1. Vulnerabilities in F5 Products (SOL16120, SOL16122, SOL16123,
SOL16124, SOL16135, SOL16136)
[13/02/2015] Vulnerabilities were identified in the F5 BIG-IP LTM, BIG-IP
AAM, BIG-IP AFM, BIG-IP Analytics, BIG-IP APM, BIG-IP ASM, BIG-IP Edge Gateway,
BIG-IP GTM, BIG-IP Link Controller, BIG-IP PEM, BIG-IP PSM, BIG-IP
WebAccelerator, BIG-IP WOM, Enterprise Manager, BIG-IQ Cloud, BIG-IQ Device,
BIG-IQ Security, LineRate, Traffix-SDC and Traffix. An attacker could bypass
security restrictions, obtain sensitive information, gain elevated privileges,
cause a denial of service condition and crash the system. These vulnerabilities
affect multiple versions of the mentioned products. Security patches are
available to resolve these
vulnerabilities.
URL:support.f5.com/kb/en-us/solutions/public/16000/100/sol16120.html
URL:support.f5.com/kb/en-us/solutions/public/16000/100/sol16122.html
URL:support.f5.com/kb/en-us/solutions/public/16000/100/sol16123.html
URL:support.f5.com/kb/en-us/solutions/public/16000/100/sol16124.html
URL:support.f5.com/kb/en-us/solutions/public/16000/100/sol16135.html
URL:support.f5.com/kb/en-us/solutions/public/16000/100/sol16136.html
2. Vulnerability in Elasticsearch
(100850)
[13/02/2015]
Vulnerability was identified in the
Elasticsearch. An attacker could bypass security restrictions, gain elevated
privileges, execute arbitrary code and compromise an affected system. This
vulnerability affects versions prior to 1.3.8 or 1.4.3 of the mentioned product.
Security patches are available to resolve this
vulnerability.
URL:xforce.iss.net/xforce/xfdb/100850
3. Vulnerabilities in multiple plugins for WordPress
(100846, 100847, 100854)
[13/02/2015] Vulnerabilities were identified in the Ninja Forms plugin and
Survey and Poll plugin for WordPress. An attacker could bypass security
restrictions, execute arbitrary code, perform cross-site scripting and code
injection attacks. These vulnerabilities affect multiple versions of the
mentioned plugins. Security patches are available to resolve the vulnerabilities
identified in the Ninja Forms
plugin.
URL:xforce.iss.net/xforce/xfdb/100846
URL:xforce.iss.net/xforce/xfdb/100847
URL:xforce.iss.net/xforce/xfdb/100854
4. Vulnerability in Xen
(XSA-117)
[13/02/2015]
Vulnerability was identified in the Xen. An
attacker could bypass security restrictions, cause a denial of service condition
and crash the system. This vulnerability affects versions 4.5 or later of the
mentioned product. Security patches are available to resolve this
vulnerability.
URL:xenbits.xen.org/xsa/advisory-117.html
URL:xforce.iss.net/xforce/xfdb/100868
5. Security Updates in Mandriva (MDVSA-2015:044,
MDVSA-2015:045, MDVSA-2015:046, MDVSA-2015:047,
MDVSA-2015:048)
[13/02/2015] Mandriva
has released security update packages for fixing the vulnerabilities identified
in the perl-Gtk2, e2fsprogs, ntp, elfutils and postgresql packages for version
MBS1 of Mandriva GNU/Linux. Due to multiple errors, an attacker could bypass
security restrictions, obtain sensitive information, gain elevated privileges,
execute arbitrary code, cause a denial of service condition and crash the
system.
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2015%3A044/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2015%3A045/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2015%3A046/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2015%3A047/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2015%3A048/
6. Security Updates in SUSE
(SUSE-SU-2015:0274-1)
[13/02/2015] SUSE has
released security update packages for fixing the vulnerabilities identified in
the ntp packages of SUSE Linux Enterprise 12. Due to multiple errors, an
attacker could bypass security restrictions, obtain sensitive information,
execute arbitrary code, cause a denial of service condition and crash the
system.
