1. Vulnerabilities in IBM Products (1692551, 1692733,
1693142)
[24/12/2014]
Vulnerabilities were identified in the IBM Notes
and Domino. An attacker could bypass security restrictions, obtain sensitive
information and execute arbitrary code. These vulnerabilities affect multiple
versions of the mentioned products. Security patches are available to resolve
these
vulnerabilities.
URL:www-01.ibm.com/support/docview.wss?uid=swg21692551
URL:www-01.ibm.com/support/docview.wss?uid=swg21692733
URL:www-01.ibm.com/support/docview.wss?uid=swg21693142
2. Vulnerabilities in Novell Identity Manager (5197650,
5197651, 5197654, 5197655)
[24/12/2014] Vulnerabilities were identified in the Novell Identity
Manager. An attacker could bypass security restrictions, obtain sensitive
information and execute arbitrary code. These vulnerabilities affect multiple
versions of the mentioned product. Security patches are available to resolve
these
vulnerabilities.
URL:download.novell.com/Download?buildid=BIcWI30ek-Y~
URL:download.novell.com/Download?buildid=CN5WxfiN2Ek~
URL:download.novell.com/Download?buildid=FeB0mK1i9NU~
URL:download.novell.com/Download?buildid=X7DYbkPceZk~
3. Vulnerability in F5 BIG-IP LTM
(SOL15931)
[24/12/2014]
Vulnerability was identified in the BIG-IP LTM.
An attacker could bypass security restrictions, cause a denial of service
condition and crash the application. This vulnerability affects multiple
versions of the mentioned product. Security patches are available to resolve
this
vulnerability.
URL:support.f5.com/kb/en-us/solutions/public/15000/900/sol15931.html
4. Vulnerabilities in VDG Sense (99331, 99332, 99333,
99334)
[24/12/2014]
Vulnerabilities were identified in the VDG
Sense. An attacker could bypass security restrictions, obtain sensitive
information and execute arbitrary code. These vulnerabilities affect version
2.3.13 of the mentioned
product.
URL:xforce.iss.net/xforce/xfdb/99331
URL:xforce.iss.net/xforce/xfdb/99332
URL:xforce.iss.net/xforce/xfdb/99333
URL:xforce.iss.net/xforce/xfdb/99334
5. Vulnerability in TWiki
(99341)
[24/12/2014]
Vulnerability was identified in the TWiki. An
attacker could bypass security restrictions, execute arbitrary code and perform
cross-site scripting attacks. This vulnerability affects versions 6.0.0 and
6.0.1 of the mentioned product. Security patches are available to resolve this
vulnerability.
URL:xforce.iss.net/xforce/xfdb/99341
6. Vulnerability in UnZip
(ocert-2014-011)
[24/12/2014] Vulnerability was identified in the UnZip. An attacker could
bypass security restrictions, cause a denial of service condition, execute
arbitrary code and compromise the system. This vulnerability affects version 6.0
and prior of the mentioned
product.
URL:www.ocert.org/advisories/ocert-2014-011.html
URL:www.us-cert.gov/ncas/current-activity/2014/12/22/oCERT-Releases-Advisory-Unpatched-UnZip-Vulnerability
7. Security Updates in Debian (DSA-3110-1,
DSA-3112-1)
[24/12/2014] Debian has
released security update packages for fixing the vulnerabilities identified in
the mediawiki and sox packages for multiple versions of Debian GNU/Linux. Due to
multiple errors, an attacker could bypass security restrictions, execute
arbitrary code, cause a denial of service condition and crash the
system.
URL:www.debian.org/security/2014/dsa-3110
URL:www.debian.org/security/2014/dsa-3112
8. Security Updates in FreeBSD
(FreeBSD-SA-14:31.ntp)
[24/12/2014] FreeBSD
has released security update packages for fixing the vulnerabilities identified
in the ntp package for multiple versions of FreeBSD. An attacker could bypass
security restrictions, gain elevated privileges, execute arbitrary code, cause a
denial of service condition and crash the
system.
URL:www.freebsd.org/security/advisories/FreeBSD-SA-14:31.ntp.asc
9. Security Updates in Mageia (MGASA-2014-0544,
MGASA-2014-0545, MGASA-2014-0546)
[24/12/2014] Mageia has
released security update packages for fixing the vulnerabilities identified in
the libjpeg, subversion and git packages for multiple versions of Mageia. Due to
multiple errors, an attacker could bypass security restrictions, gain elevated
privileges, execute arbitrary code, cause a denial of service condition and
crash the
system.
URL:advisories.mageia.org/MGASA-2014-0544.html
URL:advisories.mageia.org/MGASA-2014-0545.html
URL:advisories.mageia.org/MGASA-2014-0546.html
10.
Security Updates in SUSE
(SUSE-SU-2014:1690-1, SUSE-SU-2014:1693-1, SUSE-SU-2014:1694-1,
SUSE-SU-2014:1695-1)
[24/12/2014] SUSE has
released security update packages for fixing the vulnerabilities identified in
the ntp, kernel and openvpn packages of SUSE Linux Enterprise 11 and 12. Due to
multiple errors, an attacker could bypass security restrictions, obtain
sensitive information, execute arbitrary code, cause a denial of service
condition and crash the
application.
URL:lists.opensuse.org/opensuse-security-announce/2014-12/msg00026.html
URL:lists.opensuse.org/opensuse-security-announce/2014-12/msg00027.html
URL:lists.opensuse.org/opensuse-security-announce/2014-12/msg00028.html
URL:lists.opensuse.org/opensuse-security-announce/2014-12/msg00029.html
11.
Vulnerabilities in Apple OS X NTP
(HT6601)
[23/12/2014]
Vulnerabilities was identified in the Apple OS X
NTP. An attacker could bypass security restrictions, execute arbitrary code,
cause a denial of service condition and crash the application. These
vulnerabilities affect multiple versions of the mentioned product. Security
patches are available to resolve these
vulnerabilities.
URL:support.apple.com/en-us/HT6601
12.
Vulnerabilities in Cisco Products
(cisco-sa-20141222-ntpd)
[23/12/2014] Vulnerabilities were identified in multiple Cisco products
incorporated ntpd package and Cisco Identity Services Engine Software. An
attacker could bypass security restrictions, obtain sensitive information, gain
elevated privileges, execute arbitrary code, cause a denial of service condition
and crash the application. These vulnerabilities affect multiple firmware
versions of the mentioned
products.
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141222-ntpd
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8015
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8017
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8018
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8026
13.
Vulnerability in F5 Products
(SOL15927)
[23/12/2014]
Vulnerability was identified in the BIG-IP LTM
and BIG-IP GTM. An attacker could bypass security restrictions, cause a denial
of service condition and crash the application. These vulnerabilities affect
multiple versions of the mentioned products. Security patches are available to
resolve this
vulnerability.
URL:support.f5.com/kb/en-us/solutions/public/15000/900/sol15927.html
14.
Vulnerability in Allegro RomPager
Firmware
[23/12/2014]
Vulnerability was identified in multiple
broadband routers employing the Allegro RomPager firmware. An attacker could
bypass security restrictions, gain elevated privileges, execute arbitrary code
and compromise the system. This vulnerability affects firmware versions prior to
4.34 of the mentioned
product.
URL:www.hkcert.org/my_url/en/alert/14122202
URL:www.kb.cert.org/vuls/id/561444
URL:www.us-cert.gov/ncas/current-activity/2014/12/20/Misfortune-Cookie-Broadband-Router-Vulnerability
15.
Security Updates in Debian (DSA-3107-1,
DSA-3108-1)
[23/12/2014] Debian has
released security update packages for fixing the vulnerabilities identified in
the subversion and ntp packages for multiple versions of Debian GNU/Linux. Due
to multiple errors, an attacker could bypass security restrictions, gain
elevated privileges, execute arbitrary code, cause a denial of service condition
and crash the
system.
URL:www.debian.org/security/2014/dsa-3107
URL:www.debian.org/security/2014/dsa-3108
16.
Security Updates in Gentoo Linux (GLSA
201412-32, GLSA 201412-33)
[23/12/2014] Gentoo has
released security update packages for fixing the vulnerabilities identified in
the sendmail and pdns-recursor packages for multiple versions of Gentoo Linux.
Due to multiple errors, an attacker could bypass security restrictions, obtain
sensitive information, execute arbitrary code, cause a denial of service
condition and crash the
system.
URL:www.gentoo.org/security/en/glsa/glsa-201412-32.xml
URL:www.gentoo.org/security/en/glsa/glsa-201412-33.xml
17.
Security Updates in Mageia
(MGASA-2014-0530, MGASA-2014-0531, MGASA-2014-0532, MGASA-2014-0533,
MGASA-2014-0534, MGASA-2014-0535, MGASA-2014-0536, MGASA-2014-0537,
MGASA-2014-0538, MGASA-2014-0539, MGASA-2014-0540, MGASA-2014-0541,
MGASA-2014-0542, MGASA-2014-0543)
[23/12/2014] Mageia has
released security update packages for fixing the vulnerabilities identified in
the c-icap, claws-mail, x11-server, unrtf, pcre, pwgen, krb5, file, nail,
jasper, dokuwiki, ntp, php, php-apc and znc packages for multiple versions of
Mageia. Due to multiple errors, an attacker could bypass security restrictions,
obtain sensitive information, gain elevated privileges, execute arbitrary code,
cause a denial of service condition and compromise the
system.
URL:advisories.mageia.org/MGASA-2014-0530.html
URL:advisories.mageia.org/MGASA-2014-0531.html
URL:advisories.mageia.org/MGASA-2014-0532.html
URL:advisories.mageia.org/MGASA-2014-0533.html
URL:advisories.mageia.org/MGASA-2014-0534.html
URL:advisories.mageia.org/MGASA-2014-0535.html
URL:advisories.mageia.org/MGASA-2014-0536.html
URL:advisories.mageia.org/MGASA-2014-0537.html
URL:advisories.mageia.org/MGASA-2014-0538.html
URL:advisories.mageia.org/MGASA-2014-0539.html
URL:advisories.mageia.org/MGASA-2014-0540.html
URL:advisories.mageia.org/MGASA-2014-0541.html
URL:advisories.mageia.org/MGASA-2014-0542.html
URL:advisories.mageia.org/MGASA-2014-0543.html
18.
Security Updates in SUSE
(openSUSE-SU-2014:1680-1, SUSE-SU-2014:1686-1)
[23/12/2014] SUSE has
released security update packages for fixing the vulnerabilities identified in
the ntp package of SUSE Linux Enterprise 11 and openSUSE Evergreen 11.4. Due to
multiple errors, an attacker could bypass security restrictions, obtain
sensitive information, execute arbitrary code, cause a denial of service
condition and crash the
application.
URL:lists.opensuse.org/opensuse-security-announce/2014-12/msg00024.html
URL:lists.opensuse.org/opensuse-security-announce/2014-12/msg00025.html
19.
Security Updates in Red Hat Enterprise
Linux (RHSA-2014:2028-1, RHSA-2014:2029-1, RHSA-2014:2030-1,
RHSA-2014:2031-1)
[23/12/2014] Red Hat
has released security update packages for fixing the vulnerability identified in
the kernel package for Red Hat Enterprise Linux 5 and 6. An attacker could
bypass security restrictions and gain elevated
privileges.
URL:rhn.redhat.com/errata/RHSA-2014-2028.html
URL:rhn.redhat.com/errata/RHSA-2014-2029.html
URL:rhn.redhat.com/errata/RHSA-2014-2030.html
URL:rhn.redhat.com/errata/RHSA-2014-2031.html
20.
Security Updates in Ubuntu GNU/Linux
(USN-2449-1)
[23/12/2014] Ubuntu has
released security update packages for fixing the vulnerabilities identified in
the ntp packages for versions 10.04 LTS, 12.04 LTS, 14.04 LTS and 14.10 of
Ubuntu GNU/Linux. Due to multiple errors, an attacker could bypass security
restrictions, obtain sensitive information, execute arbitrary code, cause a
denial of service condition and crash the
system.
URL:www.ubuntu.com/usn/usn-2449-1/
21. Vulnerabilities in Cisco
Products
[22/12/2014]
Vulnerabilities were identified in the Cisco
Adaptive Security Appliance (ASA) Software, Cisco Prime Infrastructure and Cisco
Enterprise Content Delivery System (ECDS). An attacker could bypass security
restrictions, traverse directories and obtain sensitive information. These
vulnerabilities affect multiple firmware versions of the mentioned products.
Security patches are available to resolve these
vulnerabilities.
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3410
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8007
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8019
22.
Vulnerability in Symantec Deployment
Solution (SYM14-017)
[22/12/2014] Vulnerability was identified in the Symantec Deployment
Solution. An attacker could bypass security restrictions, gain elevated
privileges and execute arbitrary code. This vulnerability affects versions 6.9
and prior of the mentioned product to Windows XP (SP3) or Windows Server 2003
(SP2).
URL:www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20141219_00
23.
Vulnerabilities in Huawei Home Gateway
(Huawei-SA-20141219- RomPager)
[22/12/2014] Vulnerabilities were identified in Huawei Home Gateway HG530
employing the Allegro RomPager firmware. An attacker could bypass security
restrictions, gain elevated privileges, execute arbitrary code and compromise
the system. These vulnerabilities affect firmware versions prior to
V100R001C10B025 of the mentioned product. Security patches are available to
resolve these
vulnerabilities.
URL:www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-407666.htm
24.
Vulnerability in AppsGeyser
(VU#1680209)
[22/12/2014] Vulnerability was identified in multiple AppsGeyser generated
Android applications. An attacker could bypass security restrictions, obtain
sensitive information and execute arbitrary code. This vulnerability affects
multiple versions of the mentioned application generated by
AppsGeyser.
URL:www.kb.cert.org/vuls/id/1680209
25.
Vulnerabilities in Network Time
Protocol
[22/12/2014]
Vulnerabilities were identified in Network Time
Protocol(NTP). An attacker could bypass security restrictions, obtain sensitive
information, gain elevated privileges and execute arbitrary code. These
vulnerabilities affect versions prior to 4.2.8 of the mentioned product.
Security patches are available to resolve these
vulnerabilities.
URL:support.ntp.org/bin/view/Main/SecurityNotice
URL:www.kb.cert.org/vuls/id/852879
URL:www.us-cert.gov/ncas/current-activity/2014/12/19/Vulnerabilities-Identified-Network-Time-Protocol-Daemon
26.
Vulnerability in WordPress Download
Manager
[22/12/2014]
Vulnerability was identified in the WordPress
Download Manager. An attacker could bypass security restrictions and execute
arbitrary PHP code. This vulnerability affects versions prior to 2.7.5 of the
mentioned product. Security patches are available to resolve this
vulnerability.
URL:www.hkcert.org/my_url/en/alert/14121901
27.
Security Updates in Oracle Products
(ELSA-2014-2023, ELSA-2014-2024, ELSA-2014-2025,
ELSA-2014-3106)
[22/12/2014] Oracle has
released security update packages for fixing the vulnerabilities identified in
the glibc, ntp and Unbreakable Enterprise kernel packages for Oracle Linux 5, 6
and 7. Due to multiple errors, an attacker could bypass security restrictions,
obtain sensitive information, gain elevated privileges, execute arbitrary code,
cause a denial of service condition and compromise the
system.
URL:linux.oracle.com/errata/ELSA-2014-2023.html
URL:linux.oracle.com/errata/ELSA-2014-2024.html
URL:linux.oracle.com/errata/ELSA-2014-2025.html
URL:linux.oracle.com/errata/ELSA-2014-3106.html
28.
Security Updates in Debian (DSA-3106-1,
DSA-3109-1)
[22/12/2014] Debian has
released security update packages for fixing the vulnerabilities identified in
the jasper and firebird2.5 packages for multiple versions of Debian GNU/Linux.
