:www.debian.org/security/2014/dsa-3033
URL:www.debian.org/security/2014/dsa-3034
6. Security Updates in Mandriva (MDVSA-2014:187,
MDVSA-2014:188, MDVSA-2014:189)
[26/09/2014] Mandriva
has released security update packages for fixing the vulnerabilities identified
in the curl, wireshark and nss packages for version MBS1 of Mandriva GNU/Linux.
Due to multiple errors, an attacker could execute arbitrary code, crash the
application and perform spoofing
attacks.
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2014%3A187/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2014%3A188/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2014%3A189/
7. Security Updates in Oracle Linux (ELSA-2014-1293,
ELSA-2014-1294)
[26/09/2014] Oracle has
released security update packages for fixing the vulnerability identified in the
bash packages for Oracle Linux 4, 5, 6 and 7. An attacker could bypass security
restrictions and execute arbitrary
code.
URL:linux.oracle.com/errata/ELSA-2014-1293.html
URL:linux.oracle.com/errata/ELSA-2014-1294.html
8. Security Updates in Gentoo Linux (GLSA 201409-09,
201409-10)
[26/09/2014]
Gentoo has released security update packages for
fixing the vulnerabilities identified in the bash packages for multiple versions
of Gentoo Linux. Due to multiple errors, an attacker could bypass security
restrictions and execute arbitrary
code.
URL:www.gentoo.org/security/en/glsa/glsa-201409-09.xml
URL:www.gentoo.org/security/en/glsa/glsa-201409-10.xml
9. Security Updates in Slackware (SSA:2014-268-01,
SSA:2014-268-02)
[26/09/2014] Slackware
has released security update packages for fixing the vulnerabilities identified
in the bash packages for multiple versions of Slackware Linux. Due to multiple
errors, an attacker could bypass security restrictions and execute arbitrary
code.
URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2014&m=slackware-security.309194
URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2014&m=slackware-security.495008
10.
Security Updates in SUSE
(SUSE-SU-2014:1218-1)
[26/09/2014] SUSE has
released security update packages for fixing the vulnerabilities identified in
the spacewalk-java package for SUSE Manager Server. An attacker could perform
cross-site scripting
attacks.
URL:lists.opensuse.org/opensuse-security-announce/2014-09/msg00031.html
11.
Security Updates in Ubuntu GNU/Linux
(USN-2360-1, USN-2360-2, USN-2361-1, USN-2363-1)
[26/09/2014] Ubuntu has released security update packages for fixing the
vulnerabilities identified in the firefox, thunderbird, nss and bash packages
for versions 10.04 LTS, 12.04 LTS and 14.04 LTS of Ubuntu GNU/Linux. Due to
multiple errors, an attacker could obtain sensitive information, bypass security
restrictions and execute arbitrary
code.
URL:www.ubuntu.com/usn/usn-2360-1/
URL:www.ubuntu.com/usn/usn-2360-2/
URL:www.ubuntu.com/usn/usn-2361-1/
URL:www.ubuntu.com/usn/usn-2363-1/
12.
Information Updates on Microsoft Security
Bulletins (MS14-009, MS14-049)
[25/09/2014] Microsoft
has updated information on the Security Bulletins for Microsoft .NET Framework
and Microsoft Windows. (a) MS14-009 was revised to correct a missing Server Core
installation entry in the Affected Software table. (b) MS14-055 was revised to
change Known issues entry in the Knowledge Base Article
section.
URL:technet.microsoft.com/library/security/ms14-009
URL:technet.microsoft.com/library/security/ms14-049
13.
Vulnerabilities in Mozilla Products (MFSA
2014-73)
[25/09/2014]
Vulnerabilities were identified in Mozilla
Firefox, Thunderbird, SeaMonkey and NSS. An attacker could bypass security
restrictions and perform spoofing attacks. These vulnerabilities affect multiple
versions of the mentioned products. Security patches are available to resolve
these
vulnerabilities.
URL:www.mozilla.org/security/announce/2014/mfsa2014-73.html
URL:www.hkcert.org/my_url/en/alert/14092501
URL:www.kb.cert.org/vuls/id/772676
URL:www.us-cert.gov/ncas/current-activity/2014/09/24/Mozilla-Network-Security-Services-NSS-Library-Vulnerability
14.
