1. Information
Updates on Microsoft Security Advisories (3009008,
3010060)
[31/10/2014]
Microsoft has updated information on the
Advisories for Microsoft Windows. (a) KB3009008 was revised to announce the
deprecation of SSL 3.0, to clarify the workaround instructions for disabling SSL
3.0 on Windows servers and on Windows clients, and to announce the availability
of a Microsoft Fix it solution for Internet Explorer. (b) KB3010060 was updated
to include additional
acknowledgments.
URL:technet.microsoft.com/en-US/library/security/3009008
URL:technet.microsoft.com/en-US/library/security/3010060
2. Vulnerabilities in Cisco Unified Communications
Manager
[31/10/2014]
Vulnerabilities were identified in the Cisco
Unified Communications Manager. An attacker could bypass security restrictions,
execute arbitrary code, perform code injection and cross-site scripting attacks.
These vulnerabilities affect multiple versions of the mentioned product.
Security patches are available to resolve these
vulnerabilities.
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3366
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3372
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3373
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3374
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3375
3. Vulnerability in F5 Products
(SOL15605)
[31/10/2014]
Vulnerability was identified in the F5 BIG-IP
LTM, BIG-IP AAM, BIG-IP AFM, BIG-IP Analytics, BIG-IP APM, BIG-IP ASM, BIG-IP
Edge Gateway, BIG-IP GTM, BIG-IP Link Controller, BIG-IP PEM, BIG-IP PSM, BIG-IP
WebAccelerator, BIG-IP WOM and Enterprise Manager. An attacker could bypass
security restrictions and obtain sensitive information. This vulnerability
affects version 11.3.0.39.0 of the mentioned
products.
URL:support.f5.com/kb/en-us/solutions/public/15000/600/sol15605.html
URL:xforce.iss.net/xforce/xfdb/98403
4. Vulnerability in PHP
(98385)
[31/10/2014]
Vulnerability was identified in the PHP. An
attacker could bypass security restrictions, cause a denial of service condition
and crash the system. The affected version was not specified. Security patches
are available to resolve this
vulnerability.
URL:xforce.iss.net/xforce/xfdb/98385
5. Security Updates in Red Hat Enterprise Linux
(RHSA-2014:1764-1, RHSA-2014:1767-1,
RHSA-2014:1768-1)
[31/10/2014] Red Hat
has released security update packages for fixing the vulnerabilities identified
in the wget, php and php53 packages for Red Hat Enterprise Linux 5, 6 and 7 and
Red Hat OpenShift Enterprise 1 and 2. Due to multiple errors, an attacker could
bypass security restrictions, gain elevated privileges, execute arbitrary code,
cause a denial of service condition and crash the
system.
URL:rhn.redhat.com/errata/RHSA-2014-1764.html
URL:rhn.redhat.com/errata/RHSA-2014-1767.html
URL:rhn.redhat.com/errata/RHSA-2014-1768.html
6. Security Updates in Ubuntu GNU/Linux (USN-2391-1,
USN-2392-1, USN-2393-1, USN-2394-1, USN-2395-1)
[31/10/2014] Ubuntu has released security update packages for fixing the
vulnerabilities identified in the php5, systemd-shim, wget, linux-lts-trusty and
linux packages for versions 10.04 LTS, 12.04 LTS, 14.04 LTS and 14.10 of Ubuntu
GNU/Linux. Due to multiple errors, an attacker could bypass security
restrictions, obtain sensitive information, execute arbitrary code, cause a
denial of service condition and crash the
system.
URL:www.ubuntu.com/usn/usn-2391-1/
URL:www.ubuntu.com/usn/usn-2392-1/
URL:www.ubuntu.com/usn/usn-2393-1/
URL:www.ubuntu.com/usn/usn-2394-1/
URL:www.ubuntu.com/usn/usn-2395-1/
7. Vulnerability in ASUS routers
(98316)
[30/10/2014]
Vulnerability was identified in the ASUS RT
series routers. An attacker could bypass security restrictions, execute
arbitrary code and perform man-in-the-middle attacks. This vulnerability affects
firmware versions prior to 3.0.0.4.376.x of the mentioned product. Security
patches are available to resolve this
vulnerability.
