IT Security Alerts Weekly Digest (18 Jan ~ 24 Jan 2015)

1. Vulnerability in Adobe Flash Player (APSB15-02)
[23/01/2015] Vulnerability was identified in the Adobe Flash Player. An attacker could bypass security restrictions and obtain sensitive information, execute arbitrary code and compromise the system. This vulnerability affects multiple versions of the mentioned product. Security patches are available to resolve this vulnerability.

URL:helpx.adobe.com/security/products/flash-player/apsb15-02.html
URL:technet.microsoft.com/en-us/library/security/2755801
URL:www.hkcert.org/my_url/en/alert/15012301
URL:www.us-cert.gov/ncas/current-activity/2015/01/22/Adobe-Releases-Security-Updates-Flash-Player
2. Vulnerability in Apple Mac OS X (100219)
[23/01/2015] Vulnerability was identified in the Apple Mac OS X. An attacker could bypass security restrictions, cause a denial of service condition and crash the system. This vulnerability affects version 10.10 of the mentioned product.

URL:xforce.iss.net/xforce/xfdb/100219
3. Vulnerabilities in F5 Products (SOL16010, SOL16011, SOL16016)
[23/01/2015] Vulnerabilities were identified in the F5 BIG-IP LTM, BIG-IP AAM, BIG-IP AFM, BIG-IP Analytics, BIG-IP APM, BIG-IP ASM, BIG-IP Edge Gateway, BIG-IP GTM, BIG-IP Link Controller, BIG-IP PEM, BIG-IP PSM, BIG-IP WebAccelerator, BIG-IP WOM, Enterprise Manager, BIG-IQ Cloud, BIG-IQ Device and BIG-IQ Security. An attacker could bypass security restrictions, execute arbitrary code, cause a denial of service condition and crash the system. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.

URL:support.f5.com/kb/en-us/solutions/public/16000/000/sol16010.html
URL:support.f5.com/kb/en-us/solutions/public/16000/000/sol16011.html
URL:support.f5.com/kb/en-us/solutions/public/16000/000/sol16016.html
4. Vulnerabilities in Drupal (SA-CONTRIB-2015-023, SA-CONTRIB-2015-024, SA-CONTRIB-2015-026, SA-CONTRIB-2015-028, SA-CONTRIB-2015-029)
[23/01/2015] Vulnerabilities were identified in the Alfresco, Classified Ads, Taxonews, Shibboleth authentication and Corner modules for Drupal. An attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, perform cross-site scripting and cross-site request forgery attacks. These vulnerabilities affect multiple versions of the mentioned product. Security patches are available to resolve these vulnerabilities.

URL:www.drupal.org/node/2411523
URL:www.drupal.org/node/2411527
URL:www.drupal.org/node/2411573
URL:www.drupal.org/node/2411737
URL:www.drupal.org/node/2411741
URL:xforce.iss.net/xforce/xfdb/100192
URL:xforce.iss.net/xforce/xfdb/100193
URL:xforce.iss.net/xforce/xfdb/100194
URL:xforce.iss.net/xforce/xfdb/100195
URL:xforce.iss.net/xforce/xfdb/100196
5. Vulnerabilities in JasPer (100199, 100202)
[23/01/2015] Vulnerabilities were identified in the JasPer. An attacker could bypass security restrictions, execute arbitrary code, cause a denial of service condition and crash the system. These vulnerabilities affect version 1.900.1 of the mentioned product.

URL:xforce.iss.net/xforce/xfdb/100199
URL:xforce.iss.net/xforce/xfdb/100202
6. Security Updates in Oracle Linux (ELSA-2015-0074)
[23/01/2015] Oracle has released security update packages for fixing the vulnerabilities identified in the jasper package for Oracle Linux 6 and 7. Due to multiple errors, an attacker could bypass security restrictions, execute arbitrary code, cause a denial of service condition and crash the system.

URL:linux.oracle.com/errata/ELSA-2015-0074.html
7. Security Updates in SUSE (SUSE-SU-2015:0107-1, openSUSE-SU-2015:0110-1)
[23/01/2015] SUSE has released security update packages for fixing the vulnerabilities identified in the rpm package of SUSE Linux Enterprise 12, and flash-player package of openSUSE 13.1 and 13.2. Due to multiple errors, an attacker could bypass security restriction, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the system.

URL:lists.opensuse.org/opensuse-security-announce/2015-01/msg00018.html
URL:lists.opensuse.org/opensuse-security-announce/2015-01/msg00019.html
8. Security Updates in Red Hat Enterprise Linux (RHSA-2015:0074-1)
[23/01/2015] Red Hat has released security update packages for fixing the vulnerabilities identified in the jasper packages for Red Hat Enterprise Linux 6 and 7. Due to multiple errors, an attacker could bypass security restrictions, execute arbitrary code, cause a denial of service condition and crash the system.

