1. Information
Updates on Microsoft Security Bulletins (MS14-012,
MS14-053)
[19/09/2014]
Microsoft has updated information on the
Security Bulletins for Microsoft Internet Explorer and Microsoft .NET Framework.
(a) MS14-012 was corrected the severity table and vulnerability information to
add CVE-2014-4112 as a vulnerability addressed by this update. (b) MS14-053 was
revised to clarify language in the Executive Summary, Mitigating Factors, and
Vulnerability FAQ sections that describes the attack vector for
CVE-2014-4072.
URL:technet.microsoft.com/library/security/ms14-012
URL:technet.microsoft.com/library/security/ms14-053
2. Vulnerabilities in Cisco IOS XR
Software
[19/09/2014]
Vulnerabilities were identified in the Cisco IOS
XR Software. An attacker could bypass security restrictions, cause a denial of
service condition and execute arbitrary code. These vulnerabilities affect
multiple versions of the mentioned products. Security patches are available to
resolve these
vulnerabilities.
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3376
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3377
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3378
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3379
3. Vulnerabilities in IBM Products (S1004834, S1004836,
S1004847, S1004849, S1004851, S1004853, S1004854, 1683484, 1683518,
1684448)
[19/09/2014]
Vulnerabilities were identified in the IBM
Storwize V7000 Unified, IBM Scale Out Network Attached Storage (SONAS), IBM
Tivoli Provisioning Manager for Software, IBM Financial Transaction Manager and
IBM QRadar. An attacker could bypass security restrictions, obtain sensitive
information, execute arbitrary code, cause a denial of service condition and
crash the system. These vulnerabilities affect multiple versions of the
mentioned products. Security patches are available to resolve these
vulnerabilities.
URL:www.ibm.com/support/docview.wss?uid=ssg1S1004834
URL:www.ibm.com/support/docview.wss?uid=ssg1S1004836
URL:www.ibm.com/support/docview.wss?uid=ssg1S1004847
URL:www.ibm.com/support/docview.wss?uid=ssg1S1004849
URL:www.ibm.com/support/docview.wss?uid=ssg1S1004851
URL:www.ibm.com/support/docview.wss?uid=ssg1S1004853
URL:www.ibm.com/support/docview.wss?uid=ssg1S1004854
URL:www.ibm.com/support/docview.wss?uid=swg21683484
URL:www.ibm.com/support/docview.wss?uid=swg21683518
URL:www.ibm.com/support/docview.wss?uid=swg21684448
4. Security Updates in Oracle Linux (ELSA-2014-1244,
ELSA-2014-1245)
[19/09/2014] Oracle has
released security update packages for fixing the vulnerabilities identified in
the bind97 and krb5 packages for Oracle Linux 5. An attacker could bypass
security restrictions, cause a denial of service condition and crash the
system.
URL:linux.oracle.com/errata/ELSA-2014-1244.html
URL:linux.oracle.com/errata/ELSA-2014-1245.html
5. Security Updates in Debian (DSA-3027-1,
DSA-3028-1)
[19/09/2014] Debian has
released security update packages for fixing the vulnerabilities identified in
the libav and icedove packages for multiple versions of Debian GNU/Linux. Due to
multiple errors, an attacker could bypass security restrictions, execute
arbitrary code, cause a denial of service condition and crash the
system.
URL:www.debian.org/security/2014/dsa-3027
URL:www.debian.org/security/2014/dsa-3028
6. Security Updates in Red Hat Storage
(RHSA-2014:1263-1)
[19/09/2014] Red Hat
has released security update packages for fixing the vulnerability identified in
the glusterfs, geo-replication and native client packages for Red Hat Storage
2.1. An attacker could obtain sensitive information and cause a denial of
service
condition.
URL:rhn.redhat.com/errata/RHSA-2014-1263.html
7. Vulnerabilities in Apple Products (HT6440, HT6441,
HT6442, HT6443, HT6444, HT6448, HT6449)
[18/09/2014] Vulnerabilities were identified in the Apple Safari, Apple
iOS, Apple TV, Apple OS X Mavericks, Apple Xcode and Apple OS X Server. An
attacker could bypass security restrictions, obtain sensitive information, gain
elevated privileges, execute arbitrary code, perform code injection attacks,
cause a denial of service condition and compromise a vulnerable system. These
vulnerabilities affect multiple versions of the mentioned products. Security
patches are available to resolve these
vulnerabilities.
