1. Information
Updates on Microsoft Security Bulletins and Advisory (3038999, 3046049,
3050995)
[27/03/2015]
Microsoft has updated information on the
Security Bulletins and Security Advisory for the Microsoft Office and Microsoft
Windows. (A) KB3038999 corrected the update replacement entry for Microsoft
Excel 2007 Service Pack 3 in the Affected Software table. (B) KB3046049 added an
FAQ directing customers to Microsoft Knowledge Base Article 3050509 for
instructions on how to disable EXPORT ciphers after installing the update on
Windows Server 2003 systems. (C) KB3050995 was rereleased to announce that the
update for supported editions of Windows Server 2003 is now
available.
URL:technet.microsoft.com/en-us/library/security/MS15-022
URL:technet.microsoft.com/en-us/library/security/MS15-031
URL:technet.microsoft.com/en-us/library/security/3050995
2. Vulnerability in Cisco Wireless LAN Controller
(38076)
[27/03/2015]
Vulnerability was identified in the Cisco
Wireless LAN Controller. An attacker could cause a denial of service condition
and crash the devices. This vulnerability affects versions 7.3, 7.4 and possibly
other versions of the mentioned product. Security patches are available to
resolve this
vulnerability.
URL:tools.cisco.com/security/center/viewAlert.x?alertId=38076
URL:exchange.xforce.ibmcloud.com/#/vulnerabilities/101841
3. Vulnerabilities in F-Secure Products
(FSC-2015-2)
[27/03/2015] Vulnerabilities were identified in the F-Secure Internet
Gatekeeper and F-Secure Policy Manager. An attacker could traverse directories
on the system. These vulnerabilities affect multiple versions of the mentioned
product. Security patches are available to resolve these
vulnerabilities.
URL:www.f-secure.com/en/web/labs_global/fsc-2015-2
URL:exchange.xforce.ibmcloud.com/#/vulnerabilities/101826
URL:exchange.xforce.ibmcloud.com/#/vulnerabilities/101827
4. Vulnerability in ANTlabs InnGate
(VU#930956)
[27/03/2015] Vulnerability was identified in the ANTlabs InnGate. An
attacker could bypass security restrictions and gain escalated privileges. This
vulnerability affects multiple models of the mentioned product. Security patches
are available to resolve this
vulnerability.
URL:www.kb.cert.org/vuls/id/930956
URL:exchange.xforce.ibmcloud.com/#/vulnerabilities/101832
5. Vulnerability in PHP
[27/03/2015] Vulnerability was identified in the PHP. An attacker could
execute arbitrary code. This vulnerability affects versions prior to 5.4.39,
5.5.23, 5.6.7 of the mentioned product. Security patches are available to
resolve this
vulnerability.
URL:php.net/ChangeLog-5.php#5.6.7
URL:www.hkcert.org/my_url/en/alert/15032701
6. Security Updates in Oracle Linux (ELSA-2015-0726,
ELSA-2015-0728, ELSA-2015-0729)
[27/03/2015] Oracle has
released security update packages for fixing the vulnerabilities identified in
the kernel, ipa, slapi-nis and setroubleshoot packages for Oracle Linux 5, 6 and
7. Due to multiple errors, an attacker could gain escalated privileges and crash
the
system.
URL:linux.oracle.com/errata/ELSA-2015-0726.html
URL:linux.oracle.com/errata/ELSA-2015-0728.html
URL:linux.oracle.com/errata/ELSA-2015-0729.html
7. Security Updates in Red Hat Enterprise Linux
(RHSA-2015:0728-1, RHSA-2015:0729-1)
[27/03/2015] Red Hat
has released security update packages for fixing the vulnerabilities identified
in the ipa, slapi-nis and setroubleshoot packages for Red Hat Enterprise Linux
5, 6 and 7. Due to multiple errors, an attacker could gain escalated privileges
and crash the
system.
URL:rhn.redhat.com/errata/RHSA-2015-0728.html
URL:rhn.redhat.com/errata/RHSA-2015-0729.html
8. Security Updates in openSUSE
(openSUSE-SU-2015:0607-1)
[27/03/2015] SUSE has
released security update packages for fixing the vulnerabilities identified in
the Mozilla Firefox package of openSUSE 13.1 and 13.2. Due to multiple errors,
an attacker could gain escalated privilege and execute arbitrary
code.
