Sunday, December 14, 2014

IT Security Alerts Weekly Digest (7 Dec ~ 13 Dec 2014)

Security Alerts
1. Vulnerabilities in Apple Safari (HT6596, HT6597)
[12/12/2014] Vulnerabilities were identified in the Apple Safari. An attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code and cause a denial of service condition. These vulnerabilities affect versions prior to 6.2.2, 7.1.2 and 8.0.2 of the mentioned product. Security patches are available to resolve these vulnerabilities.

URL:support.apple.com/en-us/HT6596
URL:support.apple.com/en-us/HT6597
2. Security Updates in Oracle Linux (ELSA-2014-1982, ELSA-2014-1983, ELSA-2014-3103, ELSA-2014-3104, ELSA-2014-3105)
[12/12/2014] Oracle has released security update packages for fixing the vulnerabilities identified in the xorg-x11-server and kernel packages for Oracle Linux 5, 6 and 7. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.

URL:linux.oracle.com/errata/ELSA-2014-3103.html
URL:linux.oracle.com/errata/ELSA-2014-3104.html
URL:linux.oracle.com/errata/ELSA-2014-3105.html
URL:linux.oracle.com/errata/ELSA-2014-1982.html
URL:linux.oracle.com/errata/ELSA-2014-1983.html
3. Security Updates in Debian (DSA-3096-1, DSA-3097-1, DSA-3098-1)
[12/12/2014] Debian has released security update packages for fixing the vulnerabilities identified in the pdns-recursor, unbound and graphviz packages for multiple versions of Debian GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, execute arbitrary code, cause a denial of service condition and crash the system.

URL:www.debian.org/security/2014/dsa-3096
URL:www.debian.org/security/2014/dsa-3097
URL:www.debian.org/security/2014/dsa-3098
4. Security Updates in Gentoo Linux (GLSA 201412-07, GLSA 201412-08, GLSA 201412-09, GLSA 201412-10,GLSA 201412-11)
[12/12/2014] Gentoo has released security update packages for fixing the vulnerabilities identified in the app-admin/syslog-ng, app-antivirus/bitdefender-console, app-arch/gzip, app-arch/ncompress, app-emulation/emul-linux-x86-baselibs, app-misc/beanstalkd, app-misc/ca-certificates, app-office/gnucash, app-text/dvipng, app-text/gv, dev-db/unixODBC, dev-lang/tk, dev-libs/liblzw, dev-libs/xmlsec, dev-perl/perl-tk, dev-php/PEAR-Mail, dev-php/PEAR-PEAR, dev-php/suhosin, dev-util/insight, dev-util/oprofile, dev-util/qt-creator, dev-util/sourcenav, dev-vcs/gitolite, games-sports/racer-bin, gnome-base/gdm, kde-base/kdm, kde-base/kget, media-gfx/splashutils, media-libs/fmod, media-libs/xine-lib, media-sound/lastfmplayer, media-tv/dvbstreamer, net-analyzer/lft, net-analyzer/sflowtool, net-ftp/lftp, net-im/gg-transport, net-libs/libsoup, net-libs/webkit-gtk, net-mail/mlmmj, net-misc/iputils, net-misc/mrouted, net-misc/rsync, net-misc/vino, sys-apps/acl, sys-apps/pmount, sys-apps/shadow, sys-auth/pam_krb5, sys-block/partimage, sys-cluster/ganglia, sys-cluster/resource-agents, sys-devel/m4, sys-fs/lvm2m, w-plugins/adobe-flash, www-apps/egroupware, www-client/uzbl, x11-apps/xinit, x11-apps/xrdb, x11-libs/gtk+, x11-libs/vte, x11-misc/slim and x11-misc/slock packages for multiple versions of Gentoo Linux. Due to multiple errors, an attacker could bypass security restrictions, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.

