1. Vulnerability
in Adobe Flash Player (APSB15-02)
[23/01/2015] Vulnerability was identified in the Adobe Flash Player. An
attacker could bypass security restrictions and obtain sensitive information,
execute arbitrary code and compromise the system. This vulnerability affects
multiple versions of the mentioned product. Security patches are available to
resolve this
vulnerability.
URL:helpx.adobe.com/security/products/flash-player/apsb15-02.html
URL:technet.microsoft.com/en-us/library/security/2755801
URL:www.hkcert.org/my_url/en/alert/15012301
URL:www.us-cert.gov/ncas/current-activity/2015/01/22/Adobe-Releases-Security-Updates-Flash-Player
2. Vulnerability in Apple Mac OS X
(100219)
[23/01/2015]
Vulnerability was identified in the Apple Mac OS
X. An attacker could bypass security restrictions, cause a denial of service
condition and crash the system. This vulnerability affects version 10.10 of the
mentioned
product.
URL:xforce.iss.net/xforce/xfdb/100219
3. Vulnerabilities in F5 Products (SOL16010, SOL16011,
SOL16016)
[23/01/2015]
Vulnerabilities were identified in the F5 BIG-IP
LTM, BIG-IP AAM, BIG-IP AFM, BIG-IP Analytics, BIG-IP APM, BIG-IP ASM, BIG-IP
Edge Gateway, BIG-IP GTM, BIG-IP Link Controller, BIG-IP PEM, BIG-IP PSM, BIG-IP
WebAccelerator, BIG-IP WOM, Enterprise Manager, BIG-IQ Cloud, BIG-IQ Device and
BIG-IQ Security. An attacker could bypass security restrictions, execute
arbitrary code, cause a denial of service condition and crash the system. These
vulnerabilities affect multiple versions of the mentioned products. Security
patches are available to resolve these
vulnerabilities.
URL:support.f5.com/kb/en-us/solutions/public/16000/000/sol16010.html
URL:support.f5.com/kb/en-us/solutions/public/16000/000/sol16011.html
URL:support.f5.com/kb/en-us/solutions/public/16000/000/sol16016.html
4. Vulnerabilities in Drupal (SA-CONTRIB-2015-023,
SA-CONTRIB-2015-024, SA-CONTRIB-2015-026, SA-CONTRIB-2015-028,
SA-CONTRIB-2015-029)
[23/01/2015] Vulnerabilities were identified in the Alfresco, Classified
Ads, Taxonews, Shibboleth authentication and Corner modules for Drupal. An
attacker could bypass security restrictions, obtain sensitive information,
execute arbitrary code, perform cross-site scripting and cross-site request
forgery attacks. These vulnerabilities affect multiple versions of the mentioned
product. Security patches are available to resolve these
vulnerabilities.
URL:www.drupal.org/node/2411523
URL:www.drupal.org/node/2411527
URL:www.drupal.org/node/2411573
URL:www.drupal.org/node/2411737
URL:www.drupal.org/node/2411741
URL:xforce.iss.net/xforce/xfdb/100192
URL:xforce.iss.net/xforce/xfdb/100193
URL:xforce.iss.net/xforce/xfdb/100194
URL:xforce.iss.net/xforce/xfdb/100195
URL:xforce.iss.net/xforce/xfdb/100196
5. Vulnerabilities in JasPer (100199,
100202)
[23/01/2015]
Vulnerabilities were identified in the JasPer.
An attacker could bypass security restrictions, execute arbitrary code, cause a
denial of service condition and crash the system. These vulnerabilities affect
version 1.900.1 of the mentioned
product.
URL:xforce.iss.net/xforce/xfdb/100199
URL:xforce.iss.net/xforce/xfdb/100202
6. Security Updates in Oracle Linux
(ELSA-2015-0074)
[23/01/2015] Oracle has
released security update packages for fixing the vulnerabilities identified in
the jasper package for Oracle Linux 6 and 7. Due to multiple errors, an attacker
could bypass security restrictions, execute arbitrary code, cause a denial of
service condition and crash the
system.
URL:linux.oracle.com/errata/ELSA-2015-0074.html
7. Security Updates in SUSE (SUSE-SU-2015:0107-1,
openSUSE-SU-2015:0110-1)
[23/01/2015] SUSE has
released security update packages for fixing the vulnerabilities identified in
the rpm package of SUSE Linux Enterprise 12, and flash-player package of
openSUSE 13.1 and 13.2. Due to multiple errors, an attacker could bypass
security restriction, obtain sensitive information, gain elevated privileges,
execute arbitrary code, cause a denial of service condition and crash the
system.
URL:lists.opensuse.org/opensuse-security-announce/2015-01/msg00018.html
URL:lists.opensuse.org/opensuse-security-announce/2015-01/msg00019.html
8. Security Updates in Red Hat Enterprise Linux
(RHSA-2015:0074-1)
[23/01/2015] Red Hat
has released security update packages for fixing the vulnerabilities identified
in the jasper packages for Red Hat Enterprise Linux 6 and 7. Due to multiple
errors, an attacker could bypass security restrictions, execute arbitrary code,
cause a denial of service condition and crash the
system.
URL:rhn.redhat.com/errata/RHSA-2015-0074.html
9. Security Updates in Ubuntu GNU/Linux (USN-2480-1,
USN-2481-1, USN-2482-1)
[23/01/2015] Ubuntu has
released security update packages for fixing the vulnerabilities identified in
the mysql-5.5, samba and elfutils packages for versions 10.04 LTS, 12.04 LTS,
14.04 LTS and 14.10 of Ubuntu GNU/Linux. Due to multiple errors, an attacker
could bypass security restrictions, obtain sensitive information, gain elevated
privileges, execute arbitrary code, cause a denial of service condition and
compromise the
system.
URL:www.ubuntu.com/usn/usn-2480-1/
URL:www.ubuntu.com/usn/usn-2481-1/
URL:www.ubuntu.com/usn/usn-2482-1/
10.
Vulnerability in Cisco Unified
Communications Manager
[22/01/2015] Vulnerability was identified in the Cisco Unified
Communications Manager. An attacker could bypass security restrictions and
obtain sensitive information. This vulnerability affects multiple firmware
versions of the mentioned product. Security patches are available to resolve
this
vulnerability.
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8008
11.
Vulnerabilities in Novell iPrint
Appliance (5199190, 5199210)
[22/01/2015] Vulnerabilities were identified in the Novell iPrint
Appliance. An attacker could bypass security restrictions, obtain sensitive
information, execute arbitrary code, perform man-in-the-middle attacks, cause a
denial of service condition and crash the system. These vulnerabilities affect
versions 1.0.1 and 1.1 of the mentioned product. Security patches are available
to resolve these
vulnerabilities.
URL:download.novell.com/Download?buildid=rv6WEcwgx_4~
URL:download.novell.com/Download?buildid=4P9rh2AOw0M~
12.
Vulnerabilities in Huawei Quidway
switches (Huawei-SA-20150121-01-Quidway Switches)
[22/01/2015] Vulnerabilities were identified in multiple Huawei Quidway
switches. An attacker could bypass security restrictions, obtain sensitive
information and gain escalated privileges. These vulnerabilities affect multiple
firmware versions of the mentioned products. Security patches are available to
resolve these
vulnerabilities.
URL:www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-411975.htm
13.
Vulnerability in iPass Open Mobile
Windows Client (VU#110652)
[22/01/2015] Vulnerability was identified in the iPass Open Mobile Windows
Client. An attacker could bypass security restrictions, gain elevated privileges
and execute arbitrary code. This vulnerability affects versions prior to 2.4.5
of the mentioned product. Security patches are available to resolve this
vulnerability.
URL:www.kb.cert.org/vuls/id/110652
14.
Vulnerability in pigz
(100017)
[22/01/2015]
Vulnerability was identified in the pigz. An
attacker could bypass security restrictions and obtain sensitive information.
This vulnerability affects version 2.3.1-1 of the mentioned product. Security
patches are available to resolve this
vulnerability.
URL:xforce.iss.net/xforce/xfdb/100017
15.
Vulnerability in PrestaShop
(100013)
[22/01/2015]
Vulnerability was identified in the PrestaShop.
An attacker could bypass security restrictions, execute arbitrary code and
perform cross-site scripting attacks. This vulnerability affects versions prior
to 1.6.0.11 of the mentioned product. Security patches are available to resolve
this
vulnerability.
URL:xforce.iss.net/xforce/xfdb/100013
16.
Vulnerabilities in Pixabay Images plugin
for WordPress (100036, 100037, 100038)
[22/01/2015] Vulnerabilities were identified in the Pixabay Images plugin
for WordPress. An attacker could bypass security restrictions, obtain sensitive
information, execute arbitrary code, cause a denial of service condition and
crash the system. These vulnerabilities affect versions prior to 2.4 of the
mentioned product. Security patches are available to resolve these
vulnerabilities.
URL:xforce.iss.net/xforce/xfdb/100036
URL:xforce.iss.net/xforce/xfdb/100037
URL:xforce.iss.net/xforce/xfdb/100038
17.
Vulnerability in SIMEditor
(100011)
[22/01/2015]
Vulnerability was identified in the SIMEditor.