Due to multiple errors, an attacker could bypass security restrictions, execute
arbitrary code, cause a denial of service condition and crash the
system.
URL:www.debian.org/security/2014/dsa-3106
URL:www.debian.org/security/2014/dsa-3109
29.
Security Updates in SUSE
(openSUSE-SU-2014:1669-1, openSUSE-SU-2014:1670-1, openSUSE-SU-2014:1677-1,
openSUSE-SU-2014:1678-1, openSUSE-SU-2014:1679-1)
[22/12/2014] SUSE has released security update packages for fixing the
vulnerabilities identified in the Linux Kernel, ntp and clamav packages of
openSUSE 12.3, 13.1 and 13.2, and openSUSE Evergreen 11.4. Due to multiple
errors, an attacker could bypass security restrictions, obtain sensitive
information, execute arbitrary code, cause a denial of service condition and
compromise the
system.
URL:lists.opensuse.org/opensuse-security-announce/2014-12/msg00019.html
URL:lists.opensuse.org/opensuse-security-announce/2014-12/msg00020.html
URL:lists.opensuse.org/opensuse-security-announce/2014-12/msg00021.html
URL:lists.opensuse.org/opensuse-security-announce/2014-12/msg00022.html
URL:lists.opensuse.org/opensuse-security-announce/2014-12/msg00023.html
30.
Security Updates in Red Hat Enterprise
Linux (RHSA-2014:2024-1, RHSA-2014:2025-1)
[22/12/2014] Red Hat
has released security update packages for fixing the vulnerabilities identified
in the ntp package for Red Hat Enterprise Linux 5, 6 and 7. Due to multiple
errors, an attacker could bypass security restrictions, gain elevated
privileges, obtain sensitive information and execute arbitrary
code.
URL:rhn.redhat.com/errata/RHSA-2014-2024.html
URL:rhn.redhat.com/errata/RHSA-2014-2025.html
31.
Security Updates in Ubuntu GNU/Linux
(USN-2447-2, USN-2448-2)
[22/12/2014] Ubuntu has
released security update packages for fixing the vulnerabilities identified in
the linux-lts-utopic and linux packages for versions 14.04 LTS and 14.10 of
Ubuntu GNU/Linux. Due to multiple errors, an attacker could bypass security
restrictions, obtain sensitive information, cause a denial of service condition
and crash the
system.
URL:www.ubuntu.com/usn/usn-2447-2/
URL:www.ubuntu.com/usn/usn-2448-2/
Tuesday, December 30, 2014
IT Security Alerts Weekly Digest (21 Dec ~ 27 Dec 2014)
Sunday, December 21, 2014
IT Security Alerts Weekly Digest (14 Dec ~ 20 Dec 2014)
1. Vulnerability
in Apple Xcode (APPLE-SA-2014-12-18-1)
[19/12/2014] Vulnerability was identified in the Apple OS X Mavericks Xcode. An attacker could bypass security restrictions and execute arbitrary code. This vulnerability affects versions prior to 6.2 beta 3 of the mentioned product. Security patches are available to resolve this vulnerability.
URL:support.apple.com/en-us/HT204147
2. Vulnerability in Cisco IronPort Email Security Appliance
[19/12/2014] Vulnerability was identified in the Cisco IronPort Email Security Appliance. An attacker could bypass security restrictions, cause a denial of service condition and crash the system. This vulnerability affects multiple firmware versions of the mentioned product. Security patches are available to resolve this vulnerability.
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8016
3. Vulnerabilities in Novell Products (5196930, 5197070, 5197071, 5197072)
[19/12/2014] Vulnerabilities were identified in the Novell NetIQ eDirectory, Novell iManager and Novell GroupWise. An attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and crash the application. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:download.novell.com/Download?buildid=3dJODsdcDKE~
URL:download.novell.com/Download?buildid=gHTDteZoK34~
URL:download.novell.com/Download?buildid=mdWLZGP0Glk~
URL:download.novell.com/Download?buildid=tveSooKDw3Q~
4. Vulnerabilities in F5 Products (SOLl15920)
[19/12/2014] Vulnerabilities were identified in the BIG-IP LTM, BIG-IP APM, BIG-IP ASM, BIG-IP Edge Gateway, BIG-IP GTM, BIG-IP Link Controller, BIG-IP PSM, BIG-IP WebAccelerator, BIG-IP WOM, ARX and Enterprise Manager. An attacker could bypass security restrictions, cause a denial of service condition and crash the application. These vulnerabilities affect multiple versions of the mentioned products.
URL:support.f5.com/kb/en-us/solutions/public/15000/900/sol15920.html
5. Vulnerability in Dell iDRAC (VU#843044)
[19/12/2014] Vulnerability was identified in the Dell iDRAC Intelligent Platform Management Interface (IPMI). An attacker could bypass security restrictions, gain elevated privileges and execute arbitrary code. This vulnerability affects version 1.5 of the mentioned product. Security patches are available to resolve this vulnerability.
URL:www.kb.cert.org/vuls/id/843044
6. Vulnerabilities in Ettercap (99314, 99315, 99316, 99317, 99319)
[19/12/2014] Vulnerabilities were identified in Ettercap. An attacker could bypass security restrictions, execute arbitrary code, cause a denial of service condition and crash the system. These vulnerabilities affect versions 8.0 and 8.1 of the mentioned products.
URL:xforce.iss.net/xforce/xfdb/99314
URL:xforce.iss.net/xforce/xfdb/99315
URL:xforce.iss.net/xforce/xfdb/99316
URL:xforce.iss.net/xforce/xfdb/99317
URL:xforce.iss.net/xforce/xfdb/99319
7. Security Updates in Oracle Products (ELSA-2014-2008, ELSA-2014-2008-1, ELSA-2014-2010, ELSA-2014-2021, ELSA-2014-3107, ELSA-2014-3108)
[19/12/2014] Oracle has released security update packages for fixing the vulnerabilities identified in the kernel, jasper and Unbreakable Enterprise kernel packages for Oracle Linux 5, 6 and 7. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:linux.oracle.com/errata/ELSA-2014-2008.html
URL:linux.oracle.com/errata/ELSA-2014-2008-1.html
URL:linux.oracle.com/errata/ELSA-2014-2010.html
URL:linux.oracle.com/errata/ELSA-2014-2021.html
URL:linux.oracle.com/errata/ELSA-2014-3107.html
URL:linux.oracle.com/errata/ELSA-2014-3108.html
8. Security Updates in Gentoo Linux (GLSA 201412-31)
[19/12/2014] Gentoo has released security update packages for fixing the vulnerabilities identified in the znc package for multiple versions of Gentoo Linux. Due to multiple errors, an attacker could bypass security restrictions, cause a denial of service condition and crash the system.
URL:www.gentoo.org/security/en/glsa/glsa-201412-31.xml
9. Security Updates in Red Hat Enterprise Linux (RHSA-2014:2010-1, RHSA-2014:2019-1)
[19/12/2014] Red Hat has released security update packages for fixing the vulnerabilities identified in the kernel package for Red Hat Enterprise Linux 7, and Red Hat JBoss Enterprise Application Platform 6.3.2 package for Red Hat Enterprise Linux 5, 6 and 7. Due to multiple errors, an attacker could bypass security restrictions, gain elevated privileges and obtain sensitive information.
URL:rhn.redhat.com/errata/RHSA-2014-2010.html
URL:rhn.redhat.com/errata/RHSA-2014-2019.html
10. Vulnerabilities in Cisco Products
[18/12/2014] Vulnerabilities were identified in the Cisco Adaptive Security Appliance (ASA) Software and Cisco IOS XR Software. An attacker could bypass security restrictions, execute arbitrary code, cause a denial of service condition and crash the system. These vulnerabilities affect multiple firmware versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8012
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8014
11. Vulnerabilities in IBM Products (1684475, 1692358)
[18/12/2014] Vulnerabilities were identified in the IBM Security Access Manager for Mobile, IBM Security Access Manager for Web, IBM DB2 Express Edition, IBM DB2 Workgroup Server Edition, IBM DB2 Enterprise Server Edition, IBM DB2 Advanced Enterprise Server Edition, IBM DB2 Advanced Workgroup Server Edition, IBM DB2 Connect Application Server Edition, IBM DB2 Connect Enterprise Edition, IBM DB2 Connect Unlimited Edition for System i and IBM DB2 Connect Unlimited Edition for System z. An attacker could bypass security restrictions, gain elevated privileges, obtain sensitive information, execute arbitrary code, cause a denial of service condition and crash the application. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:www-01.ibm.com/support/docview.wss?uid=swg21684475
URL:www-01.ibm.com/support/docview.wss?uid=swg21692358
URL:xforce.iss.net/xforce/xfdb/95729
URL:xforce.iss.net/xforce/xfdb/95811
URL:xforce.iss.net/xforce/xfdb/99110
12. Vulnerabilities in Novell NetIQ Access Manager (5197170)
[18/12/2014] Vulnerabilities were identified in the Novell NetIQ Access Manager. An attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and crash the application. These vulnerabilities affect versions 4.0 and 4.0.1 of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:download.novell.com/Download?buildid=i7RBltaqcVw~
13. Vulnerabilities in Huawei eSpace Desktop Products (Huawei-SA-20141217-espace)
[18/12/2014] Vulnerabilities were identified in multiple Huawei eSpace Desktop products. An attacker could bypass security restrictions, execute arbitrary code, cause a denial of service condition and crash the system. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-406589.htm
14. Security Updates in Oracle Products (ELSA-2014-1997)
[18/12/2014] Oracle has released security update packages for fixing the vulnerabilities identified in the kernel package for Oracle Linux 6. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:linux.oracle.com/errata/ELSA-2014-1997.html
15. Security Updates in Debian (DSA-3104-1, DSA-3105-1)
[18/12/2014] Debian has released security update packages for fixing the vulnerabilities identified in the bsd-mailx and heirloom-mailx packages for multiple versions of Debian GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions and execute arbitrary code.
URL:www.debian.org/security/2014/dsa-3104
URL:www.debian.org/security/2014/dsa-3105
16. Security Updates in FreeBSD (FreeBSD-SA-14:30.unbound)
[18/12/2014] FreeBSD has released security update packages for fixing the vulnerability identified in the unbound package for multiple versions of FreeBSD. An attacker could bypass security restrictions, cause a denial of service condition and crash the system.
URL:www.freebsd.org/security/advisories/FreeBSD-SA-14:30.unbound.asc
17. Security Updates in Red Hat Enterprise Linux (RHSA-2014:2008-1, RHSA-2014:2009-1)
[18/12/2014] Red Hat has released security update packages for fixing the vulnerability identified in the kernel package for Red Hat Enterprise Linux 5 and 6.5 Extended Update Support. An attacker could bypass security restrictions and gain elevated privileges.
URL:rhn.redhat.com/errata/RHSA-2014-2008.html
URL:rhn.redhat.com/errata/RHSA-2014-2009.html
18. Vulnerability in Cisco ISB8320-E IP Only DVR
[17/12/2014] Vulnerability was identified in the Cisco ISB8320-E IP Only DVR. An attacker could bypass security restrictions and compromise the system. This vulnerability affects multiple firmware versions of the mentioned product. Security patches are available to resolve this vulnerability.
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8006
19. Vulnerabilities in IBM Products (1690553, 1690554, 1690780)
[17/12/2014] Vulnerabilities were identified in the IBM Business Process Manager, IBM WebSphere Process Server and IBM WebSphere Enterprise Service Bus. An attacker could bypass security restrictions, gain elevated privileges, obtain sensitive information, execute arbitrary code and perform cross-site scripting attacks. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:www-01.ibm.com/support/docview.wss?uid=swg21690553
URL:www-01.ibm.com/support/docview.wss?uid=swg21690554
URL:www-01.ibm.com/support/docview.wss?uid=swg21690780
URL:xforce.iss.net/xforce/xfdb/95724
URL:xforce.iss.net/xforce/xfdb/98418
URL:xforce.iss.net/xforce/xfdb/98488
20. Vulnerabilities in Novell Products (5196292, 5196310, 5196311, 5196312, 5196313, 5196930)
[17/12/2014] Vulnerabilities were identified in the Novell iManager and Novell NetIQ eDirectory. An attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and crash the application. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:download.novell.com/Download?buildid=3dJODsdcDKE~
URL:download.novell.com/Download?buildid=anuuh6CDWX8~
URL:download.novell.com/Download?buildid=Mh8CRo1Ljh8~
URL:download.novell.com/Download?buildid=nlOmW2y333Q~
URL:download.novell.com/Download?buildid=q4S96klvwhE~
URL:download.novell.com/Download?buildid=STisn28FRWs~
21. Vulnerability in Symantec Web Gateway Appliance (SYM14-016)
[17/12/2014] Vulnerability was identified in the Symantec Web Gateway Appliance. An attacker could bypass security restrictions and execute arbitrary code. This vulnerability affects firmware versions prior to 5.2.2 of the mentioned product. Security patches are available to resolve this vulnerability.
URL:www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20141216_00
22. Vulnerability in DokuWiki (99291)
[17/12/2014] Vulnerability was identified in the DokuWiki. An attacker could bypass security restrictions, execute arbitrary code and perform cross-site scripting attacks. This vulnerability affects versions prior to 2014-09-29b of the mentioned product. Security patches are available to resolve this vulnerability.
URL:xforce.iss.net/xforce/xfdb/99291
23. Vulnerability in Google Analytics module for Drupal (SA-CONTRIB-2014-119)
[17/12/2014] Vulnerability was identified in the Google Analytics module for Drupal. An attacker could bypass security restrictions and obtain sensitive information. This vulnerability affects version 7.x-2.0 of the mentioned product. Security patches are available to resolve this vulnerability.
URL:www.drupal.org/node/2390689
URL:xforce.iss.net/xforce/xfdb/99295
24. Vulnerability in GNU Glibc (99289)
[17/12/2014] Vulnerability was identified in the GNU Glibc. An attacker could bypass security restrictions, cause a denial of service condition and crash the application. This vulnerability affects version 2.11.3 of the mentioned product.
URL:xforce.iss.net/xforce/xfdb/99289
25. Vulnerability in Python (99294)
[17/12/2014] Vulnerability was identified in the Python. An attacker could bypass security restrictions and obtain sensitive information. This vulnerability affects multiple versions of the mentioned product. Security patches are available to resolve this vulnerability.
URL:xforce.iss.net/xforce/xfdb/99294
26. Security Updates in Oracle Products (ELSA-2014-1999)
[17/12/2014] Oracle has released security update packages for fixing the vulnerabilities identified in the Net-SNMP, Libcurl, Sendmail, Kerberos, Firefox, Jinja2 and Puppet packages for Oracle Solaris 10 and 11.2, and mailx package for Oracle Linux 6 and 7. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:blogs.oracle.com/sunsecurity/entry/cve_2012_2141_denial_of
URL:blogs.oracle.com/sunsecurity/entry/cve_2014_2285_input_validation
URL:blogs.oracle.com/sunsecurity/entry/cve_2014_3565_resource_management
URL:blogs.oracle.com/sunsecurity/entry/cve_2014_3707_information_disclosure
URL:blogs.oracle.com/sunsecurity/entry/cve_2014_3956_information_disclosure
URL:blogs.oracle.com/sunsecurity/entry/multiple_buffer_errors_vulnerabilities_in4
URL:blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_fixed_in_firefox1
URL:blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_jinja2
URL:blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_puppet1
URL:linux.oracle.com/errata/ELSA-2014-1999.html
27. Security Updates in Red Hat Enterprise Linux (RHSA-2014:1997-1, RHSA-2014:1998-1, RHSA-2014:1999-1, RHSA-2014:2000-1)
[17/12/2014] Red Hat has released security update packages for fixing the vulnerabilities identified in the kernel, kernel-rt, mailx and thermostat1-thermostat packages for Red Hat Enterprise Linux 6 and 7. Due to multiple errors, an attacker could bypass security restrictions, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the system.
