1. Vulnerability
in Apache HTTP Server (102374)
[17/04/2015] Vulnerability was identified in the Apache HTTP Server. An
attacker could bypass security restrictions, cause a denial of service condition
and crash the system. This vulnerability affects versions 2.2.29, 2.4.12 and
possibly other versions of the mentioned
product.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/102374
2. Vulnerability in Cisco Secure Access Control
Server
[17/04/2015]
Vulnerability was identified in the Cisco Secure
Access Control Server. An attacker could bypass security restrictions, execute
arbitrary code, perform cross-site request forgery attacks. This vulnerability
affects multiple firmware versions of the mentioned product. Security patches
are available to resolve this
vulnerability.
URL:tools.cisco.com/security/center/viewAlert.x?alertId=38403
URL:exchange.xforce.ibmcloud.com/vulnerabilities/102412
3. Vulnerability in HP Network Automation
(c04574207)
[17/04/2015] Vulnerability was identified in the HP Network Automation. An
attacker could bypass security restrictions, execute arbitrary code, perform
cross-site request forgery, cross-site scripting and clickjacking attacks. This
vulnerability affects multiple versions of the mentioned product. Security
patches are available to resolve this
vulnerability.
URL:h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04574207
URL:exchange.xforce.ibmcloud.com/vulnerabilities/102405
4. Vulnerabilities in Huawei products
(HW-424267)
[17/04/2015] Vulnerabilities were identified in multiple Huawei products.
An attacker could bypass security restrictions, execute arbitrary code, perform
XML injection and CSS injection attacks. These vulnerabilities affect multiple
versions of the mentioned products. Security patches are available to resolve
these
vulnerabilities.
URL:www.huawei.com/en/security/psirt/security-bulletins/security-notices/archive/hw-424267.htm
5. Vulnerabilities in Novell Products (5203090, 5203091,
5203092)
[17/04/2015]
Vulnerabilities were identified in the Novell
Identity Manager and NetIQ eDirectory. An attacker could bypass security
restriction, gain elevated privileges, execute arbitrary code, cause a denial of
service condition and crash the system. These vulnerabilities affect multiple
versions of the mentioned product. Security patches are available to resolve
these
vulnerabilities.
URL:download.novell.com/Download?buildid=HC2GixnAgPU~
URL:download.novell.com/Download?buildid=N8vYScT2aao~
URL:download.novell.com/Download?buildid=uq64QLv_TVc~
6. Vulnerabilities in Drupal (DRUPAL-SA-CONTRIB-2015-095,
DRUPAL-SA-CONTRIB-2015-096)
[17/04/2015] Vulnerabilities were identified in the Display Suite module
and Services module for Drupal. An attacker could bypass security restrictions,
obtain sensitive information, gain elevated privileges, execute arbitrary code
and perform cross-site scripting attacks. These vulnerabilities affect multiple
versions of the mentioned product. Security patches are available to resolve
these
vulnerabilities.
URL:www.drupal.org/security/contrib
URL:www.drupal.org/node/2471733
URL:www.drupal.org/node/2471879
URL:exchange.xforce.ibmcloud.com/vulnerabilities/102407
URL:exchange.xforce.ibmcloud.com/vulnerabilities/102408
URL:exchange.xforce.ibmcloud.com/vulnerabilities/102409
URL:exchange.xforce.ibmcloud.com/vulnerabilities/102410
7. Vulnerability in PHP
(102411)
[17/04/2015]
Vulnerability was identified in the PHP. An
attacker could bypass security restrictions and obtain sensitive information.
This vulnerability affects version 5.5 of the mentioned product. Security
patches are available to resolve this
vulnerability.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/102411
8. Vulnerabilities in SQLite
[17/04/2015] Vulnerabilities were identified in the SQLite. An attacker
could bypass security restrictions, execute arbitrary code, cause a denial of
service condition and compromise the system. These vulnerabilities affect
versions prior to 3.8.9 of the mentioned product. Security patches are available
to resolve these
vulnerabilities.