URL:www.gentoo.org/security/en/glsa/glsa-201412-07.xml
URL:www.gentoo.org/security/en/glsa/glsa-201412-08.xml
URL:www.gentoo.org/security/en/glsa/glsa-201412-09.xml
URL:www.gentoo.org/security/en/glsa/glsa-201412-10.xml
URL:www.gentoo.org/security/en/glsa/glsa-201412-11.xml
5. Security Updates in SUSE (SUSE-SU-2014:1619-1, openSUSE-SU-2014:1621-1, openSUSE-SU-2014:1622-1)
[12/12/2014] SUSE has released security update packages for fixing the vulnerabilities identified in the shim package of SUSE Linux Enterprise 11, and firebird, firebird-classic, firebird-classic-debuginfo, firebird-debuginfo, firebird-debugsource, firebird-devel, firebird-devel-debuginfo, firebird-doc, firebird-filesystem, firebird-superserver, firebird-superserver-debuginfo, libfbclient2, libfbclient2-debuginfo, libfbembed2, libfbembed2-debuginfo, flash-player, flash-player-gnome and flash-player-kde4 packages of openSUSE Evergreen 11.4. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and crash the application.

URL:lists.opensuse.org/opensuse-security-announce/2014-12/msg00011.html
URL:lists.opensuse.org/opensuse-security-announce/2014-12/msg00012.html
URL:lists.opensuse.org/opensuse-security-announce/2014-12/msg00013.html
6. Security Updates in Red Hat Enterprise Linux (RHSA-2014:1982-1, RHSA-2014:1983-1)
[12/12/2014] Red Hat has released security update packages for fixing the vulnerabilities identified in the xorg-x11-server package for Red Hat Enterprise Linux 5, 6 and 7. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.

URL:rhn.redhat.com/errata/RHSA-2014-1982.html
URL:rhn.redhat.com/errata/RHSA-2014-1983.html
7. Security Updates in Slackware (SSA:2014-344-01, SSA:2014-344-02, SSA:2014-344-03, SSA:2014-344-04, SSA:2014-344-05, SSA:2014-344-06, SSA:2014-344-07)
[12/12/2014] Slackware has released security update packages for fixing the vulnerabilities identified in the mozilla-firefox, openssh, wpa_supplicant, pidgin, seamonkey, bind and openvpn packages for multiple versions of Slackware Linux. Due to multiple errors, an attacker could bypass security restrictions, gain elevated privileges, obtain sensitive information, execute arbitrary code, cause a denial of service condition and crash the application.

URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2014&m=slackware-security.311336
URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2014&m=slackware-security.377012
URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2014&m=slackware-security.441238
URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2014&m=slackware-security.487293
URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2014&m=slackware-security.490951
URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2014&m=slackware-security.511270
URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2014&m=slackware-security.514137
8. Security Updates in Ubuntu GNU/Linux (USN-2439-1, USN-2440-1)
[12/12/2014] Ubuntu has released security update packages for fixing the vulnerabilities identified in the qemu, qemu-kvm and mutt packages for versions 10.04 LTS, 12.04 LTS, 14.04 LTS and 14.10 of Ubuntu GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the application.

URL:www.ubuntu.com/usn/usn-2439-1/
URL:www.ubuntu.com/usn/usn-2440-1/
9. Information Updates on Microsoft Security Bulletin (MS14-075)
[11/12/2014] Microsoft has updated information on the Security Bulletin for the Microsoft Exchange Server. MS14-075 was revised to remove Download Center link for Microsoft security update 2986475 for Microsoft Exchange Server 2010 Service Pack 3 to address a known issue with the update. Microsoft had removed update 2986475 and recommended that customers uninstalled update 2986475 if they had already installed it.

URL:technet.microsoft.com/library/security/MS14-075
10. Vulnerability in Juniper WLC Series devices (JSA10662)
[11/12/2014] Vulnerability was identified in the Juniper WLC Series devices. An attacker could bypass security restrictions, cause a denial of service condition and crash the system. This vulnerability affects multiple versions of the mentioned products. Security patches are available to resolve this vulnerability.

URL:kb.juniper.net/InfoCenter/index?page=content&id=JSA10662&cat=SIRT_1&actp=LIST
11. Vulnerability in VMware vCloud Automation Center (VMSA-2014-0013)
[11/12/2014] Vulnerability was identified in the VMware vCloud Automation Center. An attacker could bypass security restrictions, gain elevated privileges, execute arbitrary code and compromise an affected system. This vulnerability affects multiple versions of the mentioned product. Security patches are available to resolve this vulnerability.

