1. Vulnerability
in Apache Cordova (103448)
[29/05/2015] Vulnerability was identified in the Apache Cordova. An
attacker could bypass security restrictions, execute arbitrary code and perform
code injection attacks, cause a denial of service condition and crash the
system. This vulnerability affects versions prior to 4.0.2 of the mentioned
product. Security patches are available to resolve this
vulnerability.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103448
2. Vulnerability in HP Products
(103453)
[29/05/2015]
Vulnerability was identified in the HP ThinPro
Linux and HP Smart Zero Core running HP Easy Setup Wizard. An attacker could
bypass security restrictions and gain elevated privileges. This vulnerability
affects multiple versions of the mentioned products. Security patches are
available to resolve this
vulnerability.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103453
3. Vulnerability in SAP HANA
(103456)
[29/05/2015]
Vulnerability was identified in the SAP HANA. An
attacker could bypass security restrictions and obtain sensitive information.
This vulnerability affects version 1.00.73.00.389160 of the mentioned product.
Security patches are available to resolve this
vulnerability.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103456
4. Security Updates in Debian
(DSA-3274-1)
[29/05/2015] Debian has
released security update packages for fixing the vulnerability identified in the
virtualbox package for multiple versions of Debian GNU/Linux. An attacker could
bypass security restrictions and gain elevated
privileges.
URL:www.debian.org/security/2015/dsa-3274
5. Security Updates in SUSE
(SUSE-SU-2015:0960-1)
[29/05/2015] SUSE has
released security update packages for fixing the vulnerabilities identified in
the MozillaFirefox packages of SUSE Linux Enterprise 12. Due to multiple errors,
an attacker could bypass security restrictions, execute arbitrary code, cause a
denial of service condition and crash the
system.
URL:lists.opensuse.org/opensuse-security-announce/2015-05/msg00054.html
6. Vulnerability in Apache Sling
(103417)
[28/05/2015]
Vulnerability was identified in the Apache
Sling. An attacker could bypass security restrictions, obtain sensitive
information, execute arbitrary code and perform cross-site scripting attacks.
This vulnerability affects multiple versions of the mentioned product. Security
patches are available to resolve this
vulnerability.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103417
7. Vulnerabilities in Apple Products
(HT202681)
[28/05/2015]
Vulnerabilities were identified in Adobe Flash
Player plug-in of Apple Safari and Apple iOS. An attacker could bypass security
restrictions, obtain sensitive information, execute arbitrary code, cause a
denial of service condition and compromise the system. These vulnerabilities
affect multiple versions of the mentioned products. Apple has confirmed the
vulnerability in Adobe Flash Player plug-in of Safari and released a security
patch for
it.
URL:support.apple.com/en-us/HT202681
URL:www.hkcert.org/my_url/en/alert/15052801
8. Vulnerabilities in Cisco
Products
[28/05/2015]
Vulnerabilities were identified in the Cisco
Telepresence Video Communication Server, Cisco Unified Email Interaction Manager
(EIM), Cisco Unified Web Interaction Manager (WIM), Cisco Finesse, Cisco
Identity Services Engine and Cisco Wireless LAN Controller. An attacker could
bypass security restrictions, obtain sensitive information, gain elevated
privileges, execute arbitrary code, perform cross-site scripting and code
injection attacks, cause a denial of service condition and crash the system.
These vulnerabilities affect multiple firmware versions of the mentioned
products. Security patches are available to resolve these vulnerabilities except
the Cisco Telepresence Video Communication Server and Cisco
Finesse.
URL:tools.cisco.com/security/center/viewAlert.x?alertId=39012
URL:tools.cisco.com/security/center/viewAlert.x?alertId=39013
URL:tools.cisco.com/security/center/viewAlert.x?alertId=39015
URL:tools.cisco.com/security/center/viewAlert.x?alertId=39018
URL:tools.cisco.com/security/center/viewAlert.x?alertId=39041
URL:tools.cisco.com/security/center/viewAlert.x?alertId=39042
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103420
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103421
9. Vulnerability in SolarWinds Network Performance
Monitor (103406)
[28/05/2015] Vulnerability was identified in the SolarWinds Network
Performance Monitor. An attacker could bypass security restrictions and perform
phishing attacks. This vulnerability affects version 11.5 of the mentioned
product.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103406
10.
Security Updates in Mageia
(MGASA-2015-0237, MGASA-2015-0238, MGASA-2015-0239)
[28/05/2015] Mageia has released security update packages for fixing the
vulnerabilities identified in the kernel-linus, kernel-tmb and fuse packages for
multiple versions of Mageia. Due to multiple errors, an attacker could bypass
security restrictions, gain elevated privileges, cause a denial of service
condition and crash the
system.
URL:advisories.mageia.org/MGASA-2015-0237.html
URL:advisories.mageia.org/MGASA-2015-0238.html
URL:advisories.mageia.org/MGASA-2015-0239.html
11.
Security Updates in Red Hat Enterprise
Linux (RHSA-2015:1030-1, RHSA-2015:1031-1)
[28/05/2015] Red Hat
has released security update packages for fixing the vulnerabilities identified
in the kernel and qemu-kvm packages for Red Hat Enterprise Linux 6. Due to
multiple errors, an attacker could bypass security restrictions, gain elevated
privileges, execute arbitrary code, cause a denial of service condition and
crash the
system.
URL:rhn.redhat.com/errata/RHSA-2015-1030.html
URL:rhn.redhat.com/errata/RHSA-2015-1031.html
12.
Security Updates in Ubuntu GNU/Linux
(USN-2617-3)
[28/05/2015] Ubuntu has
released security update packages for fixing the vulnerability identified in the
ntfs-3g package for version 15.04 of Ubuntu GNU/Linux. An attacker could bypass
security restrictions and gain elevated
privileges.
URL:www.ubuntu.com/usn/usn-2617-3/
13.
Vulnerabilities in Apache Products
(103332, 103333)
[27/05/2015] Vulnerabilities were identified in the Apache HBase and
Apache Hive. An attacker could bypass security restrictions, obtain sensitive
information, execute arbitrary code, cause a denial of service condition and
crash the system. These vulnerabilities affect multiple versions of the
mentioned products. Security patches are available to resolve these
vulnerabilities.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103332
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103333
14.
Vulnerability in Cisco IP Phone
7861
[27/05/2015]
Vulnerability was identified in the Cisco IP
Phone 7861. An attacker could bypass security restrictions, cause a denial of
service condition and crash the system. This vulnerability affects multiple
firmware versions of the mentioned product. Security patches are available to
resolve this
vulnerability.
URL:tools.cisco.com/security/center/viewAlert.x?alertId=39011
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103336
15.
Vulnerability in HP SiteScope
(c04688784)
[27/05/2015] Vulnerability was identified in the HP SiteScope. An attacker
could bypass security restrictions and gain elevated privileges. This
vulnerability affects multiple versions of the mentioned product. Security
patches are available to resolve this
vulnerability.
URL:h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04688784
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103334
16.
Vulnerability in F5 ARX
(SOL16686)
[27/05/2015]
Vulnerability was identified in the F5 ARX. An
attacker could bypass security restrictions, cause a denial of service condition
and crash the system. This vulnerability affects versions 6.0.0 - 6.4.0 of the
mentioned product. Security patches are available to resolve this
vulnerability.
URL:support.f5.com/kb/en-us/solutions/public/16000/600/sol16686.html
17.
Vulnerability in Synology Cloud Station
sync client for OS X (VU#551972)
[27/05/2015] Vulnerability was identified in the Synology Cloud Station
sync client for OS X. An attacker could bypass security restrictions and gain
elevated privileges. This vulnerability affects versions prior to 3.2-3475 of
the mentioned product. Security patches are available to resolve this
vulnerability.
URL:www.kb.cert.org/vuls/id/551972
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103335
18.
Vulnerabilities in Sendio ESP (103330,
103331)
[27/05/2015]
Vulnerabilities were identified in the Sendio
ESP (E-mail Security Platform). An attacker could bypass security restrictions
and obtain sensitive information. These vulnerabilities affect versions prior to
7.2.4 of the mentioned product. Security patches are available to resolve these
vulnerabilities.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103330
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103331
19.
Security Updates in SUSE
(SUSE-SU-2015:0889-2, SUSE-SU-2015:0940-1, SUSE-SU-2015:0943-1,
SUSE-SU-2015:0944-1, SUSE-SU-2015:0946-1)
[27/05/2015] SUSE has
released security update packages for fixing the vulnerabilities identified in
the xen, KVM and MySQL packages of SUSE Linux Enterprise 10 and 11. Due to
multiple errors, an attacker could bypass security restrictions, obtain
sensitive information, gain elevated privileges, execute arbitrary code, cause a
denial of service condition and compromise the
system.
URL:lists.opensuse.org/opensuse-security-announce/2015-05/msg00022.html
URL:lists.opensuse.org/opensuse-security-announce/2015-05/msg00023.html
URL:lists.opensuse.org/opensuse-security-announce/2015-05/msg00024.html
URL:lists.opensuse.org/opensuse-security-announce/2015-05/msg00025.html
URL:lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html
20.
Security Updates in Ubuntu GNU/Linux
(USN-2622-1)
[27/05/2015] Ubuntu has
released security update packages for fixing the vulnerabilities identified in
the openldap package for versions 12.04 LTS, 14.04 LTS, 14.10 and 15.04 of
Ubuntu GNU/Linux. Due to multiple errors, an attacker could bypass security
restrictions, execute arbitrary code, cause a denial of service condition and
crash the
system.
URL:www.ubuntu.com/usn/usn-2622-1/
21. Vulnerabilities in Cisco
Products
[26/05/2015]
Vulnerabilities were identified in the Cisco
Unified Communications Manager and Cisco Hosted Collaboration Solution. An
attacker could bypass security restrictions, obtain sensitive information and
execute arbitrary code. These vulnerabilities affect multiple firmware versions
of the mentioned products. Security patches are available to resolve these
vulnerabilities.
URL:tools.cisco.com/security/center/viewAlert.x?alertId=38964
URL:tools.cisco.com/security/center/viewAlert.x?alertId=38969
22.
Vulnerabilities in
PostgreSQL
[26/05/2015]
Vulnerabilities were identified in the
PostgreSQL. An attacker could bypass security restrictions, obtain sensitive
information, cause a denial of service condition and crash the system. These
vulnerabilities affect versions 9.1 and 9.4 of the mentioned product. Security
patches are available to resolve these
vulnerabilities.
URL:www.hkcert.org/my_url/en/alert/15052601
23.
Security Updates in Oracle Linux
(ELSA-2015-3037)
[26/05/2015] Oracle has
released security update packages for fixing the vulnerabilities identified in
the docker package for Oracle Linux 6 and 7. Due to multiple errors, an attacker
could bypass security restrictions, obtain sensitive information and gain
elevated
privileges.
URL:linux.oracle.com/errata/ELSA-2015-3037.html
24.
Security Updates in Debian (DSA-3267-1,
DSA-3268-1, DSA-3269-1, DSA-3270-1, DSA-3271-1, DSA-3272-1,
DSA-3273-1)
[26/05/2015] Debian has
released security update packages for fixing the vulnerabilities identified in
the chromium-browser, ntfs-3g, postgresql-9.1, postgresql-9.4, nbd, ipsec-tools
and tiff packages for multiple versions of Debian GNU/Linux. Due to multiple
errors, an attacker could bypass security restrictions, obtain sensitive
information, gain elevated privileges, execute arbitrary code, cause a denial of
service condition and compromise the
system.
URL:www.debian.org/security/2015/dsa-3267
URL:www.debian.org/security/2015/dsa-3268
URL:www.debian.org/security/2015/dsa-3269
URL:www.debian.org/security/2015/dsa-3270
URL:www.debian.org/security/2015/dsa-3271
URL:www.debian.org/security/2015/dsa-3272
URL:www.debian.org/security/2015/dsa-3273
25.
Security Updates in Mageia
(MGASA-2015-0235, MGASA-2015-0236)
[26/05/2015] Mageia has
released security update packages for fixing the vulnerabilities identified in
the chromium-browser-stable, kernel, kernel-userspace-headers,
kmod-vboxadditions, kmod-virtualbox, kmod-xtables-addons, kmod-broadcom-wl,
kmod-fglrx, kmod-nvidia173, kmod-nvidia304 and kmod-nvidia-current packages for
multiple versions of Mageia. Due to multiple errors, an attacker could bypass
security restrictions, obtain sensitive information, gain elevated privileges,
execute arbitrary code, cause a denial of service condition and compromise the
system.
