1. Vulnerability
in Apple Xcode (APPLE-SA-2014-12-18-1)
[19/12/2014] Vulnerability was identified in the Apple OS X Mavericks
Xcode. An attacker could bypass security restrictions and execute arbitrary
code. This vulnerability affects versions prior to 6.2 beta 3 of the mentioned
product. Security patches are available to resolve this
vulnerability.
URL:support.apple.com/en-us/HT204147
2. Vulnerability in Cisco IronPort Email Security
Appliance
[19/12/2014]
Vulnerability was identified in the Cisco
IronPort Email Security Appliance. An attacker could bypass security
restrictions, cause a denial of service condition and crash the system. This
vulnerability affects multiple firmware versions of the mentioned product.
Security patches are available to resolve this
vulnerability.
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8016
3. Vulnerabilities in Novell Products (5196930, 5197070,
5197071, 5197072)
[19/12/2014] Vulnerabilities were identified in the Novell NetIQ
eDirectory, Novell iManager and Novell GroupWise. An attacker could bypass
security restrictions, obtain sensitive information, execute arbitrary code,
cause a denial of service condition and crash the application. These
vulnerabilities affect multiple versions of the mentioned products. Security
patches are available to resolve these
vulnerabilities.
URL:download.novell.com/Download?buildid=3dJODsdcDKE~
URL:download.novell.com/Download?buildid=gHTDteZoK34~
URL:download.novell.com/Download?buildid=mdWLZGP0Glk~
URL:download.novell.com/Download?buildid=tveSooKDw3Q~
4. Vulnerabilities in F5 Products
(SOLl15920)
[19/12/2014] Vulnerabilities were identified in the BIG-IP LTM, BIG-IP
APM, BIG-IP ASM, BIG-IP Edge Gateway, BIG-IP GTM, BIG-IP Link Controller, BIG-IP
PSM, BIG-IP WebAccelerator, BIG-IP WOM, ARX and Enterprise Manager. An attacker
could bypass security restrictions, cause a denial of service condition and
crash the application. These vulnerabilities affect multiple versions of the
mentioned
products.
URL:support.f5.com/kb/en-us/solutions/public/15000/900/sol15920.html
5. Vulnerability in Dell iDRAC
(VU#843044)
[19/12/2014] Vulnerability was identified in the Dell iDRAC Intelligent
Platform Management Interface (IPMI). An attacker could bypass security
restrictions, gain elevated privileges and execute arbitrary code. This
vulnerability affects version 1.5 of the mentioned product. Security patches are
available to resolve this
vulnerability.
URL:www.kb.cert.org/vuls/id/843044
6. Vulnerabilities in Ettercap (99314, 99315, 99316,
99317, 99319)
[19/12/2014] Vulnerabilities were identified in Ettercap. An attacker
could bypass security restrictions, execute arbitrary code, cause a denial of
service condition and crash the system. These vulnerabilities affect versions
8.0 and 8.1 of the mentioned
products.
URL:xforce.iss.net/xforce/xfdb/99314
URL:xforce.iss.net/xforce/xfdb/99315
URL:xforce.iss.net/xforce/xfdb/99316
URL:xforce.iss.net/xforce/xfdb/99317
URL:xforce.iss.net/xforce/xfdb/99319
7. Security Updates in Oracle Products (ELSA-2014-2008,
ELSA-2014-2008-1, ELSA-2014-2010, ELSA-2014-2021, ELSA-2014-3107,
ELSA-2014-3108)
[19/12/2014] Oracle has
released security update packages for fixing the vulnerabilities identified in
the kernel, jasper and Unbreakable Enterprise kernel packages for Oracle Linux
5, 6 and 7. Due to multiple errors, an attacker could bypass security
restrictions, obtain sensitive information, gain elevated privileges, execute
arbitrary code, cause a denial of service condition and compromise the
system.
URL:linux.oracle.com/errata/ELSA-2014-2008.html
URL:linux.oracle.com/errata/ELSA-2014-2008-1.html
URL:linux.oracle.com/errata/ELSA-2014-2010.html
URL:linux.oracle.com/errata/ELSA-2014-2021.html
URL:linux.oracle.com/errata/ELSA-2014-3107.html
URL:linux.oracle.com/errata/ELSA-2014-3108.html
8. Security Updates in Gentoo Linux (GLSA
201412-31)
[19/12/2014]
Gentoo has released security update packages for
fixing the vulnerabilities identified in the znc package for multiple versions
of Gentoo Linux. Due to multiple errors, an attacker could bypass security
restrictions, cause a denial of service condition and crash the
system.