URL:rhn.redhat.com/errata/RHSA-2014-1997.html
URL:rhn.redhat.com/errata/RHSA-2014-1998.html
URL:rhn.redhat.com/errata/RHSA-2014-1999.html
URL:rhn.redhat.com/errata/RHSA-2014-2000.html
28. Vulnerability in Apache HTTP Server
[16/12/2014] Vulnerability was identified in the Apache HTTP Server. An attacker could bypass security restrictions, cause a denial of service condition and crash the application. This vulnerability affects version 2.4.10 of the mentioned product. Security patches are available to resolve this vulnerability.
URL:httpd.apache.org/security/vulnerabilities_24.html
URL:www.hkcert.org/my_url/en/alert/14121601
29. Vulnerabilities in CA LISA Release Automation
[16/12/2014] Vulnerabilities were identified in the CA LISA Release Automation. An attacker could bypass security restrictions, gain elevated privileges, execute arbitrary code, perform code injection, cross-site scripting and cross-site request forgery attacks. These vulnerabilities affect version 4.7.1.385 of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:www.ca.com/us/devcenter/ca-service-virtualization.aspx
URL:www.kb.cert.org/vuls/id/343060
30. Vulnerabilities in IBM Products (1690559, 1692267)
[16/12/2014] Vulnerabilities were identified in the IBM Business Process Manager and IBM Cognos Business Intelligence Server. An attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and crash the system. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:www-01.ibm.com/support/docview.wss?uid=swg21690559
URL:www-01.ibm.com/support/docview.wss?uid=swg21692267
URL:xforce.iss.net/xforce/xfdb/96915
URL:xforce.iss.net/xforce/xfdb/96909
31. Vulnerabilities in EMC Documentum Products (VU#315340)
[16/12/2014] Vulnerabilities were identified in the EMC Documentum Content Server, D2, and Web Development Kit (WDK). An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, perform code injection attacks and compromise the system. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:www.kb.cert.org/vuls/id/315340
32. Vulnerability in Huawei Products (Huawei-SA-20141215-01-POODLE)
[16/12/2014] Vulnerability was identified in multiple Huawei Products. An attacker could bypass security restrictions and obtain sensitive information. This vulnerability affects multiple versions of the mentioned products. Security patches are available to resolve this vulnerability.
URL:www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-405500.htm
33. Security Updates in Gentoo Linux (GLSA 201412-30)
[16/12/2014] Gentoo has released security update packages for fixing the vulnerabilities identified in the varnish package for multiple versions of Gentoo Linux. Due to multiple errors, an attacker could bypass security restrictions, cause a denial of service condition and crash the system.
URL:www.gentoo.org/security/en/glsa/glsa-201412-30.xml
34. Security Updates in Mandriva (MDVSA-2014:252, MDVSA-2014:253)
[16/12/2014] Mandriva has released security update packages for fixing the vulnerabilities identified in the nss and apache-mod_wsgi packages for version MBS1 of Mandriva GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges and execute arbitrary code.
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2014%3A252/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2014%3A253/
35. Security Updates in SUSE (openSUSE-SU-2014:1642-1, SUSE-SU-2014:1650-1)
[16/12/2014] SUSE has released security update packages for fixing the vulnerabilities identified in the Firebird server package of openSUSE 12.3, 13.1 and 13.2, and flash-player package of SUSE Linux Enterprise 11. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and crash the application.
URL:lists.opensuse.org/opensuse-security-announce/2014-12/msg00017.html
URL:lists.opensuse.org/opensuse-security-announce/2014-12/msg00018.html
36. Information Updates on Microsoft Security Bulletin (MS14-075)
[15/12/2014] Microsoft has updated information on the Security Bulletin for the Microsoft Exchange Server. MS14-075 was rereleased to announce the reoffering of Microsoft security update 2986475 for Microsoft Exchange Server 2010 Service Pack 3. The rereleased update addressed a known issue in the original offering. Customers who uninstalled the original update should install the updated version of 2986475 at the earliest opportunity.
URL:technet.microsoft.com/en-us/library/security/MS14-075
37. Vulnerability in Cisco Prime Security Manager
[15/12/2014] Vulnerability was identified in the Cisco Prime Security Manager (PRSM). An attacker could bypass security restrictions, execute arbitrary code and perform cross-site scripting attacks. This vulnerability affects multiple versions of the mentioned product. Security patches are available to resolve this vulnerability.
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3364
38. Vulnerabilities in Docker
[15/12/2014] Vulnerabilities were identified in the Docker. An attacker could bypass security restrictions, gain elevated privileges, execute arbitrary code and compromise an affected system. These vulnerabilities affect versions prior to 1.3.3 and 1.4.0 of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:www.us-cert.gov/ncas/current-activity/2014/12/12/Docker-Releases-Security-Updates
39. Security Updates in Oracle Linux (ELSA-2014-1984, ELSA-2014-1985)
[15/12/2014] Oracle has released security update packages for fixing the vulnerabilities identified in the bind and bind97 packages for Oracle Linux 5, 6 and 7. Due to multiple errors, an attacker could bypass security restrictions, execute arbitrary code, cause a denial of service condition and crash the system.
URL:linux.oracle.com/errata/ELSA-2014-1984.html
URL:linux.oracle.com/errata/ELSA-2014-1985.html
40. Security Updates in Debian (DSA-3099-1, DSA-3100-1, DSA-3101-1, DSA-3102-1, DSA-3103-1)
[15/12/2014] Debian has released security update packages for fixing the vulnerabilities identified in the dbus, mediawiki, c-icap, libyaml and libyaml-libyaml-perl packages for multiple versions of Debian GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, execute arbitrary code, cause a denial of service condition and crash the system.
URL:www.debian.org/security/2014/dsa-3099
URL:www.debian.org/security/2014/dsa-3100
URL:www.debian.org/security/2014/dsa-3101
URL:www.debian.org/security/2014/dsa-3102
URL:www.debian.org/security/2014/dsa-3103
41. Security Updates in Gentoo Linux (GLSA 201412-12, GLSA 201412-13, GLSA 201412-14, GLSA 201412-15, GLSA 201412-16, GLSA 201412-17, GLSA 201412-18, GLSA 201412-19, GLSA 201412-20, GLSA 201412-21, GLSA 201412-22, GLSA 201412-23, GLSA 201412-24, GLSA 201412-25, GLSA 201412-26, GLSA 201412-27, GLSA 201412-28, GLSA 201412-29)
[15/12/2014] Gentoo has released security update packages for fixing the vulnerabilities identified in the dbus, chromium, xfig, mcollective, couchdb, ghostscript-gpl, freerdp, ppp, gnustep-base, mod_wsgi, django, nagios-core, openjpeg, qtgui, strongswan, ruby, rails and tomcat packages for multiple versions of Gentoo Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:www.gentoo.org/security/en/glsa/glsa-201412-12.xml
URL:www.gentoo.org/security/en/glsa/glsa-201412-13.xml
URL:www.gentoo.org/security/en/glsa/glsa-201412-14.xml
URL:www.gentoo.org/security/en/glsa/glsa-201412-15.xml
URL:www.gentoo.org/security/en/glsa/glsa-201412-16.xml
URL:www.gentoo.org/security/en/glsa/glsa-201412-17.xml
URL:www.gentoo.org/security/en/glsa/glsa-201412-18.xml
URL:www.gentoo.org/security/en/glsa/glsa-201412-19.xml
URL:www.gentoo.org/security/en/glsa/glsa-201412-20.xml
URL:www.gentoo.org/security/en/glsa/glsa-201412-21.xml
URL:www.gentoo.org/security/en/glsa/glsa-201412-22.xml
URL:www.gentoo.org/security/en/glsa/glsa-201412-23.xml
URL:www.gentoo.org/security/en/glsa/glsa-201412-24.xml
URL:www.gentoo.org/security/en/glsa/glsa-201412-25.xml
URL:www.gentoo.org/security/en/glsa/glsa-201412-26.xml
URL:www.gentoo.org/security/en/glsa/glsa-201412-27.xml
URL:www.gentoo.org/security/en/glsa/glsa-201412-28.xml
URL:www.gentoo.org/security/en/glsa/glsa-201412-29.xml
42. Security Updates in Mageia (MGASA-2014-0525, MGASA-2014-0526, MGASA-2014-0527, MGASA-2014-0528, MGASA-2014-0529)
[15/12/2014] Mageia has released security update packages for fixing the vulnerabilities identified in the qemu, freetype2, apache, cpio and rpm packages for multiple versions of Mageia. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the application.
URL:advisories.mageia.org/MGASA-2014-0525.html
URL:advisories.mageia.org/MGASA-2014-0526.html
URL:advisories.mageia.org/MGASA-2014-0527.html
URL:advisories.mageia.org/MGASA-2014-0528.html
URL:advisories.mageia.org/MGASA-2014-0529.html
43. Security Updates in Mandriva (MDVSA-2014:238, MDVSA-2014:239, MDVSA-2014:240, MDVSA-2014:241, MDVSA-2014:242, MDVSA-2014:243, MDVSA-2014:244, MDVSA-2014:245, MDVSA-2014:246, MDVSA-2014:247, MDVSA-2014:248, MDVSA-2014:249, MDVSA-2014:250, MDVSA-2014:251)
[15/12/2014] Mandriva has released security update packages for fixing the vulnerabilities identified in the bind, flac, tcpdump, mediawiki, yaml, phpmyadmin, openafs, mutt, openvpn, jasper, graphviz, qemu, cpio and rpm packages for version MBS1 of Mandriva GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, perform code injection attacks, cause a denial of service condition and crash the application.
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2014%3A238/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2014%3A239/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2014%3A240/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2014%3A241/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2014%3A242/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2014%3A243/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2014%3A244/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2014%3A245/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2014%3A246/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2014%3A247/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2014%3A248/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2014%3A249/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2014%3A250/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2014%3A251/
44. Security Updates in SUSE (SUSE-SU-2014:1624-1, openSUSE-SU-2014:1626-1, openSUSE-SU-2014:1629-1)
[15/12/2014] SUSE has released security update packages for fixing the vulnerabilities identified in the Mozilla Firefox package of SUSE Linux Enterprise 10 and 11, and chromium and flash-player packages of openSUSE 12.3, 13.1 and 13.2. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and crash the application.
URL:lists.opensuse.org/opensuse-security-announce/2014-12/msg00014.html
URL:lists.opensuse.org/opensuse-security-announce/2014-12/msg00015.html
URL:lists.opensuse.org/opensuse-security-announce/2014-12/msg00016.html
45. Security Updates in Red Hat Enterprise Linux (RHSA-2014:1984-1, RHSA-2014:1985-1)
[15/12/2014] Red Hat has released security update packages for fixing the vulnerabilities identified in the bind and bind97 packages for Red Hat Enterprise Linux 5, 6 and 7. Due to multiple errors, an attacker could bypass security restrictions, cause a denial of service condition and crash the system.
URL:rhn.redhat.com/errata/RHSA-2014-1984.html
URL:rhn.redhat.com/errata/RHSA-2014-1985.html
46. Security Updates in Ubuntu GNU/Linux (USN-2441-1, USN-2442-1, USN-2443-1, USN-2444-1, USN-2445-1, USN-2446-1, USN-2447-1, USN-2448-1)
[15/12/2014] Ubuntu has released security update packages for fixing the vulnerabilities identified in the linux, linux-ec2, linux-ti-omap4, linux-lts-trusty and linux-lts-utopic packages for versions 10.04 LTS, 12.04 LTS, 14.04 LTS and 14.10 of Ubuntu GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the system.
URL:www.ubuntu.com/usn/usn-2441-1/
URL:www.ubuntu.com/usn/usn-2442-1/
URL:www.ubuntu.com/usn/usn-2443-1/
URL:www.ubuntu.com/usn/usn-2444-1/
URL:www.ubuntu.com/usn/usn-2445-1/
URL:www.ubuntu.com/usn/usn-2446-1/
URL:www.ubuntu.com/usn/usn-2447-1/
URL:www.ubuntu.com/usn/usn-2448-1/
[19/12/2014] Vulnerability was identified in the Apple OS X Mavericks Xcode. An attacker could bypass security restrictions and execute arbitrary code. This vulnerability affects versions prior to 6.2 beta 3 of the mentioned product. Security patches are available to resolve this vulnerability.
URL:support.apple.com/en-us/HT204147
2. Vulnerability in Cisco IronPort Email Security Appliance
[19/12/2014] Vulnerability was identified in the Cisco IronPort Email Security Appliance. An attacker could bypass security restrictions, cause a denial of service condition and crash the system. This vulnerability affects multiple firmware versions of the mentioned product. Security patches are available to resolve this vulnerability.
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8016
3. Vulnerabilities in Novell Products (5196930, 5197070, 5197071, 5197072)
[19/12/2014] Vulnerabilities were identified in the Novell NetIQ eDirectory, Novell iManager and Novell GroupWise. An attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and crash the application. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:download.novell.com/Download?buildid=3dJODsdcDKE~
URL:download.novell.com/Download?buildid=gHTDteZoK34~
URL:download.novell.com/Download?buildid=mdWLZGP0Glk~
URL:download.novell.com/Download?buildid=tveSooKDw3Q~
4. Vulnerabilities in F5 Products (SOLl15920)
[19/12/2014] Vulnerabilities were identified in the BIG-IP LTM, BIG-IP APM, BIG-IP ASM, BIG-IP Edge Gateway, BIG-IP GTM, BIG-IP Link Controller, BIG-IP PSM, BIG-IP WebAccelerator, BIG-IP WOM, ARX and Enterprise Manager. An attacker could bypass security restrictions, cause a denial of service condition and crash the application. These vulnerabilities affect multiple versions of the mentioned products.
URL:support.f5.com/kb/en-us/solutions/public/15000/900/sol15920.html
5. Vulnerability in Dell iDRAC (VU#843044)
[19/12/2014] Vulnerability was identified in the Dell iDRAC Intelligent Platform Management Interface (IPMI). An attacker could bypass security restrictions, gain elevated privileges and execute arbitrary code. This vulnerability affects version 1.5 of the mentioned product. Security patches are available to resolve this vulnerability.
URL:www.kb.cert.org/vuls/id/843044
6. Vulnerabilities in Ettercap (99314, 99315, 99316, 99317, 99319)
[19/12/2014] Vulnerabilities were identified in Ettercap. An attacker could bypass security restrictions, execute arbitrary code, cause a denial of service condition and crash the system. These vulnerabilities affect versions 8.0 and 8.1 of the mentioned products.
URL:xforce.iss.net/xforce/xfdb/99314
URL:xforce.iss.net/xforce/xfdb/99315
URL:xforce.iss.net/xforce/xfdb/99316
URL:xforce.iss.net/xforce/xfdb/99317
URL:xforce.iss.net/xforce/xfdb/99319
7. Security Updates in Oracle Products (ELSA-2014-2008, ELSA-2014-2008-1, ELSA-2014-2010, ELSA-2014-2021, ELSA-2014-3107, ELSA-2014-3108)
[19/12/2014] Oracle has released security update packages for fixing the vulnerabilities identified in the kernel, jasper and Unbreakable Enterprise kernel packages for Oracle Linux 5, 6 and 7. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:linux.oracle.com/errata/ELSA-2014-2008.html
URL:linux.oracle.com/errata/ELSA-2014-2008-1.html
URL:linux.oracle.com/errata/ELSA-2014-2010.html
URL:linux.oracle.com/errata/ELSA-2014-2021.html
URL:linux.oracle.com/errata/ELSA-2014-3107.html
URL:linux.oracle.com/errata/ELSA-2014-3108.html
8. Security Updates in Gentoo Linux (GLSA 201412-31)
[19/12/2014] Gentoo has released security update packages for fixing the vulnerabilities identified in the znc package for multiple versions of Gentoo Linux. Due to multiple errors, an attacker could bypass security restrictions, cause a denial of service condition and crash the system.
