Tuesday, April 7, 2015

IT Security Alerts Weekly Digest (29 Mar ~ 4 Apr 2015)

1. Vulnerabilities in Cisco Products (cisco-sa-20150401-cuc, cisco-sa-20150401-dcnm)
[02/04/2015] Vulnerabilities were identified in Cisco Unity Connection and Cisco Prime Data Center Network Manager (DCNM). An attacker could bypass security restriction, obtain sensitive information, execute arbitrary code, cause a denial of service condition and crash the system. These vulnerabilities affect multiple firmware versions of the mentioned products. Security patches are available for Firefox and Firefox ESR to resolve these vulnerabilities.

URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150401-cuc
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150401-dcnm
2. Vulnerabilities in Google Chrome
[02/04/2015] Vulnerabilities were identified in the Google Chrome. An attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code and cause a denial of service condition. These vulnerabilities affect versions prior to 41.0.2272.118 of the mentioned product. Security patches are available to resolve these vulnerabilities.

URL:googlechromereleases.blogspot.hk/2015/04/stable-channel-update.html
URL:www.hkcert.org/my_url/en/alert/15040201
URL:www.us-cert.gov/ncas/current-activity/2015/04/01/Google-Releases-Security-Update-Chrome
3. Vulnerabilities in Novell iPrint Appliance (5206010)
[02/04/2015] Vulnerabilities were identified in the Novell iPrint Appliance. An attacker could bypass security restrictions, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the system. These vulnerabilities affect version 1.1 of the mentioned product. Security patches are available to resolve these vulnerabilities.

URL:download.novell.com/Download?buildid=DyfzmiXp4gY~
4. Vulnerability in F5 Products (SOL16342)
[02/04/2015] Vulnerability was identified in the F5 BIG-IP LTM, BIG-IP APM, BIG-IP ASM, BIG-IP Edge Gateway, BIG-IP GTM, BIG-IP Link Controller, BIG-IP PSM, BIG-IP WebAccelerator, BIG-IP WOM and ARX. An attacker could bypass security restrictions, cause a denial of service condition and crash the system. This vulnerability affects multiple versions of the mentioned products. Security patches are available to resolve this vulnerability.

URL:support.f5.com/kb/en-us/solutions/public/16000/300/sol16342
5. Security Updates in Oracle Linux (ELSA-2015-0771)
[02/04/2015] Oracle has released security update packages for fixing the vulnerabilities identified in the thunderbird package for Oracle Linux 5, 6 and 7. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the system.

URL:linux.oracle.com/errata/ELSA-2015-0771.html
6. Security Updates in Debian (DSA-3210-1, DSA-3211-1)
[02/04/2015] Debian has released security update packages for fixing the vulnerabilities identified in the wireshark and iceweasel packages for multiple versions of Debian GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, execute arbitrary code, cause a denial of service condition and crash the system.

URL:www.debian.org/security/2015/dsa-3210
URL:www.debian.org/security/2015/dsa-3211
7. Security Updates in Mandriva (MDVSA-2015:125, MDVSA-2015:126, MDVSA-2015:127, MDVSA-2015:128, MDVSA-2015:129, MDVSA-2015:130 MDVSA-2015:131, MDVSA-2015:132, MDVSA-2015:133, MDVSA-2015:134, MDVSA-2015:135, MDVSA-2015:136, MDVSA-2015:137, MDVSA-2015:138, MDVSA-2015:139, MDVSA-2015:140, MDVSA-2015:141, MDVSA-2015:142, MDVSA-2015:143, MDVSA-2015:144, MDVSA-2015:145-1)
[02/04/2015] Mandriva has released security update packages for fixing the vulnerabilities identified in the tcpdump, sudo, serf, sendmail, ruby, rsyslog, rsync, readline, python-requests, pulseaudio, ppp, perl, pcre, patch, openvpn, ntp, not-yet-commons-ssl, nodejs, mpfr, lua and libxfont packages for versions MBS1 and MBS2 of Mandriva GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.

URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2015%3A125/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2015%3A126/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2015%3A127/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2015%3A128/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2015%3A129/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2015%3A130/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2015%3A131/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2015%3A132/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2015%3A133/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2015%3A134/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2015%3A135/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2015%3A136/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2015%3A137/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2015%3A138/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2015%3A139/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2015%3A140/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2015%3A141/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2015%3A142/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2015%3A143/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2015%3A144/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2015%3A145-1/
8. Security Updates in Mageia (MGASA-2015-0122, MGASA-2015-0123, MGASA-2015-0124, MGASA-2015-0125)
[02/04/2015] Mageia has released security update packages for fixing the vulnerabilities identified in the python-rope, chromium-browser-stable, tor and owncloud packages for multiple versions of Mageia. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, perform code injection and cross-site scripting attacks, cause a denial of service condition and crash the system.

URL:advisories.mageia.org/MGASA-2015-0122.html
URL:advisories.mageia.org/MGASA-2015-0123.html
URL:advisories.mageia.org/MGASA-2015-0124.html
URL:advisories.mageia.org/MGASA-2015-0125.html
9. Security Updates in Red Hat Enterprise Linux (RHSA-2015:0771-1)
[02/04/2015] Red Hat has released security update packages for fixing the vulnerabilities identified in the thunderbird package for Red Hat Enterprise Linux 5, 6 and 7. Due to multiple errors, an attacker could bypass security restriction, obtain sensitive information, gain elevated privileges, execute arbitrary code and cause a denial of service condition.

URL:rhn.redhat.com/errata/RHSA-2015-0771.html
10. Security Updates in Ubuntu GNU/Linux (USN-2550-1, USN-2553-2, USN-2554-1, USN-2555-1)
[02/04/2015] Ubuntu has released security update packages for fixing the vulnerabilities identified in the firefox, tiff, gnupg, gnupg2, libgcrypt11 and libgcrypt20 packages for versions 10.04 LTS, 12.04 LTS, 14.04 LTS and 14.10 of Ubuntu GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the system.

URL:www.ubuntu.com/usn/usn-2550-1/
URL:www.ubuntu.com/usn/usn-2553-2/
URL:www.ubuntu.com/usn/usn-2554-1/
URL:www.ubuntu.com/usn/usn-2555-1/
11. Vulnerabilities in Mozilla Products (MFSA 2015-30, MFSA 2015-31, MFSA 2015-32, MFSA 2015-33, MFSA 2015-34, MFSA 2015-35, MFSA 2015-36, MFSA 2015-37, MFSA 2015-38, MFSA 2015-39, MFSA 2015-40, MFSA 2015-41, MFSA 2015-42)
[01/04/2015] Vulnerabilities were identified in Mozilla Firefox, Firefox ESR and Thunderbird. An attacker could bypass security restriction, obtain sensitive information, gain elevated privileges, execute arbitrary code and cause a denial of service condition. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available for Firefox and Firefox ESR to resolve these vulnerabilities.

URL:www.mozilla.org/en-US/security/advisories/mfsa2015-30/
URL:www.mozilla.org/en-US/security/advisories/mfsa2015-31/
URL:www.mozilla.org/en-US/security/advisories/mfsa2015-32/
URL:www.mozilla.org/en-US/security/advisories/mfsa2015-33/
URL:www.mozilla.org/en-US/security/advisories/mfsa2015-34/
URL:www.mozilla.org/en-US/security/advisories/mfsa2015-35/
URL:www.mozilla.org/en-US/security/advisories/mfsa2015-36/
URL:www.mozilla.org/en-US/security/advisories/mfsa2015-37/
URL:www.mozilla.org/en-US/security/advisories/mfsa2015-38/
URL:www.mozilla.org/en-US/security/advisories/mfsa2015-39/
URL:www.mozilla.org/en-US/security/advisories/mfsa2015-40/
URL:www.mozilla.org/en-US/security/advisories/mfsa2015-41/
URL:www.mozilla.org/en-US/security/advisories/mfsa2015-42/
URL:www.mozilla.org/en-US/security/known-vulnerabilities/firefox/
URL:www.mozilla.org/en-US/security/known-vulnerabilities/firefox-esr/
URL:www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/
URL:www.hkcert.org/my_url/en/alert/15040101
URL:www.us-cert.gov/ncas/current-activity/2015/03/31/Mozilla-Releases-Security-Updates-Firefox-Firefox-ESR-and
12. Vulnerability in Apache Roller (101909)
[01/04/2015] Vulnerability was identified in the Apache Roller. An attacker could bypass security restrictions, gain elevated privileges and execute arbitrary code. This vulnerability affects versions prior to 5.1.2 of the mentioned product. Security patches are available to resolve this vulnerability.

