IT Security Alerts Weekly Digest (10 May ~ 16 May 2015)

1. Vulnerability in Apache Tomcat (103155)
[15/05/2015] Vulnerability was identified in the Apache Tomcat. An attacker could bypass security restrictions. This vulnerability affects versions prior to 6.0.44, 7.0.59, or 8.0.17 of the mentioned product.

URL:exchange.xforce.ibmcloud.com/vulnerabilities/103155
2. Vulnerabilities in Cisco Products (cisco-sa-20150513-tc, cisco-sa-20150513-tp)
[15/05/2015] Vulnerabilities were identified in multiple Cisco TelePresence products, Cisco IOS, Cisco Access Control Server, Cisco Email Security Appliance and Cisco MediaSense. An attacker could bypass security restrictions, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.

URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150513-tc
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150513-tp
URL:tools.cisco.com/security/center/viewAlert.x?alertId=38833
URL:tools.cisco.com/security/center/viewAlert.x?alertId=38864
URL:tools.cisco.com/security/center/viewAlert.x?alertId=38866
URL:tools.cisco.com/security/center/viewAlert.x?alertId=38869
URL:www.us-cert.gov/ncas/current-activity/2015/05/14/Cisco-Releases-Security-Advisories-TelePresence-Products
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103157
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103158
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103159
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103160
3. Vulnerability in Huawei FusionCompute products (HW-428704)
[15/05/2015] Vulnerability was identified in the Apache Tomcat. An attacker could bypass security restrictions. This vulnerability affects versions prior to 6.0.44, 7.0.59, or 8.0.17 of the mentioned product.

URL:www.huawei.com/en/security/psirt/security-bulletins/security-notices/archive/hw-428704.htm
4. Security Updates in SUSE (SUSE-SU-2015:0878-1)
[15/05/2015] SUSE has released security update packages for fixing the vulnerabilities identified in the flash-player package of SUSE Linux Enterprise 12. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and compromise the system.

URL:lists.opensuse.org/opensuse-security-announce/2015-05/msg00007.html
5. Vulnerabilities in Cisco Products
[14/05/2015] Vulnerabilities were identified in the Cisco Wireless LAN Controller, Cisco Access Control Server and Cisco WebEx Meetings Server. An attacker could bypass security restrictions, execute arbitrary code, perform cross-site scripting attacks, cause a denial of service condition and crash the system. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.

URL:tools.cisco.com/security/center/viewAlert.x?alertId=38789
URL:tools.cisco.com/security/center/viewAlert.x?alertId=38808
URL:tools.cisco.com/security/center/viewAlert.x?alertId=38811
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103140
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103141
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103142
6. Vulnerability in QEMU (103116)
[14/05/2015] Vulnerability was identified in the QEMU. An attacker could bypass security restrictions, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system. This vulnerability affects multiple versions of the mentioned product. Security patches are available to resolve this vulnerability.

URL:exchange.xforce.ibmcloud.com/vulnerabilities/103116
7. Security Updates in Oracle Linux (ELSA-2015-0998, ELSA-2015-0999, ELSA-2015-1002, ELSA-2015-1003, ELSA-2015-3035, ELSA-2015-3036)
[14/05/2015] Oracle has released security update packages for fixing the vulnerabilities identified in the qemu-kvm, xen, kvm and kernel packages for Oracle Linux 6 and 7. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.

URL:linux.oracle.com/errata/ELSA-2015-0998.html
URL:linux.oracle.com/errata/ELSA-2015-0999.html
URL:linux.oracle.com/errata/ELSA-2015-1002.html
URL:linux.oracle.com/errata/ELSA-2015-1003.html
URL:linux.oracle.com/errata/ELSA-2015-3035.html
URL:linux.oracle.com/errata/ELSA-2015-3036.html
8. Security Updates in Debian (DSA-3259-1, DSA-3260-1)
[14/05/2015] Debian has released security update packages for fixing the vulnerabilities identified in the qemu and iceweasel packages for multiple versions of Debian GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.

URL:www.debian.org/security/2015/dsa-3259
URL:www.debian.org/security/2015/dsa-3260
9. Security Updates in Gentoo Linux (GLSA 201505-01)
[14/05/2015] Gentoo has released security update packages for fixing the vulnerabilities identified in the ettercap package for multiple versions of Gentoo Linux. Due to multiple errors, an attacker could bypass security restrictions, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the system.

