1. Vulnerabilities in Cisco Products
[19/06/2015] Vulnerabilities were identified in the Cisco IOS XR Software
and Cisco WebEx Meeting Center. An attacker could bypass security restrictions,
obtain sensitive information, cause a denial of service condition and crash the
system. These vulnerabilities affect multiple firmware versions of the mentioned
products. Security patches are available to resolve these
vulnerabilities.
URL:tools.cisco.com/security/center/viewAlert.x?alertId=39402
URL:tools.cisco.com/security/center/viewAlert.x?alertId=39420
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103928
2. Vulnerability in IBM Domino Web Server
(1959908)
[19/06/2015]
Vulnerability was identified in the IBM Domino
Web Server. An attacker could bypass security restrictions, obtain sensitive
information, execute arbitrary code and perform cross-site scripting attacks.
This vulnerability affects multiple versions of the mentioned product. Security
patches are available to resolve this
vulnerability.
URL:www.ibm.com/support/docview.wss?uid=swg21959908
3. Vulnerabilities in Drupal Core
(SA-CORE-2015-002)
[19/06/2015] Vulnerabilities were identified in the Drupal Core. An
attacker could bypass security restrictions, obtain sensitive information, gain
elevated privileges, execute arbitrary code, cause a denial of service condition
and compromise the system. These vulnerabilities affect versions prior to 6.36
or 7.38 of the mentioned product. Security patches are available to resolve
these
vulnerabilities.
URL:www.drupal.org/SA-CORE-2015-002
URL:www.us-cert.gov/ncas/current-activity/2015/06/18/Drupal-Releases-Security-Updates
4. Vulnerabilities in PHP
[19/06/2015] Vulnerabilities were identified in the PHP. An attacker could
bypass security restrictions, gain elevated privileges, execute arbitrary code,
cause a denial of service condition and compromise the system. These
vulnerabilities affect versions prior to 5.4.42, 5.5.26 or 5.6.10 of the
mentioned products. Security patches are available to resolve these
vulnerabilities.
URL:www.php.net/ChangeLog-5.php#5.4.42
URL:www.php.net/ChangeLog-5.php#5.5.26
URL:www.php.net/ChangeLog-5.php#5.6.10
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103925
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103926
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103927
5. Security Updates in Debian
(DSA-3290-1)
[19/06/2015] Debian has
released security update packages for fixing the vulnerabilities identified in
the linux package for multiple versions of Debian GNU/Linux. Due to multiple
errors, an attacker could bypass security restrictions, obtain sensitive
information, gain elevated privileges, execute arbitrary code, cause a denial of
service condition and compromise the
system.
URL:www.debian.org/security/2015/dsa-3290
6. Security Updates in SUSE (SUSE-SU-2015:1085-1,
SUSE-SU-2015:1086-1)
[19/06/2015] SUSE has
released security update packages for fixing the vulnerabilities identified in
the IBM Java 1.5.0 and IBM Java 1.6.0 packages of SUSE Linux Enterprise 10 and
11. Due to multiple errors, an attacker could bypass security restrictions,
obtain sensitive information, gain elevated privileges, execute arbitrary code,
cause a denial of service condition and compromise the
system.
URL:lists.opensuse.org/opensuse-security-announce/2015-06/msg00014.html
URL:lists.opensuse.org/opensuse-security-announce/2015-06/msg00015.html
7. Information Updates on Microsoft Bulletins (2976627,
3057134)
[18/06/2015]
Microsoft has updated information on the
Security Bulletins for Microsoft Internet Explorer and Microsoft .NET Framework.
(a) MS15-048 corrected bulletin replacement for the 3035488 update for .NET
Framework 2.0 on all affected editions of Windows Server 2003 Service Pack 2.
(b) MS14-051 replaced CVE number CVE-2014-4078 with CVE number
CVE-2014-8985.
URL:technet.microsoft.com/en-us/library/security/MS15-048
URL:technet.microsoft.com/en-us/library/security/MS14-051
8. Vulnerability in Cisco IOS
XR
[18/06/2015] Vulnerability was identified in the Cisco IOS XR
Software. An attacker could bypass security restrictions, cause a denial of
service condition and crash the system. This vulnerability affects multiple
firmware versions of the mentioned product. Security patches are available to
resolve this
vulnerability.
URL:tools.cisco.com/security/center/viewAlert.x?alertId=39383
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103918
9. Vulnerabilities in Symantec Endpoint Protection
(SYM15-005)
[18/06/2015] Vulnerabilities were identified in the Symantec Endpoint
Protection Manager and Client. An attacker could bypass security restrictions,
gain elevated privileges, execute arbitrary code, cause a denial of service
condition and compromise the system. These vulnerabilities affect versions prior
to 12.1 RU6 of the mentioned products. Security patches are available to resolve
these
vulnerabilities.
URL:www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2015&suid=20150617_00
10.
Vulnerability in QEMU
(103911)
[18/06/2015]
Vulnerability was identified in the QEMU. An
attacker could bypass security restrictions, obtain sensitive information and
execute arbitrary code. The affected version was not
specified.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103911
11.
Security Updates in Oracle Linux
(ELSA-2015-1123)
[18/06/2015] Oracle has
released security update packages for fixing the vulnerabilities identified in
the cups package for Oracle Linux 6 and 7. Due to multiple errors, an attacker
could bypass security restrictions, execute arbitrary code, cause a denial of
service condition and crash the
system.
URL:linux.oracle.com/errata/ELSA-2015-1123.html
12.
Security Updates in Red Hat Enterprise
Linux (RHSA-2015:1123-1)
[18/06/2015] Red Hat
has released security update packages for fixing the vulnerabilities identified
in the cups package for Red Hat Enterprise Linux 6 and 7. Due to multiple
errors, an attacker could bypass security restrictions, execute arbitrary code,
cause a denial of service condition and crash the
system.
URL:rhn.redhat.com/errata/RHSA-2015-1123.html
13.
Vulnerabilities in Adobe Products
(APSB15-12, APSB15-13)
[17/06/2015] Vulnerabilities were identified in the Adobe Photoshop CC and
Adobe Bridge CC for Windows and Macintosh. An attacker could bypass security
restrictions, obtain sensitive information, execute arbitrary code, cause a
denial of service condition and compromise the system. These vulnerabilities
affect multiple versions of the mentioned products. Security patches are
available to resolve these
vulnerabilities.
URL:helpx.adobe.com/security/products/photoshop/apsb15-12.html
URL:helpx.adobe.com/security/products/bridge/apsb15-13.html
URL:www.us-cert.gov/ncas/current-activity/2015/06/16/Adobe-Releases-Security-Updates-Multiple-Products
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103875
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103876
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103877
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103878
14.
Vulnerabilities in Cisco
Products
[17/06/2015]
Vulnerabilities were identified in the Cisco
Prime Collaboration Manager, Cisco Adaptive Security Appliance and Cisco Cloud
Portal Appliance. An attacker could bypass security restrictions, obtain
sensitive information, gain elevated privileges, execute arbitrary code and
perform man-in-the-middle attacks. These vulnerabilities affect multiple
firmware versions of the mentioned products. Security patches are available to
resolve these
vulnerabilities.
URL:tools.cisco.com/security/center/viewAlert.x?alertId=39365
URL:tools.cisco.com/security/center/viewAlert.x?alertId=39366
URL:tools.cisco.com/security/center/viewAlert.x?alertId=39380
15.
Vulnerabilities in IBM WebSphere Commerce
(1883573, 1959387, 1959388)
[17/06/2015] Vulnerabilities were identified in the IBM WebSphere
Commerce. An attacker could bypass security restrictions, obtain sensitive
information, gain elevated privileges and execute arbitrary code. These
vulnerabilities affect multiple versions of the mentioned product. Security
patches are available to resolve these
vulnerabilities.
URL:www.hkcert.org/my_url/en/alert/15061601
URL:www.ibm.com/support/docview.wss?uid=swg21883573
URL:www.ibm.com/support/docview.wss?uid=swg21959387
URL:www.ibm.com/support/docview.wss?uid=swg21959388
16.
Vulnerability in EMC Unified
Infrastructure Manager/Provisioning (103881)
[17/06/2015] Vulnerability was identified in the EMC Unified
Infrastructure Manager/Provisioning (UIM/P). An attacker could bypass security
restrictions, execute arbitrary code and compromise the system. This
vulnerability affects version 4.1 of the mentioned product. Security patches are
available to resolve this
vulnerability.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103881
17.
Vulnerability in Pearson ProctorCache
(VU#626420)
[17/06/2015] Vulnerability was identified in the Pearson ProctorCache. An
attacker could bypass security restrictions, obtain sensitive information,
execute arbitrary code and compromise the system. This vulnerability affects
versions prior to 2015.1.17 of the mentioned product. Security patches are
available to resolve this
vulnerability.
URL:www.kb.cert.org/vuls/id/626420
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103874
18.
Vulnerability in Vesta Control Panel
(VU#842780)
[17/06/2015] Vulnerability was identified in the Vesta Control Panel. An
attacker could bypass security restrictions and gain elevated privileges. This
vulnerability affects versions prior to 0.9.8-14 of the mentioned product.
Security patches are available to resolve this
vulnerability.
URL:www.kb.cert.org/vuls/id/842780
19.
Vulnerability in Samsung Galaxy S phones
(VU#155412)
[17/06/2015] Vulnerability was identified in the Samsung Galaxy S phones.
An attacker could bypass security restrictions, obtain sensitive information,
execute arbitrary code and perform man-in-the-middle attacks. This vulnerability
affects firmware versions of the mentioned product. Security patches are
available to resolve this
vulnerability.
URL:www.kb.cert.org/vuls/id/155412
20.
Security Updates in SUSE
(SUSE-SU-2015:1071-1, SUSE-SU-2015:1073-1)
[17/06/2015] SUSE has
released security update packages for fixing the vulnerabilities identified in
the Linux Kernel and java-1_7_0-ibmr packages of SUSE Linux Enterprise 12. Due
to multiple errors, an attacker could bypass security restrictions, obtain
sensitive information, gain elevated privileges, execute arbitrary code, cause a
denial of service condition and compromise the
system.
URL:lists.opensuse.org/opensuse-security-announce/2015-06/msg00012.html
URL:lists.opensuse.org/opensuse-security-announce/2015-06/msg00013.html
21.
Security Updates in Red Hat Enterprise
Linux (RHSA-2015:1120-1)
[17/06/2015] Red Hat
has released security update packages for fixing the vulnerability identified in
the kernel packages for Red Hat Enterprise Linux 5. An attacker could bypass
security restrictions, gain elevated privileges, execute arbitrary code, cause a
denial of service condition and crash the
system.
URL:rhn.redhat.com/errata/RHSA-2015-1120.html
22.
Security Updates in Ubuntu GNU/Linux
(USN-2648-1, USN-2649-1, USN-2650-1)
[17/06/2015] Ubuntu has
released security update packages for fixing the vulnerabilities identified in
the aptdaemon, devscripts, wpa and wpasupplicant packages for versions 12.04
LTS, 14.04 LTS, 14.10 and 15.04 of Ubuntu GNU/Linux. Due to multiple errors, an
attacker could bypass security restrictions, obtain sensitive information, gain
elevated privileges, execute arbitrary code, cause a denial of service condition
and compromise the
system.
URL:www.ubuntu.com/usn/usn-2648-1/
URL:www.ubuntu.com/usn/usn-2649-1/
URL:www.ubuntu.com/usn/usn-2650-1/
23.
Vulnerabilities in Cisco
Products
[16/06/2015]
Vulnerabilities were identified in the Cisco UCS
Central Software and Cisco Virtualization Experience Client 6215 devices. An
attacker could bypass security restrictions, gain elevated privileges, execute
arbitrary code and compromise the system. These vulnerabilities affect multiple
firmware versions of the mentioned products. Security patches are available to
resolve these
vulnerabilities.
URL:tools.cisco.com/security/center/viewAlert.x?alertId=39324
URL:tools.cisco.com/security/center/viewAlert.x?alertId=39347
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103847
24.
Vulnerabilities in F5 ARX
(SOL16743)
[16/06/2015]
Vulnerability was identified in the F5 ARX. An
attacker could bypass security restrictions, cause a denial of service condition
and crash the system. This vulnerability affects versions 6.0.0 - 6.4.0 of the
mentioned
product.
URL:support.f5.com/kb/en-us/solutions/public/16000/700/sol16743.html
25.
Vulnerability in Huawei E5756s
(Huawei-SA-20150615-01-E5756s)
[16/06/2015] Vulnerability was identified in the Huawei E5756s. An
attacker could bypass security restrictions, obtain sensitive information and
execute arbitrary code. This vulnerability affects firmware versions prior to
V200R002B146D23SP00C00 of the mentioned product. Security patches are available
to resolve this
vulnerability.
URL:www.huawei.com/en/security/psirt/security-bulletins/security-advisories/archive/hw-441178.htm
26.
Vulnerability in Retrospect Backup Client
(VU#101500)
[16/06/2015] Vulnerability was identified in the Retrospect Backup Client.
An attacker could bypass security restrictions and obtain sensitive information.
This vulnerability affects multiple versions of the mentioned product. Security
patches are available to resolve this
vulnerability.
URL:www.kb.cert.org/vuls/id/101500
27.
Vulnerability in OpenBSD
(103848)
[16/06/2015]
Vulnerability was identified in the OpenBSD. An
attacker could bypass security restrictions, cause a denial of service condition
and crash the system. This vulnerability affects version 5.6 of the mentioned
product.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103848
28.
Vulnerability in OpenStack Cinder and
Nova (103849)
[16/06/2015] Vulnerability was identified in the OpenStack Cinder and
Nova. An attacker could bypass security restrictions and obtain sensitive
information. This vulnerability affects version 2014.1.3 and 2014.2.1 of the
mentioned product. Security patches are available to resolve this
vulnerability.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103849
29.
Vulnerability in PuTTY
(103850)
[16/06/2015]
Vulnerability was identified in the PuTTY. An
attacker could bypass security restrictions, cause a denial of service condition
and crash the system. This vulnerability affects version 0.64 of the mentioned
product.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103850
30.
Security Updates in Oracle Linux
(ELSA-2015-1115)
[16/06/2015] Oracle has
released security update packages for fixing the vulnerabilities identified in
the openssl package for Oracle Linux 6 and 7. Due to multiple errors, an
attacker could bypass security restrictions, execute arbitrary code, cause a
denial of service condition and crash the
system.
URL:linux.oracle.com/errata/ELSA-2015-1115.html
31.
Security Updates in Debian
(DSA-3289-1)
[16/06/2015] Debian has
released security update packages for fixing the vulnerability identified in the
p7zip package for multiple versions of Debian GNU/Linux. An attacker could
bypass security restriction, obtain sensitive information and execute arbitrary
code.
URL:www.debian.org/security/2015/dsa-3289
32.
