1. Vulnerabilities in HP Products (c04462737, c04466586,
c04468293, 96786, 96787, 96788)
[03/10/2014] Vulnerabilities were identified in the HP NonStop Servers, HP
NonStop Virtual TapeServer (VTS), HP DreamColor Professional Display and HP
System Management Homepage. An attacker could bypass security restrictions, gain
elevated privileges, execute arbitrary code, perform cross-site scripting
attacks and obtain sensitive information. These vulnerabilities affect multiple
versions of mentioned products. Security patches are available to resolve these
vulnerabilities.
URL:h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c04462737-1
URL:h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c04466586-1
URL:h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c04468293-1
URL:xforce.iss.net/xforce/xfdb/96786
URL:xforce.iss.net/xforce/xfdb/96787
URL:xforce.iss.net/xforce/xfdb/96788
2. Vulnerabilities in IBM Products
(1684466)
[03/10/2014]
Vulnerabilities were identified in the IBM
Security Access Manager. An attacker could bypass security restrictions, obtain
sensitive information, execute arbitrary code, cause a denial of service
condition and crash the system. These vulnerabilities affect multiple versions
of the mentioned products. Security patches are available to resolve these
vulnerabilities.
URL:ibm.com/support/docview.wss?uid=swg21684466
URL:xforce.iss.net/xforce/xfdb/95763
URL:xforce.iss.net/xforce/xfdb/95573
3. Vulnerabilities in Novell Products (5191930, 5191931,
5193231, 5191932, 5192610, 5192990, 5193130, 5193210, 7015701,
7015721)
[03/10/2014]
Vulnerabilities were identified in the Novell
NetIQ eDirectory, Novell Filr, Novell eDirectory, Novell ZENworks Configuration
Management, Novell Service Desk, Novell iPrint Appliance and Novell Open
Enterprise Server. An attacker could bypass security restrictions, gain elevated
privileges, obtain sensitive information, execute arbitrary code, cause a denial
of service condition and crash the system. These vulnerabilities affect multiple
versions of the mentioned products. Security patches are available to resolve
these
vulnerabilities.
URL:download.novell.com/Download?buildid=2F5kR833K10~
URL:download.novell.com/Download?buildid=38gu1mO7NRU~
URL:download.novell.com/Download?buildid=HY2yans6TCk~
URL:download.novell.com/Download?buildid=isPr1qcGKFA~
URL:download.novell.com/Download?buildid=MC-vC4Bzr5Q~
URL:download.novell.com/Download?buildid=o524nUAv6sU~
URL:download.novell.com/Download?buildid=sp4kAmbumGM~
URL:download.novell.com/Download?buildid=sVnkCnKIRJM~
URL:download.novell.com/Download?buildid=sVnkCnKIRJM~
URL:www.novell.com/support/kb/doc.php?id=7015701
URL:www.novell.com/support/kb/doc.php?id=7015721
4. Vulnerability in F-Secure Products
(FSC-2014-7)
[03/10/2014] Vulnerability was identified in the F-Secure Messaging
Security Gateway and F-Secure Protection Service for Email. An attacker could
bypass security restrictions, execute arbitrary code and perform code injection
attacks. This vulnerability affects multiple versions of the mentioned products.
Security patches are available to resolve this
vulnerability.
URL:www.f-secure.com/en/web/labs_global/fsc-2014-7
5. Security Updates in Oracle Products (ELSA-2014-1306,
ELSA-2014-1307, ELSA-2014-1319, ELSA-2014-1326, ELSA-2014-3075, ELSA-2014-3077,
ELSA-2014-3078)
[03/10/2014] Oracle has
released security update packages for fixing the vulnerabilities identified in
the bash, nss, xerces-j2, php53 and php packages for Oracle Linux 4, 5, 6 and 7,
and the Bash packages for multiple Oracle products. An attacker could bypass
security restrictions, obtain sensitive information, execute arbitrary code,
gain elevated privileges, execute arbitrary code and cause a denial of service
condition. These vulnerabilities affect multiple versions of the mentioned
products.