URL:advisories.mageia.org/MGASA-2015-0235.html
URL:advisories.mageia.org/MGASA-2015-0236.html
26.
Security Updates in Red Hat Enterprise
Linux (RHSA-2015:1023-1)
[26/05/2015] Red Hat
has released security update packages for fixing the vulnerabilities identified
in the chromium-browser package for Red Hat Enterprise Linux 6. Due to multiple
errors, an attacker could bypass security restrictions, obtain sensitive
information, gain elevated privileges, execute arbitrary code, cause a denial of
service condition and compromise the
system.
URL:rhn.redhat.com/errata/RHSA-2015-1023.html
27.
Security Updates in Ubuntu GNU/Linux
(USN-2617-2, USN-2619-2, USN-2620-1, USN-2621-1)
[26/05/2015] Ubuntu has released security update packages for fixing the
vulnerabilities identified in the ntfs-3g, linux-lts-trusty, linux,
postgresql-9.1, postgresql-9.3 and postgresql-9.4 for versions 12.04 LTS, 14.04
LTS, 14.10 and 15.04 of Ubuntu GNU/Linux. Due to multiple errors, an attacker
could bypass security restrictions, obtain sensitive information, gain elevated
privileges, execute arbitrary code, cause a denial of service condition and
compromise the
system.
URL:www.ubuntu.com/usn/usn-2617-2/
URL:www.ubuntu.com/usn/usn-2619-1/
URL:www.ubuntu.com/usn/usn-2620-1/
URL:www.ubuntu.com/usn/usn-2621-1/
Sunday, May 31, 2015
Monday, May 25, 2015
IT Security Alerts Weekly Digest (17 May ~ 23 May 2015)
1. Information
Updates on Microsoft Security Bulletin (3057110)
[22/05/2015] Microsoft has updated information on the Security Bulletin for Microsoft Windows, Microsoft .NET Framework, Microsoft Office, Microsoft Lync and Microsoft Silverlight. MS15-044 was revised to announce the availability of a new update (3065979) that fixes a known issue that some customers experienced after installing the 3045171 security update on all supported editions of Windows 7/Windows 2008 R2 and earlier systems. The 3045171 security update causes customer applications to crash while attempting to create text-outline-based path objects using GDI+.
URL:technet.microsoft.com/en-us/library/security/MS15-044
2. Vulnerability in Apache Jackrabbit
[22/05/2015] Vulnerability was identified in the Apache Jackrabbit. An attacker could bypass security restrictions and obtain sensitive information. This vulnerability affects versions prior to 2.10.1 of the mentioned product. Security patches are available to resolve this vulnerability.
URL:jackrabbit.apache.org/jcr/index.html
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103311
3. Vulnerability in Cisco Access Control Server
[22/05/2015] Vulnerability was identified in the Cisco Access Control Server. An attacker could bypass security restrictions, cause a denial of service condition and crash the system. This vulnerability affects firmware version 5.5 (0.46.2) of the mentioned product.
URL:tools.cisco.com/security/center/viewAlert.x?alertId=38946
4. Vulnerability in python-kerberos (103310)
[22/05/2015] Vulnerability was identified in the python-kerberos. An attacker could bypass security restrictions, execute arbitrary code and perform spoofing attacks. This vulnerability affects version 1.2.2 of the mentioned product. Security patches are available to resolve this vulnerability.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103310
5. Security Updates in Debian (DSA-3266-1)
[22/05/2015] Debian has released security update packages for fixing the vulnerability identified in the fuse package for multiple versions of Debian GNU/Linux. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the system.
URL:www.debian.org/security/2015/dsa-3266
6. Security Updates in SUSE (SUSE-SU-2015:0923-1, SUSE-SU-2015:0927-1, SUSE-SU-2015:0928-1, SUSE-SU-2015:0929-1)
[22/05/2015] SUSE has released security update packages for fixing the vulnerabilities identified in the xen and KVM packages of SUSE Linux Enterprise 11 and 12, and the SUSE Manager 1.7 for SUSE Linux Enterprise 11. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and crash the system.
URL:lists.opensuse.org/opensuse-security-announce/2015-05/msg00018.html
URL:lists.opensuse.org/opensuse-security-announce/2015-05/msg00019.html
URL:lists.opensuse.org/opensuse-security-announce/2015-05/msg00020.html
URL:lists.opensuse.org/opensuse-security-announce/2015-05/msg00021.html
7. Security Updates in Ubuntu GNU/Linux (USN-2609-1, USN-2610-1, USN-2617-1, USN-2618-1)
[22/05/2015] Ubuntu has released security update packages for fixing the vulnerabilities identified in the apport, oxide-qt, fuse and python-dbusmock packages for versions 12.04 LTS, 14.04 LTS, 14.10, 15.04 of Ubuntu GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:www.ubuntu.com/usn/usn-2609-1/
URL:www.ubuntu.com/usn/usn-2610-1/
URL:www.ubuntu.com/usn/usn-2617-1/
URL:www.ubuntu.com/usn/usn-2618-1/
8. Vulnerability in Microsoft Internet Explorer (103298)
[21/05/2015] Vulnerability was identified in the Microsoft Internet Explorer 11 . An attacker could bypass security restrictions, cause a denial of service condition and crash the system. This vulnerability affects version 11 of the mentioned product.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103298
9. Vulnerabilities in Cisco Products
[21/05/2015] Vulnerabilities were identified in the Cisco Prime Central for HCS and Cisco Adaptive Security Appliance. An attacker could bypass security restrictions, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the system. These vulnerabilities affect versions of the mentioned products. Security patches are available to resolve the vulnerability identified in Cisco Adaptive Security Appliance.
URL:tools.cisco.com/security/center/viewAlert.x?alertId=38927
URL:tools.cisco.com/security/center/viewAlert.x?alertId=38937
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103296
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103297
10. Vulnerability in HP LoadRunner (103292)
[21/05/2015] Vulnerability was identified in the HP LoadRunner. An attacker could bypass security restrictions, execute arbitrary code, cause a denial of service condition and crash the system. This vulnerability affects version 11.52 of the mentioned product. Security patches are available to resolve this vulnerability.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103292
11. Vulnerabilities in Trend Micro OfficeScan
[21/05/2015] Vulnerabilities were identified in the Trend Micro OfficeScan 11. An attacker could bypass security restrictions, obtain sensitive information, cause a denial of service condition and crash the system. These vulnerabilities affect versions prior to 11.0 Service Pack 1 of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:downloadcenter.trendmicro.com/index.php?regs=NABU&clk=tbl&clkval=4739&cm_mmc=RSS-_-Download%20Center-_-product-_-5
URL:docs.trendmicro.com/all/ent/officescan/v11.0/en-us/osce_11.0_sp1_server_readme.htm
URL:docs.trendmicro.com/all/ent/officescan/v11.0/en-us/osce_11.0_sp1_agent_readme.txt
12. Vulnerabilities in Huawei Mate 7 smartphone (Huawei-SA-20150520-01-MATE7)
[21/05/2015] Vulnerabilities were identified in the Huawei Mate 7 smartphone. An attacker could bypass security restrictions, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system. These vulnerabilities affect firmware versions prior to V100R001CHNC00B126SP03 of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:www.huawei.com/en/security/psirt/security-bulletins/security-advisories/archive/hw-432799.htm
13. Vulnerability in IPsec-Tools (103287)
[21/05/2015] Vulnerability was identified in the IPsec-Tools. An attacker could bypass security restrictions, cause a denial of service condition and crash the system. This vulnerability affects version 0.8.2 of the mentioned product.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103287
14. Vulnerability in TLS protocol (103294)
[21/05/2015] Vulnerability was identified in the TLS protocol. An attacker could bypass security restrictions and obtain sensitive information. This vulnerability affects version 1.2 of the mentioned product and is commonly referred to as "Logjam".
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103294
15. Security Updates in Debian (DSA-3263-1, DSA-3265-1)
[21/05/2015] Debian has released security update packages for fixing the vulnerabilities identified in the proftpd-dfsg and zendframework packages for multiple versions of Debian GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and crash the system.
URL:www.debian.org/security/2015/dsa-3263
URL:www.debian.org/security/2015/dsa-3265
16. Security Updates in Red Hat Enterprise Linux (RHSA-2015:1020-1, RHSA-2015:1021-1)
[21/05/2015] Red Hat has released security update packages for fixing the vulnerabilities identified in the java-1.7.1-ibm and java-1.5.0-ibm packages for Red Hat Enterprise Linux 5, 6, and 7. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:rhn.redhat.com/errata/RHSA-2015-1020.html
URL:rhn.redhat.com/errata/RHSA-2015-1021.html
17. Security Updates in SUSE (SUSE-SU-2015:0921-1)
[21/05/2015] SUSE has released security update packages for fixing the vulnerability identified in the gstreamer-0_10-plugins-bad package of SUSE Linux Enterprise 11. Due to multiple errors, an attacker could bypass security restrictions, cause a denial of service condition and crash the system.
URL:lists.opensuse.org/opensuse-security-announce/2015-05/msg00017.html
18. Security Updates in Ubuntu GNU/Linux (USN-2611-1, USN-2612-1, USN-2613-1, USN-2614-1, USN-2615-1, USN-2616-1)
[21/05/2015] Ubuntu has released security update packages for fixing the vulnerabilities identified in the linux, linux-ti-omap4, linux-lts-trusty and linux-lts-utopic packages for versions 12.04 LTS, 14.04 LTS and 14.10 of Ubuntu GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:www.ubuntu.com/usn/usn-2611-1/
URL:www.ubuntu.com/usn/usn-2612-1/
URL:www.ubuntu.com/usn/usn-2613-1/
URL:www.ubuntu.com/usn/usn-2614-1/
URL:www.ubuntu.com/usn/usn-2615-1/
URL:www.ubuntu.com/usn/usn-2616-1/
19. Information Updates on Microsoft Security Bulletin (3057181)
[20/05/2015] Microsoft has updated information on the Security Bulletin for Microsoft Office. MS15-046 was revised to announce the release of the Microsoft Office for Mac 14.5.1 update. The release addresses a potential issue with Microsoft Outlook for Mac when customers install the Microsoft Office for Mac 14.5.0 update. Customers who have not already installed the 14.5.0 update should install the 14.5.1 update to be fully protected from this vulnerability.
URL:technet.microsoft.com/en-us/library/security/MS15-046
20. Vulnerabilities in Apple Watch OS (HT204870)
[20/05/2015] Vulnerabilities were identified in the Apple Watch OS. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system. These vulnerabilities affect versions prior to 1.0.1 of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:support.apple.com/en-hk/HT204870
21. Vulnerability in Cisco Unified Intelligence Center
[20/05/2015] Vulnerability was identified in the Cisco Unified Intelligence Center. An attacker could bypass security restrictions, gain elevated privileges, execute arbitrary code and perform cross-site request forgery attacks. This vulnerability affects version 10.6 (1) of the mentioned product. Security patches are available to resolve this vulnerability.
URL:tools.cisco.com/security/center/viewAlert.x?alertId=38913
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103281
22. Vulnerabilities in Google Chrome
[20/05/2015] Vulnerabilities were identified in the Google Chrome. An attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and compromise the system. These vulnerabilities affect versions prior to 43.0.2357.65 of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:googlechromereleases.blogspot.mx/2015/05/stable-channel-update_19.html
URL:www.us-cert.gov/ncas/current-activity/2015/05/19/Google-Releases-Security-Update-Chrome
23. Vulnerability in KCodes NetUSB (VU#177092)
[20/05/2015] Vulnerability was identified in the KCodes NetUSB. An attacker could bypass security restrictions, execute arbitrary code, cause a denial of service condition and compromise the system. This vulnerability affects multiple firmware versions of the mentioned product. Security patches are available to resolve this vulnerability.