URL:support.apple.com/kb/HT6440
URL:support.apple.com/kb/HT6441
URL:support.apple.com/kb/HT6442
URL:support.apple.com/kb/HT6443
URL:support.apple.com/kb/HT6444
URL:support.apple.com/kb/HT6448
URL:support.apple.com/kb/HT6449
8. Vulnerabilities in IBM Lotus Protector for Mail
Security (1683486)
[18/09/2014] Vulnerabilities were identified in the IBM Lotus Protector
for Mail Security. An attacker could bypass security restrictions, obtain
sensitive information and execute arbitrary code. These vulnerabilities affect
versions 2.8.0.0 and 2.8.1.0 of the mentioned product. Security patches are
available to resolve these
vulnerabilities.
URL:www.ibm.com/support/docview.wss?uid=swg21683486
9. Vulnerability in Google Android
Browser
[18/09/2014]
Vulnerability was identified in the Google
Android Browser. An attacker could bypass security restrictions, obtain
sensitive information and execute arbitrary code. This vulnerability affects
versions prior to 4.4 of
Android.
URL:www.hkcert.org/my_url/en/alert/14091801
10.
Security Updates in Red Hat Enterprise
Linux (RHSA-2014:1255-1)
[18/09/2014] Red Hat
has released security update packages for fixing the vulnerability identified in
the krb5 packages for Red Hat Enterprise Linux 5. An attacker could execute
arbitrary
code.
URL:rhn.redhat.com/errata/RHSA-2014-1255.html
11.
Security Updates in SUSE
(openSUSE-SU-2014:1139-1, SUSE-SU-2014:1140-1)
[18/09/2014] SUSE has
released security update packages for fixing the vulnerabilities identified in
the curl packages for openSUSE 12.3 and 13.1, the squid3 packages for SUSE Linux
Enterprise 11. Due to multiple errors, an attacker could bypass security
restrictions, obtain sensitive information and cause a denial of service
condition.
URL:lists.opensuse.org/opensuse-security-announce/2014-09/msg00024.html
URL:lists.opensuse.org/opensuse-security-announce/2014-09/msg00025.html
12.
Security Updates in Ubuntu GNU/Linux
(USN-2319-3, USN-2349-1)
[18/09/2014] Ubuntu has
released security update packages for fixing the vulnerabilities identified in
the openjdk-7 and libav packages for versions 12.04 LTS and 14.04 LTS of Ubuntu
GNU/Linux. Due to multiple errors, an attacker could bypass security
restrictions, obtain sensitive information, gain elevated privileges, execute
arbitrary code and cause a denial of service
condition.
URL:www.ubuntu.com/usn/usn-2319-3/
URL:www.ubuntu.com/usn/usn-2349-1/
13.
Information Updates on Microsoft Security
Bulletin (MS14-046)
[17/09/2014] Microsoft
has updated information on the Security Bulletin for Microsoft .NET Framework.
MS14-046 was revised to announce a detection change in the 2966827 update for
Microsoft .NET Framework 3.0 Service Pack 2 on Windows 8 and Windows Server
2012.
URL:technet.microsoft.com/library/security/ms14-046
14.
Vulnerabilities in IBM Products (1681998,
1682120)
[17/09/2014]
Vulnerabilities were identified in the IBM
WebSphere Portal, IBM Rational Engineering Lifecycle Manager, IBM Rational
Software Architect Design Manager and IBM Rhapsody Design Manager. An attacker
could bypass security restrictions, execute arbitrary code, perform cross-site
scripting attacks and cause a denial of service condition. These vulnerabilities
affect multiple versions of the mentioned products. Security patches are
available to resolve these
vulnerabilities.
URL:www.ibm.com/support/docview.wss?uid=swg21681998
URL:www.ibm.com/support/docview.wss?uid=swg21682120
15.
Security Updates in Oracle Linux
(ELSA-2014-1193)
[17/09/2014] Oracle has
released security update packages for fixing the vulnerability identified in the
axis packages for Oracle Linux 5 and 6. An attacker could bypass security
restrictions and perform man-in-the-middle
attacks.
URL:linux.oracle.com/errata/ELSA-2014-1193.html
16.