URL:www.sqlite.org/releaselog/3_8_9.html
URL:www.hkcert.org/my_url/en/alert/15041701
9. Vulnerabilities in multiple plugins for WordPress
(102392, 102402)
[17/04/2015] Vulnerabilities were identified in the Statistics plugin and
MiwoFTP Plugin for WordPress. An attacker could bypass security restrictions,
obtain sensitive information, execute arbitrary code and perform cross-site
scripting attacks. These vulnerabilities affect multiple versions of the
mentioned plugins. Security patches are available to resolve these
vulnerabilities.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/102392
URL:exchange.xforce.ibmcloud.com/vulnerabilities/102402
10.
Security Updates in Debian (DSA-3225-1,
DSA-3226-1)
[17/04/2015] Debian has
released security update packages for fixing the vulnerabilities identified in
the gst-plugins-bad0.10 and inspircd packages for multiple versions of Debian
GNU/Linux. Due to multiple errors, an attacker could bypass security
restrictions, gain elevated privileges and execute arbitrary code, cause a
denial of service condition and crash the
system.
URL:www.debian.org/security/2015/dsa-3225
URL:www.debian.org/security/2015/dsa-3226
11.
Security Updates in SUSE
(openSUSE-SU-2015:0725-1)
[17/04/2015] SUSE has
released security update packages for fixing the vulnerabilities identified in
the Adobe Flash Player package of openSUSE Evergreen 11.4. Due to multiple
errors, an attacker could bypass security restrictions, obtain sensitive
information, execute arbitrary code, cause a denial of service condition and
compromise the
system.
URL:lists.opensuse.org/opensuse-security-announce/2015-04/msg00013.html
12.
Security Updates in Red Hat Enterprise
Linux (RHSA-2015:0816-1)
[17/04/2015] Red Hat
has released security update packages for fixing the vulnerabilities identified
in the chromium-browser package for Red Hat Enterprise Linux 6. Due to multiple
errors, an attacker could bypass security restrictions, obtain sensitive
information, gain elevated privileges, execute arbitrary code, cause a denial of
service condition and compromise the
system.
URL:rhn.redhat.com/errata/RHSA-2015-0816.html
13.
Security Updates in Ubuntu GNU/Linux
(USN-2569-2)
[17/04/2015] Ubuntu has
released security update packages for fixing the vulnerability identified in the
apport package for versions 14.04 LTS and 14.10 of Ubuntu GNU/Linux. An attacker
could bypass security restrictions and gain elevated
privileges.
URL:www.ubuntu.com/usn/usn-2569-2/
14.
Information Updates on Microsoft Security
Advisory (2755801)
[16/04/2015] Microsoft
has updated information on the Security Advisory for the Adobe Flash Player in
Internet Explorer on all supported editions of Windows. KB2755801 added the
3049508 update to the Current Update
section.
URL:technet.microsoft.com/en-gb/library/security/2755801
15.
Vulnerabilities in Cisco Products
(cisco-sa-20150415-csd, cisco-sa-20150415-iosxr)
[16/04/2015] Vulnerabilities were identified in the Cisco Secure Desktop,
Cisco IOS XR Software, Cisco TelePresence Collaboration Desk and Room Endpoints,
Cisco Web Security Appliance and Cisco Unified Communications Manager. An
attacker could bypass security restrictions, execute arbitrary code, perform
cross-site scripting and HTML redirection attacks, cause a denial of service
condition and crash the system. These vulnerabilities affect multiple firmware
versions of the mentioned product. Security patches are available to resolve
these
vulnerabilities.
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150415-csd
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150415-iosxr
URL:tools.cisco.com/security/center/viewAlert.x?alertId=38349
URL:tools.cisco.com/security/center/viewAlert.x?alertId=38350
URL:tools.cisco.com/security/center/viewAlert.x?alertId=38351
URL:tools.cisco.com/security/center/viewAlert.x?alertId=38366
URL:exchange.xforce.ibmcloud.com/vulnerabilities/102245
URL:exchange.xforce.ibmcloud.com/vulnerabilities/102246
URL:exchange.xforce.ibmcloud.com/vulnerabilities/102286
URL:exchange.xforce.ibmcloud.com/vulnerabilities/102287
16.
Vulnerabilities in Google
Chrome
[16/04/2015]
Vulnerabilities were identified in the Google
Chrome. An attacker could bypass security restrictions, obtain sensitive
information, execute arbitrary code and cause a denial of service condition.
These vulnerabilities affect versions prior to 42.0.2311.90 of the mentioned
product. Security patches are available to resolve these
vulnerabilities.