URL:www.kb.cert.org/vuls/id/177092
24. Vulnerability in Samba (103230)
[20/05/2015] Vulnerability was identified in the Samba. An attacker could bypass security restrictions, execute arbitrary code and cause a denial of service condition. This vulnerability affects version 3.0.37 of the mentioned product.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103230
25. Security Updates in Debian (DSA-3262-1, DSA-3264-1)
[20/05/2015] Debian has released security update packages for fixing the vulnerabilities identified in the xen and icedove packages for multiple versions of Debian GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:www.debian.org/security/2015/dsa-3262
URL:www.debian.org/security/2015/dsa-3264
26. Security Updates in SUSE (openSUSE-SU-2015:0914-1)
[20/05/2015] SUSE has released security update packages for fixing the vulnerabilities identified in the flash-player packages of openSUSE 13.1 and 13.2. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:lists.opensuse.org/opensuse-security-announce/2015-05/msg00016.html
27. Vulnerabilities in Cisco Products
[19/05/2015] Vulnerabilities were identified in the Cisco Web Security Appliance (WSA) and Cisco FireSIGHT System Software. An attacker could bypass security restrictions, obtain sensitive information and execute arbitrary code. These vulnerabilities affect multiple versions of the mentioned products.
URL:tools.cisco.com/security/center/viewAlert.x?alertId=38884
URL:tools.cisco.com/security/center/viewAlert.x?alertId=38905
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103220
28. Vulnerability in IBM Products (1902300)
[19/05/2015] Vulnerability was identified in the IBM Notes, IBM Domino and IBM Expeditor. An attacker could bypass security restrictions and obtain sensitive information. This vulnerability affects multiple versions of the mentioned products.
URL:www.ibm.com/support/docview.wss?uid=swg21902300
29. Vulnerabilities in Moodle (MSA-15-0018, MSA-15-0019, MSA-15-0020, MSA-15-0021, MSA-15-0022, MSA-15-0023, MSA-15-0024, MSA-15-0025)
[19/05/2015] Vulnerabilities were identified in the Moodle. An attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, perform cross site scripting attacks, cause a denial of service condition and crash the system. These vulnerabilities affect multiple versions of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:moodle.org/security/
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103221
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103222
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103223
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103224
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103225
30. Security Updates in Oracle Linux (ELSA-2015-1012)
[19/05/2015] Oracle has released security update packages for fixing the vulnerabilities identified in the thunderbird package for Oracle Linux 6 and 7. Due to multiple errors, an attacker could bypass security restrictions, execute arbitrary code, cause a denial of service condition and crash the system.
URL:linux.oracle.com/errata/ELSA-2015-1012.html
31. Security Updates in Mageia (MGASA-2015-0229, MGASA-2015-0230, MGASA-2015-0231, MGASA-2015-0232, MGASA-2015-0233, MGASA-2015-0234)
[19/05/2015] Mageia has released security update packages for fixing the vulnerabilities identified in the moodle, xbmc, php, php-apc, php-timezonedb, phpmyadmin, avidemux, sqlite3, rootcerts, nss, firefox, firefox-l10n, thunderbird and thunderbird-l10n packages for multiple versions of Mageia. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:advisories.mageia.org/MGASA-2015-0229.html
URL:advisories.mageia.org/MGASA-2015-0230.html
URL:advisories.mageia.org/MGASA-2015-0231.html
URL:advisories.mageia.org/MGASA-2015-0232.html
URL:advisories.mageia.org/MGASA-2015-0233.html
URL:advisories.mageia.org/MGASA-2015-0234.html
32. Security Updates in Red Hat Enterprise Linux (RHSA-2015:1012-1)
[19/05/2015] Red Hat has released security update packages for fixing the vulnerabilities identified in the thunderbird package for Red Hat Enterprise Linux 5, 6, and 7. Due to multiple errors, an attacker could bypass security restrictions, execute arbitrary code, cause a denial of service condition and crash the system.
URL:rhn.redhat.com/errata/RHSA-2015-1012.html
33. Security Updates in SUSE (openSUSE-SU-2015:0892-1, openSUSE-SU-2015:0893-1, openSUSE-SU-2015:0894-1, SUSE-SU-2015:0896-1)
[19/05/2015] SUSE has released security update packages for fixing the vulnerabilities identified in the Firefox 31.7.0esr and qemu packages of openSUSE 13.1 and 13.2, openSUSE Evergreen 11.4, and SUSE Linux Enterprise 12. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:lists.opensuse.org/opensuse-security-announce/2015-05/msg00012.html
URL:lists.opensuse.org/opensuse-security-announce/2015-05/msg00013.html
URL:lists.opensuse.org/opensuse-security-announce/2015-05/msg00014.html
URL:lists.opensuse.org/opensuse-security-announce/2015-05/msg00015.html
34. Security Updates in Ubuntu GNU/Linux (USN-2603-1)
[19/05/2015] Ubuntu has released security update packages for fixing the vulnerabilities identified in the thunderbird packages for versions 12.04 LTS, 14.04 LTS, 14.10 and vivid of Ubuntu GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, execute arbitrary code, cause a denial of service condition and crash the system.
URL:www.ubuntu.com/usn/usn-2603-1/
35. Vulnerability in Apache Portable Runtime (103204)
[18/05/2015] Vulnerability was identified in the Apache Portable Runtime. An attacker could bypass security restrictions and cause a denial of service condition. This vulnerability affects versions prior to 1.5.2 of the mentioned product. Security patches are available to resolve this vulnerability.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103204
36. Vulnerability in Cisco Unified Customer Voice Portal
[18/05/2015] Vulnerability was identified in the Cisco Unified Customer Voice Portal. An attacker could bypass security restrictions, execute arbitrary code and perform cross-site scripting attacks. This vulnerability affects firmware version 10.5(1) of the mentioned product.
URL:tools.cisco.com/security/center/viewAlert.x?alertId=38868
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103203
37. Vulnerability in Oracle Products
[18/05/2015] Vulnerability was identified in the Oracle VirtualBox, Oracle VM and Oracle Linux. An attacker could bypass security restrictions, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system. This vulnerability affects multiple versions of the mentioned products. Security patches are available to resolve this vulnerability.
URL:www.oracle.com/technetwork/topics/security/alert-cve-2015-3456-2542656.html
38. Security Updates in Debian (DSA-3261-1)
[18/05/2015] Debian has released security update packages for fixing the vulnerabilities identified in the libmodule-signature-perl package for multiple versions of Debian GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, execute arbitrary code and compromise the system.
URL:www.debian.org/security/2015/dsa-3261
39. Security Updates in Mageia (MGASA-2015-0227, MGASA-2015-0228)
[18/05/2015] Mageia has released security update packages for fixing the vulnerabilities identified in the ruby-rest-client, ruby-netrc, ruby-http-cookie, kmod-vboxadditions, kmod-virtualbox and virtualbox packages for multiple versions of Mageia. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:advisories.mageia.org/MGASA-2015-0227.html
URL:advisories.mageia.org/MGASA-2015-0228.html
40. Security Updates in Red Hat Enterprise Linux (RHSA-2015:1011-1)
[18/05/2015] Red Hat has released security update packages for fixing the vulnerability identified in the rhev-hypervisor package for Red Hat Enterprise Virtualization 3. An attacker could bypass security restrictions, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:rhn.redhat.com/errata/RHSA-2015-1011.html
41. Security Updates in Slackware (SSA:2015-137-01)
[18/05/2015] Slackware has released security update packages for fixing the vulnerabilities identified in the mozilla-thunderbird package for multiple versions of Slackware Linux. Due to multiple errors, an attacker could bypass security restriction, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the system.
URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.360171
42. Security Updates in SUSE (SUSE-SU-2015:0884-1, SUSE-SU-2015:0884-2, SUSE-SU-2015:0889-1, openSUSE-SU-2015:0890-1)
[18/05/2015] SUSE has released security update packages for fixing the vulnerabilities identified in the spice, KVM and flash-player packages of SUSE Linux Enterprise 11, 12 and openSUSE Evergreen 11.4. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:lists.opensuse.org/opensuse-security-announce/2015-05/msg00008.html
URL:lists.opensuse.org/opensuse-security-announce/2015-05/msg00009.html
URL:lists.opensuse.org/opensuse-security-announce/2015-05/msg00010.html
URL:lists.opensuse.org/opensuse-security-announce/2015-05/msg00011.html
[22/05/2015] Microsoft has updated information on the Security Bulletin for Microsoft Windows, Microsoft .NET Framework, Microsoft Office, Microsoft Lync and Microsoft Silverlight. MS15-044 was revised to announce the availability of a new update (3065979) that fixes a known issue that some customers experienced after installing the 3045171 security update on all supported editions of Windows 7/Windows 2008 R2 and earlier systems. The 3045171 security update causes customer applications to crash while attempting to create text-outline-based path objects using GDI+.
URL:technet.microsoft.com/en-us/library/security/MS15-044
2. Vulnerability in Apache Jackrabbit
[22/05/2015] Vulnerability was identified in the Apache Jackrabbit. An attacker could bypass security restrictions and obtain sensitive information. This vulnerability affects versions prior to 2.10.1 of the mentioned product. Security patches are available to resolve this vulnerability.
URL:jackrabbit.apache.org/jcr/index.html
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103311
3. Vulnerability in Cisco Access Control Server
[22/05/2015] Vulnerability was identified in the Cisco Access Control Server. An attacker could bypass security restrictions, cause a denial of service condition and crash the system. This vulnerability affects firmware version 5.5 (0.46.2) of the mentioned product.
URL:tools.cisco.com/security/center/viewAlert.x?alertId=38946
4. Vulnerability in python-kerberos (103310)
[22/05/2015] Vulnerability was identified in the python-kerberos. An attacker could bypass security restrictions, execute arbitrary code and perform spoofing attacks. This vulnerability affects version 1.2.2 of the mentioned product. Security patches are available to resolve this vulnerability.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103310
5. Security Updates in Debian (DSA-3266-1)
[22/05/2015] Debian has released security update packages for fixing the vulnerability identified in the fuse package for multiple versions of Debian GNU/Linux. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the system.
URL:www.debian.org/security/2015/dsa-3266
6. Security Updates in SUSE (SUSE-SU-2015:0923-1, SUSE-SU-2015:0927-1, SUSE-SU-2015:0928-1, SUSE-SU-2015:0929-1)
[22/05/2015] SUSE has released security update packages for fixing the vulnerabilities identified in the xen and KVM packages of SUSE Linux Enterprise 11 and 12, and the SUSE Manager 1.7 for SUSE Linux Enterprise 11. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and crash the system.
URL:lists.opensuse.org/opensuse-security-announce/2015-05/msg00018.html
URL:lists.opensuse.org/opensuse-security-announce/2015-05/msg00019.html
URL:lists.opensuse.org/opensuse-security-announce/2015-05/msg00020.html
URL:lists.opensuse.org/opensuse-security-announce/2015-05/msg00021.html
7. Security Updates in Ubuntu GNU/Linux (USN-2609-1, USN-2610-1, USN-2617-1, USN-2618-1)
[22/05/2015] Ubuntu has released security update packages for fixing the vulnerabilities identified in the apport, oxide-qt, fuse and python-dbusmock packages for versions 12.04 LTS, 14.04 LTS, 14.10, 15.04 of Ubuntu GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:www.ubuntu.com/usn/usn-2609-1/
URL:www.ubuntu.com/usn/usn-2610-1/
URL:www.ubuntu.com/usn/usn-2617-1/
URL:www.ubuntu.com/usn/usn-2618-1/
8. Vulnerability in Microsoft Internet Explorer (103298)
[21/05/2015] Vulnerability was identified in the Microsoft Internet Explorer 11 . An attacker could bypass security restrictions, cause a denial of service condition and crash the system. This vulnerability affects version 11 of the mentioned product.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103298
9. Vulnerabilities in Cisco Products
[21/05/2015] Vulnerabilities were identified in the Cisco Prime Central for HCS and Cisco Adaptive Security Appliance. An attacker could bypass security restrictions, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the system. These vulnerabilities affect versions of the mentioned products. Security patches are available to resolve the vulnerability identified in Cisco Adaptive Security Appliance.