Security Updates in Debian (DSA-3025-1,
DSA-3026-1)
[17/09/2014] Debian has
released security update packages for fixing the vulnerabilities identified in
the apt and dbus packages for multiple versions of Debian GNU/Linux. Due to
multiple errors, an attacker could bypass security restrictions, execute
arbitrary code, cause a denial of service condition and crash the
system.
URL:www.debian.org/security/2014/dsa-3025
URL:www.debian.org/security/2014/dsa-3026
17.
Security Updates in FreeBSD
(FreeBSD-SA-14:19.tcp)
[17/09/2014] FreeBSD
has released security update packages for fixing the vulnerability identified in
the inet packages for multiple versions of FreeBSD. An attacker could bypass
security restrictions and perform spoofing
attacks.
URL:www.freebsd.org/security/advisories/FreeBSD-SA-14:19.tcp.asc
18.
Security Updates in Mageia
(MGASA-2014-0375, MGASA-2014-0376, MGASA-2014-0377, MGASA-2014-0378,
MGASA-2014-0379)
[17/09/2014] Mageia has
released security update package for fixing the vulnerabilities identified in
the libgadu, glibc, mariadb, dump and moodle packages for multiple versions of
Mageia. Due to multiple errors, an attacker could bypass security restrictions,
obtain sensitive information, execute arbitrary code, cause a denial of service
condition and crash the
system.
URL:advisories.mageia.org/MGASA-2014-0375.html
URL:advisories.mageia.org/MGASA-2014-0376.html
URL:advisories.mageia.org/MGASA-2014-0377.html
URL:advisories.mageia.org/MGASA-2014-0378.html
URL:advisories.mageia.org/MGASA-2014-0379.html
19.
Security Updates in SUSE
(SUSE-SU-2014:1137-1, SUSE-SU-2014:1138-1)
[17/09/2014] SUSE has
released security update packages for fixing the vulnerabilities identified in
the procmail and Linux Kernel packages for SUSE Linux Enterprise 11. Due to
multiple errors, an attacker could bypass security restrictions, obtain
sensitive information, execute arbitrary code, cause a denial of service
condition and compromise a vulnerable
system.
URL:lists.opensuse.org/opensuse-security-announce/2014-09/msg00022.html
URL:lists.opensuse.org/opensuse-security-announce/2014-09/msg00023.html
20.
Security Updates in Ubuntu GNU/Linux
(USN-2347-1, USN-2348-1)
[17/09/2014] Ubuntu has
released security update packages for fixing the vulnerabilities identified in
the python-django and apt packages for versions 10.04 LTS, 12.04 LTS and 14.04
LTS of Ubuntu GNU/Linux. Due to multiple errors, an attacker could bypass
security restrictions, obtain sensitive information, gain elevated privileges,
execute arbitrary code and cause a denial of service
condition.
URL:www.ubuntu.com/usn/usn-2347-1/
URL:www.ubuntu.com/usn/usn-2348-1/
21.
Information Updates on Microsoft Security
Bulletin (MS14-055)
[16/09/2014] Microsoft
has updated information on the Security Bulletin for Microsoft Lync Server.
MS14-055 was revised to remove Download Center links for Microsoft security
update 2982385 for Microsoft Lync Server
2010.
URL:technet.microsoft.com/en-us/library/security/ms14-055.aspx
22.
Vulnerabilities in IBM Products (1682668,
1682669, 1682670, 1682671, 1682904)
[16/09/2014] Vulnerabilities were identified in the multiple IBM
InfoSphere Optim Data Masking, Data Growth, Test Data Management and Application
Retirement Solution products. An attacker could obtain sensitive information.
These vulnerabilities affect multiple versions of the mentioned products.
Security patches are available to resolve these
vulnerabilities.
URL:www.ibm.com/support/docview.wss?uid=swg21682668
URL:www.ibm.com/support/docview.wss?uid=swg21682669
URL:www.ibm.com/support/docview.wss?uid=swg21682670
URL:www.ibm.com/support/docview.wss?uid=swg21682671
URL:www.ibm.com/support/docview.wss?uid=swg21682904
23.
Security Updates in Oracle
Solaris
[16/09/2014]
Oracle has released security update packages for
fixing the vulnerabilities identified in the GnuTLS, Samba, OpenSSL, Python
Imaging Library, OpenStack Horizon, OpenStack Glance, Wireshark, Apache HTTP
Server, Firefox and Net-SNMP packages for Oracle Solaris 10, 11.1 and 11.2. Due
to multiple errors, an attacker could bypass security restrictions, obtain
sensitive information, cause a denial of service condition, gain elevated
privileges, crash the system and perform cross-site scripting
attacks.