URL:lists.opensuse.org/opensuse-security-announce/2015-03/msg00030.html
9. Vulnerabilities in Cisco Products
(cisco-sa-20150325-ani, cisco-sa-20150325-cip, cisco-sa-20150325-ikev2,
cisco-sa-20150325-iosxe, cisco-sa-20150325-mdns, cisco-sa-20150325-tcpleak,
cisco-sa-20150325-wedge)
[26/03/2015] Vulnerabilities were identified in the Cisco IOS Software and
Cisco IOS XE Software. An attacker could cause a denial of service condition and
execute arbitrary code. These vulnerabilities affect multiple versions of the
mentioned products. Security patches are available to resolve these
vulnerabilities.
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150325-ani
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150325-cip
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150325-ikev2
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150325-iosxe
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150325-mdns
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150325-tcpleak
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150325-wedge
URL:www.hkcert.org/my_url/en/alert/15032601
10.
Vulnerability in Linux Kernel
(101789)
[26/03/2015]
Vulnerability was identified in the Linux
Kernel. An attacker could gain elevated privileges. The affected version was not
specified. Security patches are available to resolve this
vulnerability.
URL:exchange.xforce.ibmcloud.com/#/vulnerabilities/101789
11.
Security Updates in Debian
(DSA-3204-1)
[26/03/2015] Debian has
released security update packages for fixing the vulnerabilities identified in
the python-django package for multiple versions of Debian GNU/Linux. An attacker
could perform cross-site scripting
attacks.
URL:www.debian.org/security/2015/dsa-3204
12.
Security Updates in SUSE
(SUSE-SU-2015:0593-1)
[26/03/2015] SUSE has
released security update packages for fixing the vulnerabilities identified in
the Mozilla Firefox package of SUSE Linux Enterprise 11. Due to multiple errors,
an attacker could bypass security restrictions and execute arbitrary
code.
URL:lists.opensuse.org/opensuse-security-announce/2015-03/msg00029.html
13.
Information Updates on Microsoft Security
Advisories (3050995)
[25/03/2015] Microsoft
has published a Security Advisory KB3050995 for Microsoft Windows to remove the
trust of the subordinate CA certificate, which improperly issued digital
certificates that could be used in attemtps to spoof content, perform phishing
attacks and perform man-in-the-middle
attacks.
URL:technet.microsoft.com/en-gb/library/security/3050995
14.
Vulnerability in EMC Documentum xMS
(101741)
[25/03/2015]
Vulnerability was identified in the EMC
Documentum xMS. An attacker could obtain sensitive information. This
vulnerability affects version 1.1 of the mentioned product. Security patches are
available to resolve this
vulnerability.
URL:exchange.xforce.ibmcloud.com/#/vulnerabilities/101741
15.
Vulnerability in TERASOLUNA Server
Framework for Java(WEB) (101770)
[25/03/2015] Vulnerability was identified in the TERASOLUNA Server
Framework for Java(WEB). An attacker could bypass security restrictions. This
vulnerability affects versions prior to 2.0.5.3 of the mentioned product.
Security patches are available to resolve this
vulnerability.
URL:exchange.xforce.ibmcloud.com/#/vulnerabilities/101770
16.
Vulnerability in Tor
(101751)
[25/03/2015]
Vulnerability was identified in the Tor. An
attacker could cause a buffer overflow, execute arbitrary code and crash the
application. This vulnerability affects version 0.2.5.10 of the mentioned
product. Security patches are available to resolve this
vulnerability.
URL:exchange.xforce.ibmcloud.com/#/vulnerabilities/101751
17.
Vulnerability in Google Android
OS
[25/03/2015] Vulnerability was identified in the Google Android OS.
An attacker could obtain sensitive information and compromise the devices. This
vulnerability affects versions prior to 4.4 of the mentioned product. Security
patches are available to resolve this
vulnerability.
URL:www.us-cert.gov/ncas/current-activity/2015/03/24/Installer-Hijacking-Vulnerability-Android-Devices
18.
Vulnerability in Squid
(101765)
[25/03/2015]
Vulnerability was identified in the Squid. An
attacker could cause a denial of service condition and crash the application.
This vulnerability affects versions prior to squid-3.1.23-5.el6 of the mentioned
product. Security patches are available to resolve this
vulnerability.
URL:exchange.xforce.ibmcloud.com/#/vulnerabilities/101765
19.