URL:www.gentoo.org/security/en/glsa/glsa-201412-31.xml
9. Security Updates in Red Hat Enterprise Linux
(RHSA-2014:2010-1, RHSA-2014:2019-1)
[19/12/2014] Red Hat
has released security update packages for fixing the vulnerabilities identified
in the kernel package for Red Hat Enterprise Linux 7, and Red Hat JBoss
Enterprise Application Platform 6.3.2 package for Red Hat Enterprise Linux 5, 6
and 7. Due to multiple errors, an attacker could bypass security restrictions,
gain elevated privileges and obtain sensitive
information.
URL:rhn.redhat.com/errata/RHSA-2014-2010.html
URL:rhn.redhat.com/errata/RHSA-2014-2019.html
10.
Vulnerabilities in Cisco
Products
[18/12/2014]
Vulnerabilities were identified in the Cisco
Adaptive Security Appliance (ASA) Software and Cisco IOS XR Software. An
attacker could bypass security restrictions, execute arbitrary code, cause a
denial of service condition and crash the system. These vulnerabilities affect
multiple firmware versions of the mentioned products. Security patches are
available to resolve these
vulnerabilities.
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8012
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8014
11.
Vulnerabilities in IBM Products (1684475,
1692358)
[18/12/2014]
Vulnerabilities were identified in the IBM
Security Access Manager for Mobile, IBM Security Access Manager for Web, IBM DB2
Express Edition, IBM DB2 Workgroup Server Edition, IBM DB2 Enterprise Server
Edition, IBM DB2 Advanced Enterprise Server Edition, IBM DB2 Advanced Workgroup
Server Edition, IBM DB2 Connect Application Server Edition, IBM DB2 Connect
Enterprise Edition, IBM DB2 Connect Unlimited Edition for System i and IBM DB2
Connect Unlimited Edition for System z. An attacker could bypass security
restrictions, gain elevated privileges, obtain sensitive information, execute
arbitrary code, cause a denial of service condition and crash the application.
These vulnerabilities affect multiple versions of the mentioned products.
Security patches are available to resolve these
vulnerabilities.
URL:www-01.ibm.com/support/docview.wss?uid=swg21684475
URL:www-01.ibm.com/support/docview.wss?uid=swg21692358
URL:xforce.iss.net/xforce/xfdb/95729
URL:xforce.iss.net/xforce/xfdb/95811
URL:xforce.iss.net/xforce/xfdb/99110
12.
Vulnerabilities in Novell NetIQ Access
Manager (5197170)
[18/12/2014] Vulnerabilities were identified in the Novell NetIQ Access
Manager. An attacker could bypass security restrictions, obtain sensitive
information, execute arbitrary code, cause a denial of service condition and
crash the application. These vulnerabilities affect versions 4.0 and 4.0.1 of
the mentioned product. Security patches are available to resolve these
vulnerabilities.
URL:download.novell.com/Download?buildid=i7RBltaqcVw~
13.
Vulnerabilities in Huawei eSpace Desktop
Products (Huawei-SA-20141217-espace)
[18/12/2014] Vulnerabilities were identified in multiple Huawei eSpace
Desktop products. An attacker could bypass security restrictions, execute
arbitrary code, cause a denial of service condition and crash the system. These
vulnerabilities affect multiple versions of the mentioned products. Security
patches are available to resolve these
vulnerabilities.
URL:www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-406589.htm
14.
Security Updates in Oracle Products
(ELSA-2014-1997)
[18/12/2014] Oracle has
released security update packages for fixing the vulnerabilities identified in
the kernel package for Oracle Linux 6. Due to multiple errors, an attacker could
bypass security restrictions, obtain sensitive information, gain elevated
privileges, execute arbitrary code, cause a denial of service condition and
compromise the
system.
URL:linux.oracle.com/errata/ELSA-2014-1997.html
15.
Security Updates in Debian (DSA-3104-1,
DSA-3105-1)
[18/12/2014] Debian has
released security update packages for fixing the vulnerabilities identified in
the bsd-mailx and heirloom-mailx packages for multiple versions of Debian
GNU/Linux. Due to multiple errors, an attacker could bypass security
restrictions and execute arbitrary
code.