URL:blogs.oracle.com/sunsecurity/entry/cve_2014_0092_cryptographic_issues
URL:blogs.oracle.com/sunsecurity/entry/cve_2014_0178_information_disclosure
URL:blogs.oracle.com/sunsecurity/entry/cve_2014_3505_denial_of
URL:blogs.oracle.com/sunsecurity/entry/cve_2014_3506_resource_management
URL:blogs.oracle.com/sunsecurity/entry/cve_2014_3507_resource_management
URL:blogs.oracle.com/sunsecurity/entry/cve_2014_3508_information_disclosure
URL:blogs.oracle.com/sunsecurity/entry/cve_2014_3509_race_conditions
URL:blogs.oracle.com/sunsecurity/entry/cve_2014_3510_denial_of
URL:blogs.oracle.com/sunsecurity/entry/cve_2014_3511_cryptographic_vulnerability
URL:blogs.oracle.com/sunsecurity/entry/cve_2014_3512_buffer_errors
URL:blogs.oracle.com/sunsecurity/entry/cve_2014_3589_input_validation
URL:blogs.oracle.com/sunsecurity/entry/cve_2014_3594_cross_site
URL:blogs.oracle.com/sunsecurity/entry/cve_2014_5139_denial_of
URL:blogs.oracle.com/sunsecurity/entry/cve_2014_5356_permissions_privileges
URL:blogs.oracle.com/sunsecurity/entry/multiple_buffer_errors_vulnerabilities_in3
URL:blogs.oracle.com/sunsecurity/entry/multiple_denial_of_service_dos5
URL:blogs.oracle.com/sunsecurity/entry/multiple_input_validation_vulnerabilities_in1
URL:blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_fixed_in_firefox
URL:blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_net_snmp
URL:blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_samba1
24.
Security Updates in Red Hat Products
(RHSA-2014:1187-1, RHSA-2014:1188-1,
RHSA-2014:1193-1)
[16/09/2014] Red Hat
has released security update packages for fixing the vulnerabilities identified
in the qemu-kvm-rhev and python-django-horizon packages for Red Hat Enterprise
Linux OpenStack Platform 4.0 and 5.0, and axis package for Red Hat Enterprise
Linux 5 and 6. Due to multiple errors, an attacker could crash the system,
execute arbitrary code, perform cross-site scripting attacks and
man-in-the-middle
attacks.br>
URL:rhn.redhat.com/errata/RHSA-2014-1187.html
URL:rhn.redhat.com/errata/RHSA-2014-1188.html
URL:rhn.redhat.com/errata/RHSA-2014-1193.html
25.
Security Updates in Ubuntu GNU/Linux
(USN-2346-1)
[16/09/2014] Ubuntu has
released security update packages for fixing the vulnerabilities identified in
the curl package for versions 10.04 LTS, 12.04 LTS and 14.04 LTS of Ubuntu
GNU/Linux. Due to multiple errors, an attacker could obtain sensitive
information.
URL:www.ubuntu.com/usn/usn-2346-1/
26.
Security Updates in SUSE
(openSUSE-SU-2014:1126-1, SUSE-SU-2014:1128-1, SUSE-SU-2014:1129-1,
openSUSE-SU-2014:1130-1)
[16/09/2014] SUSE has
released security update packages for fixing the vulnerabilities identified in
the LibreOffice and flash-player packages for openSUSE 11.4, 12.3 and 13.1, and
glibc package for SUSE Linux Enterprise Server 10 and 11. Due to multiple
errors, an attacker could obtain sensitive information and compromise a user's
system.
URL:lists.opensuse.org/opensuse-security-announce/2014-09/msg00018.html
URL:lists.opensuse.org/opensuse-security-announce/2014-09/msg00019.html
URL:lists.opensuse.org/opensuse-security-announce/2014-09/msg00020.html
URL:lists.opensuse.org/opensuse-security-announce/2014-09/msg00021.html
27.
