1. Vulnerabilities in Cisco
Products
[16/01/2015]
Vulnerabilities were identified in the Cisco
Identity Services Engine Software, Cisco Unified Communications Domain Manager
and Cisco WebEx Meeting Center. An attacker could bypass security restrictions,
obtain sensitive information, execute arbitrary code, perform cross-site
scripting and cross-site request forgery attacks, cause a denial of service
condition and crash the system. These vulnerabilities affect multiple firmware
versions of the mentioned products. Security patches are available to resolve
these
vulnerabilities.
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8022
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0588
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0590
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0591
2. Vulnerability in Novell Filr (5198451,
5198494)
[16/01/2015]
Vulnerability was identified in the Novell Filr.
An attacker could bypass security restrictions and execute arbitrary code. This
vulnerability affects versions 1.0.1 and 1.1 of the mentioned product. Security
patches are available to resolve this
vulnerability.
URL:download.novell.com/Download?buildid=spdw6sUZusM~
URL:download.novell.com/Download?buildid=vQz3fdik3fY~
3. Vulnerability in Ansible Tower
(99923)
[16/01/2015]
Vulnerability was identified in the Ansible
Tower. An attacker could bypass security restrictions and gain elevated
privileges on the system. This vulnerability affects versions prior to 2.0.5 of
the mentioned product. Security patches are available to resolve this
vulnerability.
URL:xforce.iss.net/xforce/xfdb/99923
4. Vulnerability in PHPKIT
(99904)
[16/01/2015]
Vulnerability was identified in the PHPKIT. An
attacker could bypass security restrictions, execute arbitrary code and perform
cross-site scripting attacks. This vulnerability affects version 1.6.6 Build
1660014 of the mentioned
product.
URL:xforce.iss.net/xforce/xfdb/99904
5. Vulnerability in TechSmith Camtasia Studio
(99892)
[16/01/2015]
Vulnerability was identified in the TechSmith
Camtasia Studio. An attacker could bypass security restrictions, execute
arbitrary code and perform cross-site scripting attacks. This vulnerability
affects multiple versions of the mentioned product. Security patches are
available to resolve this
vulnerability.
URL:xforce.iss.net/xforce/xfdb/99892
6. Vulnerability in b2evolution
(99891)
[16/01/2015]
Vulnerability was identified in the b2evolution.
An attacker could bypass security restrictions, execute arbitrary code and
perform cross-site scripting attacks. This vulnerability affects version 5.2.0
of the mentioned
product.
URL:xforce.iss.net/xforce/xfdb/99891
7. Vulnerability in Simple Security plugin for WordPress
(99931)
[16/01/2015]
Vulnerability was identified in the Simple
Security plugin for WordPress. An attacker could bypass security restrictions,
execute arbitrary code and perform cross-site scripting attacks. This
vulnerability affects version 1.1.5 of the mentioned
product.
URL:xforce.iss.net/xforce/xfdb/99931
8. Security Updates in Debian
(DSA-3128-1)
[16/01/2015] Debian has
released security update packages for fixing the vulnerabilities identified in
the linux package for multiple versions of Debian GNU/Linux. Due to multiple
errors, an attacker could bypass security restrictions, obtain sensitive
information, execute arbitrary code, cause a denial of service condition and
crash the
system.
URL:www.debian.org/security/2015/dsa-3128
9. Security Updates in Mandriva (MDVSA-2015:023,
MDVSA-2015:024, MDVSA-2015:025, MDVSA-2015:026)
[16/01/2015] Mandriva has released security update packages for fixing the
vulnerabilities identified in the libvirt, libsndfile, mpfr and untrf packages
for version MBS1 of Mandriva GNU/Linux. Due to multiple errors, an attacker
could bypass security restrictions, execute arbitrary code, cause a denial of
service condition and crash the
application.
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2015%3A023/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2015%3A024/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2015%3A025/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2015%3A026/
10.