Vulnerability in gd-libgd
(101757)
[25/03/2015]
Vulnerability was identified in the gd-libgd. An
attacker could cause a buffer overflow, execute arbitrary code and crash the
application. This vulnerability affects versions prior to 2.1.1 of the mentioned
product. Security patches are available to resolve this
vulnerability.
URL:exchange.xforce.ibmcloud.com/#/vulnerabilities/101757
20.
Security Updates in Oracle Linux
(ELSA-2015-0718)
[25/03/2015] Oracle has
released security update packages for fixing the vulnerabilities identified in
the firefox packages for Oracle Linux 6 and 7. Due to multiple errors, an
attacker could bypass security restrictions and execute arbitrary
code.
URL:linux.oracle.com/errata/ELSA-2015-0718.html
21.
Security Updates in Red Hat Enterprise
Linux (RHSA-2015:0718-1)
[25/03/2015] Red Hat
has released security update packages for fixing the vulnerabilities identified
in the firefox packages for Red Hat Enterprise Linux 5, 6 and 7. Due to multiple
errors, an attacker could execute arbitrary code and crash the
system.
URL:rhn.redhat.com/errata/RHSA-2015-0718.html
22.
Vulnerability in Apache XML
Security
[24/03/2015]
Vulnerability was identified in the Apache XML
Security. An attacker could bypass security restrictions, cause a denial of
service condition and crash the application. This vulnerability affects version
3.1.1 of the mentioned product. Security patches are available to resolve this
vulnerability.
URL:xerces.apache.org/xerces-c/secadv/CVE-2015-0252.txt
URL:exchange.xforce.ibmcloud.com/#/vulnerabilities/101734
23.
Vulnerability in LINE
(101716)
[24/03/2015]
Vulnerability was identified in LINE. An
attacker could bypass security restrictions, execute arbitrary code and perform
code injection attacks. This vulnerability affects multiple versions of the
mentioned product. Security patches are available to resolve this
vulnerability.
URL:exchange.xforce.ibmcloud.com/#/vulnerabilities/101716
24.
Security Updates in Oracle Linux
(ELSA-2015-0715, ELSA-2015-0716)
[24/03/2015] Oracle has
released security update packages for fixing the vulnerabilities identified in
the openssl package for Oracle Linux 6 and 7. Due to multiple errors, an
attacker could bypass security restrictions, obtain sensitive information,
execute arbitrary code, cause a denial of service condition and crash the
system.
URL:linux.oracle.com/errata/ELSA-2015-0715.html
URL:linux.oracle.com/errata/ELSA-2015-0716.html
25.
Security Updates in Debian
(DSA-3203-1)
[24/03/2015] Debian has
released security update packages for fixing the vulnerabilities identified in
the tor package for multiple versions of Debian GNU/Linux. Due to multiple
errors, an attacker could bypass security restrictions, cause a denial of
service condition and compromise the
system.
URL:www.debian.org/security/2015/dsa-3203
26.
Security Updates in Mageia
(MGASA-2015-0113, MGASA-2015-0114, MGASA-2015-0115)
[24/03/2015] Mageia has released security update packages for fixing the
vulnerabilities identified in the libxfont, tcpdump, rootcerts, nss, firefox
andirefox-l10n packages for multiple versions of Mageia. Due to multiple errors,
an attacker could bypass security restrictions, obtain sensitive information,
gain elevated privileges, execute arbitrary code, cause a denial of service
condition and crash the
system.
URL:advisories.mageia.org/MGASA-2015-0113.html
URL:advisories.mageia.org/MGASA-2015-0114.html
URL:advisories.mageia.org/MGASA-2015-0115.html
27.
Security Updates in Red Hat Enterprise
Linux (RHSA-2015:0715-1, RHSA-2015:0716-1)
[24/03/2015] Red Hat
has released security update packages for fixing the vulnerabilities identified
in the openssl package for Red Hat Enterprise Linux 6 and 7. Due to multiple
errors, an attacker could bypass security restrictions, obtain sensitive
information, execute arbitrary code, cause a denial of service condition and
crash the
system.
URL:rhn.redhat.com/errata/RHSA-2015-0715.html
URL:rhn.redhat.com/errata/RHSA-2015-0716.html
28.