URL:xforce.iss.net/xforce/xfdb/98316
8. Vulnerability in Drupal
(DRUPAL-PSA-2014-003)
[30/10/2014] Vulnerability was identified in the Drupal core. An attacker
could bypass security restrictions, execute arbitrary code, perform code
injection attacks and compromise the system. This vulnerability affects versions
prior to 7.32 of the mentioned product. Security patches are available to
resolve this
vulnerability.
URL:www.drupal.org/PSA-2014-003
URL:www.us-cert.gov/ncas/current-activity/2014/10/29/Drupal-Releases-Public-Service-Announcement
9. Vulnerability in tnftp
(98335)
[30/10/2014]
Vulnerability was identified in the tnftp. An
attacker could bypass security restrictions and execute arbitrary code. This
vulnerability affects multiple versions of the mentioned product. Security
patches are available to resolve this
vulnerability.
URL:xforce.iss.net/xforce/xfdb/98335
10.
Security Updates in Debian
(DSA-3059-1)
[30/10/2014] Debian has
released security update packages for fixing the vulnerabilities identified in
the dokuwiki packages for multiple versions of Debian GNU/Linux. Due to multiple
errors, an attacker could bypass security restrictions and execute arbitrary
code.
URL:www.debian.org/security/2014/dsa-3059
11.
Security Updates in Mandriva
(MDVSA-2014:211, MDVSA-2014:212)
[30/10/2014] Mandriva
has released security update packages for fixing the vulnerabilities identified
in the wpa_supplicant and wget packages for version MBS1 of Mandriva GNU/Linux.
Due to multiple errors, an attacker could bypass security restrictions, obtain
sensitive information, gain elevated privileges and execute arbitrary
code.
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2014%3A211/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2014%3A212/
12.
Security Updates in Mageia
(MGASA-2014-0426, MGASA-2014-0427, MGASA-2014-0428, MGASA-2014-0429,
MGASA-2014-0430, MGASA-2014-0431, MGASA-2014-0432, MGASA-2014-0433,
MGASA-2014-0434, MGASA-2014-0435, MGASA-2014-0436,
MGASA-2014-0437)
[30/10/2014] Mageia has
released security update packages for fixing the vulnerabilities identified in
the qemu, nginx, chromium-browser-stable, wpa_supplicant, hostapd, php, php-apc,
php-suhosin, php-gd-bundled, wget, KDE 4, zabbix, php-ZendFramework, mythtv,
mythtv-mythweb, quassel and konversation packages for multiple versions of
Mageia. Due to multiple errors, an attacker could bypass security restrictions,
obtain sensitive information, gain elevated privileges, execute arbitrary code,
cause a denial of service condition and compromise a vulnerable
system.
URL:advisories.mageia.org/MGASA-2014-0426.html
URL:advisories.mageia.org/MGASA-2014-0427.html
URL:advisories.mageia.org/MGASA-2014-0428.html
URL:advisories.mageia.org/MGASA-2014-0429.html
URL:advisories.mageia.org/MGASA-2014-0430.html
URL:advisories.mageia.org/MGASA-2014-0431.html
URL:advisories.mageia.org/MGASA-2014-0432.html
URL:advisories.mageia.org/MGASA-2014-0433.html
URL:advisories.mageia.org/MGASA-2014-0434.html
URL:advisories.mageia.org/MGASA-2014-0435.html
URL:advisories.mageia.org/MGASA-2014-0436.html
URL:advisories.mageia.org/MGASA-2014-0437.html
13.
Security Updates in Red Hat Enterprise
Linux (RHSA-2014:1724-1)
[30/10/2014] Red Hat
has released security update packages for fixing the vulnerabilities identified
in the kernel packages for Red Hat Enterprise Linux 7. Due to multiple errors,
an attacker could bypass security restrictions, cause a denial of service
condition and crash the
system.