URL:googlechromereleases.blogspot.hk/2015/04/stable-channel-update_14.html
URL:www.hkcert.org/my_url/en/alert/15041601
URL:www.us-cert.gov/ncas/current-activity/2015/04/15/Google-Releases-Security-Update-Chrome
17.
Vulnerability in IBM Domino
(1701647)
[16/04/2015]
Vulnerability was identified in the IBM Domino.
An attacker could bypass security restrictions and execute arbitrary code. This
vulnerability affects multiple versions of the mentioned product. Security
patches are available to resolve this
vulnerability.
URL:www.ibm.com/support/docview.wss?uid=swg21701647
18.
Vulnerabilities in Novell iPrint
Appliance (5207250)
[16/04/2015] Vulnerabilities were identified in the Novell iPrint
Appliance 1.1. An attacker could bypass security restriction, gain elevated
privileges, execute arbitrary code, cause a denial of service condition and
crash the system. These vulnerabilities affect multiple versions of the
mentioned product. Security patches are available to resolve these
vulnerabilities.
URL:download.novell.com/Download?buildid=tfzIbipVwOE~
19.
Vulnerabilities in F5 ARX (SOL16442,
SOL16443, SOL16444)
[16/04/2015] Vulnerabilities were identified in the F5 ARX. An attacker
could bypass security restrictions, obtain sensitive information, gain elevated
privileges, cause a denial of service condition and crash the system. These
vulnerabilities affect versions 6.0.0 to 6.4.0 of the mentioned products.
Security patches are available to resolve these
vulnerabilities.
URL:support.f5.com/kb/en-us/solutions/public/16000/400/sol16442.html
URL:support.f5.com/kb/en-us/solutions/public/16000/400/sol16443.html
URL:support.f5.com/kb/en-us/solutions/public/16000/400/sol16444.html
20.
Security Updates in Oracle Linux
(ELSA-2015-0806, ELSA-2015-0807, ELSA-2015-0808,
ELSA-2015-0809)
[16/04/2015] Oracle has
released security update packages for fixing the vulnerabilities identified in
the java-1.7.0-openjdk, java-1.6.0-openjdk and java-1.8.0-openjdk packages for
Oracle Linux 5, 6 and 7. Due to multiple errors, an attacker could bypass
security restrictions, obtain sensitive information, gain elevated privileges,
execute arbitrary code, cause a denial of service condition and compromise the
system.
URL:linux.oracle.com/errata/ELSA-2015-0806.html
URL:linux.oracle.com/errata/ELSA-2015-0807.html
URL:linux.oracle.com/errata/ELSA-2015-0808.html
URL:linux.oracle.com/errata/ELSA-2015-0809.html
21.
Security Updates in Debian
(DSA-3227-1)
[16/04/2015] Debian has
released security update packages for fixing the vulnerability identified in the
movabletype-opensource packages for multiple versions of Debian GNU/Linux. An
attacker could bypass security restrictions, gain elevated privileges and
execute arbitrary
code.
URL:www.debian.org/security/2015/dsa-3227
22.
Security Updates in Mageia
(MGASA-2015-0144, MGASA-2015-0145, MGASA-2015-0146, MGASA-2015-0147,
MGASA-2015-0148, MGASA-2015-0149, MGASA-2015-0150, MGASA-2015-0151,
MGASA-2015-0152, MGASA-2015-0153, MGASA-2015-0154, MGASA-2015-0154,
MGASA-2015-0156, MGASA-2015-0157, MGASA-2015-0158)
[16/04/2015] Mageia has released security update packages for fixing the
vulnerabilities identified in the xterm, socat, glusterfs, librsync, duplicity,
rdiff-backup, quassel, shibboleth-sp, qemu, arj, tor, ntp, asterisk, wesnoth,
flash-player-plugin, mono, python-dulwich and java-1.7.0-openjdk packages for
multiple versions of Mageia. Due to multiple errors, an attacker could bypass
security restrictions, obtain sensitive information, gain elevated privileges,
execute arbitrary code, cause a denial of service condition and compromise the
system.
