1. Vulnerability
in Apple iOS
[24/04/2015] Vulnerability was identified in the Apple iOS. An attacker
could bypass security restrictions, cause a denial of service condition and
crash the system. This vulnerability affects version 8 of the mentioned
product.
URL:www.hkcert.org/my_url/en/alert/15042401
2. Vulnerabilities in Cisco FireSIGHT Management
Center
[24/04/2015]
Vulnerabilities were identified in the Cisco
FireSIGHT Management Center. An attacker could bypass security restrictions,
execute arbitrary code, and perform web framework HTTP Header Redirection and
cross-site scripting attacks. These vulnerabilities affect multiple firmware
versions of the mentioned product. Security patches are available to resolve
these
vulnerabilities.
URL:tools.cisco.com/security/center/viewAlert.x?alertId=38486
URL:tools.cisco.com/security/center/viewAlert.x?alertId=38487
URL:exchange.xforce.ibmcloud.com/vulnerabilities/102511
URL:exchange.xforce.ibmcloud.com/vulnerabilities/102512
3. Vulnerabilities in IBM Products (1882637,
1882876)
[24/04/2015]
Vulnerabilities were identified in the IBM Lotus
Quickr for WebSphere Portal and IBM Sametime Unified Telephony. An attacker
could bypass security restrictions, obtain sensitive information, gain elevated
privileges, execute arbitrary code, cause a denial of service condition and
crash the system. These vulnerabilities affect multiple versions of the
mentioned products. Security patches are available to resolve these
vulnerabilities.
URL:www-304.ibm.com/support/docview.wss?uid=swg21882637
URL:www-304.ibm.com/support/docview.wss?uid=swg21882876
4. Vulnerabilities in NetIQ LDAP Proxy
(5204231)
[24/04/2015]
Vulnerabilities were identified in the NetIQ
LDAP Proxy. An attacker could bypass security restriction and obtain sensitive
information. These vulnerabilities affect version 1.5 of the mentioned product.
Security patches are available to resolve these
vulnerabilities.
URL:download.novell.com/Download?buildid=3x8lI-kJvhE~
5. Vulnerabilities in Trend Micro
OfficeScan
[24/04/2015]
Vulnerabilities were identified in the Trend
Micro OfficeScan 10.6. An attacker could bypass security restrictions, cause a
denial of service condition and crash the system. These vulnerabilities affect
versions prior to Server Build 5779 and Client Module Build 5527 of the
mentioned products. Security patches are available to resolve these
vulnerabilities.
URL:files.trendmicro.com/documentation/readme/osce_106_sp3_patch1_win_all_criticalpatch_5779_readme.txt
6. Vulnerabilities in F5 Products (SOL16471, SOL16477,
SOL16505)
[24/04/2015]
Vulnerabilities were identified in the F5 BIG-IP
LTM, BIG-IP AAM, BIG-IP AFM, BIG-IP Analytics, BIG-IP APM, BIG-IP ASM, BIG-IP
Edge Gateway, BIG-IP GTM, BIG-IP Link Controller, BIG-IP PEM, BIG-IP PSM, BIG-IP
WebAccelerator, BIG-IP WOM and Enterprise Manager. An attacker could bypass
security restrictions, obtain sensitive information, gain elevated privileges,
cause a denial of service condition and crash the system. These vulnerabilities
affect multiple versions of the mentioned products. Security patches are
available to resolve these
vulnerabilities.
URL:support.f5.com/kb/en-us/solutions/public/16000/400/sol16471.html
URL:support.f5.com/kb/en-us/solutions/public/16000/400/sol16477.html
URL:support.f5.com/kb/en-us/solutions/public/16000/500/sol16505.html
7. Vulnerability in PowerDNS
(2015-01)
[24/04/2015]
Vulnerability was identified in the PowerDNS. An
attacker could bypass security restrictions, execute arbitrary code, cause a
denial of service condition and crash the system. This vulnerability affects
version 3.5 of the mentioned product. Security patches are available to resolve
this
vulnerability.
URL:doc.powerdns.com/md/security/powerdns-advisory-2015-01/
URL:exchange.xforce.ibmcloud.com/vulnerabilities/102537
8. Vulnerability in Drupal
(DRUPAL-SA-CONTRIB-2015-099)
[24/04/2015] Vulnerability was identified in the Node Template module for
Drupal. An attacker could bypass security restrictions, execute arbitrary code
and perform cross-site scripting attacks. This vulnerability affects multiple
versions of the mentioned product. Security patches are available to resolve
this
vulnerability.
URL:www.drupal.org/node/2475955
URL:exchange.xforce.ibmcloud.com/vulnerabilities/102521
9. Vulnerability in Android
component
[24/04/2015]
Vulnerability was identified in the Android
component wpa_supplicant. A remote attacker could bypass security restrictions,
obtain sensitive information, execute arbitrary code, cause a denial of service
condition and crash the system. This vulnerability affects versions 1.0 - 2.4 of
the mentioned component. Security patches are available to resolve this
vulnerability.
URL:www.hkcert.org/my_url/en/alert/15042402
10.
Vulnerability in
WordPress
[24/04/2015]
Vulnerability was identified in the WordPress.
An attacker could bypass security restrictions, execute arbitrary code and
perform cross-site scripting attacks. This vulnerability affects versions prior
to 4.1.2 of the mentioned product. Security patches are available to resolve
this
vulnerability.
URL:wordpress.org/news/2015/04/wordpress-4-1-2/
URL:www.us-cert.gov/ncas/current-activity/2015/04/23/WordPress-Releases-Security-Update
11.
Vulnerability in Red Hat JBoss Operations
Network (102539)
[24/04/2015] Vulnerability was identified in the Red Hat JBoss Operations
Network. An attacker could bypass security restrictions, execute arbitrary code,
cause a denial of service condition and crash the system. This vulnerability
affects version 3.0 of the mentioned product. Security patches are available to
resolve this
vulnerability.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/102539
12.
Security Updates in Oracle Linux
(ELSA-2015-3032, ELSA-2015-3033, ELSA-2015-3034)
[24/04/2015] Oracle has released security update packages for fixing the
vulnerabilities identified in the kernel package for Oracle Linux 5, 6 and 7.
Due to multiple errors, an attacker could bypass security restrictions, gain
elevated privileges, execute arbitrary code, cause a denial of service condition
and crash the
system.
URL:linux.oracle.com/errata/ELSA-2015-3032.html
URL:linux.oracle.com/errata/ELSA-2015-3033.html
URL:linux.oracle.com/errata/ELSA-2015-3034.html
13.
Security Updates in Mageia
(MGASA-2015-0162, MGASA-2015-0163, MGASA-2015-0164, MGASA-2015-0165,
MGASA-2015-0166, MGASA-2015-0167, MGASA-2015-0168)
[24/04/2015] Mageia has released security update packages for fixing the
vulnerabilities identified in the setup, chrony, chromium-browser-stable, lftp,
libksba, t1utils and ntop packages for multiple versions of Mageia. Due to
multiple errors, an attacker could bypass security restrictions, obtain
sensitive information, gain elevated privileges, execute arbitrary code, cause a
denial of service condition and compromise the
system.
URL:advisories.mageia.org/MGASA-2015-0162.html
URL:advisories.mageia.org/MGASA-2015-0163.html
URL:advisories.mageia.org/MGASA-2015-0164.html
URL:advisories.mageia.org/MGASA-2015-0165.html
URL:advisories.mageia.org/MGASA-2015-0166.html
URL:advisories.mageia.org/MGASA-2015-0167.html
URL:advisories.mageia.org/MGASA-2015-0168.html
14.
Security Updates in Ubuntu GNU/Linux
(USN-2576-1, USN-2576-2, USN-2577-1)
[24/04/2015] Ubuntu has
released security update packages for fixing the vulnerabilities identified in
the usb-creator and wpa packages for versions 12.04 LTS, 14.04 LTS, 14.10 and
15.04 of Ubuntu GNU/Linux. Due to multiple errors, an attacker could bypass
security restrictions, obtain sensitive information, gain elevated privileges,
execute arbitrary code, cause a denial of service condition and crash the
system.
URL:www.ubuntu.com/usn/usn-2576-1/
URL:www.ubuntu.com/usn/usn-2576-2/
URL:www.ubuntu.com/usn/usn-2577-1/
15.
Vulnerabilities in HP Products (102501,
102503)
[23/04/2015]
Vulnerabilities were identified in the HP Data
Protector, HP TippingPoint Security Management System (SMS) and HP TippingPoint
Virtual Security Management System (vSMS). An attacker could bypass security
restriction, execute arbitrary code, cause a denial of service condition and
crash the system. These vulnerabilities affect multiple versions of the
mentioned products. Security patches are available to resolve these
vulnerabilities.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/102501
URL:exchange.xforce.ibmcloud.com/vulnerabilities/102503
16.
Vulnerability in Novell ZENworks
Configuration Management (5207650)
[23/04/2015] Vulnerability was identified in the Novell ZENworks
Configuration Management. An attacker could bypass security restriction and
obtain sensitive information. This vulnerability affects multiple versions of
the mentioned product. Security patches are available to resolve this
vulnerability.
URL:download.novell.com/Download?buildid=Ddi7yDlFrqA~
17.
Vulnerability in F5 Products
(SOL16479)
[23/04/2015]
Vulnerability was identified in the F5 BIG-IP
LTM, BIG-IP APM, BIG-IP ASM, BIG-IP Edge Gateway, BIG-IP GTM, BIG-IP Link
Controller, BIG-IP PSM, BIG-IP WebAccelerator, BIG-IP WOM, ARX and Enterprise
Manager. An attacker could bypass security restrictions, cause a denial of
service condition and crash the system. This vulnerability affects multiple
versions of the mentioned products. Security patches are available to resolve
this
vulnerability.
URL:support.f5.com/kb/en-us/solutions/public/16000/400/sol16479.html
18.
Vulnerability in Photo Manager Pro for
iOS (102496)
[23/04/2015] Vulnerability was identified in the Photo Manager Pro for
iOS. An attacker could bypass security restrictions, obtain sensitive
information and execute arbitrary code. This vulnerability affects version 4.4.0
Pro of the mentioned
product.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/102496
19.
Vulnerability in GNU glibc
(102500)
[23/04/2015]
Vulnerability was identified in the GNU glibc.
An attacker could bypass security restrictions, gain elevated privileges,
execute arbitrary code, cause a denial of service condition and crash the
system. This vulnerability affects version 2.2 of the mentioned product.