URL:www.vmware.com/security/advisories/VMSA-2014-0013.html
URL:www.us-cert.gov/ncas/current-activity/2014/12/09/VMware-Releases-Updates-vCAC
12. Security Updates in Debian (DSA-3095-1)
[11/12/2014] Debian has released security update packages for fixing the vulnerabilities identified in the xorg-server package for multiple versions of Debian GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, gain elevated privileges, cause a denial of service condition and crash the system.

URL:www.debian.org/security/2014/dsa-3095
13. Security Updates in FreeBSD (FreeBSD-SA-14:27.stdio, FreeBSD-SA-14:28.file, FreeBSD-SA-14:29.bind)
[11/12/2014] FreeBSD has released security update packages for fixing the vulnerabilities identified in the libc, file and bind packages for multiple versions of FreeBSD. Due to multiple errors, an attacker could bypass security restrictions, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the system.

URL:www.freebsd.org/security/advisories/FreeBSD-SA-14:27.stdio.asc
URL:www.freebsd.org/security/advisories/FreeBSD-SA-14:28.file.asc
URL:www.freebsd.org/security/advisories/FreeBSD-SA-14:29.bind.asc
14. Security Updates in Gentoo Linux (GLSA 201412-06)
[11/12/2014] Gentoo has released security update packages for fixing the vulnerability identified in the libxml2 package for multiple versions of Gentoo Linux. An attacker could bypass security restrictions, cause a denial of service condition and crash the system.

URL:www.gentoo.org/security/en/glsa/glsa-201412-06.xml
15. Security Updates in Mageia (MGASA-2014-0522, MGASA-2014-0523, MGASA-2014-0524)
[11/12/2014] Mageia has released security update packages for fixing the vulnerabilities identified in the pdns-recursor, firebird and bind packages for multiple versions of Mageia. Due to multiple errors, an attacker could bypass security restrictions, cause a denial of service condition and crash the system.

URL:advisories.mageia.org/MGASA-2014-0522.html
URL:advisories.mageia.org/MGASA-2014-0523.html
URL:advisories.mageia.org/MGASA-2014-0524.html
16. Security Updates in Red Hat Enterprise Linux (RHSA-2014:1981-1)
[11/12/2014] Red Hat has released security update packages for fixing the vulnerabilities identified in the Adobe Flash Player package for Red Hat Enterprise Linux 5 and 6. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the system.

URL:rhn.redhat.com/errata/RHSA-2014-1981.html
17. Security Updates in Ubuntu GNU/Linux (USN-2436-2, USN-2438-1)
[11/12/2014] Ubuntu has released security update packages for fixing the vulnerabilities identified in the xorg-server, xorg-server-lts-trusty, nvidia-graphics-drivers-304, nvidia-graphics-drivers-304-updates, nvidia-graphics-drivers-331 and nvidia-graphics-drivers-331-updates packages for versions 12.04 LTS, 14.04 LTS and 14.10 of Ubuntu GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the application.

URL:www.ubuntu.com/usn/usn-2436-2/
URL:www.ubuntu.com/usn/usn-2438-1/
18. Vulnerabilities in Microsoft Products (3009712, 3008923, 3017301, 3017349, 3017347, 3016711, 3013126)
[10/12/2014] Vulnerabilities were identified in the Microsoft Exchange Server, Internet Explorer, Microsoft Word, Microsoft Office Web Apps, Microsoft Office, Microsoft Excel, Microsoft Windows Server, Microsoft SharePoint Server, Microsoft Windows and VBScript scripting engine in Microsoft Windows. An attacker could bypass security restrictions, gain elevated privileges, obtain sensitive information and execute arbitrary code. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.

URL:technet.microsoft.com/library/security/ms14-dec
URL:technet.microsoft.com/library/security/MS14-075
URL:technet.microsoft.com/library/security/ms14-080
URL:technet.microsoft.com/library/security/ms14-081
URL:technet.microsoft.com/library/security/ms14-082
URL:technet.microsoft.com/library/security/ms14-083
URL:technet.microsoft.com/library/security/ms14-084
URL:technet.microsoft.com/library/security/ms14-085
URL:www.hkcert.org/my_url/en/alert/14121001
URL:www.hkcert.org/my_url/en/alert/14121002
URL:www.hkcert.org/my_url/en/alert/14121003
URL:www.hkcert.org/my_url/en/alert/14121004
URL:www.hkcert.org/my_url/en/alert/14121005
URL:www.hkcert.org/my_url/en/alert/14121006
URL:www.hkcert.org/my_url/en/alert/14121007
URL:www.us-cert.gov/ncas/current-activity/2014/12/09/Microsoft-Releases-December-2014-Security-Bulletin
URL:xforce.iss.net/xforce/xfdb/98375
URL:xforce.iss.net/xforce/xfdb/98377
URL:xforce.iss.net/xforce/xfdb/98465
URL:xforce.iss.net/xforce/xfdb/98954
19. Information Updates on Microsoft Security Advisory (3009008)
[10/12/2014] Microsoft has updated information on the Advisory for the Microsoft Windows. KB3009008 announced the availability of SSL 3.0 fallback warnings in Internet Explorer 11.

