1. Information
Updates on Microsoft Security Bulletin (MS15-035)
[30/04/2015] Microsoft has updated information on the Security Bulletin
for the Microsoft Windows. MS15-035 was revised to correct update replacement
entries for all affected
software.
URL:technet.microsoft.com/en-us/library/security/MS15-035
2. Vulnerabilities in F5 Products (SOL15426, SOL15630,
SOL15868, SOL16090)
[30/04/2015] Vulnerabilities were identified in the F5 BIG-IP LTM, BIG-IP
AAM, BIG-IP AFM, BIG-IP Analytics, BIG-IP APM, BIG-IP ASM, BIG-IP Edge Gateway,
BIG-IP GTM, BIG-IP Link Controller, BIG-IP PEM, BIG-IP PSM, BIG-IP
WebAccelerator, BIG-IP WOM, ARX, Enterprise Manager, FirePass, BIG-IQ Cloud,
BIG-IQ Device, BIG-IQ Security and BIG-IQ ADC. An attacker could bypass security
restrictions, obtain sensitive information, gain elevated privileges, execute
arbitrary code, cause a denial of service condition and compromise the system.
These vulnerabilities affect multiple versions of the mentioned products.
Security patches are available to resolve these
vulnerabilities.
URL:support.f5.com/kb/en-us/solutions/public/15000/400/sol15426.html
URL:support.f5.com/kb/en-us/solutions/public/15000/600/sol15630.html
URL:support.f5.com/kb/en-us/solutions/public/15000/800/sol15868.html
URL:support.f5.com/kb/en-us/solutions/public/16000/000/sol16090.html
3. Vulnerability in Huawei E355s Mobile WiFi
(Huawei-SA-20150429-01-E355s)
[30/04/2015] Vulnerability was identified in the Huawei E355s Mobile WiFi.
An attacker could bypass security restrictions and obtain sensitive information.
This vulnerability affects versions prior to V200R002B158D45SP01C625 of the
mentioned product. Security patches are available to resolve this
vulnerability.
URL:www.huawei.com/en/security/psirt/security-bulletins/security-advisories/archive/hw-425435.htm
4. Vulnerabilities in Google
Chrome
[30/04/2015]
Vulnerabilities were identified in the Google
Chrome. An attacker could bypass security restrictions, obtain sensitive
information, execute arbitrary code and cause a denial of service condition.
These vulnerabilities affect versions prior to 42.0.2311.135 of the mentioned
product. Security patches are available to resolve these
vulnerabilities.
URL:googlechromereleases.blogspot.in/2015/04/stable-channel-update_28.html
URL:www.hkcert.org/my_url/en/alert/15043001
URL:www.us-cert.gov/ncas/current-activity/2015/04/29/Google-Releases-Security-Update-Chrome
5. Vulnerability in Oracle MySQL
(102740)
[30/04/2015]
Vulnerabilities were identified in the Oracle
MySQL. An attacker could bypass security restrictions, obtain sensitive
information, execute arbitrary code and perform man-in-the-middle attacks. This
vulnerability affects version 5.7.2 of the mentioned product. Security patches
are available to resolve this
vulnerability.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/102740
6. Security Updates in Debian (DSA-3239-1,
DSA-3240-1)
[30/04/2015] Debian has
released security update packages for fixing the vulnerabilities identified in
the icecast2 and curl packages for multiple versions of Debian GNU/Linux. Due to
multiple errors, an attacker could bypass security restrictions, obtain
sensitive information, cause a denial of service condition and crash the
system.
URL:www.debian.org/security/2015/dsa-3239
URL:www.debian.org/security/2015/dsa-3240
7. Security Updates in Mandriva (MDVSA-2015:213,
MDVSA-2015:214, MDVSA-2015:215, MDVSA-2015:216)
[30/04/2015] Mandriva has released security update packages for fixing the
vulnerabilities identified in the lftp, libksba, t1utils and ntop packages for
versions MBS1 and MBS2 of Mandriva GNU/Linux. Due to multiple errors, an
attacker could bypass security restrictions, obtain sensitive information,
execute arbitrary code, perform cross-site-scripting attacks, cause a denial of
service condition and compromise the
system.