URL:linux.oracle.com/errata/ELSA-2014-1306.html
URL:linux.oracle.com/errata/ELSA-2014-1307.html
URL:linux.oracle.com/errata/ELSA-2014-1319.html
URL:linux.oracle.com/errata/ELSA-2014-1326.html
URL:linux.oracle.com/errata/ELSA-2014-3075.html
URL:linux.oracle.com/errata/ELSA-2014-3077.html
URL:linux.oracle.com/errata/ELSA-2014-3078.html
URL:www.oracle.com/technetwork/topics/security/alert-cve-2014-7169-2303276.html
URL:www.oracle.com/technetwork/topics/security/alert-cve-2014-7169-verbose-2303278.html#SUNS
URL:www.oracle.com/technetwork/topics/security/bashcve-2014-7169-2317675.html
URL:www.oracle.com/technetwork/topics/security/bashcve-2014-7169-2317675.html
6. Security Updates in Debian (DSA-3040-1,
DSA-3041-1)
[03/10/2014] Debian has
released security update packages for fixing the vulnerabilities identified in
the rsyslog and xen package for multiple versions of Debian GNU/Linux. Due to
multiple errors, an attacker could bypass security restrictions, obtain
sensitive information, gain elevated privileges, execute arbitrary code, cause a
denial of service condition and crash the
system.
URL:www.debian.org/security/2014/dsa-3040
URL:www.debian.org/security/2014/dsa-3041
7. Security Updates in Mandriva (MDVSA-2014:190,
MDVSA-2014:192, MDVSA-2014:193)
[03/10/2014] perl-Email-Address and xerces-j2 packages for version MBS1 of
Mandriva GNU/Linux. Due to multiple errors, an attacker could bypass security
restrictions, obtain sensitive information, gain elevated privileges, execute
arbitrary code, cause a denial of service condition and crash the
system.
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2014%3A190/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2014%3A192/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2014%3A193/
8. Security Updates in Red Hat Enterprise Linux
(RHSA-2014:1306-3, RHSA-2014:1311-2, RHSA-2014:1326-1, RHSA-2014:1327-1,
RHSA-2014:1352-1, RHSA-2014:1354-1)
[03/10/2014] Red Hat
has released security update packages for fixing the vulnerabilities identified
in the bash, php53 and php and libvirt packages for Red Hat Enterprise Linux 4,
5, 6 and 7, and the rhev-hypervisor6 package for Red Hat Enterprise
Virtualization 3.4. Due to multiple errors, an attacker could bypass security
restrictions, obtain sensitive information, gain elevated privileges, execute
arbitrary code, cause a denial of service condition and crash the
system.
URL:rhn.redhat.com/errata/RHSA-2014-1306.html
URL:rhn.redhat.com/errata/RHSA-2014-1311.html
URL:rhn.redhat.com/errata/RHSA-2014-1326.html
URL:rhn.redhat.com/errata/RHSA-2014-1327.html
URL:rhn.redhat.com/errata/RHSA-2014-1352.html
URL:rhn.redhat.com/errata/RHSA-2014-1354.html
9. Security Updates in Ubuntu GNU/Linux (USN-2366-1,
USN-2367-1, USN-2368-1)
[03/10/2014] Ubuntu has
released security update packages for fixing the vulnerabilities identified in
the libvirt, openssl and openvpn packages for versions 10.04 LTS, 12.04 LTS and
14.04 LTS of Ubuntu GNU/Linux. Due to multiple errors, an attacker could bypass
security restrictions, execute arbitrary code and cause a denial of service
condition.
URL:www.ubuntu.com/usn/usn-2366-1/
URL:www.ubuntu.com/usn/usn-2367-1/
URL:www.ubuntu.com/usn/usn-2368-1/
10.