URL:lists.opensuse.org/opensuse-security-announce/2015-02/msg00013.html
7. Security Updates in Ubuntu GNU/Linux
(USN-2488-2)
[13/02/2015] Ubuntu has
released security update packages for fixing the vulnerabilities identified in
the clamav package for version 10.04 LTS of Ubuntu GNU/Linux. Due to multiple
errors, an attacker could bypass security restrictions, execute arbitrary code,
cause a denial of service condition and crash the
system.
URL:www.ubuntu.com/usn/usn-2488-2/
8. Vulnerabilities in Cisco Products
(cisco-sa-20150211-csacs)
[12/02/2015] Vulnerabilities were identified in the Cisco Secure Access
Control System (ACS) and Cisco Adaptive Security Appliance (ASA) Software. An
attacker could bypass security restrictions, obtain sensitive information, cause
a denial of service condition and compromise the system. These vulnerabilities
affect multiple firmware versions of the mentioned products. Security patches
are available to resolve these
vulnerabilities.
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150211-csacs
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0619
URL:xforce.iss.net/xforce/xfdb/100812
9. Vulnerabilities in Google
Chrome
[12/02/2015]
Vulnerabilities were identified in the Google
Chrome. An attacker could bypass security restrictions, gain elevated
privileges, execute arbitrary code and compromise an affected system. These
vulnerabilities affect versions prior to 40.0.2214.114 (Platform version:
6457.94.0) of the mentioned product. Security patches are available to resolve
these
vulnerabilities.
URL:googlechromereleases.blogspot.hk/2015/02/stable-channel-update-for-chrome-os.html
URL:www.us-cert.gov/ncas/current-activity/2015/02/10/Google-Releases-Security-Update-Chrome-OS
10.
Vulnerabilities in IBM Products (1695362,
1695474)
[12/02/2015]
Vulnerabilities were identified in the IBM
WebSphere Application Server, IBM SDK Java Technology Edition and IBM SDK Java 2
Technology Edition. An attacker could bypass security restrictions, obtain
sensitive information, gain elevated privileges, execute arbitrary code, cause a
denial of service condition and compromise the system. These vulnerabilities
affect multiple versions of the mentioned products. Security patches are
available to resolve these vulnerabilities and the Interim fixes for HP
Platforms will be available by
03/31/2015.
URL:www-01.ibm.com/support/docview.wss?uid=swg21695362
URL:www-01.ibm.com/support/docview.wss?uid=swg21695474
11.
Security Updates in Oracle Linux
(ELSA-2015-0164, ELSA-2015-0165, ELSA-2015-0166)
[12/02/2015] Oracle has released security update packages for fixing the
vulnerabilities identified in the kernel and subversion packages for Oracle
Linux 5, 6 and 7. Due to multiple errors, an attacker could bypass security
restrictions, obtain sensitive information, execute arbitrary code, cause a
denial of service condition and crash the
system.
URL:linux.oracle.com/errata/ELSA-2015-0164.html
URL:linux.oracle.com/errata/ELSA-2015-0165.html
URL:linux.oracle.com/errata/ELSA-2015-0166.html
12.
Security Updates in Debian (DSA-3160-1,
DSA-3161-1)
[12/02/2015] Debian has
released security update packages for fixing the vulnerabilities identified in
the xorg-server and dbus packages for multiple versions of Debian GNU/Linux. Due
to multiple errors, an attacker could bypass security restrictions, obtain
sensitive information and cause a denial of service
condition.
URL:www.debian.org/security/2015/dsa-3160
URL:www.debian.org/security/2015/dsa-3161
13.
Security Updates in Mageia
(MGASA-2015-0058, MGASA-2015-0059, MGASA-2015-0060, MGASA-2015-0061,
MGASA-2015-0062, MGASA-2015-0063, MGASA-2015-0064)
[12/02/2015] Mageia has released security update packages for fixing the
vulnerabilities identified in the xdg-utils, perl-Gtk2, hivex, e2fsprogs,
chromium-browser-stable, ntp and owasp-esapi-java packages for multiple versions
of Mageia. Due to multiple errors, an attacker could bypass security
restrictions, obtain sensitive information, gain elevated privileges, execute
arbitrary code, cause a denial of service condition and crash the
system.