URL:security.gentoo.org/glsa/201505-01
10. Security Updates in Mageia (MGASA-2015-0219, MGASA-2015-0220, MGASA-2015-0221, MGASA-2015-0222, MGASA-2015-0223, MGASA-2015-0224, MGASA-2015-0225, MGASA-2015-0226)
[14/05/2015] Mageia has released security update packages for fixing the vulnerabilities identified in the kernel-tmb, qemu, kdebase4, openafs, kernel-linus, darktable, wireshark, libraw, dcraw, ufraw and rawtherapee packages for multiple versions of Mageia. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.

URL:advisories.mageia.org/MGASA-2015-0219.html
URL:advisories.mageia.org/MGASA-2015-0220.html
URL:advisories.mageia.org/MGASA-2015-0221.html
URL:advisories.mageia.org/MGASA-2015-0222.html
URL:advisories.mageia.org/MGASA-2015-0223.html
URL:advisories.mageia.org/MGASA-2015-0224.html
URL:advisories.mageia.org/MGASA-2015-0225.html
URL:advisories.mageia.org/MGASA-2015-0226.html
11. Security Updates in Red Hat Enterprise Linux (RHSA-2015:0998-1, RHSA-2015:0999-1, RHSA-2015:1000-1, RHSA-2015:1001-1, RHSA-2015:1002-1, RHSA-2015:1003-1, RHSA-2015:1004-1, RHSA-2015:1005-1, RHSA-2015:1006-1)
[14/05/2015] Red Hat has released security update packages for fixing the vulnerabilities identified in the qemu-kvm, qemu-kvm-rhev, xen, kvm, Adobe Flash Player and java-1.6.0-ibm packages for Red Hat Enterprise Virtualization Hypervisor 7, Red Hat Enterprise Virtualization 3.5, Red Hat Enterprise Linux OpenStack Platform 4.0, and Red Hat Enterprise Linux 5, 6 and 7. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.

URL:rhn.redhat.com/errata/RHSA-2015-0998.html
URL:rhn.redhat.com/errata/RHSA-2015-0999.html
URL:rhn.redhat.com/errata/RHSA-2015-1000.html
URL:rhn.redhat.com/errata/RHSA-2015-1001.html
URL:rhn.redhat.com/errata/RHSA-2015-1002.html
URL:rhn.redhat.com/errata/RHSA-2015-1003.html
URL:rhn.redhat.com/errata/RHSA-2015-1004.html
URL:rhn.redhat.com/errata/RHSA-2015-1005.html
URL:rhn.redhat.com/errata/RHSA-2015-1006.html
12. Security Updates in SUSE (SUSE-SU-2015:0868-1, SUSE-SU-2015:0870-1)
[14/05/2015] SUSE has released security update packages for fixing the vulnerabilities identified in the php5 and kvm packages of SUSE Linux Enterprise 11 and 12. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and crash the system.

URL:lists.opensuse.org/opensuse-security-announce/2015-05/msg00005.html
URL:lists.opensuse.org/opensuse-security-announce/2015-05/msg00006.html
13. Security Updates in Slackware (SSA:2015-132-04)
[14/05/2015] Slackware has released security update packages for fixing the vulnerabilities identified in the mozilla-firefox package for multiple versions of Slackware Linux. Due to multiple errors, an attacker could bypass security restriction, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the system.

URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.355908
14. Security Updates in Ubuntu GNU/Linux (USN-2602-1, USN-2608-1)
[14/05/2015] Ubuntu has released security update packages for fixing the vulnerabilities identified in the firefox, qemu and qemu-kvm packages for versions 12.04 LTS, 14.04 LTS, 14.10 and vivid of Ubuntu GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.

URL:www.ubuntu.com/usn/usn-2602-1/
URL:www.ubuntu.com/usn/usn-2608-1/
15. Vulnerabilities in Microsoft Products (3046002, 3049563, 3050514, 3051768, 3055642, 3057110, 3057134, 3057181, 3057191, 3057263, 3058083, 3058985, 3061518)
[13/05/2015] Vulnerabilities were identified in the Microsoft Internet Explorer, Microsoft Windows, Microsoft .NET Framework, Microsoft Office, Microsoft Lync, Microsoft Silverlight and Microsoft Windows Service Control Manager (SCM). An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code and compromise the system. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.

