1. Vulnerabilities in Cisco Products
[09/01/2015] Vulnerabilities were identified in the Cisco Secure Access
Control System (ACS) and Cisco WebEx Meetings Server. An attacker could bypass
security restrictions, obtain sensitive information, gain elevated privileges,
execute arbitrary code and perform cross-site scripting attacks. These
vulnerabilities affect multiple versions of the mentioned products. Security
patches are available to resolve these
vulnerabilities.
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8027
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8028
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8029
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8030
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8031
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8032
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8033
2. Vulnerabilities in OpenSSL
[09/01/2015] Vulnerabilities were identified in the OpenSSL. An attacker
could bypass security restrictions, obtain sensitive information, execute
arbitrary code, cause a denial of service condition and crash the system. These
vulnerabilities affect multiple versions of the mentioned products. Security
patches are available to resolve these
vulnerabilities.
URL:www.openssl.org/news/secadv_20150108.txt
URL:www.us-cert.gov/ncas/current-activity/2015/01/08/OpenSSL-Patches-Eight-Vulnerabilities
URL:xforce.iss.net/xforce/xfdb/99703
URL:xforce.iss.net/xforce/xfdb/99704
URL:xforce.iss.net/xforce/xfdb/99705
URL:xforce.iss.net/xforce/xfdb/99706
URL:xforce.iss.net/xforce/xfdb/99707
URL:xforce.iss.net/xforce/xfdb/99708
3. Security Updates in Oracle
Solaris
[09/01/2015]
Oracle has released security update packages for
fixing the vulnerabilities identified in the NTP V3 and NTP V4 packages for
Oracle Solaris 10, 11.1 and 11.2. Due to multiple errors, an attacker could
bypass security restrictions, obtain sensitive information, execute arbitrary
code, cause a denial of service condition and crash the
system.
URL:blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_ntp
4. Security Updates in Debian (DSA-3121-1,
DSA-3122-1)
[09/01/2015] Debian has
released security update packages for fixing the vulnerabilities identified in
the file and curl packages for multiple versions of Debian GNU/Linux. Due to
multiple errors, an attacker could bypass security restrictions, execute
arbitrary code, cause a denial of service condition and crash the
application.
URL:www.debian.org/security/2015/dsa-3121
URL:www.debian.org/security/2015/dsa-3122
5. Security Updates in Mageia (MGASA-2015-0013,
MGASA-2015-0014, MGASA-2015-0015)
[09/01/2015] Mageia has
released security update packages for fixing the vulnerabilities identified in
the glibc, libssh and libsndfile packages for multiple versions of Mageia. Due
to multiple errors, an attacker could bypass security restrictions, execute
arbitrary code, cause a denial of service condition and crash the
system.
URL:advisories.mageia.org/MGASA-2015-0013.html
URL:advisories.mageia.org/MGASA-2015-0014.html
URL:advisories.mageia.org/MGASA-2015-0015.html
6. Security Updates in Mandriva (MDVSA-2015:006,
MDVSA-2015:007, MDVSA-2015:008, MDVSA-2015:009, MDVSA-2015:010, MDVSA-2015:011,
MDVSA-2015:012, MDVSA-2015:013, MDVSA-2015:014, MDVSA-2015:015, MDVSA-2015:016,
MDVSA-2015:017, MDVSA-2015:018)
[09/01/2015] Mandriva
has released security update packages for fixing the vulnerabilities identified
in the mediawiki, unrtf, pwgen, krbs, file, nail, jasper, znc, libjpeg, sox,
unzip, libevent and asterisk packages for version MBS1 of Mandriva GNU/Linux.
Due to multiple errors, an attacker could bypass security restrictions, execute
arbitrary code, perform cross-site scripting attacks, cause a denial of service
condition and crash the
system.
URL:www.mandriva.com/en/support/security/advisories/mbs1/MDVSA-2015%3A006/
URL:www.mandriva.com/en/support/security/advisories/mbs1/MDVSA-2015%3A007/
URL:www.mandriva.com/en/support/security/advisories/mbs1/MDVSA-2015%3A008/
URL:www.mandriva.com/en/support/security/advisories/mbs1/MDVSA-2015%3A009/
URL:www.mandriva.com/en/support/security/advisories/mbs1/MDVSA-2015%3A010/
URL:www.mandriva.com/en/support/security/advisories/mbs1/MDVSA-2015%3A011/
URL:www.mandriva.com/en/support/security/advisories/mbs1/MDVSA-2015%3A012/
URL:www.mandriva.com/en/support/security/advisories/mbs1/MDVSA-2015%3A013/
URL:www.mandriva.com/en/support/security/advisories/mbs1/MDVSA-2015%3A014/
URL:www.mandriva.com/en/support/security/advisories/mbs1/MDVSA-2015%3A015/
URL:www.mandriva.com/en/support/security/advisories/mbs1/MDVSA-2015%3A016/
URL:www.mandriva.com/en/support/security/advisories/mbs1/MDVSA-2015%3A017/
URL:www.mandriva.com/en/support/security/advisories/mbs1/MDVSA-2015%3A018/
7. Vulnerabilities in
NetBSD (SA2015-001, SA2015-002)
[09/01/2015] NetBSD has
released security update packages for fixing the vulnerabilities identified in
the X Window System servers and bind packages for multiple versions of NetBSD
GNU/Linux. Due to multiple errors, an attacker could bypass security
restrictions, execute arbitrary code, cause a denial of service condition and
crash the
system.
