1. Information
Updates on Microsoft Security Bulletins and Advisory (3038999, 3046049,
3050995)
[27/03/2015]
Microsoft has updated information on the
Security Bulletins and Security Advisory for the Microsoft Office and Microsoft
Windows. (A) KB3038999 corrected the update replacement entry for Microsoft
Excel 2007 Service Pack 3 in the Affected Software table. (B) KB3046049 added an
FAQ directing customers to Microsoft Knowledge Base Article 3050509 for
instructions on how to disable EXPORT ciphers after installing the update on
Windows Server 2003 systems. (C) KB3050995 was rereleased to announce that the
update for supported editions of Windows Server 2003 is now
available.
URL:technet.microsoft.com/en-us/library/security/MS15-022
URL:technet.microsoft.com/en-us/library/security/MS15-031
URL:technet.microsoft.com/en-us/library/security/3050995
2. Vulnerability in Cisco Wireless LAN Controller
(38076)
[27/03/2015]
Vulnerability was identified in the Cisco
Wireless LAN Controller. An attacker could cause a denial of service condition
and crash the devices. This vulnerability affects versions 7.3, 7.4 and possibly
other versions of the mentioned product. Security patches are available to
resolve this
vulnerability.
URL:tools.cisco.com/security/center/viewAlert.x?alertId=38076
URL:exchange.xforce.ibmcloud.com/#/vulnerabilities/101841
3. Vulnerabilities in F-Secure Products
(FSC-2015-2)
[27/03/2015] Vulnerabilities were identified in the F-Secure Internet
Gatekeeper and F-Secure Policy Manager. An attacker could traverse directories
on the system. These vulnerabilities affect multiple versions of the mentioned
product. Security patches are available to resolve these
vulnerabilities.
URL:www.f-secure.com/en/web/labs_global/fsc-2015-2
URL:exchange.xforce.ibmcloud.com/#/vulnerabilities/101826
URL:exchange.xforce.ibmcloud.com/#/vulnerabilities/101827
4. Vulnerability in ANTlabs InnGate
(VU#930956)
[27/03/2015] Vulnerability was identified in the ANTlabs InnGate. An
attacker could bypass security restrictions and gain escalated privileges. This
vulnerability affects multiple models of the mentioned product. Security patches
are available to resolve this
vulnerability.
URL:www.kb.cert.org/vuls/id/930956
URL:exchange.xforce.ibmcloud.com/#/vulnerabilities/101832
5. Vulnerability in PHP
[27/03/2015] Vulnerability was identified in the PHP. An attacker could
execute arbitrary code. This vulnerability affects versions prior to 5.4.39,
5.5.23, 5.6.7 of the mentioned product. Security patches are available to
resolve this
vulnerability.
URL:php.net/ChangeLog-5.php#5.6.7
URL:www.hkcert.org/my_url/en/alert/15032701
6. Security Updates in Oracle Linux (ELSA-2015-0726,
ELSA-2015-0728, ELSA-2015-0729)
[27/03/2015] Oracle has
released security update packages for fixing the vulnerabilities identified in
the kernel, ipa, slapi-nis and setroubleshoot packages for Oracle Linux 5, 6 and
7. Due to multiple errors, an attacker could gain escalated privileges and crash
the
system.
URL:linux.oracle.com/errata/ELSA-2015-0726.html
URL:linux.oracle.com/errata/ELSA-2015-0728.html
URL:linux.oracle.com/errata/ELSA-2015-0729.html
7. Security Updates in Red Hat Enterprise Linux
(RHSA-2015:0728-1, RHSA-2015:0729-1)
[27/03/2015] Red Hat
has released security update packages for fixing the vulnerabilities identified
in the ipa, slapi-nis and setroubleshoot packages for Red Hat Enterprise Linux
5, 6 and 7. Due to multiple errors, an attacker could gain escalated privileges
and crash the
system.
URL:rhn.redhat.com/errata/RHSA-2015-0728.html
URL:rhn.redhat.com/errata/RHSA-2015-0729.html
8. Security Updates in openSUSE
(openSUSE-SU-2015:0607-1)
[27/03/2015] SUSE has
released security update packages for fixing the vulnerabilities identified in
the Mozilla Firefox package of openSUSE 13.1 and 13.2. Due to multiple errors,
an attacker could gain escalated privilege and execute arbitrary
code.
URL:lists.opensuse.org/opensuse-security-announce/2015-03/msg00030.html
9. Vulnerabilities in Cisco Products
(cisco-sa-20150325-ani, cisco-sa-20150325-cip, cisco-sa-20150325-ikev2,
cisco-sa-20150325-iosxe, cisco-sa-20150325-mdns, cisco-sa-20150325-tcpleak,
cisco-sa-20150325-wedge)
[26/03/2015] Vulnerabilities were identified in the Cisco IOS Software and
Cisco IOS XE Software. An attacker could cause a denial of service condition and
execute arbitrary code. These vulnerabilities affect multiple versions of the
mentioned products. Security patches are available to resolve these
vulnerabilities.
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150325-ani
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150325-cip
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150325-ikev2
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150325-iosxe
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150325-mdns
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150325-tcpleak
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150325-wedge
URL:www.hkcert.org/my_url/en/alert/15032601
10.
Vulnerability in Linux Kernel
(101789)
[26/03/2015]
Vulnerability was identified in the Linux
Kernel. An attacker could gain elevated privileges. The affected version was not
specified. Security patches are available to resolve this
vulnerability.
URL:exchange.xforce.ibmcloud.com/#/vulnerabilities/101789
11.
Security Updates in Debian
(DSA-3204-1)
[26/03/2015] Debian has
released security update packages for fixing the vulnerabilities identified in
the python-django package for multiple versions of Debian GNU/Linux. An attacker
could perform cross-site scripting
attacks.
URL:www.debian.org/security/2015/dsa-3204
12.
Security Updates in SUSE
(SUSE-SU-2015:0593-1)
[26/03/2015] SUSE has
released security update packages for fixing the vulnerabilities identified in
the Mozilla Firefox package of SUSE Linux Enterprise 11. Due to multiple errors,
an attacker could bypass security restrictions and execute arbitrary
code.
URL:lists.opensuse.org/opensuse-security-announce/2015-03/msg00029.html
13.
Information Updates on Microsoft Security
Advisories (3050995)
[25/03/2015] Microsoft
has published a Security Advisory KB3050995 for Microsoft Windows to remove the
trust of the subordinate CA certificate, which improperly issued digital
certificates that could be used in attemtps to spoof content, perform phishing
attacks and perform man-in-the-middle
attacks.
URL:technet.microsoft.com/en-gb/library/security/3050995
14.
Vulnerability in EMC Documentum xMS
(101741)
[25/03/2015]
Vulnerability was identified in the EMC
Documentum xMS. An attacker could obtain sensitive information. This
vulnerability affects version 1.1 of the mentioned product. Security patches are
available to resolve this
vulnerability.
URL:exchange.xforce.ibmcloud.com/#/vulnerabilities/101741
15.
Vulnerability in TERASOLUNA Server
Framework for Java(WEB) (101770)
[25/03/2015] Vulnerability was identified in the TERASOLUNA Server
Framework for Java(WEB). An attacker could bypass security restrictions. This
vulnerability affects versions prior to 2.0.5.3 of the mentioned product.
Security patches are available to resolve this
vulnerability.
URL:exchange.xforce.ibmcloud.com/#/vulnerabilities/101770
16.
Vulnerability in Tor
(101751)
[25/03/2015]
Vulnerability was identified in the Tor. An
attacker could cause a buffer overflow, execute arbitrary code and crash the
application. This vulnerability affects version 0.2.5.10 of the mentioned
product. Security patches are available to resolve this
vulnerability.
URL:exchange.xforce.ibmcloud.com/#/vulnerabilities/101751
17.
Vulnerability in Google Android
OS
[25/03/2015] Vulnerability was identified in the Google Android OS.
An attacker could obtain sensitive information and compromise the devices. This
vulnerability affects versions prior to 4.4 of the mentioned product. Security
patches are available to resolve this
vulnerability.
URL:www.us-cert.gov/ncas/current-activity/2015/03/24/Installer-Hijacking-Vulnerability-Android-Devices
18.