An attacker could bypass security restrictions, cause a denial of service
condition and crash the system. This vulnerability affects version 6.6 of the
mentioned
product.
URL:xforce.iss.net/xforce/xfdb/100011
18.
Security Updates in Oracle Products
(ELSA-2015-0067, ELSA-2015-0068, ELSA-2015-0069)
[22/01/2015] Oracle has released security update packages for fixing the
vulnerabilities identified in the java-1.7.0-openjdk and java-1.8.0-openjdk
packages for Oracle Linux 5, 6 and 7. Due to multiple errors, an attacker could
bypass security restrictions, obtain sensitive information, execute arbitrary
code, perform man-in-the-middle attacks, cause a denial of service condition and
crash the
system.
URL:linux.oracle.com/errata/ELSA-2015-0067.html
URL:linux.oracle.com/errata/ELSA-2015-0068.html
URL:linux.oracle.com/errata/ELSA-2015-0069.html
19.
Security Updates in Mageia
(MGASA-2015-0034)
[22/01/2015] Mageia has
released security update packages for fixing the vulnerability identified in the
freeciv package for multiple versions of Mageia. An attacker could bypass
security restrictions, execute arbitrary code, cause a denial of service
condition and crash the
system.
URL:advisories.mageia.org/MGASA-2015-0034.html
20.
Security Updates in Slackware
(SSA:2015-020-01)
[22/01/2015] Slackware
has released security update packages for fixing the vulnerability identified in
the samba package for multiple versions of Slackware Linux. An attacker could
bypass security restrictions and gain elevated
privileges.
URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.416326
21.
Security Updates in SUSE
(SUSE-SU-2015:0096-1)
[22/01/2015] SUSE has
released security update packages for fixing the vulnerability identified in the
bind package of SUSE Linux Enterprise 12. An attacker could bypass security
restriction and cause a denial of service
condition.
URL:lists.opensuse.org/opensuse-security-announce/2015-01/msg00017.html
22.
Security Updates in Red Hat Enterprise
Linux (RHSA-2015:0069-1)
[22/01/2015] Red Hat
has released security update packages for fixing the vulnerabilities identified
in the java-1.8.0-openjdk packages for Red Hat Enterprise Linux 6. Due to
multiple errors, an attacker could bypass security restrictions, obtain
sensitive information, execute arbitrary code, perform man-in-the-middle
attacks, cause a denial of service condition and crash the
system.
URL:rhn.redhat.com/errata/RHSA-2015-0069.html
23.
Vulnerability in Apache Santuario XML
Security for Java
[21/01/2015] Vulnerability was identified in the Apache Santuario XML
Security for Java. An attacker could bypass security restrictions and execute
arbitrary code. This vulnerability affects versions prior to 2.0.3 for 2.0.x of
the mentioned product. Security patches are available to resolve this
vulnerability.
URL:santuario.apache.org/secadv.data/CVE-2014-8152.txt.asc
URL:xforce.iss.net/xforce/xfdb/99993
24.
Security Updates in Oracle
Products
[21/01/2015]
Oracle has released security update packages for
fixing the vulnerabilities identified in the Oracle Database Server, Oracle
Fusion Applications and Middleware, Oracle Enterprise Manager Grid Control,
Oracle E-Business Suite, Oracle Supply Chain Products Suite, Oracle PeopleSoft
Products, Oracle JD Edwards Products, Oracle Siebel CRM, Oracle iLearning,
Oracle Communications Applications, Oracle Retail Applications, Oracle Health
Sciences Applications, Oracle Java SE, Oracle and Sun Systems Products, Oracle
Linux and Virtualization, Oracle MySQL, NTP V3 and V4 packages for Solaris 10,
11.1 and 11.2, and openssl package for Oracle Linux 6 and 7. Due to multiple
errors, an attacker could bypass security restrictions, obtain sensitive
information, gain elevated privileges, execute arbitrary code, cause a denial of
service condition and compromise the system. Security patches are available to
resolve these
vulnerabilities.
URL:www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
URL:blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_ntp
URL:linux.oracle.com/errata/ELSA-2015-0066.html
URL:www.us-cert.gov/ncas/current-activity/2015/01/20/Oracle-Releases-January-2015-Security-Advisory
25.
Vulnerability in HP Insight Control
server deployment (c04537915)
[21/01/2015] Vulnerability was identified in the HP Insight Control server
deployment. An attacker could bypass security restrictions, obtain sensitive
information, execute arbitrary code and perform cross-site scripting attacks.
This vulnerability affects all versions of the mentioned product. Security
patches are available to resolve this
vulnerability.
URL:h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04537915
URL:xforce.iss.net/xforce/xfdb/99997
26.
Vulnerability in iFileExplorer for iOS
(99991)
[21/01/2015]
Vulnerability was identified in the
iFileExplorer for iOS. An attacker could bypass security restrictions, obtain
sensitive information and execute arbitrary code. This vulnerability affects
version 6.51 of the mentioned
product.
URL:xforce.iss.net/xforce/xfdb/99991
27.
Security Updates in Debian (DSA-3133-1,
DSA-3134-1)
[21/01/2015] Debian has
released security update packages for fixing the vulnerabilities identified in
the privoxy and sympa packages for multiple versions of Debian GNU/Linux. Due to
multiple errors, an attacker could bypass security restrictions and obtain
sensitive
information.
URL:www.debian.org/security/2015/dsa-3133
URL:www.debian.org/security/2015/dsa-3134
28.
Security Updates in Mageia
(MGASA-2015-0031, MGASA-2015-0032, MGASA-2015-0033)
[21/01/2015] Mageia has released security update packages for fixing the
vulnerabilities identified in the otrs, moodle and elfutils packages for
multiple versions of Mageia. Due to multiple errors, an attacker could bypass
security restrictions, obtain sensitive information, gain elevated privileges,
execute arbitrary code, perform cross-site scripting and cross-site request
forgery attacks, cause a denial of service condition and crash the
system.
URL:advisories.mageia.org/MGASA-2015-0031.html
URL:advisories.mageia.org/MGASA-2015-0032.html
URL:advisories.mageia.org/MGASA-2015-0033.html
29.
Security Updates in SUSE
(SUSE-SU-2015:0092-1)
[21/01/2015] SUSE has
released security update packages for fixing the vulnerabilities identified in
the libpng16 package of SUSE Linux Enterprise 12. Due to multiple errors, an
attacker could bypass security restriction and execute arbitrary
code.
URL:lists.opensuse.org/opensuse-security-announce/2015-01/msg00016.html
30.
Security Updates in Red Hat Enterprise
Linux (RHSA-2015:0062-1, RHSA-2015:0066-1, RHSA-2015:0067-1,
RHSA-2015:0068-1)
[21/01/2015] Red Hat
has released security update packages for fixing the vulnerabilities identified
in the kernel, openssl and java-1.7.0-openjdk packages for Red Hat Enterprise
Linux 5, 6, 7 and 6.5 Extended Update Support. Due to multiple errors, an
attacker could bypass security restrictions, obtain sensitive information, gain
elevated privileges, execute arbitrary code, perform man-in-the-middle attacks
and compromise the
system.
URL:rhn.redhat.com/errata/RHSA-2015-0062.html
URL:rhn.redhat.com/errata/RHSA-2015-0066.html
URL:rhn.redhat.com/errata/RHSA-2015-0067.html
URL:rhn.redhat.com/errata/RHSA-2015-0068.html
31.
Vulnerability in IBM HTTP Server
(1694143)
[20/01/2015]
Vulnerability was identified in the IBM HTTP
Server. An attacker could bypass security restrictions, obtain sensitive
information, execute arbitrary code and perform man-in-the-middle attacks. This
vulnerability affects version 8.5 of the mentioned product. Security patches are
available to resolve this
vulnerability.
URL:www.ibm.com/support/docview.wss?uid=swg21694143
32.
Vulnerabilities in Symantec Products
(SYM15-001)
[20/01/2015] Vulnerabilities were identified in the Symantec Critical
System Protection Server and Agents, and Symantec Data Center Security: Server
Advanced Server and Agents. An attacker could bypass security restrictions, gain
elevated privileges and execute arbitrary code. These vulnerabilities affect
multiple versions of the mentioned products. Security patches are available to
resolve these
vulnerabilities.
URL:www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150119_00
33.
Vulnerabilities in
Moodle
[20/01/2015]
Vulnerabilities were identified in the Moodle.
An attacker could bypass security restrictions, execute arbitrary code, perform
cross-site request forgery and code injection attacks, cause a denial of service
condition and crash the system. These vulnerabilities affect versions prior to
2.8.2 of the mentioned product. Security patches are available to resolve these
vulnerabilities.
URL:www.hkcert.org/my_url/en/alert/15012001
34.
Security Updates in Debian (DSA-3131-1,
DSA-3132-1)
[20/01/2015] Debian has
released security update packages for fixing the vulnerabilities identified in
the xdg-utils and icedove packages for multiple versions of Debian GNU/Linux.
Due to multiple errors, an attacker could bypass security restrictions, execute
arbitrary code, obtain sensitive information, cause a denial of service
condition and crash the
system.