Vulnerabilities in Apple OS X Products
(HT6495)
[30/09/2014]
Vulnerabilities were identified in the bash
packages in Apple OS X Lion, Apple OS X Lion Server, Apple OS X Mountain Lion
and Apple OS X Mavericks. An attacker could bypass security restrictions and
execute arbitrary code. These vulnerabilities affect multiple versions of the
mentioned products. Security patches are available to resolve these
vulnerabilities.
URL:support.apple.com/kb/HT6495
11.
Vulnerabilities in Cisco
Products
[30/09/2014]
Vulnerabilities were identified in the Cisco IOS
Software, Cisco IOS XE Software and Cisco WebEx Meetings Server (Cisco WMS). An
attacker could bypass security restrictions, execute arbitrary code, cause a
denial of service condition and crash the system. These vulnerabilities affect
multiple versions of the mentioned products. Security patches are available to
resolve these
vulnerabilities.
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3354
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3395
12.
Vulnerabilities in GNU Bash (96686,
96687)
[30/09/2014]
Vulnerabilities was identified in the GNU bash.
An attacker could bypass security restrictions, execute arbitrary code and cause
a denial of service condition. These vulnerabilities affect version 4.3 and
possibly earlier versions of the mentioned
product.
URL:xforce.iss.net/xforce/xfdb/96686
URL:xforce.iss.net/xforce/xfdb/96687
13.
Security Updates in Debian
(DSA-3039-1)
[30/09/2014] Debian has
released security update packages for fixing the vulnerabilities identified in
the chromium-browser package for multiple versions of Debian GNU/Linux. Due to
multiple errors, an attacker could bypass security restrictions, execute
arbitrary code, cause a denial of service condition and crash the
system.
URL:www.debian.org/security/2014/dsa-3039
14.
Security Updates in Mandriva
(MDVSA-2014:191)
[30/09/2014] Mandriva
has released security update packages for fixing the vulnerability identified in
the perl-XML-DT package for version MBS1 of Mandriva GNU/Linux. An attacker
could bypass security restrictions and execute arbitrary
code.
URL:www.mandriva.com/en/support/security/advisories/mbs1/MDVSA-2014%3A191/
15.
Security Updates in Red Hat Enterprise
Linux (RHSA-2014:1318-1, RHSA-2014:1319-1, RHSA-2014:1320-1,
RHSA-2014:1321-1)
[30/09/2014] Red Hat
has released security update packages for fixing the vulnerabilities identified
in the Realtime package for Red Hat Enterprise MRG 2.5, xerces-j2 package for
Red Hat Enterprise Linux 6 and 7, JBoss Enterprise Web Platform 5.2.0 and JBoss
Enterprise Application Platform 5.2.0 packages for Red Hat Enterprise Linux 4, 5
and 6. Due to multiple errors, an attacker could bypass security restrictions,
obtain sensitive information, gain elevated privileges, execute arbitrary code,
cause a denial of service condition and crash the
system.
URL:rhn.redhat.com/errata/RHSA-2014-1318.html
URL:rhn.redhat.com/errata/RHSA-2014-1319.html
URL:rhn.redhat.com/errata/RHSA-2014-1320.html
URL:rhn.redhat.com/errata/RHSA-2014-1321.html
16.
Security Updates in Slackware
(SSA:2014-272-01)
[30/09/2014] Slackware
has released security update packages for fixing the vulnerability identified in
the bash package for multiple versions of Slackware Linux. An attacker could
bypass security restrictions and cause a denial of service
condition.
URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2014&m=slackware-security.559646
17.
Security Updates in SUSE
(openSUSE-SU-2014:1254-1, SUSE-SU-2014:1220-2, SUSE-SU-2014:1220-3,
SUSE-SU-2014:1247-2)
[30/09/2014] SUSE has
released security update packages for fixing the vulnerabilities identified in
the bash and mozilla-nss packages for SUSE Linux Enterprise 10 and 11, and
openSUSE 13.2. Due to multiple errors, an attacker could bypass security
restrictions, obtain sensitive information, gain elevated privileges, execute
arbitrary code, cause a denial of service condition and compromise a vulnerable
system.