Security patches are available to resolve this
vulnerability.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/102500
20.
Security Updates in Oracle Linux
(ELSA-2015-0869)
[23/04/2015] Oracle has
released security update packages for fixing the vulnerabilities identified in
the kvm package for Oracle Linux 5. Due to multiple errors, an attacker could
bypass security restrictions, execute arbitrary code, cause a denial of service
condition and crash the
system.
URL:linux.oracle.com/errata/ELSA-2015-0869.html
21.
Security Updates in Debian
(DSA-3232-1)
[23/04/2015] Debian has
released security update packages for fixing the vulnerabilities identified in
the curl package for multiple versions of Debian GNU/Linux. Due to multiple
errors, an attacker could bypass security restrictions, gain elevated
privileges, execute arbitrary code, cause a denial of service condition and
crash the
system.
URL:www.debian.org/security/2015/dsa-3232
22.
Security Updates in Slackware
(SSA:2015-111-01, SSA:2015-111-02, SSA:2015-111-03, SSA:2015-111-04,
SSA:2015-111-05, SSA:2015-111-06, SSA:2015-111-07, SSA:2015-111-08,
SSA:2015-111-09, SSA:2015-111-10, SSA:2015-111-11, SSA:2015-111-12,
SSA:2015-111-13, SSA:2015-111-14)
[23/04/2015] Slackware
has released security update packages for fixing the vulnerabilities identified
in the mozilla-firefox, qt, mozilla-thunderbird, libssh, mutt, php, seamonkey,
ppp, proftpd, gnupg, ntp, bind, httpd and openssl package for multiple versions
of Slackware Linux. Due to multiple errors, an attacker could bypass security
restrictions, obtain sensitive information, gain elevated privileges, execute
arbitrary code, cause a denial of service condition and compromise the
system.
URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.356157
URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.357024
URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.359872
URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.382307
URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.416238
URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.429606
URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.493735
URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.497351
URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.503863
URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.517790
URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.522767
URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.522788
URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.568837
URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.756101
23.
Security Updates in Red Hat Enterprise
Linux (RHSA-2015:0869-1, RHSA-2015:0870-1)
[23/04/2015] Red Hat
has released security update packages for fixing the vulnerabilities identified
in the kvm and kernel packages for Red Hat Enterprise Linux 5. Due to multiple
errors, an attacker could bypass security restrictions, gain elevated
privileges, execute arbitrary code, cause a denial of service condition and
crash the
system.
URL:rhn.redhat.com/errata/RHSA-2015-0869.html
URL:rhn.redhat.com/errata/RHSA-2015-0870.html
24.
Vulnerability in Microsoft
Windows
[22/04/2015]
Vulnerability was identified in the Microsoft
Windows. An attacker could bypass security restrictions, gain elevated
privileges and execute arbitrary code. This vulnerability affects versions prior
to 8 of the mentioned
product.
URL:www.hkcert.org/my_url/en/alert/15042101
25.
Vulnerability in Apple OS
X
[22/04/2015] Vulnerability was identified in Apple OS X. An
attacker could bypass security restrictions, gain elevated privileges and
execute arbitrary code. This vulnerability affects versions prior to 10.0.3 of
the mentioned
product.
URL:www.hkcert.org/my_url/en/alert/15042201
26.
Vulnerabilities in Cisco Unified
MeetingPlace
[22/04/2015] Vulnerabilities were identified in the Cisco Unified
MeetingPlace. An attacker could bypass security restrictions, gain elevated
privileges, execute arbitrary code and perform cross-site scripting attacks.
These vulnerabilities affect multiple firmware versions of the mentioned
product. Security patches are available to resolve these
vulnerabilities.
URL:tools.cisco.com/security/center/viewAlert.x?alertId=38460
URL:tools.cisco.com/security/center/viewAlert.x?alertId=38461
URL:exchange.xforce.ibmcloud.com/vulnerabilities/102468
URL:exchange.xforce.ibmcloud.com/vulnerabilities/102469
27.
Vulnerabilities in Novell Products
(5207351)
[22/04/2015]
Vulnerabilities were identified in the NetIQ
Sentinel and NetIQ Sentinel Log Manager. An attacker could bypass security
restriction, gain elevated privileges, execute arbitrary code, cause a denial of
service condition and crash the system. These vulnerabilities affect multiple
versions of the mentioned product. Security patches are available to resolve
these
vulnerabilities.
URL:download.novell.com/Download?buildid=dpHkpNu89zw~
28.
Vulnerability in F5 Products (SOL16473,
SOL16476, SOL16480)
[22/04/2015] Vulnerabilities were identified in the F5 BIG-IP LTM, BIG-IP
AAM, BIG-IP AFM, BIG-IP Analytics, BIG-IP APM, BIG-IP ASM, BIG-IP Edge Gateway,
BIG-IP GTM, BIG-IP Link Controller, BIG-IP PEM, BIG-IP PSM, BIG-IP
WebAccelerator, BIG-IP WOM, ARX, Enterprise Manager, FirePass, BIG-IQ Cloud,
BIG-IQ Device, BIG-IQ Security, BIG-IQ-ADC, LineRate and Traffix-SDC. An
attacker could bypass security restrictions, obtain sensitive information, cause
a denial of service condition and crash the system. These vulnerabilities affect
multiple versions of the mentioned products. Security patches are available to
resolve these
vulnerabilities.
URL:support.f5.com/kb/en-us/solutions/public/16000/100/sol16473.html
URL:support.f5.com/kb/en-us/solutions/public/16000/400/sol16476.html
URL:support.f5.com/kb/en-us/solutions/public/16000/400/sol16480.html
29.
Vulnerability in Xen
(XSA-132)
[22/04/2015]
Vulnerability was identified in the Xen. An
attacker could bypass security restrictions and obtain sensitive information.
This vulnerability affects multiple versions of the mentioned product. Security
patches are available to resolve this
vulnerability.
URL:xenbits.xen.org/xsa/advisory-132.html
URL:exchange.xforce.ibmcloud.com/vulnerabilities/102388
30.
Security Updates in Oracle Linux
(ELSA-2015-0863, ELSA-2015-0864)
[22/04/2015] Oracle has
released security update packages for fixing the vulnerabilities identified in
the glibc and kernel packages for Oracle Linux 6. Due to multiple errors, an
attacker could bypass security restrictions, obtain sensitive information, gain
elevated privileges, execute arbitrary code, cause a denial of service condition
and compromise the
system.
URL:linux.oracle.com/errata/ELSA-2015-0863.html
URL:linux.oracle.com/errata/ELSA-2015-0864.html
31.
Security Updates in Debian (DSA-3230-1,
DSA-3231-1)
[22/04/2015] Debian has
released security update packages for fixing the vulnerabilities identified in
the django-markupfield and subversion packages for multiple versions of Debian
GNU/Linux. Due to multiple errors, an attacker could bypass security
restrictions, obtain sensitive information, execute arbitrary code, cause a
denial of service condition and crash the
system.
URL:www.debian.org/security/2015/dsa-3230
URL:www.debian.org/security/2015/dsa-3231
32.
Security Updates in SUSE
(SUSE-SU-2015:0743-1)
[22/04/2015] SUSE has
released security update packages for fixing the vulnerabilities identified in
the mariadb package of SUSE Linux Enterprise 12. Due to multiple errors, an
attacker could bypass security restrictions, obtain sensitive information, gain
elevated privileges, execute arbitrary code, cause a denial of service condition
and crash the
system.
URL:lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html
33.
Security Updates in Red Hat Enterprise
Linux (RHSA-2015:0863-1, RHSA-2015:0864-1, RHSA-2015:0867-1,
RHSA-2015:0868-1)
[22/04/2015] Red Hat
has released security update packages for fixing the vulnerabilities identified
in the glibc, kernel, qemu-kvm and qemu-kvm-rhev packages for Red Hat Enterprise
Linux 6. Due to multiple errors, an attacker could bypass security restrictions,
obtain sensitive information, gain elevated privileges, execute arbitrary code,
cause a denial of service condition and compromise the
system.
URL:rhn.redhat.com/errata/RHSA-2015-0863.html
URL:rhn.redhat.com/errata/RHSA-2015-0864.html
URL:rhn.redhat.com/errata/RHSA-2015-0867.html
URL:rhn.redhat.com/errata/RHSA-2015-0868.html
34.
Security Updates in Ubuntu GNU/Linux
(USN-2573-1, USN-2574-1, USN-2575-1)
[22/04/2015] Ubuntu has
released security update packages for fixing the vulnerabilities identified in
the openjdk-6, openjdk-7 and mysql-5.5 packages for versions 10.04 LTS, 12.04
LTS, 14.04 LTS and 14.10 of Ubuntu GNU/Linux. Due to multiple errors, an
attacker could bypass security restrictions, obtain sensitive information, gain
elevated privileges, execute arbitrary code, cause a denial of service condition
and compromise the
system.
URL:www.ubuntu.com/usn/usn-2573-1/
URL:www.ubuntu.com/usn/usn-2574-1/
URL:www.ubuntu.com/usn/usn-2575-1/
35.
Vulnerability in Mozilla Firefox (MFSA
2015-45)
[21/04/2015]
Vulnerability was identified in Mozilla Firefox.
An attacker could potentially execute arbitrary code. This vulnerability affects
versions prior to 37.0.2 of the mentioned product. Security patches are
available to resolve this
vulnerability.
URL:www.mozilla.org/en-US/security/advisories/mfsa2015-45/
36.
Vulnerabilities in Cisco Unified
MeetingPlace
[21/04/2015] Vulnerabilities were identified in the Cisco Unified
MeetingPlace. An attacker could bypass security restrictions, obtain sensitive
information, execute arbitrary code, perform cross-site scripting attacks, cause
a denial of service condition and crash the system. These vulnerabilities affect
multiple firmware versions of the mentioned product. Security patches are
available to resolve these
vulnerabilities.
URL:tools.cisco.com/security/center/viewAlert.x?alertId=38455
URL:tools.cisco.com/security/center/viewAlert.x?alertId=38459
37.
Vulnerability in F5 Products
(SOL16472)
[21/04/2015]
Vulnerability was identified in the F5 BIG-IP
LTM, BIG-IP AAM, BIG-IP AFM, BIG-IP Analytics, BIG-IP APM, BIG-IP ASM, BIG-IP
GTM, BIG-IP Link Controller, BIG-IP PEM, BIG-IQ Cloud, BIG-IQ Device, BIG-IQ
Security and BIG-IQ ADC. An attacker could bypass security restrictions, gain
elevated privileges and execute arbitrary code. This vulnerability affects
multiple versions of the mentioned products. Security patches are available to
resolve this
vulnerability.