Vulnerability in Squid
(101765)
[25/03/2015]
Vulnerability was identified in the Squid. An
attacker could cause a denial of service condition and crash the application.
This vulnerability affects versions prior to squid-3.1.23-5.el6 of the mentioned
product. Security patches are available to resolve this
vulnerability.
URL:exchange.xforce.ibmcloud.com/#/vulnerabilities/101765
19.
Vulnerability in gd-libgd
(101757)
[25/03/2015]
Vulnerability was identified in the gd-libgd. An
attacker could cause a buffer overflow, execute arbitrary code and crash the
application. This vulnerability affects versions prior to 2.1.1 of the mentioned
product. Security patches are available to resolve this
vulnerability.
URL:exchange.xforce.ibmcloud.com/#/vulnerabilities/101757
20.
Security Updates in Oracle Linux
(ELSA-2015-0718)
[25/03/2015] Oracle has
released security update packages for fixing the vulnerabilities identified in
the firefox packages for Oracle Linux 6 and 7. Due to multiple errors, an
attacker could bypass security restrictions and execute arbitrary
code.
URL:linux.oracle.com/errata/ELSA-2015-0718.html
21.
Security Updates in Red Hat Enterprise
Linux (RHSA-2015:0718-1)
[25/03/2015] Red Hat
has released security update packages for fixing the vulnerabilities identified
in the firefox packages for Red Hat Enterprise Linux 5, 6 and 7. Due to multiple
errors, an attacker could execute arbitrary code and crash the
system.
URL:rhn.redhat.com/errata/RHSA-2015-0718.html
22.
Vulnerability in Apache XML
Security
[24/03/2015]
Vulnerability was identified in the Apache XML
Security. An attacker could bypass security restrictions, cause a denial of
service condition and crash the application. This vulnerability affects version
3.1.1 of the mentioned product. Security patches are available to resolve this
vulnerability.
URL:xerces.apache.org/xerces-c/secadv/CVE-2015-0252.txt
URL:exchange.xforce.ibmcloud.com/#/vulnerabilities/101734
23.
Vulnerability in LINE
(101716)
[24/03/2015]
Vulnerability was identified in LINE. An
attacker could bypass security restrictions, execute arbitrary code and perform
code injection attacks. This vulnerability affects multiple versions of the
mentioned product. Security patches are available to resolve this
vulnerability.
URL:exchange.xforce.ibmcloud.com/#/vulnerabilities/101716
24.
Security Updates in Oracle Linux
(ELSA-2015-0715, ELSA-2015-0716)
[24/03/2015] Oracle has
released security update packages for fixing the vulnerabilities identified in
the openssl package for Oracle Linux 6 and 7. Due to multiple errors, an
attacker could bypass security restrictions, obtain sensitive information,
execute arbitrary code, cause a denial of service condition and crash the
system.
URL:linux.oracle.com/errata/ELSA-2015-0715.html
URL:linux.oracle.com/errata/ELSA-2015-0716.html
25.
Security Updates in Debian
(DSA-3203-1)
[24/03/2015] Debian has
released security update packages for fixing the vulnerabilities identified in
the tor package for multiple versions of Debian GNU/Linux. Due to multiple
errors, an attacker could bypass security restrictions, cause a denial of
service condition and compromise the
system.
URL:www.debian.org/security/2015/dsa-3203
26.
Security Updates in Mageia
(MGASA-2015-0113, MGASA-2015-0114, MGASA-2015-0115)
[24/03/2015] Mageia has released security update packages for fixing the
vulnerabilities identified in the libxfont, tcpdump, rootcerts, nss, firefox
andirefox-l10n packages for multiple versions of Mageia. Due to multiple errors,
an attacker could bypass security restrictions, obtain sensitive information,
gain elevated privileges, execute arbitrary code, cause a denial of service
condition and crash the
system.
URL:advisories.mageia.org/MGASA-2015-0113.html
URL:advisories.mageia.org/MGASA-2015-0114.html
URL:advisories.mageia.org/MGASA-2015-0115.html
27.
Security Updates in Red Hat Enterprise
Linux (RHSA-2015:0715-1, RHSA-2015:0716-1)
[24/03/2015] Red Hat
has released security update packages for fixing the vulnerabilities identified
in the openssl package for Red Hat Enterprise Linux 6 and 7. Due to multiple
errors, an attacker could bypass security restrictions, obtain sensitive
information, execute arbitrary code, cause a denial of service condition and
crash the
system.
URL:rhn.redhat.com/errata/RHSA-2015-0715.html
URL:rhn.redhat.com/errata/RHSA-2015-0716.html
28.
Security Updates in SUSE
(SUSE-SU-2015:0578-1)
[24/03/2015] SUSE has
released security update packages for fixing the vulnerabilities identified in
the compat-openssl097g package of SUSE Linux Enterprise 11. Due to multiple
errors, an attacker could bypass security restrictions, obtain sensitive
information, gain elevated privileges, execute arbitrary code, cause a denial of
service condition and crash the
system.
URL:lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html
29.
Security Updates in Ubuntu GNU/Linux
(USN-2539-1, USN-2540-1)
[24/03/2015] Ubuntu has
released security update packages for fixing the vulnerabilities identified in
the python-django, gnutls26 and gnutls28 packages for versions 10.04 LTS, 12.04
LTS, 14.04 LTS and 14.10 of Ubuntu GNU/Linux. Due to multiple errors, an
attacker could bypass security restrictions, execute arbitrary code, cause a
denial of service condition and crash the
system.
URL:www.ubuntu.com/usn/usn-2539-1/
URL:www.ubuntu.com/usn/usn-2540-1/
30.
Vulnerabilities in Mozilla Products (MFSA
2015-28, MFSA 2015-29)
[23/03/2015] Vulnerabilities were identified in Mozilla Firefox, Firefox
ESR and SeaMonkey. An attacker could bypass security restriction, execute
arbitrary code and gain elevated privilege. These vulnerabilities affect
multiple versions of the mentioned products. Security patches are available for
Firefox and Firefox ESR to resolve these
vulnerabilities.
URL:www.mozilla.org/en-US/security/advisories/mfsa2015-28/
URL:www.mozilla.org/en-US/security/advisories/mfsa2015-29/
31.
Vulnerabilities in Apple Mac OS X
(101696, 101697, 101698)
[23/03/2015] Vulnerabilities were identified in Apple Mac OS X. An
attacker could bypass security restrictions, gain elevated privileges and
execute arbitrary code. These vulnerabilities affect version 10.10.2 of the
mentioned
product.
URL:exchange.xforce.ibmcloud.com/#/vulnerabilities/101696
URL:exchange.xforce.ibmcloud.com/#/vulnerabilities/101697
URL:exchange.xforce.ibmcloud.com/#/vulnerabilities/101698
32.
Vulnerabilities in Cisco Products
(cisco-sa-20150320-openssl)
[23/03/2015] Vulnerabilities were identified in the multiple Cisco
products. An attacker could bypass security restrictions, obtain sensitive
information, execute arbitrary code, cause a denial of service condition and
crash the system. These vulnerabilities affect multiple firmware versions of the
mentioned products. Security patches are available to resolve these
vulnerabilities.
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150320-openssl
URL:tools.cisco.com/security/center/viewAlert.x?alertId=37889
URL:tools.cisco.com/security/center/viewAlert.x?alertId=37934
URL:tools.cisco.com/security/center/viewAlert.x?alertId=37935
URL:tools.cisco.com/security/center/viewAlert.x?alertId=37946
URL:tools.cisco.com/security/center/viewAlert.x?alertId=37947
URL:exchange.xforce.ibmcloud.com/#/vulnerabilities/101680
URL:exchange.xforce.ibmcloud.com/#/vulnerabilities/101681
URL:exchange.xforce.ibmcloud.com/#/vulnerabilities/101682
URL:exchange.xforce.ibmcloud.com/#/vulnerabilities/101683
33.
Vulnerabilities in Citrix Products
(101701, 101702, 101703, 101704, 101705)
[23/03/2015] Vulnerabilities were identified in the Citrix NetScaler VPX,
Citrix Command Center and Citrix NetScaler . An attacker could bypass security
restrictions, obtain sensitive information, execute arbitrary code and perform
code injection attacks. These vulnerabilities affect multiple versions of the
mentioned products. Security patches are available to resolve these
vulnerabilities.