URL:rhn.redhat.com/errata/RHSA-2014-1724.html
14.
Security Updates in Slackware
(SSA:2014-302-01)
[30/10/2014] Slackware
has released security update packages for fixing the vulnerability identified in
the wget packages for multiple versions of Slackware Linux. An attacker could
bypass security restrictions and execute arbitrary
code.
URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2014&m=slackware-security.493450
15.
Security Updates in SUSE
(openSUSE-SU-2014:1331-1)
[30/10/2014] SUSE has
released security update packages for fixing the vulnerabilities identified in
the openssl packages for openSUSE 12.3 and 13.1. Due to multiple errors, an
attacker could bypass security restrictions and obtain sensitive
information.
URL:lists.opensuse.org/opensuse-security-announce/2014-10/msg00008.html
16.
Vulnerabilities in IBM WebSphere Portal
(1684649, 1684650)
[29/10/2014] Vulnerabilities were identified in the IBM WebSphere Portal.
An attacker could perform cross-site scripting attacks, bypass security
restrictions and obtain sensitive information. These vulnerabilities affect
versions 8.0 and 8.5 of the mentioned product. Security patches are available to
resolve these
vulnerabilities.
URL:www-01.ibm.com/support/docview.wss?uid=swg21684649
URL:www-01.ibm.com/support/docview.wss?uid=swg21684650
URL:www.hkcert.org/my_url/en/alert/14102901
17.
Vulnerability in ESET Products
(98312)
[29/10/2014]
Vulnerability was identified in the ESET Smart
Security and ESET Endpoint Security products for Windows XP. An attacker could
obtain sensitive information. This vulnerability affects versions 5.0 to 7.0 of
the mentioned products. Security patches are available to resolve this
vulnerability.
URL:xforce.iss.net/xforce/xfdb/98312
18.
Vulnerability in FileMaker Pro
(97780)
[29/10/2014]
Vulnerability was identified in the FileMaker
Pro. An attacker could bypass security restrictions and gain elevated
privileges. This vulnerability affects multiple versions of the mentioned
product.
URL:xforce.iss.net/xforce/xfdb/97780
19.
Vulnerabilities in Enalean Tuleap (98306,
98307, 98308)
[29/10/2014] Vulnerabilities were identified in the Enalean Tuleap. An
attacker could perform execute arbitrary code, perform SQL injection attacks and
obtain sensitive information. These vulnerabilities affect versions prior to 7.5
of the mentioned product. Security patches are available to resolve these
vulnerabilities.
URL:xforce.iss.net/xforce/xfdb/98306
URL:xforce.iss.net/xforce/xfdb/98307
URL:xforce.iss.net/xforce/xfdb/98308
20.
Vulnerability in Linux
Kernel
[29/10/2014]
Vulnerability was identified in the Linux
Kernel. An attacker could cause a denial of service condition. The affected
version was not specified. Security patches are available to resolve this
vulnerability.
URL:git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b69040d8e39f20d5215a03502a8e8b4c6ab78395
URL:xforce.iss.net/xforce/xfdb/98310
21.
Security Updates in Mandriva
(MDVSA-2014:210)
[29/10/2014] Mandriva
has released security update packages for fixing the vulnerabilities identified
in the mariadb packages for version MBS1 of Mandriva GNU/Linux. Due to multiple
errors, an attacker could bypass security restrictions, obtain sensitive
information and cause a denial of service
condition.
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2014%3A210/
22.
Security Updates in Red Hat Enterprise
Linux (RHSA-2014:1724-1, RHSA-2014:1726-1,
RHSA-2014:1728-1)
[29/10/2014] Red Hat
has released security update packages for fixing the vulnerabilities identified
in the kernel, Red Hat JBoss Enterprise Application Platform 5.2.0 and Red Hat
JBoss Enterprise Web Platform 5.2.0 packages for Red Hat Enterprise Linux 4, 5,
6 and 7. Due to multiple errors, an attacker could crash the system and cause a
denial of service
condition.