Vulnerabilities in IBM Products
(S1004837, S1004846, S1004867, 1681449)
[15/09/2014] Vulnerabilities were identified in the IBM Storwize V7000
Unified, IBM SAN Volume Controller, IBM Storwize Family, IBM Flex System and IBM
Rational License Key Server Administration and Reporting Tool. An attacker could
bypass security restrictions, obtain sensitive information, execute arbitrary
code, perform cross-site scripting attacks, cause a denial of service condition
and crash the system. These vulnerabilities affect multiple versions of the
mentioned products. Security patches are available to resolve these
vulnerabilities.
URL:www.ibm.com/support/docview.wss?uid=ssg1S1004837
URL:www.ibm.com/support/docview.wss?uid=ssg1S1004846
URL:www.ibm.com/support/docview.wss?uid=ssg1S1004867
URL:www.ibm.com/support/docview.wss?uid=swg21681449
URL:xforce.iss.net/xforce/xfdb/93906
28.
Vulnerabilities in Novell Identity
Manager (5191910)
[15/09/2014] Vulnerabilities were identified in the Novell Identity
Manager. An attacker could bypass security restrictions, execute arbitrary code
and compromise a vulnerable system. These vulnerabilities affect version 4.0.1
of the mentioned product. Security patches are available to resolve these
vulnerabilities.
URL:download.novell.com/Download?buildid=GnGCyonbyd0~
29.
Vulnerability in VMware products
(VMSA-2014-0009)
[15/09/2014] Vulnerability was identified in the VMware NSX and vCloud
Networking and Security (vCNS). An attacker could obtain sensitive information.
This vulnerability affects multiple versions of the mentioned products. Security
patches are available to resolve this
vulnerability.
URL:www.vmware.com/security/advisories/VMSA-2014-0009.html
URL:xforce.iss.net/xforce/xfdb/95926
30.
Vulnerabilities in GNU C
Library
[15/09/2014]
Vulnerabilities were identified in the GNU C
Library (glibc). An attacker could cause a denial of service condition and crash
the system. These vulnerabilities affect versions prior to 2.20 of the mentioned
product. Security patches are available to resolve these
vulnerabilities.
URL:www.gnu.org/software/libc/
31.
Vulnerabilities in Linux Kernel (95927,
95928)
[15/09/2014]
Vulnerabilities were identified in the Linux
Kernel. An attacker could bypass security restrictions, execute arbitrary code,
cause a denial of service condition and crash the system. These vulnerabilities
affect version 3.16.0 of the mentioned product. Security patches are available
to resolve these
vulnerabilities.
URL:xforce.iss.net/xforce/xfdb/95927
URL:xforce.iss.net/xforce/xfdb/95928
32.
Security Updates in Oracle Linux
(ELSA-2014-3073)
[15/09/2014] Oracle has
released security update packages for fixing the vulnerabilities identified in
the kernel-uek package for Oracle Linux 5 and 6. An attacker could gain elevated
privileges.
URL:linux.oracle.com/errata/ELSA-2014-3073.html
33.
Security Updates in Debian (DSA-3023-1,
DSA-3024-1)
[15/09/2014] Debian has
released security update packages for fixing the vulnerabilities identified in
the bind9 and gnupg packages for multiple versions of Debian GNU/Linux. Due to
multiple errors, an attacker could bypass security restrictions, obtain
sensitive information, execute arbitrary code, cause a denial of service
condition and crash the
system.
URL:www.debian.org/security/2014/dsa-3023
URL:www.debian.org/security/2014/dsa-3024
34.
Security Updates in SUSE
(SUSE-SU-2014:1112-2, SUSE-SU-2014:1120-2, SUSE-SU-2014:1122-1,
SUSE-SU-2014:1124-1, SUSE-SU-2014:1125-1)
[15/09/2014] SUSE has
released security update packages for fixing the vulnerabilities identified in
the glibc, MozillaFirefox and flash-player packages for SUSE Linux Enterprise 10
and 11. Due to multiple errors, an attacker could bypass security restrictions,
gain elevated privileges, obtain sensitive information, execute arbitrary code,
cause a denial of service condition and compromise a vulnerable
system.
URL:lists.opensuse.org/opensuse-security-announce/2014-09/msg00013.html
URL:lists.opensuse.org/opensuse-security-announce/2014-09/msg00014.html
URL:lists.opensuse.org/opensuse-security-announce/2014-09/msg00015.html
URL:lists.opensuse.org/opensuse-security-announce/2014-09/msg00016.html
URL:lists.opensuse.org/opensuse-security-announce/2014-09/msg00017.html
No comments:
Post a Comment