URL:tools.cisco.com/security/center/viewAlert.x?alertId=38927
URL:tools.cisco.com/security/center/viewAlert.x?alertId=38937
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103296
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103297
10. Vulnerability in HP LoadRunner (103292)
[21/05/2015] Vulnerability was identified in the HP LoadRunner. An attacker could bypass security restrictions, execute arbitrary code, cause a denial of service condition and crash the system. This vulnerability affects version 11.52 of the mentioned product. Security patches are available to resolve this vulnerability.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103292
11. Vulnerabilities in Trend Micro OfficeScan
[21/05/2015] Vulnerabilities were identified in the Trend Micro OfficeScan 11. An attacker could bypass security restrictions, obtain sensitive information, cause a denial of service condition and crash the system. These vulnerabilities affect versions prior to 11.0 Service Pack 1 of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:downloadcenter.trendmicro.com/index.php?regs=NABU&clk=tbl&clkval=4739&cm_mmc=RSS-_-Download%20Center-_-product-_-5
URL:docs.trendmicro.com/all/ent/officescan/v11.0/en-us/osce_11.0_sp1_server_readme.htm
URL:docs.trendmicro.com/all/ent/officescan/v11.0/en-us/osce_11.0_sp1_agent_readme.txt
12. Vulnerabilities in Huawei Mate 7 smartphone (Huawei-SA-20150520-01-MATE7)
[21/05/2015] Vulnerabilities were identified in the Huawei Mate 7 smartphone. An attacker could bypass security restrictions, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system. These vulnerabilities affect firmware versions prior to V100R001CHNC00B126SP03 of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:www.huawei.com/en/security/psirt/security-bulletins/security-advisories/archive/hw-432799.htm
13. Vulnerability in IPsec-Tools (103287)
[21/05/2015] Vulnerability was identified in the IPsec-Tools. An attacker could bypass security restrictions, cause a denial of service condition and crash the system. This vulnerability affects version 0.8.2 of the mentioned product.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103287
14. Vulnerability in TLS protocol (103294)
[21/05/2015] Vulnerability was identified in the TLS protocol. An attacker could bypass security restrictions and obtain sensitive information. This vulnerability affects version 1.2 of the mentioned product and is commonly referred to as "Logjam".
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103294
15. Security Updates in Debian (DSA-3263-1, DSA-3265-1)
[21/05/2015] Debian has released security update packages for fixing the vulnerabilities identified in the proftpd-dfsg and zendframework packages for multiple versions of Debian GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and crash the system.
URL:www.debian.org/security/2015/dsa-3263
URL:www.debian.org/security/2015/dsa-3265
16. Security Updates in Red Hat Enterprise Linux (RHSA-2015:1020-1, RHSA-2015:1021-1)
[21/05/2015] Red Hat has released security update packages for fixing the vulnerabilities identified in the java-1.7.1-ibm and java-1.5.0-ibm packages for Red Hat Enterprise Linux 5, 6, and 7. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:rhn.redhat.com/errata/RHSA-2015-1020.html
URL:rhn.redhat.com/errata/RHSA-2015-1021.html
17. Security Updates in SUSE (SUSE-SU-2015:0921-1)
[21/05/2015] SUSE has released security update packages for fixing the vulnerability identified in the gstreamer-0_10-plugins-bad package of SUSE Linux Enterprise 11. Due to multiple errors, an attacker could bypass security restrictions, cause a denial of service condition and crash the system.
URL:lists.opensuse.org/opensuse-security-announce/2015-05/msg00017.html
18. Security Updates in Ubuntu GNU/Linux (USN-2611-1, USN-2612-1, USN-2613-1, USN-2614-1, USN-2615-1, USN-2616-1)
[21/05/2015] Ubuntu has released security update packages for fixing the vulnerabilities identified in the linux, linux-ti-omap4, linux-lts-trusty and linux-lts-utopic packages for versions 12.04 LTS, 14.04 LTS and 14.10 of Ubuntu GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:www.ubuntu.com/usn/usn-2611-1/
URL:www.ubuntu.com/usn/usn-2612-1/
URL:www.ubuntu.com/usn/usn-2613-1/
URL:www.ubuntu.com/usn/usn-2614-1/
URL:www.ubuntu.com/usn/usn-2615-1/
URL:www.ubuntu.com/usn/usn-2616-1/
19. Information Updates on Microsoft Security Bulletin (3057181)
[20/05/2015] Microsoft has updated information on the Security Bulletin for Microsoft Office. MS15-046 was revised to announce the release of the Microsoft Office for Mac 14.5.1 update. The release addresses a potential issue with Microsoft Outlook for Mac when customers install the Microsoft Office for Mac 14.5.0 update. Customers who have not already installed the 14.5.0 update should install the 14.5.1 update to be fully protected from this vulnerability.
URL:technet.microsoft.com/en-us/library/security/MS15-046
20. Vulnerabilities in Apple Watch OS (HT204870)
[20/05/2015] Vulnerabilities were identified in the Apple Watch OS. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system. These vulnerabilities affect versions prior to 1.0.1 of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:support.apple.com/en-hk/HT204870
21. Vulnerability in Cisco Unified Intelligence Center
[20/05/2015] Vulnerability was identified in the Cisco Unified Intelligence Center. An attacker could bypass security restrictions, gain elevated privileges, execute arbitrary code and perform cross-site request forgery attacks. This vulnerability affects version 10.6 (1) of the mentioned product. Security patches are available to resolve this vulnerability.
URL:tools.cisco.com/security/center/viewAlert.x?alertId=38913
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103281
22. Vulnerabilities in Google Chrome
[20/05/2015] Vulnerabilities were identified in the Google Chrome. An attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and compromise the system. These vulnerabilities affect versions prior to 43.0.2357.65 of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:googlechromereleases.blogspot.mx/2015/05/stable-channel-update_19.html
URL:www.us-cert.gov/ncas/current-activity/2015/05/19/Google-Releases-Security-Update-Chrome
23. Vulnerability in KCodes NetUSB (VU#177092)
[20/05/2015] Vulnerability was identified in the KCodes NetUSB. An attacker could bypass security restrictions, execute arbitrary code, cause a denial of service condition and compromise the system. This vulnerability affects multiple firmware versions of the mentioned product. Security patches are available to resolve this vulnerability.
URL:www.kb.cert.org/vuls/id/177092
24. Vulnerability in Samba (103230)
[20/05/2015] Vulnerability was identified in the Samba. An attacker could bypass security restrictions, execute arbitrary code and cause a denial of service condition. This vulnerability affects version 3.0.37 of the mentioned product.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103230
25. Security Updates in Debian (DSA-3262-1, DSA-3264-1)
[20/05/2015] Debian has released security update packages for fixing the vulnerabilities identified in the xen and icedove packages for multiple versions of Debian GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:www.debian.org/security/2015/dsa-3262
URL:www.debian.org/security/2015/dsa-3264
26. Security Updates in SUSE (openSUSE-SU-2015:0914-1)
[20/05/2015] SUSE has released security update packages for fixing the vulnerabilities identified in the flash-player packages of openSUSE 13.1 and 13.2. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:lists.opensuse.org/opensuse-security-announce/2015-05/msg00016.html
27. Vulnerabilities in Cisco Products
[19/05/2015] Vulnerabilities were identified in the Cisco Web Security Appliance (WSA) and Cisco FireSIGHT System Software. An attacker could bypass security restrictions, obtain sensitive information and execute arbitrary code. These vulnerabilities affect multiple versions of the mentioned products.
URL:tools.cisco.com/security/center/viewAlert.x?alertId=38884
URL:tools.cisco.com/security/center/viewAlert.x?alertId=38905
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103220
28. Vulnerability in IBM Products (1902300)
[19/05/2015] Vulnerability was identified in the IBM Notes, IBM Domino and IBM Expeditor. An attacker could bypass security restrictions and obtain sensitive information. This vulnerability affects multiple versions of the mentioned products.
URL:www.ibm.com/support/docview.wss?uid=swg21902300
29. Vulnerabilities in Moodle (MSA-15-0018, MSA-15-0019, MSA-15-0020, MSA-15-0021, MSA-15-0022, MSA-15-0023, MSA-15-0024, MSA-15-0025)
[19/05/2015] Vulnerabilities were identified in the Moodle. An attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, perform cross site scripting attacks, cause a denial of service condition and crash the system. These vulnerabilities affect multiple versions of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:moodle.org/security/
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103221
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103222
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103223
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103224
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103225
30. Security Updates in Oracle Linux (ELSA-2015-1012)
[19/05/2015] Oracle has released security update packages for fixing the vulnerabilities identified in the thunderbird package for Oracle Linux 6 and 7. Due to multiple errors, an attacker could bypass security restrictions, execute arbitrary code, cause a denial of service condition and crash the system.
URL:linux.oracle.com/errata/ELSA-2015-1012.html
31. Security Updates in Mageia (MGASA-2015-0229, MGASA-2015-0230, MGASA-2015-0231, MGASA-2015-0232, MGASA-2015-0233, MGASA-2015-0234)
[19/05/2015] Mageia has released security update packages for fixing the vulnerabilities identified in the moodle, xbmc, php, php-apc, php-timezonedb, phpmyadmin, avidemux, sqlite3, rootcerts, nss, firefox, firefox-l10n, thunderbird and thunderbird-l10n packages for multiple versions of Mageia. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:advisories.mageia.org/MGASA-2015-0229.html
URL:advisories.mageia.org/MGASA-2015-0230.html
URL:advisories.mageia.org/MGASA-2015-0231.html
URL:advisories.mageia.org/MGASA-2015-0232.html
URL:advisories.mageia.org/MGASA-2015-0233.html
URL:advisories.mageia.org/MGASA-2015-0234.html
32. Security Updates in Red Hat Enterprise Linux (RHSA-2015:1012-1)
[19/05/2015] Red Hat has released security update packages for fixing the vulnerabilities identified in the thunderbird package for Red Hat Enterprise Linux 5, 6, and 7. Due to multiple errors, an attacker could bypass security restrictions, execute arbitrary code, cause a denial of service condition and crash the system.
URL:rhn.redhat.com/errata/RHSA-2015-1012.html
33. Security Updates in SUSE (openSUSE-SU-2015:0892-1, openSUSE-SU-2015:0893-1, openSUSE-SU-2015:0894-1, SUSE-SU-2015:0896-1)
[19/05/2015] SUSE has released security update packages for fixing the vulnerabilities identified in the Firefox 31.7.0esr and qemu packages of openSUSE 13.1 and 13.2, openSUSE Evergreen 11.4, and SUSE Linux Enterprise 12. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:lists.opensuse.org/opensuse-security-announce/2015-05/msg00012.html
URL:lists.opensuse.org/opensuse-security-announce/2015-05/msg00013.html
URL:lists.opensuse.org/opensuse-security-announce/2015-05/msg00014.html
URL:lists.opensuse.org/opensuse-security-announce/2015-05/msg00015.html
34. Security Updates in Ubuntu GNU/Linux (USN-2603-1)
[19/05/2015] Ubuntu has released security update packages for fixing the vulnerabilities identified in the thunderbird packages for versions 12.04 LTS, 14.04 LTS, 14.10 and vivid of Ubuntu GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, execute arbitrary code, cause a denial of service condition and crash the system.
URL:www.ubuntu.com/usn/usn-2603-1/
35. Vulnerability in Apache Portable Runtime (103204)
[18/05/2015] Vulnerability was identified in the Apache Portable Runtime. An attacker could bypass security restrictions and cause a denial of service condition. This vulnerability affects versions prior to 1.5.2 of the mentioned product. Security patches are available to resolve this vulnerability.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103204
36. Vulnerability in Cisco Unified Customer Voice Portal
[18/05/2015] Vulnerability was identified in the Cisco Unified Customer Voice Portal. An attacker could bypass security restrictions, execute arbitrary code and perform cross-site scripting attacks. This vulnerability affects firmware version 10.5(1) of the mentioned product.
URL:tools.cisco.com/security/center/viewAlert.x?alertId=38868
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103203
37. Vulnerability in Oracle Products
[18/05/2015] Vulnerability was identified in the Oracle VirtualBox, Oracle VM and Oracle Linux. An attacker could bypass security restrictions, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system. This vulnerability affects multiple versions of the mentioned products. Security patches are available to resolve this vulnerability.
URL:www.oracle.com/technetwork/topics/security/alert-cve-2015-3456-2542656.html
38. Security Updates in Debian (DSA-3261-1)
[18/05/2015] Debian has released security update packages for fixing the vulnerabilities identified in the libmodule-signature-perl package for multiple versions of Debian GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, execute arbitrary code and compromise the system.