Security Updates in SUSE
(SUSE-SU-2015:0052-1, openSUSE-SU-2015:0059-1, openSUSE-SU-2015:0061-1,
SUSE-SU-2015:0062-1)
[16/01/2015] SUSE has
released security update packages for fixing the vulnerabilities identified in
the flash-player package of SUSE Linux Enterprise 11 and 12, openSUSE 13.1 and
13.2, and openSUSE Evergreen 11.4. Due to multiple errors, an attacker could
bypass security restrictions, obtain sensitive information, gain elevated
privileges, execute arbitrary code and compromise the
system.
URL:lists.opensuse.org/opensuse-security-announce/2015-01/msg00007.html
URL:lists.opensuse.org/opensuse-security-announce/2015-01/msg00008.html
URL:lists.opensuse.org/opensuse-security-announce/2015-01/msg00009.html
URL:lists.opensuse.org/opensuse-security-announce/2015-01/msg00010.html
11.
Security Updates in Ubuntu GNU/Linux
(USN-2474-1, USN-2475-1)
[16/01/2015] Ubuntu has
released security update packages for fixing the vulnerabilities identified in
the curl and gtk+3.0 packages for versions 10.04 LTS, 12.04 LTS, 14.04 LTS and
14.10 of Ubuntu GNU/Linux. Due to multiple errors, an attacker could bypass
security restrictions, gain elevated privileges, execute arbitrary code and
perform code injection
attacks.
URL:www.ubuntu.com/usn/usn-2474-1/
URL:www.ubuntu.com/usn/usn-2475-1/
12.
Vulnerability in Cisco Adaptive Security
Appliance (ASA) Software
[15/01/2015] Vulnerability was identified in the Cisco Adaptive Security
Appliance (ASA) Software. An attacker could bypass security restrictions, cause
a denial of service condition and crash the system. This vulnerability affects
multiple firmware versions of the mentioned product. Security patches are
available to resolve this
vulnerability.
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0578
13.
Vulnerabilities in Juniper Products
(JSA10664, JSA10665, JSA10666, JSA10667, JSA10668, JSA10669,
JSA10670)
[15/01/2015]
Vulnerability was identified in the Juniper
Secure Analytics, Juniper Security Threat Response Manager and Junos OS. An
attacker could bypass security restrictions, obtain sensitive information, gain
elevated privileges, execute arbitrary code, perform cross-site request forgery
and session hijack attacks, cause a denial of service condition and crash the
system. These vulnerabilities affect multiple versions of the mentioned
products. Security patches are available to resolve these
vulnerabilities.
URL:kb.juniper.net/InfoCenter/index?page=content&id=JSA10664
URL:kb.juniper.net/InfoCenter/index?page=content&id=JSA10665
URL:kb.juniper.net/InfoCenter/index?page=content&id=JSA10666
URL:kb.juniper.net/InfoCenter/index?page=content&id=JSA10667
URL:kb.juniper.net/InfoCenter/index?page=content&id=JSA10668
URL:kb.juniper.net/InfoCenter/index?page=content&id=JSA10669
URL:kb.juniper.net/InfoCenter/index?page=content&id=JSA10670
14.
Vulnerability in F5 Products
(SOL15984)
[15/01/2015]
Vulnerability was identified in the F5 BIG-IP
LTM, BIG-IP AAM, BIG-IP AFM, BIG-IP Analytics, BIG-IP APM, BIG-IP ASM, BIG-IP
Edge Gateway, BIG-IP GTM, BIG-IP Link Controller, BIG-IP PEM, BIG-IP PSM, BIG-IP
WebAccelerator, BIG-IP WOM, ARX, Enterprise Manager, BIG-IQ Cloud, BIG-IQ Device
and BIG-IQ Security. An attacker could bypass security restrictions and obtain
sensitive information. This vulnerability affects multiple versions of the
mentioned products. Security patches are available to resolve this
vulnerability.
URL:support.f5.com/kb/en-us/solutions/public/15000/900/sol15984
15.