URL:rhn.redhat.com/errata/RHSA-2015-0074.html
9. Security Updates in Ubuntu GNU/Linux (USN-2480-1, USN-2481-1, USN-2482-1)
[23/01/2015] Ubuntu has released security update packages for fixing the vulnerabilities identified in the mysql-5.5, samba and elfutils packages for versions 10.04 LTS, 12.04 LTS, 14.04 LTS and 14.10 of Ubuntu GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.

URL:www.ubuntu.com/usn/usn-2480-1/
URL:www.ubuntu.com/usn/usn-2481-1/
URL:www.ubuntu.com/usn/usn-2482-1/
10. Vulnerability in Cisco Unified Communications Manager
[22/01/2015] Vulnerability was identified in the Cisco Unified Communications Manager. An attacker could bypass security restrictions and obtain sensitive information. This vulnerability affects multiple firmware versions of the mentioned product. Security patches are available to resolve this vulnerability.

URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8008
11. Vulnerabilities in Novell iPrint Appliance (5199190, 5199210)
[22/01/2015] Vulnerabilities were identified in the Novell iPrint Appliance. An attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, perform man-in-the-middle attacks, cause a denial of service condition and crash the system. These vulnerabilities affect versions 1.0.1 and 1.1 of the mentioned product. Security patches are available to resolve these vulnerabilities.

URL:download.novell.com/Download?buildid=rv6WEcwgx_4~
URL:download.novell.com/Download?buildid=4P9rh2AOw0M~
12. Vulnerabilities in Huawei Quidway switches (Huawei-SA-20150121-01-Quidway Switches)
[22/01/2015] Vulnerabilities were identified in multiple Huawei Quidway switches. An attacker could bypass security restrictions, obtain sensitive information and gain escalated privileges. These vulnerabilities affect multiple firmware versions of the mentioned products. Security patches are available to resolve these vulnerabilities.

URL:www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-411975.htm
13. Vulnerability in iPass Open Mobile Windows Client (VU#110652)
[22/01/2015] Vulnerability was identified in the iPass Open Mobile Windows Client. An attacker could bypass security restrictions, gain elevated privileges and execute arbitrary code. This vulnerability affects versions prior to 2.4.5 of the mentioned product. Security patches are available to resolve this vulnerability.

URL:www.kb.cert.org/vuls/id/110652
14. Vulnerability in pigz (100017)
[22/01/2015] Vulnerability was identified in the pigz. An attacker could bypass security restrictions and obtain sensitive information. This vulnerability affects version 2.3.1-1 of the mentioned product. Security patches are available to resolve this vulnerability.

URL:xforce.iss.net/xforce/xfdb/100017
15. Vulnerability in PrestaShop (100013)
[22/01/2015] Vulnerability was identified in the PrestaShop. An attacker could bypass security restrictions, execute arbitrary code and perform cross-site scripting attacks. This vulnerability affects versions prior to 1.6.0.11 of the mentioned product. Security patches are available to resolve this vulnerability.

URL:xforce.iss.net/xforce/xfdb/100013
16. Vulnerabilities in Pixabay Images plugin for WordPress (100036, 100037, 100038)
[22/01/2015] Vulnerabilities were identified in the Pixabay Images plugin for WordPress. An attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and crash the system. These vulnerabilities affect versions prior to 2.4 of the mentioned product. Security patches are available to resolve these vulnerabilities.

URL:xforce.iss.net/xforce/xfdb/100036
URL:xforce.iss.net/xforce/xfdb/100037
URL:xforce.iss.net/xforce/xfdb/100038
17. Vulnerability in SIMEditor (100011)
[22/01/2015] Vulnerability was identified in the SIMEditor. An attacker could bypass security restrictions, cause a denial of service condition and crash the system. This vulnerability affects version 6.6 of the mentioned product.

URL:xforce.iss.net/xforce/xfdb/100011
18. Security Updates in Oracle Products (ELSA-2015-0067, ELSA-2015-0068, ELSA-2015-0069)
[22/01/2015] Oracle has released security update packages for fixing the vulnerabilities identified in the java-1.7.0-openjdk and java-1.8.0-openjdk packages for Oracle Linux 5, 6 and 7. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, perform man-in-the-middle attacks, cause a denial of service condition and crash the system.