URL:rhn.redhat.com/errata/RHSA-2014-1724.html
URL:rhn.redhat.com/errata/RHSA-2014-1726.html
URL:rhn.redhat.com/errata/RHSA-2014-1728.html
23.
Security Updates in Ubuntu GNU/Linux
(USN-2390-1)
[29/10/2014] Ubuntu has
released security update packages for fixing the vulnerability identified in the
pidgin packages for versions 12.04 LTS, 14.04 LTS and 14.10 of Ubuntu GNU/Linux.
An attacker could obtain sensitive information, cause a denial of service
condition and crash the
system.
URL:www.ubuntu.com/usn/usn-2390-1/
24. Vulnerability in Cisco
Router
[28/10/2014]
Vulnerability was identified in the Cisco ASR901
router. An attacker could bypass security restrictions and cause a denial of
service condition. This vulnerability affects multiple firmware versions of the
mentioned product. Security patches are available to resolve this
vulnerability.
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3293
URL:xforce.iss.net/xforce/xfdb/97769
25.
Vulnerability in Linux
Kernel
[28/10/2014]
Vulnerability was identified in the Linux
Kernel. An attacker could bypass security restrictions, cause a denial of
service condition and crash the system. The affected version was not specified.
Security patches are available to resolve this
vulnerability.
URL:git.kernel.org/cgit/virt/kvm/kvm.git/commit/?id=854e8bb1aa06c578c2c9145fa6bfe3680ef63b23
URL:xforce.iss.net/xforce/xfdb/97775
26.
Vulnerability in GNU Wget
(97778)
[28/10/2014]
Vulnerability was identified in the GNU Wget. An
attacker could bypass security restrictions, gain elevated privileges, execute
arbitrary code and perform symlink attacks. The affected version was not
specified. Security patches are available to resolve this
vulnerability.
URL:xforce.iss.net/xforce/xfdb/97778
27.
Security Updates in Oracle
Solaris
[28/10/2014]
Oracle has released security update packages for
fixing the vulnerabilities identified in the OpenSSL package for Oracle Solaris
10 and 11.2. An attacker could bypass security restrictions, obtain sensitive
information, execute arbitrary code, cause a denial of service condition and
crash the
system.
URL:blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_openssl6
28.
Security Updates in Debian (DSA-3057-1,
DSA-3058-1)
[28/10/2014] Debian has
released security update packages for fixing the vulnerabilities identified in
the libxml2 and torque packages for multiple versions of Debian GNU/Linux. Due
to multiple errors, an attacker could bypass security restrictions and cause a
denial of service
condition.
URL:www.debian.org/security/2014/dsa-3057
URL:www.debian.org/security/2014/dsa-3058
29.
Security Updates in Ubuntu GNU/Linux
(USN-2389-1)
[28/10/2014] Ubuntu has
released security update packages for fixing the vulnerability identified in the
libxml2 package for versions 10.04 LTS, 12.04 LTS and 14.04 LTS of Ubuntu
GNU/Linux. An attacker could bypass security restrictions and cause a denial of
service
condition.
URL:www.ubuntu.com/usn/usn-2389-1/
30.
Vulnerabilities in Apache
CXF
[27/10/2014] Vulnerabilities were identified in the Apache CXF. An
attacker could bypass security restriction, perform spoofing attacks and cause a
denial of service condition. These vulnerabilities affect multiple versions of
the mentioned product. Security patches are available to resolve these
vulnerabilities.
URL:cxf.apache.org/security-advisories.html
URL:xforce.iss.net/xforce/xfdb/97753
URL:xforce.iss.net/xforce/xfdb/97754
31.
Vulnerability in Cisco
Products
[27/10/2014]
Vulnerability was identified in the Cisco IOS
and IOS XE Software. An attacker could bypass security restrictions and cause a
denial of service condition. This vulnerability affects multiple firmware
versions of the mentioned products. Security patches are available to resolve
this
vulnerability.
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3409
32.