Security Updates in Oracle Solaris
(ELSA-2015-0046, ELSA-2015-0047)
[15/01/2015] Oracle has
released security update packages for fixing the vulnerabilities identified in
the firefox and thunderbird packages for Oracle Linux 5, 6 and 7. Due to
multiple errors, an attacker could bypass security restriction, execute
arbitrary code, obtain sensitive information, cause a denial of service
condition and crash the
application.
URL:linux.oracle.com/errata/ELSA-2015-0046.html
URL:linux.oracle.com/errata/ELSA-2015-0047.html
16.
Security Updates in Debian
(DSA-3127-1)
[15/01/2015] Debian has
released security update packages for fixing the vulnerabilities identified in
the iceweasel package for multiple versions of Debian GNU/Linux. Due to multiple
errors, an attacker could bypass security restrictions, obtain sensitive
information, execute arbitrary code, cause a denial of service condition and
crash the
system.
URL:www.debian.org/security/2015/dsa-3127
17.
Security Updates in Mageia
(MGASA-2015-0023, MGASA-2015-0024)
[15/01/2015] Mageia has
released security update packages for fixing the vulnerabilities identified in
the python-pip and flash-player-plugin packages for multiple versions of Mageia.
Due to multiple errors, an attacker could bypass security restrictions, obtain
sensitive information, execute arbitrary code, cause a denial of service
condition and crash the
system.
URL:advisories.mageia.org/MGASA-2015-0023.html
URL:advisories.mageia.org/MGASA-2015-0024.html
18.
Security Updates in SUSE
(SUSE-SU-2014:1695-2, SUSE-SU-2015:0045-1)
[15/01/2015] SUSE has
released security update packages for fixing the vulnerabilities identified in
the kernel and xorg-x11-server packages of SUSE Linux Enterprise 11. Due to
multiple errors, an attacker could bypass security restrictions, obtain
sensitive information, execute arbitrary code, cause a denial of service
condition and crash the
system.
URL:lists.opensuse.org/opensuse-security-announce/2015-01/msg00005.html
URL:lists.opensuse.org/opensuse-security-announce/2015-01/msg00006.html
19.
Security Updates in Red Hat Enterprise
Linux (RHSA-2015:0028-1, RHSA-2015:0052-1)
[15/01/2015] Red Hat
has released security update packages for fixing the vulnerabilities identified
in the cfme package for Red Hat CloudForms 3.1 and Adobe Flash Player package
for Red Hat Enterprise Linux 5 and 6 Supplementary. Due to multiple errors, an
attacker could bypass security restrictions, obtain sensitive information, gain
elevated privileges, execute arbitrary code, perform code injection attacks and
compromise the
system.
URL:rhn.redhat.com/errata/RHSA-2015-0028.html
URL:rhn.redhat.com/errata/RHSA-2015-0052.html
20.
Security Updates in Ubuntu GNU/Linux
(USN-2458-1, USN-2458-2, USN-2471-1, USN-2472-1,
USN-2473-1)
[15/01/2015] Ubuntu has
released security update packages for fixing the vulnerabilities identified in
the firefox, ubufox, gparted, unzip and coreutils packages for versions 10.04
LTS, 12.04 LTS, 14.04 LTS and 14.10 of Ubuntu GNU/Linux. Due to multiple errors,
an attacker could bypass security restrictions, obtain sensitive information,
gain elevated privileges, execute arbitrary code, perform cross-site request
forgery and session-fixation attacks, cause a denial of service condition and
compromise the
system.
URL:www.ubuntu.com/usn/usn-2458-1/
URL:www.ubuntu.com/usn/usn-2458-2/
URL:www.ubuntu.com/usn/usn-2471-1/
URL:www.ubuntu.com/usn/usn-2472-1/
URL:www.ubuntu.com/usn/usn-2473-1/
21.
Vulnerabilities in Microsoft Products
(3004365, 3014029, 3019215, 3020393, 3021674, 3022777, 3023266,
3025421)
[14/01/2015]
Vulnerabilities were identified in the Microsoft
Windows. An attacker could bypass security restrictions, gain elevated
privileges and execute arbitrary code. These vulnerabilities affect multiple
versions of the mentioned products. Security patches are available to resolve
these
vulnerabilities.