URL:exchange.xforce.ibmcloud.com/#/vulnerabilities/101701
URL:exchange.xforce.ibmcloud.com/#/vulnerabilities/101702
URL:exchange.xforce.ibmcloud.com/#/vulnerabilities/101703
URL:exchange.xforce.ibmcloud.com/#/vulnerabilities/101704
URL:exchange.xforce.ibmcloud.com/#/vulnerabilities/101705
34.
Vulnerabilities in
PHP
[23/03/2015] Vulnerabilities were identified in the PHP. An
attacker could bypass security restrictions, obtain sensitive information, gain
elevated privileges, execute arbitrary code, cause a denial of service condition
and compromise the system. These vulnerabilities affect versions prior to
5.4.39, 5.5.23 or 5.6.7 of the mentioned product. Security patches are available
to resolve these
vulnerabilities.
URL:php.net/ChangeLog-5.php
URL:www.hkcert.org/my_url/en/alert/15032001
URL:exchange.xforce.ibmcloud.com/#/vulnerabilities/101678
35.
Security Updates in Debian (DSA-3198-1,
DSA-3199-1, DSA-3200-1, DSA-3201-1, DSA-3202-1)
[23/03/2015] Debian has released security update packages for fixing the
vulnerabilities identified in the php5, xerces-c, drupal7, iceweasel and mono
packages for multiple versions of Debian GNU/Linux. Due to multiple errors, an
attacker could bypass security restrictions, obtain sensitive information, gain
elevated privileges, execute arbitrary code, cause a denial of service condition
and compromise the
system.
URL:www.debian.org/security/2015/dsa-3198
URL:www.debian.org/security/2015/dsa-3199
URL:www.debian.org/security/2015/dsa-3200
URL:www.debian.org/security/2015/dsa-3201
URL:www.debian.org/security/2015/dsa-3202
36.
Security Updates in FreeBSD
(FreeBSD-SA-15:06.openssl)
[23/03/2015] FreeBSD
has released security update packages for fixing the vulnerabilities identified
in the openssl package for multiple versions of FreeBSD. Due to multiple errors,
an attacker could bypass security restrictions, cause a denial of service
condition and crash the
system.
URL:www.freebsd.org/security/advisories/FreeBSD-SA-15:06.openssl.asc
37.
Security Updates in Gentoo Linux (GLSA
201503-12)
[23/03/2015]
Gentoo has released security update packages for
fixing the vulnerabilities identified in the chromium package for multiple
versions of Gentoo Linux. Due to multiple errors, an attacker could bypass
security restrictions, execute arbitrary code, cause a denial of service
condition and crash the
system.
URL:security.gentoo.org/glsa/201503-12
38.
Security Updates in Mageia
(MGASA-2015-0112)
[23/03/2015] Mageia has
released security update packages for fixing the vulnerabilities identified in
the libtiff package for multiple versions of Mageia. Due to multiple errors, an
attacker could bypass security restrictions, cause a denial of service condition
and crash the
system.
URL:advisories.mageia.org/MGASA-2015-0112.html
39.
Security Updates in NetBSD (SA2015-003,
SA2015-004, SA2015-005, SA2015-006)
[23/03/2015] NetBSD has
released security update packages for fixing the vulnerabilities identified in
the ntpd, kernel, libevent and openssl packages for multiple versions of NetBSD
GNU/Linux. Due to multiple errors, an attacker could bypass security
restrictions, obtain sensitive information, gain elevated privileges, execute
arbitrary code, cause a denial of service condition and crash the
system.
URL:ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2015-003.txt.asc
URL:ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2015-004.txt.asc
URL:ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2015-005.txt.asc
URL:ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2015-006.txt.asc
40.
Security Updates in SUSE
(SUSE-SU-2015:0553-1, SUSE-SU-2015:0553-2, openSUSE-SU-2015:0566-1,
openSUSE-SU-2015:0567-1)
[23/03/2015] SUSE has
released security update packages for fixing the vulnerabilities identified in
the compat-openssl098 package of SUSE Linux Enterprise 12, kernel and Firefox
31.5.3 packages of openSUSE Evergreen 11.4. Due to multiple errors, an attacker
could bypass security restrictions, obtain sensitive information, gain elevated
privileges, execute arbitrary code, cause a denial of service condition and
crash the
system.
URL:lists.opensuse.org/opensuse-security-announce/2015-03/msg00023.html
URL:lists.opensuse.org/opensuse-security-announce/2015-03/msg00024.html
URL:lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html
URL:lists.opensuse.org/opensuse-security-announce/2015-03/msg00026.html
41.
Security Updates in Ubuntu GNU/Linux
(USN-2538-1)
[23/03/2015] Ubuntu has
released security update packages for fixing the vulnerabilities identified in
the firefox package for versions 12.04 LTS, 14.04 LTS and 14.10 of Ubuntu
GNU/Linux. Due to multiple errors, an attacker could bypass security
restrictions, gain elevated privileges and execute arbitrary
code.
URL:www.ubuntu.com/usn/usn-2538-1/
Sunday, March 29, 2015
IT Security Alerts Weekly Digest (22 Mar ~ 28 Mar 2015)
Monday, March 23, 2015
IT Security Alerts Weekly Digest (15 Mar ~ 21 Mar 2015)
1. Information
Updates on Microsoft Security Advisory (3046310)
[20/03/2015] Microsoft has updated information on the Security Advisory for the Microsoft Windows. KB3046310 was rereleased to announce that the update for supported editions of Windows Server 2003 is now available.
URL:technet.microsoft.com/en-us/library/security/3046310
2. Vulnerabilities in OpenSSL
[20/03/2015] Vulnerabilities were identified in the OpenSSL. An attacker could bypass security restrictions, cause a denial of service condition and crash the system. These vulnerabilities affect versions prior to 0.9.8zf, 1.0.0r, 1.0.1m and 1.0.2a, of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:openssl.org/news/secadv_20150319.txt
URL:www.hkcert.org/my_url/en/alert/15032002
URL:www.us-cert.gov/ncas/current-activity/2015/03/19/OpenSSL-Patches-Multiple-Vulnerabilities
URL:exchange.xforce.ibmcloud.com/#/vulnerabilities/101663
URL:exchange.xforce.ibmcloud.com/#/vulnerabilities/101664
URL:exchange.xforce.ibmcloud.com/#/vulnerabilities/101665
URL:exchange.xforce.ibmcloud.com/#/vulnerabilities/101666
URL:exchange.xforce.ibmcloud.com/#/vulnerabilities/101667
URL:exchange.xforce.ibmcloud.com/#/vulnerabilities/101668
URL:exchange.xforce.ibmcloud.com/#/vulnerabilities/101669
URL:exchange.xforce.ibmcloud.com/#/vulnerabilities/101670
URL:exchange.xforce.ibmcloud.com/#/vulnerabilities/101671
URL:exchange.xforce.ibmcloud.com/#/vulnerabilities/101672
URL:exchange.xforce.ibmcloud.com/#/vulnerabilities/101673
URL:exchange.xforce.ibmcloud.com/#/vulnerabilities/101674
URL:exchange.xforce.ibmcloud.com/#/vulnerabilities/101675
3. Vulnerabilities in IBM WebSphere Application Server (1697368)
[20/03/2015] Vulnerabilities were identified in IBM WebSphere Application Server. An attacker could obtain sensitive information. These vulnerabilities affect multiple versions of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:www-01.ibm.com/support/docview.wss?uid=swg21697368
4. Vulnerabilities in Apple OS X Yosemite (HT204563)
[20/03/2015] Vulnerabilities were identified in Apple OS X Yosemite. An attacker could bypass security restrictions, gain elevated privileges and execute arbitrary code. These vulnerabilities affect version 10.10.2 of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:support.apple.com/en-us/HT204563
5. Vulnerabilities in Novell Products (5203210, 5203230, 5203250, 5203330)
[20/03/2015] Vulnerabilities were identified in the Novell Messenger and NetIQ Sentinel Log Manager. An attacker could bypass security restrictions, execute arbitrary code and perform code injection attacks. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:download.novell.com/Download?buildid=eI3Luh-KW4U~
URL:download.novell.com/Download?buildid=hWddGUebvUI~
URL:download.novell.com/Download?buildid=Pz1STL6q_Q4~
URL:download.novell.com/Download?buildid=Xj0pmdmfXwA~
6. Vulnerability in Huawei Switch Products (Huawei-SA-20150319-01- Campus switch)
[20/03/2015] Vulnerability was identified in multiple Huawei Switch Products. An attacker could bypass security restrictions, execute arbitrary code, cause a denial of service condition and crash the system. This vulnerability affects multiple firmware versions of the mentioned products. Security patches are available to resolve this vulnerability.