URL:www.debian.org/security/2015/dsa-3131
URL:www.debian.org/security/2015/dsa-3132
35.
Security Updates in Mageia
(MGASA-2015-0027, MGASA-2015-0028, MGASA-2015-0029,
MGASA-2015-0030)
[20/01/2015] Mageia has
released security update packages for fixing the vulnerabilities identified in
the binutils, iceape, coreutils and file packages for multiple versions of
Mageia. Due to multiple errors, an attacker could bypass security restrictions,
obtain sensitive information, gain elevated privileges, execute arbitrary code,
perform cross-site request forgery and session fixation attacks, cause a denial
of service condition and compromise the
system.
URL:advisories.mageia.org/MGASA-2015-0027.html
URL:advisories.mageia.org/MGASA-2015-0028.html
URL:advisories.mageia.org/MGASA-2015-0029.html
URL:advisories.mageia.org/MGASA-2015-0030.html
36.
Security Updates in SUSE
(SUSE-SU-2015:0076-1, openSUSE-SU-2015:0077-1,
openSUSE-SU-2015:0077-2)
[20/01/2015] SUSE has
released security update packages for fixing the vulnerabilities identified in
the MozillaFirefox package of SUSE Linux Enterprise 12, openSUSE 13.1 and 13.2.
Due to multiple errors, an attacker could bypass security restriction, execute
arbitrary code, perform spoofing and cross-site request forgery attack, gain
elevated privilege and crash the
application.
URL:lists.opensuse.org/opensuse-security-announce/2015-01/msg00013.html
URL:lists.opensuse.org/opensuse-security-announce/2015-01/msg00014.html
URL:lists.opensuse.org/opensuse-security-announce/2015-01/msg00015.html
37.
Security Updates in Ubuntu GNU/Linux
(USN-2460-1, USN-2477-1, USN-2478-1, USN-2479-1)
[20/01/2015] Ubuntu has released security update packages for fixing the
vulnerabilities identified in the thunderbird, libevent, libssh and rpm packages
for versions 10.04 LTS, 12.04 LTS, 14.04 LTS and 14.10 of Ubuntu GNU/Linux. Due
to multiple errors, an attacker could bypass security restrictions, execute
arbitrary code, perform cross-site request forgery and session-fixation attacks,
cause a denial of service condition and crash the
system.
URL:www.ubuntu.com/usn/usn-2460-1/
URL:www.ubuntu.com/usn/usn-2477-1/
URL:www.ubuntu.com/usn/usn-2478-1/
URL:www.ubuntu.com/usn/usn-2479-1/
38.
Vulnerability in Novell Sentinel
(5198710)
[19/01/2015]
Vulnerability was identified in the Novell
Sentinel. An attacker could bypass security restrictions and obtain sensitive
information. This vulnerability affects multiple versions of the mentioned
product. Security patches are available to resolve this
vulnerability.
URL:download.novell.com/Download?buildid=SIHFofRnkY0~
39.
Vulnerabilities in Ansible Tower (99924,
99925)
[19/01/2015]
Vulnerabilities were identified in the Ansible
Tower. An attacker could bypass security restrictions, execute arbitrary code
and perform cross-site scripting attacks. These vulnerabilities affect versions
prior to 2.0.5 of the mentioned product. Security patches are available to
resolve these
vulnerabilities.
URL:xforce.iss.net/xforce/xfdb/99924
URL:xforce.iss.net/xforce/xfdb/99925
40.
Vulnerability in Alienvault OSSIM
(99951)
[19/01/2015]
Vulnerability was identified in the Alienvault
Open Source SIEM (OSSIM). An attacker could bypass security restrictions, gain
elevated privileges and compromise the system. This vulnerability affects
versions prior to 4.15.0 of the mentioned product. Security patches are
available to resolve this
vulnerability.
URL:xforce.iss.net/xforce/xfdb/99951
41.
Vulnerability in Ceragon FiberAir IP-10
Microwave Bridge (VU#936356)
[19/01/2015] Vulnerability was identified in the Ceragon FiberAir IP-10
Microwave Bridge. An attacker could bypass security restrictions, obtain
sensitive information, gain elevated privileges and compromise the system. This
vulnerability affects firmware versions of the mentioned
product.
URL:www.kb.cert.org/vuls/id/936356
42. Vulnerability in T-Mobile Internet Manager
(99945)
[19/01/2015]
Vulnerability was identified in the T-Mobile
Internet Manager. An attacker could bypass security restrictions, execute
arbitrary code, cause a denial of service condition and crash the application.
This vulnerability affects version 8.01.2015 of the mentioned
product.
URL:xforce.iss.net/xforce/xfdb/99945
43.
Security Updates in Debian (DSA-3129-1,
DSA-3130-1)
[19/01/2015] Debian has
released security update packages for fixing the vulnerabilities identified in
the rpm and lsyncd packages for multiple versions of Debian GNU/Linux. Due to
multiple errors, an attacker could bypass security restrictions, execute
arbitrary code, cause a denial of service condition and crash the
system.
URL:www.debian.org/security/2015/dsa-3129
URL:www.debian.org/security/2015/dsa-3130
44.
Security Updates in FreeBSD
(FreeBSD-SA-15:01.openssl)
[19/01/2015] FreeBSD
has released security update packages for fixing the vulnerabilities identified
in the OpenSSL package for multiple versions of FreeBSD. An attacker could
bypass security restrictions, obtain sensitive information, execute arbitrary
code, cause a denial of service condition and crash the
system.
URL:www.freebsd.org/security/advisories/FreeBSD-SA-15:01.openssl.asc
45.
Security Updates in Mageia
(MGASA-2015-0025, MGASA-2015-0026)
[19/01/2015] Mageia has
released security update packages for fixing the vulnerabilities identified in
the firefox, firefox-l10n, thunderbird, thunderbird-l10n, python-django14 and
python-django packages for multiple versions of Mageia. Due to multiple errors,
an attacker could bypass security restrictions, obtain sensitive information,
execute arbitrary code, perform spoofing and cross-site request forgery attack,
cause a denial of service condition and crash the
application.
URL:advisories.mageia.org/MGASA-2015-0025.html
URL:advisories.mageia.org/MGASA-2015-0026.html
46.
Security Updates in Mandriva
(MDVSA-2015:027)
[19/01/2015] Mandriva
has released security update packages for fixing the vulnerabilities identified
in the kernel package for version MBS1 of Mandriva GNU/Linux. Due to multiple
errors, an attacker could bypass security restrictions, execute arbitrary code,
cause a denial of service condition and crash the
application.
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2015%3A027/
47.
Security Updates in Slackware
(SSA:2015-016-01, SSA:2015-016-02, SSA:2015-016-03,
SSA:2015-016-04)
[19/01/2015] Slackware
has released security update packages for fixing the vulnerabilities identified
in the mozilla-firefox, mozilla-thunderbird, seamonkey and freetype packages for
multiple versions of Slackware Linux. Due to multiple errors, an attacker could
bypass security restrictions, obtain sensitive information, execute arbitrary
code, perform spoofing and cross-site request forgery attack, cause a denial of
service condition and crash the
application.
URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.356101
URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.359642
URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.490672
URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.508136
48.
Security Updates in SUSE
(SUSE-SU-2015:0068-1)
[19/01/2015] SUSE has
released security update packages for fixing the vulnerabilities identified in
the Linux Kernel package of SUSE Linux Enterprise 12. Due to multiple errors, an
attacker could bypass security restrictions, obtain sensitive information, gain
elevated privileges, execute arbitrary code, cause a denial of service condition
and crash the
system.
URL:lists.opensuse.org/opensuse-security-announce/2015-01/msg00011.html
Source(s)
of above information:
Sunday, January 25, 2015
Monday, January 19, 2015
IT Security Alerts Weekly Digest (11 Jan ~ 17 Jan 2015)
1. Vulnerabilities in Cisco
Products
[16/01/2015] Vulnerabilities were identified in the Cisco Identity Services Engine Software, Cisco Unified Communications Domain Manager and Cisco WebEx Meeting Center. An attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, perform cross-site scripting and cross-site request forgery attacks, cause a denial of service condition and crash the system. These vulnerabilities affect multiple firmware versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8022
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0588
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0590
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0591
2. Vulnerability in Novell Filr (5198451, 5198494)
[16/01/2015] Vulnerability was identified in the Novell Filr. An attacker could bypass security restrictions and execute arbitrary code. This vulnerability affects versions 1.0.1 and 1.1 of the mentioned product. Security patches are available to resolve this vulnerability.
URL:download.novell.com/Download?buildid=spdw6sUZusM~
URL:download.novell.com/Download?buildid=vQz3fdik3fY~
3. Vulnerability in Ansible Tower (99923)
[16/01/2015] Vulnerability was identified in the Ansible Tower. An attacker could bypass security restrictions and gain elevated privileges on the system. This vulnerability affects versions prior to 2.0.5 of the mentioned product. Security patches are available to resolve this vulnerability.