Vulnerabilities in Cisco Products
(cisco-sa-20140924-mdns, cisco-sa-20140924-nat, cisco-sa-20140924-sip,
cisco-sa-20140924-metadata, cisco-sa-20140924-dhcpv6,
cisco-sa-20140924-rsvp)
[25/09/2014] Vulnerabilities were identified in the Cisco IOS Software,
Cisco IOS XE Software and Cisco Unified Communications Domain Manager. An
attacker could cause a denial of service condition. These vulnerabilities affect
multiple versions of the mentioned products. Security patches are available to
resolve these
vulnerabilities.
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140924-mdns
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140924-nat
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140924-sip
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140924-metadata
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140924-dhcpv6
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140924-rsvp
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0475
URL:xforce.iss.net/xforce/xfdb/96174
URL:xforce.iss.net/xforce/xfdb/96175
URL:xforce.iss.net/xforce/xfdb/96176
URL:xforce.iss.net/xforce/xfdb/96177
15.
Vulnerabilities in IBM Products
(S1004872, 1672337, 1672717, 1674132, 1674134, 1679930, 1681183, 1681184,
1682120, 1682450, 1682627, 1683296, 1683297, 1683332, 1683334, 1683336, 1683338,
MIGR-5096152)
[25/09/2014] Vulnerabilities were identified in the IBM TSSC, IBM FileNet
Content Manager, IBM Content Foundation, IBM FileNet Process Engine, IBM
InfoSphere Streams, IBM Rational Engineering Lifecycle Manager, IBM Rational
Software Architect Design Manager, IBM Rational Rhapsody Design Manager, IBM
Initiate Master Data Service, IBM InfoSphere Balanced Warehouse, IBM Smart
Analytics System, IBM PureData System for Operational Analytics, IBM Guardium
Database Activity Monitor and IBM Systems Director. An attacker could bypass
security restrictions, obtain sensitive information, execute arbitrary code,
cause a denial of service condition and crash the system. These vulnerabilities
affect multiple versions of the mentioned products. Security patches are
available to resolve these
vulnerabilities.
URL:www.ibm.com/support/docview.wss?uid=ssg1S1004872
URL:www.ibm.com/support/docview.wss?uid=swg21672337
URL:www.ibm.com/support/docview.wss?uid=swg21672717
URL:www.ibm.com/support/docview.wss?uid=swg21674132
URL:www.ibm.com/support/docview.wss?uid=swg21674134
URL:www.ibm.com/support/docview.wss?uid=swg21679930
URL:www.ibm.com/support/docview.wss?uid=swg21681183
URL:www.ibm.com/support/docview.wss?uid=swg21681184
URL:www.ibm.com/support/docview.wss?uid=swg21682120
URL:www.ibm.com/support/docview.wss?uid=swg21682450
URL:www.ibm.com/support/docview.wss?uid=swg21682627
URL:www.ibm.com/support/docview.wss?uid=swg21683296
URL:www.ibm.com/support/docview.wss?uid=swg21683297
URL:www.ibm.com/support/docview.wss?uid=swg21683332
URL:www.ibm.com/support/docview.wss?uid=swg21683334
URL:www.ibm.com/support/docview.wss?uid=swg21683336
URL:www.ibm.com/support/docview.wss?uid=swg21683338
URL:www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096152
16. Vulnerabilities in
Huawei Products (Huawei-SA-20140924-01-VRP,
Huawei-SA-20140924-02-CSRF)
[25/09/2014] Vulnerabilities were identified in multiple Huawei products.
An attacker could bypass security restrictions, obtain sensitive information and
compromise the system. These vulnerabilities affect multiple firmware versions
of the mentioned products. Security patches are available to resolve these
vulnerabilities.
URL:www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-372145.htm
URL:www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-372186.htm
17.
Vulnerability in GNU
Bash
[25/09/2014]
Vulnerability was identified in the GNU bash
(GNU Bourne-Again Shell). An attacker could bypass security restrictions and
execute arbitrary code. This vulnerability affects version 4.3 of the mentioned
product. Security patches are available to resolve this
vulnerability.