URL:www.debian.org/security/2014/dsa-3104
URL:www.debian.org/security/2014/dsa-3105
16.
Security Updates in FreeBSD
(FreeBSD-SA-14:30.unbound)
[18/12/2014] FreeBSD
has released security update packages for fixing the vulnerability identified in
the unbound package for multiple versions of FreeBSD. An attacker could bypass
security restrictions, cause a denial of service condition and crash the
system.
URL:www.freebsd.org/security/advisories/FreeBSD-SA-14:30.unbound.asc
17.
Security Updates in Red Hat Enterprise
Linux (RHSA-2014:2008-1, RHSA-2014:2009-1)
[18/12/2014] Red Hat
has released security update packages for fixing the vulnerability identified in
the kernel package for Red Hat Enterprise Linux 5 and 6.5 Extended Update
Support. An attacker could bypass security restrictions and gain elevated
privileges.
URL:rhn.redhat.com/errata/RHSA-2014-2008.html
URL:rhn.redhat.com/errata/RHSA-2014-2009.html
18.
Vulnerability in Cisco ISB8320-E IP Only
DVR
[17/12/2014] Vulnerability was identified in the Cisco ISB8320-E IP
Only DVR. An attacker could bypass security restrictions and compromise the
system. This vulnerability affects multiple firmware versions of the mentioned
product. Security patches are available to resolve this
vulnerability.
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8006
19.
Vulnerabilities in IBM Products (1690553,
1690554, 1690780)
[17/12/2014] Vulnerabilities were identified in the IBM Business Process
Manager, IBM WebSphere Process Server and IBM WebSphere Enterprise Service Bus.
An attacker could bypass security restrictions, gain elevated privileges, obtain
sensitive information, execute arbitrary code and perform cross-site scripting
attacks. These vulnerabilities affect multiple versions of the mentioned
products. Security patches are available to resolve these
vulnerabilities.
URL:www-01.ibm.com/support/docview.wss?uid=swg21690553
URL:www-01.ibm.com/support/docview.wss?uid=swg21690554
URL:www-01.ibm.com/support/docview.wss?uid=swg21690780
URL:xforce.iss.net/xforce/xfdb/95724
URL:xforce.iss.net/xforce/xfdb/98418
URL:xforce.iss.net/xforce/xfdb/98488
20.
Vulnerabilities in Novell Products
(5196292, 5196310, 5196311, 5196312, 5196313,
5196930)
[17/12/2014]
Vulnerabilities were identified in the Novell
iManager and Novell NetIQ eDirectory. An attacker could bypass security
restrictions, obtain sensitive information, execute arbitrary code, cause a
denial of service condition and crash the application. These vulnerabilities
affect multiple versions of the mentioned products. Security patches are
available to resolve these
vulnerabilities.
URL:download.novell.com/Download?buildid=3dJODsdcDKE~
URL:download.novell.com/Download?buildid=anuuh6CDWX8~
URL:download.novell.com/Download?buildid=Mh8CRo1Ljh8~
URL:download.novell.com/Download?buildid=nlOmW2y333Q~
URL:download.novell.com/Download?buildid=q4S96klvwhE~
URL:download.novell.com/Download?buildid=STisn28FRWs~
21.
Vulnerability in Symantec Web Gateway
Appliance (SYM14-016)
[17/12/2014] Vulnerability was identified in the Symantec Web Gateway
Appliance. An attacker could bypass security restrictions and execute arbitrary
code. This vulnerability affects firmware versions prior to 5.2.2 of the
mentioned product. Security patches are available to resolve this
vulnerability.
URL:www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20141216_00
22.
Vulnerability in DokuWiki
(99291)
[17/12/2014]
Vulnerability was identified in the DokuWiki. An
attacker could bypass security restrictions, execute arbitrary code and perform
cross-site scripting attacks. This vulnerability affects versions prior to
2014-09-29b of the mentioned product. Security patches are available to resolve
this
vulnerability.
URL:xforce.iss.net/xforce/xfdb/99291
23.