URL:www.debian.org/security/2015/dsa-3261
39. Security Updates in Mageia (MGASA-2015-0227, MGASA-2015-0228)
[18/05/2015] Mageia has released security update packages for fixing the vulnerabilities identified in the ruby-rest-client, ruby-netrc, ruby-http-cookie, kmod-vboxadditions, kmod-virtualbox and virtualbox packages for multiple versions of Mageia. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:advisories.mageia.org/MGASA-2015-0227.html
URL:advisories.mageia.org/MGASA-2015-0228.html
40. Security Updates in Red Hat Enterprise Linux (RHSA-2015:1011-1)
[18/05/2015] Red Hat has released security update packages for fixing the vulnerability identified in the rhev-hypervisor package for Red Hat Enterprise Virtualization 3. An attacker could bypass security restrictions, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:rhn.redhat.com/errata/RHSA-2015-1011.html
41. Security Updates in Slackware (SSA:2015-137-01)
[18/05/2015] Slackware has released security update packages for fixing the vulnerabilities identified in the mozilla-thunderbird package for multiple versions of Slackware Linux. Due to multiple errors, an attacker could bypass security restriction, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the system.
URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.360171
42. Security Updates in SUSE (SUSE-SU-2015:0884-1, SUSE-SU-2015:0884-2, SUSE-SU-2015:0889-1, openSUSE-SU-2015:0890-1)
[18/05/2015] SUSE has released security update packages for fixing the vulnerabilities identified in the spice, KVM and flash-player packages of SUSE Linux Enterprise 11, 12 and openSUSE Evergreen 11.4. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:lists.opensuse.org/opensuse-security-announce/2015-05/msg00008.html
URL:lists.opensuse.org/opensuse-security-announce/2015-05/msg00009.html
URL:lists.opensuse.org/opensuse-security-announce/2015-05/msg00010.html
URL:lists.opensuse.org/opensuse-security-announce/2015-05/msg00011.html
Sunday, May 17, 2015
IT Security Alerts Weekly Digest (10 May ~ 16 May 2015)
1. Vulnerability
in Apache Tomcat (103155)
[15/05/2015] Vulnerability was identified in the Apache Tomcat. An attacker could bypass security restrictions. This vulnerability affects versions prior to 6.0.44, 7.0.59, or 8.0.17 of the mentioned product.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103155
2. Vulnerabilities in Cisco Products (cisco-sa-20150513-tc, cisco-sa-20150513-tp)
[15/05/2015] Vulnerabilities were identified in multiple Cisco TelePresence products, Cisco IOS, Cisco Access Control Server, Cisco Email Security Appliance and Cisco MediaSense. An attacker could bypass security restrictions, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150513-tc
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150513-tp
URL:tools.cisco.com/security/center/viewAlert.x?alertId=38833
URL:tools.cisco.com/security/center/viewAlert.x?alertId=38864
URL:tools.cisco.com/security/center/viewAlert.x?alertId=38866
URL:tools.cisco.com/security/center/viewAlert.x?alertId=38869
URL:www.us-cert.gov/ncas/current-activity/2015/05/14/Cisco-Releases-Security-Advisories-TelePresence-Products
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103157
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103158
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103159
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103160
3. Vulnerability in Huawei FusionCompute products (HW-428704)
[15/05/2015] Vulnerability was identified in the Apache Tomcat. An attacker could bypass security restrictions. This vulnerability affects versions prior to 6.0.44, 7.0.59, or 8.0.17 of the mentioned product.
URL:www.huawei.com/en/security/psirt/security-bulletins/security-notices/archive/hw-428704.htm
4. Security Updates in SUSE (SUSE-SU-2015:0878-1)
[15/05/2015] SUSE has released security update packages for fixing the vulnerabilities identified in the flash-player package of SUSE Linux Enterprise 12. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:lists.opensuse.org/opensuse-security-announce/2015-05/msg00007.html
5. Vulnerabilities in Cisco Products
[14/05/2015] Vulnerabilities were identified in the Cisco Wireless LAN Controller, Cisco Access Control Server and Cisco WebEx Meetings Server. An attacker could bypass security restrictions, execute arbitrary code, perform cross-site scripting attacks, cause a denial of service condition and crash the system. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:tools.cisco.com/security/center/viewAlert.x?alertId=38789
URL:tools.cisco.com/security/center/viewAlert.x?alertId=38808
URL:tools.cisco.com/security/center/viewAlert.x?alertId=38811
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103140
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103141
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103142
6. Vulnerability in QEMU (103116)
[14/05/2015] Vulnerability was identified in the QEMU. An attacker could bypass security restrictions, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system. This vulnerability affects multiple versions of the mentioned product. Security patches are available to resolve this vulnerability.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103116
7. Security Updates in Oracle Linux (ELSA-2015-0998, ELSA-2015-0999, ELSA-2015-1002, ELSA-2015-1003, ELSA-2015-3035, ELSA-2015-3036)
[14/05/2015] Oracle has released security update packages for fixing the vulnerabilities identified in the qemu-kvm, xen, kvm and kernel packages for Oracle Linux 6 and 7. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:linux.oracle.com/errata/ELSA-2015-0998.html
URL:linux.oracle.com/errata/ELSA-2015-0999.html
URL:linux.oracle.com/errata/ELSA-2015-1002.html
URL:linux.oracle.com/errata/ELSA-2015-1003.html
URL:linux.oracle.com/errata/ELSA-2015-3035.html
URL:linux.oracle.com/errata/ELSA-2015-3036.html
8. Security Updates in Debian (DSA-3259-1, DSA-3260-1)
[14/05/2015] Debian has released security update packages for fixing the vulnerabilities identified in the qemu and iceweasel packages for multiple versions of Debian GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:www.debian.org/security/2015/dsa-3259
URL:www.debian.org/security/2015/dsa-3260
9. Security Updates in Gentoo Linux (GLSA 201505-01)
[14/05/2015] Gentoo has released security update packages for fixing the vulnerabilities identified in the ettercap package for multiple versions of Gentoo Linux. Due to multiple errors, an attacker could bypass security restrictions, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the system.
URL:security.gentoo.org/glsa/201505-01
10. Security Updates in Mageia (MGASA-2015-0219, MGASA-2015-0220, MGASA-2015-0221, MGASA-2015-0222, MGASA-2015-0223, MGASA-2015-0224, MGASA-2015-0225, MGASA-2015-0226)
[14/05/2015] Mageia has released security update packages for fixing the vulnerabilities identified in the kernel-tmb, qemu, kdebase4, openafs, kernel-linus, darktable, wireshark, libraw, dcraw, ufraw and rawtherapee packages for multiple versions of Mageia. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:advisories.mageia.org/MGASA-2015-0219.html
URL:advisories.mageia.org/MGASA-2015-0220.html
URL:advisories.mageia.org/MGASA-2015-0221.html
URL:advisories.mageia.org/MGASA-2015-0222.html
URL:advisories.mageia.org/MGASA-2015-0223.html
URL:advisories.mageia.org/MGASA-2015-0224.html
URL:advisories.mageia.org/MGASA-2015-0225.html
URL:advisories.mageia.org/MGASA-2015-0226.html
11. Security Updates in Red Hat Enterprise Linux (RHSA-2015:0998-1, RHSA-2015:0999-1, RHSA-2015:1000-1, RHSA-2015:1001-1, RHSA-2015:1002-1, RHSA-2015:1003-1, RHSA-2015:1004-1, RHSA-2015:1005-1, RHSA-2015:1006-1)
[14/05/2015] Red Hat has released security update packages for fixing the vulnerabilities identified in the qemu-kvm, qemu-kvm-rhev, xen, kvm, Adobe Flash Player and java-1.6.0-ibm packages for Red Hat Enterprise Virtualization Hypervisor 7, Red Hat Enterprise Virtualization 3.5, Red Hat Enterprise Linux OpenStack Platform 4.0, and Red Hat Enterprise Linux 5, 6 and 7. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:rhn.redhat.com/errata/RHSA-2015-0998.html
URL:rhn.redhat.com/errata/RHSA-2015-0999.html
URL:rhn.redhat.com/errata/RHSA-2015-1000.html
URL:rhn.redhat.com/errata/RHSA-2015-1001.html
URL:rhn.redhat.com/errata/RHSA-2015-1002.html
URL:rhn.redhat.com/errata/RHSA-2015-1003.html
URL:rhn.redhat.com/errata/RHSA-2015-1004.html
URL:rhn.redhat.com/errata/RHSA-2015-1005.html
URL:rhn.redhat.com/errata/RHSA-2015-1006.html
12. Security Updates in SUSE (SUSE-SU-2015:0868-1, SUSE-SU-2015:0870-1)
[14/05/2015] SUSE has released security update packages for fixing the vulnerabilities identified in the php5 and kvm packages of SUSE Linux Enterprise 11 and 12. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and crash the system.
URL:lists.opensuse.org/opensuse-security-announce/2015-05/msg00005.html
URL:lists.opensuse.org/opensuse-security-announce/2015-05/msg00006.html
13. Security Updates in Slackware (SSA:2015-132-04)
[14/05/2015] Slackware has released security update packages for fixing the vulnerabilities identified in the mozilla-firefox package for multiple versions of Slackware Linux. Due to multiple errors, an attacker could bypass security restriction, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the system.
URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.355908
14. Security Updates in Ubuntu GNU/Linux (USN-2602-1, USN-2608-1)
[14/05/2015] Ubuntu has released security update packages for fixing the vulnerabilities identified in the firefox, qemu and qemu-kvm packages for versions 12.04 LTS, 14.04 LTS, 14.10 and vivid of Ubuntu GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:www.ubuntu.com/usn/usn-2602-1/
URL:www.ubuntu.com/usn/usn-2608-1/
15. Vulnerabilities in Microsoft Products (3046002, 3049563, 3050514, 3051768, 3055642, 3057110, 3057134, 3057181, 3057191, 3057263, 3058083, 3058985, 3061518)
[13/05/2015] Vulnerabilities were identified in the Microsoft Internet Explorer, Microsoft Windows, Microsoft .NET Framework, Microsoft Office, Microsoft Lync, Microsoft Silverlight and Microsoft Windows Service Control Manager (SCM). An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code and compromise the system. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:technet.microsoft.com/en-us/library/security/ms15-may.aspx
URL:technet.microsoft.com/library/security/MS15-043
URL:technet.microsoft.com/library/security/MS15-044
URL:technet.microsoft.com/library/security/MS15-045
URL:technet.microsoft.com/library/security/MS15-046
URL:technet.microsoft.com/library/security/MS15-047
URL:technet.microsoft.com/library/security/MS15-048
URL:technet.microsoft.com/library/security/MS15-049
URL:technet.microsoft.com/library/security/MS15-050
URL:technet.microsoft.com/library/security/MS15-051
URL:technet.microsoft.com/library/security/MS15-052
URL:technet.microsoft.com/library/security/MS15-053
URL:technet.microsoft.com/library/security/MS15-054
URL:technet.microsoft.com/library/security/MS15-055
URL:www.hkcert.org/my_url/en/alert/15051301
URL:www.hkcert.org/my_url/en/alert/15051302
URL:www.hkcert.org/my_url/en/alert/15051303
URL:www.hkcert.org/my_url/en/alert/15051304
URL:www.hkcert.org/my_url/en/alert/15051305
URL:www.hkcert.org/my_url/en/alert/15051306
URL:www.hkcert.org/my_url/en/alert/15051310
URL:www.hkcert.org/my_url/en/alert/15051311
URL:www.hkcert.org/my_url/en/alert/15051312
URL:www.hkcert.org/my_url/en/alert/15051313
URL:www.hkcert.org/my_url/en/alert/15051314
URL:www.hkcert.org/my_url/en/alert/15051315
URL:www.hkcert.org/my_url/en/alert/15051316
URL:www.us-cert.gov/ncas/current-activity/2015/05/12/Microsoft-Releases-May-2015-Security-Bulletin
16. Information Updates on Microsoft Security Advisories and Bulletin (3042058, 3048010)
[13/05/2015] Microsoft has updated information on the Security Advisories and Bulletin for Microsoft Internet Explorer, Microsoft Windows and Microsoft .NET Framework. (a) KB3042058 was published to provide an additional cipher suites to the default list on affected systems and improve cipher suite priority ordering. (b) MS15-041 was re-released to address issues with the 3037580 update for Microsoft .NET Framework 4.5/4.5.1/4.5.2 on affected editions of Microsoft Windows. Customers running these versions of .NET Framework are encouraged to install the new version of the 3037580 update to be protected from the vulnerability discussed in this bulletin.