URL:lists.opensuse.org/opensuse-security-announce/2014-09/msg00044.html
URL:lists.opensuse.org/opensuse-security-announce/2014-09/msg00045.html
URL:lists.opensuse.org/opensuse-security-announce/2014-09/msg00046.html
URL:lists.opensuse.org/opensuse-security-announce/2014-09/msg00047.html
18.
Security Updates in Ubuntu GNU/Linux
(USN-2365-1)
[30/09/2014] Ubuntu has
released security update packages for fixing the vulnerabilities identified in
the libvncserver package for versions 12.04 LTS and 14.04 LTS of Ubuntu
GNU/Linux. Due to multiple errors, an attacker could bypass security
restrictions, execute arbitrary code and cause a denial of service
condition.
URL:www.ubuntu.com/usn/usn-2365-1/
19.
Vulnerabilities in GNU Bash (VU#252743,
96237, 96238)
[29/09/2014] Vulnerabilities was identified in the GNU bash. An attacker
could bypass security restrictions, execute arbitrary code and cause a denial of
service condition. These vulnerabilities affect version 4.3 and possibly earlier
versions of the mentioned
product.
URL:www.kb.cert.org/vuls/id/252743
URL:xforce.iss.net/xforce/xfdb/96237
URL:xforce.iss.net/xforce/xfdb/96238
20.
Security Updates in Oracle Products
(ELSA-2014-1194)
[29/09/2014] Oracle has
released security update packages for fixing the vulnerability identified in the
conga package for Oracle Linux 5, and the GNU Bash package for multiple Oracle
products. An attacker could bypass security restrictions, obain sensitive
information, execute arbitrary code, cause a denial of service condition and
compromise a vulnerable
system.
URL:www.oracle.com/technetwork/topics/security/alert-cve-2014-7169-2303276.html
URL:linux.oracle.com/errata/ELSA-2014-1194.html
21.
Security Updates in Debian (DSA-3035-1,
DSA-3036-1, DSA-3037-1, DSA-3038-1)
[29/09/2014] Debian has
released security update packages for fixing the vulnerabilities identified in
the bash, mediawiki, icedove and libvirt packages for multiple versions of
Debian GNU/Linux. Due to multiple errors, an attacker could bypass security
restrictions, execute arbitrary code, perform code injection and cross site
scripting attacks, cause a denial of service condition and crash the
system.
URL:www.debian.org/security/2014/dsa-3035
URL:www.debian.org/security/2014/dsa-3036
URL:www.debian.org/security/2014/dsa-3037
URL:www.debian.org/security/2014/dsa-3038
22.
Security Updates in Mandriva
(MDVSA-2014:190)
[29/09/2014] Mandriva
has released security update packages for fixing the vulnerability identified in
the bash packages for version MBS1 of Mandriva GNU/Linux. An attacker could
bypass security restrictions and execute arbitrary
code.
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2014%3A190/
23.
Security Updates in Mageia
(MGASA-2014-0389, MGASA-2014-0390, MGASA-2014-0391, MGASA-2014-0392,
MGASA-2014-0393)
[29/09/2014] Mageia has
released security update packages for fixing the vulnerabilities identified in
the perl-Email-Address, perl-XML-DT, nss, kernel, kernel-userspace-headers,
kmod-xtables-addons, kmod-broadcom-wl, kmod-fglrx, kmod-nvidia173,
kmod-nvidia304, kmod-nvidia-current and bash packages for multiple versions of
Mageia. Due to multiple errors, an attacker could bypass security restrictions,
obtain sensitive information, execute arbitrary code, cause a denial of service
condition and compromise a vulnerable
system.
URL:advisories.mageia.org/MGASA-2014-0389.html
URL:advisories.mageia.org/MGASA-2014-0390.html
URL:advisories.mageia.org/MGASA-2014-0391.html
URL:advisories.mageia.org/MGASA-2014-0392.html
URL:advisories.mageia.org/MGASA-2014-0393.html
24.