URL:www.gentoo.org/security/en/glsa/glsa-201412-31.xml
9. Security Updates in Red Hat Enterprise Linux (RHSA-2014:2010-1, RHSA-2014:2019-1)
[19/12/2014] Red Hat has released security update packages for fixing the vulnerabilities identified in the kernel package for Red Hat Enterprise Linux 7, and Red Hat JBoss Enterprise Application Platform 6.3.2 package for Red Hat Enterprise Linux 5, 6 and 7. Due to multiple errors, an attacker could bypass security restrictions, gain elevated privileges and obtain sensitive information.
URL:rhn.redhat.com/errata/RHSA-2014-2010.html
URL:rhn.redhat.com/errata/RHSA-2014-2019.html
10. Vulnerabilities in Cisco Products
[18/12/2014] Vulnerabilities were identified in the Cisco Adaptive Security Appliance (ASA) Software and Cisco IOS XR Software. An attacker could bypass security restrictions, execute arbitrary code, cause a denial of service condition and crash the system. These vulnerabilities affect multiple firmware versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8012
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8014
11. Vulnerabilities in IBM Products (1684475, 1692358)
[18/12/2014] Vulnerabilities were identified in the IBM Security Access Manager for Mobile, IBM Security Access Manager for Web, IBM DB2 Express Edition, IBM DB2 Workgroup Server Edition, IBM DB2 Enterprise Server Edition, IBM DB2 Advanced Enterprise Server Edition, IBM DB2 Advanced Workgroup Server Edition, IBM DB2 Connect Application Server Edition, IBM DB2 Connect Enterprise Edition, IBM DB2 Connect Unlimited Edition for System i and IBM DB2 Connect Unlimited Edition for System z. An attacker could bypass security restrictions, gain elevated privileges, obtain sensitive information, execute arbitrary code, cause a denial of service condition and crash the application. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:www-01.ibm.com/support/docview.wss?uid=swg21684475
URL:www-01.ibm.com/support/docview.wss?uid=swg21692358
URL:xforce.iss.net/xforce/xfdb/95729
URL:xforce.iss.net/xforce/xfdb/95811
URL:xforce.iss.net/xforce/xfdb/99110
12. Vulnerabilities in Novell NetIQ Access Manager (5197170)
[18/12/2014] Vulnerabilities were identified in the Novell NetIQ Access Manager. An attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and crash the application. These vulnerabilities affect versions 4.0 and 4.0.1 of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:download.novell.com/Download?buildid=i7RBltaqcVw~
13. Vulnerabilities in Huawei eSpace Desktop Products (Huawei-SA-20141217-espace)
[18/12/2014] Vulnerabilities were identified in multiple Huawei eSpace Desktop products. An attacker could bypass security restrictions, execute arbitrary code, cause a denial of service condition and crash the system. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-406589.htm
14. Security Updates in Oracle Products (ELSA-2014-1997)
[18/12/2014] Oracle has released security update packages for fixing the vulnerabilities identified in the kernel package for Oracle Linux 6. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:linux.oracle.com/errata/ELSA-2014-1997.html
15. Security Updates in Debian (DSA-3104-1, DSA-3105-1)
[18/12/2014] Debian has released security update packages for fixing the vulnerabilities identified in the bsd-mailx and heirloom-mailx packages for multiple versions of Debian GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions and execute arbitrary code.
URL:www.debian.org/security/2014/dsa-3104
URL:www.debian.org/security/2014/dsa-3105
16. Security Updates in FreeBSD (FreeBSD-SA-14:30.unbound)
[18/12/2014] FreeBSD has released security update packages for fixing the vulnerability identified in the unbound package for multiple versions of FreeBSD. An attacker could bypass security restrictions, cause a denial of service condition and crash the system.
URL:www.freebsd.org/security/advisories/FreeBSD-SA-14:30.unbound.asc
17. Security Updates in Red Hat Enterprise Linux (RHSA-2014:2008-1, RHSA-2014:2009-1)
[18/12/2014] Red Hat has released security update packages for fixing the vulnerability identified in the kernel package for Red Hat Enterprise Linux 5 and 6.5 Extended Update Support. An attacker could bypass security restrictions and gain elevated privileges.
URL:rhn.redhat.com/errata/RHSA-2014-2008.html
URL:rhn.redhat.com/errata/RHSA-2014-2009.html
18. Vulnerability in Cisco ISB8320-E IP Only DVR
[17/12/2014] Vulnerability was identified in the Cisco ISB8320-E IP Only DVR. An attacker could bypass security restrictions and compromise the system. This vulnerability affects multiple firmware versions of the mentioned product. Security patches are available to resolve this vulnerability.
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8006
19. Vulnerabilities in IBM Products (1690553, 1690554, 1690780)
[17/12/2014] Vulnerabilities were identified in the IBM Business Process Manager, IBM WebSphere Process Server and IBM WebSphere Enterprise Service Bus. An attacker could bypass security restrictions, gain elevated privileges, obtain sensitive information, execute arbitrary code and perform cross-site scripting attacks. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:www-01.ibm.com/support/docview.wss?uid=swg21690553
URL:www-01.ibm.com/support/docview.wss?uid=swg21690554
URL:www-01.ibm.com/support/docview.wss?uid=swg21690780
URL:xforce.iss.net/xforce/xfdb/95724
URL:xforce.iss.net/xforce/xfdb/98418
URL:xforce.iss.net/xforce/xfdb/98488
20. Vulnerabilities in Novell Products (5196292, 5196310, 5196311, 5196312, 5196313, 5196930)
[17/12/2014] Vulnerabilities were identified in the Novell iManager and Novell NetIQ eDirectory. An attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and crash the application. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:download.novell.com/Download?buildid=3dJODsdcDKE~
URL:download.novell.com/Download?buildid=anuuh6CDWX8~
URL:download.novell.com/Download?buildid=Mh8CRo1Ljh8~
URL:download.novell.com/Download?buildid=nlOmW2y333Q~
URL:download.novell.com/Download?buildid=q4S96klvwhE~
URL:download.novell.com/Download?buildid=STisn28FRWs~
21. Vulnerability in Symantec Web Gateway Appliance (SYM14-016)
[17/12/2014] Vulnerability was identified in the Symantec Web Gateway Appliance. An attacker could bypass security restrictions and execute arbitrary code. This vulnerability affects firmware versions prior to 5.2.2 of the mentioned product. Security patches are available to resolve this vulnerability.
URL:www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20141216_00
22. Vulnerability in DokuWiki (99291)
[17/12/2014] Vulnerability was identified in the DokuWiki. An attacker could bypass security restrictions, execute arbitrary code and perform cross-site scripting attacks. This vulnerability affects versions prior to 2014-09-29b of the mentioned product. Security patches are available to resolve this vulnerability.
URL:xforce.iss.net/xforce/xfdb/99291
23. Vulnerability in Google Analytics module for Drupal (SA-CONTRIB-2014-119)
[17/12/2014] Vulnerability was identified in the Google Analytics module for Drupal. An attacker could bypass security restrictions and obtain sensitive information. This vulnerability affects version 7.x-2.0 of the mentioned product. Security patches are available to resolve this vulnerability.
URL:www.drupal.org/node/2390689
URL:xforce.iss.net/xforce/xfdb/99295
24. Vulnerability in GNU Glibc (99289)
[17/12/2014] Vulnerability was identified in the GNU Glibc. An attacker could bypass security restrictions, cause a denial of service condition and crash the application. This vulnerability affects version 2.11.3 of the mentioned product.
URL:xforce.iss.net/xforce/xfdb/99289
25. Vulnerability in Python (99294)
[17/12/2014] Vulnerability was identified in the Python. An attacker could bypass security restrictions and obtain sensitive information. This vulnerability affects multiple versions of the mentioned product. Security patches are available to resolve this vulnerability.
URL:xforce.iss.net/xforce/xfdb/99294
26. Security Updates in Oracle Products (ELSA-2014-1999)
[17/12/2014] Oracle has released security update packages for fixing the vulnerabilities identified in the Net-SNMP, Libcurl, Sendmail, Kerberos, Firefox, Jinja2 and Puppet packages for Oracle Solaris 10 and 11.2, and mailx package for Oracle Linux 6 and 7. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:blogs.oracle.com/sunsecurity/entry/cve_2012_2141_denial_of
URL:blogs.oracle.com/sunsecurity/entry/cve_2014_2285_input_validation
URL:blogs.oracle.com/sunsecurity/entry/cve_2014_3565_resource_management
URL:blogs.oracle.com/sunsecurity/entry/cve_2014_3707_information_disclosure
URL:blogs.oracle.com/sunsecurity/entry/cve_2014_3956_information_disclosure
URL:blogs.oracle.com/sunsecurity/entry/multiple_buffer_errors_vulnerabilities_in4
URL:blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_fixed_in_firefox1
URL:blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_jinja2
URL:blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_puppet1
URL:linux.oracle.com/errata/ELSA-2014-1999.html
27. Security Updates in Red Hat Enterprise Linux (RHSA-2014:1997-1, RHSA-2014:1998-1, RHSA-2014:1999-1, RHSA-2014:2000-1)
[17/12/2014] Red Hat has released security update packages for fixing the vulnerabilities identified in the kernel, kernel-rt, mailx and thermostat1-thermostat packages for Red Hat Enterprise Linux 6 and 7. Due to multiple errors, an attacker could bypass security restrictions, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the system.
URL:rhn.redhat.com/errata/RHSA-2014-1997.html
URL:rhn.redhat.com/errata/RHSA-2014-1998.html
URL:rhn.redhat.com/errata/RHSA-2014-1999.html
URL:rhn.redhat.com/errata/RHSA-2014-2000.html
28. Vulnerability in Apache HTTP Server
[16/12/2014] Vulnerability was identified in the Apache HTTP Server. An attacker could bypass security restrictions, cause a denial of service condition and crash the application. This vulnerability affects version 2.4.10 of the mentioned product. Security patches are available to resolve this vulnerability.
URL:httpd.apache.org/security/vulnerabilities_24.html
URL:www.hkcert.org/my_url/en/alert/14121601
29. Vulnerabilities in CA LISA Release Automation
[16/12/2014] Vulnerabilities were identified in the CA LISA Release Automation. An attacker could bypass security restrictions, gain elevated privileges, execute arbitrary code, perform code injection, cross-site scripting and cross-site request forgery attacks. These vulnerabilities affect version 4.7.1.385 of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:www.ca.com/us/devcenter/ca-service-virtualization.aspx
URL:www.kb.cert.org/vuls/id/343060
30. Vulnerabilities in IBM Products (1690559, 1692267)
[16/12/2014] Vulnerabilities were identified in the IBM Business Process Manager and IBM Cognos Business Intelligence Server. An attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and crash the system. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:www-01.ibm.com/support/docview.wss?uid=swg21690559
URL:www-01.ibm.com/support/docview.wss?uid=swg21692267
URL:xforce.iss.net/xforce/xfdb/96915
URL:xforce.iss.net/xforce/xfdb/96909
31. Vulnerabilities in EMC Documentum Products (VU#315340)
[16/12/2014] Vulnerabilities were identified in the EMC Documentum Content Server, D2, and Web Development Kit (WDK). An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, perform code injection attacks and compromise the system. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:www.kb.cert.org/vuls/id/315340
32. Vulnerability in Huawei Products (Huawei-SA-20141215-01-POODLE)
[16/12/2014] Vulnerability was identified in multiple Huawei Products. An attacker could bypass security restrictions and obtain sensitive information. This vulnerability affects multiple versions of the mentioned products. Security patches are available to resolve this vulnerability.
URL:www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-405500.htm
33. Security Updates in Gentoo Linux (GLSA 201412-30)
[16/12/2014] Gentoo has released security update packages for fixing the vulnerabilities identified in the varnish package for multiple versions of Gentoo Linux. Due to multiple errors, an attacker could bypass security restrictions, cause a denial of service condition and crash the system.
URL:www.gentoo.org/security/en/glsa/glsa-201412-30.xml
34. Security Updates in Mandriva (MDVSA-2014:252, MDVSA-2014:253)
[16/12/2014] Mandriva has released security update packages for fixing the vulnerabilities identified in the nss and apache-mod_wsgi packages for version MBS1 of Mandriva GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges and execute arbitrary code.
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2014%3A252/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2014%3A253/
35. Security Updates in SUSE (openSUSE-SU-2014:1642-1, SUSE-SU-2014:1650-1)
[16/12/2014] SUSE has released security update packages for fixing the vulnerabilities identified in the Firebird server package of openSUSE 12.3, 13.1 and 13.2, and flash-player package of SUSE Linux Enterprise 11. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and crash the application.
URL:lists.opensuse.org/opensuse-security-announce/2014-12/msg00017.html
URL:lists.opensuse.org/opensuse-security-announce/2014-12/msg00018.html
36. Information Updates on Microsoft Security Bulletin (MS14-075)
[15/12/2014] Microsoft has updated information on the Security Bulletin for the Microsoft Exchange Server. MS14-075 was rereleased to announce the reoffering of Microsoft security update 2986475 for Microsoft Exchange Server 2010 Service Pack 3. The rereleased update addressed a known issue in the original offering. Customers who uninstalled the original update should install the updated version of 2986475 at the earliest opportunity.
URL:technet.microsoft.com/en-us/library/security/MS14-075
37. Vulnerability in Cisco Prime Security Manager
[15/12/2014] Vulnerability was identified in the Cisco Prime Security Manager (PRSM). An attacker could bypass security restrictions, execute arbitrary code and perform cross-site scripting attacks. This vulnerability affects multiple versions of the mentioned product. Security patches are available to resolve this vulnerability.
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3364
38. Vulnerabilities in Docker
[15/12/2014] Vulnerabilities were identified in the Docker. An attacker could bypass security restrictions, gain elevated privileges, execute arbitrary code and compromise an affected system. These vulnerabilities affect versions prior to 1.3.3 and 1.4.0 of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:www.us-cert.gov/ncas/current-activity/2014/12/12/Docker-Releases-Security-Updates
39. Security Updates in Oracle Linux (ELSA-2014-1984, ELSA-2014-1985)
[15/12/2014] Oracle has released security update packages for fixing the vulnerabilities identified in the bind and bind97 packages for Oracle Linux 5, 6 and 7. Due to multiple errors, an attacker could bypass security restrictions, execute arbitrary code, cause a denial of service condition and crash the system.
URL:linux.oracle.com/errata/ELSA-2014-1984.html
URL:linux.oracle.com/errata/ELSA-2014-1985.html
40. Security Updates in Debian (DSA-3099-1, DSA-3100-1, DSA-3101-1, DSA-3102-1, DSA-3103-1)
[15/12/2014] Debian has released security update packages for fixing the vulnerabilities identified in the dbus, mediawiki, c-icap, libyaml and libyaml-libyaml-perl packages for multiple versions of Debian GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, execute arbitrary code, cause a denial of service condition and crash the system.