URL:support.f5.com/kb/en-us/solutions/public/16000/100/sol16472.html
38.
Vulnerability in NetNanny
(VU#260780)
[21/04/2015] Vulnerability was identified in the NetNanny. An attacker
could bypass security restrictions, obtain sensitive information, execute
arbitrary code and perform spoofing attacks. This vulnerability affects version
7.2.4.2 and possibly other versions of the mentioned
product.
URL:www.kb.cert.org/vuls/id/260780
39. Security Updates in SUSE (openSUSE-SU-2015:0732-1,
SUSE-SU-2015:0736-1)
[21/04/2015] SUSE has
released security update packages for fixing the vulnerabilities identified in
the xen package of openSUSE 13.1, and the Real Time Linux Kernel package of SUSE
Linux Enterprise 11. Due to multiple errors, an attacker could bypass security
restrictions, obtain sensitive information, gain elevated privileges, execute
arbitrary code, cause a denial of service condition and compromise the
system.
URL:lists.opensuse.org/opensuse-security-announce/2015-04/msg00014.html
URL:lists.opensuse.org/opensuse-security-announce/2015-04/msg00015.html
40.
Security Updates in Red Hat Enterprise
Linux (RHSA-2015:0856-1, RHSA-2015:0857-1,
RHSA-2015:0858-1)
[21/04/2015] Red Hat
has released security update packages for fixing the vulnerabilities identified
in the postgresql package for Red Hat Satellite 5.7, the java-1.7.0-oracle and
java-1.6.0-oracle packages for Red Hat Enterprise Linux 5, 6, and 7. Due to
multiple errors, an attacker could bypass security restrictions, obtain
sensitive information, gain elevated privileges, execute arbitrary code, cause a
denial of service condition and compromise the
system.
URL:rhn.redhat.com/errata/RHSA-2015-0856.html
URL:rhn.redhat.com/errata/RHSA-2015-0857.html
URL:rhn.redhat.com/errata/RHSA-2015-0858.html
41.
Security Updates in Ubuntu GNU/Linux
(USN-2572-1)
[21/04/2015] Ubuntu has
released security update packages for fixing the vulnerability identified in the
php5 package for versions 10.04 LTS, 12.04 LTS, 14.04 LTS and 14.10 of Ubuntu
GNU/Linux. Due to multiple errors, an attacker could bypass security
restrictions, obtain sensitive information, gain elevated privileges, execute
arbitrary code, cause a denial of service condition and crash the
system.
URL:www.ubuntu.com/usn/usn-2572-1/
42. Vulnerabilities in Novell ZENworks Configuration
Management (5206350)
[20/04/2015] Vulnerabilities were identified in the Novell ZENworks
Configuration Management. An attacker could bypass security restriction, gain
elevated privileges, execute arbitrary code, cause a denial of service condition
and crash the system. These vulnerabilities affect multiple versions of the
mentioned product. Security patches are available to resolve these
vulnerabilities.
URL:download.novell.com/Download?buildid=BJbybNUmQRQ~
43.
Vulnerability in
GnuTLS
[20/04/2015]
Vulnerability was identified in the GnuTLS. An
attacker could bypass security restrictions, obtain sensitive information and
execute arbitrary code. This vulnerability affects versions prior to 3.1.0 of
the mentioned product. Security patches are available to resolve this
vulnerability.
URL:www.gnutls.org/security.html
URL:exchange.xforce.ibmcloud.com/vulnerabilities/102423
44.
Security Updates in Debian (DSA-3228-1,
DSA-3229-1)
[20/04/2015] Debian has
released security update packages for fixing the vulnerabilities identified in
the ppp and mysql-5.5 packages for multiple versions of Debian GNU/Linux. Due to
multiple errors, an attacker could bypass security restrictions, obtain
sensitive information, execute arbitrary code, cause a denial of service
condition and crash the
system.
URL:www.debian.org/security/2015/dsa-3228
URL:www.debian.org/security/2015/dsa-3229
45.
Security Updates in Gentoo Linux (GLSA
201504-06, GLSA 201504-07)
[20/04/2015] Gentoo has
released security update packages for fixing the vulnerabilities identified in
the xorg-server and adobe-flash packages for multiple versions of Gentoo Linux.
Due to multiple errors, an attacker could bypass security restrictions, gain
elevated privileges, execute arbitrary code, cause a denial of service condition
and crash the
system.
URL:security.gentoo.org/glsa/201504-06
URL:security.gentoo.org/glsa/201504-07
46.
Security Updates in Mageia
(MGASA-2015-0159, MGASA-2015-0160, MGASA-2015-0161)
[20/04/2015] Mageia has released security update packages for fixing the
vulnerabilities identified in the perl-DBD-Firebird, perl-Module-Signature and
potrace packages for multiple versions of Mageia. Due to multiple errors, an
attacker could bypass security restrictions, obtain sensitive information, gain
elevated privileges, execute arbitrary code, cause a denial of service condition
and crash the
system.
URL:advisories.mageia.org/MGASA-2015-0159.html
URL:advisories.mageia.org/MGASA-2015-0160.html
URL:advisories.mageia.org/MGASA-2015-0161.html
47.
Security Updates in Red Hat Enterprise
Linux (RHSA-2015:0854-1)
[20/04/2015] Red Hat
has released security update packages for fixing the vulnerabilities identified
in the java-1.8.0-oracle package for Red Hat Enterprise Linux 6 and 7. Due to
multiple errors, an attacker could bypass security restrictions, obtain
sensitive information, gain elevated privileges, execute arbitrary code, cause a
denial of service condition and compromise the
system.
URL:rhn.redhat.com/errata/RHSA-2015-0854.html
Sunday, April 26, 2015
Sunday, April 19, 2015
IT Security Alerts Weekly Digest (12 Apr ~ 18 Apr 2015)
1. Vulnerability
in Apache HTTP Server (102374)
[17/04/2015] Vulnerability was identified in the Apache HTTP Server. An attacker could bypass security restrictions, cause a denial of service condition and crash the system. This vulnerability affects versions 2.2.29, 2.4.12 and possibly other versions of the mentioned product.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/102374
2. Vulnerability in Cisco Secure Access Control Server
[17/04/2015] Vulnerability was identified in the Cisco Secure Access Control Server. An attacker could bypass security restrictions, execute arbitrary code, perform cross-site request forgery attacks. This vulnerability affects multiple firmware versions of the mentioned product. Security patches are available to resolve this vulnerability.
URL:tools.cisco.com/security/center/viewAlert.x?alertId=38403
URL:exchange.xforce.ibmcloud.com/vulnerabilities/102412
3. Vulnerability in HP Network Automation (c04574207)
[17/04/2015] Vulnerability was identified in the HP Network Automation. An attacker could bypass security restrictions, execute arbitrary code, perform cross-site request forgery, cross-site scripting and clickjacking attacks. This vulnerability affects multiple versions of the mentioned product. Security patches are available to resolve this vulnerability.
URL:h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04574207
URL:exchange.xforce.ibmcloud.com/vulnerabilities/102405
4. Vulnerabilities in Huawei products (HW-424267)
[17/04/2015] Vulnerabilities were identified in multiple Huawei products. An attacker could bypass security restrictions, execute arbitrary code, perform XML injection and CSS injection attacks. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:www.huawei.com/en/security/psirt/security-bulletins/security-notices/archive/hw-424267.htm
5. Vulnerabilities in Novell Products (5203090, 5203091, 5203092)
[17/04/2015] Vulnerabilities were identified in the Novell Identity Manager and NetIQ eDirectory. An attacker could bypass security restriction, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the system. These vulnerabilities affect multiple versions of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:download.novell.com/Download?buildid=HC2GixnAgPU~
URL:download.novell.com/Download?buildid=N8vYScT2aao~
URL:download.novell.com/Download?buildid=uq64QLv_TVc~
6. Vulnerabilities in Drupal (DRUPAL-SA-CONTRIB-2015-095, DRUPAL-SA-CONTRIB-2015-096)
[17/04/2015] Vulnerabilities were identified in the Display Suite module and Services module for Drupal. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code and perform cross-site scripting attacks. These vulnerabilities affect multiple versions of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:www.drupal.org/security/contrib
URL:www.drupal.org/node/2471733
URL:www.drupal.org/node/2471879
URL:exchange.xforce.ibmcloud.com/vulnerabilities/102407
URL:exchange.xforce.ibmcloud.com/vulnerabilities/102408
URL:exchange.xforce.ibmcloud.com/vulnerabilities/102409
URL:exchange.xforce.ibmcloud.com/vulnerabilities/102410
7. Vulnerability in PHP (102411)
[17/04/2015] Vulnerability was identified in the PHP. An attacker could bypass security restrictions and obtain sensitive information. This vulnerability affects version 5.5 of the mentioned product. Security patches are available to resolve this vulnerability.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/102411
8. Vulnerabilities in SQLite
[17/04/2015] Vulnerabilities were identified in the SQLite. An attacker could bypass security restrictions, execute arbitrary code, cause a denial of service condition and compromise the system. These vulnerabilities affect versions prior to 3.8.9 of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:www.sqlite.org/releaselog/3_8_9.html
URL:www.hkcert.org/my_url/en/alert/15041701
9. Vulnerabilities in multiple plugins for WordPress (102392, 102402)
[17/04/2015] Vulnerabilities were identified in the Statistics plugin and MiwoFTP Plugin for WordPress. An attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code and perform cross-site scripting attacks. These vulnerabilities affect multiple versions of the mentioned plugins. Security patches are available to resolve these vulnerabilities.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/102392
URL:exchange.xforce.ibmcloud.com/vulnerabilities/102402
10. Security Updates in Debian (DSA-3225-1, DSA-3226-1)
[17/04/2015] Debian has released security update packages for fixing the vulnerabilities identified in the gst-plugins-bad0.10 and inspircd packages for multiple versions of Debian GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, gain elevated privileges and execute arbitrary code, cause a denial of service condition and crash the system.