URL:www.hkcert.org/my_url/en/alert/14092502
URL:www.us-cert.gov/ncas/current-activity/2014/09/24/Bourne-Again-Shell-Bash-Remote-Code-Execution-Vulnerability
URL:xforce.iss.net/xforce/xfdb/96153
18.
Vulnerability in Xen
(XSA-104)
[25/09/2014]
Vulnerability was identified in the Xen. An
attacker could bypass security restrictions, cause a denial of service condition
and crash the system. This vulnerability affects multiple versions of the
mentioned product. Security patches are available to resolve this
vulnerability.
URL:xenbits.xen.org/xsa/advisory-104.html
URL:xforce.iss.net/xforce/xfdb/96149
19.
Security Updates in Debian (DSA-3031-1,
DSA-3032-1)
[25/09/2014] Debian has
released security update packages for fixing the vulnerabilities identified in
the apt and bash packages for multiple versions of Debian GNU/Linux. Due to
multiple errors, an attacker could bypass security restrictions, obtain
sensitive information, execute arbitrary code, cause a denial of service
condition and crash the
system.
URL:www.debian.org/security/2014/dsa-3031
URL:www.debian.org/security/2014/dsa-3032
20.
Security Updates in Mandriva
(MDVSA-2014:181, MDVSA-2014:182, MDVSA-2014:183, MDVSA-2014:184, MDVSA-2014:185,
MDVSA-2014:186)
[25/09/2014] Mandriva
has released security update packages for fixing the vulnerabilities identified
in the dump, zarafa, phpmyadmin, net-snmp, libgadu and bash packages for version
MBS1 of Mandriva GNU/Linux. Due to multiple errors, an attacker could bypass
security restrictions, obtain sensitive information, gain elevated privileges,
execute arbitrary code, cause a denial of service condition and compromise a
vulnerable
system.
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2014%3A181/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2014%3A182/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2014%3A183/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2014%3A184/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2014%3A185/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2014%3A186/
21.
Security Updates in Mageia
(MGASA-2014-0384, MGASA-2014-0385, MGASA-2014-0386, MGASA-2014-0387,
MGASA-2014-0388)
[25/09/2014] Mageia has
released security update packages for fixing the vulnerabilities identified in
the curl, wireshark, php-pear-CAS and bash packages for multiple versions of
Mageia. Due to multiple errors, an attacker could bypass security restrictions,
obtain sensitive information, execute arbitrary code, cause a denial of service
condition and compromise a vulnerable
system.
URL:advisories.mageia.org/MGASA-2014-0384.html
URL:advisories.mageia.org/MGASA-2014-0385.html
URL:advisories.mageia.org/MGASA-2014-0386.html
URL:advisories.mageia.org/MGASA-2014-0387.html
URL:advisories.mageia.org/MGASA-2014-0388.html
22.
Security Updates in Red Hat Enterprise
Linux (RHSA-2014-1292-1, RHSA-2014-1293-1, RHSA-2014-1294-1,
RHSA-2014-1295-1)
[25/09/2014] Red Hat
has released security update packages for fixing the vulnerabilities identified
in the haproxy, bash and bash Shift_JIS packages for Red Hat Enterprise Linux 5,
6, and 7, and the Red Hat JBoss Data Virtualization. Due to multiple errors, an
attacker could bypass security restrictions, obtain sensitive information, gain
elevated privileges, execute arbitrary code, cause a denial of service condition
and crash the
system.
URL:rhn.redhat.com/errata/RHSA-2014-1292.html
URL:rhn.redhat.com/errata/RHSA-2014-1293.html
URL:rhn.redhat.com/errata/RHSA-2014-1294.html
URL:rhn.redhat.com/errata/RHSA-2014-1295.html
URL:xforce.iss.net/xforce/xfdb/96192
23.
Security Updates in Slackware
(SSA:2014-267-01, SSA:2014-267-02)
[25/09/2014] Slackware
has released security update packages for fixing the vulnerabilities identified
in the mozilla-nss and bash packages for multiple versions of Slackware Linux.
Due to multiple errors, an attacker could bypass security restrictions, obtain
sensitive information, gain elevated privileges, execute arbitrary code and
cause a denial of service
condition.
URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2014&m=slackware-security.387409
URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2014&m=slackware-security.522193
24.
Security Updates in SUSE
(SUSE-SU-2014:1212-1, SUSE-SU-2014:1213-1, SUSE-SU-2014:1214-1,
openSUSE-SU-2014:1151-1)
[25/09/2014] SUSE has
released security update packages for fixing the vulnerabilities identified in
the bash package for SUSE Linux Enterprise 10 and 11, and the chromium package
for openSUSE 12.3 and 13.1. Due to multiple errors, an attacker could bypass
security restrictions, obtain sensitive information, gain elevated privileges,
execute arbitrary code and cause a denial of service
condition.
URL:lists.opensuse.org/opensuse-security-announce/2014-09/msg00028.html
URL:lists.opensuse.org/opensuse-security-announce/2014-09/msg00029.html
URL:lists.opensuse.org/opensuse-security-announce/2014-09/msg00030.html
URL:lists.opensuse.org/opensuse-updates/2014-09/msg00033.html
25.
Security Updates in Ubuntu GNU/Linux
(USN-2362-1)
[25/09/2014] Ubuntu has
released security update packages for fixing the vulnerabilities identified in
the bash packages for versions 10.04 LTS, 12.04 LTS and 14.04 LTS of Ubuntu
GNU/Linux. Due to multiple errors, an attacker could bypass security
restrictions, execute arbitrary code, cause a denial of service condition and
crash the
system.
URL:www.ubuntu.com/usn/usn-2362-1/
26. Information Updates on Microsoft Security Advisory and
Bulletin (2755801, MS14-055)
[24/09/2014] Microsoft
has updated information on the Security Advisory and Bulletin for Microsoft
Internet Explorer and Microsoft Lync Server. (a) KB2755801 added the 2999249
update to the Current Update section. (b) MS14-055 was rereleased to announce
the reoffering of the 2982385 security update file (server.msp) for Microsoft
Lync Server
2010.
URL:technet.microsoft.com/library/security/2755801
URL:technet.microsoft.com/library/security/ms14-055
27.
Vulnerability in Huawei Ascend P6 Mobile
Phones (Huawei-SA-20140923-01-P6)
[24/09/2014] Vulnerability was identified in the Huawei Ascend P6 Mobile
Phones EDGE-U00 and EDGE-T00. An attacker could bypass security restrictions and
obtain sensitive information. This vulnerability affects multiple firmware
versions of the mentioned products. Security patches are available to resolve
this
vulnerability.
URL:www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-372118.htm
28.
Vulnerability in M/Monit
(96122)
[24/09/2014]
Vulnerability was identified in the M/Monit. An
attacker could bypass security restrictions, execute arbitrary code and perform
cross-site scripting attacks. This vulnerability affects version 3.2.2 of the
mentioned
product.
URL:xforce.iss.net/xforce/xfdb/96122
29.
Vulnerability in Debian Apt
(96151)
[24/09/2014]
Vulnerability was identified in the Debian Apt.
An attacker could bypass security restrictions, execute arbitrary code, cause a
denial of service condition and crash the system. This vulnerability affects
versions prior to 0.9.7.9+deb7u5 of the mentioned product. Security patches are
available to resolve this
vulnerability.
URL:xforce.iss.net/xforce/xfdb/96151
30.
Vulnerabilities in Xen (XSA-105,
XSA-106)
[24/09/2014]
Vulnerabilities were identified in the Xen. An
attacker could bypass security restrictions, gain elevated privileges, execute
arbitrary code, cause a denial of service condition and crash the system. These
vulnerabilities affect multiple versions of the mentioned product. Security
patches are available to resolve these
vulnerabilities.
URL:xenbits.xen.org/xsa/advisory-105.html
URL:xenbits.xen.org/xsa/advisory-106.html
URL:xforce.iss.net/xforce/xfdb/96147
URL:xforce.iss.net/xforce/xfdb/96148
31.