URL:www.huawei.com/en/security/psirt/security-bulletins/security-advisories/archive/hw-418554.htm
7. Vulnerabilities in Drupal (DRUPAL-SA-CORE-2015-001)
[20/03/2015] Vulnerabilities were identified in the Drupal. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system. These vulnerabilities affect versions 6.x and 7.x of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:www.drupal.org/SA-CORE-2015-001
URL:www.us-cert.gov/ncas/current-activity/2015/03/19/Drupal-Releases-Security-Updates
8. Security Updates in Oracle Linux (ELSA-2015-3012)
[20/03/2015] Oracle has released security update packages for fixing the vulnerabilities identified in the kernel package for Oracle Linux 6 and 7. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:linux.oracle.com/errata/ELSA-2015-3012.html
9. Security Updates in Debian (DSA-3197-1)
[20/03/2015] Debian has released security update packages for fixing the vulnerabilities identified in the openssl package for multiple versions of Debian GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, cause a denial of service condition and crash the system.
URL:www.debian.org/security/2015/dsa-3197
10. Security Updates in Gentoo Linux (GLSA 201503-10, GLSA 201503-11)
[20/03/2015] Gentoo has released security update packages for fixing the vulnerabilities identified in the python and openssl packages for multiple versions of Gentoo Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and crash the system.
URL:security.gentoo.org/glsa/201503-10
URL:security.gentoo.org/glsa/201503-11
11. Security Updates in Mageia (MGASA-2015-0108, MGASA-2015-0109)
[20/03/2015] Mageia has released security update packages for fixing the vulnerabilities identified in the moodle and openssl packages for multiple versions of Mageia. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the system.
URL:advisories.mageia.org/MGASA-2015-0110.html
URL:advisories.mageia.org/MGASA-2015-0111.html
12. Security Updates in SUSE (SUSE-SU-2015:0541-1)
[20/03/2015] SUSE has released security update packages for fixing the vulnerabilities identified in the openssl package of SUSE Linux Enterprise 12. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the system.
URL:lists.opensuse.org/opensuse-security-announce/2015-03/msg00022.html
13. Security Updates in Ubuntu GNU/Linux (USN-2534-1, USN-2535-1, USN-2536-1, USN-2537-1)
[20/03/2015] Ubuntu has released security update packages for fixing the vulnerabilities identified in the libav, php5, libxfont and openssl packages for versions 10.04 LTS, 12.04 LTS, 14.04 LTS and 14.10 of Ubuntu GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, gain elevated privileges, cause a denial of service condition and crash the system.
URL:www.ubuntu.com/usn/usn-2534-1/
URL:www.ubuntu.com/usn/usn-2535-1/
URL:www.ubuntu.com/usn/usn-2536-1/
URL:www.ubuntu.com/usn/usn-2537-1/
URL:www.us-cert.gov/ncas/current-activity/2015/03/19/Ubuntu-Releases-Security-Update
14. Vulnerability in Apache Batik (101614)
[19/03/2015] Vulnerability was identified in the Apache Batik. An attacker could obtain sensitive information. This vulnerability affects versions prior to 1.8 of the mentioned product. Security patches are available to resolve this vulnerability.
URL:exchange.xforce.ibmcloud.com/#/vulnerabilities/101614
15. Vulnerabilities in Huawei Products (Huawei-SA-20150318-01-AR1220, Huawei-SA-20150318-01-UDS, Huawei-SA-20150318-02-UDS)
[19/03/2015] Vulnerabilities were identified in Huawei OceanStor UDS massive storage system and Huawei AR1220 router. An attacker could cause a denial of service condition, perform code injection, execute arbitrary code, obtain sensitive information and compromise the devices. These vulnerabilities affect multiple versions of the Huawei products. Security patches are available to resolve these vulnerabilities.
URL:www.huawei.com/en/security/psirt/security-bulletins/security-advisories/archive/hw-417837.htm
URL:www.huawei.com/en/security/psirt/security-bulletins/security-advisories/archive/hw-417839.htm
URL:www.huawei.com/en/security/psirt/security-bulletins/security-advisories/archive/hw-417840.htm
16. Vulnerabilities in X.Org libXfont (101608, 101609, 101610)
[19/03/2015] Vulnerabilities were identified in X.Org libXfont. An attacker could gain escalated privileges, execute arbitrary code and cause a denial of service condition. These vulnerabilities affect versions 1.4.7 and prior of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:exchange.xforce.ibmcloud.com/#/vulnerabilities/101608
URL:exchange.xforce.ibmcloud.com/#/vulnerabilities/101609
URL:exchange.xforce.ibmcloud.com/#/vulnerabilities/101610
17. Security Updates in Oracle Linux (ELSA-2015-0700)
[19/03/2015] Oracle has released security update packages for fixing the vulnerabilities identified in the unzip package for Oracle Linux 6 and 7. Due to multiple errors, an attacker could cause buffer overflow, crash the application and execute arbitrary code.
URL:linux.oracle.com/errata/ELSA-2015-0700.html
18. Security Updates in Debian (DSA-3195-1, DSA-3196-1)
[19/03/2015] Debian has released security update packages for fixing the vulnerabilities identified in the php5 and file packages for multiple versions of Debian GNU/Linux. Due to multiple errors, an attacker could cause buffer overflow and a denial of service condition.
URL:www.debian.org/security/2015/dsa-3195
URL:www.debian.org/security/2015/dsa-3196
19. Security Updates in Red Hat Enterprise Linux (RHSA-2015:0698-1, RHSA-2015:0699-1, RHSA-2015:0700-1)
[19/03/2015] Red Hat has released security update packages for fixing the vulnerabilities identified in the rhevm-spice-client package for Red Hat Enterprise Virtualization Manager 3, postgresql92-postgresql package for Red Hat Software Collections 1 and unzip package for Red Hat Enterprise Linux 6 and 7. Due to multiple errors, an attacker could obtain sensitive information, crash the application, execute arbitrary code and cause buffer overflow.
URL:rhn.redhat.com/errata/RHSA-2015-0698.html
URL:rhn.redhat.com/errata/RHSA-2015-0699.html
URL:rhn.redhat.com/errata/RHSA-2015-0700.html
20. Security Updates in SUSE (SUSE-SU-2015:0529-1)
[19/03/2015] SUSE has released security update packages for fixing the vulnerabilities identified in the Linux Kernel package of SUSE Linux Enterprise 12. Due to multiple errors, an attacker could bypass security restrictions, crash the system and obtain sensitive information.
URL:lists.opensuse.org/opensuse-security-announce/2015-03/msg00020.html
21. Information Updates on Microsoft Security Bulletins (3002657, 3038680)
[18/03/2015] Microsoft has updated information on the Security Bulletins for the Microsoft Windows. (A) KB3002657 addressed a packaging issue for customers who are repeatedly reoffered security update 3033395 when installed on systems running supported editions of Windows Server 2003. (B) KB3038680 addressed a connectivity issue with update 3002657 when installed on supported editions of Windows Server 2003.
URL:technet.microsoft.com/en-US/library/security/MS15-025
URL:technet.microsoft.com/en-US/library/security/MS15-027
22. Vulnerabilities in Apple Safari (HT204560)
[18/03/2015] Vulnerabilities were identified in the Apple Safari. An attacker could crash the application, execute arbitrary code and perform phishing attack. These vulnerabilities affect versions 6.2.4, 7.1.4 and 8.0.4 of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:support.apple.com/en-us/HT204560
23. Vulnerability in eXtplorer (101595)
[18/03/2015] Vulnerabilities were identified in the eXtplorer. An attacker could perform cross-site scripting attacks. This vulnerability affects versions 2.1.6 and prior of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:exchange.xforce.ibmcloud.com/#/vulnerabilities/101595
24. Security Updates in Oracle Linux (ELSA-2015-0696)
[18/03/2015] Oracle has released security update packages for fixing the vulnerabilities identified in the freetype package for Oracle Linux 6 and 7. Due to multiple errors, an attacker could cause buffer overflow.