URL:technet.microsoft.com/library/security/3009008.aspx
20. Vulnerabilities in Adobe Products (APSB14-27, APSB14-28, APSB14-29)
[10/12/2014] Vulnerabilities were identified in the Adobe Flash Player, Adobe Reader, Adobe Acrobat and ColdFusion. An attacker could bypass security restriction, execute arbitrary code and compromise a vulnerable system. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.

URL:helpx.adobe.com/security/products/flash-player/apsb14-27.html
URL:helpx.adobe.com/security/products/reader/apsb14-28.html
URL:helpx.adobe.com/security/products/coldfusion/apsb14-29.html
URL:technet.microsoft.com/library/security/2755801.aspx
URL:www.hkcert.org/my_url/en/alert/14121008
URL:www.hkcert.org/my_url/en/alert/14121009
URL:www.hkcert.org/my_url/en/alert/14121010
URL:www.us-cert.gov/ncas/current-activity/2014/12/09/Adobe-Releases-Security-Updates-Reader-and-Acrobat
21. Vulnerabilities in Apple iOS (HT6598)
[10/12/2014] Vulnerabilities were identified in the Apple iOS. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code and cause a denial of service condition. These vulnerabilities affect versions prior to 8.1.2 of the mentioned product. Security patches are available to resolve these vulnerabilities.

URL:support.apple.com/en-us/HT6598
22. Vulnerability in Cisco Unified Communications Domain Manager
[10/12/2014] Vulnerability was identified in the Cisco Unified Communications Domain Manager. An attacker could bypass security restrictions, gain elevated privileges and execute arbitrary code. This vulnerability affects multiple versions of the mentioned product. Security patches are available to resolve this vulnerability.

URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8010
23. Vulnerabilities in Google Chrome
[10/12/2014] Vulnerabilities were identified in the Google Chrome. An attacker could bypass security restrictions, gain elevated privileges, execute arbitrary code and compromise an affected system. These vulnerabilities affect versions prior to 39.0.2171.95 of the mentioned products. Security patches are available to resolve these vulnerabilities.

URL:googlechromereleases.blogspot.hk/2014/12/stable-channel-update.html
URL:www.hkcert.org/my_url/en/alert/14121011
24. Vulnerability in OpenSSL Transport Layer Security Implementations
[10/12/2014] Vulnerability was identified in the OpenSSL Transport Layer Security (TLS) Implementations. An attacker could bypass security restrictions and obtain sensitive information. This vulnerability affects multiple versions of the mentioned product.

URL:www.us-cert.gov/ncas/current-activity/2014/12/09/Certain-TLS-Implementations-Vulnerable-POODLE-Attacks
25. Security Updates in Oracle Linux (ELSA-2014-1971, ELSA-2014-1974, ELSA-2014-1976)
[10/12/2014] Oracle has released security update packages for fixing the vulnerabilities identified in the kernel and rpm packages for Oracle Linux 5, 6 and 7. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the system.

URL:linux.oracle.com/errata/ELSA-2014-1971.html
URL:linux.oracle.com/errata/ELSA-2014-1974.html
URL:linux.oracle.com/errata/ELSA-2014-1976.html
26. Security Updates in Debian (DSA-3094-1)
[10/12/2014] Debian has released security update packages for fixing the vulnerability identified in the bind9 package for multiple versions of Debian GNU/Linux. An attacker could bypass security restrictions, cause a denial of service condition and crash the system.

URL:www.debian.org/security/2014/dsa-3094
27. Security Updates in Gentoo Linux (GLSA 201412-05)
[10/12/2014] Gentoo has released security update packages for fixing the vulnerability identified in the clamav package for multiple versions of Gentoo Linux. An attacker could bypass security restrictions, cause a denial of service condition and crash the system.