URL:www.debian.org/security/2015/dsa-3225
URL:www.debian.org/security/2015/dsa-3226
11. Security Updates in SUSE (openSUSE-SU-2015:0725-1)
[17/04/2015] SUSE has released security update packages for fixing the vulnerabilities identified in the Adobe Flash Player package of openSUSE Evergreen 11.4. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:lists.opensuse.org/opensuse-security-announce/2015-04/msg00013.html
12. Security Updates in Red Hat Enterprise Linux (RHSA-2015:0816-1)
[17/04/2015] Red Hat has released security update packages for fixing the vulnerabilities identified in the chromium-browser package for Red Hat Enterprise Linux 6. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:rhn.redhat.com/errata/RHSA-2015-0816.html
13. Security Updates in Ubuntu GNU/Linux (USN-2569-2)
[17/04/2015] Ubuntu has released security update packages for fixing the vulnerability identified in the apport package for versions 14.04 LTS and 14.10 of Ubuntu GNU/Linux. An attacker could bypass security restrictions and gain elevated privileges.
URL:www.ubuntu.com/usn/usn-2569-2/
14. Information Updates on Microsoft Security Advisory (2755801)
[16/04/2015] Microsoft has updated information on the Security Advisory for the Adobe Flash Player in Internet Explorer on all supported editions of Windows. KB2755801 added the 3049508 update to the Current Update section.
URL:technet.microsoft.com/en-gb/library/security/2755801
15. Vulnerabilities in Cisco Products (cisco-sa-20150415-csd, cisco-sa-20150415-iosxr)
[16/04/2015] Vulnerabilities were identified in the Cisco Secure Desktop, Cisco IOS XR Software, Cisco TelePresence Collaboration Desk and Room Endpoints, Cisco Web Security Appliance and Cisco Unified Communications Manager. An attacker could bypass security restrictions, execute arbitrary code, perform cross-site scripting and HTML redirection attacks, cause a denial of service condition and crash the system. These vulnerabilities affect multiple firmware versions of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150415-csd
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150415-iosxr
URL:tools.cisco.com/security/center/viewAlert.x?alertId=38349
URL:tools.cisco.com/security/center/viewAlert.x?alertId=38350
URL:tools.cisco.com/security/center/viewAlert.x?alertId=38351
URL:tools.cisco.com/security/center/viewAlert.x?alertId=38366
URL:exchange.xforce.ibmcloud.com/vulnerabilities/102245
URL:exchange.xforce.ibmcloud.com/vulnerabilities/102246
URL:exchange.xforce.ibmcloud.com/vulnerabilities/102286
URL:exchange.xforce.ibmcloud.com/vulnerabilities/102287
16. Vulnerabilities in Google Chrome
[16/04/2015] Vulnerabilities were identified in the Google Chrome. An attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code and cause a denial of service condition. These vulnerabilities affect versions prior to 42.0.2311.90 of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:googlechromereleases.blogspot.hk/2015/04/stable-channel-update_14.html
URL:www.hkcert.org/my_url/en/alert/15041601
URL:www.us-cert.gov/ncas/current-activity/2015/04/15/Google-Releases-Security-Update-Chrome
17. Vulnerability in IBM Domino (1701647)
[16/04/2015] Vulnerability was identified in the IBM Domino. An attacker could bypass security restrictions and execute arbitrary code. This vulnerability affects multiple versions of the mentioned product. Security patches are available to resolve this vulnerability.
URL:www.ibm.com/support/docview.wss?uid=swg21701647
18. Vulnerabilities in Novell iPrint Appliance (5207250)
[16/04/2015] Vulnerabilities were identified in the Novell iPrint Appliance 1.1. An attacker could bypass security restriction, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the system. These vulnerabilities affect multiple versions of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:download.novell.com/Download?buildid=tfzIbipVwOE~
19. Vulnerabilities in F5 ARX (SOL16442, SOL16443, SOL16444)
[16/04/2015] Vulnerabilities were identified in the F5 ARX. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, cause a denial of service condition and crash the system. These vulnerabilities affect versions 6.0.0 to 6.4.0 of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:support.f5.com/kb/en-us/solutions/public/16000/400/sol16442.html
URL:support.f5.com/kb/en-us/solutions/public/16000/400/sol16443.html
URL:support.f5.com/kb/en-us/solutions/public/16000/400/sol16444.html
20. Security Updates in Oracle Linux (ELSA-2015-0806, ELSA-2015-0807, ELSA-2015-0808, ELSA-2015-0809)
[16/04/2015] Oracle has released security update packages for fixing the vulnerabilities identified in the java-1.7.0-openjdk, java-1.6.0-openjdk and java-1.8.0-openjdk packages for Oracle Linux 5, 6 and 7. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:linux.oracle.com/errata/ELSA-2015-0806.html
URL:linux.oracle.com/errata/ELSA-2015-0807.html
URL:linux.oracle.com/errata/ELSA-2015-0808.html
URL:linux.oracle.com/errata/ELSA-2015-0809.html
21. Security Updates in Debian (DSA-3227-1)
[16/04/2015] Debian has released security update packages for fixing the vulnerability identified in the movabletype-opensource packages for multiple versions of Debian GNU/Linux. An attacker could bypass security restrictions, gain elevated privileges and execute arbitrary code.
URL:www.debian.org/security/2015/dsa-3227
22. Security Updates in Mageia (MGASA-2015-0144, MGASA-2015-0145, MGASA-2015-0146, MGASA-2015-0147, MGASA-2015-0148, MGASA-2015-0149, MGASA-2015-0150, MGASA-2015-0151, MGASA-2015-0152, MGASA-2015-0153, MGASA-2015-0154, MGASA-2015-0154, MGASA-2015-0156, MGASA-2015-0157, MGASA-2015-0158)
[16/04/2015] Mageia has released security update packages for fixing the vulnerabilities identified in the xterm, socat, glusterfs, librsync, duplicity, rdiff-backup, quassel, shibboleth-sp, qemu, arj, tor, ntp, asterisk, wesnoth, flash-player-plugin, mono, python-dulwich and java-1.7.0-openjdk packages for multiple versions of Mageia. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:advisories.mageia.org/MGASA-2015-0144.html
URL:advisories.mageia.org/MGASA-2015-0145.html
URL:advisories.mageia.org/MGASA-2015-0146.html
URL:advisories.mageia.org/MGASA-2015-0147.html
URL:advisories.mageia.org/MGASA-2015-0148.html
URL:advisories.mageia.org/MGASA-2015-0159.html
URL:advisories.mageia.org/MGASA-2015-0150.html
URL:advisories.mageia.org/MGASA-2015-0151.html
URL:advisories.mageia.org/MGASA-2015-0152.html
URL:advisories.mageia.org/MGASA-2015-0153.html
URL:advisories.mageia.org/MGASA-2015-0154.html
URL:advisories.mageia.org/MGASA-2015-0155.html
URL:advisories.mageia.org/MGASA-2015-0156.html
URL:advisories.mageia.org/MGASA-2015-0157.html
URL:advisories.mageia.org/MGASA-2015-0158.html
23. Security Updates in SUSE (openSUSE-SU-2015:0718-1, SUSE-SU-2015:0722-1, SUSE-SU-2015:0723-1)
[16/04/2015] SUSE has released security update packages for fixing the vulnerabilities identified in the Adobe Flash Player package of openSUSE 13.1 and 13.2, SUSE Linux Enterprise 11 and 12. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:lists.opensuse.org/opensuse-security-announce/2015-04/msg00010.html
URL:lists.opensuse.org/opensuse-security-announce/2015-04/msg00011.html
URL:lists.opensuse.org/opensuse-security-announce/2015-04/msg00012.html
24. Security Updates in Red Hat Enterprise Linux (RHSA-2015:0813-1)
[16/04/2015] Red Hat has released security update packages for fixing the vulnerabilities identified in the Adobe Flash Player package for Red Hat Enterprise Linux 5 and 6. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:rhn.redhat.com/errata/RHSA-2015-0813.html
25. Vulnerabilities in Microsoft Products (3038314, 3048019, 3042553, 3046306, 3052044, 3046269, 3049576, 3046482, 3045711, 3048010, 3047234)
[15/04/2015] Vulnerabilities were identified in the Microsoft Internet Explorer, Microsoft Office, Microsoft Windows, Microsoft Office server and productivity software, Microsoft Active Directory Federation Services (AD FS) and Microsoft .NET Framework. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code and compromise the system. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:technet.microsoft.com/library/security/ms15-apr
URL:technet.microsoft.com/en-us/library/security/MS15-032
URL:technet.microsoft.com/en-us/library/security/MS15-033
URL:technet.microsoft.com/en-us/library/security/MS15-034
URL:technet.microsoft.com/en-us/library/security/MS15-035
URL:technet.microsoft.com/en-us/library/security/MS15-036
URL:technet.microsoft.com/en-us/library/security/MS15-037
URL:technet.microsoft.com/en-us/library/security/MS15-038
URL:technet.microsoft.com/en-us/library/security/MS15-039
URL:technet.microsoft.com/en-us/library/security/MS15-040
URL:technet.microsoft.com/en-us/library/security/MS15-041
URL:technet.microsoft.com/en-us/library/security/MS15-042
URL:www.hkcert.org/my_url/en/alert/15041501
URL:www.hkcert.org/my_url/en/alert/15041502
URL:www.hkcert.org/my_url/en/alert/15041503
URL:www.hkcert.org/my_url/en/alert/15041504
URL:www.hkcert.org/my_url/en/alert/15041505
URL:www.hkcert.org/my_url/en/alert/15041506
URL:www.hkcert.org/my_url/en/alert/15041507
URL:www.hkcert.org/my_url/en/alert/15041508
URL:www.hkcert.org/my_url/en/alert/15041509
URL:www.hkcert.org/my_url/en/alert/15041510
URL:www.hkcert.org/my_url/en/alert/15041511
URL:www.us-cert.gov/ncas/current-activity/2015/04/14/Microsoft-Releases-April-2015-Security-Bulletin
26. Information Updates on Microsoft Security Advisory (3009008)
[15/04/2015] Microsoft has updated information on the Security Advisory for the Microsoft Windows. KB3009008 was revised to announce with the release of security update 3038314 on April 14, 2015 SSL 3.0 is disabled by default in Internet Explorer 11, and to add instructions for how to undo the workarounds.
URL:technet.microsoft.com/en-us/library/security/3009008
27. Information Updates on Microsoft Security Advisory (3045755)
[15/04/2015] Microsoft has published a Security Advisory KB3045755 for Microsoft Windows to improve the authentication used by the Public Key Cryptography User-to-User (PKU2U) security support provider (SSP) in Windows 8.1, Windows Server 2012 R2, and Windows RT 8.1.
URL:technet.microsoft.com/en-us/library/security/3045755
28. Vulnerabilities in Adobe Products (APSB15-06, APSB15-07, APSB15-08)
[15/04/2015] Vulnerabilities were identified in the Adobe Flash Player, Adobe ColdFusion and Adobe Flex ASdoc Tool. An attacker could bypass security restrictions, execute arbitrary code and compromise the system. These vulnerabilities affect multiple versions of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:helpx.adobe.com/security/products/flex/apsb15-06.html
URL:helpx.adobe.com/security/products/flex/apsb15-07.html
URL:helpx.adobe.com/security/products/flex/apsb15-08.html
URL:www.hkcert.org/my_url/en/alert/15041512
29. Security Updates in Oracle Products
[15/04/2015] Oracle has released security update packages for fixing the vulnerabilities identified in the Oracle Database Server, Oracle Fusion Applications and Middleware, Oracle Enterprise Manager Grid Control, Oracle E-Business Suite, Oracle Supply Chain Products Suite, Oracle PeopleSoft Products, Oracle JD Edwards Products, Oracle Siebel CRM, Oracle iLearning, Oracle Communications Applications, Oracle Retail Applications, Oracle Health Sciences Applications, Oracle Java SE, Oracle and Sun Systems Products, Oracle Linux and Virtualization, Oracle MySQL and Support Tools. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system. Security patches are available to resolve these vulnerabilities.
URL:www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html
30. Vulnerabilities in Blue Coat Malware Analysis appliance (VU#274244)
[15/04/2015] Vulnerabilities were identified in the Blue Coat Malware Analysis appliance. An attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code and perform cross-site scripting attacks. These vulnerabilities affect versions prior to 4.2.4.20150312-RELEASE of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:www.kb.cert.org/vuls/id/274244
31. Vulnerabilities in F5 Products (SOL16416, SOL16435)
[15/04/2015] Vulnerabilities were identified in the F5 BIG-IP LTM, BIG-IP AAM, BIG-IP AFM, BIG-IP Analytics, BIG-IP APM, BIG-IP ASM, BIG-IP Edge Gateway, BIG-IP GTM, BIG-IP Link Controller, BIG-IP PEM, BIG-IP PSM, BIG-IP WebAccelerator, BIG-IP WOM, ARX, Enterprise Manager, BIG-IQ Cloud, BIG-IQ Device, BIG-IQ Security and BIG-IQ-ADC. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, cause a denial of service condition and crash the system. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:support.f5.com/kb/en-us/solutions/public/16000/400/sol16416
URL:support.f5.com/kb/en-us/solutions/public/16000/400/sol16435
32. Vulnerabilities in SearchBlox (VU#697316)
[15/04/2015] Vulnerabilities were identified in the SearchBlox. An attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code and perform cross-site scripting attacks. These vulnerabilities affect versions prior to 8.2 of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:www.kb.cert.org/vuls/id/697316
33. Security Updates in Red Hat Enterprise Linux (RHSA-2015:0803-1, RHSA-2015:0806-1, RHSA-2015:0807-1, RHSA-2015:0808-1, RHSA-2015:0809-1)
[15/04/2015] Red Hat has released security update packages for fixing the vulnerabilities identified in the kernel, java-1.7.0-openjdk, java-1.6.0-openjdk and java-1.8.0-openjdk packages for Red Hat Enterprise Linux 5, 6, and 7. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:rhn.redhat.com/errata/RHSA-2015-0803.html
URL:rhn.redhat.com/errata/RHSA-2015-0806.html
URL:rhn.redhat.com/errata/RHSA-2015-0807.html
URL:rhn.redhat.com/errata/RHSA-2015-0808.html
URL:rhn.redhat.com/errata/RHSA-2015-0809.html
34. Security Updates in Ubuntu GNU/Linux (USN-2569-1)
[15/04/2015] Ubuntu has released security update packages for fixing the vulnerability identified in the Apport package for versions 14.04 LTS and 14.10 of Ubuntu GNU/Linux. An attacker could bypass security restrictions and gain elevated privileges.
URL:www.ubuntu.com/usn/usn-2569-1/
35. Vulnerability in Microsoft Windows NTLM
[14/04/2015] Vulnerability was identified in the Microsoft Windows NTLM. An attacker could bypass security restrictions and obtain sensitive information. This vulnerability affects multiple versions of the mentioned product.
URL:www.hkcert.org/my_url/en/alert/15041401
URL:www.kb.cert.org/vuls/id/672268
URL:exchange.xforce.ibmcloud.com/vulnerabilities/102206
36. Vulnerabilities in Cisco Web Security Appliance
[14/04/2015] Vulnerabilities were identified in the Cisco Web Security Appliance (WSA). An attacker could bypass security restrictions, gain elevated privileges and execute arbitrary code. These vulnerabilities affect firmware version 8.5 Base of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:tools.cisco.com/security/center/viewAlert.x?alertId=38305
URL:tools.cisco.com/security/center/viewAlert.x?alertId=38306
URL:exchange.xforce.ibmcloud.com/vulnerabilities/102204
URL:exchange.xforce.ibmcloud.com/vulnerabilities/102205
37. Vulnerability in HP Support Solution Framework (102203)
[14/04/2015] Vulnerability was identified in the HP Support Solution Framework. An attacker could bypass security restrictions, obtain sensitive information and execute arbitrary code. This vulnerability affects version 11.51 of the mentioned product. Security patches are available to resolve this vulnerability.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/102203
38. Vulnerability in IBM WebSphere Application Server (1701503)
[14/04/2015] Vulnerability was identified in the IBM WebSphere Application Server. An attacker could bypass security restrictions and obtain sensitive information. This vulnerability affects multiple versions of the mentioned product. Security patches are available to resolve this vulnerability.
URL:www.ibm.com/support/docview.wss?uid=swg21701503
39. Security Updates in Oracle Linux (ELSA-2015-0800)
[14/04/2015] Oracle has released security update packages for fixing the vulnerabilities identified in the openssl package for Oracle Linux 5. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the system.
URL:linux.oracle.com/errata/ELSA-2015-0800.html
40. Security Updates in Debian (DSA-3222-1, DSA-3223-1, DSA-3224-1)
[14/04/2015] Debian has released security update packages for fixing the vulnerabilities identified in the chrony, ntp and libx11 packages for multiple versions of Debian GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and crash the system.
URL:www.debian.org/security/2015/dsa-3222
URL:www.debian.org/security/2015/dsa-3223
URL:www.debian.org/security/2015/dsa-3224
41. Security Updates in SUSE (openSUSE-SU-2015:0713-1, openSUSE-SU-2015:0714-1)
[14/04/2015] SUSE has released security update packages for fixing the vulnerabilities identified in the Linux Kernel package of openSUSE 13.1 and 13.2. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and crash the system.
URL:lists.opensuse.org/opensuse-security-announce/2015-04/msg00008.html
URL:lists.opensuse.org/opensuse-security-announce/2015-04/msg00009.html
42. Security Updates in Red Hat Enterprise Linux (RHSA-2015:0800-1)
[14/04/2015] Red Hat has released security update packages for fixing the vulnerabilities identified in the openssl package for Red Hat Enterprise Linux 5. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and crash the system.
URL:rhn.redhat.com/errata/RHSA-2015-0800.html
43. Security Updates in Ubuntu GNU/Linux (USN-2567-1, USN-2568-1)
[14/04/2015] Ubuntu has released security update packages for fixing the vulnerabilities identified in the ntp, libx11 and libxrender packages for versions 12.04 LTS, 14.04 LTS and 14.10 of Ubuntu GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and crash the system.
URL:www.ubuntu.com/usn/usn-2567-1/
URL:www.ubuntu.com/usn/usn-2568-1/
44. Vulnerability in Cisco Aggregate Services Router 9000
[13/04/2015] Vulnerability was identified in the Cisco Aggregate Services Router 9000. An attacker could bypass security restriction and obtain sensitive information. This vulnerability affects firmware version 5.3.0 Base of the mentioned product. Security patches are available to resolve this vulnerability.
URL:tools.cisco.com/security/center/viewAlert.x?alertId=38292
URL:exchange.xforce.ibmcloud.com/vulnerabilities/102128
45. Vulnerability in Symantec Workspace Streaming Agent (SYM15-004)
[13/04/2015] Vulnerability was identified in the Symantec Workspace Streaming Agent. An attacker could bypass security restrictions and gain elevated privileges. This vulnerability affects versions prior to SWS 7.5SP1 HF4 and SWS 6.1SP8MP2 HF7 of the mentioned product. Security patches are available to resolve this vulnerability.
URL:www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2015&suid=20150410_00
46. Vulnerability in Mailman (102109)
[13/04/2015] Vulnerability was identified in the Mailman. An attacker could bypass security restrictions and gain elevated privileges. This vulnerability affects versions prior to 2.1.20 of the mentioned product. Security patches are available to resolve this vulnerability.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/102109
47. Vulnerability in WordPress (102139)
[13/04/2015] Vulnerability was identified in the Windows Desktop and iPhone Photo Uploader plugin for WordPress. An attacker could bypass security restrictions and execute arbitrary code. This vulnerability affects version 1.8 of the mentioned product.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/102139
48. Security Updates in Oracle Linux (ELSA-2015-0797)
[13/04/2015] Oracle has released security update packages for fixing the vulnerability identified in the xorg-x11-server package for Oracle Linux 6 and 7. An attacker could bypass security restriction, obtain sensitive information, cause a denial of service condition and crash the system.
URL:linux.oracle.com/errata/ELSA-2015-0797.html
49. Security Updates in Debian (DSA-3218-1, DSA-3219-1, DSA-3220-1, DSA-3221-1)
[13/04/2015] Debian has released security update packages for fixing the vulnerability identified in the wesnoth-1.10, libdbd-firebird-perl, libtasn1-3 and das-watchdog packages for multiple versions of Debian GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:www.debian.org/security/2015/dsa-3218
URL:www.debian.org/security/2015/dsa-3219
URL:www.debian.org/security/2015/dsa-3220
URL:www.debian.org/security/2015/dsa-3221
50. Security Updates in Gentoo Linux (GLSA 201504-02, GLSA 201504-03, GLSA 201504-04, GLSA 201504-05)
[13/04/2015] Gentoo has released security update packages for fixing the vulnerabilities identified in the sudo, apache, xen and mysql packages for multiple versions of Gentoo Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and crash the system.
URL:security.gentoo.org/glsa/201504-02
URL:security.gentoo.org/glsa/201504-03
URL:security.gentoo.org/glsa/201504-04
URL:security.gentoo.org/glsa/201504-05
51. Security Updates in Mandriva (MDVSA-2015:199, MDVSA-2015:200, MDVSA-2015:201, MDVSA-2015:202, MDVSA-2015:203)
[13/04/2015] Mandriva has released security update packages for fixing the vulnerabilities identified in the less, mediawiki, arj, ntp and batik packages for versions MBS1 and MBS2 of Mandriva GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, perform man-in-the-middle attackers, cause a denial of service condition and compromise the system.
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2015%3A199/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2015%3A200/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2015%3A201/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2015%3A202/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2015%3A203/
52. Security Updates in SUSE (SUSE-SU-2015:0702-1, SUSE-SU-2015:0704-1, SUSE-SU-2015:0704-2)
[13/04/2015] SUSE has released security update packages for fixing the vulnerabilities identified in the libXfont and MozillaFirefox packages of SUSE Linux Enterprise 12. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:lists.opensuse.org/opensuse-security-announce/2015-04/msg00005.html
URL:lists.opensuse.org/opensuse-security-announce/2015-04/msg00006.html
URL:lists.opensuse.org/opensuse-security-announce/2015-04/msg00007.html
53. Security Updates in Red Hat Enterprise Linux (RHSA-2015:0797-1)
[13/04/2015] Red Hat has released security update packages for fixing the vulnerability identified in the xorg-x11-server package for Red Hat Enterprise Linux 6 and 7. An attacker could bypass security restriction, obtain sensitive information, cause a denial of service condition and crash the system.
URL:rhn.redhat.com/errata/RHSA-2015-0797.html
Malware Alert
The Simda botnet is a network of computers infected with self-propagating malware, which has compromised more than 770,000 computers worldwide since 2009. This malware may re-route a user's Internet traffic to websites under criminal control or can be used to install additional malware.
A system infected with Simda may allow cyber criminals to harvest user credentials, including banking information; install additional malware; or cause other malicious attacks. The breadth of infected systems allows Simda operators flexibility to load custom features tailored to individual targets.
This malware runs on Microsoft Windows. Malware signatures and removal procedures are available from most anti-virus vendors. For more information about this malware, please refer to the following link:
URL:www.us-cert.gov/ncas/alerts/TA15-105AURL:www.cyberdefense.jp/simda/URL:www.interpol.int/en/News-and-media/News/2015/N2015-038URL:blogs.technet.com/b/mmpc/archive/2015/04/12/microsoft-partners-with-interpol-industry-to-disrupt-global-malware-attack-affecting-more-than-770-000-pcs-in-past-six-months-39-simda-at-39-designed-to-divert-internet-traffic-to-disseminate-other-types-of-malware.aspxURL:blog.trendmicro.com/trendlabs-security-intelligence/simda-a-botnet-takedown/URL:securelist.com/blog/69580/simdas-hide-and-seek-grown-up-games/URL:www.symantec.com/connect/blogs/simda-botnet-hit-interpol-takedown
[17/04/2015] Vulnerability was identified in the Apache HTTP Server. An attacker could bypass security restrictions, cause a denial of service condition and crash the system. This vulnerability affects versions 2.2.29, 2.4.12 and possibly other versions of the mentioned product.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/102374
2. Vulnerability in Cisco Secure Access Control Server
[17/04/2015] Vulnerability was identified in the Cisco Secure Access Control Server. An attacker could bypass security restrictions, execute arbitrary code, perform cross-site request forgery attacks. This vulnerability affects multiple firmware versions of the mentioned product. Security patches are available to resolve this vulnerability.
URL:tools.cisco.com/security/center/viewAlert.x?alertId=38403
URL:exchange.xforce.ibmcloud.com/vulnerabilities/102412
3. Vulnerability in HP Network Automation (c04574207)
[17/04/2015] Vulnerability was identified in the HP Network Automation. An attacker could bypass security restrictions, execute arbitrary code, perform cross-site request forgery, cross-site scripting and clickjacking attacks. This vulnerability affects multiple versions of the mentioned product. Security patches are available to resolve this vulnerability.
URL:h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04574207
URL:exchange.xforce.ibmcloud.com/vulnerabilities/102405
4. Vulnerabilities in Huawei products (HW-424267)
[17/04/2015] Vulnerabilities were identified in multiple Huawei products. An attacker could bypass security restrictions, execute arbitrary code, perform XML injection and CSS injection attacks. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:www.huawei.com/en/security/psirt/security-bulletins/security-notices/archive/hw-424267.htm
5. Vulnerabilities in Novell Products (5203090, 5203091, 5203092)
[17/04/2015] Vulnerabilities were identified in the Novell Identity Manager and NetIQ eDirectory. An attacker could bypass security restriction, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the system. These vulnerabilities affect multiple versions of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:download.novell.com/Download?buildid=HC2GixnAgPU~
URL:download.novell.com/Download?buildid=N8vYScT2aao~
URL:download.novell.com/Download?buildid=uq64QLv_TVc~
6. Vulnerabilities in Drupal (DRUPAL-SA-CONTRIB-2015-095, DRUPAL-SA-CONTRIB-2015-096)
[17/04/2015] Vulnerabilities were identified in the Display Suite module and Services module for Drupal. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code and perform cross-site scripting attacks. These vulnerabilities affect multiple versions of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:www.drupal.org/security/contrib
URL:www.drupal.org/node/2471733
URL:www.drupal.org/node/2471879
URL:exchange.xforce.ibmcloud.com/vulnerabilities/102407
URL:exchange.xforce.ibmcloud.com/vulnerabilities/102408
URL:exchange.xforce.ibmcloud.com/vulnerabilities/102409
URL:exchange.xforce.ibmcloud.com/vulnerabilities/102410
7. Vulnerability in PHP (102411)
[17/04/2015] Vulnerability was identified in the PHP. An attacker could bypass security restrictions and obtain sensitive information. This vulnerability affects version 5.5 of the mentioned product. Security patches are available to resolve this vulnerability.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/102411
8. Vulnerabilities in SQLite
[17/04/2015] Vulnerabilities were identified in the SQLite. An attacker could bypass security restrictions, execute arbitrary code, cause a denial of service condition and compromise the system. These vulnerabilities affect versions prior to 3.8.9 of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:www.sqlite.org/releaselog/3_8_9.html
URL:www.hkcert.org/my_url/en/alert/15041701
9. Vulnerabilities in multiple plugins for WordPress (102392, 102402)
[17/04/2015] Vulnerabilities were identified in the Statistics plugin and MiwoFTP Plugin for WordPress. An attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code and perform cross-site scripting attacks. These vulnerabilities affect multiple versions of the mentioned plugins. Security patches are available to resolve these vulnerabilities.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/102392
URL:exchange.xforce.ibmcloud.com/vulnerabilities/102402
10. Security Updates in Debian (DSA-3225-1, DSA-3226-1)
[17/04/2015] Debian has released security update packages for fixing the vulnerabilities identified in the gst-plugins-bad0.10 and inspircd packages for multiple versions of Debian GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, gain elevated privileges and execute arbitrary code, cause a denial of service condition and crash the system.
URL:www.debian.org/security/2015/dsa-3225
URL:www.debian.org/security/2015/dsa-3226
11. Security Updates in SUSE (openSUSE-SU-2015:0725-1)
[17/04/2015] SUSE has released security update packages for fixing the vulnerabilities identified in the Adobe Flash Player package of openSUSE Evergreen 11.4. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:lists.opensuse.org/opensuse-security-announce/2015-04/msg00013.html
12. Security Updates in Red Hat Enterprise Linux (RHSA-2015:0816-1)
[17/04/2015] Red Hat has released security update packages for fixing the vulnerabilities identified in the chromium-browser package for Red Hat Enterprise Linux 6. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:rhn.redhat.com/errata/RHSA-2015-0816.html
13. Security Updates in Ubuntu GNU/Linux (USN-2569-2)
[17/04/2015] Ubuntu has released security update packages for fixing the vulnerability identified in the apport package for versions 14.04 LTS and 14.10 of Ubuntu GNU/Linux. An attacker could bypass security restrictions and gain elevated privileges.
URL:www.ubuntu.com/usn/usn-2569-2/
14. Information Updates on Microsoft Security Advisory (2755801)
[16/04/2015] Microsoft has updated information on the Security Advisory for the Adobe Flash Player in Internet Explorer on all supported editions of Windows. KB2755801 added the 3049508 update to the Current Update section.
URL:technet.microsoft.com/en-gb/library/security/2755801
15. Vulnerabilities in Cisco Products (cisco-sa-20150415-csd, cisco-sa-20150415-iosxr)
[16/04/2015] Vulnerabilities were identified in the Cisco Secure Desktop, Cisco IOS XR Software, Cisco TelePresence Collaboration Desk and Room Endpoints, Cisco Web Security Appliance and Cisco Unified Communications Manager. An attacker could bypass security restrictions, execute arbitrary code, perform cross-site scripting and HTML redirection attacks, cause a denial of service condition and crash the system. These vulnerabilities affect multiple firmware versions of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150415-csd
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150415-iosxr
URL:tools.cisco.com/security/center/viewAlert.x?alertId=38349
URL:tools.cisco.com/security/center/viewAlert.x?alertId=38350
URL:tools.cisco.com/security/center/viewAlert.x?alertId=38351
URL:tools.cisco.com/security/center/viewAlert.x?alertId=38366
URL:exchange.xforce.ibmcloud.com/vulnerabilities/102245
URL:exchange.xforce.ibmcloud.com/vulnerabilities/102246
URL:exchange.xforce.ibmcloud.com/vulnerabilities/102286
URL:exchange.xforce.ibmcloud.com/vulnerabilities/102287
16. Vulnerabilities in Google Chrome
[16/04/2015] Vulnerabilities were identified in the Google Chrome. An attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code and cause a denial of service condition. These vulnerabilities affect versions prior to 42.0.2311.90 of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:googlechromereleases.blogspot.hk/2015/04/stable-channel-update_14.html
URL:www.hkcert.org/my_url/en/alert/15041601
URL:www.us-cert.gov/ncas/current-activity/2015/04/15/Google-Releases-Security-Update-Chrome
17. Vulnerability in IBM Domino (1701647)
[16/04/2015] Vulnerability was identified in the IBM Domino. An attacker could bypass security restrictions and execute arbitrary code. This vulnerability affects multiple versions of the mentioned product. Security patches are available to resolve this vulnerability.