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2015%3A213/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2015%3A214/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2015%3A215/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2015%3A216/
8. Vulnerabilities in Cisco
Products
[29/04/2015]
Vulnerabilities were identified in the Cisco IOS
Software, Cisco IOS XE Software and Cisco ASR 5000 Series Software. An attacker
could bypass security restrictions, cause a denial of service condition and
crash the system. These vulnerabilities affect multiple firmware versions of the
mentioned products. Security patches are available to resolve these
vulnerabilities.
URL:tools.cisco.com/security/center/viewAlert.x?alertId=38543
URL:tools.cisco.com/security/center/viewAlert.x?alertId=38544
URL:tools.cisco.com/security/center/viewAlert.x?alertId=38549
URL:tools.cisco.com/security/center/viewAlert.x?alertId=38557
URL:exchange.xforce.ibmcloud.com/vulnerabilities/102649
URL:exchange.xforce.ibmcloud.com/vulnerabilities/102650
URL:exchange.xforce.ibmcloud.com/vulnerabilities/102651
9. Vulnerability in IBM WebSphere Application Server
(1883573)
[29/04/2015]
Vulnerability was identified in the IBM
WebSphere Application Server. An attacker could bypass security restrictions and
execute arbitrary code. This vulnerability affects multiple versions of the
mentioned product. Security patches are available to resolve this
vulnerability.
URL:www.ibm.com/support/docview.wss?uid=swg21883573
10.
Vulnerabilities in Novell Products
(5206551, 5206570, 5206590, 5207730, 5207731, 5207750, 5208410,
5204231)
[29/04/2015]
Vulnerabilities were identified in the Novell
Identity Manager, NetIQ Identity Manager Standard Edition and Novell Messenger.
An attacker could bypass security restriction and obtain sensitive information.
These vulnerabilities affect multiple versions of the mentioned products.
Security patches are available to resolve these
vulnerabilities.
URL:download.novell.com/Download?buildid=_WYyICODfL8~
URL:download.novell.com/Download?buildid=4BLinv98v2Y~
URL:download.novell.com/Download?buildid=6F0mcIA5UQs~
URL:download.novell.com/Download?buildid=ELUL-TFXB1E~
URL:download.novell.com/Download?buildid=G57uamx7tcA~
URL:download.novell.com/Download?buildid=oJ3evaNQb2M~
URL:download.novell.com/Download?buildid=z0hnX19p0KM~
11.
Vulnerabilities in Barracuda Web Filter
(VU#534407)
[29/04/2015] Vulnerabilities were identified in the Barracuda Web Filter.
An attacker could bypass security restrictions, obtain sensitive information,
execute arbitrary code and perform man-in-the-middle (MITM) attacks. These
vulnerabilities affect versions prior to 8.1.0.005 of the mentioned product.
Security patches are available to resolve these
vulnerabilities.
URL:www.kb.cert.org/vuls/id/534407
12.
Vulnerabilities in InFocus IN3128HD
Projector (102653, 102654)
[29/04/2015] Vulnerabilities were identified in the InFocus IN3128HD
Projector. An attacker could bypass security restrictions, execute arbitrary
code and compromise the system. These vulnerabilities affect firmware version
0.26 of the mentioned
product.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/102653
URL:exchange.xforce.ibmcloud.com/vulnerabilities/102654
13.
Security Updates in Oracle Linux
(ELSA-2015-0895)
[29/04/2015] Oracle has
released security update packages for fixing the vulnerability identified in the
389ds-base package for Oracle Linux 7. An attacker could bypass security
restrictions.
URL:linux.oracle.com/errata/ELSA-2015-0895.html
14.
Security Updates in Red Hat Enterprise
Linux (RHSA-2015:0891-1, RHSA-2015:0895-1)
[29/04/2015] Red Hat
has released security update packages for fixing the vulnerabilities identified
in the qemu-kvm-rhev package for Red Hat Enterprise Linux OpenStack Platform 4.0
and 5.0 for Red Hat Enterprise Linux 6, and 389-ds-base package for Red Hat
Enterprise Linux 7. Due to multiple errors, an attacker could bypass security
restrictions and execute arbitrary
code.
URL:rhn.redhat.com/errata/RHSA-2015-0891.html
URL:rhn.redhat.com/errata/RHSA-2015-0895.html
15.