Security Updates in SUSE
(SUSE-SU-2015:0578-1)
[24/03/2015] SUSE has
released security update packages for fixing the vulnerabilities identified in
the compat-openssl097g package of SUSE Linux Enterprise 11. Due to multiple
errors, an attacker could bypass security restrictions, obtain sensitive
information, gain elevated privileges, execute arbitrary code, cause a denial of
service condition and crash the
system.
URL:lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html
29.
Security Updates in Ubuntu GNU/Linux
(USN-2539-1, USN-2540-1)
[24/03/2015] Ubuntu has
released security update packages for fixing the vulnerabilities identified in
the python-django, gnutls26 and gnutls28 packages for versions 10.04 LTS, 12.04
LTS, 14.04 LTS and 14.10 of Ubuntu GNU/Linux. Due to multiple errors, an
attacker could bypass security restrictions, execute arbitrary code, cause a
denial of service condition and crash the
system.
URL:www.ubuntu.com/usn/usn-2539-1/
URL:www.ubuntu.com/usn/usn-2540-1/
30.
Vulnerabilities in Mozilla Products (MFSA
2015-28, MFSA 2015-29)
[23/03/2015] Vulnerabilities were identified in Mozilla Firefox, Firefox
ESR and SeaMonkey. An attacker could bypass security restriction, execute
arbitrary code and gain elevated privilege. These vulnerabilities affect
multiple versions of the mentioned products. Security patches are available for
Firefox and Firefox ESR to resolve these
vulnerabilities.
URL:www.mozilla.org/en-US/security/advisories/mfsa2015-28/
URL:www.mozilla.org/en-US/security/advisories/mfsa2015-29/
31.
Vulnerabilities in Apple Mac OS X
(101696, 101697, 101698)
[23/03/2015] Vulnerabilities were identified in Apple Mac OS X. An
attacker could bypass security restrictions, gain elevated privileges and
execute arbitrary code. These vulnerabilities affect version 10.10.2 of the
mentioned
product.
URL:exchange.xforce.ibmcloud.com/#/vulnerabilities/101696
URL:exchange.xforce.ibmcloud.com/#/vulnerabilities/101697
URL:exchange.xforce.ibmcloud.com/#/vulnerabilities/101698
32.
Vulnerabilities in Cisco Products
(cisco-sa-20150320-openssl)
[23/03/2015] Vulnerabilities were identified in the multiple Cisco
products. An attacker could bypass security restrictions, obtain sensitive
information, execute arbitrary code, cause a denial of service condition and
crash the system. These vulnerabilities affect multiple firmware versions of the
mentioned products. Security patches are available to resolve these
vulnerabilities.
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150320-openssl
URL:tools.cisco.com/security/center/viewAlert.x?alertId=37889
URL:tools.cisco.com/security/center/viewAlert.x?alertId=37934
URL:tools.cisco.com/security/center/viewAlert.x?alertId=37935
URL:tools.cisco.com/security/center/viewAlert.x?alertId=37946
URL:tools.cisco.com/security/center/viewAlert.x?alertId=37947
URL:exchange.xforce.ibmcloud.com/#/vulnerabilities/101680
URL:exchange.xforce.ibmcloud.com/#/vulnerabilities/101681
URL:exchange.xforce.ibmcloud.com/#/vulnerabilities/101682
URL:exchange.xforce.ibmcloud.com/#/vulnerabilities/101683
33.
Vulnerabilities in Citrix Products
(101701, 101702, 101703, 101704, 101705)
[23/03/2015] Vulnerabilities were identified in the Citrix NetScaler VPX,
Citrix Command Center and Citrix NetScaler . An attacker could bypass security
restrictions, obtain sensitive information, execute arbitrary code and perform
code injection attacks. These vulnerabilities affect multiple versions of the
mentioned products. Security patches are available to resolve these
vulnerabilities.
URL:exchange.xforce.ibmcloud.com/#/vulnerabilities/101701
URL:exchange.xforce.ibmcloud.com/#/vulnerabilities/101702
URL:exchange.xforce.ibmcloud.com/#/vulnerabilities/101703
URL:exchange.xforce.ibmcloud.com/#/vulnerabilities/101704
URL:exchange.xforce.ibmcloud.com/#/vulnerabilities/101705
34.
Vulnerabilities in
PHP
[23/03/2015] Vulnerabilities were identified in the PHP. An
attacker could bypass security restrictions, obtain sensitive information, gain
elevated privileges, execute arbitrary code, cause a denial of service condition
and compromise the system. These vulnerabilities affect versions prior to
5.4.39, 5.5.23 or 5.6.7 of the mentioned product. Security patches are available
to resolve these
vulnerabilities.