URL:technet.microsoft.com/library/security/ms15-jan
URL:technet.microsoft.com/library/security/MS15-001
URL:technet.microsoft.com/library/security/MS15-002
URL:technet.microsoft.com/library/security/MS15-003
URL:technet.microsoft.com/library/security/MS15-004
URL:technet.microsoft.com/library/security/MS15-005
URL:technet.microsoft.com/library/security/MS15-006
URL:technet.microsoft.com/library/security/MS15-007
URL:technet.microsoft.com/library/security/MS15-008
URL:www.hkcert.org/my_url/en/alert/15011401
URL:www.hkcert.org/my_url/en/alert/15011402
URL:www.hkcert.org/my_url/en/alert/15011403
URL:www.hkcert.org/my_url/en/alert/15011404
URL:www.hkcert.org/my_url/en/alert/15011405
URL:www.hkcert.org/my_url/en/alert/15011406
URL:www.hkcert.org/my_url/en/alert/15011407
URL:www.hkcert.org/my_url/en/alert/15011408
URL:www.us-cert.gov/ncas/current-activity/2015/01/13/Microsoft-Releases-January-2015-Security-Bulletin
URL:xforce.iss.net/xforce/xfdb/98973
URL:xforce.iss.net/xforce/xfdb/99513
URL:xforce.iss.net/xforce/xfdb/99517
URL:xforce.iss.net/xforce/xfdb/99521
URL:xforce.iss.net/xforce/xfdb/99527
22.
Information Updates on Microsoft Security
Bulletin (MS14-080)
[14/01/2015] Microsoft
has updated information on the Security Bulletin for the Microsoft Internet
Explorer. MS14-080 was rereleased to comprehensively address CVE-2014-6363. In
addition to installing update 3008923, customers running Internet Explorer 10 on
Windows 8, Windows Server 2012, or Window RT should also install update 3029449,
which has been added with this
rerelease.
URL:technet.microsoft.com/library/security/MS14-080
23.
Vulnerabilities in Adobe Products
(APSB15-01)
[14/01/2015] Vulnerabilities were identified in the Adobe Flash Player and
Adobe AIR. An attacker could execute arbitrary code and obtain sensitive
information. These vulnerabilities affect multiple versions of the mentioned
products. Security patches are available to resolve these
vulnerabilities.
URL:helpx.adobe.com/security/products/flash-player/apsb15-01.html
URL:technet.microsoft.com/en-us/library/security/2755801
URL:www.hkcert.org/my_url/en/alert/15011409
URL:www.us-cert.gov/ncas/current-activity/2015/01/13/Adobe-Releases-Security-Updates-Flash-Player
24.
Vulnerabilities in Mozilla Products (MFSA
2015-01, MFSA 2015-02, MFSA 2015-03, MFSA 2015-04, MFSA 2015-05, MFSA 2015-06,
MFSA 2015-07, MFSA 2015-08, MFSA 2015-09)
[14/01/2015] Vulnerabilities were identified in Mozilla Firefox, Firefox
ESR, SeaMonkey, Thunderbird. An attacker could bypass security restriction,
execute arbitrary code, perform spoofing and cross-site request forgery attack,
gain elevated privilege and crash the application. These vulnerabilities affect
multiple versions of the mentioned products. Security patches are available to
resolve these
vulnerabilities.
URL:www.mozilla.org/zh-TW/security/advisories/mfsa2015-01/
URL:www.mozilla.org/zh-TW/security/advisories/mfsa2015-02/
URL:www.mozilla.org/zh-TW/security/advisories/mfsa2015-03/
URL:www.mozilla.org/zh-TW/security/advisories/mfsa2015-04/
URL:www.mozilla.org/zh-TW/security/advisories/mfsa2015-05/
URL:www.mozilla.org/zh-TW/security/advisories/mfsa2015-06/
URL:www.mozilla.org/zh-TW/security/advisories/mfsa2015-07/
URL:www.mozilla.org/zh-TW/security/advisories/mfsa2015-08/
URL:www.mozilla.org/zh-TW/security/advisories/mfsa2015-09/
25.