Vulnerability in Google Analytics module
for Drupal (SA-CONTRIB-2014-119)
[17/12/2014] Vulnerability was identified in the Google Analytics module
for Drupal. An attacker could bypass security restrictions and obtain sensitive
information. This vulnerability affects version 7.x-2.0 of the mentioned
product. Security patches are available to resolve this
vulnerability.
URL:www.drupal.org/node/2390689
URL:xforce.iss.net/xforce/xfdb/99295
24.
Vulnerability in GNU Glibc
(99289)
[17/12/2014]
Vulnerability was identified in the GNU Glibc.
An attacker could bypass security restrictions, cause a denial of service
condition and crash the application. This vulnerability affects version 2.11.3
of the mentioned
product.
URL:xforce.iss.net/xforce/xfdb/99289
25.
Vulnerability in Python
(99294)
[17/12/2014]
Vulnerability was identified in the Python. An
attacker could bypass security restrictions and obtain sensitive information.
This vulnerability affects multiple versions of the mentioned product. Security
patches are available to resolve this
vulnerability.
URL:xforce.iss.net/xforce/xfdb/99294
26.
Security Updates in Oracle Products
(ELSA-2014-1999)
[17/12/2014] Oracle has
released security update packages for fixing the vulnerabilities identified in
the Net-SNMP, Libcurl, Sendmail, Kerberos, Firefox, Jinja2 and Puppet packages
for Oracle Solaris 10 and 11.2, and mailx package for Oracle Linux 6 and 7. Due
to multiple errors, an attacker could bypass security restrictions, obtain
sensitive information, gain elevated privileges, execute arbitrary code, cause a
denial of service condition and compromise the
system.
URL:blogs.oracle.com/sunsecurity/entry/cve_2012_2141_denial_of
URL:blogs.oracle.com/sunsecurity/entry/cve_2014_2285_input_validation
URL:blogs.oracle.com/sunsecurity/entry/cve_2014_3565_resource_management
URL:blogs.oracle.com/sunsecurity/entry/cve_2014_3707_information_disclosure
URL:blogs.oracle.com/sunsecurity/entry/cve_2014_3956_information_disclosure
URL:blogs.oracle.com/sunsecurity/entry/multiple_buffer_errors_vulnerabilities_in4
URL:blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_fixed_in_firefox1
URL:blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_jinja2
URL:blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_puppet1
URL:linux.oracle.com/errata/ELSA-2014-1999.html
27.
Security Updates in Red Hat Enterprise
Linux (RHSA-2014:1997-1, RHSA-2014:1998-1, RHSA-2014:1999-1,
RHSA-2014:2000-1)
[17/12/2014] Red Hat
has released security update packages for fixing the vulnerabilities identified
in the kernel, kernel-rt, mailx and thermostat1-thermostat packages for Red Hat
Enterprise Linux 6 and 7. Due to multiple errors, an attacker could bypass
security restrictions, gain elevated privileges, execute arbitrary code, cause a
denial of service condition and crash the
system.
URL:rhn.redhat.com/errata/RHSA-2014-1997.html
URL:rhn.redhat.com/errata/RHSA-2014-1998.html
URL:rhn.redhat.com/errata/RHSA-2014-1999.html
URL:rhn.redhat.com/errata/RHSA-2014-2000.html
28.
Vulnerability in Apache HTTP
Server
[16/12/2014]
Vulnerability was identified in the Apache HTTP
Server. An attacker could bypass security restrictions, cause a denial of
service condition and crash the application. This vulnerability affects version
2.4.10 of the mentioned product. Security patches are available to resolve this
vulnerability.
URL:httpd.apache.org/security/vulnerabilities_24.html
URL:www.hkcert.org/my_url/en/alert/14121601
29.
Vulnerabilities in CA LISA Release
Automation
[16/12/2014]
Vulnerabilities were identified in the CA LISA
Release Automation. An attacker could bypass security restrictions, gain
elevated privileges, execute arbitrary code, perform code injection, cross-site
scripting and cross-site request forgery attacks. These vulnerabilities affect
version 4.7.1.385 of the mentioned product. Security patches are available to
resolve these
vulnerabilities.
URL:www.ca.com/us/devcenter/ca-service-virtualization.aspx
URL:www.kb.cert.org/vuls/id/343060
30.