URL:php.net/ChangeLog-5.php
URL:www.hkcert.org/my_url/en/alert/15032001
URL:exchange.xforce.ibmcloud.com/#/vulnerabilities/101678
35.
Security Updates in Debian (DSA-3198-1,
DSA-3199-1, DSA-3200-1, DSA-3201-1, DSA-3202-1)
[23/03/2015] Debian has released security update packages for fixing the
vulnerabilities identified in the php5, xerces-c, drupal7, iceweasel and mono
packages for multiple versions of Debian GNU/Linux. Due to multiple errors, an
attacker could bypass security restrictions, obtain sensitive information, gain
elevated privileges, execute arbitrary code, cause a denial of service condition
and compromise the
system.
URL:www.debian.org/security/2015/dsa-3198
URL:www.debian.org/security/2015/dsa-3199
URL:www.debian.org/security/2015/dsa-3200
URL:www.debian.org/security/2015/dsa-3201
URL:www.debian.org/security/2015/dsa-3202
36.
Security Updates in FreeBSD
(FreeBSD-SA-15:06.openssl)
[23/03/2015] FreeBSD
has released security update packages for fixing the vulnerabilities identified
in the openssl package for multiple versions of FreeBSD. Due to multiple errors,
an attacker could bypass security restrictions, cause a denial of service
condition and crash the
system.
URL:www.freebsd.org/security/advisories/FreeBSD-SA-15:06.openssl.asc
37.
Security Updates in Gentoo Linux (GLSA
201503-12)
[23/03/2015]
Gentoo has released security update packages for
fixing the vulnerabilities identified in the chromium package for multiple
versions of Gentoo Linux. Due to multiple errors, an attacker could bypass
security restrictions, execute arbitrary code, cause a denial of service
condition and crash the
system.
URL:security.gentoo.org/glsa/201503-12
38.
Security Updates in Mageia
(MGASA-2015-0112)
[23/03/2015] Mageia has
released security update packages for fixing the vulnerabilities identified in
the libtiff package for multiple versions of Mageia. Due to multiple errors, an
attacker could bypass security restrictions, cause a denial of service condition
and crash the
system.
URL:advisories.mageia.org/MGASA-2015-0112.html
39.
Security Updates in NetBSD (SA2015-003,
SA2015-004, SA2015-005, SA2015-006)
[23/03/2015] NetBSD has
released security update packages for fixing the vulnerabilities identified in
the ntpd, kernel, libevent and openssl packages for multiple versions of NetBSD
GNU/Linux. Due to multiple errors, an attacker could bypass security
restrictions, obtain sensitive information, gain elevated privileges, execute
arbitrary code, cause a denial of service condition and crash the
system.
URL:ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2015-003.txt.asc
URL:ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2015-004.txt.asc
URL:ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2015-005.txt.asc
URL:ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2015-006.txt.asc
40.
Security Updates in SUSE
(SUSE-SU-2015:0553-1, SUSE-SU-2015:0553-2, openSUSE-SU-2015:0566-1,
openSUSE-SU-2015:0567-1)
[23/03/2015] SUSE has
released security update packages for fixing the vulnerabilities identified in
the compat-openssl098 package of SUSE Linux Enterprise 12, kernel and Firefox
31.5.3 packages of openSUSE Evergreen 11.4. Due to multiple errors, an attacker
could bypass security restrictions, obtain sensitive information, gain elevated
privileges, execute arbitrary code, cause a denial of service condition and
crash the
system.
URL:lists.opensuse.org/opensuse-security-announce/2015-03/msg00023.html
URL:lists.opensuse.org/opensuse-security-announce/2015-03/msg00024.html
URL:lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html
URL:lists.opensuse.org/opensuse-security-announce/2015-03/msg00026.html
41.
Security Updates in Ubuntu GNU/Linux
(USN-2538-1)
[23/03/2015] Ubuntu has
released security update packages for fixing the vulnerabilities identified in
the firefox package for versions 12.04 LTS, 14.04 LTS and 14.10 of Ubuntu
GNU/Linux. Due to multiple errors, an attacker could bypass security
restrictions, gain elevated privileges and execute arbitrary
code.
URL:www.ubuntu.com/usn/usn-2538-1/
No comments:
Post a Comment