URL:ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2015-001.txt.asc
URL:ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2015-002.txt.asc
8. Security Updates in Red Hat Enterprise Linux
(RHSA-2015:0020-1, RHSA-2015:0021-1)
[09/01/2015] Red Hat
has released security update packages for fixing the vulnerabilities identified
in the python-keystoneclient package for Red Hat Enterprise Linux OpenStack
Platform 4.0, and php package Red Hat Enterprise Linux 6.5 Extended Update
Support. Due to multiple errors, an attacker could bypass security restrictions,
obtain sensitive information, execute arbitrary code, gain elevated privileges,
cause a denial of service condition and crash the
application.
URL:rhn.redhat.com/errata/RHSA-2015-0020.html
URL:rhn.redhat.com/errata/RHSA-2015-0021.html
9. Security Updates in Ubuntu GNU/Linux
(USN-2456-1)
[09/01/2015] Ubuntu has
released security update packages for fixing the vulnerabilities identified in
the cpio package for versions 10.04 LTS, 12.04 LTS, 14.04 LTS and 14.10 of
Ubuntu GNU/Linux. Due to multiple errors, an attacker could bypass security
restrictions, execute arbitrary code, cause a denial of service condition and
crash the
system.
URL:www.ubuntu.com/usn/usn-2455-1/
10. Vulnerability in F5 ARX
(SOL15956)
[08/01/2015]
Vulnerability was identified in the F5 ARX. An
attacker could bypass security restrictions and obtain sensitive information.
This vulnerability affects versions 6.0.0 - 6.4.0 of the mentioned product.
Security patches are available to resolve this
vulnerability.
URL:support.f5.com/kb/en-us/solutions/public/15000/900/sol15956.html
11.
Vulnerabilities in ManageEngine Products
(99595, 99610, 99611)
[08/01/2015] Vulnerabilities were identified in multiple ManageEngine
Products. An attacker could bypass security restrictions, execute arbitrary
code, gain elevated privileges and compromise the system. These vulnerabilities
affect multiple versions of the mentioned products. Security patches are
available to resolve these vulnerabilities except those in ManageEngine Desktop
Central.
URL:xforce.iss.net/xforce/xfdb/99595
URL:xforce.iss.net/xforce/xfdb/99610
URL:xforce.iss.net/xforce/xfdb/99611
12.
Vulnerabilities in EMC Documentum Web
Development Kit (99632, 99633, 99634)
[08/01/2015] Vulnerabilities were identified in the EMC Documentum Web
Development Kit (WDK) and WDK-based clients. An attacker could bypass security
restrictions, execute arbitrary code, perform code injection and cross-site
scripting attacks. These vulnerabilities affect version 6.7 of the mentioned
product. Security patches are available to resolve these
vulnerabilities.
URL:xforce.iss.net/xforce/xfdb/99632
URL:xforce.iss.net/xforce/xfdb/99633
URL:xforce.iss.net/xforce/xfdb/99634
13.
Vulnerabilities in Linux Kernel (99640,
99641)
[08/01/2015]
Vulnerabilities were identified in the Linux
Kernel. An attacker could bypass security restrictions, obtain sensitive
information, cause a denial of service condition and crash the system. These
vulnerabilities affect multiple versions of the mentioned product. Security
patches are available to resolve these
vulnerabilities.
URL:xforce.iss.net/xforce/xfdb/99640
URL:xforce.iss.net/xforce/xfdb/99641
14.
Vulnerability in RabbitMQ
(99685)
[08/01/2015]
Vulnerability was identified in the RabbitMQ. An
attacker could bypass security restrictions and gain elevated privileges. This
vulnerability affects versions prior to 3.4.0 of the mentioned product. Security
patches are available to resolve this
vulnerability.
URL:xforce.iss.net/xforce/xfdb/99685
15.