URL:linux.oracle.com/errata/ELSA-2015-0067.html
URL:linux.oracle.com/errata/ELSA-2015-0068.html
URL:linux.oracle.com/errata/ELSA-2015-0069.html
19. Security Updates in Mageia (MGASA-2015-0034)
[22/01/2015] Mageia has released security update packages for fixing the vulnerability identified in the freeciv package for multiple versions of Mageia. An attacker could bypass security restrictions, execute arbitrary code, cause a denial of service condition and crash the system.

URL:advisories.mageia.org/MGASA-2015-0034.html
20. Security Updates in Slackware (SSA:2015-020-01)
[22/01/2015] Slackware has released security update packages for fixing the vulnerability identified in the samba package for multiple versions of Slackware Linux. An attacker could bypass security restrictions and gain elevated privileges.

URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.416326
21. Security Updates in SUSE (SUSE-SU-2015:0096-1)
[22/01/2015] SUSE has released security update packages for fixing the vulnerability identified in the bind package of SUSE Linux Enterprise 12. An attacker could bypass security restriction and cause a denial of service condition.

URL:lists.opensuse.org/opensuse-security-announce/2015-01/msg00017.html
22. Security Updates in Red Hat Enterprise Linux (RHSA-2015:0069-1)
[22/01/2015] Red Hat has released security update packages for fixing the vulnerabilities identified in the java-1.8.0-openjdk packages for Red Hat Enterprise Linux 6. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, perform man-in-the-middle attacks, cause a denial of service condition and crash the system.

URL:rhn.redhat.com/errata/RHSA-2015-0069.html
23. Vulnerability in Apache Santuario XML Security for Java
[21/01/2015] Vulnerability was identified in the Apache Santuario XML Security for Java. An attacker could bypass security restrictions and execute arbitrary code. This vulnerability affects versions prior to 2.0.3 for 2.0.x of the mentioned product. Security patches are available to resolve this vulnerability.

URL:santuario.apache.org/secadv.data/CVE-2014-8152.txt.asc
URL:xforce.iss.net/xforce/xfdb/99993
24. Security Updates in Oracle Products
[21/01/2015] Oracle has released security update packages for fixing the vulnerabilities identified in the Oracle Database Server, Oracle Fusion Applications and Middleware, Oracle Enterprise Manager Grid Control, Oracle E-Business Suite, Oracle Supply Chain Products Suite, Oracle PeopleSoft Products, Oracle JD Edwards Products, Oracle Siebel CRM, Oracle iLearning, Oracle Communications Applications, Oracle Retail Applications, Oracle Health Sciences Applications, Oracle Java SE, Oracle and Sun Systems Products, Oracle Linux and Virtualization, Oracle MySQL, NTP V3 and V4 packages for Solaris 10, 11.1 and 11.2, and openssl package for Oracle Linux 6 and 7. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system. Security patches are available to resolve these vulnerabilities.

URL:www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
URL:blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_ntp
URL:linux.oracle.com/errata/ELSA-2015-0066.html
URL:www.us-cert.gov/ncas/current-activity/2015/01/20/Oracle-Releases-January-2015-Security-Advisory
25. Vulnerability in HP Insight Control server deployment (c04537915)
[21/01/2015] Vulnerability was identified in the HP Insight Control server deployment. An attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code and perform cross-site scripting attacks. This vulnerability affects all versions of the mentioned product. Security patches are available to resolve this vulnerability.

URL:h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04537915
URL:xforce.iss.net/xforce/xfdb/99997
26. Vulnerability in iFileExplorer for iOS (99991)
[21/01/2015] Vulnerability was identified in the iFileExplorer for iOS. An attacker could bypass security restrictions, obtain sensitive information and execute arbitrary code. This vulnerability affects version 6.51 of the mentioned product.

URL:xforce.iss.net/xforce/xfdb/99991
27. Security Updates in Debian (DSA-3133-1, DSA-3134-1)
[21/01/2015] Debian has released security update packages for fixing the vulnerabilities identified in the privoxy and sympa packages for multiple versions of Debian GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions and obtain sensitive information.

URL:www.debian.org/security/2015/dsa-3133
URL:www.debian.org/security/2015/dsa-3134
28. Security Updates in Mageia (MGASA-2015-0031, MGASA-2015-0032, MGASA-2015-0033)
[21/01/2015] Mageia has released security update packages for fixing the vulnerabilities identified in the otrs, moodle and elfutils packages for multiple versions of Mageia. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, perform cross-site scripting and cross-site request forgery attacks, cause a denial of service condition and crash the system.