URL:exchange.xforce.ibmcloud.com/#/vulnerabilities/101909
13. Vulnerability in Multicast DNS (VU#550620)
[01/04/2015] Vulnerability was identified in the Multicast DNS (mDNS). An attacker could bypass security restrictions, obtain sensitive information and cause a denial of service condition. This vulnerability affects multiple implementations of the mentioned protocol.

URL:www.kb.cert.org/vuls/id/550620
14. Vulnerability in NVIDIA Display Driver
[01/04/2015] Vulnerability was identified in the NVIDIA Display Driver. An attacker could bypass security restriction, gain elevated privileges and compromise the system. This vulnerability affects version R304 309 of the mentioned product. Security patches are available to resolve this vulnerability.

URL:nvidia.custhelp.com/app/answers/detail/a_id/3634
URL:exchange.xforce.ibmcloud.com/#/vulnerabilities/101911
15. Vulnerability in GNU Libtasn1
[01/04/2015] Vulnerability was identified in the GNU Libtasn1. An attacker could bypass security restrictions, execute arbitrary code, cause a denial of service condition and crash the system. This vulnerability affects versions prior to 4.4 of the mentioned product. Security patches are available to resolve this vulnerability.

URL:lists.gnu.org/archive/html/help-libtasn1/2015-03/msg00002.html
URL:exchange.xforce.ibmcloud.com/#/vulnerabilities/101894
16. Security Updates in Oracle Linux (ELSA-2015-0766, ELSA-2015-0767, ELSA-2015-3019, ELSA-2015-3020, ELSA-2015-3021)
[01/04/2015] Oracle has released security update packages for fixing the vulnerabilities identified in the firefox, flac and kernel packages for Oracle Linux 6 and 7. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.

URL:linux.oracle.com/errata/ELSA-2015-0766.html
URL:linux.oracle.com/errata/ELSA-2015-0767.html
URL:linux.oracle.com/errata/ELSA-2015-3019.html
URL:linux.oracle.com/errata/ELSA-2015-3020.html
URL:linux.oracle.com/errata/ELSA-2015-3021.html
17. Security Updates in Mandriva (MDVSA-2015:105, MDVSA-2015:106, MDVSA-2015:107, MDVSA-2015:108, MDVSA-2015:109, MDVSA-2015:110 MDVSA-2015:111, MDVSA-2015:112, MDVSA-2015:113, MDVSA-2015:114, MDVSA-2015:115, MDVSA-2015:116, MDVSA-2015:117, MDVSA-2015:118, MDVSA-2015:119, MDVSA-2015:120, MDVSA-2015:121, MDVSA-2015:122, MDVSA-2015:123, MDVSA-2015:124)
[01/04/2015] Mandriva has released security update packages for fixing the vulnerabilities identified in the imagemagick, apache-mod_security, lcms2, cups, python-django, postgresql, libxml2, python-lxml, dovecot, cifs-utils, libvirt, libtasn1, emacs, xlockmore, x11-server, wpa_supplicant, wget, util-linux, unzip and torque packages for versions MBS1 and MBS2 of Mandriva GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.

URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2015%3A105/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2015%3A106/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2015%3A107/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2015%3A108/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2015%3A109/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2015%3A110/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2015%3A111/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2015%3A112/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2015%3A113/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2015%3A114/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2015%3A115/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2015%3A116/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2015%3A117/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2015%3A118/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2015%3A119/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2015%3A120/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2015%3A121/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2015%3A122/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2015%3A123/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2015%3A124/
18. Security Updates in Red Hat Enterprise Linux (RHSA-2015:0766-1, RHSA-2015:0767-1)
[01/04/2015] Red Hat has released security update packages for fixing the vulnerabilities identified in the firefox and flac packages for Red Hat Enterprise Linux 5, 6 and 7. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.

URL:rhn.redhat.com/errata/RHSA-2015-0766.html
URL:rhn.redhat.com/errata/RHSA-2015-0767.html
19. Security Updates in SUSE (openSUSE-SU-2015:0636-1)
[01/04/2015] SUSE has released security update packages for fixing the vulnerabilities identified in the SeaMonkey package of openSUSE 13.1 and 13.2. Due to multiple errors, an attacker could bypass security restrictions, gain elevated privileges and execute arbitrary code.