Security Updates in Red Hat Enterprise
Linux (RHSA-2014:1285-1, RHSA-2014:1286-1)
[24/09/2014] Red Hat
has released security update packages for fixing the vulnerability identified in
the Red Hat JBoss Enterprise Application Platform 6.3.1 for Red Hat Enterprise
Linux 5 and 6. An attacker could bypass security restrictions, gain elevated
privileges, execute arbitrary code, cause a denial of service condition and
crash the
system.
URL:rhn.redhat.com/errata/RHSA-2014-1285.html
URL:rhn.redhat.com/errata/RHSA-2014-1286.html
32.
Security Updates in Ubuntu GNU/Linux
(USN-2353-1, USN-2354-1, USN-2355-1, USN-2356-1, USN-2357-1, USN-2358-1,
USN-2359-1)
[24/09/2014] Ubuntu has
released security update packages for fixing the vulnerabilities identified in
the apt, linux, linux-ec2, inux-ti-omap4 and linux-lts-trusty packages for
versions 10.04 LTS, 12.04 LTS and 14.04 LTS of Ubuntu GNU/Linux. Due to multiple
errors, an attacker could bypass security restrictions, execute arbitrary code,
cause a denial of service condition and crash the
system.
URL:www.ubuntu.com/usn/usn-2353-1/
URL:www.ubuntu.com/usn/usn-2354-1/
URL:www.ubuntu.com/usn/usn-2355-1/
URL:www.ubuntu.com/usn/usn-2356-1/
URL:www.ubuntu.com/usn/usn-2357-1/
URL:www.ubuntu.com/usn/usn-2358-1/
URL:www.ubuntu.com/usn/usn-2359-1/
33.
Vulnerability in Cisco Unified
Communications Domain Manager Platform
[23/09/2014] Vulnerability was identified in the Cisco Unified
Communications Domain Manager Platform. An attacker could bypass security
restrictions, cause a denial of service condition and crash the system. This
vulnerability affects multiple versions of the mentioned products. Security
patches are available to resolve this
vulnerability.
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3380
34.
Vulnerabilities in NETGEAR Download
Center (96070, 96071)
[23/09/2014] Vulnerabilities were identified in the NETGEAR Download
Center. An attacker could bypass security restrictions, obtain sensitive
information, execute arbitrary code, perform cross-site scripting and phishing
attacks. The affected version was not
specified.
URL:xforce.iss.net/xforce/xfdb/96070
URL:xforce.iss.net/xforce/xfdb/96071
35.
Vulnerability in Asterisk
(AST-2014-010)
[23/09/2014] Vulnerability was identified in the Asterisk. An attacker
could cause a denial of service condition and crash the system. This
vulnerability affects multiple versions of the mentioned product. Security
patches are available to resolve this
vulnerability.
URL:downloads.asterisk.org/pub/security/AST-2014-010.html
URL:xforce.iss.net/xforce/xfdb/96073
36.
Vulnerabilities in Debian Apt (96127,
96128, 96129)
[23/09/2014] Vulnerabilities were identified in the Debian Apt. An
attacker could bypass security restrictions and execute arbitrary code. These
vulnerabilities affect versions prior to 1.0.9 of the mentioned product.
Security patches are available to resolve these
vulnerabilities.
URL:xforce.iss.net/xforce/xfdb/96127
URL:xforce.iss.net/xforce/xfdb/96128
URL:xforce.iss.net/xforce/xfdb/96129
37.
Vulnerability in
Nginx
[23/09/2014]
Vulnerability was identified in the nginx. An
attacker could bypass security restrictions, gain elevated privileges and
execute arbitrary code. This vulnerability affects multiple versions of the
mentioned product. Security patches are available to resolve this
vulnerability.
URL:nginx.org/
URL:xforce.iss.net/xforce/xfdb/96134
38.
Security Updates in Mageia
(MGASA-2014-0380, MGASA-2014-0381, MGASA-2014-0382,
MGASA-2014-0383)
[23/09/2014] Mageia has
released security update packages for fixing the vulnerabilities identified in
the zarafa, gnupg, flash-player-plugin and phpmyadmin packages for multiple
versions of Mageia. Due to multiple errors, an attacker could bypass security
restrictions, obtain sensitive information, execute arbitrary code, cause a
denial of service condition and compromise a vulnerable
system.