Security Updates in Ubuntu GNU/Linux
(USN-2640-1, USN-2641-1, USN-2642-1, USN-2643-1, USN-2644-1, USN-2645-1,
USN-2646-1, USN-2647-1)
[16/06/2015] Ubuntu has
released security update packages for fixing the vulnerabilities identified in
the linux, linux-ti-omap4, linux-lts-trusty, linux-lts-utopic and
linux-lts-vivid packages for versions 12.04 LTS, 14.04 LTS, 14.10 and 15.04 of
Ubuntu GNU/Linux. Due to multiple errors, an attacker could bypass security
restrictions, obtain sensitive information, gain elevated privileges, execute
arbitrary code, cause a denial of service condition and compromise the
system.
URL:www.ubuntu.com/usn/usn-2640-1/
URL:www.ubuntu.com/usn/usn-2641-1/
URL:www.ubuntu.com/usn/usn-2642-1/
URL:www.ubuntu.com/usn/usn-2643-1/
URL:www.ubuntu.com/usn/usn-2644-1/
URL:www.ubuntu.com/usn/usn-2645-1/
URL:www.ubuntu.com/usn/usn-2646-1/
URL:www.ubuntu.com/usn/usn-2647-1/
33.
Vulnerabilities in Cisco
Products
[15/06/2015]
Vulnerabilities were identified in the Cisco
Email Security Appliance and Cisco IOS Software. An attacker could bypass
security restrictions, gain elevated privileges, cause a denial of service
condition and crash the system. These vulnerabilities affect multiple firmware
versions of the mentioned products. Security patches are available to resolve
these vulnerabilities identified in the Cisco IOS
Software.
URL:tools.cisco.com/security/center/viewAlert.x?alertId=39339
URL:tools.cisco.com/security/center/viewAlert.x?alertId=39343
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103826
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103827
34.
Vulnerabilities in Novell Products
(5212230)
[15/06/2015]
Vulnerabilities were identified in the Novell
Messenger and Novell ZENworks Mobile Management. An attacker could bypass
security restrictions, execute arbitrary code, perform cross-site scripting
attacks, cause a denial of service condition and crash the system. These
vulnerabilities affect multiple versions of the mentioned products. Security
patches are available to resolve these vulnerabilities identified in the Novell
Messenger.
URL:download.novell.com/Download?buildid=o8Y11QiTuc4~
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103823
35.
Vulnerabilities in D-Link DSP-W110
(103808, 103809, 103810)
[15/06/2015] Vulnerabilities were identified in the D-Link DSP-W110. An
attacker could bypass security restrictions, gain elevated privileges, execute
arbitrary code and compromise the system. These vulnerabilities affect firmware
version (Rev A) - v1.05b01 of the mentioned
product.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103808
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103809
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103810
36.
Security Updates in Debian (DSA-3284-1,
DSA-3285-1, DSA-3286-1, DSA-3287-1, DSA-3288-1)
[15/06/2015] Debian has released security update packages for fixing the
vulnerabilities identified in the qemu, qemu-kvm, xen, openssl and libav
packages for multiple versions of Debian GNU/Linux. Due to multiple errors, an
attacker could bypass security restriction, obtain sensitive information, gain
elevated privileges, execute arbitrary code, cause a denial of service condition
and compromise the
system.
URL:www.debian.org/security/2015/dsa-3284
URL:www.debian.org/security/2015/dsa-3285
URL:www.debian.org/security/2015/dsa-3286
URL:www.debian.org/security/2015/dsa-3287
URL:www.debian.org/security/2015/dsa-3288
37.
Security Updates in FreeBSD
(FreeBSD-SA-15:10.openssl)
[15/06/2015] FreeBSD
has released security update packages for fixing the vulnerabilities identified
in the openssl packages for multiple versions of FreeBSD Linux. Due to multiple
errors, an attacker could bypass security restrictions, execute arbitrary code,
cause a denial of service condition and crash the
system.
URL:www.freebsd.org/security/advisories/FreeBSD-SA-15:10.openssl.asc
38.
Security Updates in SUSE
(openSUSE-SU-2015:1056-1, openSUSE-SU-2015:1061-1)
[15/06/2015] SUSE has released security update packages for fixing the
vulnerability identified in the cups and Adobe Flash Player packages of openSUSE
13.1, 13.2 and Evergreen 11.4. Due to multiple errors, an attacker could bypass
security restrictions, obtain sensitive information, gain elevated privileges,
execute arbitrary code, cause a denial of service condition and compromise the
system.
URL:lists.opensuse.org/opensuse-security-announce/2015-06/msg00010.html
URL:lists.opensuse.org/opensuse-security-announce/2015-06/msg00011.html
Sunday, June 28, 2015
IT Security Alerts Weekly Digest (21 Jun ~ 27 Jun 2015)
1. Vulnerabilities in Cisco Products (cisco-sa-20150625-ironport)
[26/06/2015] Vulnerabilities were identified in the Cisco Web Security Virtual Appliance (WSAv), Cisco Email Security Virtual Appliance (ESAv), Cisco Content Security Management Virtual Appliance (SMAv) and Cisco Wireless LAN Controller. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, perform code injection attacks, cause a denial of service condition and compromise the system. These vulnerabilities affect multiple firmware versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150625-ironport
URL:tools.cisco.com/security/center/viewAlert.x?alertId=39461
URL:tools.cisco.com/security/center/viewAlert.x?alertId=39517
URL:www.us-cert.gov/ncas/current-activity/2015/06/25/Cisco-Releases-Security-Updates
URL:exchange.xforce.ibmcloud.com/vulnerabilities/104072
URL:exchange.xforce.ibmcloud.com/vulnerabilities/104073
URL:exchange.xforce.ibmcloud.com/vulnerabilities/104075
2. Vulnerability in EMC Unisphere for VMAX (104074)
[26/06/2015] Vulnerability was identified in the EMC Unisphere for VMAX. An attacker could bypass security restrictions and execute arbitrary code. This vulnerability affects versions 8.0.0, 8.0.1 and 8.0.2 of the mentioned product. Security patches are available to resolve this vulnerability.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/104074
3. Security Updates in Oracle Linux (ELSA-2015-1185, ELSA-2015-1189, ELSA-2015-3046, ELSA-2015-3047)
[26/06/2015] Oracle has released security update packages for fixing the vulnerabilities identified in the nss, kvm and kernel packages for Oracle Linux 5, 6 and 7. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the system.
URL:linux.oracle.com/errata/ELSA-2015-1185.html
URL:linux.oracle.com/errata/ELSA-2015-1189.html
URL:linux.oracle.com/errata/ELSA-2015-3046.html
URL:linux.oracle.com/errata/ELSA-2015-3047.html
4. Security Updates in Red Hat Enterprise Linux (RHSA-2015:1185-1, RHSA-2015:1186-1, RHSA-2015:1187-1, RHSA-2015:1188-1, RHSA-2015:1189-1, RHSA-2015:1190-1)
[26/06/2015] Red Hat has released security update packages for fixing the vulnerabilities identified in the nss, nss-util, php55-php, php56-php, chromium-browser, kvm and kernel packages for Red Hat Enterprise Linux 5, 6 and 7. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:rhn.redhat.com/errata/RHSA-2015-1185.html
URL:rhn.redhat.com/errata/RHSA-2015-1186.html
URL:rhn.redhat.com/errata/RHSA-2015-1187.html
URL:rhn.redhat.com/errata/RHSA-2015-1188.html
URL:rhn.redhat.com/errata/RHSA-2015-1189.html
URL:rhn.redhat.com/errata/RHSA-2015-1190.html
5. Security Updates in SUSE (openSUSE-SU-2015:1139-1, SUSE-SU-2015:1143-1)
[26/06/2015] SUSE has released security update packages for fixing the vulnerabilities identified in the openssl packages of openSUSE 13.1 and 13.2, and SUSE Linux Enterprise 12. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and crash the system.
URL:lists.opensuse.org/opensuse-security-announce/2015-06/msg00023.html
URL:lists.opensuse.org/opensuse-security-announce/2015-06/msg00024.html
6. Security Updates in Ubuntu GNU/Linux (USN-2653-1, USN-2654-1, USN-2655-1)
[26/06/2015] Ubuntu has released security update packages for fixing the vulnerabilities identified in the python2.7, python3.2, python3.4, tomcat7 and tomcat6 packages for versions 12.04 LTS, 14.04 LTS, 14.10 and 15.04 of Ubuntu GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the system.
URL:www.ubuntu.com/usn/usn-2653-1/
URL:www.ubuntu.com/usn/usn-2654-1/
URL:www.ubuntu.com/usn/usn-2655-1/
7. Vulnerability in Apple OS X (104062)
[25/06/2015] Vulnerability was identified in the Apple OS X. An attacker could bypass security restrictions and execute arbitrary code. This vulnerability affects multiple versions of the mentioned product. Security patches are available to resolve this vulnerability.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/104062
8. Vulnerabilities in Cisco Products
[25/06/2015] Vulnerabilities were identified in the Cisco Unified Presence Server, Cisco IM and Presence Service, and Cisco IOS XR. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, perform cross-site scripting and code injection attacks, cause a denial of service condition and crash the system. These vulnerabilities affect multiple firmware versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:tools.cisco.com/security/center/viewAlert.x?alertId=39504
URL:tools.cisco.com/security/center/viewAlert.x?alertId=39505
URL:tools.cisco.com/security/center/viewAlert.x?alertId=39506
URL:tools.cisco.com/security/center/viewAlert.x?alertId=39509
URL:exchange.xforce.ibmcloud.com/vulnerabilities/104059
URL:exchange.xforce.ibmcloud.com/vulnerabilities/104063
URL:exchange.xforce.ibmcloud.com/vulnerabilities/104064
URL:exchange.xforce.ibmcloud.com/vulnerabilities/104065
9. Vulnerabilities in Samsung Products (104060, 104061)
[25/06/2015] Vulnerabilities were identified in the Samsung Galaxy S5 and Samsung Sbeam. An attacker could bypass security restrictions, obtain sensitive information and execute arbitrary code. These vulnerabilities affect multiple firmware versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/104060
URL:exchange.xforce.ibmcloud.com/vulnerabilities/104061
10. Vulnerability in Thycotic Secret Server (104052)
[25/06/2015] Vulnerability was identified in the Thycotic Secret Server. An attacker could bypass security restrictions, execute arbitrary code and perform ross-site scripting attacks. This vulnerability affects versions 8.6.000000 and 8.8.000004 of the mentioned product. Security patches are available to resolve this vulnerability.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/104052
11. Security Updates in Oracle Linux (ELSA-2015-3045)
[25/06/2015] Oracle has released security update packages for fixing the vulnerabilities identified in the kernel packages for Oracle Linux 7. Due to multiple errors, an attacker could bypass security restrictions, gain elevated privileges, execute arbitrary code and cause a denial of service condition.
URL:linux.oracle.com/errata/ELSA-2015-3045.html
12. Security Updates in Debian (DSA-3294-1, DSA-3295-1)
[25/06/2015] Debian has released security update packages for fixing the vulnerabilities identified in the wireshark and cacti packages for multiple versions of Debian GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, execute arbitrary code, perform cross-site scripting and code injection attacks, cause a denial of service condition and crash the system.
URL:www.debian.org/security/2015/dsa-3294
URL:www.debian.org/security/2015/dsa-3295
13. Security Updates in Mageia (MGASA-2015-0248)
[25/06/2015] Mageia has released security update packages for fixing the vulnerabilities identified in the flash-player-plugin package for multiple versions of Mageia. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:advisories.mageia.org/MGASA-2015-0248.html
14. Security Updates in Red Hat Enterprise Linux (RHSA-2015:1184-1)
[25/06/2015] Red Hat has released security update packages for fixing the vulnerability identified in the adobe flash player packages for Red Hat Enterprise Linux 5 and 6. An attacker could bypass security restrictions, execute arbitrary code, cause a denial of service condition and crash the system.
URL:rhn.redhat.com/errata/RHSA-2015-1184.html
15. Security Updates in SUSE (SUSE-SU-2015:1086-3, SUSE-SU-2015:1136-1, SUSE-SU-2015:1138-1)
[25/06/2015] SUSE has released security update packages for fixing the vulnerabilities identified in the flash-player, IBM Java 1.7.0 and IBM Java 1.6.0 packages of SUSE Linux Enterprise 10, 11 and 12. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:lists.opensuse.org/opensuse-security-announce/2015-06/msg00020.html
URL:lists.opensuse.org/opensuse-security-announce/2015-06/msg00021.html
URL:lists.opensuse.org/opensuse-security-announce/2015-06/msg00022.html
16. Information Updates on Microsoft Bulletins (3057110, 3058985)
[24/06/2015] Microsoft has updated information on the Security Bulletins for Microsoft Windows, Microsoft .NET Framework, Microsoft Office, Microsoft Lync, and Microsoft Silverlight. (a) MS14-044 was revised to announce a detection change in the 3056819 update for Microsoft Silverlight 5. (b) MS15-049 was revised to announce a detection change in the 3056819 update for Microsoft Silverlight 5.
URL:technet.microsoft.com/en-us/library/security/MS15-044
URL:technet.microsoft.com/en-us/library/security/MS15-049
17. Vulnerability in Adobe Flash Player (APSB15-14)
[24/06/2015] Vulnerability was identified in the Adobe Flash Player. An attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and compromise the system. This vulnerability affects multiple versions of the mentioned product. Security patches are available to resolve this vulnerability.
URL:helpx.adobe.com/security/products/flash-player/apsb15-14.html
URL:technet.microsoft.com/en-us/library/security/2755801
URL:www.hkcert.org/my_url/en/alert/15062401
URL:www.us-cert.gov/ncas/current-activity/2015/06/23/Adobe-Releases-Security-Updates-Flash-Player
URL:exchange.xforce.ibmcloud.com/vulnerabilities/104002
18. Vulnerabilities in Cisco Products
[24/06/2015] Vulnerabilities were identified in the Cisco WebEx Meeting Center, Cisco AnyConnect Secure Mobility Client for Windows, Cisco Nexus 9000 Series Software, Cisco Unified MeetingPlace, Cisco Wireless LAN Controller, Cisco Jabber for Windows and Cisco Identity Services Engine and Secure Access Control System. An attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, perform code injection attacks, cause a denial of service condition and crash the system. These vulnerabilities affect multiple firmware versions of the mentioned products. Security patches are available to resolve these vulnerabilities except the Cisco Jabber for Windows.
URL:tools.cisco.com/security/center/viewAlert.x?alertId=39458
URL:tools.cisco.com/security/center/viewAlert.x?alertId=39466
URL:tools.cisco.com/security/center/viewAlert.x?alertId=39467
URL:tools.cisco.com/security/center/viewAlert.x?alertId=39469
URL:tools.cisco.com/security/center/viewAlert.x?alertId=39470
URL:tools.cisco.com/security/center/viewAlert.x?alertId=39472
URL:tools.cisco.com/security/center/viewAlert.x?alertId=39494
URL:tools.cisco.com/security/center/viewAlert.x?alertId=39501
URL:exchange.xforce.ibmcloud.com/vulnerabilities/104003
URL:exchange.xforce.ibmcloud.com/vulnerabilities/104008
19. Vulnerability in Paintshop Pro X7 (104001)
[24/06/2015] Vulnerability was identified in the Paintshop Pro X7. An attacker could bypass security restrictions, gain elevated privileges and execute arbitrary code. This vulnerability affects multiple versions of the mentioned product. Security patches are available to resolve this vulnerability.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/104001
20. Vulnerability in FTP To Zip plugin for WordPress (104015)
[24/06/2015] Vulnerability was identified in the FTP To Zip plugin for WordPress. An attacker could bypass security restrictions and execute arbitrary code. This vulnerability affects versions 1.8 of the mentioned product.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/104015
21. Security Updates in Oracle Linux (ELSA-2015-1135, ELSA-2015-1137, ELSA-2015-1153, ELSA-2015-1154)
[24/06/2015] Oracle has released security update packages for fixing the vulnerabilities identified in the php, kernel, mailman and libreswan packages for Oracle Linux 7. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:linux.oracle.com/errata/ELSA-2015-1135.html
URL:linux.oracle.com/errata/ELSA-2015-1137.html
URL:linux.oracle.com/errata/ELSA-2015-1153.html
URL:linux.oracle.com/errata/ELSA-2015-1154.html
22. Security Updates in Gentoo Linux (GLSA 201506-04)
[24/06/2015] Gentoo has released security update packages for fixing the vulnerabilities identified in the chromium packages for multiple versions of Gentoo Linux. Due to multiple errors, an attacker could bypass security restrictions, execute arbitrary code, cause a denial of service condition and crash the system.
URL:security.gentoo.org/glsa/201506-04
23. Security Updates in Red Hat Enterprise Linux (RHSA-2015:1135-1)
[24/06/2015] Red Hat has released security update packages for fixing the vulnerabilities identified in the php packages for Red Hat Enterprise Linux 7. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:rhn.redhat.com/errata/RHSA-2015-1135.html
24. Security Updates in SUSE (SUSE-SU-2015:1103-1)
[24/06/2015] SUSE has released security update packages for fixing the vulnerabilities identified in the e2fsprogs package of SUSE Linux Enterprise 11. Due to multiple errors, an attacker could bypass security restrictions, cause a denial of service condition and crash the system.
URL:lists.opensuse.org/opensuse-security-announce/2015-06/msg00019.html
25. Vulnerability in Apache Storm (103970)
[23/06/2015] Vulnerability was identified in the Apache Storm. An attacker could bypass security restrictions and execute arbitrary code. This vulnerability affects versions prior to 0.10.0-beta1 of the mentioned product. Security patches are available to resolve this vulnerability.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103970
26. Vulnerabilities in Apple OS X
[23/06/2015] Vulnerabilities were identified in the Apple OS X. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code and compromise the system. These vulnerabilities affect versions 10.10.3 and prior of the mentioned product.
URL:www.hkcert.org/my_url/en/alert/15062201
27. Vulnerabilities in Cisco Products
[23/06/2015] Vulnerabilities were identified in the Cisco Data Center Analytics Framework, Cisco Universal Broadband Routers, Cisco ASR 9000 Series Aggregation Services Routers and Cisco WebEx Meetings. An attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, perform cross-site scripting and cross-site request forgery attacks, cause a denial of service condition and crash the system. These vulnerabilities affect multiple firmware versions of the mentioned products. Security patches are available to resolve these vulnerabilities except the Cisco Data Center Analytics Framework.
URL:tools.cisco.com/security/center/viewAlert.x?alertId=39377
URL:tools.cisco.com/security/center/viewAlert.x?alertId=39423
URL:tools.cisco.com/security/center/viewAlert.x?alertId=39424
URL:tools.cisco.com/security/center/viewAlert.x?alertId=39439
URL:tools.cisco.com/security/center/viewAlert.x?alertId=39440
URL:tools.cisco.com/security/center/viewAlert.x?alertId=39455
URL:tools.cisco.com/security/center/viewAlert.x?alertId=39457
URL:tools.cisco.com/security/center/viewAlert.x?alertId=39459
URL:tools.cisco.com/security/center/viewAlert.x?alertId=39460
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103963
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103964
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103965
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103966
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103967
28. Vulnerabilities in Symantec Data Loss Prevention (SYM15-006)
[23/06/2015] Vulnerabilities were identified in the Symantec Data Loss Prevention Enforce Server Administration Console. An attacker could bypass security restrictions, gain elevated privileges, execute arbitrary code, perform cross-site scripting and cross-site request forgery attacks. These vulnerabilities affect versions prior to 12.5.2 of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2015&suid=20150622_00
29. Vulnerability in FreeRADIUS (103971)
[23/06/2015] Vulnerability was identified in the FreeRADIUS. An attacker could bypass security restrictions and execute arbitrary code. This vulnerability affects versions prior to 3.0.9 of the mentioned product. Security patches are available to resolve this vulnerability.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103971
30. Vulnerabilities in Google Chrome
[23/06/2015] Vulnerabilities were identified in the Google Chrome. An attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and compromise the system. These vulnerabilities affect versions prior to 43.0.2357.130 of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:googlechromereleases.blogspot.hk/2015/06/chrome-stable-update.html
URL:www.us-cert.gov/ncas/current-activity/2015/06/22/Google-Releases-Security-Update-Chrome
31. Security Updates in Gentoo Linux (GLSA 201506-02, GLSA 201506-03)
[23/06/2015] Gentoo has released security update packages for fixing the vulnerabilities identified in the openssl and gnutls packages for multiple versions of Gentoo Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, cause a denial of service condition and crash the system.
URL:security.gentoo.org/glsa/201506-02
URL:security.gentoo.org/glsa/201506-03
32. Security Updates in SUSE (openSUSE-SU-2015:1092-1, openSUSE-SU-2015:1094-1, SUSE-SU-2015:1086-2)
[23/06/2015] SUSE has released security update packages for fixing the vulnerabilities identified in the xen package of openSUSE 13.1 and 13.2, and IBM Java 1.6.0 package of SUSE Linux Enterprise 11. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:lists.opensuse.org/opensuse-security-announce/2015-06/msg00016.html
URL:lists.opensuse.org/opensuse-security-announce/2015-06/msg00017.html
URL:lists.opensuse.org/opensuse-security-announce/2015-06/msg00018.html
33. Security Updates in Ubuntu GNU/Linux (USN-2651-1)
[23/06/2015] Ubuntu has released security update packages for fixing the vulnerabilities identified in the GNU patch packages for versions 12.04 LTS, 14.04 LTS and 14.10 of Ubuntu GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the system.
URL:www.ubuntu.com/usn/usn-2651-1/
34. Vulnerabilities in Cisco Products
[22/06/2015] Vulnerabilities were identified in the Cisco NX-OS Software, Cisco Web Security Appliance, Cisco Gateway General Packet Radio Service Support Node and Cisco uBR10000 Series Universal Broadband Routers. An attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and crash the system. These vulnerabilities affect multiple firmware versions of the mentioned products. Security patches are available to resolve these vulnerabilities except the Cisco Web Security Appliance.
URL:tools.cisco.com/security/center/viewAlert.x?alertId=39421
URL:tools.cisco.com/security/center/viewAlert.x?alertId=39422
URL:tools.cisco.com/security/center/viewAlert.x?alertId=39431
URL:tools.cisco.com/security/center/viewAlert.x?alertId=39432
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103948
35. Vulnerabilities in Cacti (103949, 103950)
[22/06/2015] Vulnerabilities were identified in the Cacti. An attacker could bypass security restrictions, execute arbitrary code, perform code injection and cross-site scripting attacks. These vulnerabilities affect versions prior to 0.8.8d of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103949
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103950
36. Security Updates in Debian (DSA-3291-1, DSA-3292-1, DSA-3293-1)
[22/06/2015] Debian has released security update packages for fixing the vulnerabilities identified in the drupal7, cinder and pyjwt packages for multiple versions of Debian GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:www.debian.org/security/2015/dsa-3291
URL:www.debian.org/security/2015/dsa-3292
URL:www.debian.org/security/2015/dsa-3293
37. Security Updates in Gentoo Linux (GLSA 201506-01)
[22/06/2015] Gentoo has released security update packages for fixing the vulnerabilities identified in the adobe-flash packages for multiple versions of Gentoo Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the system.
URL:security.gentoo.org/glsa/201506-01
38. Security Updates in Mageia (MGASA-2015-0244, MGASA-2015-0245, MGASA-2015-0246, MGASA-2015-0247)
[22/06/2015] Mageia has released security update packages for fixing the vulnerabilities identified in the redis, ffmpeg, openssl and cups packages for multiple versions of Mageia. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the system.
URL:advisories.mageia.org/MGASA-2015-0244.html
URL:advisories.mageia.org/MGASA-2015-0245.html
URL:advisories.mageia.org/MGASA-2015-0246.html
URL:advisories.mageia.org/MGASA-2015-0247.html
39. Security Updates in Ubuntu GNU/Linux (USN-2640-2, USN-2641-2, USN-2642-2, USN-2643-2, USN-2644-2, USN-2646-2)
[22/06/2015] Ubuntu has released security update packages for fixing the vulnerabilities identified in the linux, linux-ti-omap4, linux-lts-trusty and linux-lts-utopic packages for versions 12.04 LTS, 14.04 LTS and 14.10 of Ubuntu GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:www.ubuntu.com/usn/usn-2640-2/
URL:www.ubuntu.com/usn/usn-2641-2/
URL:www.ubuntu.com/usn/usn-2642-2/
URL:www.ubuntu.com/usn/usn-2643-2/
URL:www.ubuntu.com/usn/usn-2644-2/
URL:www.ubuntu.com/usn/usn-2646-2/
[26/06/2015] Vulnerabilities were identified in the Cisco Web Security Virtual Appliance (WSAv), Cisco Email Security Virtual Appliance (ESAv), Cisco Content Security Management Virtual Appliance (SMAv) and Cisco Wireless LAN Controller. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, perform code injection attacks, cause a denial of service condition and compromise the system. These vulnerabilities affect multiple firmware versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150625-ironport
URL:tools.cisco.com/security/center/viewAlert.x?alertId=39461
URL:tools.cisco.com/security/center/viewAlert.x?alertId=39517
URL:www.us-cert.gov/ncas/current-activity/2015/06/25/Cisco-Releases-Security-Updates
URL:exchange.xforce.ibmcloud.com/vulnerabilities/104072
URL:exchange.xforce.ibmcloud.com/vulnerabilities/104073
URL:exchange.xforce.ibmcloud.com/vulnerabilities/104075
2. Vulnerability in EMC Unisphere for VMAX (104074)
[26/06/2015] Vulnerability was identified in the EMC Unisphere for VMAX. An attacker could bypass security restrictions and execute arbitrary code. This vulnerability affects versions 8.0.0, 8.0.1 and 8.0.2 of the mentioned product. Security patches are available to resolve this vulnerability.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/104074
3. Security Updates in Oracle Linux (ELSA-2015-1185, ELSA-2015-1189, ELSA-2015-3046, ELSA-2015-3047)
[26/06/2015] Oracle has released security update packages for fixing the vulnerabilities identified in the nss, kvm and kernel packages for Oracle Linux 5, 6 and 7. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the system.
URL:linux.oracle.com/errata/ELSA-2015-1185.html
URL:linux.oracle.com/errata/ELSA-2015-1189.html
URL:linux.oracle.com/errata/ELSA-2015-3046.html
URL:linux.oracle.com/errata/ELSA-2015-3047.html
4. Security Updates in Red Hat Enterprise Linux (RHSA-2015:1185-1, RHSA-2015:1186-1, RHSA-2015:1187-1, RHSA-2015:1188-1, RHSA-2015:1189-1, RHSA-2015:1190-1)
[26/06/2015] Red Hat has released security update packages for fixing the vulnerabilities identified in the nss, nss-util, php55-php, php56-php, chromium-browser, kvm and kernel packages for Red Hat Enterprise Linux 5, 6 and 7. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:rhn.redhat.com/errata/RHSA-2015-1185.html
URL:rhn.redhat.com/errata/RHSA-2015-1186.html
URL:rhn.redhat.com/errata/RHSA-2015-1187.html
URL:rhn.redhat.com/errata/RHSA-2015-1188.html
URL:rhn.redhat.com/errata/RHSA-2015-1189.html
URL:rhn.redhat.com/errata/RHSA-2015-1190.html
5. Security Updates in SUSE (openSUSE-SU-2015:1139-1, SUSE-SU-2015:1143-1)
[26/06/2015] SUSE has released security update packages for fixing the vulnerabilities identified in the openssl packages of openSUSE 13.1 and 13.2, and SUSE Linux Enterprise 12. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and crash the system.
URL:lists.opensuse.org/opensuse-security-announce/2015-06/msg00023.html
URL:lists.opensuse.org/opensuse-security-announce/2015-06/msg00024.html
6. Security Updates in Ubuntu GNU/Linux (USN-2653-1, USN-2654-1, USN-2655-1)
[26/06/2015] Ubuntu has released security update packages for fixing the vulnerabilities identified in the python2.7, python3.2, python3.4, tomcat7 and tomcat6 packages for versions 12.04 LTS, 14.04 LTS, 14.10 and 15.04 of Ubuntu GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the system.
URL:www.ubuntu.com/usn/usn-2653-1/
URL:www.ubuntu.com/usn/usn-2654-1/
URL:www.ubuntu.com/usn/usn-2655-1/
7. Vulnerability in Apple OS X (104062)
[25/06/2015] Vulnerability was identified in the Apple OS X. An attacker could bypass security restrictions and execute arbitrary code. This vulnerability affects multiple versions of the mentioned product. Security patches are available to resolve this vulnerability.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/104062
8. Vulnerabilities in Cisco Products
[25/06/2015] Vulnerabilities were identified in the Cisco Unified Presence Server, Cisco IM and Presence Service, and Cisco IOS XR. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, perform cross-site scripting and code injection attacks, cause a denial of service condition and crash the system. These vulnerabilities affect multiple firmware versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:tools.cisco.com/security/center/viewAlert.x?alertId=39504
URL:tools.cisco.com/security/center/viewAlert.x?alertId=39505
URL:tools.cisco.com/security/center/viewAlert.x?alertId=39506
URL:tools.cisco.com/security/center/viewAlert.x?alertId=39509
URL:exchange.xforce.ibmcloud.com/vulnerabilities/104059
URL:exchange.xforce.ibmcloud.com/vulnerabilities/104063
URL:exchange.xforce.ibmcloud.com/vulnerabilities/104064
URL:exchange.xforce.ibmcloud.com/vulnerabilities/104065
9. Vulnerabilities in Samsung Products (104060, 104061)
[25/06/2015] Vulnerabilities were identified in the Samsung Galaxy S5 and Samsung Sbeam. An attacker could bypass security restrictions, obtain sensitive information and execute arbitrary code. These vulnerabilities affect multiple firmware versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/104060
URL:exchange.xforce.ibmcloud.com/vulnerabilities/104061
10. Vulnerability in Thycotic Secret Server (104052)
[25/06/2015] Vulnerability was identified in the Thycotic Secret Server. An attacker could bypass security restrictions, execute arbitrary code and perform ross-site scripting attacks. This vulnerability affects versions 8.6.000000 and 8.8.000004 of the mentioned product. Security patches are available to resolve this vulnerability.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/104052
11. Security Updates in Oracle Linux (ELSA-2015-3045)
[25/06/2015] Oracle has released security update packages for fixing the vulnerabilities identified in the kernel packages for Oracle Linux 7. Due to multiple errors, an attacker could bypass security restrictions, gain elevated privileges, execute arbitrary code and cause a denial of service condition.
URL:linux.oracle.com/errata/ELSA-2015-3045.html
12. Security Updates in Debian (DSA-3294-1, DSA-3295-1)
[25/06/2015] Debian has released security update packages for fixing the vulnerabilities identified in the wireshark and cacti packages for multiple versions of Debian GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, execute arbitrary code, perform cross-site scripting and code injection attacks, cause a denial of service condition and crash the system.
URL:www.debian.org/security/2015/dsa-3294
URL:www.debian.org/security/2015/dsa-3295
13. Security Updates in Mageia (MGASA-2015-0248)
[25/06/2015] Mageia has released security update packages for fixing the vulnerabilities identified in the flash-player-plugin package for multiple versions of Mageia. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:advisories.mageia.org/MGASA-2015-0248.html
14. Security Updates in Red Hat Enterprise Linux (RHSA-2015:1184-1)
[25/06/2015] Red Hat has released security update packages for fixing the vulnerability identified in the adobe flash player packages for Red Hat Enterprise Linux 5 and 6. An attacker could bypass security restrictions, execute arbitrary code, cause a denial of service condition and crash the system.
URL:rhn.redhat.com/errata/RHSA-2015-1184.html
15. Security Updates in SUSE (SUSE-SU-2015:1086-3, SUSE-SU-2015:1136-1, SUSE-SU-2015:1138-1)
[25/06/2015] SUSE has released security update packages for fixing the vulnerabilities identified in the flash-player, IBM Java 1.7.0 and IBM Java 1.6.0 packages of SUSE Linux Enterprise 10, 11 and 12. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:lists.opensuse.org/opensuse-security-announce/2015-06/msg00020.html
URL:lists.opensuse.org/opensuse-security-announce/2015-06/msg00021.html
URL:lists.opensuse.org/opensuse-security-announce/2015-06/msg00022.html
16. Information Updates on Microsoft Bulletins (3057110, 3058985)
[24/06/2015] Microsoft has updated information on the Security Bulletins for Microsoft Windows, Microsoft .NET Framework, Microsoft Office, Microsoft Lync, and Microsoft Silverlight. (a) MS14-044 was revised to announce a detection change in the 3056819 update for Microsoft Silverlight 5. (b) MS15-049 was revised to announce a detection change in the 3056819 update for Microsoft Silverlight 5.
URL:technet.microsoft.com/en-us/library/security/MS15-044
URL:technet.microsoft.com/en-us/library/security/MS15-049
17. Vulnerability in Adobe Flash Player (APSB15-14)
[24/06/2015] Vulnerability was identified in the Adobe Flash Player. An attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and compromise the system. This vulnerability affects multiple versions of the mentioned product. Security patches are available to resolve this vulnerability.
URL:helpx.adobe.com/security/products/flash-player/apsb15-14.html
URL:technet.microsoft.com/en-us/library/security/2755801
URL:www.hkcert.org/my_url/en/alert/15062401
URL:www.us-cert.gov/ncas/current-activity/2015/06/23/Adobe-Releases-Security-Updates-Flash-Player
URL:exchange.xforce.ibmcloud.com/vulnerabilities/104002
18. Vulnerabilities in Cisco Products
[24/06/2015] Vulnerabilities were identified in the Cisco WebEx Meeting Center, Cisco AnyConnect Secure Mobility Client for Windows, Cisco Nexus 9000 Series Software, Cisco Unified MeetingPlace, Cisco Wireless LAN Controller, Cisco Jabber for Windows and Cisco Identity Services Engine and Secure Access Control System. An attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, perform code injection attacks, cause a denial of service condition and crash the system. These vulnerabilities affect multiple firmware versions of the mentioned products. Security patches are available to resolve these vulnerabilities except the Cisco Jabber for Windows.
URL:tools.cisco.com/security/center/viewAlert.x?alertId=39458
URL:tools.cisco.com/security/center/viewAlert.x?alertId=39466
URL:tools.cisco.com/security/center/viewAlert.x?alertId=39467
URL:tools.cisco.com/security/center/viewAlert.x?alertId=39469
URL:tools.cisco.com/security/center/viewAlert.x?alertId=39470
URL:tools.cisco.com/security/center/viewAlert.x?alertId=39472
URL:tools.cisco.com/security/center/viewAlert.x?alertId=39494
URL:tools.cisco.com/security/center/viewAlert.x?alertId=39501
URL:exchange.xforce.ibmcloud.com/vulnerabilities/104003
URL:exchange.xforce.ibmcloud.com/vulnerabilities/104008
19. Vulnerability in Paintshop Pro X7 (104001)
[24/06/2015] Vulnerability was identified in the Paintshop Pro X7. An attacker could bypass security restrictions, gain elevated privileges and execute arbitrary code. This vulnerability affects multiple versions of the mentioned product. Security patches are available to resolve this vulnerability.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/104001
20. Vulnerability in FTP To Zip plugin for WordPress (104015)
[24/06/2015] Vulnerability was identified in the FTP To Zip plugin for WordPress. An attacker could bypass security restrictions and execute arbitrary code. This vulnerability affects versions 1.8 of the mentioned product.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/104015
21. Security Updates in Oracle Linux (ELSA-2015-1135, ELSA-2015-1137, ELSA-2015-1153, ELSA-2015-1154)
[24/06/2015] Oracle has released security update packages for fixing the vulnerabilities identified in the php, kernel, mailman and libreswan packages for Oracle Linux 7. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:linux.oracle.com/errata/ELSA-2015-1135.html
URL:linux.oracle.com/errata/ELSA-2015-1137.html
URL:linux.oracle.com/errata/ELSA-2015-1153.html
URL:linux.oracle.com/errata/ELSA-2015-1154.html
22. Security Updates in Gentoo Linux (GLSA 201506-04)
[24/06/2015] Gentoo has released security update packages for fixing the vulnerabilities identified in the chromium packages for multiple versions of Gentoo Linux. Due to multiple errors, an attacker could bypass security restrictions, execute arbitrary code, cause a denial of service condition and crash the system.
URL:security.gentoo.org/glsa/201506-04
23. Security Updates in Red Hat Enterprise Linux (RHSA-2015:1135-1)
[24/06/2015] Red Hat has released security update packages for fixing the vulnerabilities identified in the php packages for Red Hat Enterprise Linux 7. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:rhn.redhat.com/errata/RHSA-2015-1135.html
24. Security Updates in SUSE (SUSE-SU-2015:1103-1)
[24/06/2015] SUSE has released security update packages for fixing the vulnerabilities identified in the e2fsprogs package of SUSE Linux Enterprise 11. Due to multiple errors, an attacker could bypass security restrictions, cause a denial of service condition and crash the system.