URL:technet.microsoft.com/en-us/library/security/3042058
URL:technet.microsoft.com/en-us/library/security/MS15-041
17. Vulnerabilities in Adobe Products (APSB15-09, APSB15-10)
[13/05/2015] Vulnerabilities were identified in the Adobe Flash Player, Adobe Reader and Acrobat. An attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and compromise the system. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:helpx.adobe.com/security/products/flash-player/apsb15-09.html
URL:helpx.adobe.com/security/products/flash-player/apsb15-10.html
URL:technet.microsoft.com/en-us/library/security/2755801
URL:www.hkcert.org/my_url/en/alert/15051308
URL:www.hkcert.org/my_url/en/alert/15051309
URL:www.us-cert.gov/ncas/current-activity/2015/05/12/Adobe-Releases-Security-Updates-Flash-Player-Reader-and-Acrobat
18. Vulnerabilities in Mozilla Products (MFSA 2015-46, MFSA 2015-47, MFSA 2015-48, MFSA 2015-49, MFSA 2015-50, MFSA 2015-51, MFSA 2015-52, MFSA 2015-53, MFSA 2015-54, MFSA 2015-56, MFSA 2015-57, MFSA 2015-58)
[13/05/2015] Vulnerabilities were identified in Mozilla Firefox, Mozilla Firefox ESR and Mozilla Thunderbird. An attacker could bypass security restriction, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the system. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:www.mozilla.org/en-US/security/advisories/mfsa2015-46/
URL:www.mozilla.org/en-US/security/advisories/mfsa2015-47/
URL:www.mozilla.org/en-US/security/advisories/mfsa2015-48/
URL:www.mozilla.org/en-US/security/advisories/mfsa2015-49/
URL:www.mozilla.org/en-US/security/advisories/mfsa2015-50/
URL:www.mozilla.org/en-US/security/advisories/mfsa2015-51/
URL:www.mozilla.org/en-US/security/advisories/mfsa2015-52/
URL:www.mozilla.org/en-US/security/advisories/mfsa2015-53/
URL:www.mozilla.org/en-US/security/advisories/mfsa2015-54/
URL:www.mozilla.org/en-US/security/advisories/mfsa2015-56/
URL:www.mozilla.org/en-US/security/advisories/mfsa2015-57/
URL:www.mozilla.org/en-US/security/advisories/mfsa2015-58/
URL:www.mozilla.org/en-US/security/known-vulnerabilities/firefox/
URL:www.mozilla.org/en-US/security/known-vulnerabilities/firefox-esr/
URL:www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/
URL:www.hkcert.org/my_url/en/alert/15051307
URL:www.us-cert.gov/ncas/current-activity/2015/05/12/Mozilla-Releases-Security-Updates-Firefox-Firefox-ESR-and
19. Vulnerability in Cisco Headend Digital Broadband Delivery System
[13/05/2015] Vulnerability was identified in the Cisco Headend Digital Broadband Delivery System. An attacker could bypass security restrictions, execute arbitrary code and perform cross-site scripting attacks. This vulnerability affects version 7.0.0.12 of the mentioned product. Security patches are available to resolve this vulnerability.
URL:tools.cisco.com/security/center/viewAlert.x?alertId=38767
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103112
20. Vulnerability in Wireshark (103111)
[13/05/2015] Vulnerability was identified in the Wireshark. An attacker could bypass security restrictions, cause a denial of service condition and crash the system. This vulnerability affects version 1.12.4 of the mentioned product.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103111
21. Security Updates in Oracle Linux (ELSA-2015-0983, ELSA-2015-0986, ELSA-2015-0987, ELSA-2015-0988, ELSA-2015-0991)
[13/05/2015] Oracle has released security update packages for fixing the vulnerabilities identified in the tomcat, kexec-tools, kernel, firefox and tomcat6 package for Oracle Linux 6 and 7. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:linux.oracle.com/errata/ELSA-2015-0983.html
URL:linux.oracle.com/errata/ELSA-2015-0986.html
URL:linux.oracle.com/errata/ELSA-2015-0987.html
URL:linux.oracle.com/errata/ELSA-2015-0988.html
URL:linux.oracle.com/errata/ELSA-2015-0991.html
22. Security Updates in Debian (DSA-3258-1)
[13/05/2015] Debian has released security update packages for fixing the vulnerability identified in the quassel package for multiple versions of Debian GNU/Linux. An attacker could bypass security restrictions, execute arbitrary code and perform code injection attacks.
URL:www.debian.org/security/2015/dsa-3258
23. Security Updates in Mageia (MGASA-2015-0213, MGASA-2015-0214, MGASA-2015-0215, MGASA-2015-0216, MGASA-2015-0217, MGASA-2015-0218)
[13/05/2015] Mageia has released security update packages for fixing the vulnerabilities identified in the pam, dnsmasq, netcf, hostapd, testdisk and flash-player-plugin packages for multiple versions of Mageia. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:advisories.mageia.org/MGASA-2015-0213.html
URL:advisories.mageia.org/MGASA-2015-0214.html
URL:advisories.mageia.org/MGASA-2015-0215.html
URL:advisories.mageia.org/MGASA-2015-0216.html
URL:advisories.mageia.org/MGASA-2015-0217.html
URL:advisories.mageia.org/MGASA-2015-0218.html
24. Security Updates in SUSE (openSUSE-SU-2015:0855-1)
[13/05/2015] SUSE has released security update packages for fixing the vulnerabilities identified in the php5 package of openSUSE 13.1 and 13.2. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and crash the system.
URL:lists.opensuse.org/opensuse-security-announce/2015-05/msg00004.html
25. Security Updates in Slackware (SSA:2015-132-01, SSA:2015-132-02, SSA:2015-132-03)
[13/05/2015] Slackware has released security update packages for fixing the vulnerabilities identified in the mariadb, mysql and wpa_supplicant packages for multiple versions of Slackware Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.339829
URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.381697
URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.417889
26. Security Updates in Ubuntu GNU/Linux (USN-2606-1, USN-2607-1)
[13/05/2015] Ubuntu has released security update packages for fixing the vulnerabilities identified in the openssl and libmodule-signature-perl packages for versions 12.04 LTS, 14.04 LTS, 14.10 and vivid of Ubuntu GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the system.
URL:www.ubuntu.com/usn/usn-2606-1/
URL:www.ubuntu.com/usn/usn-2607-1/
27. Vulnerabilities in Cisco Products
[12/05/2015] Vulnerabilities were identified in the Cisco Wireless LAN Controller and Cisco Unified Communications Manager. An attacker could bypass security restrictions, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the system. These vulnerabilities affect multiple firmware versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:tools.cisco.com/security/center/viewAlert.x?alertId=38749
URL:tools.cisco.com/security/center/viewAlert.x?alertId=38763
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103090
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103091
28. Vulnerabilities in IBM Products (1883245, 1902260)
[12/05/2015] Vulnerabilities were identified in the IBM Notes, IBM iNotes, IBM Domino and IBM WebSphere Application Server. An attacker could perform cross-site scripting attacks, cause a buffer overflow, execute arbitrary code, obtain sensitive information, cause a denial of service condition and crash the application. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:www-01.ibm.com/support/docview.wss?uid=swg21883245
URL:www-01.ibm.com/support/docview.wss?uid=swg21902260
29. Vulnerability in HP SDN VAN Controller (103088)
[12/05/2015] Vulnerability was identified in the HP SDN VAN Controller. An attacker could bypass security restrictions, cause a denial of service condition and crash the system. This vulnerability affects version 2.5 of the mentioned product. Security patches are available to resolve this vulnerability.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103088
30. Security Updates in Debian (DSA-3255-1, DSA-3257-1)
[12/05/2015] Debian has released security update packages for fixing the vulnerabilities identified in the zeromq3 and mercurial packages for multiple versions of Debian GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, execute arbitrary code and perform command injection attacks.
URL:www.debian.org/security/2015/dsa-3255
URL:www.debian.org/security/2015/dsa-3257
31. Security Updates in Mageia (MGASA-2015-0203, MGASA-2015-0204, MGASA-2015-0205, MGASA-2015-0206, MGASA-2015-0207, MGASA-2015-0208, MGASA-2015-0209, MGASA-2015-0210, MGASA-2015-0211, MGASA-2015-0212)
[12/05/2015] Mageia has released security update packages for fixing the vulnerabilities identified in the pnp4nagios, glpi, mailman, ruby-redcarpet, postgis, libarchive, libssh, kernel, kernel-userspace-headers, kmod-vboxadditions, kmod-virtualbox, kmod-xtables-addons, kmod-broadcom-wl, kmod-fglrx, kmod-nvidia173, kmod-nvidia304, kmod-nvidia-current, springframework and async-http-client packages for multiple versions of Mageia. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:advisories.mageia.org/MGASA-2015-0203.html
URL:advisories.mageia.org/MGASA-2015-0204.html
URL:advisories.mageia.org/MGASA-2015-0205.html
URL:advisories.mageia.org/MGASA-2015-0206.html
URL:advisories.mageia.org/MGASA-2015-0207.html
URL:advisories.mageia.org/MGASA-2015-0208.html
URL:advisories.mageia.org/MGASA-2015-0209.html
URL:advisories.mageia.org/MGASA-2015-0210.html
URL:advisories.mageia.org/MGASA-2015-0211.html
URL:advisories.mageia.org/MGASA-2015-0212.html
32. Security Updates in Red Hat Enterprise Linux (RHSA-2015:0957-1)
[12/05/2015] Red Hat has released security update packages for fixing the vulnerability identified in the spacewalk-java package for Red Hat Satellite 5.7. An attacker could bypass security restrictions, execute arbitrary code and perform XML External Entity (XXE) attacks.
URL:rhn.redhat.com/errata/RHSA-2015-0957.html
33. Security Updates in Ubuntu GNU/Linux (USN-2604-1, USN-2605-1)
[12/05/2015] Ubuntu has released security update packages for fixing the vulnerabilities identified in the libtasn1-3, libtasn1-6 and icu packages for versions 12.04 LTS, 14.04 LTS, 14.10 and vivid of Ubuntu GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the system.
URL:www.ubuntu.com/usn/usn-2604-1/
URL:www.ubuntu.com/usn/usn-2605-1/
34. Vulnerabilities in Drupal (DRUPAL-SA-CONTRIB-2015-105, DRUPAL-SA-CONTRIB-2015-106, DRUPAL-SA-CONTRIB-2015-107, DRUPAL-SA-CONTRIB-2015-108)
[11/05/2015] Vulnerabilities were identified in the Drupal. An attacker could bypass security restrictions, execute arbitrary code and perform cross-site scripting attacks. These vulnerabilities affect multiple versions of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:www.drupal.org/node/2484169
URL:www.drupal.org/node/2484195
URL:www.drupal.org/node/2484231
URL:www.drupal.org/node/2484233
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103030
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103033
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103035
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103039
35. Vulnerabilities in multiple plugins for WordPress (103031, 103032)
[11/05/2015] Vulnerabilities were identified in the Akismet plugin and Freshmail plugin for WordPress. An attacker could bypass security restrictions, execute arbitrary code, perform cross-site scripting and code injection attacks. These vulnerabilities affect multiple versions of the mentioned plugins. Security patches are available to resolve the vulnerability identified in the Freshmail plugin.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103031
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103032
36. Security Updates in Debian (DSA-3253-1, DSA-3254-1, DSA-3256-1)
[11/05/2015] Debian has released security update packages for fixing the vulnerabilities identified in the pound, suricata and libtasn1-6 package for multiple versions of Debian GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and crash the system.
URL:www.debian.org/security/2015/dsa-3253
URL:www.debian.org/security/2015/dsa-3254
URL:www.debian.org/security/2015/dsa-3256
37. Security Updates in Mandriva (MDVSA-2015:232)
[11/05/2015] Mandriva has released security update packages for fixing the vulnerability identified in the libtasn1 package for versions MBS1 and MBS2 of Mandriva GNU/Linux. An attacker could bypass security restrictions and obtain sensitive information.
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2015%3A232/
38. Security Updates in Mageia (MGASA-2015-0202)
[11/05/2015] Mageia has released security update packages for fixing the vulnerabilities identified in the wordpress package for multiple versions of Mageia. Due to multiple errors, an attacker could bypass security restrictions, execute arbitrary code and perform cross-site scripting attacks.
URL:advisories.mageia.org/MGASA-2015-0202.html
39. Security Updates in SUSE (SUSE-SU-2015:0839-1)
[11/05/2015] SUSE has released security update packages for fixing the vulnerabilities identified in the DirectFB package of SUSE Linux Enterprise 12. Due to multiple errors, an attacker could bypass security restrictions, execute arbitrary code, cause a denial of service condition and crash the system.