URL:linux.oracle.com/errata/ELSA-2015-0696.html
25. Security Updates in Debian (DSA-3192-1, DSA-3193-1, DSA-3194-1)
[18/03/2015] Debian has released security update packages for fixing the vulnerabilities identified in the checkpw, tcpdump and libxfont packages for multiple versions of Debian GNU/Linux. Due to multiple errors, an attacker could cause a denial of service condition, crash the application, execute arbitrary code and gain escalated privileges.
URL:www.debian.org/security/2015/dsa-3192
URL:www.debian.org/security/2015/dsa-3193
URL:www.debian.org/security/2015/dsa-3194
26. Security Updates in Red Hat Enterprise Linux (RHSA-2015:0694-1, RHSA-2015:0695-1, RHSA-2015:0696-1, RHSA-2015:0697-1)
[18/03/2015] Red Hat has released security update packages for fixing the vulnerabilities identified in the kernel-rt, kernel, freetype and flash-plugin packages for Red Hat Enterprise Linux 5, 6 and 7. Due to multiple errors, an attacker could gain elevated privileges, crash the system and execute arbitrary code.
URL:rhn.redhat.com/errata/RHSA-2015-0694.html
URL:rhn.redhat.com/errata/RHSA-2015-0695.html
URL:rhn.redhat.com/errata/RHSA-2015-0696.html
URL:rhn.redhat.com/errata/RHSA-2015-0697.html
27. Vulnerabilities in Microsoft Products (3046310)
[17/03/2015] Vulnerabilities were identified in Microsoft Windows and Microsoft .NET Framework. An attacker could bypass security restrictions, execute arbitrary code, perform spoof content, phishing or man-in-the-middle attacks, cause a denial of service condition and crash the system. These vulnerabilities affect all supported releases of Microsoft Windows, and version 4.03 of Microsoft .NET Framework. Security patches are available to resolve the vulnerability in Microsoft Windows.
URL:technet.microsoft.com/en-us/library/security/3046310
URL:exchange.xforce.ibmcloud.com/#/vulnerabilities/101572
28. Vulnerabilities in Cisco AnyConnect Secure Mobility Client
[17/03/2015] Vulnerabilities were identified in the Cisco AnyConnect Secure Mobility Client. An attacker could bypass security restrictions, obtain sensitive information and execute arbitrary code. These vulnerabilities affect multiple firmware versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:tools.cisco.com/security/center/viewAlert.x?alertId=37860
URL:tools.cisco.com/security/center/viewAlert.x?alertId=37861
URL:tools.cisco.com/security/center/viewAlert.x?alertId=37862
URL:tools.cisco.com/security/center/viewAlert.x?alertId=37863
URL:exchange.xforce.ibmcloud.com/#/vulnerabilities/101568
URL:exchange.xforce.ibmcloud.com/#/vulnerabilities/101569
URL:exchange.xforce.ibmcloud.com/#/vulnerabilities/101570
URL:exchange.xforce.ibmcloud.com/#/vulnerabilities/101571
29. Vulnerability in Citrix Netscaler (101573)
[17/03/2015] Vulnerability was identified in Citrix Netscaler. An attacker could bypass security restrictions and execute arbitrary code. This vulnerability affects version 10.5 of the mentioned product.
URL:exchange.xforce.ibmcloud.com/#/vulnerabilities/101573
30. Vulnerabilities in D-Link Products (VU#184100, VU#377348)
[17/03/2015] Vulnerabilities were identified in multiple D-links products. An attacker could bypass security restrictions, execute arbitrary code and perform code injection attacks. These vulnerabilities affect multiple firmware versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:www.kb.cert.org/vuls/id/184100
URL:www.kb.cert.org/vuls/id/377348
URL:www.hkcert.org/my_url/en/alert/15031701
31. Vulnerability in Huawei Products (Huawei-SA-20150316-01-NTPd)
[17/03/2015] Vulnerability was identified in multiple Huawei Products. An attacker could bypass security restrictions, execute arbitrary code, cause a denial of service condition and crash the system. This vulnerability affects multiple firmware versions of the mentioned products. Security patches are available to resolve this vulnerability.
URL:www.huawei.com/en/security/psirt/security-bulletins/security-advisories/archive/hw-417665.htm
32. Security Updates in Debian (DSA-3188-1, DSA-3189-1, DSA-3190-1)
[17/03/2015] Debian has released security update packages for fixing the vulnerabilities identified in the freetype, libav and putty packages for multiple versions of Debian GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and crash the system.
URL:www.debian.org/security/2015/dsa-3188
URL:www.debian.org/security/2015/dsa-3189
URL:www.debian.org/security/2015/dsa-3190
33. Security Updates in Gentoo Linux (GLSA 201503-08, GLSA 201503-09)
[17/03/2015] Gentoo has released security update packages for fixing the vulnerabilities identified in the file and adobe-flash packages for multiple versions of Gentoo Linux. Due to multiple errors, an attacker could bypass security restrictions, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the system.
URL:security.gentoo.org/glsa/201503-08
URL:security.gentoo.org/glsa/201503-09
34. Security Updates in SUSE (SUSE-SU-2015:0503-1, openSUSE-SU-2015:0505-1)
[17/03/2015] SUSE has released security update packages for fixing the vulnerabilities identified in the java-1_7_0-openjdk and chromium packages of SUSE Linux Enterprise 12, openSUSE 13.1 and 13.2. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:lists.opensuse.org/opensuse-security-announce/2015-03/msg00018.html
URL:lists.opensuse.org/opensuse-security-announce/2015-03/msg00019.html
35. Security Updates in Ubuntu GNU/Linux (USN-2531-1, USN-2532-1, USN-2533-1)
[17/03/2015] Ubuntu has released security update packages for fixing the vulnerabilities identified in the requests, cups-filters and sudo packages for versions 10.04 LTS, 12.04 LTS, 14.04 LTS and 14.10 of Ubuntu GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, perform session fixation or cookie stealing attacks, cause a denial of service condition and crash the system.
URL:www.ubuntu.com/usn/usn-2531-1/
URL:www.ubuntu.com/usn/usn-2532-1/
URL:www.ubuntu.com/usn/usn-2533-1/
36. Vulnerabilities in HP ArcSight Enterprise Security Manager (101545, 101546)
[16/03/2015] Vulnerabilities were identified in the HP ArcSight Enterprise Security Manager. An attacker could bypass security restrictions and gain unauthorized access to the system. These vulnerabilities affect versions 6.5 an d 6.8 of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:exchange.xforce.ibmcloud.com/#/vulnerabilities/101545
URL:exchange.xforce.ibmcloud.com/#/vulnerabilities/101546
37. Vulnerabilities in Novell Filr (5202810, 5202830)
[16/03/2015] Vulnerabilities were identified in the Novell Filr. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system. These vulnerabilities affect versions 1.0.1 and 1.1.0 of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:download.novell.com/Download?buildid=Edy2dPHxNPU~
URL:download.novell.com/Download?buildid=nzcla0OuzWE~
38. Vulnerabilities in WordPress (101517, 101518, 101519, 101520, 101523)
[16/03/2015] Vulnerabilities were identified in the SEO by Yoast, WPML and Huge-IT slider plugins for WordPress. An attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code and perform code injection and cross-site scripting attacks. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:exchange.xforce.ibmcloud.com/#/vulnerabilities/101517
URL:exchange.xforce.ibmcloud.com/#/vulnerabilities/101518
URL:exchange.xforce.ibmcloud.com/#/vulnerabilities/101519
URL:exchange.xforce.ibmcloud.com/#/vulnerabilities/101520
URL:exchange.xforce.ibmcloud.com/#/vulnerabilities/101523
39. Security Updates in Oracle Linux (ELSA-2015-3013, ELSA-2015-3014, ELSA-2015-3015)
[16/03/2015] Oracle has released security update packages for fixing the vulnerabilities identified in the kernel packages for Oracle Linux 5, 6 and 7. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:linux.oracle.com/errata/ELSA-2015-3013.html
URL:linux.oracle.com/errata/ELSA-2015-3014.html
URL:linux.oracle.com/errata/ELSA-2015-3015.html
40. Security Updates in Debian (DSA-3186-1, DSA-3187-1, DSA-3191-1)
[16/03/2015] Debian has released security update packages for fixing the vulnerabilities identified in the nss, icu and gnutls26 packages for multiple versions of Debian GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, perform data-smuggling attack, cause a denial of service condition and crash the system.