URL:xforce.iss.net/xforce/xfdb/99923
4. Vulnerability in PHPKIT (99904)
[16/01/2015] Vulnerability was identified in the PHPKIT. An attacker could bypass security restrictions, execute arbitrary code and perform cross-site scripting attacks. This vulnerability affects version 1.6.6 Build 1660014 of the mentioned product.
URL:xforce.iss.net/xforce/xfdb/99904
5. Vulnerability in TechSmith Camtasia Studio (99892)
[16/01/2015] Vulnerability was identified in the TechSmith Camtasia Studio. An attacker could bypass security restrictions, execute arbitrary code and perform cross-site scripting attacks. This vulnerability affects multiple versions of the mentioned product. Security patches are available to resolve this vulnerability.
URL:xforce.iss.net/xforce/xfdb/99892
6. Vulnerability in b2evolution (99891)
[16/01/2015] Vulnerability was identified in the b2evolution. An attacker could bypass security restrictions, execute arbitrary code and perform cross-site scripting attacks. This vulnerability affects version 5.2.0 of the mentioned product.
URL:xforce.iss.net/xforce/xfdb/99891
7. Vulnerability in Simple Security plugin for WordPress (99931)
[16/01/2015] Vulnerability was identified in the Simple Security plugin for WordPress. An attacker could bypass security restrictions, execute arbitrary code and perform cross-site scripting attacks. This vulnerability affects version 1.1.5 of the mentioned product.
URL:xforce.iss.net/xforce/xfdb/99931
8. Security Updates in Debian (DSA-3128-1)
[16/01/2015] Debian has released security update packages for fixing the vulnerabilities identified in the linux package for multiple versions of Debian GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and crash the system.
URL:www.debian.org/security/2015/dsa-3128
9. Security Updates in Mandriva (MDVSA-2015:023, MDVSA-2015:024, MDVSA-2015:025, MDVSA-2015:026)
[16/01/2015] Mandriva has released security update packages for fixing the vulnerabilities identified in the libvirt, libsndfile, mpfr and untrf packages for version MBS1 of Mandriva GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, execute arbitrary code, cause a denial of service condition and crash the application.
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2015%3A023/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2015%3A024/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2015%3A025/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2015%3A026/
10. Security Updates in SUSE (SUSE-SU-2015:0052-1, openSUSE-SU-2015:0059-1, openSUSE-SU-2015:0061-1, SUSE-SU-2015:0062-1)
[16/01/2015] SUSE has released security update packages for fixing the vulnerabilities identified in the flash-player package of SUSE Linux Enterprise 11 and 12, openSUSE 13.1 and 13.2, and openSUSE Evergreen 11.4. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code and compromise the system.
URL:lists.opensuse.org/opensuse-security-announce/2015-01/msg00007.html
URL:lists.opensuse.org/opensuse-security-announce/2015-01/msg00008.html
URL:lists.opensuse.org/opensuse-security-announce/2015-01/msg00009.html
URL:lists.opensuse.org/opensuse-security-announce/2015-01/msg00010.html
11. Security Updates in Ubuntu GNU/Linux (USN-2474-1, USN-2475-1)
[16/01/2015] Ubuntu has released security update packages for fixing the vulnerabilities identified in the curl and gtk+3.0 packages for versions 10.04 LTS, 12.04 LTS, 14.04 LTS and 14.10 of Ubuntu GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, gain elevated privileges, execute arbitrary code and perform code injection attacks.
URL:www.ubuntu.com/usn/usn-2474-1/
URL:www.ubuntu.com/usn/usn-2475-1/
12. Vulnerability in Cisco Adaptive Security Appliance (ASA) Software
[15/01/2015] Vulnerability was identified in the Cisco Adaptive Security Appliance (ASA) Software. An attacker could bypass security restrictions, cause a denial of service condition and crash the system. This vulnerability affects multiple firmware versions of the mentioned product. Security patches are available to resolve this vulnerability.
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0578
13. Vulnerabilities in Juniper Products (JSA10664, JSA10665, JSA10666, JSA10667, JSA10668, JSA10669, JSA10670)
[15/01/2015] Vulnerability was identified in the Juniper Secure Analytics, Juniper Security Threat Response Manager and Junos OS. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, perform cross-site request forgery and session hijack attacks, cause a denial of service condition and crash the system. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:kb.juniper.net/InfoCenter/index?page=content&id=JSA10664
URL:kb.juniper.net/InfoCenter/index?page=content&id=JSA10665
URL:kb.juniper.net/InfoCenter/index?page=content&id=JSA10666
URL:kb.juniper.net/InfoCenter/index?page=content&id=JSA10667
URL:kb.juniper.net/InfoCenter/index?page=content&id=JSA10668
URL:kb.juniper.net/InfoCenter/index?page=content&id=JSA10669
URL:kb.juniper.net/InfoCenter/index?page=content&id=JSA10670
14. Vulnerability in F5 Products (SOL15984)
[15/01/2015] Vulnerability was identified in the F5 BIG-IP LTM, BIG-IP AAM, BIG-IP AFM, BIG-IP Analytics, BIG-IP APM, BIG-IP ASM, BIG-IP Edge Gateway, BIG-IP GTM, BIG-IP Link Controller, BIG-IP PEM, BIG-IP PSM, BIG-IP WebAccelerator, BIG-IP WOM, ARX, Enterprise Manager, BIG-IQ Cloud, BIG-IQ Device and BIG-IQ Security. An attacker could bypass security restrictions and obtain sensitive information. This vulnerability affects multiple versions of the mentioned products. Security patches are available to resolve this vulnerability.
URL:support.f5.com/kb/en-us/solutions/public/15000/900/sol15984
15. Security Updates in Oracle Solaris (ELSA-2015-0046, ELSA-2015-0047)
[15/01/2015] Oracle has released security update packages for fixing the vulnerabilities identified in the firefox and thunderbird packages for Oracle Linux 5, 6 and 7. Due to multiple errors, an attacker could bypass security restriction, execute arbitrary code, obtain sensitive information, cause a denial of service condition and crash the application.
URL:linux.oracle.com/errata/ELSA-2015-0046.html
URL:linux.oracle.com/errata/ELSA-2015-0047.html
16. Security Updates in Debian (DSA-3127-1)
[15/01/2015] Debian has released security update packages for fixing the vulnerabilities identified in the iceweasel package for multiple versions of Debian GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and crash the system.
URL:www.debian.org/security/2015/dsa-3127
17. Security Updates in Mageia (MGASA-2015-0023, MGASA-2015-0024)
[15/01/2015] Mageia has released security update packages for fixing the vulnerabilities identified in the python-pip and flash-player-plugin packages for multiple versions of Mageia. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and crash the system.
URL:advisories.mageia.org/MGASA-2015-0023.html
URL:advisories.mageia.org/MGASA-2015-0024.html
18. Security Updates in SUSE (SUSE-SU-2014:1695-2, SUSE-SU-2015:0045-1)
[15/01/2015] SUSE has released security update packages for fixing the vulnerabilities identified in the kernel and xorg-x11-server packages of SUSE Linux Enterprise 11. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and crash the system.
URL:lists.opensuse.org/opensuse-security-announce/2015-01/msg00005.html
URL:lists.opensuse.org/opensuse-security-announce/2015-01/msg00006.html
19. Security Updates in Red Hat Enterprise Linux (RHSA-2015:0028-1, RHSA-2015:0052-1)
[15/01/2015] Red Hat has released security update packages for fixing the vulnerabilities identified in the cfme package for Red Hat CloudForms 3.1 and Adobe Flash Player package for Red Hat Enterprise Linux 5 and 6 Supplementary. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, perform code injection attacks and compromise the system.
URL:rhn.redhat.com/errata/RHSA-2015-0028.html
URL:rhn.redhat.com/errata/RHSA-2015-0052.html
20. Security Updates in Ubuntu GNU/Linux (USN-2458-1, USN-2458-2, USN-2471-1, USN-2472-1, USN-2473-1)
[15/01/2015] Ubuntu has released security update packages for fixing the vulnerabilities identified in the firefox, ubufox, gparted, unzip and coreutils packages for versions 10.04 LTS, 12.04 LTS, 14.04 LTS and 14.10 of Ubuntu GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, perform cross-site request forgery and session-fixation attacks, cause a denial of service condition and compromise the system.