URL:advisories.mageia.org/MGASA-2015-0144.html
URL:advisories.mageia.org/MGASA-2015-0145.html
URL:advisories.mageia.org/MGASA-2015-0146.html
URL:advisories.mageia.org/MGASA-2015-0147.html
URL:advisories.mageia.org/MGASA-2015-0148.html
URL:advisories.mageia.org/MGASA-2015-0159.html
URL:advisories.mageia.org/MGASA-2015-0150.html
URL:advisories.mageia.org/MGASA-2015-0151.html
URL:advisories.mageia.org/MGASA-2015-0152.html
URL:advisories.mageia.org/MGASA-2015-0153.html
URL:advisories.mageia.org/MGASA-2015-0154.html
URL:advisories.mageia.org/MGASA-2015-0155.html
URL:advisories.mageia.org/MGASA-2015-0156.html
URL:advisories.mageia.org/MGASA-2015-0157.html
URL:advisories.mageia.org/MGASA-2015-0158.html
23.
Security Updates in SUSE
(openSUSE-SU-2015:0718-1, SUSE-SU-2015:0722-1,
SUSE-SU-2015:0723-1)
[16/04/2015] SUSE has
released security update packages for fixing the vulnerabilities identified in
the Adobe Flash Player package of openSUSE 13.1 and 13.2, SUSE Linux Enterprise
11 and 12. Due to multiple errors, an attacker could bypass security
restrictions, obtain sensitive information, execute arbitrary code, cause a
denial of service condition and compromise the
system.
URL:lists.opensuse.org/opensuse-security-announce/2015-04/msg00010.html
URL:lists.opensuse.org/opensuse-security-announce/2015-04/msg00011.html
URL:lists.opensuse.org/opensuse-security-announce/2015-04/msg00012.html
24.
Security Updates in Red Hat Enterprise
Linux (RHSA-2015:0813-1)
[16/04/2015] Red Hat
has released security update packages for fixing the vulnerabilities identified
in the Adobe Flash Player package for Red Hat Enterprise Linux 5 and 6. Due to
multiple errors, an attacker could bypass security restrictions, obtain
sensitive information, gain elevated privileges, execute arbitrary code, cause a
denial of service condition and compromise the
system.
URL:rhn.redhat.com/errata/RHSA-2015-0813.html
25.
Vulnerabilities in Microsoft Products
(3038314, 3048019, 3042553, 3046306, 3052044, 3046269, 3049576, 3046482,
3045711, 3048010, 3047234)
[15/04/2015] Vulnerabilities were identified in the Microsoft Internet
Explorer, Microsoft Office, Microsoft Windows, Microsoft Office server and
productivity software, Microsoft Active Directory Federation Services (AD FS)
and Microsoft .NET Framework. An attacker could bypass security restrictions,
obtain sensitive information, gain elevated privileges, execute arbitrary code
and compromise the system. These vulnerabilities affect multiple versions of the
mentioned products. Security patches are available to resolve these
vulnerabilities.
URL:technet.microsoft.com/library/security/ms15-apr
URL:technet.microsoft.com/en-us/library/security/MS15-032
URL:technet.microsoft.com/en-us/library/security/MS15-033
URL:technet.microsoft.com/en-us/library/security/MS15-034
URL:technet.microsoft.com/en-us/library/security/MS15-035
URL:technet.microsoft.com/en-us/library/security/MS15-036
URL:technet.microsoft.com/en-us/library/security/MS15-037
URL:technet.microsoft.com/en-us/library/security/MS15-038
URL:technet.microsoft.com/en-us/library/security/MS15-039
URL:technet.microsoft.com/en-us/library/security/MS15-040
URL:technet.microsoft.com/en-us/library/security/MS15-041
URL:technet.microsoft.com/en-us/library/security/MS15-042
URL:www.hkcert.org/my_url/en/alert/15041501
URL:www.hkcert.org/my_url/en/alert/15041502
URL:www.hkcert.org/my_url/en/alert/15041503
URL:www.hkcert.org/my_url/en/alert/15041504
URL:www.hkcert.org/my_url/en/alert/15041505
URL:www.hkcert.org/my_url/en/alert/15041506
URL:www.hkcert.org/my_url/en/alert/15041507
URL:www.hkcert.org/my_url/en/alert/15041508
URL:www.hkcert.org/my_url/en/alert/15041509
URL:www.hkcert.org/my_url/en/alert/15041510
URL:www.hkcert.org/my_url/en/alert/15041511
URL:www.us-cert.gov/ncas/current-activity/2015/04/14/Microsoft-Releases-April-2015-Security-Bulletin
26.