URL:lists.opensuse.org/opensuse-security-announce/2015-05/msg00003.html
40. Security Updates in Ubuntu GNU/Linux (USN-2597-2, USN-2598-2, USN-2599-2, USN-2600-2)
[11/05/2015] Ubuntu has released security update packages for fixing the vulnerabilities identified in the linux-lts-trusty, linux and linux-lts-utopic packages for versions 12.04 LTS, 14.04 LTS and 14.10 of Ubuntu GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the system.
URL:www.ubuntu.com/usn/usn-2597-2/
URL:www.ubuntu.com/usn/usn-2598-2/
URL:www.ubuntu.com/usn/usn-2599-2/
URL:www.ubuntu.com/usn/usn-2600-2/
[15/05/2015] Vulnerability was identified in the Apache Tomcat. An attacker could bypass security restrictions. This vulnerability affects versions prior to 6.0.44, 7.0.59, or 8.0.17 of the mentioned product.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103155
2. Vulnerabilities in Cisco Products (cisco-sa-20150513-tc, cisco-sa-20150513-tp)
[15/05/2015] Vulnerabilities were identified in multiple Cisco TelePresence products, Cisco IOS, Cisco Access Control Server, Cisco Email Security Appliance and Cisco MediaSense. An attacker could bypass security restrictions, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150513-tc
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150513-tp
URL:tools.cisco.com/security/center/viewAlert.x?alertId=38833
URL:tools.cisco.com/security/center/viewAlert.x?alertId=38864
URL:tools.cisco.com/security/center/viewAlert.x?alertId=38866
URL:tools.cisco.com/security/center/viewAlert.x?alertId=38869
URL:www.us-cert.gov/ncas/current-activity/2015/05/14/Cisco-Releases-Security-Advisories-TelePresence-Products
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103157
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103158
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103159
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103160
3. Vulnerability in Huawei FusionCompute products (HW-428704)
[15/05/2015] Vulnerability was identified in the Apache Tomcat. An attacker could bypass security restrictions. This vulnerability affects versions prior to 6.0.44, 7.0.59, or 8.0.17 of the mentioned product.
URL:www.huawei.com/en/security/psirt/security-bulletins/security-notices/archive/hw-428704.htm
4. Security Updates in SUSE (SUSE-SU-2015:0878-1)
[15/05/2015] SUSE has released security update packages for fixing the vulnerabilities identified in the flash-player package of SUSE Linux Enterprise 12. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:lists.opensuse.org/opensuse-security-announce/2015-05/msg00007.html
5. Vulnerabilities in Cisco Products
[14/05/2015] Vulnerabilities were identified in the Cisco Wireless LAN Controller, Cisco Access Control Server and Cisco WebEx Meetings Server. An attacker could bypass security restrictions, execute arbitrary code, perform cross-site scripting attacks, cause a denial of service condition and crash the system. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:tools.cisco.com/security/center/viewAlert.x?alertId=38789
URL:tools.cisco.com/security/center/viewAlert.x?alertId=38808
URL:tools.cisco.com/security/center/viewAlert.x?alertId=38811
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103140
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103141
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103142
6. Vulnerability in QEMU (103116)
[14/05/2015] Vulnerability was identified in the QEMU. An attacker could bypass security restrictions, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system. This vulnerability affects multiple versions of the mentioned product. Security patches are available to resolve this vulnerability.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103116
7. Security Updates in Oracle Linux (ELSA-2015-0998, ELSA-2015-0999, ELSA-2015-1002, ELSA-2015-1003, ELSA-2015-3035, ELSA-2015-3036)
[14/05/2015] Oracle has released security update packages for fixing the vulnerabilities identified in the qemu-kvm, xen, kvm and kernel packages for Oracle Linux 6 and 7. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:linux.oracle.com/errata/ELSA-2015-0998.html
URL:linux.oracle.com/errata/ELSA-2015-0999.html
URL:linux.oracle.com/errata/ELSA-2015-1002.html
URL:linux.oracle.com/errata/ELSA-2015-1003.html
URL:linux.oracle.com/errata/ELSA-2015-3035.html
URL:linux.oracle.com/errata/ELSA-2015-3036.html
8. Security Updates in Debian (DSA-3259-1, DSA-3260-1)
[14/05/2015] Debian has released security update packages for fixing the vulnerabilities identified in the qemu and iceweasel packages for multiple versions of Debian GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:www.debian.org/security/2015/dsa-3259
URL:www.debian.org/security/2015/dsa-3260
9. Security Updates in Gentoo Linux (GLSA 201505-01)
[14/05/2015] Gentoo has released security update packages for fixing the vulnerabilities identified in the ettercap package for multiple versions of Gentoo Linux. Due to multiple errors, an attacker could bypass security restrictions, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the system.
URL:security.gentoo.org/glsa/201505-01
10. Security Updates in Mageia (MGASA-2015-0219, MGASA-2015-0220, MGASA-2015-0221, MGASA-2015-0222, MGASA-2015-0223, MGASA-2015-0224, MGASA-2015-0225, MGASA-2015-0226)
[14/05/2015] Mageia has released security update packages for fixing the vulnerabilities identified in the kernel-tmb, qemu, kdebase4, openafs, kernel-linus, darktable, wireshark, libraw, dcraw, ufraw and rawtherapee packages for multiple versions of Mageia. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:advisories.mageia.org/MGASA-2015-0219.html
URL:advisories.mageia.org/MGASA-2015-0220.html
URL:advisories.mageia.org/MGASA-2015-0221.html
URL:advisories.mageia.org/MGASA-2015-0222.html
URL:advisories.mageia.org/MGASA-2015-0223.html
URL:advisories.mageia.org/MGASA-2015-0224.html
URL:advisories.mageia.org/MGASA-2015-0225.html
URL:advisories.mageia.org/MGASA-2015-0226.html
11. Security Updates in Red Hat Enterprise Linux (RHSA-2015:0998-1, RHSA-2015:0999-1, RHSA-2015:1000-1, RHSA-2015:1001-1, RHSA-2015:1002-1, RHSA-2015:1003-1, RHSA-2015:1004-1, RHSA-2015:1005-1, RHSA-2015:1006-1)
[14/05/2015] Red Hat has released security update packages for fixing the vulnerabilities identified in the qemu-kvm, qemu-kvm-rhev, xen, kvm, Adobe Flash Player and java-1.6.0-ibm packages for Red Hat Enterprise Virtualization Hypervisor 7, Red Hat Enterprise Virtualization 3.5, Red Hat Enterprise Linux OpenStack Platform 4.0, and Red Hat Enterprise Linux 5, 6 and 7. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:rhn.redhat.com/errata/RHSA-2015-0998.html
URL:rhn.redhat.com/errata/RHSA-2015-0999.html
URL:rhn.redhat.com/errata/RHSA-2015-1000.html
URL:rhn.redhat.com/errata/RHSA-2015-1001.html
URL:rhn.redhat.com/errata/RHSA-2015-1002.html
URL:rhn.redhat.com/errata/RHSA-2015-1003.html
URL:rhn.redhat.com/errata/RHSA-2015-1004.html
URL:rhn.redhat.com/errata/RHSA-2015-1005.html
URL:rhn.redhat.com/errata/RHSA-2015-1006.html
12. Security Updates in SUSE (SUSE-SU-2015:0868-1, SUSE-SU-2015:0870-1)
[14/05/2015] SUSE has released security update packages for fixing the vulnerabilities identified in the php5 and kvm packages of SUSE Linux Enterprise 11 and 12. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and crash the system.
URL:lists.opensuse.org/opensuse-security-announce/2015-05/msg00005.html
URL:lists.opensuse.org/opensuse-security-announce/2015-05/msg00006.html
13. Security Updates in Slackware (SSA:2015-132-04)
[14/05/2015] Slackware has released security update packages for fixing the vulnerabilities identified in the mozilla-firefox package for multiple versions of Slackware Linux. Due to multiple errors, an attacker could bypass security restriction, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the system.
URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.355908
14. Security Updates in Ubuntu GNU/Linux (USN-2602-1, USN-2608-1)
[14/05/2015] Ubuntu has released security update packages for fixing the vulnerabilities identified in the firefox, qemu and qemu-kvm packages for versions 12.04 LTS, 14.04 LTS, 14.10 and vivid of Ubuntu GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:www.ubuntu.com/usn/usn-2602-1/
URL:www.ubuntu.com/usn/usn-2608-1/
15. Vulnerabilities in Microsoft Products (3046002, 3049563, 3050514, 3051768, 3055642, 3057110, 3057134, 3057181, 3057191, 3057263, 3058083, 3058985, 3061518)
[13/05/2015] Vulnerabilities were identified in the Microsoft Internet Explorer, Microsoft Windows, Microsoft .NET Framework, Microsoft Office, Microsoft Lync, Microsoft Silverlight and Microsoft Windows Service Control Manager (SCM). An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code and compromise the system. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:technet.microsoft.com/en-us/library/security/ms15-may.aspx
URL:technet.microsoft.com/library/security/MS15-043
URL:technet.microsoft.com/library/security/MS15-044
URL:technet.microsoft.com/library/security/MS15-045
URL:technet.microsoft.com/library/security/MS15-046
URL:technet.microsoft.com/library/security/MS15-047
URL:technet.microsoft.com/library/security/MS15-048
URL:technet.microsoft.com/library/security/MS15-049
URL:technet.microsoft.com/library/security/MS15-050
URL:technet.microsoft.com/library/security/MS15-051
URL:technet.microsoft.com/library/security/MS15-052
URL:technet.microsoft.com/library/security/MS15-053
URL:technet.microsoft.com/library/security/MS15-054
URL:technet.microsoft.com/library/security/MS15-055
URL:www.hkcert.org/my_url/en/alert/15051301
URL:www.hkcert.org/my_url/en/alert/15051302
URL:www.hkcert.org/my_url/en/alert/15051303
URL:www.hkcert.org/my_url/en/alert/15051304
URL:www.hkcert.org/my_url/en/alert/15051305
URL:www.hkcert.org/my_url/en/alert/15051306
URL:www.hkcert.org/my_url/en/alert/15051310
URL:www.hkcert.org/my_url/en/alert/15051311
URL:www.hkcert.org/my_url/en/alert/15051312
URL:www.hkcert.org/my_url/en/alert/15051313
URL:www.hkcert.org/my_url/en/alert/15051314
URL:www.hkcert.org/my_url/en/alert/15051315
URL:www.hkcert.org/my_url/en/alert/15051316
URL:www.us-cert.gov/ncas/current-activity/2015/05/12/Microsoft-Releases-May-2015-Security-Bulletin
16. Information Updates on Microsoft Security Advisories and Bulletin (3042058, 3048010)
[13/05/2015] Microsoft has updated information on the Security Advisories and Bulletin for Microsoft Internet Explorer, Microsoft Windows and Microsoft .NET Framework. (a) KB3042058 was published to provide an additional cipher suites to the default list on affected systems and improve cipher suite priority ordering. (b) MS15-041 was re-released to address issues with the 3037580 update for Microsoft .NET Framework 4.5/4.5.1/4.5.2 on affected editions of Microsoft Windows. Customers running these versions of .NET Framework are encouraged to install the new version of the 3037580 update to be protected from the vulnerability discussed in this bulletin.