Vulnerabilities in IBM Products (1690559,
1692267)
[16/12/2014]
Vulnerabilities were identified in the IBM
Business Process Manager and IBM Cognos Business Intelligence Server. An
attacker could bypass security restrictions, obtain sensitive information,
execute arbitrary code, cause a denial of service condition and crash the
system. These vulnerabilities affect multiple versions of the mentioned
products. Security patches are available to resolve these
vulnerabilities.
URL:www-01.ibm.com/support/docview.wss?uid=swg21690559
URL:www-01.ibm.com/support/docview.wss?uid=swg21692267
URL:xforce.iss.net/xforce/xfdb/96915
URL:xforce.iss.net/xforce/xfdb/96909
31.
Vulnerabilities in EMC Documentum
Products (VU#315340)
[16/12/2014] Vulnerabilities were identified in the EMC Documentum Content
Server, D2, and Web Development Kit (WDK). An attacker could bypass security
restrictions, obtain sensitive information, gain elevated privileges, execute
arbitrary code, perform code injection attacks and compromise the system. These
vulnerabilities affect multiple versions of the mentioned products. Security
patches are available to resolve these
vulnerabilities.
URL:www.kb.cert.org/vuls/id/315340
32.
Vulnerability in Huawei Products
(Huawei-SA-20141215-01-POODLE)
[16/12/2014] Vulnerability was identified in multiple Huawei Products. An
attacker could bypass security restrictions and obtain sensitive information.
This vulnerability affects multiple versions of the mentioned products. Security
patches are available to resolve this
vulnerability.
URL:www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-405500.htm
33.
Security Updates in Gentoo Linux (GLSA
201412-30)
[16/12/2014]
Gentoo has released security update packages for
fixing the vulnerabilities identified in the varnish package for multiple
versions of Gentoo Linux. Due to multiple errors, an attacker could bypass
security restrictions, cause a denial of service condition and crash the
system.
URL:www.gentoo.org/security/en/glsa/glsa-201412-30.xml
34.
Security Updates in Mandriva
(MDVSA-2014:252, MDVSA-2014:253)
[16/12/2014] Mandriva
has released security update packages for fixing the vulnerabilities identified
in the nss and apache-mod_wsgi packages for version MBS1 of Mandriva GNU/Linux.
Due to multiple errors, an attacker could bypass security restrictions, obtain
sensitive information, gain elevated privileges and execute arbitrary
code.
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2014%3A252/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2014%3A253/
35.
Security Updates in SUSE
(openSUSE-SU-2014:1642-1, SUSE-SU-2014:1650-1)
[16/12/2014] SUSE has
released security update packages for fixing the vulnerabilities identified in
the Firebird server package of openSUSE 12.3, 13.1 and 13.2, and flash-player
package of SUSE Linux Enterprise 11. Due to multiple errors, an attacker could
bypass security restrictions, obtain sensitive information, execute arbitrary
code, cause a denial of service condition and crash the
application.
URL:lists.opensuse.org/opensuse-security-announce/2014-12/msg00017.html
URL:lists.opensuse.org/opensuse-security-announce/2014-12/msg00018.html
36.
Information Updates on Microsoft Security
Bulletin (MS14-075)
[15/12/2014] Microsoft
has updated information on the Security Bulletin for the Microsoft Exchange
Server. MS14-075 was rereleased to announce the reoffering of Microsoft security
update 2986475 for Microsoft Exchange Server 2010 Service Pack 3. The rereleased
update addressed a known issue in the original offering. Customers who
uninstalled the original update should install the updated version of 2986475 at
the earliest
opportunity.
URL:technet.microsoft.com/en-us/library/security/MS14-075
37.
Vulnerability in Cisco Prime Security
Manager
[15/12/2014]
Vulnerability was identified in the Cisco Prime
Security Manager (PRSM). An attacker could bypass security restrictions, execute
arbitrary code and perform cross-site scripting attacks. This vulnerability
affects multiple versions of the mentioned product. Security patches are
available to resolve this
vulnerability.
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3364
38.
Vulnerabilities in
Docker
[15/12/2014]
Vulnerabilities were identified in the Docker.
An attacker could bypass security restrictions, gain elevated privileges,
execute arbitrary code and compromise an affected system. These vulnerabilities
affect versions prior to 1.3.3 and 1.4.0 of the mentioned product. Security
patches are available to resolve these
vulnerabilities.