Security Updates in Red Hat Enterprise
Linux (RHSA-2014:1306-1, RHSA-2014:1307-1, RHSA-2014:1311-1,
RHSA-2014:1312-1)
[29/09/2014] Red Hat
has released security update packages for fixing the vulnerabilities identified
in the bash, nss and bash Shift_JIS packages for Red Hat Enterprise Linux 4, 5,
6 and 7. Due to multiple errors, an attacker could bypass security restrictions,
obtain sensitive information, gain elevated privileges, execute arbitrary code,
cause a denial of service condition and crash the
system.
URL:rhn.redhat.com/errata/RHSA-2014-1306.html
URL:rhn.redhat.com/errata/RHSA-2014-1307.html
URL:rhn.redhat.com/errata/RHSA-2014-1311.html
URL:rhn.redhat.com/errata/RHSA-2014-1312.html
25.
Security Updates in Slackware
(SSA:2014-271-01, SSA:2014-271-02, SSA:2014-271-03)
[29/09/2014] Slackware has released security update packages for fixing
the vulnerabilities identified in the mozilla-firefox, mozilla-thunderbird and
seamonkey packages for multiple versions of Slackware Linux. Due to multiple
errors, an attacker could bypass security restrictions, obtain sensitive
information, gain elevated privileges, execute arbitrary code and cause a denial
of service
condition.
URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2014&m=slackware-security.356654
URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2014&m=slackware-security.360887
URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2014&m=slackware-security.494704
26.
Security Updates in SUSE
(SUSE-SU-2014:1220-1, SUSE-SU-2014:1221-1, SUSE-SU-2014:1223-1,
openSUSE-SU-2014:1224-1, openSUSE-SU-2014:1226-1, openSUSE-SU-2014:1229-1,
openSUSE-SU-2014:1232-1, openSUSE-SU-2014:1238-1, openSUSE-SU-2014:1242-1,
SUSE-SU-2014:1247-1, openSUSE-SU-2014:1248-1)
[29/09/2014] SUSE has
released security update packages for fixing the vulnerabilitiese identified in
the mozilla-nss, wireshark, bash and nss packages for SUSE Linux Enterprise 10
and 11, and openSUSE 11.4, 12.3 and 13.1. Due to multiple errors, an attacker
could bypass security restrictions, obtain sensitive information, gain elevated
privileges, execute arbitrary code, cause a denial of service condition and
compromise a vulnerable
system.
URL:lists.opensuse.org/opensuse-security-announce/2014-09/msg00032.html
URL:lists.opensuse.org/opensuse-security-announce/2014-09/msg00033.html
URL:lists.opensuse.org/opensuse-security-announce/2014-09/msg00034.html
URL:lists.opensuse.org/opensuse-security-announce/2014-09/msg00036.html
URL:lists.opensuse.org/opensuse-security-announce/2014-09/msg00037.html
URL:lists.opensuse.org/opensuse-security-announce/2014-09/msg00038.html
URL:lists.opensuse.org/opensuse-security-announce/2014-09/msg00039.html
URL:lists.opensuse.org/opensuse-security-announce/2014-09/msg00040.html
URL:lists.opensuse.org/opensuse-security-announce/2014-09/msg00041.html
URL:lists.opensuse.org/opensuse-security-announce/2014-09/msg00042.html
URL:lists.opensuse.org/opensuse-security-announce/2014-09/msg00043.html
27.
Security Updates in Ubuntu GNU/Linux
(USN-2363-2, USN-2364-1)
[29/09/2014] Ubuntu has
released security update packages for fixing the vulnerabilities identified in
the bash packages for versions 10.04 LTS, 12.04 LTS and 14.04 LTS of Ubuntu
GNU/Linux. Due to multiple errors, an attacker could bypass security
restrictions, execute arbitrary code, cause a denial of service condition and
crash the
system.
URL:www.ubuntu.com/usn/usn-2363-2/
URL:www.ubuntu.com/usn/usn-2364-1/
No comments:
Post a Comment