Security Updates in Ubuntu GNU/Linux
(USN-2581-1)
[29/04/2015] Ubuntu has
released security update packages for fixing the vulnerability identified in the
NetworkManager package for versions 14.04 LTS, 14.10 and vivid of Ubuntu
GNU/Linux. An attacker could bypass security restrictions, obtain sensitive
information and execute arbitrary
code.
URL:www.ubuntu.com/usn/usn-2581-1/
16. Vulnerabilities in Cisco
Products
[28/04/2015]
Vulnerabilities were identified in the Cisco IOS
Software, Cisco IOS XE Software and Cisco ASR 5000 Series Software. An attacker
could bypass security restrictions, cause a denial of service condition and
crash the system. These vulnerabilities affect multiple firmware versions of the
mentioned products. Security patches are available to resolve these
vulnerabilities.
URL:tools.cisco.com/security/center/viewAlert.x?alertId=38543
URL:tools.cisco.com/security/center/viewAlert.x?alertId=38544
URL:tools.cisco.com/security/center/viewAlert.x?alertId=38549
URL:tools.cisco.com/security/center/viewAlert.x?alertId=38557
URL:exchange.xforce.ibmcloud.com/vulnerabilities/102649
URL:exchange.xforce.ibmcloud.com/vulnerabilities/102650
URL:exchange.xforce.ibmcloud.com/vulnerabilities/102651
17.
Vulnerabilities in Novell Products
(5206551, 5206570, 5206590, 5207730, 5207731, 5207750, 5208410,
5204231)
[28/04/2015]
Vulnerabilities were identified in the Novell
Identity Manager, NetIQ Identity Manager Standard Edition and Novell Messenger.
An attacker could bypass security restriction and obtain sensitive information.
These vulnerabilities affect multiple versions of the mentioned products.
Security patches are available to resolve these
vulnerabilities.
URL:download.novell.com/Download?buildid=_WYyICODfL8~
URL:download.novell.com/Download?buildid=4BLinv98v2Y~
URL:download.novell.com/Download?buildid=6F0mcIA5UQs~
URL:download.novell.com/Download?buildid=ELUL-TFXB1E~
URL:download.novell.com/Download?buildid=G57uamx7tcA~
URL:download.novell.com/Download?buildid=oJ3evaNQb2M~
URL:download.novell.com/Download?buildid=z0hnX19p0KM~
18.
Vulnerabilities in Barracuda Web Filter
(VU#534407)
[28/04/2015] Vulnerabilities were identified in the Barracuda Web Filter.
An attacker could bypass security restrictions, obtain sensitive information,
execute arbitrary code and perform man-in-the-middle (MITM) attacks. These
vulnerabilities affect versions prior to 8.1.0.005 of the mentioned product.
Security patches are available to resolve these
vulnerabilities.
URL:www.kb.cert.org/vuls/id/534407
19.
Vulnerabilities in InFocus IN3128HD
Projector (102653, 102654)
[28/04/2015] Vulnerabilities were identified in the InFocus IN3128HD
Projector. An attacker could bypass security restrictions, execute arbitrary
code and compromise the system. These vulnerabilities affect firmware version
0.26 of the mentioned
product.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/102653
URL:exchange.xforce.ibmcloud.com/vulnerabilities/102654
20.
Security Updates in Oracle Linux
(ELSA-2015-0895)
[28/04/2015] Oracle has
released security update packages for fixing the vulnerability identified in the
389ds-base package for Oracle Linux 7. An attacker could bypass security
restrictions.
URL:linux.oracle.com/errata/ELSA-2015-0895.html
21.
Security Updates in Red Hat Enterprise
Linux (RHSA-2015:0891-1, RHSA-2015:0895-1)
[28/04/2015] Red Hat
has released security update packages for fixing the vulnerabilities identified
in the qemu-kvm-rhev package for Red Hat Enterprise Linux OpenStack Platform 4.0
and 5.0 for Red Hat Enterprise Linux 6, and 389-ds-base package for Red Hat
Enterprise Linux 7. Due to multiple errors, an attacker could bypass security
restrictions and execute arbitrary
code.