URL:www.us-cert.gov/ncas/current-activity/2014/12/12/Docker-Releases-Security-Updates
39.
Security Updates in Oracle Linux
(ELSA-2014-1984, ELSA-2014-1985)
[15/12/2014] Oracle has
released security update packages for fixing the vulnerabilities identified in
the bind and bind97 packages for Oracle Linux 5, 6 and 7. Due to multiple
errors, an attacker could bypass security restrictions, execute arbitrary code,
cause a denial of service condition and crash the
system.
URL:linux.oracle.com/errata/ELSA-2014-1984.html
URL:linux.oracle.com/errata/ELSA-2014-1985.html
40.
Security Updates in Debian (DSA-3099-1,
DSA-3100-1, DSA-3101-1, DSA-3102-1, DSA-3103-1)
[15/12/2014] Debian has released security update packages for fixing the
vulnerabilities identified in the dbus, mediawiki, c-icap, libyaml and
libyaml-libyaml-perl packages for multiple versions of Debian GNU/Linux. Due to
multiple errors, an attacker could bypass security restrictions, execute
arbitrary code, cause a denial of service condition and crash the
system.
URL:www.debian.org/security/2014/dsa-3099
URL:www.debian.org/security/2014/dsa-3100
URL:www.debian.org/security/2014/dsa-3101
URL:www.debian.org/security/2014/dsa-3102
URL:www.debian.org/security/2014/dsa-3103
41.
Security Updates in Gentoo Linux (GLSA
201412-12, GLSA 201412-13, GLSA 201412-14, GLSA 201412-15, GLSA 201412-16, GLSA
201412-17, GLSA 201412-18, GLSA 201412-19, GLSA 201412-20, GLSA 201412-21, GLSA
201412-22, GLSA 201412-23, GLSA 201412-24, GLSA 201412-25, GLSA 201412-26, GLSA
201412-27, GLSA 201412-28, GLSA 201412-29)
[15/12/2014] Gentoo has
released security update packages for fixing the vulnerabilities identified in
the dbus, chromium, xfig, mcollective, couchdb, ghostscript-gpl, freerdp, ppp,
gnustep-base, mod_wsgi, django, nagios-core, openjpeg, qtgui, strongswan, ruby,
rails and tomcat packages for multiple versions of Gentoo Linux. Due to multiple
errors, an attacker could bypass security restrictions, obtain sensitive
information, gain elevated privileges, execute arbitrary code, cause a denial of
service condition and compromise the
system.
URL:www.gentoo.org/security/en/glsa/glsa-201412-12.xml
URL:www.gentoo.org/security/en/glsa/glsa-201412-13.xml
URL:www.gentoo.org/security/en/glsa/glsa-201412-14.xml
URL:www.gentoo.org/security/en/glsa/glsa-201412-15.xml
URL:www.gentoo.org/security/en/glsa/glsa-201412-16.xml
URL:www.gentoo.org/security/en/glsa/glsa-201412-17.xml
URL:www.gentoo.org/security/en/glsa/glsa-201412-18.xml
URL:www.gentoo.org/security/en/glsa/glsa-201412-19.xml
URL:www.gentoo.org/security/en/glsa/glsa-201412-20.xml
URL:www.gentoo.org/security/en/glsa/glsa-201412-21.xml
URL:www.gentoo.org/security/en/glsa/glsa-201412-22.xml
URL:www.gentoo.org/security/en/glsa/glsa-201412-23.xml
URL:www.gentoo.org/security/en/glsa/glsa-201412-24.xml
URL:www.gentoo.org/security/en/glsa/glsa-201412-25.xml
URL:www.gentoo.org/security/en/glsa/glsa-201412-26.xml
URL:www.gentoo.org/security/en/glsa/glsa-201412-27.xml
URL:www.gentoo.org/security/en/glsa/glsa-201412-28.xml
URL:www.gentoo.org/security/en/glsa/glsa-201412-29.xml
42. Security Updates in Mageia (MGASA-2014-0525,
MGASA-2014-0526, MGASA-2014-0527, MGASA-2014-0528,
MGASA-2014-0529)
[15/12/2014] Mageia has
released security update packages for fixing the vulnerabilities identified in
the qemu, freetype2, apache, cpio and rpm packages for multiple versions of
Mageia. Due to multiple errors, an attacker could bypass security restrictions,
obtain sensitive information, gain elevated privileges, execute arbitrary code,
cause a denial of service condition and crash the
application.