Security Updates in Oracle Linux
(ELSA-2015-0016)
[08/01/2015] Oracle has
released security update packages for fixing the vulnerabilities identified in
the glibc package for Oracle Linux 6. An attacker could bypass security
restrictions, execute arbitrary code, cause a denial of service condition and
crash the
application.
URL:linux.oracle.com/errata/ELSA-2015-0016.html
16.
Security Updates in Debian
(DSA-3120-1)
[08/01/2015] Debian has
released security update packages for fixing the vulnerabilities identified in
the mantis package for multiple versions of Debian GNU/Linux. Due to multiple
errors, an attacker could bypass security restrictions, obtain sensitive
information, execute arbitrary code, perform code injection and cross-site
scripting
attacks.
URL:www.debian.org/security/2015/dsa-3120
17.
Security Updates in Mageia
(MGASA-2015-0005, MGASA-2015-0006, MGASA-2015-0007, MGASA-2015-0008,
MGASA-2015-0009, MGASA-2015-0010, MGASA-2015-0011,
MGASA-2015-0012)
[08/01/2015] Mageia has
released security update packages for fixing the vulnerabilities identified in
the kmod-nvidia-current, nvidia-current, kmod-nvidia304, nvidia304, kernel,
kernel-userspace-headers, kmod-vboxadditions, kmod-virtualbox,
kmod-xtables-addons, kmod-broadcom-wl, kmod-fglrx, kmod-nvidia173, webmin,
libpng, libevent, asterisk, apache and ettercap packages for multiple versions
of Mageia. Due to multiple errors, an attacker could bypass security
restrictions, obtain sensitive information, gain elevated privileges, execute
arbitrary code, perform code injection attacks, cause a denial of service
condition and compromise the
system.
URL:advisories.mageia.org/MGASA-2015-0005.html
URL:advisories.mageia.org/MGASA-2015-0006.html
URL:advisories.mageia.org/MGASA-2015-0007.html
URL:advisories.mageia.org/MGASA-2015-0008.html
URL:advisories.mageia.org/MGASA-2015-0009.html
URL:advisories.mageia.org/MGASA-2015-0010.html
URL:advisories.mageia.org/MGASA-2015-0011.html
URL:advisories.mageia.org/MGASA-2015-0012.html
18.
Security Updates in Red Hat Enterprise
Linux (RHSA-2015:0009-1)
[08/01/2015] Red Hat
has released security update packages for fixing the vulnerabilities identified
in the glibc package for Red Hat Enterprise Linux 6. Due to multiple errors, an
attacker could bypass security restrictions, obtain sensitive information,
execute arbitrary code, gain elevated privileges, cause a denial of service
condition and crash the
application.
URL:rhn.redhat.com/errata/RHSA-2015-0016.html
19.
Security Updates in Ubuntu GNU/Linux
(USN-2452-1, USN-2453-1, USN-2454-1, USN-2455-1)
[08/01/2015] Ubuntu has released security update packages for fixing the
vulnerability identified in the nss, mime-support, exiv2 and bsd-mailx packages
for versions 10.04 LTS, 12.04 LTS, 14.04 LTS and 14.10 of Ubuntu GNU/Linux. Due
to multiple errors, an attacker could bypass security restrictions, obtain
sensitive information, execute arbitrary code, cause a denial of service
condition and crash the
system.
URL:www.ubuntu.com/usn/usn-2452-1/
URL:www.ubuntu.com/usn/usn-2453-1/
URL:www.ubuntu.com/usn/usn-2454-1/
URL:www.ubuntu.com/usn/usn-2455-1/
20.
Vulnerability in Intel BIOS
(VU#766164)
[07/01/2015] Vulnerability was identified in the Intel BIOS. An attacker
could bypass security restrictions, execute arbitrary code, cause a denial of
service condition and crash the system. This vulnerability affects multiple
firmware versions of the mentioned
product.
URL:www.kb.cert.org/vuls/id/766164
21. Vulnerabilities in Novell Products (5196292, 5196310,
5196311, 5196312, 5196313, 5196930, 5197750)
[07/01/2015] Vulnerabilities were identified in the Novell eDirectory,
NetIQ eDirectory and iManager. An attacker could bypass security restrictions,
obtain sensitive information, execute arbitrary code, cause a denial of service
condition and crash the system. These vulnerabilities affect multiple versions
of the mentioned product. Security patches are available to resolve these
vulnerabilities.