URL:technet.microsoft.com/en-us/library/security/ms15-may.aspx
URL:technet.microsoft.com/library/security/MS15-043
URL:technet.microsoft.com/library/security/MS15-044
URL:technet.microsoft.com/library/security/MS15-045
URL:technet.microsoft.com/library/security/MS15-046
URL:technet.microsoft.com/library/security/MS15-047
URL:technet.microsoft.com/library/security/MS15-048
URL:technet.microsoft.com/library/security/MS15-049
URL:technet.microsoft.com/library/security/MS15-050
URL:technet.microsoft.com/library/security/MS15-051
URL:technet.microsoft.com/library/security/MS15-052
URL:technet.microsoft.com/library/security/MS15-053
URL:technet.microsoft.com/library/security/MS15-054
URL:technet.microsoft.com/library/security/MS15-055
URL:www.hkcert.org/my_url/en/alert/15051301
URL:www.hkcert.org/my_url/en/alert/15051302
URL:www.hkcert.org/my_url/en/alert/15051303
URL:www.hkcert.org/my_url/en/alert/15051304
URL:www.hkcert.org/my_url/en/alert/15051305
URL:www.hkcert.org/my_url/en/alert/15051306
URL:www.hkcert.org/my_url/en/alert/15051310
URL:www.hkcert.org/my_url/en/alert/15051311
URL:www.hkcert.org/my_url/en/alert/15051312
URL:www.hkcert.org/my_url/en/alert/15051313
URL:www.hkcert.org/my_url/en/alert/15051314
URL:www.hkcert.org/my_url/en/alert/15051315
URL:www.hkcert.org/my_url/en/alert/15051316
URL:www.us-cert.gov/ncas/current-activity/2015/05/12/Microsoft-Releases-May-2015-Security-Bulletin
16. Information Updates on Microsoft Security Advisories and Bulletin (3042058, 3048010)
[13/05/2015] Microsoft has updated information on the Security Advisories and Bulletin for Microsoft Internet Explorer, Microsoft Windows and Microsoft .NET Framework. (a) KB3042058 was published to provide an additional cipher suites to the default list on affected systems and improve cipher suite priority ordering. (b) MS15-041 was re-released to address issues with the 3037580 update for Microsoft .NET Framework 4.5/4.5.1/4.5.2 on affected editions of Microsoft Windows. Customers running these versions of .NET Framework are encouraged to install the new version of the 3037580 update to be protected from the vulnerability discussed in this bulletin.

URL:technet.microsoft.com/en-us/library/security/3042058
URL:technet.microsoft.com/en-us/library/security/MS15-041
17. Vulnerabilities in Adobe Products (APSB15-09, APSB15-10)
[13/05/2015] Vulnerabilities were identified in the Adobe Flash Player, Adobe Reader and Acrobat. An attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and compromise the system. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.

URL:helpx.adobe.com/security/products/flash-player/apsb15-09.html
URL:helpx.adobe.com/security/products/flash-player/apsb15-10.html
URL:technet.microsoft.com/en-us/library/security/2755801
URL:www.hkcert.org/my_url/en/alert/15051308
URL:www.hkcert.org/my_url/en/alert/15051309
URL:www.us-cert.gov/ncas/current-activity/2015/05/12/Adobe-Releases-Security-Updates-Flash-Player-Reader-and-Acrobat
18. Vulnerabilities in Mozilla Products (MFSA 2015-46, MFSA 2015-47, MFSA 2015-48, MFSA 2015-49, MFSA 2015-50, MFSA 2015-51, MFSA 2015-52, MFSA 2015-53, MFSA 2015-54, MFSA 2015-56, MFSA 2015-57, MFSA 2015-58)
[13/05/2015] Vulnerabilities were identified in Mozilla Firefox, Mozilla Firefox ESR and Mozilla Thunderbird. An attacker could bypass security restriction, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the system. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.

URL:www.mozilla.org/en-US/security/advisories/mfsa2015-46/
URL:www.mozilla.org/en-US/security/advisories/mfsa2015-47/
URL:www.mozilla.org/en-US/security/advisories/mfsa2015-48/
URL:www.mozilla.org/en-US/security/advisories/mfsa2015-49/
URL:www.mozilla.org/en-US/security/advisories/mfsa2015-50/
URL:www.mozilla.org/en-US/security/advisories/mfsa2015-51/
URL:www.mozilla.org/en-US/security/advisories/mfsa2015-52/
URL:www.mozilla.org/en-US/security/advisories/mfsa2015-53/
URL:www.mozilla.org/en-US/security/advisories/mfsa2015-54/
URL:www.mozilla.org/en-US/security/advisories/mfsa2015-56/
URL:www.mozilla.org/en-US/security/advisories/mfsa2015-57/
URL:www.mozilla.org/en-US/security/advisories/mfsa2015-58/
URL:www.mozilla.org/en-US/security/known-vulnerabilities/firefox/
URL:www.mozilla.org/en-US/security/known-vulnerabilities/firefox-esr/
URL:www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/
URL:www.hkcert.org/my_url/en/alert/15051307
URL:www.us-cert.gov/ncas/current-activity/2015/05/12/Mozilla-Releases-Security-Updates-Firefox-Firefox-ESR-and
19. Vulnerability in Cisco Headend Digital Broadband Delivery System
[13/05/2015] Vulnerability was identified in the Cisco Headend Digital Broadband Delivery System. An attacker could bypass security restrictions, execute arbitrary code and perform cross-site scripting attacks. This vulnerability affects version 7.0.0.12 of the mentioned product. Security patches are available to resolve this vulnerability.

URL:tools.cisco.com/security/center/viewAlert.x?alertId=38767
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103112
20. Vulnerability in Wireshark (103111)
[13/05/2015] Vulnerability was identified in the Wireshark. An attacker could bypass security restrictions, cause a denial of service condition and crash the system. This vulnerability affects version 1.12.4 of the mentioned product.

URL:exchange.xforce.ibmcloud.com/vulnerabilities/103111
21. Security Updates in Oracle Linux (ELSA-2015-0983, ELSA-2015-0986, ELSA-2015-0987, ELSA-2015-0988, ELSA-2015-0991)
[13/05/2015] Oracle has released security update packages for fixing the vulnerabilities identified in the tomcat, kexec-tools, kernel, firefox and tomcat6 package for Oracle Linux 6 and 7. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.

URL:linux.oracle.com/errata/ELSA-2015-0983.html
URL:linux.oracle.com/errata/ELSA-2015-0986.html
URL:linux.oracle.com/errata/ELSA-2015-0987.html
URL:linux.oracle.com/errata/ELSA-2015-0988.html
URL:linux.oracle.com/errata/ELSA-2015-0991.html
22. Security Updates in Debian (DSA-3258-1)
[13/05/2015] Debian has released security update packages for fixing the vulnerability identified in the quassel package for multiple versions of Debian GNU/Linux. An attacker could bypass security restrictions, execute arbitrary code and perform code injection attacks.

URL:www.debian.org/security/2015/dsa-3258
23. Security Updates in Mageia (MGASA-2015-0213, MGASA-2015-0214, MGASA-2015-0215, MGASA-2015-0216, MGASA-2015-0217, MGASA-2015-0218)
[13/05/2015] Mageia has released security update packages for fixing the vulnerabilities identified in the pam, dnsmasq, netcf, hostapd, testdisk and flash-player-plugin packages for multiple versions of Mageia. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.

URL:advisories.mageia.org/MGASA-2015-0213.html
URL:advisories.mageia.org/MGASA-2015-0214.html
URL:advisories.mageia.org/MGASA-2015-0215.html
URL:advisories.mageia.org/MGASA-2015-0216.html
URL:advisories.mageia.org/MGASA-2015-0217.html
URL:advisories.mageia.org/MGASA-2015-0218.html
24. Security Updates in SUSE (openSUSE-SU-2015:0855-1)
[13/05/2015] SUSE has released security update packages for fixing the vulnerabilities identified in the php5 package of openSUSE 13.1 and 13.2. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and crash the system.

URL:lists.opensuse.org/opensuse-security-announce/2015-05/msg00004.html
25. Security Updates in Slackware (SSA:2015-132-01, SSA:2015-132-02, SSA:2015-132-03)
[13/05/2015] Slackware has released security update packages for fixing the vulnerabilities identified in the mariadb, mysql and wpa_supplicant packages for multiple versions of Slackware Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.

URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.339829
URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.381697
URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.417889
26. Security Updates in Ubuntu GNU/Linux (USN-2606-1, USN-2607-1)
[13/05/2015] Ubuntu has released security update packages for fixing the vulnerabilities identified in the openssl and libmodule-signature-perl packages for versions 12.04 LTS, 14.04 LTS, 14.10 and vivid of Ubuntu GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the system.

URL:www.ubuntu.com/usn/usn-2606-1/
URL:www.ubuntu.com/usn/usn-2607-1/
27. Vulnerabilities in Cisco Products
[12/05/2015] Vulnerabilities were identified in the Cisco Wireless LAN Controller and Cisco Unified Communications Manager. An attacker could bypass security restrictions, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the system. These vulnerabilities affect multiple firmware versions of the mentioned products. Security patches are available to resolve these vulnerabilities.

URL:tools.cisco.com/security/center/viewAlert.x?alertId=38749
URL:tools.cisco.com/security/center/viewAlert.x?alertId=38763
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103090
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103091
28. Vulnerabilities in IBM Products (1883245, 1902260)
[12/05/2015] Vulnerabilities were identified in the IBM Notes, IBM iNotes, IBM Domino and IBM WebSphere Application Server. An attacker could perform cross-site scripting attacks, cause a buffer overflow, execute arbitrary code, obtain sensitive information, cause a denial of service condition and crash the application. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.

URL:www-01.ibm.com/support/docview.wss?uid=swg21883245
URL:www-01.ibm.com/support/docview.wss?uid=swg21902260
29. Vulnerability in HP SDN VAN Controller (103088)
[12/05/2015] Vulnerability was identified in the HP SDN VAN Controller. An attacker could bypass security restrictions, cause a denial of service condition and crash the system. This vulnerability affects version 2.5 of the mentioned product. Security patches are available to resolve this vulnerability.

URL:exchange.xforce.ibmcloud.com/vulnerabilities/103088
30. Security Updates in Debian (DSA-3255-1, DSA-3257-1)
[12/05/2015] Debian has released security update packages for fixing the vulnerabilities identified in the zeromq3 and mercurial packages for multiple versions of Debian GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, execute arbitrary code and perform command injection attacks.

URL:www.debian.org/security/2015/dsa-3255
URL:www.debian.org/security/2015/dsa-3257
31. Security Updates in Mageia (MGASA-2015-0203, MGASA-2015-0204, MGASA-2015-0205, MGASA-2015-0206, MGASA-2015-0207, MGASA-2015-0208, MGASA-2015-0209, MGASA-2015-0210, MGASA-2015-0211, MGASA-2015-0212)
[12/05/2015] Mageia has released security update packages for fixing the vulnerabilities identified in the pnp4nagios, glpi, mailman, ruby-redcarpet, postgis, libarchive, libssh, kernel, kernel-userspace-headers, kmod-vboxadditions, kmod-virtualbox, kmod-xtables-addons, kmod-broadcom-wl, kmod-fglrx, kmod-nvidia173, kmod-nvidia304, kmod-nvidia-current, springframework and async-http-client packages for multiple versions of Mageia. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.

URL:advisories.mageia.org/MGASA-2015-0203.html
URL:advisories.mageia.org/MGASA-2015-0204.html
URL:advisories.mageia.org/MGASA-2015-0205.html
URL:advisories.mageia.org/MGASA-2015-0206.html
URL:advisories.mageia.org/MGASA-2015-0207.html
URL:advisories.mageia.org/MGASA-2015-0208.html
URL:advisories.mageia.org/MGASA-2015-0209.html
URL:advisories.mageia.org/MGASA-2015-0210.html
URL:advisories.mageia.org/MGASA-2015-0211.html
URL:advisories.mageia.org/MGASA-2015-0212.html
32. Security Updates in Red Hat Enterprise Linux (RHSA-2015:0957-1)
[12/05/2015] Red Hat has released security update packages for fixing the vulnerability identified in the spacewalk-java package for Red Hat Satellite 5.7. An attacker could bypass security restrictions, execute arbitrary code and perform XML External Entity (XXE) attacks.

URL:rhn.redhat.com/errata/RHSA-2015-0957.html
33. Security Updates in Ubuntu GNU/Linux (USN-2604-1, USN-2605-1)
[12/05/2015] Ubuntu has released security update packages for fixing the vulnerabilities identified in the libtasn1-3, libtasn1-6 and icu packages for versions 12.04 LTS, 14.04 LTS, 14.10 and vivid of Ubuntu GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the system.

URL:www.ubuntu.com/usn/usn-2604-1/
URL:www.ubuntu.com/usn/usn-2605-1/
34. Vulnerabilities in Drupal (DRUPAL-SA-CONTRIB-2015-105, DRUPAL-SA-CONTRIB-2015-106, DRUPAL-SA-CONTRIB-2015-107, DRUPAL-SA-CONTRIB-2015-108)
[11/05/2015] Vulnerabilities were identified in the Drupal. An attacker could bypass security restrictions, execute arbitrary code and perform cross-site scripting attacks. These vulnerabilities affect multiple versions of the mentioned product. Security patches are available to resolve these vulnerabilities.

URL:www.drupal.org/node/2484169
URL:www.drupal.org/node/2484195
URL:www.drupal.org/node/2484231
URL:www.drupal.org/node/2484233
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103030
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103033
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103035
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103039
35. Vulnerabilities in multiple plugins for WordPress (103031, 103032)
[11/05/2015] Vulnerabilities were identified in the Akismet plugin and Freshmail plugin for WordPress. An attacker could bypass security restrictions, execute arbitrary code, perform cross-site scripting and code injection attacks. These vulnerabilities affect multiple versions of the mentioned plugins. Security patches are available to resolve the vulnerability identified in the Freshmail plugin.

URL:exchange.xforce.ibmcloud.com/vulnerabilities/103031
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103032
36. Security Updates in Debian (DSA-3253-1, DSA-3254-1, DSA-3256-1)
[11/05/2015] Debian has released security update packages for fixing the vulnerabilities identified in the pound, suricata and libtasn1-6 package for multiple versions of Debian GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and crash the system.

URL:www.debian.org/security/2015/dsa-3253
URL:www.debian.org/security/2015/dsa-3254
URL:www.debian.org/security/2015/dsa-3256
37. Security Updates in Mandriva (MDVSA-2015:232)
[11/05/2015] Mandriva has released security update packages for fixing the vulnerability identified in the libtasn1 package for versions MBS1 and MBS2 of Mandriva GNU/Linux. An attacker could bypass security restrictions and obtain sensitive information.

URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2015%3A232/
38. Security Updates in Mageia (MGASA-2015-0202)
[11/05/2015] Mageia has released security update packages for fixing the vulnerabilities identified in the wordpress package for multiple versions of Mageia. Due to multiple errors, an attacker could bypass security restrictions, execute arbitrary code and perform cross-site scripting attacks.

URL:advisories.mageia.org/MGASA-2015-0202.html
39. Security Updates in SUSE (SUSE-SU-2015:0839-1)
[11/05/2015] SUSE has released security update packages for fixing the vulnerabilities identified in the DirectFB package of SUSE Linux Enterprise 12. Due to multiple errors, an attacker could bypass security restrictions, execute arbitrary code, cause a denial of service condition and crash the system.

URL:lists.opensuse.org/opensuse-security-announce/2015-05/msg00003.html
40. Security Updates in Ubuntu GNU/Linux (USN-2597-2, USN-2598-2, USN-2599-2, USN-2600-2)
[11/05/2015] Ubuntu has released security update packages for fixing the vulnerabilities identified in the linux-lts-trusty, linux and linux-lts-utopic packages for versions 12.04 LTS, 14.04 LTS and 14.10 of Ubuntu GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the system.

URL:www.ubuntu.com/usn/usn-2597-2/
URL:www.ubuntu.com/usn/usn-2598-2/
URL:www.ubuntu.com/usn/usn-2599-2/
URL:www.ubuntu.com/usn/usn-2600-2/