URL:technet.microsoft.com/en-us/library/security/3042058
URL:technet.microsoft.com/en-us/library/security/MS15-041
17. Vulnerabilities in Adobe Products (APSB15-09, APSB15-10)
[13/05/2015] Vulnerabilities were identified in the Adobe Flash Player, Adobe Reader and Acrobat. An attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and compromise the system. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:helpx.adobe.com/security/products/flash-player/apsb15-09.html
URL:helpx.adobe.com/security/products/flash-player/apsb15-10.html
URL:technet.microsoft.com/en-us/library/security/2755801
URL:www.hkcert.org/my_url/en/alert/15051308
URL:www.hkcert.org/my_url/en/alert/15051309
URL:www.us-cert.gov/ncas/current-activity/2015/05/12/Adobe-Releases-Security-Updates-Flash-Player-Reader-and-Acrobat
18. Vulnerabilities in Mozilla Products (MFSA 2015-46, MFSA 2015-47, MFSA 2015-48, MFSA 2015-49, MFSA 2015-50, MFSA 2015-51, MFSA 2015-52, MFSA 2015-53, MFSA 2015-54, MFSA 2015-56, MFSA 2015-57, MFSA 2015-58)
[13/05/2015] Vulnerabilities were identified in Mozilla Firefox, Mozilla Firefox ESR and Mozilla Thunderbird. An attacker could bypass security restriction, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the system. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:www.mozilla.org/en-US/security/advisories/mfsa2015-46/
URL:www.mozilla.org/en-US/security/advisories/mfsa2015-47/
URL:www.mozilla.org/en-US/security/advisories/mfsa2015-48/
URL:www.mozilla.org/en-US/security/advisories/mfsa2015-49/
URL:www.mozilla.org/en-US/security/advisories/mfsa2015-50/
URL:www.mozilla.org/en-US/security/advisories/mfsa2015-51/
URL:www.mozilla.org/en-US/security/advisories/mfsa2015-52/
URL:www.mozilla.org/en-US/security/advisories/mfsa2015-53/
URL:www.mozilla.org/en-US/security/advisories/mfsa2015-54/
URL:www.mozilla.org/en-US/security/advisories/mfsa2015-56/
URL:www.mozilla.org/en-US/security/advisories/mfsa2015-57/
URL:www.mozilla.org/en-US/security/advisories/mfsa2015-58/
URL:www.mozilla.org/en-US/security/known-vulnerabilities/firefox/
URL:www.mozilla.org/en-US/security/known-vulnerabilities/firefox-esr/
URL:www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/
URL:www.hkcert.org/my_url/en/alert/15051307
URL:www.us-cert.gov/ncas/current-activity/2015/05/12/Mozilla-Releases-Security-Updates-Firefox-Firefox-ESR-and
19. Vulnerability in Cisco Headend Digital Broadband Delivery System
[13/05/2015] Vulnerability was identified in the Cisco Headend Digital Broadband Delivery System. An attacker could bypass security restrictions, execute arbitrary code and perform cross-site scripting attacks. This vulnerability affects version 7.0.0.12 of the mentioned product. Security patches are available to resolve this vulnerability.
URL:tools.cisco.com/security/center/viewAlert.x?alertId=38767
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103112
20. Vulnerability in Wireshark (103111)
[13/05/2015] Vulnerability was identified in the Wireshark. An attacker could bypass security restrictions, cause a denial of service condition and crash the system. This vulnerability affects version 1.12.4 of the mentioned product.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103111
21. Security Updates in Oracle Linux (ELSA-2015-0983, ELSA-2015-0986, ELSA-2015-0987, ELSA-2015-0988, ELSA-2015-0991)
[13/05/2015] Oracle has released security update packages for fixing the vulnerabilities identified in the tomcat, kexec-tools, kernel, firefox and tomcat6 package for Oracle Linux 6 and 7. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:linux.oracle.com/errata/ELSA-2015-0983.html
URL:linux.oracle.com/errata/ELSA-2015-0986.html
URL:linux.oracle.com/errata/ELSA-2015-0987.html
URL:linux.oracle.com/errata/ELSA-2015-0988.html
URL:linux.oracle.com/errata/ELSA-2015-0991.html
22. Security Updates in Debian (DSA-3258-1)
[13/05/2015] Debian has released security update packages for fixing the vulnerability identified in the quassel package for multiple versions of Debian GNU/Linux. An attacker could bypass security restrictions, execute arbitrary code and perform code injection attacks.
URL:www.debian.org/security/2015/dsa-3258
23. Security Updates in Mageia (MGASA-2015-0213, MGASA-2015-0214, MGASA-2015-0215, MGASA-2015-0216, MGASA-2015-0217, MGASA-2015-0218)
[13/05/2015] Mageia has released security update packages for fixing the vulnerabilities identified in the pam, dnsmasq, netcf, hostapd, testdisk and flash-player-plugin packages for multiple versions of Mageia. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:advisories.mageia.org/MGASA-2015-0213.html
URL:advisories.mageia.org/MGASA-2015-0214.html
URL:advisories.mageia.org/MGASA-2015-0215.html
URL:advisories.mageia.org/MGASA-2015-0216.html
URL:advisories.mageia.org/MGASA-2015-0217.html
URL:advisories.mageia.org/MGASA-2015-0218.html
24. Security Updates in SUSE (openSUSE-SU-2015:0855-1)
[13/05/2015] SUSE has released security update packages for fixing the vulnerabilities identified in the php5 package of openSUSE 13.1 and 13.2. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and crash the system.
URL:lists.opensuse.org/opensuse-security-announce/2015-05/msg00004.html
25. Security Updates in Slackware (SSA:2015-132-01, SSA:2015-132-02, SSA:2015-132-03)
[13/05/2015] Slackware has released security update packages for fixing the vulnerabilities identified in the mariadb, mysql and wpa_supplicant packages for multiple versions of Slackware Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.339829
URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.381697
URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.417889
26. Security Updates in Ubuntu GNU/Linux (USN-2606-1, USN-2607-1)
[13/05/2015] Ubuntu has released security update packages for fixing the vulnerabilities identified in the openssl and libmodule-signature-perl packages for versions 12.04 LTS, 14.04 LTS, 14.10 and vivid of Ubuntu GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the system.
URL:www.ubuntu.com/usn/usn-2606-1/
URL:www.ubuntu.com/usn/usn-2607-1/
27. Vulnerabilities in Cisco Products
[12/05/2015] Vulnerabilities were identified in the Cisco Wireless LAN Controller and Cisco Unified Communications Manager. An attacker could bypass security restrictions, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the system. These vulnerabilities affect multiple firmware versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:tools.cisco.com/security/center/viewAlert.x?alertId=38749
URL:tools.cisco.com/security/center/viewAlert.x?alertId=38763
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103090
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103091
28. Vulnerabilities in IBM Products (1883245, 1902260)
[12/05/2015] Vulnerabilities were identified in the IBM Notes, IBM iNotes, IBM Domino and IBM WebSphere Application Server. An attacker could perform cross-site scripting attacks, cause a buffer overflow, execute arbitrary code, obtain sensitive information, cause a denial of service condition and crash the application. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:www-01.ibm.com/support/docview.wss?uid=swg21883245
URL:www-01.ibm.com/support/docview.wss?uid=swg21902260
29. Vulnerability in HP SDN VAN Controller (103088)
[12/05/2015] Vulnerability was identified in the HP SDN VAN Controller. An attacker could bypass security restrictions, cause a denial of service condition and crash the system. This vulnerability affects version 2.5 of the mentioned product. Security patches are available to resolve this vulnerability.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103088
30. Security Updates in Debian (DSA-3255-1, DSA-3257-1)
[12/05/2015] Debian has released security update packages for fixing the vulnerabilities identified in the zeromq3 and mercurial packages for multiple versions of Debian GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, execute arbitrary code and perform command injection attacks.
URL:www.debian.org/security/2015/dsa-3255
URL:www.debian.org/security/2015/dsa-3257
31. Security Updates in Mageia (MGASA-2015-0203, MGASA-2015-0204, MGASA-2015-0205, MGASA-2015-0206, MGASA-2015-0207, MGASA-2015-0208, MGASA-2015-0209, MGASA-2015-0210, MGASA-2015-0211, MGASA-2015-0212)
[12/05/2015] Mageia has released security update packages for fixing the vulnerabilities identified in the pnp4nagios, glpi, mailman, ruby-redcarpet, postgis, libarchive, libssh, kernel, kernel-userspace-headers, kmod-vboxadditions, kmod-virtualbox, kmod-xtables-addons, kmod-broadcom-wl, kmod-fglrx, kmod-nvidia173, kmod-nvidia304, kmod-nvidia-current, springframework and async-http-client packages for multiple versions of Mageia. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:advisories.mageia.org/MGASA-2015-0203.html
URL:advisories.mageia.org/MGASA-2015-0204.html
URL:advisories.mageia.org/MGASA-2015-0205.html
URL:advisories.mageia.org/MGASA-2015-0206.html
URL:advisories.mageia.org/MGASA-2015-0207.html
URL:advisories.mageia.org/MGASA-2015-0208.html
URL:advisories.mageia.org/MGASA-2015-0209.html
URL:advisories.mageia.org/MGASA-2015-0210.html
URL:advisories.mageia.org/MGASA-2015-0211.html
URL:advisories.mageia.org/MGASA-2015-0212.html
32. Security Updates in Red Hat Enterprise Linux (RHSA-2015:0957-1)
[12/05/2015] Red Hat has released security update packages for fixing the vulnerability identified in the spacewalk-java package for Red Hat Satellite 5.7. An attacker could bypass security restrictions, execute arbitrary code and perform XML External Entity (XXE) attacks.
URL:rhn.redhat.com/errata/RHSA-2015-0957.html
33. Security Updates in Ubuntu GNU/Linux (USN-2604-1, USN-2605-1)
[12/05/2015] Ubuntu has released security update packages for fixing the vulnerabilities identified in the libtasn1-3, libtasn1-6 and icu packages for versions 12.04 LTS, 14.04 LTS, 14.10 and vivid of Ubuntu GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the system.
URL:www.ubuntu.com/usn/usn-2604-1/
URL:www.ubuntu.com/usn/usn-2605-1/
34. Vulnerabilities in Drupal (DRUPAL-SA-CONTRIB-2015-105, DRUPAL-SA-CONTRIB-2015-106, DRUPAL-SA-CONTRIB-2015-107, DRUPAL-SA-CONTRIB-2015-108)
[11/05/2015] Vulnerabilities were identified in the Drupal. An attacker could bypass security restrictions, execute arbitrary code and perform cross-site scripting attacks. These vulnerabilities affect multiple versions of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:www.drupal.org/node/2484169
URL:www.drupal.org/node/2484195
URL:www.drupal.org/node/2484231
URL:www.drupal.org/node/2484233
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103030
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103033
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103035
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103039
35. Vulnerabilities in multiple plugins for WordPress (103031, 103032)
[11/05/2015] Vulnerabilities were identified in the Akismet plugin and Freshmail plugin for WordPress. An attacker could bypass security restrictions, execute arbitrary code, perform cross-site scripting and code injection attacks. These vulnerabilities affect multiple versions of the mentioned plugins. Security patches are available to resolve the vulnerability identified in the Freshmail plugin.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103031
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103032
36. Security Updates in Debian (DSA-3253-1, DSA-3254-1, DSA-3256-1)
[11/05/2015] Debian has released security update packages for fixing the vulnerabilities identified in the pound, suricata and libtasn1-6 package for multiple versions of Debian GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and crash the system.
URL:www.debian.org/security/2015/dsa-3253
URL:www.debian.org/security/2015/dsa-3254
URL:www.debian.org/security/2015/dsa-3256
37. Security Updates in Mandriva (MDVSA-2015:232)
[11/05/2015] Mandriva has released security update packages for fixing the vulnerability identified in the libtasn1 package for versions MBS1 and MBS2 of Mandriva GNU/Linux. An attacker could bypass security restrictions and obtain sensitive information.
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2015%3A232/
38. Security Updates in Mageia (MGASA-2015-0202)
[11/05/2015] Mageia has released security update packages for fixing the vulnerabilities identified in the wordpress package for multiple versions of Mageia. Due to multiple errors, an attacker could bypass security restrictions, execute arbitrary code and perform cross-site scripting attacks.
URL:advisories.mageia.org/MGASA-2015-0202.html
39. Security Updates in SUSE (SUSE-SU-2015:0839-1)
[11/05/2015] SUSE has released security update packages for fixing the vulnerabilities identified in the DirectFB package of SUSE Linux Enterprise 12. Due to multiple errors, an attacker could bypass security restrictions, execute arbitrary code, cause a denial of service condition and crash the system.
URL:lists.opensuse.org/opensuse-security-announce/2015-05/msg00003.html
40. Security Updates in Ubuntu GNU/Linux (USN-2597-2, USN-2598-2, USN-2599-2, USN-2600-2)
[11/05/2015] Ubuntu has released security update packages for fixing the vulnerabilities identified in the linux-lts-trusty, linux and linux-lts-utopic packages for versions 12.04 LTS, 14.04 LTS and 14.10 of Ubuntu GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the system.
URL:www.ubuntu.com/usn/usn-2597-2/
URL:www.ubuntu.com/usn/usn-2598-2/
URL:www.ubuntu.com/usn/usn-2599-2/
URL:www.ubuntu.com/usn/usn-2600-2/
Subscribe to:
Posts (Atom)