Information Updates on Microsoft Security
Advisory (3009008)
[15/04/2015] Microsoft
has updated information on the Security Advisory for the Microsoft Windows.
KB3009008 was revised to announce with the release of security update 3038314 on
April 14, 2015 SSL 3.0 is disabled by default in Internet Explorer 11, and to
add instructions for how to undo the
workarounds.
URL:technet.microsoft.com/en-us/library/security/3009008
27.
Information Updates on Microsoft Security
Advisory (3045755)
[15/04/2015] Microsoft
has published a Security Advisory KB3045755 for Microsoft Windows to improve the
authentication used by the Public Key Cryptography User-to-User (PKU2U) security
support provider (SSP) in Windows 8.1, Windows Server 2012 R2, and Windows RT
8.1.
URL:technet.microsoft.com/en-us/library/security/3045755
28.
Vulnerabilities in Adobe Products
(APSB15-06, APSB15-07, APSB15-08)
[15/04/2015] Vulnerabilities were identified in the Adobe Flash Player,
Adobe ColdFusion and Adobe Flex ASdoc Tool. An attacker could bypass security
restrictions, execute arbitrary code and compromise the system. These
vulnerabilities affect multiple versions of the mentioned product. Security
patches are available to resolve these
vulnerabilities.
URL:helpx.adobe.com/security/products/flex/apsb15-06.html
URL:helpx.adobe.com/security/products/flex/apsb15-07.html
URL:helpx.adobe.com/security/products/flex/apsb15-08.html
URL:www.hkcert.org/my_url/en/alert/15041512
29.
Security Updates in Oracle
Products
[15/04/2015]
Oracle has released security update packages for
fixing the vulnerabilities identified in the Oracle Database Server, Oracle
Fusion Applications and Middleware, Oracle Enterprise Manager Grid Control,
Oracle E-Business Suite, Oracle Supply Chain Products Suite, Oracle PeopleSoft
Products, Oracle JD Edwards Products, Oracle Siebel CRM, Oracle iLearning,
Oracle Communications Applications, Oracle Retail Applications, Oracle Health
Sciences Applications, Oracle Java SE, Oracle and Sun Systems Products, Oracle
Linux and Virtualization, Oracle MySQL and Support Tools. Due to multiple
errors, an attacker could bypass security restrictions, obtain sensitive
information, gain elevated privileges, execute arbitrary code, cause a denial of
service condition and compromise the system. Security patches are available to
resolve these
vulnerabilities.
URL:www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html
30.
Vulnerabilities in Blue Coat Malware
Analysis appliance (VU#274244)
[15/04/2015] Vulnerabilities were identified in the Blue Coat Malware
Analysis appliance. An attacker could bypass security restrictions, obtain
sensitive information, execute arbitrary code and perform cross-site scripting
attacks. These vulnerabilities affect versions prior to 4.2.4.20150312-RELEASE
of the mentioned product. Security patches are available to resolve these
vulnerabilities.
URL:www.kb.cert.org/vuls/id/274244
31.
Vulnerabilities in F5 Products (SOL16416,
SOL16435)
[15/04/2015]
Vulnerabilities were identified in the F5 BIG-IP
LTM, BIG-IP AAM, BIG-IP AFM, BIG-IP Analytics, BIG-IP APM, BIG-IP ASM, BIG-IP
Edge Gateway, BIG-IP GTM, BIG-IP Link Controller, BIG-IP PEM, BIG-IP PSM, BIG-IP
WebAccelerator, BIG-IP WOM, ARX, Enterprise Manager, BIG-IQ Cloud, BIG-IQ
Device, BIG-IQ Security and BIG-IQ-ADC. An attacker could bypass security
restrictions, obtain sensitive information, gain elevated privileges, cause a
denial of service condition and crash the system. These vulnerabilities affect
multiple versions of the mentioned products. Security patches are available to
resolve these
vulnerabilities.
URL:support.f5.com/kb/en-us/solutions/public/16000/400/sol16416
URL:support.f5.com/kb/en-us/solutions/public/16000/400/sol16435
32.
Vulnerabilities in SearchBlox
(VU#697316)
[15/04/2015] Vulnerabilities were identified in the SearchBlox. An
attacker could bypass security restrictions, obtain sensitive information,
execute arbitrary code and perform cross-site scripting attacks. These
vulnerabilities affect versions prior to 8.2 of the mentioned product. Security
patches are available to resolve these
vulnerabilities.