Vulnerabilities in IBM Products (1682034,
1682038, 1686801, 1686824)
[27/10/2014] Vulnerabilities were identified in the IBM Endpoint Manager
for Remote Control, IBM API Management and IBM Notes and Domino. An attacker
could bypass security restrictions, obtain sensitive information, gain elevated
privileges, execute arbitrary code, cause a denial of service condition and
compromise a vulnerable system. These vulnerabilities affect multiple versions
of mentioned products. Security patches are available to resolve these
vulnerabilities.
URL:www.ibm.com/support/docview.wss?uid=swg21682034
URL:www.ibm.com/support/docview.wss?uid=swg21682038
URL:www.ibm.com/support/docview.wss?uid=swg21686801
URL:www.ibm.com/support/docview.wss?uid=swg21686824
URL:www.hkcert.org/my_url/en/alert/14102701
URL:xforce.iss.net/xforce/xfdb/96813
33.
Vulnerabilities in Huawei Products
(Huawei-SA-20141024-01-Bash)
[27/10/2014] Vulnerabilities were identified in multiple Huawei products.
An attacker could bypass security restrictions, gain elevated privileges,
execute arbitrary code and compromise a vulnerable system. These vulnerabilities
affect multiple versions of the mentioned products. Security patches are
available to resolve these
vulnerabilities.
URL:www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-377648.htm
34.
Vulnerability in Electric Cloud
ElectricCommander (97735)
[27/10/2014] Vulnerability was identified in the Electric Cloud
ElectricCommander. An attacker could bypass security restrictions and gain
elevated privileges. This vulnerability affects version 4.2.4.71224 of the
mentioned
product.
URL:xforce.iss.net/xforce/xfdb/97735
35.
Vulnerability in OpenBSD
(97747)
[27/10/2014]
Vulnerability was identified in the OpenBSD. An
attacker could cause a denial of service condition and crash the system. This
vulnerability affects version 5.5 of the mentioned
product.
URL:xforce.iss.net/xforce/xfdb/97747
36.
Vulnerabilities in Linux Kernel (97750,
97751)
[27/10/2014]
Vulnerabilities were identified in the Linux
Kernel. An attacker could bypass security restrictions, cause a denial of
service condition and crash the system. The affected version was not specified.
Security patches are available to resolve these
vulnerabilities.
URL:xforce.iss.net/xforce/xfdb/97750
URL:xforce.iss.net/xforce/xfdb/97751
37.
Vulnerabilities in TestLink (97727,
97728)
[27/10/2014]
Vulnerabilities were identified in the TestLink.
An attacker could bypass security restrictions, obtain sensitive information,
gain elevated privileges, execute arbitrary code and perform code injection
attacks. These vulnerabilities affect version 1.9.12 of the mentioned product.
Security patches are available to resolve these
vulnerabilities.
URL:xforce.iss.net/xforce/xfdb/97727
URL:xforce.iss.net/xforce/xfdb/97728
38.
Vulnerabilities in TYPO3
(TYPO3-CORE-SA-2014-002)
[27/10/2014] Vulnerabilities were identified in the TYPO3. An attacker
could bypass security restrictions, obtain sensitive information, gain elevated
privileges, execute arbitrary code, cause a denial of service condition and
compromise a vulnerable system. These vulnerabilities affect multiple versions
of the mentioned product. Security patches are available to resolve these
vulnerabilities.
URL:typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-002/
39.
Vulnerability in
libmagic
[27/10/2014]
Vulnerability was identified in the libmagic. An
attacker could bypass security restrictions, cause a denial of service condition
and crash the system. This vulnerability affects version 5.20 and possibly prior
versions of the mentioned product. Security patches are available to resolve
this
vulnerability.
URL:bugzilla.redhat.com/show_bug.cgi?id=1155071
40.
Security Updates in Debian (DSA-3055-1,
DSA-3056-1)
[27/10/2014] Debian has
released security update packages for fixing the vulnerabilities identified in
the pidgin and libtasn1-3 packages for multiple versions of Debian GNU/Linux.