URL:advisories.mageia.org/MGASA-2014-0380.html
URL:advisories.mageia.org/MGASA-2014-0381.html
URL:advisories.mageia.org/MGASA-2014-0382.html
URL:advisories.mageia.org/MGASA-2014-0383.html
39.
Security Updates in Mandriva
(MDVSA-2014:180)
[23/09/2014] Mandriva
has released security update packages for fixing the vulnerability identified in
the gnupg packages for version MBS1 of Mandriva GNU/Linux. An attacker could
bypass security restrictions and obtain sensitive
information.
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2014%3A180/
40.
Security Updates in Red Hat Enterprise
Linux (RHSA-2014:1268-1, RHSA-2014:1281-1)
[23/09/2014] Red Hat
has released security update packages for fixing the vulnerabilities identified
in the qemu-kvm-rhev packages for Red Hat Enterprise Linux OpenStack Platform
5.0 for Red Hat Enterprise Linux 7, and the kernel packages for Red Hat
Enterprise Linux 7. Due to multiple errors, an attacker could bypass security
restrictions, gain elevated privileges, execute arbitrary code, cause a denial
of service condition and crash the
system.
URL:rhn.redhat.com/errata/RHSA-2014-1268.html
URL:rhn.redhat.com/errata/RHSA-2014-1281.html
41.
Security Updates in SUSE
(openSUSE-SU-2014:1151-1)
[23/09/2014] SUSE has
released security update packages for fixing the vulnerabilities identified in
the chromium packages for openSUSE 12.3 and 13.1. Due to multiple errors, an
attacker could execute arbitrary code and cause a denial of service
condition.
URL:lists.opensuse.org/opensuse-security-announce/2014-09/msg00027.html
42.
Security Updates in Ubuntu GNU/Linux
(USN-2350-1, USN-2351-1, USN-2352-1)
[23/09/2014] Ubuntu has
released security update packages for fixing the vulnerabilities identified in
the nss, nginx and dbus packages for versions 10.04 LTS, 12.04 LTS and 14.04 LTS
of Ubuntu GNU/Linux. Due to multiple errors, an attacker could bypass security
restrictions, obtain sensitive information, execute arbitrary code and cause a
denial of service
condition.
URL:www.ubuntu.com/usn/usn-2350-1/
URL:www.ubuntu.com/usn/usn-2351-1/
URL:www.ubuntu.com/usn/usn-2352-1/
43.
Information Updates on Microsoft Security
Bulletin (MS14-046)
[22/09/2014] Microsoft
has updated information on the Security Bulletin for Microsoft .NET Framework.
MS14-046 was revised with a change to the Known Issues entry in the Knowledge
Base Article section from "None" to
"Yes".
URL:technet.microsoft.com/library/security/ms14-046
44.
Vulnerability in Cisco Nexus 1000V
InterCloud for VMware
[22/09/2014] Vulnerability was identified in the Cisco Nexus 1000V
InterCloud for VMware. An attacker could bypass security restrictions and
perform cross-site scripting attacks. This vulnerability affects multiple
versions of the mentioned products. Security patches are available to resolve
this
vulnerability.
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3367
45.
Vulnerabilities in IBM Products
(S1004854, S1004860, S1004861, S1004869, 1683389)
[22/09/2014] Vulnerabilities were identified in the IBM Storwize V7000
Unified and IBM SDK for Node.js. An attacker could bypass security restrictions,
obtain sensitive information, execute arbitrary code, cause a denial of service
condition and crash the system. These vulnerabilities affect multiple versions
of the mentioned products. Security patches are available to resolve these
vulnerabilities.
URL:www.ibm.com/support/docview.wss?uid=ssg1S1004854
URL:www.ibm.com/support/docview.wss?uid=ssg1S1004860
URL:www.ibm.com/support/docview.wss?uid=ssg1S1004861
URL:www.ibm.com/support/docview.wss?uid=ssg1S1004869
URL:www.ibm.com/support/docview.wss?uid=swg21683389
46.