URL:advisories.mageia.org/MGASA-2015-0031.html
URL:advisories.mageia.org/MGASA-2015-0032.html
URL:advisories.mageia.org/MGASA-2015-0033.html
29. Security Updates in SUSE (SUSE-SU-2015:0092-1)
[21/01/2015] SUSE has released security update packages for fixing the vulnerabilities identified in the libpng16 package of SUSE Linux Enterprise 12. Due to multiple errors, an attacker could bypass security restriction and execute arbitrary code.

URL:lists.opensuse.org/opensuse-security-announce/2015-01/msg00016.html
30. Security Updates in Red Hat Enterprise Linux (RHSA-2015:0062-1, RHSA-2015:0066-1, RHSA-2015:0067-1, RHSA-2015:0068-1)
[21/01/2015] Red Hat has released security update packages for fixing the vulnerabilities identified in the kernel, openssl and java-1.7.0-openjdk packages for Red Hat Enterprise Linux 5, 6, 7 and 6.5 Extended Update Support. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, perform man-in-the-middle attacks and compromise the system.

URL:rhn.redhat.com/errata/RHSA-2015-0062.html
URL:rhn.redhat.com/errata/RHSA-2015-0066.html
URL:rhn.redhat.com/errata/RHSA-2015-0067.html
URL:rhn.redhat.com/errata/RHSA-2015-0068.html
31. Vulnerability in IBM HTTP Server (1694143)
[20/01/2015] Vulnerability was identified in the IBM HTTP Server. An attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code and perform man-in-the-middle attacks. This vulnerability affects version 8.5 of the mentioned product. Security patches are available to resolve this vulnerability.

URL:www.ibm.com/support/docview.wss?uid=swg21694143
32. Vulnerabilities in Symantec Products (SYM15-001)
[20/01/2015] Vulnerabilities were identified in the Symantec Critical System Protection Server and Agents, and Symantec Data Center Security: Server Advanced Server and Agents. An attacker could bypass security restrictions, gain elevated privileges and execute arbitrary code. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.

URL:www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150119_00
33. Vulnerabilities in Moodle
[20/01/2015] Vulnerabilities were identified in the Moodle. An attacker could bypass security restrictions, execute arbitrary code, perform cross-site request forgery and code injection attacks, cause a denial of service condition and crash the system. These vulnerabilities affect versions prior to 2.8.2 of the mentioned product. Security patches are available to resolve these vulnerabilities.

URL:www.hkcert.org/my_url/en/alert/15012001
34. Security Updates in Debian (DSA-3131-1, DSA-3132-1)
[20/01/2015] Debian has released security update packages for fixing the vulnerabilities identified in the xdg-utils and icedove packages for multiple versions of Debian GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, execute arbitrary code, obtain sensitive information, cause a denial of service condition and crash the system.

URL:www.debian.org/security/2015/dsa-3131
URL:www.debian.org/security/2015/dsa-3132
35. Security Updates in Mageia (MGASA-2015-0027, MGASA-2015-0028, MGASA-2015-0029, MGASA-2015-0030)
[20/01/2015] Mageia has released security update packages for fixing the vulnerabilities identified in the binutils, iceape, coreutils and file packages for multiple versions of Mageia. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, perform cross-site request forgery and session fixation attacks, cause a denial of service condition and compromise the system.

URL:advisories.mageia.org/MGASA-2015-0027.html
URL:advisories.mageia.org/MGASA-2015-0028.html
URL:advisories.mageia.org/MGASA-2015-0029.html
URL:advisories.mageia.org/MGASA-2015-0030.html
36. Security Updates in SUSE (SUSE-SU-2015:0076-1, openSUSE-SU-2015:0077-1, openSUSE-SU-2015:0077-2)
[20/01/2015] SUSE has released security update packages for fixing the vulnerabilities identified in the MozillaFirefox package of SUSE Linux Enterprise 12, openSUSE 13.1 and 13.2. Due to multiple errors, an attacker could bypass security restriction, execute arbitrary code, perform spoofing and cross-site request forgery attack, gain elevated privilege and crash the application.

URL:lists.opensuse.org/opensuse-security-announce/2015-01/msg00013.html
URL:lists.opensuse.org/opensuse-security-announce/2015-01/msg00014.html
URL:lists.opensuse.org/opensuse-security-announce/2015-01/msg00015.html
37. Security Updates in Ubuntu GNU/Linux (USN-2460-1, USN-2477-1, USN-2478-1, USN-2479-1)
[20/01/2015] Ubuntu has released security update packages for fixing the vulnerabilities identified in the thunderbird, libevent, libssh and rpm packages for versions 10.04 LTS, 12.04 LTS, 14.04 LTS and 14.10 of Ubuntu GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, execute arbitrary code, perform cross-site request forgery and session-fixation attacks, cause a denial of service condition and crash the system.