URL:advisories.mageia.org/MGASA-2015-0058.html
URL:advisories.mageia.org/MGASA-2015-0059.html
URL:advisories.mageia.org/MGASA-2015-0060.html
URL:advisories.mageia.org/MGASA-2015-0061.html
URL:advisories.mageia.org/MGASA-2015-0062.html
URL:advisories.mageia.org/MGASA-2015-0063.html
URL:advisories.mageia.org/MGASA-2015-0064.html
14.
Security Updates in SUSE
(openSUSE-SU-2015:0256-1, SUSE-SU-2015:0257-1,
SUSE-SU-2015:0259-1)
[12/02/2015] SUSE has
released security update packages for fixing the vulnerabilities identified in
the xen package of openSUSE 13.2, and krb5 and ntp packages of SUSE Linux
Enterprise 11. Due to multiple errors, an attacker could bypass security
restrictions, obtain sensitive information, gain elevated privileges, execute
arbitrary code, cause a denial of service condition and compromise the
system.
URL:lists.opensuse.org/opensuse-security-announce/2015-02/msg00010.html
URL:lists.opensuse.org/opensuse-security-announce/2015-02/msg00011.html
URL:lists.opensuse.org/opensuse-security-announce/2015-02/msg00012.html
15.
Security Updates in Red Hat Enterprise
Linux (RHSA-2015:0163-1, RHSA-2015:0164-1, RHSA-2015:0165-1,
RHSA-2015:0166-1)
[12/02/2015] Red Hat
has released security update packages for fixing the vulnerabilities identified
in the chromium-browser and subversion packages for Red Hat Enterprise Linux 5,
6 and 7. Due to multiple errors, an attacker could bypass security restrictions,
obtain sensitive information, gain elevated privileges, execute arbitrary code,
cause a denial of service condition and compromise the
system.
URL:rhn.redhat.com/errata/RHSA-2015-0163.html
URL:rhn.redhat.com/errata/RHSA-2015-0164.html
URL:rhn.redhat.com/errata/RHSA-2015-0165.html
URL:rhn.redhat.com/errata/RHSA-2015-0166.html
16.
Security Updates in Ubuntu GNU/Linux
(USN-2499-1)
[12/02/2015] Ubuntu has
released security update packages for fixing the vulnerabilities identified in
the postgresql-8.4, postgresql-9.1, postgresql-9.3 and postgresql-9.4 packages
for versions 10.04 LTS, 12.04 LTS, 14.04 LTS and 14.10 of Ubuntu GNU/Linux. Due
to multiple errors, an attacker could bypass security restrictions, obtain
sensitive information, gain elevated privileges, execute arbitrary code, perform
code injection attacks, cause a denial of service condition and crash the
system.
URL:www.ubuntu.com/usn/usn-2499-1/
17. Vulnerabilities in Microsoft Products (3000483,
3004361, 3029944, 3031432, 3032328, 3033857, 3034682, 3035898,
3036220)
[11/02/2015]
Vulnerabilities were identified in the Microsoft
Internet Explorer, Microsoft Windows, Microsoft Windows Server, Microsoft
SharePoint Server, Microsoft Office, Microsoft Office Compatibility Pack, Excel
Viewer, Word Viewer, Microsoft Office Web Apps and Microsoft System Center
Virtual Machine Manager. An attacker could bypass security restrictions, obtain
sensitive information, gain elevated privileges, execute arbitrary code and
compromise the system. These vulnerabilities affect multiple versions of the
mentioned products. Security patches are available to resolve these
vulnerabilities.
URL:technet.microsoft.com/library/security/ms15-feb
URL:technet.microsoft.com/library/security/MS15-009
URL:technet.microsoft.com/library/security/MS15-010
URL:technet.microsoft.com/library/security/MS15-011
URL:technet.microsoft.com/library/security/MS15-012
URL:technet.microsoft.com/library/security/MS15-013
URL:technet.microsoft.com/library/security/MS15-014
URL:technet.microsoft.com/library/security/MS15-015
URL:technet.microsoft.com/library/security/MS15-016
URL:technet.microsoft.com/library/security/MS15-017
URL:www.hkcert.org/my_url/en/alert/15021101
URL:www.hkcert.org/my_url/en/alert/15021102
URL:www.hkcert.org/my_url/en/alert/15021103
URL:www.hkcert.org/my_url/en/alert/15021104
URL:www.hkcert.org/my_url/en/alert/15021105
URL:www.hkcert.org/my_url/en/alert/15021106
URL:www.hkcert.org/my_url/en/alert/15021107
URL:www.hkcert.org/my_url/en/alert/15021108
URL:www.hkcert.org/my_url/en/alert/15021109
URL:www.us-cert.gov/ncas/current-activity/2015/02/10/Microsoft-Releases-Critical-Security-Bulletin
URL:www.us-cert.gov/ncas/current-activity/2015/02/10/Microsoft-Releases-Critical-Security-Update-Internet-Explorer
URL:xforce.iss.net/xforce/xfdb/100426
URL:xforce.iss.net/xforce/xfdb/100428
URL:xforce.iss.net/xforce/xfdb/100430
URL:xforce.iss.net/xforce/xfdb/100431
URL:xforce.iss.net/xforce/xfdb/100432
URL:xforce.iss.net/xforce/xfdb/100433
URL:xforce.iss.net/xforce/xfdb/100435
URL:xforce.iss.net/xforce/xfdb/100439
URL:xforce.iss.net/xforce/xfdb/99525
18.
Information Updates on Microsoft Security
Advisories (3004375, 3009008)
[11/02/2015] Microsoft
has updated information on the Security Advisories for the Microsoft Windows.
(A) KB3004375 was announced the availability of an update to improve Windows
command-line auditing. (B) KB3009008 was announced that SSL 3.0 fallback
attempts are disabled by default in Internet Explorer
11.
URL:technet.microsoft.com/en-us/library/security/3004375
URL:technet.microsoft.com/en-us/library/security/3009008
19.
Vulnerability in Adobe Reader for
Macintosh
[11/02/2015]
Vulnerability was identified in the Adobe Reader
for Macintosh. An attacker could bypass security restrictions, execute arbitrary
code and compromise the system. This vulnerability affects version 11.0.10
running on Macintosh OS X of the mentioned
product.
URL:www.hkcert.org/my_url/en/alert/15021110
20.
Vulnerabilities in Cisco
Products
[11/02/2015]
Vulnerabilities were identified in the Cisco IOS
Software and Cisco TelePresence. An attacker could bypass security restrictions,
obtain sensitive information, cause a denial of service condition and crash the
system. These vulnerabilities affect multiple firmware versions of the mentioned
products. Security patches are available to resolve these
vulnerabilities.
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0606
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0608
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0609
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0610
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0611
URL:www.hkcert.org/my_url/en/alert/15021111
21.
Vulnerabilities in Asterisk
(AST-2015-001, AST-2015-002)
[11/02/2015] Vulnerabilities were identified in the Asterisk. An attacker
could bypass security restrictions, execute arbitrary code, cause a denial of
service condition and crash the system. These vulnerabilities affect multiple
versions of the mentioned products. Security patches are available to resolve
these
vulnerabilities.
URL:downloads.asterisk.org/pub/security/AST-2015-001.html
URL:downloads.asterisk.org/pub/security/AST-2015-002.html
22.
Vulnerabilities in moodle (MDL-48980,
MDL-48990)
[11/02/2015]
Vulnerabilities were identified in the moodle.
An attacker could bypass security restrictions and obtain sensitive information.
These vulnerabilities affect multiple versions of the mentioned products.
Security patches are available to resolve these
vulnerabilities.
URL:moodle.org/security/
URL:moodle.org/mod/forum/discuss.php?d=279956#p1202839
23.
Security Updates in Debian
(DSA-3159-1)
[11/02/2015] Debian has
released security update packages for fixing the vulnerabilities identified in
the ruby1.8 package for multiple versions of Debian GNU/Linux. Due to multiple
errors, an attacker could bypass security restrictions, cause a denial of
service condition and crash the
system.
URL:www.debian.org/security/2015/dsa-3159
24.
Security Updates in Mandriva
(MDVSA-2015:039, MDVSA-2015:040, MDVSA-2015:041, MDVSA-2015:042,
MDVSA-2015:043)
[11/02/2015] Mandriva
has released security update packages for fixing the vulnerabilities identified
in the glibc, zarafa, cabextract, clamav and otrs packages for version MBS1 of
Mandriva GNU/Linux. Due to multiple errors, an attacker could bypass security
restrictions, obtain sensitive information, execute arbitrary code, cause a
denial of service condition and compromise the
system.
URL:www.mandriva.com/en/support/security/advisories/mbs1/MDVSA-2015%3A039/
URL:www.mandriva.com/en/support/security/advisories/mbs1/MDVSA-2015%3A040/
URL:www.mandriva.com/en/support/security/advisories/mbs1/MDVSA-2015%3A041/
URL:www.mandriva.com/en/support/security/advisories/mbs1/MDVSA-2015%3A042/
URL:www.mandriva.com/en/support/security/advisories/mbs1/MDVSA-2015%3A043/
25.
Security Updates in Ubuntu GNU/Linux
(USN-2495-1, USN-2498-1)
[11/02/2015] Ubuntu has
released security update packages for fixing the vulnerabilities identified in
the oxide-qt and krb5 packages for versions 10.04 LTS, 12.04 LTS, 14.04 LTS and
14.10 of Ubuntu GNU/Linux. Due to multiple errors, an attacker could bypass
security restrictions, gain elevated privileges, execute arbitrary code, cause a
denial of service condition and crash the
system.
URL:www.ubuntu.com/usn/usn-2495-1/
URL:www.ubuntu.com/usn/usn-2498-1/
26.
Vulnerability in Apache
Tomcat
[10/02/2015]
Vulnerability was identified in the Apache
Tomcat. An attacker could bypass security restrictions, execute arbitrary code
and compromise the system. This vulnerability affects versions prior to 6.0.43,
7.0.55 or 8.0.9 of the mentioned product. Security patches are available to
resolve this
vulnerability.
URL:tomcat.apache.org/security-6.html
URL:tomcat.apache.org/security-7.html
URL:tomcat.apache.org/security-8.html
URL:xforce.iss.net/xforce/xfdb/100751
27.
Vulnerabilities in Cisco
Products
[10/02/2015]
Vulnerabilities were identified in the Cisco
Prime Infrastructure, Cisco Prime Security Manager and Cisco IOS Software. An
attacker could bypass security restrictions, execute arbitrary code, perform
cross-frame scripting, cross-site request forgery and cross-site scripting
attacks, cause a denial of service condition and crash the system. These
vulnerabilities affect multiple firmware versions of the mentioned products.
Security patches are available to resolve these
vulnerabilities.
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2147
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2152
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2153
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3365
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0592
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0593
URL:xforce.iss.net/xforce/xfdb/100746
URL:xforce.iss.net/xforce/xfdb/100747
URL:xforce.iss.net/xforce/xfdb/100755
URL:xforce.iss.net/xforce/xfdb/100756
28.
Vulnerabilities in Ektron Content
Management System (VU#377644)
[10/02/2015] Vulnerabilities were identified in Ektron Content Management
System. An attacker could bypass security restrictions, obtain sensitive
information, gain elevated privileges and execute arbitrary code. These
vulnerabilities affect multiple versions of the mentioned product. Security
patches are available to resolve these
vulnerabilities.
URL:www.kb.cert.org/vuls/id/377644
29.
Vulnerability in LG On-Screen Phone
(100733)
[10/02/2015]
Vulnerability was identified in the LG On-Screen
Phone. An attacker could bypass security restrictions and compromise the system.
This vulnerability affects firmware versions prior to 4.3.010 of the mentioned
product. Security patches are available to resolve this
vulnerability.
URL:xforce.iss.net/xforce/xfdb/100733
30.
Vulnerability in eFront
(100735)
[10/02/2015]
Vulnerability was identified in the eFront. An
attacker could bypass security restrictions, execute arbitrary code and perform
cross-site scripting attacks. This vulnerability affects versions prior to
3.6.15.3 - build 18022 of the mentioned product. Security patches are available
to resolve this
vulnerability.
URL:xforce.iss.net/xforce/xfdb/100735
31.
Security Updates in Debian (DSA-3157-1,
DSA-3158-1)
[10/02/2015] Debian has
released security update packages for fixing the vulnerabilities identified in
the ruby1.9.1 and unrtf packages for multiple versions of Debian GNU/Linux. Due
to multiple errors, an attacker could bypass security restrictions, execute
arbitrary code, cause a denial of service condition and crash the
system.
URL:www.debian.org/security/2015/dsa-3157
URL:www.debian.org/security/2015/dsa-3158
32.
Security Updates in Mageia
(MGASA-2015-0055, MGASA-2015-0056, MGASA-2015-0057)
[10/02/2015] Mageia has released security update packages for fixing the
vulnerabilities identified in the polarssl, clamav and moodle packages for
multiple versions of Mageia. Due to multiple errors, an attacker could bypass
security restrictions, obtain sensitive information, execute arbitrary code,
cause a denial of service condition and crash the
system.
URL:advisories.mageia.org/MGASA-2015-0055.html
URL:advisories.mageia.org/MGASA-2015-0056.html
URL:advisories.mageia.org/MGASA-2015-0057.html
33.
Security Updates in Ubuntu GNU/Linux
(USN-2496-1, USN-2497-1)
[10/02/2015] Ubuntu has
released security update packages for fixing the vulnerabilities identified in
the binutils and ntp packages for versions 10.04 LTS, 12.04 LTS, 14.04 LTS and
14.10 of Ubuntu GNU/Linux. Due to multiple errors, an attacker could bypass
security restrictions, obtain sensitive information, execute arbitrary code,
cause a denial of service condition and crash the
system.
URL:www.ubuntu.com/usn/usn-2496-1/
URL:www.ubuntu.com/usn/usn-2497-1/
34.
Vulnerabilities in Apple OS X
(HT202681)
[09/02/2015]
Vulnerabilities were identified in the Flash
Player plug-in for Apple OS X. An attacker could bypass security restrictions,
execute arbitrary code and compromise the system. These vulnerabilities affect
multiple versions of the mentioned product. Security patches are available to
resolve these
vulnerabilities.
URL:support.apple.com/en-us/HT202681
URL:prod.lists.apple.com/archives/security-announce/2015/Feb/msg00000.html
35.
Vulnerabilities in Cisco
Products
[09/02/2015]
Vulnerabilities were identified in the Cisco
Adaptive Security Appliance (ASA) Software and Cisco Email Security Appliance
(ESA). An attacker could bypass security restrictions, cause a denial of service
condition and crash the system. These vulnerabilities affect multiple firmware
versions of the mentioned products. Security patches are available to resolve
these
vulnerabilities.
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5557
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0605
URL:xforce.iss.net/xforce/xfdb/100694
36.
Vulnerability in Juniper ScreenOS
(JSA10624)
[09/02/2015]
Vulnerability was identified in the firewalls of
Juniper ScreenOS. An attacker could cause a denial of service condition and
crash the system. This vulnerability affects versions prior to 6.3.0r17 of the
mentioned product. Security patches are available to resolve this
vulnerability.
URL:kb.juniper.net/index?page=content&id=JSA10624
37.
Vulnerabilities in Novell ZENworks
Configuration Management (5200561)
[09/02/2015] Vulnerabilities were identified in Novell ZENworks
Configuration Management. An attacker could bypass security restrictions, obtain
sensitive information, gain elevated privileges, execute arbitrary code, perform
code injection attacks, cause a denial of service condition and compromise the
system. These vulnerabilities affect multiple versions of the mentioned product.
Security patches are available to resolve these
vulnerabilities.
URL:download.novell.com/Download?buildid=yh9N1NeIQX0~
38.
Vulnerability in libfcgi
(100696)
[09/02/2015]
Vulnerability was identified in the libfcgi. An
attacker cause a denial of service condition. This vulnerability affects
versions prior to 2.4.0-8.3 of the mentioned product. Security patches are
available to resolve this
vulnerability.
URL:xforce.iss.net/xforce/xfdb/100696
39.
Security Updates in Debian
(DSA-3155-1)
[09/02/2015] Debian has
released security update packages for fixing the vulnerabilities identified in
the postgresql-9.1 package for multiple versions of Debian GNU/Linux. Due to
multiple errors, an attacker could bypass security restrictions, obtain
sensitive information, execute arbitrary code, perform code injection attacks,
cause a denial of service condition and crash the
system.
URL:www.debian.org/security/2015/dsa-3155
40.
Security Updates in Gentoo Linux (GLSA
201502-01, GLSA 201502-02, GLSA 201502-03, GLSA 201502-04, GLSA 201502-05, GLSA
201502-06, GLSA 201502-07, GLSA 201502-08, GLSA
201502-09)
[09/02/2015]
Gentoo has released security update packages for
fixing the vulnerabilities identified in the mpg123, adobe-flash, bind,
mediawiki, tcpdump, nginx, libevent, libav and antiword packages for multiple
versions of Gentoo Linux. Due to multiple errors, an attacker could bypass
security restrictions, obtain sensitive information, execute arbitrary code,
cause a denial of service condition and crash the
system.
URL:www.gentoo.org/security/en/glsa/glsa-201502-01.xml
URL:www.gentoo.org/security/en/glsa/glsa-201502-02.xml
URL:www.gentoo.org/security/en/glsa/glsa-201502-03.xml
URL:www.gentoo.org/security/en/glsa/glsa-201502-04.xml
URL:www.gentoo.org/security/en/glsa/glsa-201502-05.xml
URL:www.gentoo.org/security/en/glsa/glsa-201502-06.xml
URL:www.gentoo.org/security/en/glsa/glsa-201502-07.xml
URL:www.gentoo.org/security/en/glsa/glsa-201502-08.xml
URL:www.gentoo.org/security/en/glsa/glsa-201502-09.xml
41.
Security Updates in Mandriva
(MDVSA-2015:033, MDVSA-2015:034, MDVSA-2015:035, MDVSA-2015:036,
MDVSA-2015:037)
[09/02/2015] Mandriva
has released security update packages for fixing the vulnerabilities identified
in the java-1.7.0-openjdk, jasper, libvirt, python-django and vorbis-tools
packages for version MBS1 of Mandriva GNU/Linux. Due to multiple errors, an
attacker could bypass security restrictions, obtain sensitive information, gain
elevated privileges, execute arbitrary code, perform code injection attacks,
cause a denial of service condition and compromise the
system.
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2015%3A033/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2015%3A034/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2015%3A035/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2015%3A036/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2015%3A037/
42.
Security Updates in Mageia
(MGASA-2015-0054)
[09/02/2015] Mageia has
released security update packages for fixing the vulnerabilities identified in
the flash-player-plugin package for multiple versions of Mageia. Due to multiple
errors, an attacker could bypass security restrictions, execute arbitrary code
and compromise the
system.
URL:advisories.mageia.org/MGASA-2015-0054.html
43.
Security Updates in SUSE
(openSUSE-SU-2015:0226-1, SUSE-SU-2015:0236-1, openSUSE-SU-2015:0237-1,
openSUSE-SU-2015:0238-1, SUSE-SU-2015:0239-1)
[09/02/2015] SUSE has
released security update packages for fixing the vulnerabilities identified in
the xen and flash-player packages of openSUSE 13.1 and 13.2, openSUSE Evergreen
11.4, and flash-player, flash-player-gnome and flash-player-kde4 packages of
SUSE Linux Enterprise 11 and 12. Due to multiple errors, an attacker could
bypass security restrictions, obtain sensitive information, gain elevated
privileges, execute arbitrary code, cause a denial of service condition and
compromise the
system.
URL:lists.opensuse.org/opensuse-security-announce/2015-02/msg00005.html
URL:lists.opensuse.org/opensuse-security-announce/2015-02/msg00006.html
URL:lists.opensuse.org/opensuse-security-announce/2015-02/msg00007.html
URL:lists.opensuse.org/opensuse-security-announce/2015-02/msg00008.html
URL:lists.opensuse.org/opensuse-security-announce/2015-02/msg00009.html
44.
Security Updates in Red Hat Enterprise
Linux (RHSA-2015:0140-1)
[09/02/2015] Red Hat
has released security update packages for fixing the vulnerabilities identified
in the Adobe Flash Player package for Red Hat Enterprise 5 and 6. Due to
multiple errors, an attacker could bypass security restrictions, obtain
sensitive information, gain elevated privileges, execute arbitrary code, cause a
denial of service condition and compromise the
system.
URL:rhn.redhat.com/errata/RHSA-2015-0140.html
Source(s)
of above information:
No comments:
Post a Comment