URL:www.gentoo.org/security/en/glsa/glsa-201412-05.xml
28. Security Updates in Mageia (MGASA-2014-0515, MGASA-2014-0516, MGASA-2014-0517, MGASA-2014-0518, MGASA-2014-0519, MGASA-2014-0520, MGASA-2014-0521)
[10/12/2014] Mageia has released security update packages for fixing the vulnerabilities identified in the openafs, nodejs, util-linux, iceape, php-pear-HTML_AJAX, graphviz and flash-player-plugin packages for multiple versions of Mageia. Due to multiple errors, an attacker could bypass security restrictions, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the system.

URL:advisories.mageia.org/MGASA-2014-0515.html
URL:advisories.mageia.org/MGASA-2014-0516.html
URL:advisories.mageia.org/MGASA-2014-0517.html
URL:advisories.mageia.org/MGASA-2014-0518.html
URL:advisories.mageia.org/MGASA-2014-0519.html
URL:advisories.mageia.org/MGASA-2014-0520.html
URL:advisories.mageia.org/MGASA-2014-0521.html
29. Security Updates in Red Hat Enterprise Linux (RHSA-2014:1971-1, RHSA-2014:1972-1, RHSA-2014:1974-1, RHSA-2014:1975-1, RHSA-2014:1976-1)
[10/12/2014] Red Hat has released security update packages for fixing the vulnerabilities identified in the kernel and rpm packages for Red Hat Enterprise Linux 5, 6 and 7, and httpd24-httpd package for Red Hat Software Collections 1. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the system.

URL:rhn.redhat.com/errata/RHSA-2014-1971.html
URL:rhn.redhat.com/errata/RHSA-2014-1972.html
URL:rhn.redhat.com/errata/RHSA-2014-1974.html
URL:rhn.redhat.com/errata/RHSA-2014-1975.html
URL:rhn.redhat.com/errata/RHSA-2014-1976.html
30. Security Updates in Ubuntu GNU/Linux (USN-2435-1, USN-2436-1, USN-2437-1)
[10/12/2014] Ubuntu has released security update packages for fixing the vulnerabilities identified in the graphviz, xorg-server, xorg-server-lts-trusty and bind9 packages for versions 10.04 LTS, 12.04 LTS, 14.04 LTS and 14.10 of Ubuntu GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the application.

URL:www.ubuntu.com/usn/usn-2435-1/
URL:www.ubuntu.com/usn/usn-2436-1/
URL:www.ubuntu.com/usn/usn-2437-1/
31. Vulnerability in Microsoft Internet Explorer
[09/12/2014] Vulnerability was identified in the Microsoft Internet Explorer. An attacker could bypass security restrictions, execute arbitrary code and compromise a user's system. This vulnerability affects version 9 of the mentioned product.

URL:www.hkcert.org/my_url/en/alert/14120901
32. Vulnerabilities in ISC BIND (AA-01216, AA-01217)
[09/12/2014] Vulnerabilities were identified in the ISC BIND 9. An attacker could bypass security restrictions, cause a denial of service condition and crash the system. These vulnerabilities affect multiple versions of the mentioned product. Security patches are available to resolve these vulnerabilities.

URL:kb.isc.org/article/AA-01216
URL:kb.isc.org/article/AA-01217
URL:www.hkcert.org/my_url/en/alert/14120902
URL:www.us-cert.gov/ncas/current-activity/2014/12/08/ISC-Releases-Security-Updates-BIND
URL:xforce.iss.net/xforce/xfdb/99187
33. Vulnerabilities in IBM WebSphere Application Server (1690185)
[09/12/2014] Vulnerabilities were identified in the IBM WebSphere Application Server. An attacker could bypass security restrictions and obtain sensitive information. These vulnerabilities affect multiple versions of the mentioned product. Security patches are available to resolve these vulnerabilities.

URL:www-01.ibm.com/support/docview.wss?uid=swg21690185
34. Vulnerabilities in MediaWiki (99151, 99152)
[09/12/2014] Vulnerabilities were identified in the MediaWiki. An attacker could bypass security restrictions, execute arbitrary code, perform cross-site scripting attacks, cause a denial of service condition and crash the application. These vulnerabilities affect versions prior to 1.23.7 of the mentioned product. Security patches are available to resolve these vulnerabilities.