URL:lists.opensuse.org/opensuse-security-announce/2015-03/msg00036.html
20. Security Updates in Ubuntu GNU/Linux (USN-2553-1)
[01/04/2015] Ubuntu has released security update packages for fixing the vulnerabilities identified in the LibTIFF package for versions 10.04 LTS, 12.04 LTS, 14.04 LTS and 14.10 of Ubuntu GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the system.

URL:www.ubuntu.com/usn/usn-2553-1/
21. Vulnerability in Cisco Unified Communications Manager
[31/03/2015] Vulnerability was identified in the Cisco Unified Communications Manager. An attacker could bypass security restriction and obtain sensitive information. This vulnerability affects version 9.1(2.10000.28) Base of the mentioned product. Security patches are available to resolve this vulnerability.

URL:tools.cisco.com/security/center/viewAlert.x?alertId=38079
URL:exchange.xforce.ibmcloud.com/#/vulnerabilities/101885
22. Vulnerabilities in IBM Products (1697284, 1700029)
[31/03/2015] Vulnerabilities were identified in the IBM WebSphere Application Server and IBM Domino. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.

URL:www.ibm.com/support/docview.wss?uid=swg21697284
URL:www.ibm.com/support/docview.wss?uid=swg21700029
23. Vulnerabilities in F5 Products (SOL16317, SOL16319, SOL16320, SOL16323)
[31/03/2015] Vulnerabilities were identified in the F5 BIG-IP LTM, BIG-IP AAM, BIG-IP AFM, BIG-IP Analytics, BIG-IP APM, BIG-IP ASM, BIG-IP Edge Gateway, BIG-IP GTM, BIG-IP Link Controller, BIG-IP PEM, BIG-IP PSM, BIG-IP WebAccelerator, BIG-IP WOM and ARX. An attacker could bypass security restrictions, cause a denial of service condition and crash the system.. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.

URL:support.f5.com/kb/en-us/solutions/public/16000/300/sol16317.html
URL:support.f5.com/kb/en-us/solutions/public/16000/300/sol16319.html
URL:support.f5.com/kb/en-us/solutions/public/16000/300/sol16320.html
URL:support.f5.com/kb/en-us/solutions/public/16000/300/sol16323.html
24. Vulnerability in ManageEngine Desktop Central (101866)
[31/03/2015] Vulnerability was identified in the ManageEngine Desktop Central. An attacker could bypass security restriction and reset the admin passwords. This vulnerability affects versions prior to Build 90135 of the mentioned product. Security patches are available to resolve this vulnerability.

URL:exchange.xforce.ibmcloud.com/#/vulnerabilities/101866
25. Security Updates in Oracle Linux (ELSA-2015-0749, ELSA-2015-0750)
[31/03/2015] Oracle has released security update packages for fixing the vulnerabilities identified in the libxml2 and postgresql packages for Oracle Linux 6 and 7. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the system.

URL:linux.oracle.com/errata/ELSA-2015-0749.html
URL:linux.oracle.com/errata/ELSA-2015-0750.html
26. Security Updates in Debian (DSA-3209-1)
[31/03/2015] Debian has released security update packages for fixing the vulnerabilities identified in the openldap package for multiple versions of Debian GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the system.

URL:www.debian.org/security/2015/dsa-3209
27. Security Updates in Mandriva (MDVSA-2015:084, MDVSA-2015:085, MDVSA-2015:086, MDVSA-2015:087, MDVSA-2015:088, MDVSA-2015:089, MDVSA-2015:090, MDVSA-2015:091, MDVSA-2015:092, MDVSA-2015:093, MDVSA-2015:094, MDVSA-2015:095, MDVSA-2015:096, MDVSA-2015:097, MDVSA-2015:098, MDVSA-2015:099, MDVSA-2015:100, MDVSA-2015:101, MDVSA-2015:102, MDVSA-2015:103, MDVSA-2015:104)
[31/03/2015] Mandriva has released security update packages for fixing the vulnerabilities identified in the tomcat, subversion, libssh, egroupware, udisks2, freetype2, libpng, mariadb, net-snmp, apache, nginx, openssh, stunnel, php-ZendFramework, curl, python-pillow, cups-filters, jbigkit, json-c, squid and elfutils packages for versions MBS1 and MBS2 of Mandriva GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.

URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2015%3A084/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2015%3A085/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2015%3A086/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2015%3A087/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2015%3A088/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2015%3A089/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2015%3A090/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2015%3A091/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2015%3A092/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2015%3A093/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2015%3A094/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2015%3A095/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2015%3A096/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2015%3A097/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2015%3A098/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2015%3A099/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2015%3A100/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2015%3A101/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2015%3A102/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2015%3A103/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2015%3A104/
28. Security Updates in Red Hat Enterprise Linux (RHSA-2015:0749-1, RHSA-2015:0750-1, RHSA-2015:0751-1, RHSA-2015:0752-1)
[31/03/2015] Red Hat has released security update packages for fixing the vulnerabilities identified in the libxml2 and postgresql packages for Red Hat Enterprise Linux 6 and 7, kernel-rt package for Red Hat Enterprise MRG 2.5, and openssl package for Red Hat Storage 2.1. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, perform XML External Entity attacks, cause a denial of service condition and compromise the system.

URL:rhn.redhat.com/errata/RHSA-2015-0749.html
URL:rhn.redhat.com/errata/RHSA-2015-0750.html
URL:rhn.redhat.com/errata/RHSA-2015-0751.html
URL:rhn.redhat.com/errata/RHSA-2015-0752.html
29. Security Updates in SUSE (SUSE-SU-2015:0630-1)
[31/03/2015] SUSE has released security update packages for fixing the vulnerabilities identified in the MozillaFirefox packages of SUSE Linux Enterprise 12. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code and compromise the system.

URL:lists.opensuse.org/opensuse-security-announce/2015-03/msg00035.html
30. Security Updates in Ubuntu GNU/Linux (USN-2551-1)
[31/03/2015] Ubuntu has released security update packages for fixing the vulnerability identified in the jakarta-taglibs-standard package for versions 14.04 LTS and 14.10 of Ubuntu GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, execute arbitrary code and perform external XML entity attacks.

URL:www.ubuntu.com/usn/usn-2551-1/
31. Vulnerability in Cisco NX-OS Software
[30/03/2015] Vulnerability was identified in the Cisco NX-OS Software. An attacker could bypass security restriction, execute arbitrary code, perform code injection attacks and compromise the system. This vulnerability affects multiple versions of the mentioned product. Security patches are available to resolve this vulnerability.

URL:tools.cisco.com/security/center/viewAlert.x?alertId=38062
URL:exchange.xforce.ibmcloud.com/#/vulnerabilities/101852
32. Vulnerability in SSL Certificate Authorities (VU#591120)
[30/03/2015] Vulnerability was identified in multiple SSL Certificate Authorities. An attacker could bypass security restrictions, obtain sensitive information and perform HTTPS spoofing attacks. This vulnerability affects multiple versions of the mentioned products.

URL:www.kb.cert.org/vuls/id/591120
33. Vulnerability in RC4 Algorithm (101851)
[30/03/2015] Vulnerability was identified in the RC4 algorithm used in the TLS protocol and SSL protocol. An attacker could obtain sensitive information. This vulnerability affects version 1.2 of the mentioned product.

URL:exchange.xforce.ibmcloud.com/#/vulnerabilities/101851
34. Security Updates in Debian (DSA-3205-1, DSA-3206-1, DSA-3207-1, DSA-3208-1)
[30/03/2015] Debian has released security update packages for fixing the vulnerabilities identified in the batik, dulwich, shibboleth-sp2 and freexl packages for multiple versions of Debian GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the system.

URL:www.debian.org/security/2015/dsa-3205
URL:www.debian.org/security/2015/dsa-3206
URL:www.debian.org/security/2015/dsa-3207
URL:www.debian.org/security/2015/dsa-3208
35. Security Updates in Gentoo Linux (GLSA 201503-13)
[30/03/2015] Gentoo has released security update packages for fixing the vulnerabilities identified in the busybox package for multiple versions of Gentoo Linux. Due to multiple errors, an attacker could bypass security restrictions, execute arbitrary code, cause a denial of service condition and crash the system.