Due to multiple errors, an attacker could bypass security restrictions, obtain
sensitive information, execute arbitrary code, cause a denial of service
condition and crash the
system.
URL:www.debian.org/security/2014/dsa-3055
URL:www.debian.org/security/2014/dsa-3056
41.
Security Updates in Mandriva
(MDVSA-2014:205, MDVSA-2014:206, MDVSA-2014:207, MDVSA-2014:208,
MDVSA-2014:209)
[27/10/2014] Mandriva
has released security update packages for fixing the vulnerabilities identified
in the lua, ctags, ejabberd, phpmyadmin and java-1.7.0-openjdk packages for
version MBS1 of Mandriva GNU/Linux. Due to multiple errors, an attacker could
bypass security restrictions, obtain sensitive information, execute arbitrary
code, perform code injection attacks, cause a denial of service condition and
crash the
system.
URL:www.mandriva.com/en/support/security/advisories/mbs1/MDVSA-2014%3A205/
URL:www.mandriva.com/en/support/security/advisories/mbs1/MDVSA-2014%3A206/
URL:www.mandriva.com/en/support/security/advisories/mbs1/MDVSA-2014%3A207/
URL:www.mandriva.com/en/support/security/advisories/mbs1/MDVSA-2014%3A208/
URL:www.mandriva.com/en/support/security/advisories/mbs1/MDVSA-2014%3A209/
42.
Security Updates in Mageia
(MGASA-2014-0414, MGASA-2014-0415, MGASA-2014-0416, MGASA-2014-0417,
MGASA-2014-0418, MGASA-2014-0419, MGASA-2014-0420, MGASA-2014-0421,
MGASA-2014-0422, MGASA-2014-0423, MGASA-2014-0424,
MGASA-2014-0425)
[27/10/2014] Mageia has
released security update packages for fixing the vulnerabilities identified in
the lua5.1, lua, ctags, openssl, ejabberd, libxml2, iceape, phpmyadmin, libpng,
libvpx, sqlite3, nss, firefox, firefox-l10n, thunderbird, thunderbird-l10n,
thunderbird-lightning, java-1.7.0-openjdk, drupal, mariadb and pidgin packages
for multiple versions of Mageia. Due to multiple errors, an attacker could
bypass security restrictions, obtain sensitive information, gain elevated
privileges, execute arbitrary code, cause a denial of service condition and
compromise a vulnerable
system.
URL:advisories.mageia.org/MGASA-2014-0414.html
URL:advisories.mageia.org/MGASA-2014-0415.html
URL:advisories.mageia.org/MGASA-2014-0416.html
URL:advisories.mageia.org/MGASA-2014-0417.html
URL:advisories.mageia.org/MGASA-2014-0418.html
URL:advisories.mageia.org/MGASA-2014-0419.html
URL:advisories.mageia.org/MGASA-2014-0420.html
URL:advisories.mageia.org/MGASA-2014-0421.html
URL:advisories.mageia.org/MGASA-2014-0422.html
URL:advisories.mageia.org/MGASA-2014-0423.html
URL:advisories.mageia.org/MGASA-2014-0424.html
URL:advisories.mageia.org/MGASA-2014-0425.html
43.
Security Updates in Slackware
(SSA:2014-296-01, SSA:2014-296-02)
[27/10/2014] Slackware
has released security update packages for fixing the vulnerabilities identified
in the glibc and pidgin packages for multiple versions of Slackware Linux. Due
to multiple errors, an attacker could bypass security restrictions, obtain
sensitive information, execute arbitrary code, perform code injection attacks,
cause a denial of service condition and crash the
system.
URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2014&m=slackware-security.647059
URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2014&m=slackware-security.540575
Source(s)
of above information:ApacheBugzillaCiscoDebianDrupalF5
NetworksHKCERTHuaweiIBMIBM
ISSKernelMageiaMandrivaMicrosoftopenSUSEOracleRed
HatSlackwareTYPO3UbuntuUS-CERT
No comments:
Post a Comment