URL:www.kb.cert.org/vuls/id/697316
33.
Security Updates in Red Hat Enterprise
Linux (RHSA-2015:0803-1, RHSA-2015:0806-1, RHSA-2015:0807-1, RHSA-2015:0808-1,
RHSA-2015:0809-1)
[15/04/2015] Red Hat
has released security update packages for fixing the vulnerabilities identified
in the kernel, java-1.7.0-openjdk, java-1.6.0-openjdk and java-1.8.0-openjdk
packages for Red Hat Enterprise Linux 5, 6, and 7. Due to multiple errors, an
attacker could bypass security restrictions, obtain sensitive information, gain
elevated privileges, execute arbitrary code, cause a denial of service condition
and compromise the
system.
URL:rhn.redhat.com/errata/RHSA-2015-0803.html
URL:rhn.redhat.com/errata/RHSA-2015-0806.html
URL:rhn.redhat.com/errata/RHSA-2015-0807.html
URL:rhn.redhat.com/errata/RHSA-2015-0808.html
URL:rhn.redhat.com/errata/RHSA-2015-0809.html
34.
Security Updates in Ubuntu GNU/Linux
(USN-2569-1)
[15/04/2015] Ubuntu has
released security update packages for fixing the vulnerability identified in the
Apport package for versions 14.04 LTS and 14.10 of Ubuntu GNU/Linux. An attacker
could bypass security restrictions and gain elevated
privileges.
URL:www.ubuntu.com/usn/usn-2569-1/
35.
Vulnerability in Microsoft Windows
NTLM
[14/04/2015]
Vulnerability was identified in the Microsoft
Windows NTLM. An attacker could bypass security restrictions and obtain
sensitive information. This vulnerability affects multiple versions of the
mentioned
product.
URL:www.hkcert.org/my_url/en/alert/15041401
URL:www.kb.cert.org/vuls/id/672268
URL:exchange.xforce.ibmcloud.com/vulnerabilities/102206
36.
Vulnerabilities in Cisco Web Security
Appliance
[14/04/2015]
Vulnerabilities were identified in the Cisco Web
Security Appliance (WSA). An attacker could bypass security restrictions, gain
elevated privileges and execute arbitrary code. These vulnerabilities affect
firmware version 8.5 Base of the mentioned product. Security patches are
available to resolve these
vulnerabilities.
URL:tools.cisco.com/security/center/viewAlert.x?alertId=38305
URL:tools.cisco.com/security/center/viewAlert.x?alertId=38306
URL:exchange.xforce.ibmcloud.com/vulnerabilities/102204
URL:exchange.xforce.ibmcloud.com/vulnerabilities/102205
37.
Vulnerability in HP Support Solution
Framework (102203)
[14/04/2015] Vulnerability was identified in the HP Support Solution
Framework. An attacker could bypass security restrictions, obtain sensitive
information and execute arbitrary code. This vulnerability affects version 11.51
of the mentioned product. Security patches are available to resolve this
vulnerability.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/102203
38.
Vulnerability in IBM WebSphere
Application Server (1701503)
[14/04/2015] Vulnerability was identified in the IBM WebSphere Application
Server. An attacker could bypass security restrictions and obtain sensitive
information. This vulnerability affects multiple versions of the mentioned
product. Security patches are available to resolve this
vulnerability.
URL:www.ibm.com/support/docview.wss?uid=swg21701503
39.
Security Updates in Oracle Linux
(ELSA-2015-0800)
[14/04/2015] Oracle has
released security update packages for fixing the vulnerabilities identified in
the openssl package for Oracle Linux 5. Due to multiple errors, an attacker
could bypass security restrictions, obtain sensitive information, gain elevated
privileges, execute arbitrary code, cause a denial of service condition and
crash the
system.
URL:linux.oracle.com/errata/ELSA-2015-0800.html
40.
Security Updates in Debian (DSA-3222-1,
DSA-3223-1, DSA-3224-1)
[14/04/2015] Debian has
released security update packages for fixing the vulnerabilities identified in
the chrony, ntp and libx11 packages for multiple versions of Debian GNU/Linux.
Due to multiple errors, an attacker could bypass security restrictions, obtain
sensitive information, execute arbitrary code, cause a denial of service
condition and crash the
system.
URL:www.debian.org/security/2015/dsa-3222
URL:www.debian.org/security/2015/dsa-3223
URL:www.debian.org/security/2015/dsa-3224
41.
Security Updates in SUSE
(openSUSE-SU-2015:0713-1, openSUSE-SU-2015:0714-1)
[14/04/2015] SUSE has released security update packages for fixing the
vulnerabilities identified in the Linux Kernel package of openSUSE 13.1 and
13.2. Due to multiple errors, an attacker could bypass security restrictions,
obtain sensitive information, execute arbitrary code, cause a denial of service
condition and crash the
system.
URL:lists.opensuse.org/opensuse-security-announce/2015-04/msg00008.html
URL:lists.opensuse.org/opensuse-security-announce/2015-04/msg00009.html
42.
Security Updates in Red Hat Enterprise
Linux (RHSA-2015:0800-1)
[14/04/2015] Red Hat
has released security update packages for fixing the vulnerabilities identified
in the openssl package for Red Hat Enterprise Linux 5. Due to multiple errors,
an attacker could bypass security restrictions, obtain sensitive information,
execute arbitrary code, cause a denial of service condition and crash the
system.
URL:rhn.redhat.com/errata/RHSA-2015-0800.html
43.
Security Updates in Ubuntu GNU/Linux
(USN-2567-1, USN-2568-1)
[14/04/2015] Ubuntu has
released security update packages for fixing the vulnerabilities identified in
the ntp, libx11 and libxrender packages for versions 12.04 LTS, 14.04 LTS and
14.10 of Ubuntu GNU/Linux. Due to multiple errors, an attacker could bypass
security restrictions, obtain sensitive information, execute arbitrary code,
cause a denial of service condition and crash the
system.
URL:www.ubuntu.com/usn/usn-2567-1/
URL:www.ubuntu.com/usn/usn-2568-1/
44.
Vulnerability in Cisco Aggregate Services
Router 9000
[13/04/2015] Vulnerability was identified in the Cisco Aggregate Services
Router 9000. An attacker could bypass security restriction and obtain sensitive
information. This vulnerability affects firmware version 5.3.0 Base of the
mentioned product. Security patches are available to resolve this
vulnerability.
URL:tools.cisco.com/security/center/viewAlert.x?alertId=38292
URL:exchange.xforce.ibmcloud.com/vulnerabilities/102128
45.
Vulnerability in Symantec Workspace
Streaming Agent (SYM15-004)
[13/04/2015] Vulnerability was identified in the Symantec Workspace
Streaming Agent. An attacker could bypass security restrictions and gain
elevated privileges. This vulnerability affects versions prior to SWS 7.5SP1 HF4
and SWS 6.1SP8MP2 HF7 of the mentioned product. Security patches are available
to resolve this
vulnerability.
URL:www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2015&suid=20150410_00
46.
Vulnerability in Mailman
(102109)
[13/04/2015]
Vulnerability was identified in the Mailman. An
attacker could bypass security restrictions and gain elevated privileges. This
vulnerability affects versions prior to 2.1.20 of the mentioned product.
Security patches are available to resolve this
vulnerability.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/102109
47.
Vulnerability in WordPress
(102139)
[13/04/2015]
Vulnerability was identified in the Windows
Desktop and iPhone Photo Uploader plugin for WordPress. An attacker could bypass
security restrictions and execute arbitrary code. This vulnerability affects
version 1.8 of the mentioned
product.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/102139
48.
Security Updates in Oracle Linux
(ELSA-2015-0797)
[13/04/2015] Oracle has
released security update packages for fixing the vulnerability identified in the
xorg-x11-server package for Oracle Linux 6 and 7. An attacker could bypass
security restriction, obtain sensitive information, cause a denial of service
condition and crash the
system.
URL:linux.oracle.com/errata/ELSA-2015-0797.html
49.
Security Updates in Debian (DSA-3218-1,
DSA-3219-1, DSA-3220-1, DSA-3221-1)
[13/04/2015] Debian has
released security update packages for fixing the vulnerability identified in the
wesnoth-1.10, libdbd-firebird-perl, libtasn1-3 and das-watchdog packages for
multiple versions of Debian GNU/Linux. Due to multiple errors, an attacker could
bypass security restrictions, obtain sensitive information, gain elevated
privileges, execute arbitrary code, cause a denial of service condition and
compromise the
system.