URL:advisories.mageia.org/MGASA-2014-0525.html
URL:advisories.mageia.org/MGASA-2014-0526.html
URL:advisories.mageia.org/MGASA-2014-0527.html
URL:advisories.mageia.org/MGASA-2014-0528.html
URL:advisories.mageia.org/MGASA-2014-0529.html
43.
Security Updates in Mandriva
(MDVSA-2014:238, MDVSA-2014:239, MDVSA-2014:240, MDVSA-2014:241, MDVSA-2014:242,
MDVSA-2014:243, MDVSA-2014:244, MDVSA-2014:245, MDVSA-2014:246, MDVSA-2014:247,
MDVSA-2014:248, MDVSA-2014:249, MDVSA-2014:250,
MDVSA-2014:251)
[15/12/2014] Mandriva
has released security update packages for fixing the vulnerabilities identified
in the bind, flac, tcpdump, mediawiki, yaml, phpmyadmin, openafs, mutt, openvpn,
jasper, graphviz, qemu, cpio and rpm packages for version MBS1 of Mandriva
GNU/Linux. Due to multiple errors, an attacker could bypass security
restrictions, obtain sensitive information, gain elevated privileges, execute
arbitrary code, perform code injection attacks, cause a denial of service
condition and crash the
application.
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2014%3A238/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2014%3A239/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2014%3A240/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2014%3A241/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2014%3A242/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2014%3A243/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2014%3A244/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2014%3A245/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2014%3A246/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2014%3A247/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2014%3A248/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2014%3A249/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2014%3A250/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2014%3A251/
44.
Security Updates in SUSE
(SUSE-SU-2014:1624-1, openSUSE-SU-2014:1626-1,
openSUSE-SU-2014:1629-1)
[15/12/2014] SUSE has
released security update packages for fixing the vulnerabilities identified in
the Mozilla Firefox package of SUSE Linux Enterprise 10 and 11, and chromium and
flash-player packages of openSUSE 12.3, 13.1 and 13.2. Due to multiple errors,
an attacker could bypass security restrictions, obtain sensitive information,
execute arbitrary code, cause a denial of service condition and crash the
application.
URL:lists.opensuse.org/opensuse-security-announce/2014-12/msg00014.html
URL:lists.opensuse.org/opensuse-security-announce/2014-12/msg00015.html
URL:lists.opensuse.org/opensuse-security-announce/2014-12/msg00016.html
45.
Security Updates in Red Hat Enterprise
Linux (RHSA-2014:1984-1, RHSA-2014:1985-1)
[15/12/2014] Red Hat
has released security update packages for fixing the vulnerabilities identified
in the bind and bind97 packages for Red Hat Enterprise Linux 5, 6 and 7. Due to
multiple errors, an attacker could bypass security restrictions, cause a denial
of service condition and crash the
system.
URL:rhn.redhat.com/errata/RHSA-2014-1984.html
URL:rhn.redhat.com/errata/RHSA-2014-1985.html
46.
Security Updates in Ubuntu GNU/Linux
(USN-2441-1, USN-2442-1, USN-2443-1, USN-2444-1, USN-2445-1, USN-2446-1,
USN-2447-1, USN-2448-1)
[15/12/2014] Ubuntu has
released security update packages for fixing the vulnerabilities identified in
the linux, linux-ec2, linux-ti-omap4, linux-lts-trusty and linux-lts-utopic
packages for versions 10.04 LTS, 12.04 LTS, 14.04 LTS and 14.10 of Ubuntu
GNU/Linux. Due to multiple errors, an attacker could bypass security
restrictions, obtain sensitive information, gain elevated privileges, execute
arbitrary code, cause a denial of service condition and crash the
system.
URL:www.ubuntu.com/usn/usn-2441-1/
URL:www.ubuntu.com/usn/usn-2442-1/
URL:www.ubuntu.com/usn/usn-2443-1/
URL:www.ubuntu.com/usn/usn-2444-1/
URL:www.ubuntu.com/usn/usn-2445-1/
URL:www.ubuntu.com/usn/usn-2446-1/
URL:www.ubuntu.com/usn/usn-2447-1/
URL:www.ubuntu.com/usn/usn-2448-1/
No comments:
Post a Comment