URL:xforce.iss.net/xforce/xfdb/99151
URL:xforce.iss.net/xforce/xfdb/99152
35. Vulnerability in OpenEMR (99153)
[09/12/2014] Vulnerability was identified in the OpenEMR. An attacker could bypass security restrictions, execute arbitrary code and perform code injection attacks. This vulnerability affects version 4.1.2 of the mentioned product.

URL:xforce.iss.net/xforce/xfdb/99153
36. Vulnerabilities in multiple plugins for WordPress (99157, 99158)
[09/12/2014] Vulnerabilities were identified in the Shariff and WP Statistics plugins for WordPress. An attacker could bypass security restrictions, execute arbitrary code and perform cross-site scripting attacks. These vulnerabilities affect multiple versions of the mentioned product. Security patches are available to resolve these vulnerabilities.

URL:xforce.iss.net/xforce/xfdb/99157
URL:xforce.iss.net/xforce/xfdb/99158
37. Security Updates in Debian (DSA-3091-1, DSA-3092-1, DSA-3093-1)
[09/12/2014] Debian has released security update packages for fixing the vulnerabilities identified in the getmail4, icedove and linux packages for multiple versions of Debian GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, gain elevated privileges, obtain sensitive information, execute arbitrary code, cause a denial of service condition and crash the system.

URL:www.debian.org/security/2014/dsa-3091
URL:www.debian.org/security/2014/dsa-3092
URL:www.debian.org/security/2014/dsa-3093
38. Security Updates in Gentoo Linux (GLSA 201412-01, GLSA 201412-02, GLSA 201412-03, GLSA 201412-04)
[09/12/2014] Gentoo has released security update packages for fixing the vulnerabilities identified in the qemu, nfs-utils, dovecot and libvirt packages for multiple versions of Gentoo Linux. Due to multiple errors, an attacker could bypass security restrictions, gain elevated privileges, obtain sensitive information, execute arbitrary code, cause a denial of service condition and crash the system.

URL:www.gentoo.org/security/en/glsa/glsa-201412-01.xml
URL:www.gentoo.org/security/en/glsa/glsa-201412-02.xml
URL:www.gentoo.org/security/en/glsa/glsa-201412-03.xml
URL:www.gentoo.org/security/en/glsa/glsa-201412-04.xml
39. Security Updates in SUSE (openSUSE-SU-2014:1594-1, openSUSE-SU-2014:1596-1, SUSE-SU-2014:1605-1)
[09/12/2014] SUSE has released security update packages for fixing the vulnerabilities identified in the openvpn and docker packages of openSUSE 12.3, 13.1 and 13.2, and openvpn package of SUSE Linux Enterprise 11. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the application.

URL:lists.opensuse.org/opensuse-security-announce/2014-12/msg00008.html
URL:lists.opensuse.org/opensuse-security-announce/2014-12/msg00009.html
URL:lists.opensuse.org/opensuse-security-announce/2014-12/msg00010.html
40. Security Updates in Ubuntu GNU/Linux (USN-2434-1, USN-2434-2)
[09/12/2014] Ubuntu has released security update packages for fixing the vulnerabilities identified in the jasper and ghostscript packages for versions 10.04 LTS, 12.04 LTS, 14.04 LTS and 14.10 of Ubuntu GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the application.

URL:www.ubuntu.com/usn/usn-2434-1/
URL:www.ubuntu.com/usn/usn-2434-2/
41. Vulnerability in Microsoft Windows
[08/12/2014] Vulnerability was identified in the Microsoft Windows. An attacker could bypass security restrictions, cause a denial of service condition and crash the system. This vulnerability affects a fully patched Windows 8.1 (win32k.sys version 6.3.9600.17393) and possibly other versions of the mentioned product.

URL:www.hkcert.org/my_url/en/alert/14120502
42. Vulnerabilities in VMware vSphere products (VMSA-2014-0012)
[08/12/2014] Vulnerabilities were identified in the VMware vCenter Server Appliance, VMware vCenter Server and VMware ESXi. An attacker could bypass security restrictions, execute arbitrary code, perform cross-site scripting attacks, cause a denial of service condition and crash the system. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.