URL:www.debian.org/security/2015/dsa-3186
URL:www.debian.org/security/2015/dsa-3187
URL:www.debian.org/security/2015/dsa-3191
41. Security Updates in Gentoo Linux (GLSA 201503-06, GLSA 201503-07)
[16/03/2015] Gentoo has released security update packages for fixing the vulnerabilities identified in the icu and hivex packages for multiple versions of Gentoo Linux. Due to multiple errors, an attacker could bypass security restrictions, gain elevated privileges, execute arbitrary code and cause a denial of service condition.
URL:security.gentoo.org/glsa/201503-06
URL:security.gentoo.org/glsa/201503-07
42. Security Updates in Mageia (MGASA-2015-0108, MGASA-2015-0109)
[16/03/2015] Mageia has released security update packages for fixing the vulnerabilities identified in the 389-ds-base and flash-player-plugin packages for multiple versions of Mageia. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:advisories.mageia.org/MGASA-2015-0108.html
URL:advisories.mageia.org/MGASA-2015-0109.html
43. Security Updates in Mandriva (MDVSA-2015:058, MDVSA-2015:059, MDVSA-2015:060, MDVSA-2015:061)
[16/03/2015] Mandriva has released security update packages for fixing the vulnerabilities identified in the kernel, nss, yaml and emu packages for version MBS1 of Mandriva GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2015%3A058/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2015%3A059/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2015%3A060/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2015%3A061/
44. Security Updates in SUSE (openSUSE-SU-2015:0490-1, SUSE-SU-2015:0491-1, SUSE-SU-2015:0493-1, openSUSE-SU-2015:0496-1)
[16/03/2015] SUSE has released security update packages for fixing the vulnerabilities identified in the flash-player package of SUSE Linux Enterprise 11 and 12, openSUSE 11.4, 13.1 and 13.2. Due to multiple errors, an attacker could bypass security restrictions, execute arbitrary code and compromise the system.
URL:lists.opensuse.org/opensuse-security-announce/2015-03/msg00014.html
URL:lists.opensuse.org/opensuse-security-announce/2015-03/msg00015.html
URL:lists.opensuse.org/opensuse-security-announce/2015-03/msg00016.html
URL:lists.opensuse.org/opensuse-security-announce/2015-03/msg00017.html
[20/03/2015] Microsoft has updated information on the Security Advisory for the Microsoft Windows. KB3046310 was rereleased to announce that the update for supported editions of Windows Server 2003 is now available.
URL:technet.microsoft.com/en-us/library/security/3046310
2. Vulnerabilities in OpenSSL
[20/03/2015] Vulnerabilities were identified in the OpenSSL. An attacker could bypass security restrictions, cause a denial of service condition and crash the system. These vulnerabilities affect versions prior to 0.9.8zf, 1.0.0r, 1.0.1m and 1.0.2a, of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:openssl.org/news/secadv_20150319.txt
URL:www.hkcert.org/my_url/en/alert/15032002
URL:www.us-cert.gov/ncas/current-activity/2015/03/19/OpenSSL-Patches-Multiple-Vulnerabilities
URL:exchange.xforce.ibmcloud.com/#/vulnerabilities/101663
URL:exchange.xforce.ibmcloud.com/#/vulnerabilities/101664
URL:exchange.xforce.ibmcloud.com/#/vulnerabilities/101665
URL:exchange.xforce.ibmcloud.com/#/vulnerabilities/101666
URL:exchange.xforce.ibmcloud.com/#/vulnerabilities/101667
URL:exchange.xforce.ibmcloud.com/#/vulnerabilities/101668
URL:exchange.xforce.ibmcloud.com/#/vulnerabilities/101669
URL:exchange.xforce.ibmcloud.com/#/vulnerabilities/101670
URL:exchange.xforce.ibmcloud.com/#/vulnerabilities/101671
URL:exchange.xforce.ibmcloud.com/#/vulnerabilities/101672
URL:exchange.xforce.ibmcloud.com/#/vulnerabilities/101673
URL:exchange.xforce.ibmcloud.com/#/vulnerabilities/101674
URL:exchange.xforce.ibmcloud.com/#/vulnerabilities/101675
3. Vulnerabilities in IBM WebSphere Application Server (1697368)
[20/03/2015] Vulnerabilities were identified in IBM WebSphere Application Server. An attacker could obtain sensitive information. These vulnerabilities affect multiple versions of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:www-01.ibm.com/support/docview.wss?uid=swg21697368
4. Vulnerabilities in Apple OS X Yosemite (HT204563)
[20/03/2015] Vulnerabilities were identified in Apple OS X Yosemite. An attacker could bypass security restrictions, gain elevated privileges and execute arbitrary code. These vulnerabilities affect version 10.10.2 of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:support.apple.com/en-us/HT204563
5. Vulnerabilities in Novell Products (5203210, 5203230, 5203250, 5203330)
[20/03/2015] Vulnerabilities were identified in the Novell Messenger and NetIQ Sentinel Log Manager. An attacker could bypass security restrictions, execute arbitrary code and perform code injection attacks. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:download.novell.com/Download?buildid=eI3Luh-KW4U~
URL:download.novell.com/Download?buildid=hWddGUebvUI~
URL:download.novell.com/Download?buildid=Pz1STL6q_Q4~
URL:download.novell.com/Download?buildid=Xj0pmdmfXwA~
6. Vulnerability in Huawei Switch Products (Huawei-SA-20150319-01- Campus switch)
[20/03/2015] Vulnerability was identified in multiple Huawei Switch Products. An attacker could bypass security restrictions, execute arbitrary code, cause a denial of service condition and crash the system. This vulnerability affects multiple firmware versions of the mentioned products. Security patches are available to resolve this vulnerability.
URL:www.huawei.com/en/security/psirt/security-bulletins/security-advisories/archive/hw-418554.htm
7. Vulnerabilities in Drupal (DRUPAL-SA-CORE-2015-001)
[20/03/2015] Vulnerabilities were identified in the Drupal. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system. These vulnerabilities affect versions 6.x and 7.x of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:www.drupal.org/SA-CORE-2015-001
URL:www.us-cert.gov/ncas/current-activity/2015/03/19/Drupal-Releases-Security-Updates
8. Security Updates in Oracle Linux (ELSA-2015-3012)
[20/03/2015] Oracle has released security update packages for fixing the vulnerabilities identified in the kernel package for Oracle Linux 6 and 7. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:linux.oracle.com/errata/ELSA-2015-3012.html
9. Security Updates in Debian (DSA-3197-1)
[20/03/2015] Debian has released security update packages for fixing the vulnerabilities identified in the openssl package for multiple versions of Debian GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, cause a denial of service condition and crash the system.
URL:www.debian.org/security/2015/dsa-3197
10. Security Updates in Gentoo Linux (GLSA 201503-10, GLSA 201503-11)
[20/03/2015] Gentoo has released security update packages for fixing the vulnerabilities identified in the python and openssl packages for multiple versions of Gentoo Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and crash the system.
URL:security.gentoo.org/glsa/201503-10
URL:security.gentoo.org/glsa/201503-11
11. Security Updates in Mageia (MGASA-2015-0108, MGASA-2015-0109)
[20/03/2015] Mageia has released security update packages for fixing the vulnerabilities identified in the moodle and openssl packages for multiple versions of Mageia. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the system.
URL:advisories.mageia.org/MGASA-2015-0110.html
URL:advisories.mageia.org/MGASA-2015-0111.html
12. Security Updates in SUSE (SUSE-SU-2015:0541-1)
[20/03/2015] SUSE has released security update packages for fixing the vulnerabilities identified in the openssl package of SUSE Linux Enterprise 12. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the system.