Vulnerabilities in Fortinet Products
(FG-IR-14-006)
[22/09/2014] Vulnerabilities were identified in the Fortinet FortiGate and
FortiWiFi appliances. An attacker could bypass security restrictions, obtain
sensitive information, execute arbitrary code, perform man-in-the-middle
attacks, cause a denial of service condition and crash the system. These
vulnerabilities affect versions 5.0.0 to 5.0.7, 4.3.15 and lower of the FortiOS.
Security patches are available to resolve these
vulnerabilities.
URL:www.fortiguard.com/advisory/FG-IR-14-006/
URL:www.kb.cert.org/vuls/id/730964
47.
Security Updates in Oracle Products
(ELSA-2014-1246)
[22/09/2014] Oracle has
released security update packages for fixing the vulnerabilities identified in
the nss packages for Oracle Linux 5, and the OpenSSL, Python Image Library
(PIL), OpenStack Glance, Wireshark, Apache HTTP Server, Firefox ESR, Net-SNMP
and Samba packages for Oracle Solaris 10 and 11.2. An attacker could bypass
security restrictions, obtain sensitive information, gain elevated privileges,
execute arbitrary code, cause a denial of service condition and compromise the
system.
URL:blogs.oracle.com/sunsecurity/entry/cve_2014_3505_denial_of
URL:blogs.oracle.com/sunsecurity/entry/cve_2014_3506_resource_management
URL:blogs.oracle.com/sunsecurity/entry/cve_2014_3507_resource_management
URL:blogs.oracle.com/sunsecurity/entry/cve_2014_3508_information_disclosure
URL:blogs.oracle.com/sunsecurity/entry/cve_2014_3509_race_conditions
URL:blogs.oracle.com/sunsecurity/entry/cve_2014_3510_denial_of
URL:blogs.oracle.com/sunsecurity/entry/cve_2014_3511_cryptographic_vulnerability
URL:blogs.oracle.com/sunsecurity/entry/cve_2014_3512_buffer_errors
URL:blogs.oracle.com/sunsecurity/entry/cve_2014_3589_input_validation
URL:blogs.oracle.com/sunsecurity/entry/cve_2014_5139_denial_of
URL:blogs.oracle.com/sunsecurity/entry/cve_2014_5356_permissions_privileges
URL:blogs.oracle.com/sunsecurity/entry/multiple_buffer_errors_vulnerabilities_in3
URL:blogs.oracle.com/sunsecurity/entry/multiple_denial_of_service_dos5
URL:blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_fixed_in_firefox
URL:blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_net_snmp
URL:blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_samba1
URL:linux.oracle.com/errata/ELSA-2014-1246.html
48.
Security Updates in Debian (DSA-3029-1,
DSA-3030-1)
[22/09/2014] Debian has
released security update packages for fixing the vulnerabilities identified in
the nginx and mantis packages for multiple versions of Debian GNU/Linux. Due to
multiple errors, an attacker could bypass security restrictions, obtain
sensitive information, gain elevated privileges, execute arbitrary code and
perform code injection
attacks.
URL:www.debian.org/security/2014/dsa-3029
URL:www.debian.org/security/2014/dsa-3030
49.
Security Updates in Gentoo Linux (GLSA
201409-05, GLSA 201409-06, GLSA 201409-07, GLSA
201409-08)
[22/09/2014]
Gentoo has released security update packages for
fixing the vulnerabilities identified in the adobe-flash, chromium, c-icap and
libxml2 packages for multiple versions of Gentoo Linux. Due to multiple errors,
an attacker could bypass security restrictions, execute arbitrary code, cause a
denial of service condition and crash the
system.
URL:www.gentoo.org/security/en/glsa/glsa-201409-05.xml
URL:www.gentoo.org/security/en/glsa/glsa-201409-06.xml
URL:www.gentoo.org/security/en/glsa/glsa-201409-07.xml
URL:www.gentoo.org/security/en/glsa/glsa-201409-08.xml
50.
Security Updates in SUSE
(SUSE-SU-2014:1146-1)
[22/09/2014] SUSE has
released security update packages for fixing the vulnerability identified in the
dbus-1 packages for SUSE Linux Enterprise 11. An attacker could cause a denial
of service
condition.
URL:lists.opensuse.org/opensuse-security-announce/2014-09/msg00026.html
No comments:
Post a Comment