URL:www.vmware.com/security/advisories/VMSA-2014-0012.html
URL:www.hkcert.org/my_url/en/alert/14120801
URL:www.us-cert.gov/ncas/current-activity/2014/12/05/VMware-Releases-Security-Updates-vCenter-Server-vCenter-Server
43. Vulnerability in KENT-WEB Clip Board (99141)
[08/12/2014] Vulnerability was identified in the KENT-WEB Clip Board. An attacker could bypass security restrictions, execute arbitrary code and perform cross-site scripting attacks. This vulnerability affects versions prior to 3.0 of the mentioned product. Security patches are available to resolve this vulnerability.

URL:xforce.iss.net/xforce/xfdb/99141
44. Vulnerabilities in phpMyAdmin (PMASA-2014-17, PMASA-2014-18)
[08/12/2014] Vulnerabilities were identified in the phpMyAdmin. An attacker could bypass security restrictions, execute arbitrary code, perform cross-site scripting attacks, cause a denial of service condition and crash the application. These vulnerabilities affect multiple versions of the mentioned product. Security patches are available to resolve these vulnerabilities.

URL:www.phpmyadmin.net/home_page/security/PMASA-2014-17.php
URL:www.phpmyadmin.net/home_page/security/PMASA-2014-18.php
URL:www.hkcert.org/my_url/en/alert/14120501
45. Vulnerabilities in Zenoss Core (VU#449452)
[08/12/2014] Vulnerabilities were identified in the Zenoss Core. An attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, perform cross-site scripting and cross-site request forgery attacks, cause a denial of service condition and crash the system. These vulnerabilities affect versions prior to 4.2.5 of the mentioned product. Security patches are available to resolve these vulnerabilities.

URL:www.kb.cert.org/vuls/id/449452
46. Security Updates in Oracle Linux (ELSA-2014-1959, ELSA-2014-1959-1)
[08/12/2014] Oracle has released security update packages for fixing the vulnerabilities identified in the kernel package for Oracle Linux 5. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the system.

URL:linux.oracle.com/errata/ELSA-2014-1959.html
URL:linux.oracle.com/errata/ELSA-2014-1959-1.html
47. Security Updates in Mageia (MGASA-2014-0508, MGASA-2014-0509, MGASA-2014-0510, MGASA-2014-0511, MGASA-2014-0512, MGASA-2014-0513, MGASA-2014-0514)
[08/12/2014] Mageia has released security update packages for fixing the vulnerabilities identified in the yaml, perl-YAML-LibYAML, mutt, phpmyadmin, tcpdump, openvpn, apache-mod_wsgi and jasper packages for multiple versions of Mageia. Due to multiple errors, an attacker could bypass security restrictions, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the system.

URL:advisories.mageia.org/MGASA-2014-0508.html
URL:advisories.mageia.org/MGASA-2014-0509.html
URL:advisories.mageia.org/MGASA-2014-0510.html
URL:advisories.mageia.org/MGASA-2014-0511.html
URL:advisories.mageia.org/MGASA-2014-0512.html
URL:advisories.mageia.org/MGASA-2014-0513.html
URL:advisories.mageia.org/MGASA-2014-0514.html
48. Security Updates in SUSE (openSUSE-SU-2014:1560-1, openSUSE-SU-2014:1562-1, SUSE-SU-2014:1571-1, SUSE-SU-2014:1574-1)
[08/12/2014] SUSE has released security update packages for fixing the vulnerabilities identified in the clamav and flash-player packages of openSUSE 12.3, 13.1 and 13.2, and clamav package of SUSE Linux Enterprise 10 and 11. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and crash the application.

URL:lists.opensuse.org/opensuse-security-announce/2014-12/msg00003.html
URL:lists.opensuse.org/opensuse-security-announce/2014-12/msg00004.html
URL:lists.opensuse.org/opensuse-security-announce/2014-12/msg00006.html
URL:lists.opensuse.org/opensuse-security-announce/2014-12/msg00007.html
Source(s) of above information:AdobeApple
CiscoDebianFreebsdGentooGoogle Chrome Releases
IBM
ISCJuniperMageiaMicrosoftopenSUSEOraclephpMyAdminRed HatSlackwareUbuntuUS-CERTVMware
Posted by at
Labels: , , , , , , , , , , , , , , , , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)