URL:rhn.redhat.com/errata/RHSA-2015-0891.html
URL:rhn.redhat.com/errata/RHSA-2015-0895.html
22.
Security Updates in Ubuntu GNU/Linux
(USN-2581-1)
[28/04/2015] Ubuntu has
released security update packages for fixing the vulnerability identified in the
NetworkManager package for versions 14.04 LTS, 14.10 and vivid of Ubuntu
GNU/Linux. An attacker could bypass security restrictions, obtain sensitive
information and execute arbitrary
code.
URL:www.ubuntu.com/usn/usn-2581-1/
23. Vulnerabilities in Apple OS X Server
(HT204201)
[27/04/2015]
Vulnerabilities were identified in the Apple OS
X Server. An attacker could bypass security restrictions, obtain sensitive
information, gain elevated privileges and execute arbitrary code. These
vulnerabilities affect multiple versions of the mentioned product. Security
patches are available to resolve these
vulnerabilities.
URL:support.apple.com/en-hk/HT204201
24.
Vulnerability in F5 Products
(SOL16506)
[27/04/2015]
Vulnerability was identified in the F5 BIG-IP
LTM, BIG-IP AAM, BIG-IP AFM, BIG-IP Analytics, BIG-IP APM, BIG-IP ASM, BIG-IP
Edge Gateway, BIG-IP GTM, BIG-IP Link Controller, BIG-IP PEM, BIG-IP PSM, BIG-IP
WebAccelerator, BIG-IP WOM, Enterprise Manager, BIG-IQ Cloud, BIG-IQ Device,
BIG-IQ Security and BIG-IQ ADC. An attacker could bypass security restrictions,
obtain sensitive information, execute arbitrary code, perform spoofing attacks,
cause a denial of service condition and crash the system. This vulnerability
affects multiple versions of the mentioned products. Security patches are
available to resolve this
vulnerability.
URL:support.f5.com/kb/en-us/solutions/public/16000/500/sol16506.html
25.
Vulnerabilities in TAGAWA Takao
TransmitMail (102554, 102555)
[27/04/2015] Vulnerabilities were identified in the TAGAWA Takao
TransmitMail. An attacker could bypass security restrictions, obtain sensitive
information, execute arbitrary code, cause a denial of service condition and
crash the system. These vulnerabilities affect versions prior to 1.5.9 of the
mentioned product. Security patches are available to resolve these
vulnerabilities.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/102554
URL:exchange.xforce.ibmcloud.com/vulnerabilities/102555
26.
Security Updates in Debian (DSA-3233-1,
DSA-3234-1, DSA-3235-1, DSA-3236-1)
[27/04/2015] Debian has
released security update packages for fixing the vulnerabilities identified in
the wpa, openjdk-6, openjdk-7 and libreoffice packages for multiple versions of
Debian GNU/Linux. Due to multiple errors, an attacker could bypass security
restrictions, obtain sensitive information, execute arbitrary code, cause a
denial of service condition and crash the
system.
URL:www.debian.org/security/2015/dsa-3233
URL:www.debian.org/security/2015/dsa-3234
URL:www.debian.org/security/2015/dsa-3235
URL:www.debian.org/security/2015/dsa-3236
27.
Security Updates in Mageia
(MGASA-2015-0169, MGASA-2015-0170)
[27/04/2015] Mageia has
released security update packages for fixing the vulnerabilities identified in
the php and wordpress packages for multiple versions of Mageia. Due to multiple
errors, an attacker could bypass security restrictions, obtain sensitive
information, gain elevated privileges, execute arbitrary code, cause a denial of
service condition and compromise the
system.
URL:advisories.mageia.org/MGASA-2015-0169.html
URL:advisories.mageia.org/MGASA-2015-0170.html
28.
Security Updates in Ubuntu GNU/Linux
(USN-2571-1)
[27/04/2015] Ubuntu has
released security update packages for fixing the vulnerability identified in the
firefox package for versions 12.04 LTS, 14.04 LTS, 14.10 and vivid of Ubuntu
GNU/Linux. An attacker could bypass security restrictions, gain elevated
privileges, execute arbitrary code, cause a denial of service condition and
crash the
system.
URL:www.ubuntu.com/usn/usn-2571-1/
Source(s) of above
information:
No comments:
Post a Comment