URL:www.debian.org/security/2014/dsa-3099
URL:www.debian.org/security/2014/dsa-3100
URL:www.debian.org/security/2014/dsa-3101
URL:www.debian.org/security/2014/dsa-3102
URL:www.debian.org/security/2014/dsa-3103
41. Security Updates in Gentoo Linux (GLSA 201412-12, GLSA 201412-13, GLSA 201412-14, GLSA 201412-15, GLSA 201412-16, GLSA 201412-17, GLSA 201412-18, GLSA 201412-19, GLSA 201412-20, GLSA 201412-21, GLSA 201412-22, GLSA 201412-23, GLSA 201412-24, GLSA 201412-25, GLSA 201412-26, GLSA 201412-27, GLSA 201412-28, GLSA 201412-29)
[15/12/2014] Gentoo has released security update packages for fixing the vulnerabilities identified in the dbus, chromium, xfig, mcollective, couchdb, ghostscript-gpl, freerdp, ppp, gnustep-base, mod_wsgi, django, nagios-core, openjpeg, qtgui, strongswan, ruby, rails and tomcat packages for multiple versions of Gentoo Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:www.gentoo.org/security/en/glsa/glsa-201412-12.xml
URL:www.gentoo.org/security/en/glsa/glsa-201412-13.xml
URL:www.gentoo.org/security/en/glsa/glsa-201412-14.xml
URL:www.gentoo.org/security/en/glsa/glsa-201412-15.xml
URL:www.gentoo.org/security/en/glsa/glsa-201412-16.xml
URL:www.gentoo.org/security/en/glsa/glsa-201412-17.xml
URL:www.gentoo.org/security/en/glsa/glsa-201412-18.xml
URL:www.gentoo.org/security/en/glsa/glsa-201412-19.xml
URL:www.gentoo.org/security/en/glsa/glsa-201412-20.xml
URL:www.gentoo.org/security/en/glsa/glsa-201412-21.xml
URL:www.gentoo.org/security/en/glsa/glsa-201412-22.xml
URL:www.gentoo.org/security/en/glsa/glsa-201412-23.xml
URL:www.gentoo.org/security/en/glsa/glsa-201412-24.xml
URL:www.gentoo.org/security/en/glsa/glsa-201412-25.xml
URL:www.gentoo.org/security/en/glsa/glsa-201412-26.xml
URL:www.gentoo.org/security/en/glsa/glsa-201412-27.xml
URL:www.gentoo.org/security/en/glsa/glsa-201412-28.xml
URL:www.gentoo.org/security/en/glsa/glsa-201412-29.xml
42. Security Updates in Mageia (MGASA-2014-0525, MGASA-2014-0526, MGASA-2014-0527, MGASA-2014-0528, MGASA-2014-0529)
[15/12/2014] Mageia has released security update packages for fixing the vulnerabilities identified in the qemu, freetype2, apache, cpio and rpm packages for multiple versions of Mageia. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the application.
URL:advisories.mageia.org/MGASA-2014-0525.html
URL:advisories.mageia.org/MGASA-2014-0526.html
URL:advisories.mageia.org/MGASA-2014-0527.html
URL:advisories.mageia.org/MGASA-2014-0528.html
URL:advisories.mageia.org/MGASA-2014-0529.html
43. Security Updates in Mandriva (MDVSA-2014:238, MDVSA-2014:239, MDVSA-2014:240, MDVSA-2014:241, MDVSA-2014:242, MDVSA-2014:243, MDVSA-2014:244, MDVSA-2014:245, MDVSA-2014:246, MDVSA-2014:247, MDVSA-2014:248, MDVSA-2014:249, MDVSA-2014:250, MDVSA-2014:251)
[15/12/2014] Mandriva has released security update packages for fixing the vulnerabilities identified in the bind, flac, tcpdump, mediawiki, yaml, phpmyadmin, openafs, mutt, openvpn, jasper, graphviz, qemu, cpio and rpm packages for version MBS1 of Mandriva GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, perform code injection attacks, cause a denial of service condition and crash the application.
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2014%3A238/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2014%3A239/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2014%3A240/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2014%3A241/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2014%3A242/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2014%3A243/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2014%3A244/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2014%3A245/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2014%3A246/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2014%3A247/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2014%3A248/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2014%3A249/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2014%3A250/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2014%3A251/
44. Security Updates in SUSE (SUSE-SU-2014:1624-1, openSUSE-SU-2014:1626-1, openSUSE-SU-2014:1629-1)
[15/12/2014] SUSE has released security update packages for fixing the vulnerabilities identified in the Mozilla Firefox package of SUSE Linux Enterprise 10 and 11, and chromium and flash-player packages of openSUSE 12.3, 13.1 and 13.2. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and crash the application.
URL:lists.opensuse.org/opensuse-security-announce/2014-12/msg00014.html
URL:lists.opensuse.org/opensuse-security-announce/2014-12/msg00015.html
URL:lists.opensuse.org/opensuse-security-announce/2014-12/msg00016.html
45. Security Updates in Red Hat Enterprise Linux (RHSA-2014:1984-1, RHSA-2014:1985-1)
[15/12/2014] Red Hat has released security update packages for fixing the vulnerabilities identified in the bind and bind97 packages for Red Hat Enterprise Linux 5, 6 and 7. Due to multiple errors, an attacker could bypass security restrictions, cause a denial of service condition and crash the system.
URL:rhn.redhat.com/errata/RHSA-2014-1984.html
URL:rhn.redhat.com/errata/RHSA-2014-1985.html
46. Security Updates in Ubuntu GNU/Linux (USN-2441-1, USN-2442-1, USN-2443-1, USN-2444-1, USN-2445-1, USN-2446-1, USN-2447-1, USN-2448-1)
[15/12/2014] Ubuntu has released security update packages for fixing the vulnerabilities identified in the linux, linux-ec2, linux-ti-omap4, linux-lts-trusty and linux-lts-utopic packages for versions 10.04 LTS, 12.04 LTS, 14.04 LTS and 14.10 of Ubuntu GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the system.
URL:www.ubuntu.com/usn/usn-2441-1/
URL:www.ubuntu.com/usn/usn-2442-1/
URL:www.ubuntu.com/usn/usn-2443-1/
URL:www.ubuntu.com/usn/usn-2444-1/
URL:www.ubuntu.com/usn/usn-2445-1/
URL:www.ubuntu.com/usn/usn-2446-1/
URL:www.ubuntu.com/usn/usn-2447-1/
URL:www.ubuntu.com/usn/usn-2448-1/
Sunday, December 14, 2014
IT Security Alerts Weekly Digest (7 Dec ~ 13 Dec 2014)
Security Alerts
1. Vulnerabilities in Apple Safari (HT6596, HT6597)
[12/12/2014] Vulnerabilities were identified in the Apple Safari. An attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code and cause a denial of service condition. These vulnerabilities affect versions prior to 6.2.2, 7.1.2 and 8.0.2 of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:support.apple.com/en-us/HT6596
URL:support.apple.com/en-us/HT6597
2. Security Updates in Oracle Linux (ELSA-2014-1982, ELSA-2014-1983, ELSA-2014-3103, ELSA-2014-3104, ELSA-2014-3105)
[12/12/2014] Oracle has released security update packages for fixing the vulnerabilities identified in the xorg-x11-server and kernel packages for Oracle Linux 5, 6 and 7. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:linux.oracle.com/errata/ELSA-2014-3103.html
URL:linux.oracle.com/errata/ELSA-2014-3104.html
URL:linux.oracle.com/errata/ELSA-2014-3105.html
URL:linux.oracle.com/errata/ELSA-2014-1982.html
URL:linux.oracle.com/errata/ELSA-2014-1983.html
3. Security Updates in Debian (DSA-3096-1, DSA-3097-1, DSA-3098-1)
[12/12/2014] Debian has released security update packages for fixing the vulnerabilities identified in the pdns-recursor, unbound and graphviz packages for multiple versions of Debian GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, execute arbitrary code, cause a denial of service condition and crash the system.
URL:www.debian.org/security/2014/dsa-3096
URL:www.debian.org/security/2014/dsa-3097
URL:www.debian.org/security/2014/dsa-3098
4. Security Updates in Gentoo Linux (GLSA 201412-07, GLSA 201412-08, GLSA 201412-09, GLSA 201412-10,GLSA 201412-11)
[12/12/2014] Gentoo has released security update packages for fixing the vulnerabilities identified in the app-admin/syslog-ng, app-antivirus/bitdefender-console, app-arch/gzip, app-arch/ncompress, app-emulation/emul-linux-x86-baselibs, app-misc/beanstalkd, app-misc/ca-certificates, app-office/gnucash, app-text/dvipng, app-text/gv, dev-db/unixODBC, dev-lang/tk, dev-libs/liblzw, dev-libs/xmlsec, dev-perl/perl-tk, dev-php/PEAR-Mail, dev-php/PEAR-PEAR, dev-php/suhosin, dev-util/insight, dev-util/oprofile, dev-util/qt-creator, dev-util/sourcenav, dev-vcs/gitolite, games-sports/racer-bin, gnome-base/gdm, kde-base/kdm, kde-base/kget, media-gfx/splashutils, media-libs/fmod, media-libs/xine-lib, media-sound/lastfmplayer, media-tv/dvbstreamer, net-analyzer/lft, net-analyzer/sflowtool, net-ftp/lftp, net-im/gg-transport, net-libs/libsoup, net-libs/webkit-gtk, net-mail/mlmmj, net-misc/iputils, net-misc/mrouted, net-misc/rsync, net-misc/vino, sys-apps/acl, sys-apps/pmount, sys-apps/shadow, sys-auth/pam_krb5, sys-block/partimage, sys-cluster/ganglia, sys-cluster/resource-agents, sys-devel/m4, sys-fs/lvm2m, w-plugins/adobe-flash, www-apps/egroupware, www-client/uzbl, x11-apps/xinit, x11-apps/xrdb, x11-libs/gtk+, x11-libs/vte, x11-misc/slim and x11-misc/slock packages for multiple versions of Gentoo Linux. Due to multiple errors, an attacker could bypass security restrictions, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:www.gentoo.org/security/en/glsa/glsa-201412-07.xml
URL:www.gentoo.org/security/en/glsa/glsa-201412-08.xml
URL:www.gentoo.org/security/en/glsa/glsa-201412-09.xml
URL:www.gentoo.org/security/en/glsa/glsa-201412-10.xml
URL:www.gentoo.org/security/en/glsa/glsa-201412-11.xml
5. Security Updates in SUSE (SUSE-SU-2014:1619-1, openSUSE-SU-2014:1621-1, openSUSE-SU-2014:1622-1)
[12/12/2014] SUSE has released security update packages for fixing the vulnerabilities identified in the shim package of SUSE Linux Enterprise 11, and firebird, firebird-classic, firebird-classic-debuginfo, firebird-debuginfo, firebird-debugsource, firebird-devel, firebird-devel-debuginfo, firebird-doc, firebird-filesystem, firebird-superserver, firebird-superserver-debuginfo, libfbclient2, libfbclient2-debuginfo, libfbembed2, libfbembed2-debuginfo, flash-player, flash-player-gnome and flash-player-kde4 packages of openSUSE Evergreen 11.4. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and crash the application.
URL:lists.opensuse.org/opensuse-security-announce/2014-12/msg00011.html
URL:lists.opensuse.org/opensuse-security-announce/2014-12/msg00012.html
URL:lists.opensuse.org/opensuse-security-announce/2014-12/msg00013.html
6. Security Updates in Red Hat Enterprise Linux (RHSA-2014:1982-1, RHSA-2014:1983-1)
[12/12/2014] Red Hat has released security update packages for fixing the vulnerabilities identified in the xorg-x11-server package for Red Hat Enterprise Linux 5, 6 and 7. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:rhn.redhat.com/errata/RHSA-2014-1982.html
URL:rhn.redhat.com/errata/RHSA-2014-1983.html
7. Security Updates in Slackware (SSA:2014-344-01, SSA:2014-344-02, SSA:2014-344-03, SSA:2014-344-04, SSA:2014-344-05, SSA:2014-344-06, SSA:2014-344-07)
[12/12/2014] Slackware has released security update packages for fixing the vulnerabilities identified in the mozilla-firefox, openssh, wpa_supplicant, pidgin, seamonkey, bind and openvpn packages for multiple versions of Slackware Linux. Due to multiple errors, an attacker could bypass security restrictions, gain elevated privileges, obtain sensitive information, execute arbitrary code, cause a denial of service condition and crash the application.
URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2014&m=slackware-security.311336
URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2014&m=slackware-security.377012
URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2014&m=slackware-security.441238
URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2014&m=slackware-security.487293
URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2014&m=slackware-security.490951
URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2014&m=slackware-security.511270
URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2014&m=slackware-security.514137
8. Security Updates in Ubuntu GNU/Linux (USN-2439-1, USN-2440-1)
[12/12/2014] Ubuntu has released security update packages for fixing the vulnerabilities identified in the qemu, qemu-kvm and mutt packages for versions 10.04 LTS, 12.04 LTS, 14.04 LTS and 14.10 of Ubuntu GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the application.
URL:www.ubuntu.com/usn/usn-2439-1/
URL:www.ubuntu.com/usn/usn-2440-1/
9. Information Updates on Microsoft Security Bulletin (MS14-075)
[11/12/2014] Microsoft has updated information on the Security Bulletin for the Microsoft Exchange Server. MS14-075 was revised to remove Download Center link for Microsoft security update 2986475 for Microsoft Exchange Server 2010 Service Pack 3 to address a known issue with the update. Microsoft had removed update 2986475 and recommended that customers uninstalled update 2986475 if they had already installed it.
URL:technet.microsoft.com/library/security/MS14-075
10. Vulnerability in Juniper WLC Series devices (JSA10662)
[11/12/2014] Vulnerability was identified in the Juniper WLC Series devices. An attacker could bypass security restrictions, cause a denial of service condition and crash the system. This vulnerability affects multiple versions of the mentioned products. Security patches are available to resolve this vulnerability.
URL:kb.juniper.net/InfoCenter/index?page=content&id=JSA10662&cat=SIRT_1&actp=LIST
11. Vulnerability in VMware vCloud Automation Center (VMSA-2014-0013)
[11/12/2014] Vulnerability was identified in the VMware vCloud Automation Center. An attacker could bypass security restrictions, gain elevated privileges, execute arbitrary code and compromise an affected system. This vulnerability affects multiple versions of the mentioned product. Security patches are available to resolve this vulnerability.
URL:www.vmware.com/security/advisories/VMSA-2014-0013.html
URL:www.us-cert.gov/ncas/current-activity/2014/12/09/VMware-Releases-Updates-vCAC
12. Security Updates in Debian (DSA-3095-1)
[11/12/2014] Debian has released security update packages for fixing the vulnerabilities identified in the xorg-server package for multiple versions of Debian GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, gain elevated privileges, cause a denial of service condition and crash the system.
URL:www.debian.org/security/2014/dsa-3095
13. Security Updates in FreeBSD (FreeBSD-SA-14:27.stdio, FreeBSD-SA-14:28.file, FreeBSD-SA-14:29.bind)
[11/12/2014] FreeBSD has released security update packages for fixing the vulnerabilities identified in the libc, file and bind packages for multiple versions of FreeBSD. Due to multiple errors, an attacker could bypass security restrictions, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the system.
URL:www.freebsd.org/security/advisories/FreeBSD-SA-14:27.stdio.asc
URL:www.freebsd.org/security/advisories/FreeBSD-SA-14:28.file.asc
URL:www.freebsd.org/security/advisories/FreeBSD-SA-14:29.bind.asc
14. Security Updates in Gentoo Linux (GLSA 201412-06)
[11/12/2014] Gentoo has released security update packages for fixing the vulnerability identified in the libxml2 package for multiple versions of Gentoo Linux. An attacker could bypass security restrictions, cause a denial of service condition and crash the system.
URL:www.gentoo.org/security/en/glsa/glsa-201412-06.xml
15. Security Updates in Mageia (MGASA-2014-0522, MGASA-2014-0523, MGASA-2014-0524)
[11/12/2014] Mageia has released security update packages for fixing the vulnerabilities identified in the pdns-recursor, firebird and bind packages for multiple versions of Mageia. Due to multiple errors, an attacker could bypass security restrictions, cause a denial of service condition and crash the system.