URL:www.ubuntu.com/usn/usn-2458-1/
URL:www.ubuntu.com/usn/usn-2458-2/
URL:www.ubuntu.com/usn/usn-2471-1/
URL:www.ubuntu.com/usn/usn-2472-1/
URL:www.ubuntu.com/usn/usn-2473-1/
21. Vulnerabilities in Microsoft Products (3004365, 3014029, 3019215, 3020393, 3021674, 3022777, 3023266, 3025421)
[14/01/2015] Vulnerabilities were identified in the Microsoft Windows. An attacker could bypass security restrictions, gain elevated privileges and execute arbitrary code. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:technet.microsoft.com/library/security/ms15-jan
URL:technet.microsoft.com/library/security/MS15-001
URL:technet.microsoft.com/library/security/MS15-002
URL:technet.microsoft.com/library/security/MS15-003
URL:technet.microsoft.com/library/security/MS15-004
URL:technet.microsoft.com/library/security/MS15-005
URL:technet.microsoft.com/library/security/MS15-006
URL:technet.microsoft.com/library/security/MS15-007
URL:technet.microsoft.com/library/security/MS15-008
URL:www.hkcert.org/my_url/en/alert/15011401
URL:www.hkcert.org/my_url/en/alert/15011402
URL:www.hkcert.org/my_url/en/alert/15011403
URL:www.hkcert.org/my_url/en/alert/15011404
URL:www.hkcert.org/my_url/en/alert/15011405
URL:www.hkcert.org/my_url/en/alert/15011406
URL:www.hkcert.org/my_url/en/alert/15011407
URL:www.hkcert.org/my_url/en/alert/15011408
URL:www.us-cert.gov/ncas/current-activity/2015/01/13/Microsoft-Releases-January-2015-Security-Bulletin
URL:xforce.iss.net/xforce/xfdb/98973
URL:xforce.iss.net/xforce/xfdb/99513
URL:xforce.iss.net/xforce/xfdb/99517
URL:xforce.iss.net/xforce/xfdb/99521
URL:xforce.iss.net/xforce/xfdb/99527
22. Information Updates on Microsoft Security Bulletin (MS14-080)
[14/01/2015] Microsoft has updated information on the Security Bulletin for the Microsoft Internet Explorer. MS14-080 was rereleased to comprehensively address CVE-2014-6363. In addition to installing update 3008923, customers running Internet Explorer 10 on Windows 8, Windows Server 2012, or Window RT should also install update 3029449, which has been added with this rerelease.
URL:technet.microsoft.com/library/security/MS14-080
23. Vulnerabilities in Adobe Products (APSB15-01)
[14/01/2015] Vulnerabilities were identified in the Adobe Flash Player and Adobe AIR. An attacker could execute arbitrary code and obtain sensitive information. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:helpx.adobe.com/security/products/flash-player/apsb15-01.html
URL:technet.microsoft.com/en-us/library/security/2755801
URL:www.hkcert.org/my_url/en/alert/15011409
URL:www.us-cert.gov/ncas/current-activity/2015/01/13/Adobe-Releases-Security-Updates-Flash-Player
24. Vulnerabilities in Mozilla Products (MFSA 2015-01, MFSA 2015-02, MFSA 2015-03, MFSA 2015-04, MFSA 2015-05, MFSA 2015-06, MFSA 2015-07, MFSA 2015-08, MFSA 2015-09)
[14/01/2015] Vulnerabilities were identified in Mozilla Firefox, Firefox ESR, SeaMonkey, Thunderbird. An attacker could bypass security restriction, execute arbitrary code, perform spoofing and cross-site request forgery attack, gain elevated privilege and crash the application. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:www.mozilla.org/zh-TW/security/advisories/mfsa2015-01/
URL:www.mozilla.org/zh-TW/security/advisories/mfsa2015-02/
URL:www.mozilla.org/zh-TW/security/advisories/mfsa2015-03/
URL:www.mozilla.org/zh-TW/security/advisories/mfsa2015-04/
URL:www.mozilla.org/zh-TW/security/advisories/mfsa2015-05/
URL:www.mozilla.org/zh-TW/security/advisories/mfsa2015-06/
URL:www.mozilla.org/zh-TW/security/advisories/mfsa2015-07/
URL:www.mozilla.org/zh-TW/security/advisories/mfsa2015-08/
URL:www.mozilla.org/zh-TW/security/advisories/mfsa2015-09/
25. Vulnerabilities in Cisco Products
[14/01/2015] Vulnerabilities were identified in the Cisco AnyConnect Secure Mobility Client, Cisco Email Security Appliance (ESA), Cisco Content Security Management Appliance (SMA) and Cisco TelePresence Video Communication Server (VCS). An attacker could bypass security restrictions, execute arbitrary code, perform cross-site scripting attacks, cause a denial of service condition and crash the system. These vulnerabilities affects multiple firmware versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3314
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0577
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0579
26. Vulnerability in Novell Identity Manager (5197970)
[14/01/2015] Vulnerability was identified in the Novell Identity Manager. An attacker could bypass security restrictions and obtain sensitive information. This vulnerability affects multiple versions of the mentioned product. Security patches are available to resolve this vulnerability.
URL:download.novell.com/Download?buildid=SlL2oPhB-LU~
27. Vulnerability in Panasonic Arbitrator Back-End Server (VU#117604)
[14/01/2015] Vulnerability was identified in the Panasonic Arbitrator Back-End Server (BES). An attacker could bypass security restrictions and obtain sensitive information. This vulnerability affects multiple versions of the mentioned product. Security patches are available to resolve this vulnerability.
URL:www.kb.cert.org/vuls/id/117604
28. Security Updates in Red Hat Enterprise Linux (RHSA-2015:0042-1, RHSA-2015:0043-1, RHSA-2015:0044-1, RHSA-2015:0046-1, RHSA-2015:0047-1)
[14/01/2015] Red Hat has released security update packages for fixing the vulnerabilities identified in the cloud-init package for Red Hat Common for Red Hat Enterprise Linux 6, kernel package for Red Hat Enterprise Linux 6.4 Extended Update Support, openstack-neutron package for Red Hat Enterprise Linux OpenStack Platform 4.0, firefox and thunderbird packages for Red Hat Enterprise Linux 5, 6 and 7. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:rhn.redhat.com/errata/RHSA-2015-0042.html
URL:rhn.redhat.com/errata/RHSA-2015-0043.html
URL:rhn.redhat.com/errata/RHSA-2015-0044.html
URL:rhn.redhat.com/errata/RHSA-2015-0046.html
URL:rhn.redhat.com/errata/RHSA-2015-0047.html
29. Security Updates in Ubuntu GNU/Linux (USN-2462-1, USN-2463-1, USN-2464-1, USN-2465-1, USN-2466-1, USN-2467-1, USN-2468-1, USN-2469-1, USN-2470-1)
[14/01/2015] Ubuntu has released security update packages for fixing the vulnerabilities identified in the linux, linux-ti-omap4, linux-lts-trusty, linux-lts-utopic, python-django and git packages for versions 10.04 LTS, 12.04 LTS, 14.04 LTS and 14.10 of Ubuntu GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:www.ubuntu.com/usn/usn-2462-1/
URL:www.ubuntu.com/usn/usn-2463-1/
URL:www.ubuntu.com/usn/usn-2464-1/
URL:www.ubuntu.com/usn/usn-2465-1/
URL:www.ubuntu.com/usn/usn-2466-1/
URL:www.ubuntu.com/usn/usn-2467-1/
URL:www.ubuntu.com/usn/usn-2468-1/
URL:www.ubuntu.com/usn/usn-2469-1/
URL:www.ubuntu.com/usn/usn-2470-1/
30. Vulnerability in Cisco WebEx Meeting Center
[13/01/2015] Vulnerability was identified in the Cisco WebEx Meeting Center. An attacker could bypass security restrictions and obtain sensitive information. This vulnerability affects multiple versions of the mentioned product. Security patches are available to resolve this vulnerability.
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0583
31. Vulnerability in F5 Products (SOL15983)
[13/01/2015] Vulnerability was identified in the F5 BIG-IP LTM, BIG-IP AAM, BIG-IP AFM, BIG-IP Analytics, BIG-IP APM, BIG-IP ASM, BIG-IP Edge Gateway, BIG-IP GTM, BIG-IP Link Controller, BIG-IP PEM, BIG-IP PSM, BIG-IP WebAccelerator, BIG-IP WOM, ARX, Enterprise Manager, BIG-IQ Cloud, BIG-IQ Device and BIG-IQ Security. An attacker could bypass security restrictions and obtain sensitive information. This vulnerability affects multiple versions of the mentioned products. Security patches are available to resolve this vulnerability.
URL:support.f5.com/kb/en-us/solutions/public/15000/900/sol15983.html
32. Security Updates in Oracle Solaris
[13/01/2015] Oracle has released security update packages for fixing the vulnerabilities identified in the NTP V3 and NTP V4 packages for Oracle Solaris 10, 11.1 and 11.2. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and crash the system.
URL:blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_ntp
33. Security Updates in Debian (DSA-3126-1)
[13/01/2015] Debian has released security update packages for fixing the vulnerability identified in the php5 package for multiple versions of Debian GNU/Linux. An attacker could bypass security restrictions and obtain sensitive information.
URL:www.debian.org/security/2015/dsa-3126
34. Security Updates in Mandriva (MDVSA-2015:020, MDVSA-2015:021, MDVSA-2015:022)
[13/01/2015] Mandriva has released security update packages for fixing the vulnerabilities identified in the libssh, curl and wireshark packages for version MBS1 of Mandriva GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, execute arbitrary code, cause a denial of service condition and crash the application.
URL:www.mandriva.com/en/support/security/advisories/mbs1/MDVSA-2015%3A020/
URL:www.mandriva.com/en/support/security/advisories/mbs1/MDVSA-2015%3A021/
URL:www.mandriva.com/en/support/security/advisories/mbs1/MDVSA-2015%3A022/
35. Security Updates in Red Hat Enterprise Linux (RHSA-2015:0033-1, RHSA-2015:0034-1, RHSA-2015:0035-1, RHSA-2015:0036-1)
[13/01/2015] Red Hat has released security update packages for fixing the vulnerabilities identified in the Red Hat Satellite 5, Red Hat JBoss Data Virtualization 6.0.0, condor package for Red Hat Enterprise MRG 2.5 for Red Hat Enterprise Linux 5 and 6. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, perform code injection attacks, cause a denial of service condition and crash the application.