URL:download.novell.com/Download?buildid=0SZvTchDuAA~
URL:download.novell.com/Download?buildid=3dJODsdcDKE~
URL:download.novell.com/Download?buildid=anuuh6CDWX8~
URL:download.novell.com/Download?buildid=Mh8CRo1Ljh8~
URL:download.novell.com/Download?buildid=nlOmW2y333Q~
URL:download.novell.com/Download?buildid=q4S96klvwhE~
URL:download.novell.com/Download?buildid=STisn28FRWs~
22.
Vulnerability in Liferay Portal
(99574)
[07/01/2015]
Vulnerability was identified in the Liferay
Portal. An attacker could bypass security restrictions and execute arbitrary
code. This vulnerability affects versions prior to 7.0.3 of the mentioned
product. Security patches are available to resolve this
vulnerability.
URL:xforce.iss.net/xforce/xfdb/99574
23.
Vulnerability in Linux Kernel
(99591)
[07/01/2015]
Vulnerability was identified in the Linux
Kernel. An attacker could bypass security restrictions, cause a denial of
service condition and crash the system. This vulnerability affects multiple
versions of the mentioned product. Security patches are available to resolve
this
vulnerability.
URL:xforce.iss.net/xforce/xfdb/99591
24.
Vulnerability in PHP
(99590)
[07/01/2015]
Vulnerability was identified in the PHP. An
attacker could bypass security restrictions, cause a denial of service condition
and crash the system. This vulnerability affects multiple versions of the
mentioned product. Security patches are available to resolve this
vulnerability.
URL:xforce.iss.net/xforce/xfdb/99590
25.
Security Updates in Debian
(DSA-3119-1)
[07/01/2015] Debian has
released security update packages for fixing the vulnerability identified in the
libevent package for multiple versions of Debian GNU/Linux. An attacker could
bypass security restrictions, cause a denial of service condition and crash the
application.
URL:www.debian.org/security/2015/dsa-3119
26.
Security Updates in SUSE
(SUSE-SU-2015:0012-1)
[07/01/2015] SUSE has
released security update packages for fixing the vulnerability identified in the
mutt package of SUSE Linux Enterprise 12. An attacker could bypass security
restrictions, cause a denial of service condition and crash the
application.
URL:lists.opensuse.org/opensuse-security-announce/2015-01/msg00002.html
27.
Security Updates in Red Hat Enterprise
Linux (RHSA-2015:0009-1)
[07/01/2015] Red Hat
has released security update packages for fixing the vulnerability identified in
the kernel package for Red Hat Enterprise Linux 4 Extended Life Cycle Support.
An attacker could bypass security restrictions and gain elevated
privileges.
URL:rhn.redhat.com/errata/RHSA-2015-0009.html
28.
Security Updates in Ubuntu GNU/Linux
(USN-2451-1)
[07/01/2015] Ubuntu has
released security update packages for fixing the vulnerability identified in the
cgmanager packages for versions 14.04 LTS and 14.10 of Ubuntu GNU/Linux. An
attacker could bypass security restrictions and gain elevated
privileges.
URL:www.ubuntu.com/usn/usn-2451-1/
29.
Vulnerability in Microsoft
Windows
[06/01/2015]
Vulnerability was identified in the Microsoft
Windows. An attacker could bypass security restrictions, execute arbitrary code
and gain elevated privileges. This vulnerability affects version 8.1 of the
mentioned
product.
URL:www.hkcert.org/my_url/en/alert/15010501
30.
Vulnerabilities in Juniper Products
(JSA10663)
[06/01/2015]
Vulnerabilities were identified in the Juniper
Junos OS, NSM Series devices, NSMXpress and NSM server software. An attacker
could bypass security restrictions, execute arbitrary code, gain elevated
privileges, cause a denial of service condition and crash the system. These
vulnerabilities affects multiple versions of the mentioned
products.
URL:kb.juniper.net/InfoCenter/index?page=content&id=JSA10663
31.
Vulnerability in F5 BIG-IP ASM
(SOL15939)
[06/01/2015]
Vulnerability was identified in the BIG-IP ASM.
An attacker could bypass security restrictions, execute arbitrary code and
perform code injection attacks. This vulnerability affects versions 10.2.0 -
10.2.4 and 11.0.0 - 11.6.0 of the mentioned product. Security patches are
available to resolve this
vulnerability.
URL:support.f5.com/kb/en-us/solutions/public/15000/900/sol15939
32.
Security Updates in Oracle Linux
(ELSA-2015-0008)
[06/01/2015] Oracle has
released security update packages for fixing the vulnerability identified in the
libvirt packages for Oracle Linux 7. An attacker could bypass security
restrictions and obtain sensitive
information.
URL:linux.oracle.com/errata/ELSA-2015-0008.html
33.