URL:advisories.mageia.org/MGASA-2014-0522.html
URL:advisories.mageia.org/MGASA-2014-0523.html
URL:advisories.mageia.org/MGASA-2014-0524.html
16. Security Updates in Red Hat Enterprise Linux (RHSA-2014:1981-1)
[11/12/2014] Red Hat has released security update packages for fixing the vulnerabilities identified in the Adobe Flash Player package for Red Hat Enterprise Linux 5 and 6. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the system.
URL:rhn.redhat.com/errata/RHSA-2014-1981.html
17. Security Updates in Ubuntu GNU/Linux (USN-2436-2, USN-2438-1)
[11/12/2014] Ubuntu has released security update packages for fixing the vulnerabilities identified in the xorg-server, xorg-server-lts-trusty, nvidia-graphics-drivers-304, nvidia-graphics-drivers-304-updates, nvidia-graphics-drivers-331 and nvidia-graphics-drivers-331-updates packages for versions 12.04 LTS, 14.04 LTS and 14.10 of Ubuntu GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the application.
URL:www.ubuntu.com/usn/usn-2436-2/
URL:www.ubuntu.com/usn/usn-2438-1/
18. Vulnerabilities in Microsoft Products (3009712, 3008923, 3017301, 3017349, 3017347, 3016711, 3013126)
[10/12/2014] Vulnerabilities were identified in the Microsoft Exchange Server, Internet Explorer, Microsoft Word, Microsoft Office Web Apps, Microsoft Office, Microsoft Excel, Microsoft Windows Server, Microsoft SharePoint Server, Microsoft Windows and VBScript scripting engine in Microsoft Windows. An attacker could bypass security restrictions, gain elevated privileges, obtain sensitive information and execute arbitrary code. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:technet.microsoft.com/library/security/ms14-dec
URL:technet.microsoft.com/library/security/MS14-075
URL:technet.microsoft.com/library/security/ms14-080
URL:technet.microsoft.com/library/security/ms14-081
URL:technet.microsoft.com/library/security/ms14-082
URL:technet.microsoft.com/library/security/ms14-083
URL:technet.microsoft.com/library/security/ms14-084
URL:technet.microsoft.com/library/security/ms14-085
URL:www.hkcert.org/my_url/en/alert/14121001
URL:www.hkcert.org/my_url/en/alert/14121002
URL:www.hkcert.org/my_url/en/alert/14121003
URL:www.hkcert.org/my_url/en/alert/14121004
URL:www.hkcert.org/my_url/en/alert/14121005
URL:www.hkcert.org/my_url/en/alert/14121006
URL:www.hkcert.org/my_url/en/alert/14121007
URL:www.us-cert.gov/ncas/current-activity/2014/12/09/Microsoft-Releases-December-2014-Security-Bulletin
URL:xforce.iss.net/xforce/xfdb/98375
URL:xforce.iss.net/xforce/xfdb/98377
URL:xforce.iss.net/xforce/xfdb/98465
URL:xforce.iss.net/xforce/xfdb/98954
19. Information Updates on Microsoft Security Advisory (3009008)
[10/12/2014] Microsoft has updated information on the Advisory for the Microsoft Windows. KB3009008 announced the availability of SSL 3.0 fallback warnings in Internet Explorer 11.
URL:technet.microsoft.com/library/security/3009008.aspx
20. Vulnerabilities in Adobe Products (APSB14-27, APSB14-28, APSB14-29)
[10/12/2014] Vulnerabilities were identified in the Adobe Flash Player, Adobe Reader, Adobe Acrobat and ColdFusion. An attacker could bypass security restriction, execute arbitrary code and compromise a vulnerable system. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:helpx.adobe.com/security/products/flash-player/apsb14-27.html
URL:helpx.adobe.com/security/products/reader/apsb14-28.html
URL:helpx.adobe.com/security/products/coldfusion/apsb14-29.html
URL:technet.microsoft.com/library/security/2755801.aspx
URL:www.hkcert.org/my_url/en/alert/14121008
URL:www.hkcert.org/my_url/en/alert/14121009
URL:www.hkcert.org/my_url/en/alert/14121010
URL:www.us-cert.gov/ncas/current-activity/2014/12/09/Adobe-Releases-Security-Updates-Reader-and-Acrobat
21. Vulnerabilities in Apple iOS (HT6598)
[10/12/2014] Vulnerabilities were identified in the Apple iOS. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code and cause a denial of service condition. These vulnerabilities affect versions prior to 8.1.2 of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:support.apple.com/en-us/HT6598
22. Vulnerability in Cisco Unified Communications Domain Manager
[10/12/2014] Vulnerability was identified in the Cisco Unified Communications Domain Manager. An attacker could bypass security restrictions, gain elevated privileges and execute arbitrary code. This vulnerability affects multiple versions of the mentioned product. Security patches are available to resolve this vulnerability.
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8010
23. Vulnerabilities in Google Chrome
[10/12/2014] Vulnerabilities were identified in the Google Chrome. An attacker could bypass security restrictions, gain elevated privileges, execute arbitrary code and compromise an affected system. These vulnerabilities affect versions prior to 39.0.2171.95 of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:googlechromereleases.blogspot.hk/2014/12/stable-channel-update.html
URL:www.hkcert.org/my_url/en/alert/14121011
24. Vulnerability in OpenSSL Transport Layer Security Implementations
[10/12/2014] Vulnerability was identified in the OpenSSL Transport Layer Security (TLS) Implementations. An attacker could bypass security restrictions and obtain sensitive information. This vulnerability affects multiple versions of the mentioned product.
URL:www.us-cert.gov/ncas/current-activity/2014/12/09/Certain-TLS-Implementations-Vulnerable-POODLE-Attacks
25. Security Updates in Oracle Linux (ELSA-2014-1971, ELSA-2014-1974, ELSA-2014-1976)
[10/12/2014] Oracle has released security update packages for fixing the vulnerabilities identified in the kernel and rpm packages for Oracle Linux 5, 6 and 7. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the system.
URL:linux.oracle.com/errata/ELSA-2014-1971.html
URL:linux.oracle.com/errata/ELSA-2014-1974.html
URL:linux.oracle.com/errata/ELSA-2014-1976.html
26. Security Updates in Debian (DSA-3094-1)
[10/12/2014] Debian has released security update packages for fixing the vulnerability identified in the bind9 package for multiple versions of Debian GNU/Linux. An attacker could bypass security restrictions, cause a denial of service condition and crash the system.
URL:www.debian.org/security/2014/dsa-3094
27. Security Updates in Gentoo Linux (GLSA 201412-05)
[10/12/2014] Gentoo has released security update packages for fixing the vulnerability identified in the clamav package for multiple versions of Gentoo Linux. An attacker could bypass security restrictions, cause a denial of service condition and crash the system.
URL:www.gentoo.org/security/en/glsa/glsa-201412-05.xml
28. Security Updates in Mageia (MGASA-2014-0515, MGASA-2014-0516, MGASA-2014-0517, MGASA-2014-0518, MGASA-2014-0519, MGASA-2014-0520, MGASA-2014-0521)
[10/12/2014] Mageia has released security update packages for fixing the vulnerabilities identified in the openafs, nodejs, util-linux, iceape, php-pear-HTML_AJAX, graphviz and flash-player-plugin packages for multiple versions of Mageia. Due to multiple errors, an attacker could bypass security restrictions, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the system.
URL:advisories.mageia.org/MGASA-2014-0515.html
URL:advisories.mageia.org/MGASA-2014-0516.html
URL:advisories.mageia.org/MGASA-2014-0517.html
URL:advisories.mageia.org/MGASA-2014-0518.html
URL:advisories.mageia.org/MGASA-2014-0519.html
URL:advisories.mageia.org/MGASA-2014-0520.html
URL:advisories.mageia.org/MGASA-2014-0521.html
29. Security Updates in Red Hat Enterprise Linux (RHSA-2014:1971-1, RHSA-2014:1972-1, RHSA-2014:1974-1, RHSA-2014:1975-1, RHSA-2014:1976-1)
[10/12/2014] Red Hat has released security update packages for fixing the vulnerabilities identified in the kernel and rpm packages for Red Hat Enterprise Linux 5, 6 and 7, and httpd24-httpd package for Red Hat Software Collections 1. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the system.
URL:rhn.redhat.com/errata/RHSA-2014-1971.html
URL:rhn.redhat.com/errata/RHSA-2014-1972.html
URL:rhn.redhat.com/errata/RHSA-2014-1974.html
URL:rhn.redhat.com/errata/RHSA-2014-1975.html
URL:rhn.redhat.com/errata/RHSA-2014-1976.html
30. Security Updates in Ubuntu GNU/Linux (USN-2435-1, USN-2436-1, USN-2437-1)
[10/12/2014] Ubuntu has released security update packages for fixing the vulnerabilities identified in the graphviz, xorg-server, xorg-server-lts-trusty and bind9 packages for versions 10.04 LTS, 12.04 LTS, 14.04 LTS and 14.10 of Ubuntu GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the application.
URL:www.ubuntu.com/usn/usn-2435-1/
URL:www.ubuntu.com/usn/usn-2436-1/
URL:www.ubuntu.com/usn/usn-2437-1/
31. Vulnerability in Microsoft Internet Explorer
[09/12/2014] Vulnerability was identified in the Microsoft Internet Explorer. An attacker could bypass security restrictions, execute arbitrary code and compromise a user's system. This vulnerability affects version 9 of the mentioned product.
URL:www.hkcert.org/my_url/en/alert/14120901
32. Vulnerabilities in ISC BIND (AA-01216, AA-01217)
[09/12/2014] Vulnerabilities were identified in the ISC BIND 9. An attacker could bypass security restrictions, cause a denial of service condition and crash the system. These vulnerabilities affect multiple versions of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:kb.isc.org/article/AA-01216
URL:kb.isc.org/article/AA-01217
URL:www.hkcert.org/my_url/en/alert/14120902
URL:www.us-cert.gov/ncas/current-activity/2014/12/08/ISC-Releases-Security-Updates-BIND
URL:xforce.iss.net/xforce/xfdb/99187
33. Vulnerabilities in IBM WebSphere Application Server (1690185)
[09/12/2014] Vulnerabilities were identified in the IBM WebSphere Application Server. An attacker could bypass security restrictions and obtain sensitive information. These vulnerabilities affect multiple versions of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:www-01.ibm.com/support/docview.wss?uid=swg21690185
34. Vulnerabilities in MediaWiki (99151, 99152)
[09/12/2014] Vulnerabilities were identified in the MediaWiki. An attacker could bypass security restrictions, execute arbitrary code, perform cross-site scripting attacks, cause a denial of service condition and crash the application. These vulnerabilities affect versions prior to 1.23.7 of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:xforce.iss.net/xforce/xfdb/99151
URL:xforce.iss.net/xforce/xfdb/99152
35. Vulnerability in OpenEMR (99153)
[09/12/2014] Vulnerability was identified in the OpenEMR. An attacker could bypass security restrictions, execute arbitrary code and perform code injection attacks. This vulnerability affects version 4.1.2 of the mentioned product.
URL:xforce.iss.net/xforce/xfdb/99153
36. Vulnerabilities in multiple plugins for WordPress (99157, 99158)
[09/12/2014] Vulnerabilities were identified in the Shariff and WP Statistics plugins for WordPress. An attacker could bypass security restrictions, execute arbitrary code and perform cross-site scripting attacks. These vulnerabilities affect multiple versions of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:xforce.iss.net/xforce/xfdb/99157
URL:xforce.iss.net/xforce/xfdb/99158
37. Security Updates in Debian (DSA-3091-1, DSA-3092-1, DSA-3093-1)
[09/12/2014] Debian has released security update packages for fixing the vulnerabilities identified in the getmail4, icedove and linux packages for multiple versions of Debian GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, gain elevated privileges, obtain sensitive information, execute arbitrary code, cause a denial of service condition and crash the system.
URL:www.debian.org/security/2014/dsa-3091
URL:www.debian.org/security/2014/dsa-3092
URL:www.debian.org/security/2014/dsa-3093
38. Security Updates in Gentoo Linux (GLSA 201412-01, GLSA 201412-02, GLSA 201412-03, GLSA 201412-04)
[09/12/2014] Gentoo has released security update packages for fixing the vulnerabilities identified in the qemu, nfs-utils, dovecot and libvirt packages for multiple versions of Gentoo Linux. Due to multiple errors, an attacker could bypass security restrictions, gain elevated privileges, obtain sensitive information, execute arbitrary code, cause a denial of service condition and crash the system.
URL:www.gentoo.org/security/en/glsa/glsa-201412-01.xml
URL:www.gentoo.org/security/en/glsa/glsa-201412-02.xml
URL:www.gentoo.org/security/en/glsa/glsa-201412-03.xml
URL:www.gentoo.org/security/en/glsa/glsa-201412-04.xml
39. Security Updates in SUSE (openSUSE-SU-2014:1594-1, openSUSE-SU-2014:1596-1, SUSE-SU-2014:1605-1)
[09/12/2014] SUSE has released security update packages for fixing the vulnerabilities identified in the openvpn and docker packages of openSUSE 12.3, 13.1 and 13.2, and openvpn package of SUSE Linux Enterprise 11. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the application.
URL:lists.opensuse.org/opensuse-security-announce/2014-12/msg00008.html
URL:lists.opensuse.org/opensuse-security-announce/2014-12/msg00009.html
URL:lists.opensuse.org/opensuse-security-announce/2014-12/msg00010.html
40. Security Updates in Ubuntu GNU/Linux (USN-2434-1, USN-2434-2)
[09/12/2014] Ubuntu has released security update packages for fixing the vulnerabilities identified in the jasper and ghostscript packages for versions 10.04 LTS, 12.04 LTS, 14.04 LTS and 14.10 of Ubuntu GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the application.
URL:www.ubuntu.com/usn/usn-2434-1/
URL:www.ubuntu.com/usn/usn-2434-2/
41. Vulnerability in Microsoft Windows
[08/12/2014] Vulnerability was identified in the Microsoft Windows. An attacker could bypass security restrictions, cause a denial of service condition and crash the system. This vulnerability affects a fully patched Windows 8.1 (win32k.sys version 6.3.9600.17393) and possibly other versions of the mentioned product.
URL:www.hkcert.org/my_url/en/alert/14120502
42. Vulnerabilities in VMware vSphere products (VMSA-2014-0012)
[08/12/2014] Vulnerabilities were identified in the VMware vCenter Server Appliance, VMware vCenter Server and VMware ESXi. An attacker could bypass security restrictions, execute arbitrary code, perform cross-site scripting attacks, cause a denial of service condition and crash the system. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:www.vmware.com/security/advisories/VMSA-2014-0012.html
URL:www.hkcert.org/my_url/en/alert/14120801
URL:www.us-cert.gov/ncas/current-activity/2014/12/05/VMware-Releases-Security-Updates-vCenter-Server-vCenter-Server
43. Vulnerability in KENT-WEB Clip Board (99141)
[08/12/2014] Vulnerability was identified in the KENT-WEB Clip Board. An attacker could bypass security restrictions, execute arbitrary code and perform cross-site scripting attacks. This vulnerability affects versions prior to 3.0 of the mentioned product. Security patches are available to resolve this vulnerability.