Vulnerabilities in Cisco
Products
[14/01/2015]
Vulnerabilities were identified in the Cisco
AnyConnect Secure Mobility Client, Cisco Email Security Appliance (ESA), Cisco
Content Security Management Appliance (SMA) and Cisco TelePresence Video
Communication Server (VCS). An attacker could bypass security restrictions,
execute arbitrary code, perform cross-site scripting attacks, cause a denial of
service condition and crash the system. These vulnerabilities affects multiple
firmware versions of the mentioned products. Security patches are available to
resolve these
vulnerabilities.
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3314
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0577
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0579
26.
Vulnerability in Novell Identity Manager
(5197970)
[14/01/2015]
Vulnerability was identified in the Novell
Identity Manager. An attacker could bypass security restrictions and obtain
sensitive information. This vulnerability affects multiple versions of the
mentioned product. Security patches are available to resolve this
vulnerability.
URL:download.novell.com/Download?buildid=SlL2oPhB-LU~
27.
Vulnerability in Panasonic Arbitrator
Back-End Server (VU#117604)
[14/01/2015] Vulnerability was identified in the Panasonic Arbitrator
Back-End Server (BES). An attacker could bypass security restrictions and obtain
sensitive information. This vulnerability affects multiple versions of the
mentioned product. Security patches are available to resolve this
vulnerability.
URL:www.kb.cert.org/vuls/id/117604
28.
Security Updates in Red Hat Enterprise
Linux (RHSA-2015:0042-1, RHSA-2015:0043-1, RHSA-2015:0044-1, RHSA-2015:0046-1,
RHSA-2015:0047-1)
[14/01/2015] Red Hat
has released security update packages for fixing the vulnerabilities identified
in the cloud-init package for Red Hat Common for Red Hat Enterprise Linux 6,
kernel package for Red Hat Enterprise Linux 6.4 Extended Update Support,
openstack-neutron package for Red Hat Enterprise Linux OpenStack Platform 4.0,
firefox and thunderbird packages for Red Hat Enterprise Linux 5, 6 and 7. Due to
multiple errors, an attacker could bypass security restrictions, obtain
sensitive information, gain elevated privileges, execute arbitrary code, cause a
denial of service condition and compromise the
system.
URL:rhn.redhat.com/errata/RHSA-2015-0042.html
URL:rhn.redhat.com/errata/RHSA-2015-0043.html
URL:rhn.redhat.com/errata/RHSA-2015-0044.html
URL:rhn.redhat.com/errata/RHSA-2015-0046.html
URL:rhn.redhat.com/errata/RHSA-2015-0047.html
29.
Security Updates in Ubuntu GNU/Linux
(USN-2462-1, USN-2463-1, USN-2464-1, USN-2465-1, USN-2466-1, USN-2467-1,
USN-2468-1, USN-2469-1, USN-2470-1)
[14/01/2015] Ubuntu has
released security update packages for fixing the vulnerabilities identified in
the linux, linux-ti-omap4, linux-lts-trusty, linux-lts-utopic, python-django and
git packages for versions 10.04 LTS, 12.04 LTS, 14.04 LTS and 14.10 of Ubuntu
GNU/Linux. Due to multiple errors, an attacker could bypass security
restrictions, obtain sensitive information, gain elevated privileges, execute
arbitrary code, cause a denial of service condition and compromise the
system.
URL:www.ubuntu.com/usn/usn-2462-1/
URL:www.ubuntu.com/usn/usn-2463-1/
URL:www.ubuntu.com/usn/usn-2464-1/
URL:www.ubuntu.com/usn/usn-2465-1/
URL:www.ubuntu.com/usn/usn-2466-1/
URL:www.ubuntu.com/usn/usn-2467-1/
URL:www.ubuntu.com/usn/usn-2468-1/
URL:www.ubuntu.com/usn/usn-2469-1/
URL:www.ubuntu.com/usn/usn-2470-1/
30.