Security Updates in Debian
(DSA-3118-1)
[06/01/2015] Debian has
released security update packages for fixing the vulnerability identified in the
strongswan packages for multiple versions of Debian GNU/Linux. An attacker could
bypass security restrictions, cause a denial of service condition and crash the
application.
URL:www.debian.org/security/2015/dsa-3118
34.
Security Updates in Mageia
(MGASA-2015-0001, MGASA-2015-0002, MGASA-2015-0003,
MGASA-2015-0004)
[06/01/2015] Mageia has
released security update packages for fixing the vulnerabilities identified in
the openvas-manager, openvas-libraries, libvirt, privoxy and python-yaml
packages for multiple versions of Mageia. Due to multiple errors, an attacker
could bypass security restrictions, obtain sensitive information, execute
arbitrary code, perform code injection attacks, cause a denial of service
condition and crash the
system.
URL:advisories.mageia.org/MGASA-2015-0001.html
URL:advisories.mageia.org/MGASA-2015-0002.html
URL:advisories.mageia.org/MGASA-2015-0003.html
URL:advisories.mageia.org/MGASA-2015-0004.html
35.
Security Updates in Mandriva
(MDVSA-2015:001, MDVSA-2015:002, MDVSA-2015:003, MDVSA-2015:004,
MDVSA-2015:005)
[06/01/2015] Mandriva
has released security update packages for fixing the vulnerabilities identified
in the c-icap, pcre, ntp, php and subversion packages for version MBS1 of
Mandriva GNU/Linux. Due to multiple errors, an attacker could bypass security
restrictions, obtain sensitive information, gain elevated privileges, execute
arbitrary code, cause a denial of service condition and crash the
system.
URL:www.mandriva.com/en/support/security/advisories/mbs1/MDVSA-2015%3A001/
URL:www.mandriva.com/en/support/security/advisories/mbs1/MDVSA-2015%3A002/
URL:www.mandriva.com/en/support/security/advisories/mbs1/MDVSA-2015%3A003/
URL:www.mandriva.com/en/support/security/advisories/mbs1/MDVSA-2015%3A004/
URL:www.mandriva.com/en/support/security/advisories/mbs1/MDVSA-2015%3A005/
36.
Security Updates in SUSE
(SUSE-SU-2015:0010-1, SUSE-SU-2015:0011-1)
[06/01/2015] SUSE has
released security update packages for fixing the vulnerabilities identified in
the suseRegister and bind packages of SUSE Linux Enterprise 11. Due to multiple
errors, an attacker could bypass security restrictions, obtain sensitive
information, execute arbitrary code, cause a denial of service condition and
crash the
application.
URL:lists.opensuse.org/opensuse-security-announce/2015-01/msg00000.html
URL:lists.opensuse.org/opensuse-security-announce/2015-01/msg00001.html
37.
Security Updates in Red Hat Enterprise
Linux (RHSA-2015:0008-1)
[06/01/2015] Red Hat
has released security update packages for fixing the vulnerability identified in
the libvirt package for Red Hat Enterprise Linux 7. An attacker could bypass
security restrictions and obtain sensitive
information.
URL:rhn.redhat.com/errata/RHSA-2015-0008.html
38.
Security Updates in Ubuntu GNU/Linux
(USN-2450-1)
[06/01/2015] Ubuntu has
released security update packages for fixing the vulnerability identified in the
strongSwan packages for versions 14.04 LTS and 14.10 of Ubuntu GNU/Linux. An
attacker could bypass security restrictions, cause a denial of service condition
and crash the
system.
URL:www.ubuntu.com/usn/usn-2450-1/
39. Security Updates in Debian (DSA-3116-1,
DSA-3117-1)
[05/01/2015] Debian has
released security update packages for fixing the vulnerabilities identified in
the polarssl and php5 packages for multiple versions of Debian GNU/Linux. Due to
multiple errors, an attacker could execute arbitrary code, cause a denial of
service condition and crash the
system.
URL:www.debian.org/security/2014/dsa-3116
URL:www.debian.org/security/2014/dsa-3117
40.
Security Updates in Slackware
(SSA:2014-356-01, SSA:2014-356-02, SSA:2014-356-03)
[05/01/2015] Slackware has released security update packages for fixing
the vulnerabilities identified in the ntp, php and xorg-server packages for
multiple versions of Slackware Linux. Due to multiple errors, an attacker could
bypass security restrictions, obtain sensitive information, execute arbitrary
code, cause a denial of service condition and crash the
application.
URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2014&m=slackware-security.400170
URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2014&m=slackware-security.520762
URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2014&m=slackware-security.618701
No comments:
Post a Comment