URL:rhn.redhat.com/errata/RHSA-2015-0033.html
URL:rhn.redhat.com/errata/RHSA-2015-0034.html
URL:rhn.redhat.com/errata/RHSA-2015-0035.html
URL:rhn.redhat.com/errata/RHSA-2015-0036.html
36. Security Updates in Ubuntu GNU/Linux (USN-2459-1, USN-2461-1, USN-2461-2, USN-2461-3)
[13/01/2015] Ubuntu has released security update packages for fixing the vulnerabilities identified in the openssl, libyaml, libyaml-libyaml-perl and pyyaml packages for versions 10.04 LTS, 12.04 LTS, 14.04 LTS and 14.10 of Ubuntu GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, execute arbitrary code, cause a denial of service condition and crash the system.
URL:www.ubuntu.com/usn/usn-2459-1/
URL:www.ubuntu.com/usn/usn-2461-1/
URL:www.ubuntu.com/usn/usn-2461-2/
URL:www.ubuntu.com/usn/usn-2461-3/
37. Vulnerabilities in Cisco Products
[12/01/2015] Vulnerabilities were identified in the Cisco Unified Communications Domain Manager Platform, Cisco WebEx Meetings Server and Cisco MDS 9000 NX-OS Software. An attacker could bypass security restrictions, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the system. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8020
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8034
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8035
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8036
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0582
38. Security Updates in Debian (DSA-3123-1, DSA-3124-1, DSA-3125-1)
[12/01/2015] Debian has released security update packages for fixing the vulnerabilities identified in the binutils, otrs2 and openssl packages for multiple versions of Debian GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the application.
URL:www.debian.org/security/2015/dsa-3123
URL:www.debian.org/security/2015/dsa-3124
URL:www.debian.org/security/2015/dsa-3125
39. Security Updates in Mageia (MGASA-2015-0016, MGASA-2015-0017, MGASA-2015-0018, MGASA-2015-0019, MGASA-2015-0020, MGASA-2015-0021, MGASA-2015-0022)
[12/01/2015] Mageia has released security update packages for fixing the vulnerabilities identified in the unrtf, glpi, gcab, wireshark, curl, mpfr and openssl packages for multiple versions of Mageia. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and crash the system.
URL:advisories.mageia.org/MGASA-2015-0016.html
URL:advisories.mageia.org/MGASA-2015-0017.html
URL:advisories.mageia.org/MGASA-2015-0018.html
URL:advisories.mageia.org/MGASA-2015-0019.html
URL:advisories.mageia.org/MGASA-2015-0020.html
URL:advisories.mageia.org/MGASA-2015-0021.html
URL:advisories.mageia.org/MGASA-2015-0022.html
40. Security Updates in Mandriva (MDVSA-2015:019)
[12/01/2015] Mandriva has released security update packages for fixing the vulnerabilities identified in the openssl package for version MBS1 of Mandriva GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, cause a denial of service condition and crash the application.
URL:www.mandriva.com/en/support/security/advisories/mbs1/MDVSA-2015%3A019/
41. Security Updates in SUSE (SUSE-SU-2015:0022-1)
[12/01/2015] SUSE has released security update packages for fixing the vulnerabilities identified in the xen package of SUSE Linux Enterprise 12. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, cause a denial of service condition and crash the application.
URL:lists.opensuse.org/opensuse-security-announce/2015-01/msg00003.html
42. Security Updates in Slackware (SSA:2015-009-01)
[12/01/2015] Slackware has released security update packages for fixing the vulnerabilities identified in the openssl package for multiple versions of Slackware Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and crash the application.
URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.782231
Source(s) of above information:
[16/01/2015] Vulnerabilities were identified in the Cisco Identity Services Engine Software, Cisco Unified Communications Domain Manager and Cisco WebEx Meeting Center. An attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, perform cross-site scripting and cross-site request forgery attacks, cause a denial of service condition and crash the system. These vulnerabilities affect multiple firmware versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8022
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0588
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0590
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0591
2. Vulnerability in Novell Filr (5198451, 5198494)
[16/01/2015] Vulnerability was identified in the Novell Filr. An attacker could bypass security restrictions and execute arbitrary code. This vulnerability affects versions 1.0.1 and 1.1 of the mentioned product. Security patches are available to resolve this vulnerability.
URL:download.novell.com/Download?buildid=spdw6sUZusM~
URL:download.novell.com/Download?buildid=vQz3fdik3fY~
3. Vulnerability in Ansible Tower (99923)
[16/01/2015] Vulnerability was identified in the Ansible Tower. An attacker could bypass security restrictions and gain elevated privileges on the system. This vulnerability affects versions prior to 2.0.5 of the mentioned product. Security patches are available to resolve this vulnerability.
URL:xforce.iss.net/xforce/xfdb/99923
4. Vulnerability in PHPKIT (99904)
[16/01/2015] Vulnerability was identified in the PHPKIT. An attacker could bypass security restrictions, execute arbitrary code and perform cross-site scripting attacks. This vulnerability affects version 1.6.6 Build 1660014 of the mentioned product.
URL:xforce.iss.net/xforce/xfdb/99904
5. Vulnerability in TechSmith Camtasia Studio (99892)
[16/01/2015] Vulnerability was identified in the TechSmith Camtasia Studio. An attacker could bypass security restrictions, execute arbitrary code and perform cross-site scripting attacks. This vulnerability affects multiple versions of the mentioned product. Security patches are available to resolve this vulnerability.
URL:xforce.iss.net/xforce/xfdb/99892
6. Vulnerability in b2evolution (99891)
[16/01/2015] Vulnerability was identified in the b2evolution. An attacker could bypass security restrictions, execute arbitrary code and perform cross-site scripting attacks. This vulnerability affects version 5.2.0 of the mentioned product.
URL:xforce.iss.net/xforce/xfdb/99891
7. Vulnerability in Simple Security plugin for WordPress (99931)
[16/01/2015] Vulnerability was identified in the Simple Security plugin for WordPress. An attacker could bypass security restrictions, execute arbitrary code and perform cross-site scripting attacks. This vulnerability affects version 1.1.5 of the mentioned product.
URL:xforce.iss.net/xforce/xfdb/99931
8. Security Updates in Debian (DSA-3128-1)
[16/01/2015] Debian has released security update packages for fixing the vulnerabilities identified in the linux package for multiple versions of Debian GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and crash the system.
URL:www.debian.org/security/2015/dsa-3128
9. Security Updates in Mandriva (MDVSA-2015:023, MDVSA-2015:024, MDVSA-2015:025, MDVSA-2015:026)
[16/01/2015] Mandriva has released security update packages for fixing the vulnerabilities identified in the libvirt, libsndfile, mpfr and untrf packages for version MBS1 of Mandriva GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, execute arbitrary code, cause a denial of service condition and crash the application.
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2015%3A023/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2015%3A024/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2015%3A025/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2015%3A026/
10. Security Updates in SUSE (SUSE-SU-2015:0052-1, openSUSE-SU-2015:0059-1, openSUSE-SU-2015:0061-1, SUSE-SU-2015:0062-1)
[16/01/2015] SUSE has released security update packages for fixing the vulnerabilities identified in the flash-player package of SUSE Linux Enterprise 11 and 12, openSUSE 13.1 and 13.2, and openSUSE Evergreen 11.4. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code and compromise the system.
URL:lists.opensuse.org/opensuse-security-announce/2015-01/msg00007.html
URL:lists.opensuse.org/opensuse-security-announce/2015-01/msg00008.html
URL:lists.opensuse.org/opensuse-security-announce/2015-01/msg00009.html
URL:lists.opensuse.org/opensuse-security-announce/2015-01/msg00010.html
11. Security Updates in Ubuntu GNU/Linux (USN-2474-1, USN-2475-1)
[16/01/2015] Ubuntu has released security update packages for fixing the vulnerabilities identified in the curl and gtk+3.0 packages for versions 10.04 LTS, 12.04 LTS, 14.04 LTS and 14.10 of Ubuntu GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, gain elevated privileges, execute arbitrary code and perform code injection attacks.
URL:www.ubuntu.com/usn/usn-2474-1/
URL:www.ubuntu.com/usn/usn-2475-1/
12. Vulnerability in Cisco Adaptive Security Appliance (ASA) Software
[15/01/2015] Vulnerability was identified in the Cisco Adaptive Security Appliance (ASA) Software. An attacker could bypass security restrictions, cause a denial of service condition and crash the system. This vulnerability affects multiple firmware versions of the mentioned product. Security patches are available to resolve this vulnerability.