URL:www.ibm.com/support/docview.wss?uid=swg21701647
18. Vulnerabilities in Novell iPrint Appliance (5207250)
[16/04/2015] Vulnerabilities were identified in the Novell iPrint Appliance 1.1. An attacker could bypass security restriction, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the system. These vulnerabilities affect multiple versions of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:download.novell.com/Download?buildid=tfzIbipVwOE~
19. Vulnerabilities in F5 ARX (SOL16442, SOL16443, SOL16444)
[16/04/2015] Vulnerabilities were identified in the F5 ARX. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, cause a denial of service condition and crash the system. These vulnerabilities affect versions 6.0.0 to 6.4.0 of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:support.f5.com/kb/en-us/solutions/public/16000/400/sol16442.html
URL:support.f5.com/kb/en-us/solutions/public/16000/400/sol16443.html
URL:support.f5.com/kb/en-us/solutions/public/16000/400/sol16444.html
20. Security Updates in Oracle Linux (ELSA-2015-0806, ELSA-2015-0807, ELSA-2015-0808, ELSA-2015-0809)
[16/04/2015] Oracle has released security update packages for fixing the vulnerabilities identified in the java-1.7.0-openjdk, java-1.6.0-openjdk and java-1.8.0-openjdk packages for Oracle Linux 5, 6 and 7. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:linux.oracle.com/errata/ELSA-2015-0806.html
URL:linux.oracle.com/errata/ELSA-2015-0807.html
URL:linux.oracle.com/errata/ELSA-2015-0808.html
URL:linux.oracle.com/errata/ELSA-2015-0809.html
21. Security Updates in Debian (DSA-3227-1)
[16/04/2015] Debian has released security update packages for fixing the vulnerability identified in the movabletype-opensource packages for multiple versions of Debian GNU/Linux. An attacker could bypass security restrictions, gain elevated privileges and execute arbitrary code.
URL:www.debian.org/security/2015/dsa-3227
22. Security Updates in Mageia (MGASA-2015-0144, MGASA-2015-0145, MGASA-2015-0146, MGASA-2015-0147, MGASA-2015-0148, MGASA-2015-0149, MGASA-2015-0150, MGASA-2015-0151, MGASA-2015-0152, MGASA-2015-0153, MGASA-2015-0154, MGASA-2015-0154, MGASA-2015-0156, MGASA-2015-0157, MGASA-2015-0158)
[16/04/2015] Mageia has released security update packages for fixing the vulnerabilities identified in the xterm, socat, glusterfs, librsync, duplicity, rdiff-backup, quassel, shibboleth-sp, qemu, arj, tor, ntp, asterisk, wesnoth, flash-player-plugin, mono, python-dulwich and java-1.7.0-openjdk packages for multiple versions of Mageia. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:advisories.mageia.org/MGASA-2015-0144.html
URL:advisories.mageia.org/MGASA-2015-0145.html
URL:advisories.mageia.org/MGASA-2015-0146.html
URL:advisories.mageia.org/MGASA-2015-0147.html
URL:advisories.mageia.org/MGASA-2015-0148.html
URL:advisories.mageia.org/MGASA-2015-0159.html
URL:advisories.mageia.org/MGASA-2015-0150.html
URL:advisories.mageia.org/MGASA-2015-0151.html
URL:advisories.mageia.org/MGASA-2015-0152.html
URL:advisories.mageia.org/MGASA-2015-0153.html
URL:advisories.mageia.org/MGASA-2015-0154.html
URL:advisories.mageia.org/MGASA-2015-0155.html
URL:advisories.mageia.org/MGASA-2015-0156.html
URL:advisories.mageia.org/MGASA-2015-0157.html
URL:advisories.mageia.org/MGASA-2015-0158.html
23. Security Updates in SUSE (openSUSE-SU-2015:0718-1, SUSE-SU-2015:0722-1, SUSE-SU-2015:0723-1)
[16/04/2015] SUSE has released security update packages for fixing the vulnerabilities identified in the Adobe Flash Player package of openSUSE 13.1 and 13.2, SUSE Linux Enterprise 11 and 12. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:lists.opensuse.org/opensuse-security-announce/2015-04/msg00010.html
URL:lists.opensuse.org/opensuse-security-announce/2015-04/msg00011.html
URL:lists.opensuse.org/opensuse-security-announce/2015-04/msg00012.html
24. Security Updates in Red Hat Enterprise Linux (RHSA-2015:0813-1)
[16/04/2015] Red Hat has released security update packages for fixing the vulnerabilities identified in the Adobe Flash Player package for Red Hat Enterprise Linux 5 and 6. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:rhn.redhat.com/errata/RHSA-2015-0813.html
25. Vulnerabilities in Microsoft Products (3038314, 3048019, 3042553, 3046306, 3052044, 3046269, 3049576, 3046482, 3045711, 3048010, 3047234)
[15/04/2015] Vulnerabilities were identified in the Microsoft Internet Explorer, Microsoft Office, Microsoft Windows, Microsoft Office server and productivity software, Microsoft Active Directory Federation Services (AD FS) and Microsoft .NET Framework. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code and compromise the system. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:technet.microsoft.com/library/security/ms15-apr
URL:technet.microsoft.com/en-us/library/security/MS15-032
URL:technet.microsoft.com/en-us/library/security/MS15-033
URL:technet.microsoft.com/en-us/library/security/MS15-034
URL:technet.microsoft.com/en-us/library/security/MS15-035
URL:technet.microsoft.com/en-us/library/security/MS15-036
URL:technet.microsoft.com/en-us/library/security/MS15-037
URL:technet.microsoft.com/en-us/library/security/MS15-038
URL:technet.microsoft.com/en-us/library/security/MS15-039
URL:technet.microsoft.com/en-us/library/security/MS15-040
URL:technet.microsoft.com/en-us/library/security/MS15-041
URL:technet.microsoft.com/en-us/library/security/MS15-042
URL:www.hkcert.org/my_url/en/alert/15041501
URL:www.hkcert.org/my_url/en/alert/15041502
URL:www.hkcert.org/my_url/en/alert/15041503
URL:www.hkcert.org/my_url/en/alert/15041504
URL:www.hkcert.org/my_url/en/alert/15041505
URL:www.hkcert.org/my_url/en/alert/15041506
URL:www.hkcert.org/my_url/en/alert/15041507
URL:www.hkcert.org/my_url/en/alert/15041508
URL:www.hkcert.org/my_url/en/alert/15041509
URL:www.hkcert.org/my_url/en/alert/15041510
URL:www.hkcert.org/my_url/en/alert/15041511
URL:www.us-cert.gov/ncas/current-activity/2015/04/14/Microsoft-Releases-April-2015-Security-Bulletin
26. Information Updates on Microsoft Security Advisory (3009008)
[15/04/2015] Microsoft has updated information on the Security Advisory for the Microsoft Windows. KB3009008 was revised to announce with the release of security update 3038314 on April 14, 2015 SSL 3.0 is disabled by default in Internet Explorer 11, and to add instructions for how to undo the workarounds.
URL:technet.microsoft.com/en-us/library/security/3009008
27. Information Updates on Microsoft Security Advisory (3045755)
[15/04/2015] Microsoft has published a Security Advisory KB3045755 for Microsoft Windows to improve the authentication used by the Public Key Cryptography User-to-User (PKU2U) security support provider (SSP) in Windows 8.1, Windows Server 2012 R2, and Windows RT 8.1.
URL:technet.microsoft.com/en-us/library/security/3045755
28. Vulnerabilities in Adobe Products (APSB15-06, APSB15-07, APSB15-08)
[15/04/2015] Vulnerabilities were identified in the Adobe Flash Player, Adobe ColdFusion and Adobe Flex ASdoc Tool. An attacker could bypass security restrictions, execute arbitrary code and compromise the system. These vulnerabilities affect multiple versions of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:helpx.adobe.com/security/products/flex/apsb15-06.html
URL:helpx.adobe.com/security/products/flex/apsb15-07.html
URL:helpx.adobe.com/security/products/flex/apsb15-08.html
URL:www.hkcert.org/my_url/en/alert/15041512
29. Security Updates in Oracle Products
[15/04/2015] Oracle has released security update packages for fixing the vulnerabilities identified in the Oracle Database Server, Oracle Fusion Applications and Middleware, Oracle Enterprise Manager Grid Control, Oracle E-Business Suite, Oracle Supply Chain Products Suite, Oracle PeopleSoft Products, Oracle JD Edwards Products, Oracle Siebel CRM, Oracle iLearning, Oracle Communications Applications, Oracle Retail Applications, Oracle Health Sciences Applications, Oracle Java SE, Oracle and Sun Systems Products, Oracle Linux and Virtualization, Oracle MySQL and Support Tools. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system. Security patches are available to resolve these vulnerabilities.
URL:www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html
30. Vulnerabilities in Blue Coat Malware Analysis appliance (VU#274244)
[15/04/2015] Vulnerabilities were identified in the Blue Coat Malware Analysis appliance. An attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code and perform cross-site scripting attacks. These vulnerabilities affect versions prior to 4.2.4.20150312-RELEASE of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:www.kb.cert.org/vuls/id/274244
31. Vulnerabilities in F5 Products (SOL16416, SOL16435)
[15/04/2015] Vulnerabilities were identified in the F5 BIG-IP LTM, BIG-IP AAM, BIG-IP AFM, BIG-IP Analytics, BIG-IP APM, BIG-IP ASM, BIG-IP Edge Gateway, BIG-IP GTM, BIG-IP Link Controller, BIG-IP PEM, BIG-IP PSM, BIG-IP WebAccelerator, BIG-IP WOM, ARX, Enterprise Manager, BIG-IQ Cloud, BIG-IQ Device, BIG-IQ Security and BIG-IQ-ADC. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, cause a denial of service condition and crash the system. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:support.f5.com/kb/en-us/solutions/public/16000/400/sol16416
URL:support.f5.com/kb/en-us/solutions/public/16000/400/sol16435
32. Vulnerabilities in SearchBlox (VU#697316)
[15/04/2015] Vulnerabilities were identified in the SearchBlox. An attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code and perform cross-site scripting attacks. These vulnerabilities affect versions prior to 8.2 of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:www.kb.cert.org/vuls/id/697316
33. Security Updates in Red Hat Enterprise Linux (RHSA-2015:0803-1, RHSA-2015:0806-1, RHSA-2015:0807-1, RHSA-2015:0808-1, RHSA-2015:0809-1)
[15/04/2015] Red Hat has released security update packages for fixing the vulnerabilities identified in the kernel, java-1.7.0-openjdk, java-1.6.0-openjdk and java-1.8.0-openjdk packages for Red Hat Enterprise Linux 5, 6, and 7. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:rhn.redhat.com/errata/RHSA-2015-0803.html
URL:rhn.redhat.com/errata/RHSA-2015-0806.html
URL:rhn.redhat.com/errata/RHSA-2015-0807.html
URL:rhn.redhat.com/errata/RHSA-2015-0808.html
URL:rhn.redhat.com/errata/RHSA-2015-0809.html
34. Security Updates in Ubuntu GNU/Linux (USN-2569-1)
[15/04/2015] Ubuntu has released security update packages for fixing the vulnerability identified in the Apport package for versions 14.04 LTS and 14.10 of Ubuntu GNU/Linux. An attacker could bypass security restrictions and gain elevated privileges.