URL:xforce.iss.net/xforce/xfdb/99141
44. Vulnerabilities in phpMyAdmin (PMASA-2014-17, PMASA-2014-18)
[08/12/2014] Vulnerabilities were identified in the phpMyAdmin. An attacker could bypass security restrictions, execute arbitrary code, perform cross-site scripting attacks, cause a denial of service condition and crash the application. These vulnerabilities affect multiple versions of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:www.phpmyadmin.net/home_page/security/PMASA-2014-17.php
URL:www.phpmyadmin.net/home_page/security/PMASA-2014-18.php
URL:www.hkcert.org/my_url/en/alert/14120501
45. Vulnerabilities in Zenoss Core (VU#449452)
[08/12/2014] Vulnerabilities were identified in the Zenoss Core. An attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, perform cross-site scripting and cross-site request forgery attacks, cause a denial of service condition and crash the system. These vulnerabilities affect versions prior to 4.2.5 of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:www.kb.cert.org/vuls/id/449452
46. Security Updates in Oracle Linux (ELSA-2014-1959, ELSA-2014-1959-1)
[08/12/2014] Oracle has released security update packages for fixing the vulnerabilities identified in the kernel package for Oracle Linux 5. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the system.
URL:linux.oracle.com/errata/ELSA-2014-1959.html
URL:linux.oracle.com/errata/ELSA-2014-1959-1.html
47. Security Updates in Mageia (MGASA-2014-0508, MGASA-2014-0509, MGASA-2014-0510, MGASA-2014-0511, MGASA-2014-0512, MGASA-2014-0513, MGASA-2014-0514)
[08/12/2014] Mageia has released security update packages for fixing the vulnerabilities identified in the yaml, perl-YAML-LibYAML, mutt, phpmyadmin, tcpdump, openvpn, apache-mod_wsgi and jasper packages for multiple versions of Mageia. Due to multiple errors, an attacker could bypass security restrictions, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the system.
URL:advisories.mageia.org/MGASA-2014-0508.html
URL:advisories.mageia.org/MGASA-2014-0509.html
URL:advisories.mageia.org/MGASA-2014-0510.html
URL:advisories.mageia.org/MGASA-2014-0511.html
URL:advisories.mageia.org/MGASA-2014-0512.html
URL:advisories.mageia.org/MGASA-2014-0513.html
URL:advisories.mageia.org/MGASA-2014-0514.html
48. Security Updates in SUSE (openSUSE-SU-2014:1560-1, openSUSE-SU-2014:1562-1, SUSE-SU-2014:1571-1, SUSE-SU-2014:1574-1)
[08/12/2014] SUSE has released security update packages for fixing the vulnerabilities identified in the clamav and flash-player packages of openSUSE 12.3, 13.1 and 13.2, and clamav package of SUSE Linux Enterprise 10 and 11. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and crash the application.
URL:lists.opensuse.org/opensuse-security-announce/2014-12/msg00003.html
URL:lists.opensuse.org/opensuse-security-announce/2014-12/msg00004.html
URL:lists.opensuse.org/opensuse-security-announce/2014-12/msg00006.html
URL:lists.opensuse.org/opensuse-security-announce/2014-12/msg00007.html
Source(s) of above information:AdobeApple
CiscoDebianFreebsdGentooGoogle Chrome Releases
IBM
ISCJuniperMageiaMicrosoftopenSUSEOraclephpMyAdminRed HatSlackwareUbuntuUS-CERTVMware
1. Vulnerabilities in Apple Safari (HT6596, HT6597)
[12/12/2014] Vulnerabilities were identified in the Apple Safari. An attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code and cause a denial of service condition. These vulnerabilities affect versions prior to 6.2.2, 7.1.2 and 8.0.2 of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:support.apple.com/en-us/HT6596
URL:support.apple.com/en-us/HT6597
2. Security Updates in Oracle Linux (ELSA-2014-1982, ELSA-2014-1983, ELSA-2014-3103, ELSA-2014-3104, ELSA-2014-3105)
[12/12/2014] Oracle has released security update packages for fixing the vulnerabilities identified in the xorg-x11-server and kernel packages for Oracle Linux 5, 6 and 7. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:linux.oracle.com/errata/ELSA-2014-3103.html
URL:linux.oracle.com/errata/ELSA-2014-3104.html
URL:linux.oracle.com/errata/ELSA-2014-3105.html
URL:linux.oracle.com/errata/ELSA-2014-1982.html
URL:linux.oracle.com/errata/ELSA-2014-1983.html
3. Security Updates in Debian (DSA-3096-1, DSA-3097-1, DSA-3098-1)
[12/12/2014] Debian has released security update packages for fixing the vulnerabilities identified in the pdns-recursor, unbound and graphviz packages for multiple versions of Debian GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, execute arbitrary code, cause a denial of service condition and crash the system.
URL:www.debian.org/security/2014/dsa-3096
URL:www.debian.org/security/2014/dsa-3097
URL:www.debian.org/security/2014/dsa-3098
4. Security Updates in Gentoo Linux (GLSA 201412-07, GLSA 201412-08, GLSA 201412-09, GLSA 201412-10,GLSA 201412-11)
[12/12/2014] Gentoo has released security update packages for fixing the vulnerabilities identified in the app-admin/syslog-ng, app-antivirus/bitdefender-console, app-arch/gzip, app-arch/ncompress, app-emulation/emul-linux-x86-baselibs, app-misc/beanstalkd, app-misc/ca-certificates, app-office/gnucash, app-text/dvipng, app-text/gv, dev-db/unixODBC, dev-lang/tk, dev-libs/liblzw, dev-libs/xmlsec, dev-perl/perl-tk, dev-php/PEAR-Mail, dev-php/PEAR-PEAR, dev-php/suhosin, dev-util/insight, dev-util/oprofile, dev-util/qt-creator, dev-util/sourcenav, dev-vcs/gitolite, games-sports/racer-bin, gnome-base/gdm, kde-base/kdm, kde-base/kget, media-gfx/splashutils, media-libs/fmod, media-libs/xine-lib, media-sound/lastfmplayer, media-tv/dvbstreamer, net-analyzer/lft, net-analyzer/sflowtool, net-ftp/lftp, net-im/gg-transport, net-libs/libsoup, net-libs/webkit-gtk, net-mail/mlmmj, net-misc/iputils, net-misc/mrouted, net-misc/rsync, net-misc/vino, sys-apps/acl, sys-apps/pmount, sys-apps/shadow, sys-auth/pam_krb5, sys-block/partimage, sys-cluster/ganglia, sys-cluster/resource-agents, sys-devel/m4, sys-fs/lvm2m, w-plugins/adobe-flash, www-apps/egroupware, www-client/uzbl, x11-apps/xinit, x11-apps/xrdb, x11-libs/gtk+, x11-libs/vte, x11-misc/slim and x11-misc/slock packages for multiple versions of Gentoo Linux. Due to multiple errors, an attacker could bypass security restrictions, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:www.gentoo.org/security/en/glsa/glsa-201412-07.xml
URL:www.gentoo.org/security/en/glsa/glsa-201412-08.xml
URL:www.gentoo.org/security/en/glsa/glsa-201412-09.xml
URL:www.gentoo.org/security/en/glsa/glsa-201412-10.xml
URL:www.gentoo.org/security/en/glsa/glsa-201412-11.xml
5. Security Updates in SUSE (SUSE-SU-2014:1619-1, openSUSE-SU-2014:1621-1, openSUSE-SU-2014:1622-1)
[12/12/2014] SUSE has released security update packages for fixing the vulnerabilities identified in the shim package of SUSE Linux Enterprise 11, and firebird, firebird-classic, firebird-classic-debuginfo, firebird-debuginfo, firebird-debugsource, firebird-devel, firebird-devel-debuginfo, firebird-doc, firebird-filesystem, firebird-superserver, firebird-superserver-debuginfo, libfbclient2, libfbclient2-debuginfo, libfbembed2, libfbembed2-debuginfo, flash-player, flash-player-gnome and flash-player-kde4 packages of openSUSE Evergreen 11.4. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and crash the application.
URL:lists.opensuse.org/opensuse-security-announce/2014-12/msg00011.html
URL:lists.opensuse.org/opensuse-security-announce/2014-12/msg00012.html
URL:lists.opensuse.org/opensuse-security-announce/2014-12/msg00013.html
6. Security Updates in Red Hat Enterprise Linux (RHSA-2014:1982-1, RHSA-2014:1983-1)
[12/12/2014] Red Hat has released security update packages for fixing the vulnerabilities identified in the xorg-x11-server package for Red Hat Enterprise Linux 5, 6 and 7. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:rhn.redhat.com/errata/RHSA-2014-1982.html
URL:rhn.redhat.com/errata/RHSA-2014-1983.html
7. Security Updates in Slackware (SSA:2014-344-01, SSA:2014-344-02, SSA:2014-344-03, SSA:2014-344-04, SSA:2014-344-05, SSA:2014-344-06, SSA:2014-344-07)
[12/12/2014] Slackware has released security update packages for fixing the vulnerabilities identified in the mozilla-firefox, openssh, wpa_supplicant, pidgin, seamonkey, bind and openvpn packages for multiple versions of Slackware Linux. Due to multiple errors, an attacker could bypass security restrictions, gain elevated privileges, obtain sensitive information, execute arbitrary code, cause a denial of service condition and crash the application.
URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2014&m=slackware-security.311336
URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2014&m=slackware-security.377012
URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2014&m=slackware-security.441238
URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2014&m=slackware-security.487293
URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2014&m=slackware-security.490951
URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2014&m=slackware-security.511270
URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2014&m=slackware-security.514137
8. Security Updates in Ubuntu GNU/Linux (USN-2439-1, USN-2440-1)
[12/12/2014] Ubuntu has released security update packages for fixing the vulnerabilities identified in the qemu, qemu-kvm and mutt packages for versions 10.04 LTS, 12.04 LTS, 14.04 LTS and 14.10 of Ubuntu GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the application.
URL:www.ubuntu.com/usn/usn-2439-1/
URL:www.ubuntu.com/usn/usn-2440-1/
9. Information Updates on Microsoft Security Bulletin (MS14-075)
[11/12/2014] Microsoft has updated information on the Security Bulletin for the Microsoft Exchange Server. MS14-075 was revised to remove Download Center link for Microsoft security update 2986475 for Microsoft Exchange Server 2010 Service Pack 3 to address a known issue with the update. Microsoft had removed update 2986475 and recommended that customers uninstalled update 2986475 if they had already installed it.
URL:technet.microsoft.com/library/security/MS14-075
10. Vulnerability in Juniper WLC Series devices (JSA10662)
[11/12/2014] Vulnerability was identified in the Juniper WLC Series devices. An attacker could bypass security restrictions, cause a denial of service condition and crash the system. This vulnerability affects multiple versions of the mentioned products. Security patches are available to resolve this vulnerability.
URL:kb.juniper.net/InfoCenter/index?page=content&id=JSA10662&cat=SIRT_1&actp=LIST
11. Vulnerability in VMware vCloud Automation Center (VMSA-2014-0013)
[11/12/2014] Vulnerability was identified in the VMware vCloud Automation Center. An attacker could bypass security restrictions, gain elevated privileges, execute arbitrary code and compromise an affected system. This vulnerability affects multiple versions of the mentioned product. Security patches are available to resolve this vulnerability.
URL:www.vmware.com/security/advisories/VMSA-2014-0013.html
URL:www.us-cert.gov/ncas/current-activity/2014/12/09/VMware-Releases-Updates-vCAC
12. Security Updates in Debian (DSA-3095-1)
[11/12/2014] Debian has released security update packages for fixing the vulnerabilities identified in the xorg-server package for multiple versions of Debian GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, gain elevated privileges, cause a denial of service condition and crash the system.
URL:www.debian.org/security/2014/dsa-3095
13. Security Updates in FreeBSD (FreeBSD-SA-14:27.stdio, FreeBSD-SA-14:28.file, FreeBSD-SA-14:29.bind)
[11/12/2014] FreeBSD has released security update packages for fixing the vulnerabilities identified in the libc, file and bind packages for multiple versions of FreeBSD. Due to multiple errors, an attacker could bypass security restrictions, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the system.
URL:www.freebsd.org/security/advisories/FreeBSD-SA-14:27.stdio.asc
URL:www.freebsd.org/security/advisories/FreeBSD-SA-14:28.file.asc
URL:www.freebsd.org/security/advisories/FreeBSD-SA-14:29.bind.asc
14. Security Updates in Gentoo Linux (GLSA 201412-06)
[11/12/2014] Gentoo has released security update packages for fixing the vulnerability identified in the libxml2 package for multiple versions of Gentoo Linux. An attacker could bypass security restrictions, cause a denial of service condition and crash the system.
URL:www.gentoo.org/security/en/glsa/glsa-201412-06.xml
15. Security Updates in Mageia (MGASA-2014-0522, MGASA-2014-0523, MGASA-2014-0524)
[11/12/2014] Mageia has released security update packages for fixing the vulnerabilities identified in the pdns-recursor, firebird and bind packages for multiple versions of Mageia. Due to multiple errors, an attacker could bypass security restrictions, cause a denial of service condition and crash the system.
URL:advisories.mageia.org/MGASA-2014-0522.html
URL:advisories.mageia.org/MGASA-2014-0523.html
URL:advisories.mageia.org/MGASA-2014-0524.html
16. Security Updates in Red Hat Enterprise Linux (RHSA-2014:1981-1)
[11/12/2014] Red Hat has released security update packages for fixing the vulnerabilities identified in the Adobe Flash Player package for Red Hat Enterprise Linux 5 and 6. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the system.
URL:rhn.redhat.com/errata/RHSA-2014-1981.html
17. Security Updates in Ubuntu GNU/Linux (USN-2436-2, USN-2438-1)
[11/12/2014] Ubuntu has released security update packages for fixing the vulnerabilities identified in the xorg-server, xorg-server-lts-trusty, nvidia-graphics-drivers-304, nvidia-graphics-drivers-304-updates, nvidia-graphics-drivers-331 and nvidia-graphics-drivers-331-updates packages for versions 12.04 LTS, 14.04 LTS and 14.10 of Ubuntu GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the application.
URL:www.ubuntu.com/usn/usn-2436-2/
URL:www.ubuntu.com/usn/usn-2438-1/
18. Vulnerabilities in Microsoft Products (3009712, 3008923, 3017301, 3017349, 3017347, 3016711, 3013126)
[10/12/2014] Vulnerabilities were identified in the Microsoft Exchange Server, Internet Explorer, Microsoft Word, Microsoft Office Web Apps, Microsoft Office, Microsoft Excel, Microsoft Windows Server, Microsoft SharePoint Server, Microsoft Windows and VBScript scripting engine in Microsoft Windows. An attacker could bypass security restrictions, gain elevated privileges, obtain sensitive information and execute arbitrary code. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:technet.microsoft.com/library/security/ms14-dec
URL:technet.microsoft.com/library/security/MS14-075
URL:technet.microsoft.com/library/security/ms14-080
URL:technet.microsoft.com/library/security/ms14-081
URL:technet.microsoft.com/library/security/ms14-082
URL:technet.microsoft.com/library/security/ms14-083
URL:technet.microsoft.com/library/security/ms14-084
URL:technet.microsoft.com/library/security/ms14-085
URL:www.hkcert.org/my_url/en/alert/14121001
URL:www.hkcert.org/my_url/en/alert/14121002
URL:www.hkcert.org/my_url/en/alert/14121003
URL:www.hkcert.org/my_url/en/alert/14121004
URL:www.hkcert.org/my_url/en/alert/14121005
URL:www.hkcert.org/my_url/en/alert/14121006
URL:www.hkcert.org/my_url/en/alert/14121007
URL:www.us-cert.gov/ncas/current-activity/2014/12/09/Microsoft-Releases-December-2014-Security-Bulletin
URL:xforce.iss.net/xforce/xfdb/98375
URL:xforce.iss.net/xforce/xfdb/98377
URL:xforce.iss.net/xforce/xfdb/98465
URL:xforce.iss.net/xforce/xfdb/98954
19. Information Updates on Microsoft Security Advisory (3009008)
[10/12/2014] Microsoft has updated information on the Advisory for the Microsoft Windows. KB3009008 announced the availability of SSL 3.0 fallback warnings in Internet Explorer 11.