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0578
13. Vulnerabilities in Juniper Products (JSA10664, JSA10665, JSA10666, JSA10667, JSA10668, JSA10669, JSA10670)
[15/01/2015] Vulnerability was identified in the Juniper Secure Analytics, Juniper Security Threat Response Manager and Junos OS. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, perform cross-site request forgery and session hijack attacks, cause a denial of service condition and crash the system. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:kb.juniper.net/InfoCenter/index?page=content&id=JSA10664
URL:kb.juniper.net/InfoCenter/index?page=content&id=JSA10665
URL:kb.juniper.net/InfoCenter/index?page=content&id=JSA10666
URL:kb.juniper.net/InfoCenter/index?page=content&id=JSA10667
URL:kb.juniper.net/InfoCenter/index?page=content&id=JSA10668
URL:kb.juniper.net/InfoCenter/index?page=content&id=JSA10669
URL:kb.juniper.net/InfoCenter/index?page=content&id=JSA10670
14. Vulnerability in F5 Products (SOL15984)
[15/01/2015] Vulnerability was identified in the F5 BIG-IP LTM, BIG-IP AAM, BIG-IP AFM, BIG-IP Analytics, BIG-IP APM, BIG-IP ASM, BIG-IP Edge Gateway, BIG-IP GTM, BIG-IP Link Controller, BIG-IP PEM, BIG-IP PSM, BIG-IP WebAccelerator, BIG-IP WOM, ARX, Enterprise Manager, BIG-IQ Cloud, BIG-IQ Device and BIG-IQ Security. An attacker could bypass security restrictions and obtain sensitive information. This vulnerability affects multiple versions of the mentioned products. Security patches are available to resolve this vulnerability.
URL:support.f5.com/kb/en-us/solutions/public/15000/900/sol15984
15. Security Updates in Oracle Solaris (ELSA-2015-0046, ELSA-2015-0047)
[15/01/2015] Oracle has released security update packages for fixing the vulnerabilities identified in the firefox and thunderbird packages for Oracle Linux 5, 6 and 7. Due to multiple errors, an attacker could bypass security restriction, execute arbitrary code, obtain sensitive information, cause a denial of service condition and crash the application.
URL:linux.oracle.com/errata/ELSA-2015-0046.html
URL:linux.oracle.com/errata/ELSA-2015-0047.html
16. Security Updates in Debian (DSA-3127-1)
[15/01/2015] Debian has released security update packages for fixing the vulnerabilities identified in the iceweasel package for multiple versions of Debian GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and crash the system.
URL:www.debian.org/security/2015/dsa-3127
17. Security Updates in Mageia (MGASA-2015-0023, MGASA-2015-0024)
[15/01/2015] Mageia has released security update packages for fixing the vulnerabilities identified in the python-pip and flash-player-plugin packages for multiple versions of Mageia. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and crash the system.
URL:advisories.mageia.org/MGASA-2015-0023.html
URL:advisories.mageia.org/MGASA-2015-0024.html
18. Security Updates in SUSE (SUSE-SU-2014:1695-2, SUSE-SU-2015:0045-1)
[15/01/2015] SUSE has released security update packages for fixing the vulnerabilities identified in the kernel and xorg-x11-server packages of SUSE Linux Enterprise 11. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and crash the system.
URL:lists.opensuse.org/opensuse-security-announce/2015-01/msg00005.html
URL:lists.opensuse.org/opensuse-security-announce/2015-01/msg00006.html
19. Security Updates in Red Hat Enterprise Linux (RHSA-2015:0028-1, RHSA-2015:0052-1)
[15/01/2015] Red Hat has released security update packages for fixing the vulnerabilities identified in the cfme package for Red Hat CloudForms 3.1 and Adobe Flash Player package for Red Hat Enterprise Linux 5 and 6 Supplementary. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, perform code injection attacks and compromise the system.
URL:rhn.redhat.com/errata/RHSA-2015-0028.html
URL:rhn.redhat.com/errata/RHSA-2015-0052.html
20. Security Updates in Ubuntu GNU/Linux (USN-2458-1, USN-2458-2, USN-2471-1, USN-2472-1, USN-2473-1)
[15/01/2015] Ubuntu has released security update packages for fixing the vulnerabilities identified in the firefox, ubufox, gparted, unzip and coreutils packages for versions 10.04 LTS, 12.04 LTS, 14.04 LTS and 14.10 of Ubuntu GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, perform cross-site request forgery and session-fixation attacks, cause a denial of service condition and compromise the system.
URL:www.ubuntu.com/usn/usn-2458-1/
URL:www.ubuntu.com/usn/usn-2458-2/
URL:www.ubuntu.com/usn/usn-2471-1/
URL:www.ubuntu.com/usn/usn-2472-1/
URL:www.ubuntu.com/usn/usn-2473-1/
21. Vulnerabilities in Microsoft Products (3004365, 3014029, 3019215, 3020393, 3021674, 3022777, 3023266, 3025421)
[14/01/2015] Vulnerabilities were identified in the Microsoft Windows. An attacker could bypass security restrictions, gain elevated privileges and execute arbitrary code. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:technet.microsoft.com/library/security/ms15-jan
URL:technet.microsoft.com/library/security/MS15-001
URL:technet.microsoft.com/library/security/MS15-002
URL:technet.microsoft.com/library/security/MS15-003
URL:technet.microsoft.com/library/security/MS15-004
URL:technet.microsoft.com/library/security/MS15-005
URL:technet.microsoft.com/library/security/MS15-006
URL:technet.microsoft.com/library/security/MS15-007
URL:technet.microsoft.com/library/security/MS15-008
URL:www.hkcert.org/my_url/en/alert/15011401
URL:www.hkcert.org/my_url/en/alert/15011402
URL:www.hkcert.org/my_url/en/alert/15011403
URL:www.hkcert.org/my_url/en/alert/15011404
URL:www.hkcert.org/my_url/en/alert/15011405
URL:www.hkcert.org/my_url/en/alert/15011406
URL:www.hkcert.org/my_url/en/alert/15011407
URL:www.hkcert.org/my_url/en/alert/15011408
URL:www.us-cert.gov/ncas/current-activity/2015/01/13/Microsoft-Releases-January-2015-Security-Bulletin
URL:xforce.iss.net/xforce/xfdb/98973
URL:xforce.iss.net/xforce/xfdb/99513
URL:xforce.iss.net/xforce/xfdb/99517
URL:xforce.iss.net/xforce/xfdb/99521
URL:xforce.iss.net/xforce/xfdb/99527
22. Information Updates on Microsoft Security Bulletin (MS14-080)
[14/01/2015] Microsoft has updated information on the Security Bulletin for the Microsoft Internet Explorer. MS14-080 was rereleased to comprehensively address CVE-2014-6363. In addition to installing update 3008923, customers running Internet Explorer 10 on Windows 8, Windows Server 2012, or Window RT should also install update 3029449, which has been added with this rerelease.
URL:technet.microsoft.com/library/security/MS14-080
23. Vulnerabilities in Adobe Products (APSB15-01)
[14/01/2015] Vulnerabilities were identified in the Adobe Flash Player and Adobe AIR. An attacker could execute arbitrary code and obtain sensitive information. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:helpx.adobe.com/security/products/flash-player/apsb15-01.html
URL:technet.microsoft.com/en-us/library/security/2755801
URL:www.hkcert.org/my_url/en/alert/15011409
URL:www.us-cert.gov/ncas/current-activity/2015/01/13/Adobe-Releases-Security-Updates-Flash-Player
24. Vulnerabilities in Mozilla Products (MFSA 2015-01, MFSA 2015-02, MFSA 2015-03, MFSA 2015-04, MFSA 2015-05, MFSA 2015-06, MFSA 2015-07, MFSA 2015-08, MFSA 2015-09)
[14/01/2015] Vulnerabilities were identified in Mozilla Firefox, Firefox ESR, SeaMonkey, Thunderbird. An attacker could bypass security restriction, execute arbitrary code, perform spoofing and cross-site request forgery attack, gain elevated privilege and crash the application. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:www.mozilla.org/zh-TW/security/advisories/mfsa2015-01/
URL:www.mozilla.org/zh-TW/security/advisories/mfsa2015-02/
URL:www.mozilla.org/zh-TW/security/advisories/mfsa2015-03/
URL:www.mozilla.org/zh-TW/security/advisories/mfsa2015-04/
URL:www.mozilla.org/zh-TW/security/advisories/mfsa2015-05/
URL:www.mozilla.org/zh-TW/security/advisories/mfsa2015-06/
URL:www.mozilla.org/zh-TW/security/advisories/mfsa2015-07/
URL:www.mozilla.org/zh-TW/security/advisories/mfsa2015-08/
URL:www.mozilla.org/zh-TW/security/advisories/mfsa2015-09/
25. Vulnerabilities in Cisco Products
[14/01/2015] Vulnerabilities were identified in the Cisco AnyConnect Secure Mobility Client, Cisco Email Security Appliance (ESA), Cisco Content Security Management Appliance (SMA) and Cisco TelePresence Video Communication Server (VCS). An attacker could bypass security restrictions, execute arbitrary code, perform cross-site scripting attacks, cause a denial of service condition and crash the system. These vulnerabilities affects multiple firmware versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3314
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0577
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0579
26. Vulnerability in Novell Identity Manager (5197970)
[14/01/2015] Vulnerability was identified in the Novell Identity Manager. An attacker could bypass security restrictions and obtain sensitive information. This vulnerability affects multiple versions of the mentioned product. Security patches are available to resolve this vulnerability.