URL:lists.opensuse.org/opensuse-security-announce/2015-03/msg00022.html
13. Security Updates in Ubuntu GNU/Linux (USN-2534-1, USN-2535-1, USN-2536-1, USN-2537-1)
[20/03/2015] Ubuntu has released security update packages for fixing the vulnerabilities identified in the libav, php5, libxfont and openssl packages for versions 10.04 LTS, 12.04 LTS, 14.04 LTS and 14.10 of Ubuntu GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, gain elevated privileges, cause a denial of service condition and crash the system.
URL:www.ubuntu.com/usn/usn-2534-1/
URL:www.ubuntu.com/usn/usn-2535-1/
URL:www.ubuntu.com/usn/usn-2536-1/
URL:www.ubuntu.com/usn/usn-2537-1/
URL:www.us-cert.gov/ncas/current-activity/2015/03/19/Ubuntu-Releases-Security-Update
14. Vulnerability in Apache Batik (101614)
[19/03/2015] Vulnerability was identified in the Apache Batik. An attacker could obtain sensitive information. This vulnerability affects versions prior to 1.8 of the mentioned product. Security patches are available to resolve this vulnerability.
URL:exchange.xforce.ibmcloud.com/#/vulnerabilities/101614
15. Vulnerabilities in Huawei Products (Huawei-SA-20150318-01-AR1220, Huawei-SA-20150318-01-UDS, Huawei-SA-20150318-02-UDS)
[19/03/2015] Vulnerabilities were identified in Huawei OceanStor UDS massive storage system and Huawei AR1220 router. An attacker could cause a denial of service condition, perform code injection, execute arbitrary code, obtain sensitive information and compromise the devices. These vulnerabilities affect multiple versions of the Huawei products. Security patches are available to resolve these vulnerabilities.
URL:www.huawei.com/en/security/psirt/security-bulletins/security-advisories/archive/hw-417837.htm
URL:www.huawei.com/en/security/psirt/security-bulletins/security-advisories/archive/hw-417839.htm
URL:www.huawei.com/en/security/psirt/security-bulletins/security-advisories/archive/hw-417840.htm
16. Vulnerabilities in X.Org libXfont (101608, 101609, 101610)
[19/03/2015] Vulnerabilities were identified in X.Org libXfont. An attacker could gain escalated privileges, execute arbitrary code and cause a denial of service condition. These vulnerabilities affect versions 1.4.7 and prior of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:exchange.xforce.ibmcloud.com/#/vulnerabilities/101608
URL:exchange.xforce.ibmcloud.com/#/vulnerabilities/101609
URL:exchange.xforce.ibmcloud.com/#/vulnerabilities/101610
17. Security Updates in Oracle Linux (ELSA-2015-0700)
[19/03/2015] Oracle has released security update packages for fixing the vulnerabilities identified in the unzip package for Oracle Linux 6 and 7. Due to multiple errors, an attacker could cause buffer overflow, crash the application and execute arbitrary code.
URL:linux.oracle.com/errata/ELSA-2015-0700.html
18. Security Updates in Debian (DSA-3195-1, DSA-3196-1)
[19/03/2015] Debian has released security update packages for fixing the vulnerabilities identified in the php5 and file packages for multiple versions of Debian GNU/Linux. Due to multiple errors, an attacker could cause buffer overflow and a denial of service condition.
URL:www.debian.org/security/2015/dsa-3195
URL:www.debian.org/security/2015/dsa-3196
19. Security Updates in Red Hat Enterprise Linux (RHSA-2015:0698-1, RHSA-2015:0699-1, RHSA-2015:0700-1)
[19/03/2015] Red Hat has released security update packages for fixing the vulnerabilities identified in the rhevm-spice-client package for Red Hat Enterprise Virtualization Manager 3, postgresql92-postgresql package for Red Hat Software Collections 1 and unzip package for Red Hat Enterprise Linux 6 and 7. Due to multiple errors, an attacker could obtain sensitive information, crash the application, execute arbitrary code and cause buffer overflow.
URL:rhn.redhat.com/errata/RHSA-2015-0698.html
URL:rhn.redhat.com/errata/RHSA-2015-0699.html
URL:rhn.redhat.com/errata/RHSA-2015-0700.html
20. Security Updates in SUSE (SUSE-SU-2015:0529-1)
[19/03/2015] SUSE has released security update packages for fixing the vulnerabilities identified in the Linux Kernel package of SUSE Linux Enterprise 12. Due to multiple errors, an attacker could bypass security restrictions, crash the system and obtain sensitive information.
URL:lists.opensuse.org/opensuse-security-announce/2015-03/msg00020.html
21. Information Updates on Microsoft Security Bulletins (3002657, 3038680)
[18/03/2015] Microsoft has updated information on the Security Bulletins for the Microsoft Windows. (A) KB3002657 addressed a packaging issue for customers who are repeatedly reoffered security update 3033395 when installed on systems running supported editions of Windows Server 2003. (B) KB3038680 addressed a connectivity issue with update 3002657 when installed on supported editions of Windows Server 2003.
URL:technet.microsoft.com/en-US/library/security/MS15-025
URL:technet.microsoft.com/en-US/library/security/MS15-027
22. Vulnerabilities in Apple Safari (HT204560)
[18/03/2015] Vulnerabilities were identified in the Apple Safari. An attacker could crash the application, execute arbitrary code and perform phishing attack. These vulnerabilities affect versions 6.2.4, 7.1.4 and 8.0.4 of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:support.apple.com/en-us/HT204560
23. Vulnerability in eXtplorer (101595)
[18/03/2015] Vulnerabilities were identified in the eXtplorer. An attacker could perform cross-site scripting attacks. This vulnerability affects versions 2.1.6 and prior of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:exchange.xforce.ibmcloud.com/#/vulnerabilities/101595
24. Security Updates in Oracle Linux (ELSA-2015-0696)
[18/03/2015] Oracle has released security update packages for fixing the vulnerabilities identified in the freetype package for Oracle Linux 6 and 7. Due to multiple errors, an attacker could cause buffer overflow.
URL:linux.oracle.com/errata/ELSA-2015-0696.html
25. Security Updates in Debian (DSA-3192-1, DSA-3193-1, DSA-3194-1)
[18/03/2015] Debian has released security update packages for fixing the vulnerabilities identified in the checkpw, tcpdump and libxfont packages for multiple versions of Debian GNU/Linux. Due to multiple errors, an attacker could cause a denial of service condition, crash the application, execute arbitrary code and gain escalated privileges.
URL:www.debian.org/security/2015/dsa-3192
URL:www.debian.org/security/2015/dsa-3193
URL:www.debian.org/security/2015/dsa-3194
26. Security Updates in Red Hat Enterprise Linux (RHSA-2015:0694-1, RHSA-2015:0695-1, RHSA-2015:0696-1, RHSA-2015:0697-1)
[18/03/2015] Red Hat has released security update packages for fixing the vulnerabilities identified in the kernel-rt, kernel, freetype and flash-plugin packages for Red Hat Enterprise Linux 5, 6 and 7. Due to multiple errors, an attacker could gain elevated privileges, crash the system and execute arbitrary code.
URL:rhn.redhat.com/errata/RHSA-2015-0694.html
URL:rhn.redhat.com/errata/RHSA-2015-0695.html
URL:rhn.redhat.com/errata/RHSA-2015-0696.html
URL:rhn.redhat.com/errata/RHSA-2015-0697.html
27. Vulnerabilities in Microsoft Products (3046310)
[17/03/2015] Vulnerabilities were identified in Microsoft Windows and Microsoft .NET Framework. An attacker could bypass security restrictions, execute arbitrary code, perform spoof content, phishing or man-in-the-middle attacks, cause a denial of service condition and crash the system. These vulnerabilities affect all supported releases of Microsoft Windows, and version 4.03 of Microsoft .NET Framework. Security patches are available to resolve the vulnerability in Microsoft Windows.