URL:www.ubuntu.com/usn/usn-2569-1/
35. Vulnerability in Microsoft Windows NTLM
[14/04/2015] Vulnerability was identified in the Microsoft Windows NTLM. An attacker could bypass security restrictions and obtain sensitive information. This vulnerability affects multiple versions of the mentioned product.
URL:www.hkcert.org/my_url/en/alert/15041401
URL:www.kb.cert.org/vuls/id/672268
URL:exchange.xforce.ibmcloud.com/vulnerabilities/102206
36. Vulnerabilities in Cisco Web Security Appliance
[14/04/2015] Vulnerabilities were identified in the Cisco Web Security Appliance (WSA). An attacker could bypass security restrictions, gain elevated privileges and execute arbitrary code. These vulnerabilities affect firmware version 8.5 Base of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:tools.cisco.com/security/center/viewAlert.x?alertId=38305
URL:tools.cisco.com/security/center/viewAlert.x?alertId=38306
URL:exchange.xforce.ibmcloud.com/vulnerabilities/102204
URL:exchange.xforce.ibmcloud.com/vulnerabilities/102205
37. Vulnerability in HP Support Solution Framework (102203)
[14/04/2015] Vulnerability was identified in the HP Support Solution Framework. An attacker could bypass security restrictions, obtain sensitive information and execute arbitrary code. This vulnerability affects version 11.51 of the mentioned product. Security patches are available to resolve this vulnerability.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/102203
38. Vulnerability in IBM WebSphere Application Server (1701503)
[14/04/2015] Vulnerability was identified in the IBM WebSphere Application Server. An attacker could bypass security restrictions and obtain sensitive information. This vulnerability affects multiple versions of the mentioned product. Security patches are available to resolve this vulnerability.
URL:www.ibm.com/support/docview.wss?uid=swg21701503
39. Security Updates in Oracle Linux (ELSA-2015-0800)
[14/04/2015] Oracle has released security update packages for fixing the vulnerabilities identified in the openssl package for Oracle Linux 5. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the system.
URL:linux.oracle.com/errata/ELSA-2015-0800.html
40. Security Updates in Debian (DSA-3222-1, DSA-3223-1, DSA-3224-1)
[14/04/2015] Debian has released security update packages for fixing the vulnerabilities identified in the chrony, ntp and libx11 packages for multiple versions of Debian GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and crash the system.
URL:www.debian.org/security/2015/dsa-3222
URL:www.debian.org/security/2015/dsa-3223
URL:www.debian.org/security/2015/dsa-3224
41. Security Updates in SUSE (openSUSE-SU-2015:0713-1, openSUSE-SU-2015:0714-1)
[14/04/2015] SUSE has released security update packages for fixing the vulnerabilities identified in the Linux Kernel package of openSUSE 13.1 and 13.2. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and crash the system.
URL:lists.opensuse.org/opensuse-security-announce/2015-04/msg00008.html
URL:lists.opensuse.org/opensuse-security-announce/2015-04/msg00009.html
42. Security Updates in Red Hat Enterprise Linux (RHSA-2015:0800-1)
[14/04/2015] Red Hat has released security update packages for fixing the vulnerabilities identified in the openssl package for Red Hat Enterprise Linux 5. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and crash the system.
URL:rhn.redhat.com/errata/RHSA-2015-0800.html
43. Security Updates in Ubuntu GNU/Linux (USN-2567-1, USN-2568-1)
[14/04/2015] Ubuntu has released security update packages for fixing the vulnerabilities identified in the ntp, libx11 and libxrender packages for versions 12.04 LTS, 14.04 LTS and 14.10 of Ubuntu GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and crash the system.
URL:www.ubuntu.com/usn/usn-2567-1/
URL:www.ubuntu.com/usn/usn-2568-1/
44. Vulnerability in Cisco Aggregate Services Router 9000
[13/04/2015] Vulnerability was identified in the Cisco Aggregate Services Router 9000. An attacker could bypass security restriction and obtain sensitive information. This vulnerability affects firmware version 5.3.0 Base of the mentioned product. Security patches are available to resolve this vulnerability.
URL:tools.cisco.com/security/center/viewAlert.x?alertId=38292
URL:exchange.xforce.ibmcloud.com/vulnerabilities/102128
45. Vulnerability in Symantec Workspace Streaming Agent (SYM15-004)
[13/04/2015] Vulnerability was identified in the Symantec Workspace Streaming Agent. An attacker could bypass security restrictions and gain elevated privileges. This vulnerability affects versions prior to SWS 7.5SP1 HF4 and SWS 6.1SP8MP2 HF7 of the mentioned product. Security patches are available to resolve this vulnerability.
URL:www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2015&suid=20150410_00
46. Vulnerability in Mailman (102109)
[13/04/2015] Vulnerability was identified in the Mailman. An attacker could bypass security restrictions and gain elevated privileges. This vulnerability affects versions prior to 2.1.20 of the mentioned product. Security patches are available to resolve this vulnerability.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/102109
47. Vulnerability in WordPress (102139)
[13/04/2015] Vulnerability was identified in the Windows Desktop and iPhone Photo Uploader plugin for WordPress. An attacker could bypass security restrictions and execute arbitrary code. This vulnerability affects version 1.8 of the mentioned product.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/102139
48. Security Updates in Oracle Linux (ELSA-2015-0797)
[13/04/2015] Oracle has released security update packages for fixing the vulnerability identified in the xorg-x11-server package for Oracle Linux 6 and 7. An attacker could bypass security restriction, obtain sensitive information, cause a denial of service condition and crash the system.
URL:linux.oracle.com/errata/ELSA-2015-0797.html
49. Security Updates in Debian (DSA-3218-1, DSA-3219-1, DSA-3220-1, DSA-3221-1)
[13/04/2015] Debian has released security update packages for fixing the vulnerability identified in the wesnoth-1.10, libdbd-firebird-perl, libtasn1-3 and das-watchdog packages for multiple versions of Debian GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:www.debian.org/security/2015/dsa-3218
URL:www.debian.org/security/2015/dsa-3219
URL:www.debian.org/security/2015/dsa-3220
URL:www.debian.org/security/2015/dsa-3221
50. Security Updates in Gentoo Linux (GLSA 201504-02, GLSA 201504-03, GLSA 201504-04, GLSA 201504-05)
[13/04/2015] Gentoo has released security update packages for fixing the vulnerabilities identified in the sudo, apache, xen and mysql packages for multiple versions of Gentoo Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and crash the system.
URL:security.gentoo.org/glsa/201504-02
URL:security.gentoo.org/glsa/201504-03
URL:security.gentoo.org/glsa/201504-04
URL:security.gentoo.org/glsa/201504-05
51. Security Updates in Mandriva (MDVSA-2015:199, MDVSA-2015:200, MDVSA-2015:201, MDVSA-2015:202, MDVSA-2015:203)
[13/04/2015] Mandriva has released security update packages for fixing the vulnerabilities identified in the less, mediawiki, arj, ntp and batik packages for versions MBS1 and MBS2 of Mandriva GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, perform man-in-the-middle attackers, cause a denial of service condition and compromise the system.
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2015%3A199/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2015%3A200/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2015%3A201/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2015%3A202/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2015%3A203/
52. Security Updates in SUSE (SUSE-SU-2015:0702-1, SUSE-SU-2015:0704-1, SUSE-SU-2015:0704-2)
[13/04/2015] SUSE has released security update packages for fixing the vulnerabilities identified in the libXfont and MozillaFirefox packages of SUSE Linux Enterprise 12. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:lists.opensuse.org/opensuse-security-announce/2015-04/msg00005.html
URL:lists.opensuse.org/opensuse-security-announce/2015-04/msg00006.html
URL:lists.opensuse.org/opensuse-security-announce/2015-04/msg00007.html
53. Security Updates in Red Hat Enterprise Linux (RHSA-2015:0797-1)
[13/04/2015] Red Hat has released security update packages for fixing the vulnerability identified in the xorg-x11-server package for Red Hat Enterprise Linux 6 and 7. An attacker could bypass security restriction, obtain sensitive information, cause a denial of service condition and crash the system.
URL:rhn.redhat.com/errata/RHSA-2015-0797.html
Malware Alert
The Simda botnet is a network of computers infected with self-propagating malware, which has compromised more than 770,000 computers worldwide since 2009. This malware may re-route a user's Internet traffic to websites under criminal control or can be used to install additional malware.
A system infected with Simda may allow cyber criminals to harvest user credentials, including banking information; install additional malware; or cause other malicious attacks. The breadth of infected systems allows Simda operators flexibility to load custom features tailored to individual targets.
This malware runs on Microsoft Windows. Malware signatures and removal procedures are available from most anti-virus vendors. For more information about this malware, please refer to the following link:
URL:www.us-cert.gov/ncas/alerts/TA15-105AURL:www.cyberdefense.jp/simda/URL:www.interpol.int/en/News-and-media/News/2015/N2015-038URL:blogs.technet.com/b/mmpc/archive/2015/04/12/microsoft-partners-with-interpol-industry-to-disrupt-global-malware-attack-affecting-more-than-770-000-pcs-in-past-six-months-39-simda-at-39-designed-to-divert-internet-traffic-to-disseminate-other-types-of-malware.aspxURL:blog.trendmicro.com/trendlabs-security-intelligence/simda-a-botnet-takedown/URL:securelist.com/blog/69580/simdas-hide-and-seek-grown-up-games/URL:www.symantec.com/connect/blogs/simda-botnet-hit-interpol-takedown
Subscribe to:
Posts (Atom)