URL:download.novell.com/Download?buildid=SlL2oPhB-LU~
27. Vulnerability in Panasonic Arbitrator Back-End Server (VU#117604)
[14/01/2015] Vulnerability was identified in the Panasonic Arbitrator Back-End Server (BES). An attacker could bypass security restrictions and obtain sensitive information. This vulnerability affects multiple versions of the mentioned product. Security patches are available to resolve this vulnerability.
URL:www.kb.cert.org/vuls/id/117604
28. Security Updates in Red Hat Enterprise Linux (RHSA-2015:0042-1, RHSA-2015:0043-1, RHSA-2015:0044-1, RHSA-2015:0046-1, RHSA-2015:0047-1)
[14/01/2015] Red Hat has released security update packages for fixing the vulnerabilities identified in the cloud-init package for Red Hat Common for Red Hat Enterprise Linux 6, kernel package for Red Hat Enterprise Linux 6.4 Extended Update Support, openstack-neutron package for Red Hat Enterprise Linux OpenStack Platform 4.0, firefox and thunderbird packages for Red Hat Enterprise Linux 5, 6 and 7. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:rhn.redhat.com/errata/RHSA-2015-0042.html
URL:rhn.redhat.com/errata/RHSA-2015-0043.html
URL:rhn.redhat.com/errata/RHSA-2015-0044.html
URL:rhn.redhat.com/errata/RHSA-2015-0046.html
URL:rhn.redhat.com/errata/RHSA-2015-0047.html
29. Security Updates in Ubuntu GNU/Linux (USN-2462-1, USN-2463-1, USN-2464-1, USN-2465-1, USN-2466-1, USN-2467-1, USN-2468-1, USN-2469-1, USN-2470-1)
[14/01/2015] Ubuntu has released security update packages for fixing the vulnerabilities identified in the linux, linux-ti-omap4, linux-lts-trusty, linux-lts-utopic, python-django and git packages for versions 10.04 LTS, 12.04 LTS, 14.04 LTS and 14.10 of Ubuntu GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:www.ubuntu.com/usn/usn-2462-1/
URL:www.ubuntu.com/usn/usn-2463-1/
URL:www.ubuntu.com/usn/usn-2464-1/
URL:www.ubuntu.com/usn/usn-2465-1/
URL:www.ubuntu.com/usn/usn-2466-1/
URL:www.ubuntu.com/usn/usn-2467-1/
URL:www.ubuntu.com/usn/usn-2468-1/
URL:www.ubuntu.com/usn/usn-2469-1/
URL:www.ubuntu.com/usn/usn-2470-1/
30. Vulnerability in Cisco WebEx Meeting Center
[13/01/2015] Vulnerability was identified in the Cisco WebEx Meeting Center. An attacker could bypass security restrictions and obtain sensitive information. This vulnerability affects multiple versions of the mentioned product. Security patches are available to resolve this vulnerability.
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0583
31. Vulnerability in F5 Products (SOL15983)
[13/01/2015] Vulnerability was identified in the F5 BIG-IP LTM, BIG-IP AAM, BIG-IP AFM, BIG-IP Analytics, BIG-IP APM, BIG-IP ASM, BIG-IP Edge Gateway, BIG-IP GTM, BIG-IP Link Controller, BIG-IP PEM, BIG-IP PSM, BIG-IP WebAccelerator, BIG-IP WOM, ARX, Enterprise Manager, BIG-IQ Cloud, BIG-IQ Device and BIG-IQ Security. An attacker could bypass security restrictions and obtain sensitive information. This vulnerability affects multiple versions of the mentioned products. Security patches are available to resolve this vulnerability.
URL:support.f5.com/kb/en-us/solutions/public/15000/900/sol15983.html
32. Security Updates in Oracle Solaris
[13/01/2015] Oracle has released security update packages for fixing the vulnerabilities identified in the NTP V3 and NTP V4 packages for Oracle Solaris 10, 11.1 and 11.2. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and crash the system.
URL:blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_ntp
33. Security Updates in Debian (DSA-3126-1)
[13/01/2015] Debian has released security update packages for fixing the vulnerability identified in the php5 package for multiple versions of Debian GNU/Linux. An attacker could bypass security restrictions and obtain sensitive information.
URL:www.debian.org/security/2015/dsa-3126
34. Security Updates in Mandriva (MDVSA-2015:020, MDVSA-2015:021, MDVSA-2015:022)
[13/01/2015] Mandriva has released security update packages for fixing the vulnerabilities identified in the libssh, curl and wireshark packages for version MBS1 of Mandriva GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, execute arbitrary code, cause a denial of service condition and crash the application.
URL:www.mandriva.com/en/support/security/advisories/mbs1/MDVSA-2015%3A020/
URL:www.mandriva.com/en/support/security/advisories/mbs1/MDVSA-2015%3A021/
URL:www.mandriva.com/en/support/security/advisories/mbs1/MDVSA-2015%3A022/
35. Security Updates in Red Hat Enterprise Linux (RHSA-2015:0033-1, RHSA-2015:0034-1, RHSA-2015:0035-1, RHSA-2015:0036-1)
[13/01/2015] Red Hat has released security update packages for fixing the vulnerabilities identified in the Red Hat Satellite 5, Red Hat JBoss Data Virtualization 6.0.0, condor package for Red Hat Enterprise MRG 2.5 for Red Hat Enterprise Linux 5 and 6. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, perform code injection attacks, cause a denial of service condition and crash the application.
URL:rhn.redhat.com/errata/RHSA-2015-0033.html
URL:rhn.redhat.com/errata/RHSA-2015-0034.html
URL:rhn.redhat.com/errata/RHSA-2015-0035.html
URL:rhn.redhat.com/errata/RHSA-2015-0036.html
36. Security Updates in Ubuntu GNU/Linux (USN-2459-1, USN-2461-1, USN-2461-2, USN-2461-3)
[13/01/2015] Ubuntu has released security update packages for fixing the vulnerabilities identified in the openssl, libyaml, libyaml-libyaml-perl and pyyaml packages for versions 10.04 LTS, 12.04 LTS, 14.04 LTS and 14.10 of Ubuntu GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, execute arbitrary code, cause a denial of service condition and crash the system.
URL:www.ubuntu.com/usn/usn-2459-1/
URL:www.ubuntu.com/usn/usn-2461-1/
URL:www.ubuntu.com/usn/usn-2461-2/
URL:www.ubuntu.com/usn/usn-2461-3/
37. Vulnerabilities in Cisco Products
[12/01/2015] Vulnerabilities were identified in the Cisco Unified Communications Domain Manager Platform, Cisco WebEx Meetings Server and Cisco MDS 9000 NX-OS Software. An attacker could bypass security restrictions, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the system. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8020
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8034
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8035
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8036
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0582
38. Security Updates in Debian (DSA-3123-1, DSA-3124-1, DSA-3125-1)
[12/01/2015] Debian has released security update packages for fixing the vulnerabilities identified in the binutils, otrs2 and openssl packages for multiple versions of Debian GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the application.
URL:www.debian.org/security/2015/dsa-3123
URL:www.debian.org/security/2015/dsa-3124
URL:www.debian.org/security/2015/dsa-3125
39. Security Updates in Mageia (MGASA-2015-0016, MGASA-2015-0017, MGASA-2015-0018, MGASA-2015-0019, MGASA-2015-0020, MGASA-2015-0021, MGASA-2015-0022)
[12/01/2015] Mageia has released security update packages for fixing the vulnerabilities identified in the unrtf, glpi, gcab, wireshark, curl, mpfr and openssl packages for multiple versions of Mageia. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and crash the system.
URL:advisories.mageia.org/MGASA-2015-0016.html
URL:advisories.mageia.org/MGASA-2015-0017.html
URL:advisories.mageia.org/MGASA-2015-0018.html
URL:advisories.mageia.org/MGASA-2015-0019.html
URL:advisories.mageia.org/MGASA-2015-0020.html
URL:advisories.mageia.org/MGASA-2015-0021.html
URL:advisories.mageia.org/MGASA-2015-0022.html
40. Security Updates in Mandriva (MDVSA-2015:019)
[12/01/2015] Mandriva has released security update packages for fixing the vulnerabilities identified in the openssl package for version MBS1 of Mandriva GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, cause a denial of service condition and crash the application.
URL:www.mandriva.com/en/support/security/advisories/mbs1/MDVSA-2015%3A019/
41. Security Updates in SUSE (SUSE-SU-2015:0022-1)
[12/01/2015] SUSE has released security update packages for fixing the vulnerabilities identified in the xen package of SUSE Linux Enterprise 12. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, cause a denial of service condition and crash the application.
URL:lists.opensuse.org/opensuse-security-announce/2015-01/msg00003.html
42. Security Updates in Slackware (SSA:2015-009-01)
[12/01/2015] Slackware has released security update packages for fixing the vulnerabilities identified in the openssl package for multiple versions of Slackware Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and crash the application.
URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.782231
Source(s) of above information:
Subscribe to:
Posts (Atom)