URL:technet.microsoft.com/library/security/3009008.aspx
20. Vulnerabilities in Adobe Products (APSB14-27, APSB14-28, APSB14-29)
[10/12/2014] Vulnerabilities were identified in the Adobe Flash Player, Adobe Reader, Adobe Acrobat and ColdFusion. An attacker could bypass security restriction, execute arbitrary code and compromise a vulnerable system. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:helpx.adobe.com/security/products/flash-player/apsb14-27.html
URL:helpx.adobe.com/security/products/reader/apsb14-28.html
URL:helpx.adobe.com/security/products/coldfusion/apsb14-29.html
URL:technet.microsoft.com/library/security/2755801.aspx
URL:www.hkcert.org/my_url/en/alert/14121008
URL:www.hkcert.org/my_url/en/alert/14121009
URL:www.hkcert.org/my_url/en/alert/14121010
URL:www.us-cert.gov/ncas/current-activity/2014/12/09/Adobe-Releases-Security-Updates-Reader-and-Acrobat
21. Vulnerabilities in Apple iOS (HT6598)
[10/12/2014] Vulnerabilities were identified in the Apple iOS. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code and cause a denial of service condition. These vulnerabilities affect versions prior to 8.1.2 of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:support.apple.com/en-us/HT6598
22. Vulnerability in Cisco Unified Communications Domain Manager
[10/12/2014] Vulnerability was identified in the Cisco Unified Communications Domain Manager. An attacker could bypass security restrictions, gain elevated privileges and execute arbitrary code. This vulnerability affects multiple versions of the mentioned product. Security patches are available to resolve this vulnerability.
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8010
23. Vulnerabilities in Google Chrome
[10/12/2014] Vulnerabilities were identified in the Google Chrome. An attacker could bypass security restrictions, gain elevated privileges, execute arbitrary code and compromise an affected system. These vulnerabilities affect versions prior to 39.0.2171.95 of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:googlechromereleases.blogspot.hk/2014/12/stable-channel-update.html
URL:www.hkcert.org/my_url/en/alert/14121011
24. Vulnerability in OpenSSL Transport Layer Security Implementations
[10/12/2014] Vulnerability was identified in the OpenSSL Transport Layer Security (TLS) Implementations. An attacker could bypass security restrictions and obtain sensitive information. This vulnerability affects multiple versions of the mentioned product.
URL:www.us-cert.gov/ncas/current-activity/2014/12/09/Certain-TLS-Implementations-Vulnerable-POODLE-Attacks
25. Security Updates in Oracle Linux (ELSA-2014-1971, ELSA-2014-1974, ELSA-2014-1976)
[10/12/2014] Oracle has released security update packages for fixing the vulnerabilities identified in the kernel and rpm packages for Oracle Linux 5, 6 and 7. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the system.
URL:linux.oracle.com/errata/ELSA-2014-1971.html
URL:linux.oracle.com/errata/ELSA-2014-1974.html
URL:linux.oracle.com/errata/ELSA-2014-1976.html
26. Security Updates in Debian (DSA-3094-1)
[10/12/2014] Debian has released security update packages for fixing the vulnerability identified in the bind9 package for multiple versions of Debian GNU/Linux. An attacker could bypass security restrictions, cause a denial of service condition and crash the system.
URL:www.debian.org/security/2014/dsa-3094
27. Security Updates in Gentoo Linux (GLSA 201412-05)
[10/12/2014] Gentoo has released security update packages for fixing the vulnerability identified in the clamav package for multiple versions of Gentoo Linux. An attacker could bypass security restrictions, cause a denial of service condition and crash the system.
URL:www.gentoo.org/security/en/glsa/glsa-201412-05.xml
28. Security Updates in Mageia (MGASA-2014-0515, MGASA-2014-0516, MGASA-2014-0517, MGASA-2014-0518, MGASA-2014-0519, MGASA-2014-0520, MGASA-2014-0521)
[10/12/2014] Mageia has released security update packages for fixing the vulnerabilities identified in the openafs, nodejs, util-linux, iceape, php-pear-HTML_AJAX, graphviz and flash-player-plugin packages for multiple versions of Mageia. Due to multiple errors, an attacker could bypass security restrictions, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the system.
URL:advisories.mageia.org/MGASA-2014-0515.html
URL:advisories.mageia.org/MGASA-2014-0516.html
URL:advisories.mageia.org/MGASA-2014-0517.html
URL:advisories.mageia.org/MGASA-2014-0518.html
URL:advisories.mageia.org/MGASA-2014-0519.html
URL:advisories.mageia.org/MGASA-2014-0520.html
URL:advisories.mageia.org/MGASA-2014-0521.html
29. Security Updates in Red Hat Enterprise Linux (RHSA-2014:1971-1, RHSA-2014:1972-1, RHSA-2014:1974-1, RHSA-2014:1975-1, RHSA-2014:1976-1)
[10/12/2014] Red Hat has released security update packages for fixing the vulnerabilities identified in the kernel and rpm packages for Red Hat Enterprise Linux 5, 6 and 7, and httpd24-httpd package for Red Hat Software Collections 1. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the system.
URL:rhn.redhat.com/errata/RHSA-2014-1971.html
URL:rhn.redhat.com/errata/RHSA-2014-1972.html
URL:rhn.redhat.com/errata/RHSA-2014-1974.html
URL:rhn.redhat.com/errata/RHSA-2014-1975.html
URL:rhn.redhat.com/errata/RHSA-2014-1976.html
30. Security Updates in Ubuntu GNU/Linux (USN-2435-1, USN-2436-1, USN-2437-1)
[10/12/2014] Ubuntu has released security update packages for fixing the vulnerabilities identified in the graphviz, xorg-server, xorg-server-lts-trusty and bind9 packages for versions 10.04 LTS, 12.04 LTS, 14.04 LTS and 14.10 of Ubuntu GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the application.
URL:www.ubuntu.com/usn/usn-2435-1/
URL:www.ubuntu.com/usn/usn-2436-1/
URL:www.ubuntu.com/usn/usn-2437-1/
31. Vulnerability in Microsoft Internet Explorer
[09/12/2014] Vulnerability was identified in the Microsoft Internet Explorer. An attacker could bypass security restrictions, execute arbitrary code and compromise a user's system. This vulnerability affects version 9 of the mentioned product.
URL:www.hkcert.org/my_url/en/alert/14120901
32. Vulnerabilities in ISC BIND (AA-01216, AA-01217)
[09/12/2014] Vulnerabilities were identified in the ISC BIND 9. An attacker could bypass security restrictions, cause a denial of service condition and crash the system. These vulnerabilities affect multiple versions of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:kb.isc.org/article/AA-01216
URL:kb.isc.org/article/AA-01217
URL:www.hkcert.org/my_url/en/alert/14120902
URL:www.us-cert.gov/ncas/current-activity/2014/12/08/ISC-Releases-Security-Updates-BIND
URL:xforce.iss.net/xforce/xfdb/99187
33. Vulnerabilities in IBM WebSphere Application Server (1690185)
[09/12/2014] Vulnerabilities were identified in the IBM WebSphere Application Server. An attacker could bypass security restrictions and obtain sensitive information. These vulnerabilities affect multiple versions of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:www-01.ibm.com/support/docview.wss?uid=swg21690185
34. Vulnerabilities in MediaWiki (99151, 99152)
[09/12/2014] Vulnerabilities were identified in the MediaWiki. An attacker could bypass security restrictions, execute arbitrary code, perform cross-site scripting attacks, cause a denial of service condition and crash the application. These vulnerabilities affect versions prior to 1.23.7 of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:xforce.iss.net/xforce/xfdb/99151
URL:xforce.iss.net/xforce/xfdb/99152
35. Vulnerability in OpenEMR (99153)
[09/12/2014] Vulnerability was identified in the OpenEMR. An attacker could bypass security restrictions, execute arbitrary code and perform code injection attacks. This vulnerability affects version 4.1.2 of the mentioned product.
URL:xforce.iss.net/xforce/xfdb/99153
36. Vulnerabilities in multiple plugins for WordPress (99157, 99158)
[09/12/2014] Vulnerabilities were identified in the Shariff and WP Statistics plugins for WordPress. An attacker could bypass security restrictions, execute arbitrary code and perform cross-site scripting attacks. These vulnerabilities affect multiple versions of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:xforce.iss.net/xforce/xfdb/99157
URL:xforce.iss.net/xforce/xfdb/99158
37. Security Updates in Debian (DSA-3091-1, DSA-3092-1, DSA-3093-1)
[09/12/2014] Debian has released security update packages for fixing the vulnerabilities identified in the getmail4, icedove and linux packages for multiple versions of Debian GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, gain elevated privileges, obtain sensitive information, execute arbitrary code, cause a denial of service condition and crash the system.
URL:www.debian.org/security/2014/dsa-3091
URL:www.debian.org/security/2014/dsa-3092
URL:www.debian.org/security/2014/dsa-3093
38. Security Updates in Gentoo Linux (GLSA 201412-01, GLSA 201412-02, GLSA 201412-03, GLSA 201412-04)
[09/12/2014] Gentoo has released security update packages for fixing the vulnerabilities identified in the qemu, nfs-utils, dovecot and libvirt packages for multiple versions of Gentoo Linux. Due to multiple errors, an attacker could bypass security restrictions, gain elevated privileges, obtain sensitive information, execute arbitrary code, cause a denial of service condition and crash the system.
URL:www.gentoo.org/security/en/glsa/glsa-201412-01.xml
URL:www.gentoo.org/security/en/glsa/glsa-201412-02.xml
URL:www.gentoo.org/security/en/glsa/glsa-201412-03.xml
URL:www.gentoo.org/security/en/glsa/glsa-201412-04.xml
39. Security Updates in SUSE (openSUSE-SU-2014:1594-1, openSUSE-SU-2014:1596-1, SUSE-SU-2014:1605-1)
[09/12/2014] SUSE has released security update packages for fixing the vulnerabilities identified in the openvpn and docker packages of openSUSE 12.3, 13.1 and 13.2, and openvpn package of SUSE Linux Enterprise 11. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the application.
URL:lists.opensuse.org/opensuse-security-announce/2014-12/msg00008.html
URL:lists.opensuse.org/opensuse-security-announce/2014-12/msg00009.html
URL:lists.opensuse.org/opensuse-security-announce/2014-12/msg00010.html
40. Security Updates in Ubuntu GNU/Linux (USN-2434-1, USN-2434-2)
[09/12/2014] Ubuntu has released security update packages for fixing the vulnerabilities identified in the jasper and ghostscript packages for versions 10.04 LTS, 12.04 LTS, 14.04 LTS and 14.10 of Ubuntu GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the application.
URL:www.ubuntu.com/usn/usn-2434-1/
URL:www.ubuntu.com/usn/usn-2434-2/
41. Vulnerability in Microsoft Windows
[08/12/2014] Vulnerability was identified in the Microsoft Windows. An attacker could bypass security restrictions, cause a denial of service condition and crash the system. This vulnerability affects a fully patched Windows 8.1 (win32k.sys version 6.3.9600.17393) and possibly other versions of the mentioned product.
URL:www.hkcert.org/my_url/en/alert/14120502
42. Vulnerabilities in VMware vSphere products (VMSA-2014-0012)
[08/12/2014] Vulnerabilities were identified in the VMware vCenter Server Appliance, VMware vCenter Server and VMware ESXi. An attacker could bypass security restrictions, execute arbitrary code, perform cross-site scripting attacks, cause a denial of service condition and crash the system. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:www.vmware.com/security/advisories/VMSA-2014-0012.html
URL:www.hkcert.org/my_url/en/alert/14120801
URL:www.us-cert.gov/ncas/current-activity/2014/12/05/VMware-Releases-Security-Updates-vCenter-Server-vCenter-Server
43. Vulnerability in KENT-WEB Clip Board (99141)
[08/12/2014] Vulnerability was identified in the KENT-WEB Clip Board. An attacker could bypass security restrictions, execute arbitrary code and perform cross-site scripting attacks. This vulnerability affects versions prior to 3.0 of the mentioned product. Security patches are available to resolve this vulnerability.
URL:xforce.iss.net/xforce/xfdb/99141
44. Vulnerabilities in phpMyAdmin (PMASA-2014-17, PMASA-2014-18)
[08/12/2014] Vulnerabilities were identified in the phpMyAdmin. An attacker could bypass security restrictions, execute arbitrary code, perform cross-site scripting attacks, cause a denial of service condition and crash the application. These vulnerabilities affect multiple versions of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:www.phpmyadmin.net/home_page/security/PMASA-2014-17.php
URL:www.phpmyadmin.net/home_page/security/PMASA-2014-18.php
URL:www.hkcert.org/my_url/en/alert/14120501
45. Vulnerabilities in Zenoss Core (VU#449452)
[08/12/2014] Vulnerabilities were identified in the Zenoss Core. An attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, perform cross-site scripting and cross-site request forgery attacks, cause a denial of service condition and crash the system. These vulnerabilities affect versions prior to 4.2.5 of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:www.kb.cert.org/vuls/id/449452
46. Security Updates in Oracle Linux (ELSA-2014-1959, ELSA-2014-1959-1)
[08/12/2014] Oracle has released security update packages for fixing the vulnerabilities identified in the kernel package for Oracle Linux 5. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the system.
URL:linux.oracle.com/errata/ELSA-2014-1959.html
URL:linux.oracle.com/errata/ELSA-2014-1959-1.html
47. Security Updates in Mageia (MGASA-2014-0508, MGASA-2014-0509, MGASA-2014-0510, MGASA-2014-0511, MGASA-2014-0512, MGASA-2014-0513, MGASA-2014-0514)
[08/12/2014] Mageia has released security update packages for fixing the vulnerabilities identified in the yaml, perl-YAML-LibYAML, mutt, phpmyadmin, tcpdump, openvpn, apache-mod_wsgi and jasper packages for multiple versions of Mageia. Due to multiple errors, an attacker could bypass security restrictions, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the system.
URL:advisories.mageia.org/MGASA-2014-0508.html
URL:advisories.mageia.org/MGASA-2014-0509.html
URL:advisories.mageia.org/MGASA-2014-0510.html
URL:advisories.mageia.org/MGASA-2014-0511.html
URL:advisories.mageia.org/MGASA-2014-0512.html
URL:advisories.mageia.org/MGASA-2014-0513.html
URL:advisories.mageia.org/MGASA-2014-0514.html
48. Security Updates in SUSE (openSUSE-SU-2014:1560-1, openSUSE-SU-2014:1562-1, SUSE-SU-2014:1571-1, SUSE-SU-2014:1574-1)
[08/12/2014] SUSE has released security update packages for fixing the vulnerabilities identified in the clamav and flash-player packages of openSUSE 12.3, 13.1 and 13.2, and clamav package of SUSE Linux Enterprise 10 and 11. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and crash the application.
URL:lists.opensuse.org/opensuse-security-announce/2014-12/msg00003.html
URL:lists.opensuse.org/opensuse-security-announce/2014-12/msg00004.html
URL:lists.opensuse.org/opensuse-security-announce/2014-12/msg00006.html
URL:lists.opensuse.org/opensuse-security-announce/2014-12/msg00007.html
Source(s) of above information:AdobeApple
CiscoDebianFreebsdGentooGoogle Chrome Releases
IBM
ISCJuniperMageiaMicrosoftopenSUSEOraclephpMyAdminRed HatSlackwareUbuntuUS-CERTVMware
Subscribe to:
Posts (Atom)