URL:www.debian.org/security/2015/dsa-3218
URL:www.debian.org/security/2015/dsa-3219
URL:www.debian.org/security/2015/dsa-3220
URL:www.debian.org/security/2015/dsa-3221
50.
Security Updates in Gentoo Linux (GLSA
201504-02, GLSA 201504-03, GLSA 201504-04, GLSA
201504-05)
[13/04/2015]
Gentoo has released security update packages for
fixing the vulnerabilities identified in the sudo, apache, xen and mysql
packages for multiple versions of Gentoo Linux. Due to multiple errors, an
attacker could bypass security restrictions, obtain sensitive information,
execute arbitrary code, cause a denial of service condition and crash the
system.
URL:security.gentoo.org/glsa/201504-02
URL:security.gentoo.org/glsa/201504-03
URL:security.gentoo.org/glsa/201504-04
URL:security.gentoo.org/glsa/201504-05
51.
Security Updates in Mandriva
(MDVSA-2015:199, MDVSA-2015:200, MDVSA-2015:201, MDVSA-2015:202,
MDVSA-2015:203)
[13/04/2015] Mandriva
has released security update packages for fixing the vulnerabilities identified
in the less, mediawiki, arj, ntp and batik packages for versions MBS1 and MBS2
of Mandriva GNU/Linux. Due to multiple errors, an attacker could bypass security
restrictions, obtain sensitive information, gain elevated privileges, execute
arbitrary code, perform man-in-the-middle attackers, cause a denial of service
condition and compromise the
system.
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2015%3A199/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2015%3A200/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2015%3A201/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2015%3A202/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2015%3A203/
52.
Security Updates in SUSE
(SUSE-SU-2015:0702-1, SUSE-SU-2015:0704-1,
SUSE-SU-2015:0704-2)
[13/04/2015] SUSE has
released security update packages for fixing the vulnerabilities identified in
the libXfont and MozillaFirefox packages of SUSE Linux Enterprise 12. Due to
multiple errors, an attacker could bypass security restrictions, obtain
sensitive information, gain elevated privileges, execute arbitrary code, cause a
denial of service condition and compromise the
system.
URL:lists.opensuse.org/opensuse-security-announce/2015-04/msg00005.html
URL:lists.opensuse.org/opensuse-security-announce/2015-04/msg00006.html
URL:lists.opensuse.org/opensuse-security-announce/2015-04/msg00007.html
53.
Security Updates in Red Hat Enterprise
Linux (RHSA-2015:0797-1)
[13/04/2015] Red Hat
has released security update packages for fixing the vulnerability identified in
the xorg-x11-server package for Red Hat Enterprise Linux 6 and 7. An attacker
could bypass security restriction, obtain sensitive information, cause a denial
of service condition and crash the
system.
URL:rhn.redhat.com/errata/RHSA-2015-0797.html
Malware Alert
The Simda
botnet is a network of computers infected with self-propagating malware, which
has compromised more than 770,000 computers worldwide since 2009. This malware
may re-route a user's Internet traffic to websites under criminal control or can
be used to install additional malware.
A system infected
with Simda may allow cyber criminals to harvest user credentials, including
banking information; install additional malware; or cause other malicious
attacks. The breadth of infected systems allows Simda operators flexibility to
load custom features tailored to individual targets.
This malware runs
on Microsoft Windows. Malware signatures and removal procedures are available
from most anti-virus vendors. For more information about this malware, please
refer to the following link:
URL:www.us-cert.gov/ncas/alerts/TA15-105AURL:www.cyberdefense.jp/simda/URL:www.interpol.int/en/News-and-media/News/2015/N2015-038URL:blogs.technet.com/b/mmpc/archive/2015/04/12/microsoft-partners-with-interpol-industry-to-disrupt-global-malware-attack-affecting-more-than-770-000-pcs-in-past-six-months-39-simda-at-39-designed-to-divert-internet-traffic-to-disseminate-other-types-of-malware.aspxURL:blog.trendmicro.com/trendlabs-security-intelligence/simda-a-botnet-takedown/URL:securelist.com/blog/69580/simdas-hide-and-seek-grown-up-games/URL:www.symantec.com/connect/blogs/simda-botnet-hit-interpol-takedown
No comments:
Post a Comment