Vulnerability in Cisco WebEx Meeting
Center
[13/01/2015]
Vulnerability was identified in the Cisco WebEx
Meeting Center. An attacker could bypass security restrictions and obtain
sensitive information. This vulnerability affects multiple versions of the
mentioned product. Security patches are available to resolve this
vulnerability.
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0583
31.
Vulnerability in F5 Products
(SOL15983)
[13/01/2015]
Vulnerability was identified in the F5 BIG-IP
LTM, BIG-IP AAM, BIG-IP AFM, BIG-IP Analytics, BIG-IP APM, BIG-IP ASM, BIG-IP
Edge Gateway, BIG-IP GTM, BIG-IP Link Controller, BIG-IP PEM, BIG-IP PSM, BIG-IP
WebAccelerator, BIG-IP WOM, ARX, Enterprise Manager, BIG-IQ Cloud, BIG-IQ Device
and BIG-IQ Security. An attacker could bypass security restrictions and obtain
sensitive information. This vulnerability affects multiple versions of the
mentioned products. Security patches are available to resolve this
vulnerability.
URL:support.f5.com/kb/en-us/solutions/public/15000/900/sol15983.html
32.
Security Updates in Oracle
Solaris
[13/01/2015]
Oracle has released security update packages for
fixing the vulnerabilities identified in the NTP V3 and NTP V4 packages for
Oracle Solaris 10, 11.1 and 11.2. Due to multiple errors, an attacker could
bypass security restrictions, obtain sensitive information, execute arbitrary
code, cause a denial of service condition and crash the
system.
URL:blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_ntp
33.
Security Updates in Debian
(DSA-3126-1)
[13/01/2015] Debian has
released security update packages for fixing the vulnerability identified in the
php5 package for multiple versions of Debian GNU/Linux. An attacker could bypass
security restrictions and obtain sensitive
information.
URL:www.debian.org/security/2015/dsa-3126
34.
Security Updates in Mandriva
(MDVSA-2015:020, MDVSA-2015:021, MDVSA-2015:022)
[13/01/2015] Mandriva has released security update packages for fixing the
vulnerabilities identified in the libssh, curl and wireshark packages for
version MBS1 of Mandriva GNU/Linux. Due to multiple errors, an attacker could
bypass security restrictions, execute arbitrary code, cause a denial of service
condition and crash the
application.
URL:www.mandriva.com/en/support/security/advisories/mbs1/MDVSA-2015%3A020/
URL:www.mandriva.com/en/support/security/advisories/mbs1/MDVSA-2015%3A021/
URL:www.mandriva.com/en/support/security/advisories/mbs1/MDVSA-2015%3A022/
35.
Security Updates in Red Hat Enterprise
Linux (RHSA-2015:0033-1, RHSA-2015:0034-1, RHSA-2015:0035-1,
RHSA-2015:0036-1)
[13/01/2015] Red Hat
has released security update packages for fixing the vulnerabilities identified
in the Red Hat Satellite 5, Red Hat JBoss Data Virtualization 6.0.0, condor
package for Red Hat Enterprise MRG 2.5 for Red Hat Enterprise Linux 5 and 6. Due
to multiple errors, an attacker could bypass security restrictions, obtain
sensitive information, gain elevated privileges, execute arbitrary code, perform
code injection attacks, cause a denial of service condition and crash the
application.
URL:rhn.redhat.com/errata/RHSA-2015-0033.html
URL:rhn.redhat.com/errata/RHSA-2015-0034.html
URL:rhn.redhat.com/errata/RHSA-2015-0035.html
URL:rhn.redhat.com/errata/RHSA-2015-0036.html
36.
Security Updates in Ubuntu GNU/Linux
(USN-2459-1, USN-2461-1, USN-2461-2, USN-2461-3)
[13/01/2015] Ubuntu has released security update packages for fixing the
vulnerabilities identified in the openssl, libyaml, libyaml-libyaml-perl and
pyyaml packages for versions 10.04 LTS, 12.04 LTS, 14.04 LTS and 14.10 of Ubuntu
GNU/Linux. Due to multiple errors, an attacker could bypass security
restrictions, execute arbitrary code, cause a denial of service condition and
crash the
system.
URL:www.ubuntu.com/usn/usn-2459-1/
URL:www.ubuntu.com/usn/usn-2461-1/
URL:www.ubuntu.com/usn/usn-2461-2/
URL:www.ubuntu.com/usn/usn-2461-3/
37.
Vulnerabilities in Cisco
Products
[12/01/2015]
Vulnerabilities were identified in the Cisco
Unified Communications Domain Manager Platform, Cisco WebEx Meetings Server and
Cisco MDS 9000 NX-OS Software. An attacker could bypass security restrictions,
gain elevated privileges, execute arbitrary code, cause a denial of service
condition and crash the system. These vulnerabilities affect multiple versions
of the mentioned products. Security patches are available to resolve these
vulnerabilities.
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8020
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8034
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8035
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8036
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0582
38.
Security Updates in Debian (DSA-3123-1,
DSA-3124-1, DSA-3125-1)
[12/01/2015] Debian has
released security update packages for fixing the vulnerabilities identified in
the binutils, otrs2 and openssl packages for multiple versions of Debian
GNU/Linux. Due to multiple errors, an attacker could bypass security
restrictions, obtain sensitive information, gain elevated privileges, execute
arbitrary code, cause a denial of service condition and crash the
application.
URL:www.debian.org/security/2015/dsa-3123
URL:www.debian.org/security/2015/dsa-3124
URL:www.debian.org/security/2015/dsa-3125
39.
Security Updates in Mageia
(MGASA-2015-0016, MGASA-2015-0017, MGASA-2015-0018, MGASA-2015-0019,
MGASA-2015-0020, MGASA-2015-0021, MGASA-2015-0022)
[12/01/2015] Mageia has released security update packages for fixing the
vulnerabilities identified in the unrtf, glpi, gcab, wireshark, curl, mpfr and
openssl packages for multiple versions of Mageia. Due to multiple errors, an
attacker could bypass security restrictions, obtain sensitive information,
execute arbitrary code, cause a denial of service condition and crash the
system.
URL:advisories.mageia.org/MGASA-2015-0016.html
URL:advisories.mageia.org/MGASA-2015-0017.html
URL:advisories.mageia.org/MGASA-2015-0018.html
URL:advisories.mageia.org/MGASA-2015-0019.html
URL:advisories.mageia.org/MGASA-2015-0020.html
URL:advisories.mageia.org/MGASA-2015-0021.html
URL:advisories.mageia.org/MGASA-2015-0022.html
40.
Security Updates in Mandriva
(MDVSA-2015:019)
[12/01/2015] Mandriva
has released security update packages for fixing the vulnerabilities identified
in the openssl package for version MBS1 of Mandriva GNU/Linux. Due to multiple
errors, an attacker could bypass security restrictions, obtain sensitive
information, cause a denial of service condition and crash the
application.
URL:www.mandriva.com/en/support/security/advisories/mbs1/MDVSA-2015%3A019/
41.
Security Updates in SUSE
(SUSE-SU-2015:0022-1)
[12/01/2015] SUSE has
released security update packages for fixing the vulnerabilities identified in
the xen package of SUSE Linux Enterprise 12. Due to multiple errors, an attacker
could bypass security restrictions, obtain sensitive information, cause a denial
of service condition and crash the
application.
URL:lists.opensuse.org/opensuse-security-announce/2015-01/msg00003.html
42.
Security Updates in Slackware
(SSA:2015-009-01)
[12/01/2015] Slackware
has released security update packages for fixing the vulnerabilities identified
in the openssl package for multiple versions of Slackware Linux. Due to multiple
errors, an attacker could bypass security restrictions, obtain sensitive
information, execute arbitrary code, cause a denial of service condition and
crash the
application.
URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.782231
Source(s)
of above information:
No comments:
Post a Comment