URL:security.gentoo.org/glsa/201503-13
36. Security Updates in Mageia (MGASA-2015-0116, MGASA-2015-0117, MGASA-2015-0118, MGASA-2015-0119, MGASA-2015-0120, MGASA-2015-0121)
[30/03/2015] Mageia has released security update packages for fixing the vulnerabilities identified in the setup, wireshark, dokuwiki, krb5, python-requests and drupal packages for multiple versions of Mageia. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, perform code injection and cross-site scripting attacks, cause a denial of service condition and crash the system.

URL:advisories.mageia.org/MGASA-2015-0116.html
URL:advisories.mageia.org/MGASA-2015-0117.html
URL:advisories.mageia.org/MGASA-2015-0118.html
URL:advisories.mageia.org/MGASA-2015-0119.html
URL:advisories.mageia.org/MGASA-2015-0120.html
URL:advisories.mageia.org/MGASA-2015-0121.html
37. Security Updates in Mandriva (MDVSA-2015:062, MDVSA-2015:063, MDVSA-2015:064, MDVSA-2015:065, MDVSA-2015:066, MDVSA-2015:067, MDVSA-2015:068, MDVSA-2015:069, MDVSA-2015:070, MDVSA-2015:071, MDVSA-2015:072, MDVSA-2015:073, MDVSA-2015:074, MDVSA-2015:075, MDVSA-2015:076, MDVSA-2015:077, MDVSA-2015:078, MDVSA-2015:079, MDVSA-2015:080, MDVSA-2015:081, MDVSA-2015:082, MDVSA-2015:083)
[30/03/2015] Mandriva has released security update packages for fixing the vulnerabilities identified in the openssl, cabextract, cpio, e2fsprogs, krb5, libvirt, libpng12, gnutls, openldap, python, python3, python-numpy, mutt, php, samba and samba4 packages for versions MBS1 and MBS2 of Mandriva GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.

URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2015%3A062/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2015%3A063/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2015%3A064/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2015%3A065/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2015%3A066/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2015%3A067/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2015%3A068/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2015%3A069/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2015%3A070/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2015%3A071/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2015%3A072/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2015%3A073/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2015%3A074/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2015%3A075/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2015%3A076/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2015%3A077/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2015%3A078/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2015%3A079/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2015%3A080/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2015%3A081/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2015%3A082/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2015%3A083/
38. Security Updates in SUSE (SUSE-SU-2015:0613-1, openSUSE-SU-2015:0614-1, SUSE-SU-2015:0620-1, SUSE-SU-2015:0593-2)
[30/03/2015] SUSE has released security update packages for fixing the vulnerabilities identified in the Xen, MySQL and MozillaFirefox packages of SUSE Linux Enterprise 10, 11 and 12, libXfont packages of openSUSE 13.1 and 13.2. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.

URL:lists.opensuse.org/opensuse-security-announce/2015-03/msg00031.html
URL:lists.opensuse.org/opensuse-security-announce/2015-03/msg00032.html
URL:lists.opensuse.org/opensuse-security-announce/2015-03/msg00033.html
URL:lists.opensuse.org/opensuse-security-announce/2015-03/msg00034.html
39. Security Updates in Ubuntu GNU/Linux (USN-2541-1, USN-2542-1, USN-2543-1, USN-2544-1, USN-2545-1, USN-2546-1, USN-2547-1, USN-2548-1, USN-2549-1)
[30/03/2015] Ubuntu has released security update packages for fixing the vulnerabilities identified in the linux, linux-ti-omap4, linux-lts-trusty, linux-lts-utopic, mono, batik and libarchive packages for versions 10.04 LTS, 12.04 LTS, 14.04 LTS and 14.10 of Ubuntu GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.

URL:www.ubuntu.com/usn/usn-2541-1/
URL:www.ubuntu.com/usn/usn-2542-1/
URL:www.ubuntu.com/usn/usn-2543-1/
URL:www.ubuntu.com/usn/usn-2544-1/
URL:www.ubuntu.com/usn/usn-2545-1/
URL:www.ubuntu.com/usn/usn-2546-1/
URL:www.ubuntu.com/usn/usn-2547-1/
URL:www.ubuntu.com/usn/usn-2548-1/
URL:www.ubuntu.com/usn/usn-2549-1/
Posted by at
Labels: , , , , , , , , , , , , , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)