URL:www.ubuntu.com/usn/usn-2460-1/
URL:www.ubuntu.com/usn/usn-2477-1/
URL:www.ubuntu.com/usn/usn-2478-1/
URL:www.ubuntu.com/usn/usn-2479-1/
38. Vulnerability in Novell Sentinel (5198710)
[19/01/2015] Vulnerability was identified in the Novell Sentinel. An attacker could bypass security restrictions and obtain sensitive information. This vulnerability affects multiple versions of the mentioned product. Security patches are available to resolve this vulnerability.

URL:download.novell.com/Download?buildid=SIHFofRnkY0~
39. Vulnerabilities in Ansible Tower (99924, 99925)
[19/01/2015] Vulnerabilities were identified in the Ansible Tower. An attacker could bypass security restrictions, execute arbitrary code and perform cross-site scripting attacks. These vulnerabilities affect versions prior to 2.0.5 of the mentioned product. Security patches are available to resolve these vulnerabilities.

URL:xforce.iss.net/xforce/xfdb/99924
URL:xforce.iss.net/xforce/xfdb/99925
40. Vulnerability in Alienvault OSSIM (99951)
[19/01/2015] Vulnerability was identified in the Alienvault Open Source SIEM (OSSIM). An attacker could bypass security restrictions, gain elevated privileges and compromise the system. This vulnerability affects versions prior to 4.15.0 of the mentioned product. Security patches are available to resolve this vulnerability.

URL:xforce.iss.net/xforce/xfdb/99951
41. Vulnerability in Ceragon FiberAir IP-10 Microwave Bridge (VU#936356)
[19/01/2015] Vulnerability was identified in the Ceragon FiberAir IP-10 Microwave Bridge. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges and compromise the system. This vulnerability affects firmware versions of the mentioned product.

URL:www.kb.cert.org/vuls/id/936356
42. Vulnerability in T-Mobile Internet Manager (99945)
[19/01/2015] Vulnerability was identified in the T-Mobile Internet Manager. An attacker could bypass security restrictions, execute arbitrary code, cause a denial of service condition and crash the application. This vulnerability affects version 8.01.2015 of the mentioned product.

URL:xforce.iss.net/xforce/xfdb/99945
43. Security Updates in Debian (DSA-3129-1, DSA-3130-1)
[19/01/2015] Debian has released security update packages for fixing the vulnerabilities identified in the rpm and lsyncd packages for multiple versions of Debian GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, execute arbitrary code, cause a denial of service condition and crash the system.

URL:www.debian.org/security/2015/dsa-3129
URL:www.debian.org/security/2015/dsa-3130
44. Security Updates in FreeBSD (FreeBSD-SA-15:01.openssl)
[19/01/2015] FreeBSD has released security update packages for fixing the vulnerabilities identified in the OpenSSL package for multiple versions of FreeBSD. An attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and crash the system.

URL:www.freebsd.org/security/advisories/FreeBSD-SA-15:01.openssl.asc
45. Security Updates in Mageia (MGASA-2015-0025, MGASA-2015-0026)
[19/01/2015] Mageia has released security update packages for fixing the vulnerabilities identified in the firefox, firefox-l10n, thunderbird, thunderbird-l10n, python-django14 and python-django packages for multiple versions of Mageia. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, perform spoofing and cross-site request forgery attack, cause a denial of service condition and crash the application.

URL:advisories.mageia.org/MGASA-2015-0025.html
URL:advisories.mageia.org/MGASA-2015-0026.html
46. Security Updates in Mandriva (MDVSA-2015:027)
[19/01/2015] Mandriva has released security update packages for fixing the vulnerabilities identified in the kernel package for version MBS1 of Mandriva GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, execute arbitrary code, cause a denial of service condition and crash the application.

URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2015%3A027/
47. Security Updates in Slackware (SSA:2015-016-01, SSA:2015-016-02, SSA:2015-016-03, SSA:2015-016-04)
[19/01/2015] Slackware has released security update packages for fixing the vulnerabilities identified in the mozilla-firefox, mozilla-thunderbird, seamonkey and freetype packages for multiple versions of Slackware Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, perform spoofing and cross-site request forgery attack, cause a denial of service condition and crash the application.

URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.356101
URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.359642
URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.490672
URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.508136
48. Security Updates in SUSE (SUSE-SU-2015:0068-1)
[19/01/2015] SUSE has released security update packages for fixing the vulnerabilities identified in the Linux Kernel package of SUSE Linux Enterprise 12. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the system.

URL:lists.opensuse.org/opensuse-security-announce/2015-01/msg00011.html
Source(s) of above information: