1. Information
Updates on Microsoft Security Bulletin (3057110)
[22/05/2015] Microsoft has updated information on the Security Bulletin
for Microsoft Windows, Microsoft .NET Framework, Microsoft Office, Microsoft
Lync and Microsoft Silverlight. MS15-044 was revised to announce the
availability of a new update (3065979) that fixes a known issue that some
customers experienced after installing the 3045171 security update on all
supported editions of Windows 7/Windows 2008 R2 and earlier systems. The 3045171
security update causes customer applications to crash while attempting to create
text-outline-based path objects using
GDI+.
URL:technet.microsoft.com/en-us/library/security/MS15-044
2. Vulnerability in Apache
Jackrabbit
[22/05/2015]
Vulnerability was identified in the Apache
Jackrabbit. An attacker could bypass security restrictions and obtain sensitive
information. This vulnerability affects versions prior to 2.10.1 of the
mentioned product. Security patches are available to resolve this
vulnerability.
URL:jackrabbit.apache.org/jcr/index.html
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103311
3. Vulnerability in Cisco Access Control
Server
[22/05/2015]
Vulnerability was identified in the Cisco Access
Control Server. An attacker could bypass security restrictions, cause a denial
of service condition and crash the system. This vulnerability affects firmware
version 5.5 (0.46.2) of the mentioned
product.
URL:tools.cisco.com/security/center/viewAlert.x?alertId=38946
4. Vulnerability in python-kerberos
(103310)
[22/05/2015]
Vulnerability was identified in the
python-kerberos. An attacker could bypass security restrictions, execute
arbitrary code and perform spoofing attacks. This vulnerability affects version
1.2.2 of the mentioned product. Security patches are available to resolve this
vulnerability.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103310
5. Security Updates in Debian
(DSA-3266-1)
[22/05/2015] Debian has
released security update packages for fixing the vulnerability identified in the
fuse package for multiple versions of Debian GNU/Linux. An attacker could bypass
security restrictions, obtain sensitive information, gain elevated privileges,
execute arbitrary code, cause a denial of service condition and crash the
system.
URL:www.debian.org/security/2015/dsa-3266
6. Security Updates in SUSE (SUSE-SU-2015:0923-1,
SUSE-SU-2015:0927-1, SUSE-SU-2015:0928-1,
SUSE-SU-2015:0929-1)
[22/05/2015] SUSE has
released security update packages for fixing the vulnerabilities identified in
the xen and KVM packages of SUSE Linux Enterprise 11 and 12, and the SUSE
Manager 1.7 for SUSE Linux Enterprise 11. Due to multiple errors, an attacker
could bypass security restrictions, obtain sensitive information, execute
arbitrary code, cause a denial of service condition and crash the
system.
URL:lists.opensuse.org/opensuse-security-announce/2015-05/msg00018.html
URL:lists.opensuse.org/opensuse-security-announce/2015-05/msg00019.html
URL:lists.opensuse.org/opensuse-security-announce/2015-05/msg00020.html
URL:lists.opensuse.org/opensuse-security-announce/2015-05/msg00021.html
7. Security Updates in Ubuntu GNU/Linux (USN-2609-1,
USN-2610-1, USN-2617-1, USN-2618-1)
[22/05/2015] Ubuntu has
released security update packages for fixing the vulnerabilities identified in
the apport, oxide-qt, fuse and python-dbusmock packages for versions 12.04 LTS,
14.04 LTS, 14.10, 15.04 of Ubuntu GNU/Linux. Due to multiple errors, an attacker
could bypass security restrictions, obtain sensitive information, gain elevated
privileges, execute arbitrary code, cause a denial of service condition and
compromise the
system.
URL:www.ubuntu.com/usn/usn-2609-1/
URL:www.ubuntu.com/usn/usn-2610-1/
URL:www.ubuntu.com/usn/usn-2617-1/
URL:www.ubuntu.com/usn/usn-2618-1/
8. Vulnerability in Microsoft Internet Explorer
(103298)
[21/05/2015]
Vulnerability was identified in the Microsoft
Internet Explorer 11 . An attacker could bypass security restrictions, cause a
denial of service condition and crash the system. This vulnerability affects
version 11 of the mentioned
product.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103298
9. Vulnerabilities in Cisco
Products
[21/05/2015]
Vulnerabilities were identified in the Cisco
Prime Central for HCS and Cisco Adaptive Security Appliance. An attacker could
bypass security restrictions, gain elevated privileges, execute arbitrary code,
cause a denial of service condition and crash the system. These vulnerabilities
affect versions of the mentioned products. Security patches are available to
resolve the vulnerability identified in Cisco Adaptive Security
Appliance.
URL:tools.cisco.com/security/center/viewAlert.x?alertId=38927
URL:tools.cisco.com/security/center/viewAlert.x?alertId=38937
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103296
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103297
10.
Vulnerability in HP LoadRunner
(103292)
[21/05/2015]
Vulnerability was identified in the HP
LoadRunner. An attacker could bypass security restrictions, execute arbitrary
code, cause a denial of service condition and crash the system. This
vulnerability affects version 11.52 of the mentioned product. Security patches
are available to resolve this
vulnerability.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103292
11.
Vulnerabilities in Trend Micro
OfficeScan
[21/05/2015]
Vulnerabilities were identified in the Trend
Micro OfficeScan 11. An attacker could bypass security restrictions, obtain
sensitive information, cause a denial of service condition and crash the system.
These vulnerabilities affect versions prior to 11.0 Service Pack 1 of the
mentioned product. Security patches are available to resolve these
vulnerabilities.
URL:downloadcenter.trendmicro.com/index.php?regs=NABU&clk=tbl&clkval=4739&cm_mmc=RSS-_-Download%20Center-_-product-_-5
URL:docs.trendmicro.com/all/ent/officescan/v11.0/en-us/osce_11.0_sp1_server_readme.htm
URL:docs.trendmicro.com/all/ent/officescan/v11.0/en-us/osce_11.0_sp1_agent_readme.txt
12.
Vulnerabilities in Huawei Mate 7
smartphone (Huawei-SA-20150520-01-MATE7)
[21/05/2015] Vulnerabilities were identified in the Huawei Mate 7
smartphone. An attacker could bypass security restrictions, gain elevated
privileges, execute arbitrary code, cause a denial of service condition and
compromise the system. These vulnerabilities affect firmware versions prior to
V100R001CHNC00B126SP03 of the mentioned product. Security patches are available
to resolve these
vulnerabilities.
URL:www.huawei.com/en/security/psirt/security-bulletins/security-advisories/archive/hw-432799.htm
13.
Vulnerability in IPsec-Tools
(103287)
[21/05/2015]
Vulnerability was identified in the IPsec-Tools.
An attacker could bypass security restrictions, cause a denial of service
condition and crash the system. This vulnerability affects version 0.8.2 of the
mentioned
product.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103287
14.
Vulnerability in TLS protocol
(103294)
[21/05/2015]
Vulnerability was identified in the TLS
protocol. An attacker could bypass security restrictions and obtain sensitive
information. This vulnerability affects version 1.2 of the mentioned product and
is commonly referred to as
"Logjam".
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103294
15.
Security Updates in Debian (DSA-3263-1,
DSA-3265-1)
[21/05/2015] Debian has
released security update packages for fixing the vulnerabilities identified in
the proftpd-dfsg and zendframework packages for multiple versions of Debian
GNU/Linux. Due to multiple errors, an attacker could bypass security
restrictions, obtain sensitive information, execute arbitrary code, cause a
denial of service condition and crash the
system.
URL:www.debian.org/security/2015/dsa-3263
URL:www.debian.org/security/2015/dsa-3265
16.
Security Updates in Red Hat Enterprise
Linux (RHSA-2015:1020-1, RHSA-2015:1021-1)
[21/05/2015] Red Hat
has released security update packages for fixing the vulnerabilities identified
in the java-1.7.1-ibm and java-1.5.0-ibm packages for Red Hat Enterprise Linux
5, 6, and 7. Due to multiple errors, an attacker could bypass security
restrictions, obtain sensitive information, gain elevated privileges, execute
arbitrary code, cause a denial of service condition and compromise the
system.
URL:rhn.redhat.com/errata/RHSA-2015-1020.html
URL:rhn.redhat.com/errata/RHSA-2015-1021.html
17.
Security Updates in SUSE
(SUSE-SU-2015:0921-1)
[21/05/2015] SUSE has
released security update packages for fixing the vulnerability identified in the
gstreamer-0_10-plugins-bad package of SUSE Linux Enterprise 11. Due to multiple
errors, an attacker could bypass security restrictions, cause a denial of
service condition and crash the
system.
URL:lists.opensuse.org/opensuse-security-announce/2015-05/msg00017.html
18.
Security Updates in Ubuntu GNU/Linux
(USN-2611-1, USN-2612-1, USN-2613-1, USN-2614-1, USN-2615-1,
USN-2616-1)
[21/05/2015] Ubuntu has
released security update packages for fixing the vulnerabilities identified in
the linux, linux-ti-omap4, linux-lts-trusty and linux-lts-utopic packages for
versions 12.04 LTS, 14.04 LTS and 14.10 of Ubuntu GNU/Linux. Due to multiple
errors, an attacker could bypass security restrictions, obtain sensitive
information, gain elevated privileges, execute arbitrary code, cause a denial of
service condition and compromise the
system.
URL:www.ubuntu.com/usn/usn-2611-1/
URL:www.ubuntu.com/usn/usn-2612-1/
URL:www.ubuntu.com/usn/usn-2613-1/
URL:www.ubuntu.com/usn/usn-2614-1/
URL:www.ubuntu.com/usn/usn-2615-1/
URL:www.ubuntu.com/usn/usn-2616-1/
19.
Information Updates on Microsoft Security
Bulletin (3057181)
[20/05/2015] Microsoft
has updated information on the Security Bulletin for Microsoft Office. MS15-046
was revised to announce the release of the Microsoft Office for Mac 14.5.1
update. The release addresses a potential issue with Microsoft Outlook for Mac
when customers install the Microsoft Office for Mac 14.5.0 update. Customers who
have not already installed the 14.5.0 update should install the 14.5.1 update to
be fully protected from this
vulnerability.
URL:technet.microsoft.com/en-us/library/security/MS15-046
20.
Vulnerabilities in Apple Watch OS
(HT204870)
[20/05/2015]
Vulnerabilities were identified in the Apple
Watch OS. An attacker could bypass security restrictions, obtain sensitive
information, gain elevated privileges, execute arbitrary code, cause a denial of
service condition and compromise the system. These vulnerabilities affect
versions prior to 1.0.1 of the mentioned product. Security patches are available
to resolve these
vulnerabilities.
URL:support.apple.com/en-hk/HT204870
21.
Vulnerability in Cisco Unified
Intelligence Center
[20/05/2015] Vulnerability was identified in the Cisco Unified
Intelligence Center. An attacker could bypass security restrictions, gain
elevated privileges, execute arbitrary code and perform cross-site request
forgery attacks. This vulnerability affects version 10.6 (1) of the mentioned
product. Security patches are available to resolve this
vulnerability.
URL:tools.cisco.com/security/center/viewAlert.x?alertId=38913
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103281
22.
Vulnerabilities in Google
Chrome
[20/05/2015]
Vulnerabilities were identified in the Google
Chrome. An attacker could bypass security restrictions, obtain sensitive
information, execute arbitrary code, cause a denial of service condition and
compromise the system. These vulnerabilities affect versions prior to
43.0.2357.65 of the mentioned product. Security patches are available to resolve
these
vulnerabilities.
URL:googlechromereleases.blogspot.mx/2015/05/stable-channel-update_19.html
URL:www.us-cert.gov/ncas/current-activity/2015/05/19/Google-Releases-Security-Update-Chrome
23.
Vulnerability in KCodes NetUSB
(VU#177092)
[20/05/2015] Vulnerability was identified in the KCodes NetUSB. An
attacker could bypass security restrictions, execute arbitrary code, cause a
denial of service condition and compromise the system. This vulnerability
affects multiple firmware versions of the mentioned product. Security patches
are available to resolve this
vulnerability.
URL:www.kb.cert.org/vuls/id/177092
24.
Vulnerability in Samba
(103230)
[20/05/2015]
Vulnerability was identified in the Samba. An
attacker could bypass security restrictions, execute arbitrary code and cause a
denial of service condition. This vulnerability affects version 3.0.37 of the
mentioned
product.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103230
25.
Security Updates in Debian (DSA-3262-1,
DSA-3264-1)
[20/05/2015] Debian has
released security update packages for fixing the vulnerabilities identified in
the xen and icedove packages for multiple versions of Debian GNU/Linux. Due to
multiple errors, an attacker could bypass security restrictions, obtain
sensitive information, gain elevated privileges, execute arbitrary code, cause a
denial of service condition and compromise the
system.
URL:www.debian.org/security/2015/dsa-3262
URL:www.debian.org/security/2015/dsa-3264
26.
Security Updates in SUSE
(openSUSE-SU-2015:0914-1)
[20/05/2015] SUSE has
released security update packages for fixing the vulnerabilities identified in
the flash-player packages of openSUSE 13.1 and 13.2. Due to multiple errors, an
attacker could bypass security restrictions, obtain sensitive information, gain
elevated privileges, execute arbitrary code, cause a denial of service condition
and compromise the
system.
URL:lists.opensuse.org/opensuse-security-announce/2015-05/msg00016.html
27.
Vulnerabilities in Cisco
Products
[19/05/2015]
Vulnerabilities were identified in the Cisco Web
Security Appliance (WSA) and Cisco FireSIGHT System Software. An attacker could
bypass security restrictions, obtain sensitive information and execute arbitrary
code. These vulnerabilities affect multiple versions of the mentioned
products.
URL:tools.cisco.com/security/center/viewAlert.x?alertId=38884
URL:tools.cisco.com/security/center/viewAlert.x?alertId=38905
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103220
28.
Vulnerability in IBM Products
(1902300)
[19/05/2015]
Vulnerability was identified in the IBM Notes,
IBM Domino and IBM Expeditor. An attacker could bypass security restrictions and
obtain sensitive information. This vulnerability affects multiple versions of
the mentioned
products.
URL:www.ibm.com/support/docview.wss?uid=swg21902300
29.
Vulnerabilities in Moodle (MSA-15-0018,
MSA-15-0019, MSA-15-0020, MSA-15-0021, MSA-15-0022, MSA-15-0023, MSA-15-0024,
MSA-15-0025)
[19/05/2015] Vulnerabilities were identified in the Moodle. An attacker
could bypass security restrictions, obtain sensitive information, execute
arbitrary code, perform cross site scripting attacks, cause a denial of service
condition and crash the system. These vulnerabilities affect multiple versions
of the mentioned product. Security patches are available to resolve these
vulnerabilities.
URL:moodle.org/security/
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103221
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103222
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103223
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103224
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103225
30.
Security Updates in Oracle Linux
(ELSA-2015-1012)
[19/05/2015] Oracle has
released security update packages for fixing the vulnerabilities identified in
the thunderbird package for Oracle Linux 6 and 7. Due to multiple errors, an
attacker could bypass security restrictions, execute arbitrary code, cause a
denial of service condition and crash the
system.
URL:linux.oracle.com/errata/ELSA-2015-1012.html
31.
Security Updates in Mageia
(MGASA-2015-0229, MGASA-2015-0230, MGASA-2015-0231, MGASA-2015-0232,
MGASA-2015-0233, MGASA-2015-0234)
[19/05/2015] Mageia has
released security update packages for fixing the vulnerabilities identified in
the moodle, xbmc, php, php-apc, php-timezonedb, phpmyadmin, avidemux, sqlite3,
rootcerts, nss, firefox, firefox-l10n, thunderbird and thunderbird-l10n packages
for multiple versions of Mageia. Due to multiple errors, an attacker could
bypass security restrictions, obtain sensitive information, gain elevated
privileges, execute arbitrary code, cause a denial of service condition and
compromise the
system.
URL:advisories.mageia.org/MGASA-2015-0229.html
URL:advisories.mageia.org/MGASA-2015-0230.html
URL:advisories.mageia.org/MGASA-2015-0231.html
URL:advisories.mageia.org/MGASA-2015-0232.html
URL:advisories.mageia.org/MGASA-2015-0233.html
URL:advisories.mageia.org/MGASA-2015-0234.html
32.
Security Updates in Red Hat Enterprise
Linux (RHSA-2015:1012-1)
[19/05/2015] Red Hat
has released security update packages for fixing the vulnerabilities identified
in the thunderbird package for Red Hat Enterprise Linux 5, 6, and 7. Due to
multiple errors, an attacker could bypass security restrictions, execute
arbitrary code, cause a denial of service condition and crash the
system.
URL:rhn.redhat.com/errata/RHSA-2015-1012.html
33.
Security Updates in SUSE
(openSUSE-SU-2015:0892-1, openSUSE-SU-2015:0893-1, openSUSE-SU-2015:0894-1,
SUSE-SU-2015:0896-1)
[19/05/2015] SUSE has
released security update packages for fixing the vulnerabilities identified in
the Firefox 31.7.0esr and qemu packages of openSUSE 13.1 and 13.2, openSUSE
Evergreen 11.4, and SUSE Linux Enterprise 12. Due to multiple errors, an
attacker could bypass security restrictions, obtain sensitive information, gain
elevated privileges, execute arbitrary code, cause a denial of service condition
and compromise the
system.
URL:lists.opensuse.org/opensuse-security-announce/2015-05/msg00012.html
URL:lists.opensuse.org/opensuse-security-announce/2015-05/msg00013.html
URL:lists.opensuse.org/opensuse-security-announce/2015-05/msg00014.html
URL:lists.opensuse.org/opensuse-security-announce/2015-05/msg00015.html
34.
Security Updates in Ubuntu GNU/Linux
(USN-2603-1)
[19/05/2015] Ubuntu has
released security update packages for fixing the vulnerabilities identified in
the thunderbird packages for versions 12.04 LTS, 14.04 LTS, 14.10 and vivid of
Ubuntu GNU/Linux. Due to multiple errors, an attacker could bypass security
restrictions, execute arbitrary code, cause a denial of service condition and
crash the
system.
URL:www.ubuntu.com/usn/usn-2603-1/
35. Vulnerability in Apache Portable Runtime
(103204)
[18/05/2015]
Vulnerability was identified in the Apache
Portable Runtime. An attacker could bypass security restrictions and cause a
denial of service condition. This vulnerability affects versions prior to 1.5.2
of the mentioned product. Security patches are available to resolve this
vulnerability.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103204
36.
Vulnerability in Cisco Unified Customer
Voice Portal
[18/05/2015] Vulnerability was identified in the Cisco Unified Customer
Voice Portal. An attacker could bypass security restrictions, execute arbitrary
code and perform cross-site scripting attacks. This vulnerability affects
firmware version 10.5(1) of the mentioned
product.
URL:tools.cisco.com/security/center/viewAlert.x?alertId=38868
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103203
37.
Vulnerability in Oracle
Products
[18/05/2015]
Vulnerability was identified in the Oracle
VirtualBox, Oracle VM and Oracle Linux. An attacker could bypass security
restrictions, gain elevated privileges, execute arbitrary code, cause a denial
of service condition and compromise the system. This vulnerability affects
multiple versions of the mentioned products. Security patches are available to
resolve this
vulnerability.
URL:www.oracle.com/technetwork/topics/security/alert-cve-2015-3456-2542656.html
38.
Security Updates in Debian
(DSA-3261-1)
[18/05/2015] Debian has
released security update packages for fixing the vulnerabilities identified in
the libmodule-signature-perl package for multiple versions of Debian GNU/Linux.
Due to multiple errors, an attacker could bypass security restrictions, execute
arbitrary code and compromise the
system.
URL:www.debian.org/security/2015/dsa-3261
39.
Security Updates in Mageia
(MGASA-2015-0227, MGASA-2015-0228)
[18/05/2015] Mageia has
released security update packages for fixing the vulnerabilities identified in
the ruby-rest-client, ruby-netrc, ruby-http-cookie, kmod-vboxadditions,
kmod-virtualbox and virtualbox packages for multiple versions of Mageia. Due to
multiple errors, an attacker could bypass security restrictions, obtain
sensitive information, gain elevated privileges, execute arbitrary code, cause a
denial of service condition and compromise the
system.
URL:advisories.mageia.org/MGASA-2015-0227.html
URL:advisories.mageia.org/MGASA-2015-0228.html
40.
Security Updates in Red Hat Enterprise
Linux (RHSA-2015:1011-1)
[18/05/2015] Red Hat
has released security update packages for fixing the vulnerability identified in
the rhev-hypervisor package for Red Hat Enterprise Virtualization 3. An attacker
could bypass security restrictions, gain elevated privileges, execute arbitrary
code, cause a denial of service condition and compromise the
system.
URL:rhn.redhat.com/errata/RHSA-2015-1011.html
41.
Security Updates in Slackware
(SSA:2015-137-01)
[18/05/2015] Slackware
has released security update packages for fixing the vulnerabilities identified
in the mozilla-thunderbird package for multiple versions of Slackware Linux. Due
to multiple errors, an attacker could bypass security restriction, obtain
sensitive information, gain elevated privileges, execute arbitrary code, cause a
denial of service condition and crash the
system.
URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.360171
42.
Security Updates in SUSE
(SUSE-SU-2015:0884-1, SUSE-SU-2015:0884-2, SUSE-SU-2015:0889-1,
openSUSE-SU-2015:0890-1)
[18/05/2015] SUSE has
released security update packages for fixing the vulnerabilities identified in
the spice, KVM and flash-player packages of SUSE Linux Enterprise 11, 12 and
openSUSE Evergreen 11.4. Due to multiple errors, an attacker could bypass
security restrictions, obtain sensitive information, gain elevated privileges,
execute arbitrary code, cause a denial of service condition and compromise the
system.
URL:lists.opensuse.org/opensuse-security-announce/2015-05/msg00008.html
URL:lists.opensuse.org/opensuse-security-announce/2015-05/msg00009.html
URL:lists.opensuse.org/opensuse-security-announce/2015-05/msg00010.html
URL:lists.opensuse.org/opensuse-security-announce/2015-05/msg00011.html
No comments:
Post a Comment