URL:technet.microsoft.com/en-us/library/security/3046310
URL:exchange.xforce.ibmcloud.com/#/vulnerabilities/101572
28. Vulnerabilities in Cisco AnyConnect Secure Mobility Client
[17/03/2015] Vulnerabilities were identified in the Cisco AnyConnect Secure Mobility Client. An attacker could bypass security restrictions, obtain sensitive information and execute arbitrary code. These vulnerabilities affect multiple firmware versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:tools.cisco.com/security/center/viewAlert.x?alertId=37860
URL:tools.cisco.com/security/center/viewAlert.x?alertId=37861
URL:tools.cisco.com/security/center/viewAlert.x?alertId=37862
URL:tools.cisco.com/security/center/viewAlert.x?alertId=37863
URL:exchange.xforce.ibmcloud.com/#/vulnerabilities/101568
URL:exchange.xforce.ibmcloud.com/#/vulnerabilities/101569
URL:exchange.xforce.ibmcloud.com/#/vulnerabilities/101570
URL:exchange.xforce.ibmcloud.com/#/vulnerabilities/101571
29. Vulnerability in Citrix Netscaler (101573)
[17/03/2015] Vulnerability was identified in Citrix Netscaler. An attacker could bypass security restrictions and execute arbitrary code. This vulnerability affects version 10.5 of the mentioned product.
URL:exchange.xforce.ibmcloud.com/#/vulnerabilities/101573
30. Vulnerabilities in D-Link Products (VU#184100, VU#377348)
[17/03/2015] Vulnerabilities were identified in multiple D-links products. An attacker could bypass security restrictions, execute arbitrary code and perform code injection attacks. These vulnerabilities affect multiple firmware versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:www.kb.cert.org/vuls/id/184100
URL:www.kb.cert.org/vuls/id/377348
URL:www.hkcert.org/my_url/en/alert/15031701
31. Vulnerability in Huawei Products (Huawei-SA-20150316-01-NTPd)
[17/03/2015] Vulnerability was identified in multiple Huawei Products. An attacker could bypass security restrictions, execute arbitrary code, cause a denial of service condition and crash the system. This vulnerability affects multiple firmware versions of the mentioned products. Security patches are available to resolve this vulnerability.
URL:www.huawei.com/en/security/psirt/security-bulletins/security-advisories/archive/hw-417665.htm
32. Security Updates in Debian (DSA-3188-1, DSA-3189-1, DSA-3190-1)
[17/03/2015] Debian has released security update packages for fixing the vulnerabilities identified in the freetype, libav and putty packages for multiple versions of Debian GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and crash the system.
URL:www.debian.org/security/2015/dsa-3188
URL:www.debian.org/security/2015/dsa-3189
URL:www.debian.org/security/2015/dsa-3190
33. Security Updates in Gentoo Linux (GLSA 201503-08, GLSA 201503-09)
[17/03/2015] Gentoo has released security update packages for fixing the vulnerabilities identified in the file and adobe-flash packages for multiple versions of Gentoo Linux. Due to multiple errors, an attacker could bypass security restrictions, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the system.
URL:security.gentoo.org/glsa/201503-08
URL:security.gentoo.org/glsa/201503-09
34. Security Updates in SUSE (SUSE-SU-2015:0503-1, openSUSE-SU-2015:0505-1)
[17/03/2015] SUSE has released security update packages for fixing the vulnerabilities identified in the java-1_7_0-openjdk and chromium packages of SUSE Linux Enterprise 12, openSUSE 13.1 and 13.2. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:lists.opensuse.org/opensuse-security-announce/2015-03/msg00018.html
URL:lists.opensuse.org/opensuse-security-announce/2015-03/msg00019.html
35. Security Updates in Ubuntu GNU/Linux (USN-2531-1, USN-2532-1, USN-2533-1)
[17/03/2015] Ubuntu has released security update packages for fixing the vulnerabilities identified in the requests, cups-filters and sudo packages for versions 10.04 LTS, 12.04 LTS, 14.04 LTS and 14.10 of Ubuntu GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, perform session fixation or cookie stealing attacks, cause a denial of service condition and crash the system.
URL:www.ubuntu.com/usn/usn-2531-1/
URL:www.ubuntu.com/usn/usn-2532-1/
URL:www.ubuntu.com/usn/usn-2533-1/
36. Vulnerabilities in HP ArcSight Enterprise Security Manager (101545, 101546)
[16/03/2015] Vulnerabilities were identified in the HP ArcSight Enterprise Security Manager. An attacker could bypass security restrictions and gain unauthorized access to the system. These vulnerabilities affect versions 6.5 an d 6.8 of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:exchange.xforce.ibmcloud.com/#/vulnerabilities/101545
URL:exchange.xforce.ibmcloud.com/#/vulnerabilities/101546
37. Vulnerabilities in Novell Filr (5202810, 5202830)
[16/03/2015] Vulnerabilities were identified in the Novell Filr. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system. These vulnerabilities affect versions 1.0.1 and 1.1.0 of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:download.novell.com/Download?buildid=Edy2dPHxNPU~
URL:download.novell.com/Download?buildid=nzcla0OuzWE~
38. Vulnerabilities in WordPress (101517, 101518, 101519, 101520, 101523)
[16/03/2015] Vulnerabilities were identified in the SEO by Yoast, WPML and Huge-IT slider plugins for WordPress. An attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code and perform code injection and cross-site scripting attacks. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:exchange.xforce.ibmcloud.com/#/vulnerabilities/101517
URL:exchange.xforce.ibmcloud.com/#/vulnerabilities/101518
URL:exchange.xforce.ibmcloud.com/#/vulnerabilities/101519
URL:exchange.xforce.ibmcloud.com/#/vulnerabilities/101520
URL:exchange.xforce.ibmcloud.com/#/vulnerabilities/101523
39. Security Updates in Oracle Linux (ELSA-2015-3013, ELSA-2015-3014, ELSA-2015-3015)
[16/03/2015] Oracle has released security update packages for fixing the vulnerabilities identified in the kernel packages for Oracle Linux 5, 6 and 7. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:linux.oracle.com/errata/ELSA-2015-3013.html
URL:linux.oracle.com/errata/ELSA-2015-3014.html
URL:linux.oracle.com/errata/ELSA-2015-3015.html
40. Security Updates in Debian (DSA-3186-1, DSA-3187-1, DSA-3191-1)
[16/03/2015] Debian has released security update packages for fixing the vulnerabilities identified in the nss, icu and gnutls26 packages for multiple versions of Debian GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, perform data-smuggling attack, cause a denial of service condition and crash the system.
URL:www.debian.org/security/2015/dsa-3186
URL:www.debian.org/security/2015/dsa-3187
URL:www.debian.org/security/2015/dsa-3191
41. Security Updates in Gentoo Linux (GLSA 201503-06, GLSA 201503-07)
[16/03/2015] Gentoo has released security update packages for fixing the vulnerabilities identified in the icu and hivex packages for multiple versions of Gentoo Linux. Due to multiple errors, an attacker could bypass security restrictions, gain elevated privileges, execute arbitrary code and cause a denial of service condition.
URL:security.gentoo.org/glsa/201503-06
URL:security.gentoo.org/glsa/201503-07
42. Security Updates in Mageia (MGASA-2015-0108, MGASA-2015-0109)
[16/03/2015] Mageia has released security update packages for fixing the vulnerabilities identified in the 389-ds-base and flash-player-plugin packages for multiple versions of Mageia. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:advisories.mageia.org/MGASA-2015-0108.html
URL:advisories.mageia.org/MGASA-2015-0109.html
43. Security Updates in Mandriva (MDVSA-2015:058, MDVSA-2015:059, MDVSA-2015:060, MDVSA-2015:061)
[16/03/2015] Mandriva has released security update packages for fixing the vulnerabilities identified in the kernel, nss, yaml and emu packages for version MBS1 of Mandriva GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2015%3A058/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2015%3A059/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2015%3A060/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2015%3A061/
44. Security Updates in SUSE (openSUSE-SU-2015:0490-1, SUSE-SU-2015:0491-1, SUSE-SU-2015:0493-1, openSUSE-SU-2015:0496-1)
[16/03/2015] SUSE has released security update packages for fixing the vulnerabilities identified in the flash-player package of SUSE Linux Enterprise 11 and 12, openSUSE 11.4, 13.1 and 13.2. Due to multiple errors, an attacker could bypass security restrictions, execute arbitrary code and compromise the system.
URL:lists.opensuse.org/opensuse-security-announce/2015-03/msg00014.html
URL:lists.opensuse.org/opensuse-security-announce/2015-03/msg00015.html
URL:lists.opensuse.org/opensuse-security-announce/2015-03/msg00016.html
URL:lists.opensuse.org/opensuse-security-announce/2015-03/msg00017.html
Subscribe to:
Posts (Atom)