URL:lists.opensuse.org/opensuse-security-announce/2015-06/msg00019.html
25. Vulnerability in Apache Storm (103970)
[23/06/2015] Vulnerability was identified in the Apache Storm. An attacker could bypass security restrictions and execute arbitrary code. This vulnerability affects versions prior to 0.10.0-beta1 of the mentioned product. Security patches are available to resolve this vulnerability.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103970
26. Vulnerabilities in Apple OS X
[23/06/2015] Vulnerabilities were identified in the Apple OS X. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code and compromise the system. These vulnerabilities affect versions 10.10.3 and prior of the mentioned product.
URL:www.hkcert.org/my_url/en/alert/15062201
27. Vulnerabilities in Cisco Products
[23/06/2015] Vulnerabilities were identified in the Cisco Data Center Analytics Framework, Cisco Universal Broadband Routers, Cisco ASR 9000 Series Aggregation Services Routers and Cisco WebEx Meetings. An attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, perform cross-site scripting and cross-site request forgery attacks, cause a denial of service condition and crash the system. These vulnerabilities affect multiple firmware versions of the mentioned products. Security patches are available to resolve these vulnerabilities except the Cisco Data Center Analytics Framework.
URL:tools.cisco.com/security/center/viewAlert.x?alertId=39377
URL:tools.cisco.com/security/center/viewAlert.x?alertId=39423
URL:tools.cisco.com/security/center/viewAlert.x?alertId=39424
URL:tools.cisco.com/security/center/viewAlert.x?alertId=39439
URL:tools.cisco.com/security/center/viewAlert.x?alertId=39440
URL:tools.cisco.com/security/center/viewAlert.x?alertId=39455
URL:tools.cisco.com/security/center/viewAlert.x?alertId=39457
URL:tools.cisco.com/security/center/viewAlert.x?alertId=39459
URL:tools.cisco.com/security/center/viewAlert.x?alertId=39460
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103963
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103964
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103965
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103966
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103967
28. Vulnerabilities in Symantec Data Loss Prevention (SYM15-006)
[23/06/2015] Vulnerabilities were identified in the Symantec Data Loss Prevention Enforce Server Administration Console. An attacker could bypass security restrictions, gain elevated privileges, execute arbitrary code, perform cross-site scripting and cross-site request forgery attacks. These vulnerabilities affect versions prior to 12.5.2 of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2015&suid=20150622_00
29. Vulnerability in FreeRADIUS (103971)
[23/06/2015] Vulnerability was identified in the FreeRADIUS. An attacker could bypass security restrictions and execute arbitrary code. This vulnerability affects versions prior to 3.0.9 of the mentioned product. Security patches are available to resolve this vulnerability.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103971
30. Vulnerabilities in Google Chrome
[23/06/2015] Vulnerabilities were identified in the Google Chrome. An attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and compromise the system. These vulnerabilities affect versions prior to 43.0.2357.130 of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:googlechromereleases.blogspot.hk/2015/06/chrome-stable-update.html
URL:www.us-cert.gov/ncas/current-activity/2015/06/22/Google-Releases-Security-Update-Chrome
31. Security Updates in Gentoo Linux (GLSA 201506-02, GLSA 201506-03)
[23/06/2015] Gentoo has released security update packages for fixing the vulnerabilities identified in the openssl and gnutls packages for multiple versions of Gentoo Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, cause a denial of service condition and crash the system.
URL:security.gentoo.org/glsa/201506-02
URL:security.gentoo.org/glsa/201506-03
32. Security Updates in SUSE (openSUSE-SU-2015:1092-1, openSUSE-SU-2015:1094-1, SUSE-SU-2015:1086-2)
[23/06/2015] SUSE has released security update packages for fixing the vulnerabilities identified in the xen package of openSUSE 13.1 and 13.2, and IBM Java 1.6.0 package of SUSE Linux Enterprise 11. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:lists.opensuse.org/opensuse-security-announce/2015-06/msg00016.html
URL:lists.opensuse.org/opensuse-security-announce/2015-06/msg00017.html
URL:lists.opensuse.org/opensuse-security-announce/2015-06/msg00018.html
33. Security Updates in Ubuntu GNU/Linux (USN-2651-1)
[23/06/2015] Ubuntu has released security update packages for fixing the vulnerabilities identified in the GNU patch packages for versions 12.04 LTS, 14.04 LTS and 14.10 of Ubuntu GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the system.
URL:www.ubuntu.com/usn/usn-2651-1/
34. Vulnerabilities in Cisco Products
[22/06/2015] Vulnerabilities were identified in the Cisco NX-OS Software, Cisco Web Security Appliance, Cisco Gateway General Packet Radio Service Support Node and Cisco uBR10000 Series Universal Broadband Routers. An attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and crash the system. These vulnerabilities affect multiple firmware versions of the mentioned products. Security patches are available to resolve these vulnerabilities except the Cisco Web Security Appliance.
URL:tools.cisco.com/security/center/viewAlert.x?alertId=39421
URL:tools.cisco.com/security/center/viewAlert.x?alertId=39422
URL:tools.cisco.com/security/center/viewAlert.x?alertId=39431
URL:tools.cisco.com/security/center/viewAlert.x?alertId=39432
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103948
35. Vulnerabilities in Cacti (103949, 103950)
[22/06/2015] Vulnerabilities were identified in the Cacti. An attacker could bypass security restrictions, execute arbitrary code, perform code injection and cross-site scripting attacks. These vulnerabilities affect versions prior to 0.8.8d of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103949
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103950
36. Security Updates in Debian (DSA-3291-1, DSA-3292-1, DSA-3293-1)
[22/06/2015] Debian has released security update packages for fixing the vulnerabilities identified in the drupal7, cinder and pyjwt packages for multiple versions of Debian GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:www.debian.org/security/2015/dsa-3291
URL:www.debian.org/security/2015/dsa-3292
URL:www.debian.org/security/2015/dsa-3293
37. Security Updates in Gentoo Linux (GLSA 201506-01)
[22/06/2015] Gentoo has released security update packages for fixing the vulnerabilities identified in the adobe-flash packages for multiple versions of Gentoo Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the system.
URL:security.gentoo.org/glsa/201506-01
38. Security Updates in Mageia (MGASA-2015-0244, MGASA-2015-0245, MGASA-2015-0246, MGASA-2015-0247)
[22/06/2015] Mageia has released security update packages for fixing the vulnerabilities identified in the redis, ffmpeg, openssl and cups packages for multiple versions of Mageia. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the system.
URL:advisories.mageia.org/MGASA-2015-0244.html
URL:advisories.mageia.org/MGASA-2015-0245.html
URL:advisories.mageia.org/MGASA-2015-0246.html
URL:advisories.mageia.org/MGASA-2015-0247.html
39. Security Updates in Ubuntu GNU/Linux (USN-2640-2, USN-2641-2, USN-2642-2, USN-2643-2, USN-2644-2, USN-2646-2)
[22/06/2015] Ubuntu has released security update packages for fixing the vulnerabilities identified in the linux, linux-ti-omap4, linux-lts-trusty and linux-lts-utopic packages for versions 12.04 LTS, 14.04 LTS and 14.10 of Ubuntu GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:www.ubuntu.com/usn/usn-2640-2/
URL:www.ubuntu.com/usn/usn-2641-2/
URL:www.ubuntu.com/usn/usn-2642-2/
URL:www.ubuntu.com/usn/usn-2643-2/
URL:www.ubuntu.com/usn/usn-2644-2/
URL:www.ubuntu.com/usn/usn-2646-2/
Sunday, June 14, 2015
IT Security Alerts Weekly Digest (7 Jun ~ 13 Jun 2015)
1. Vulnerability
in Adobe Connect (103793)
[12/06/2015] Vulnerability was identified in the Adobe Connect. An attacker could bypass security restrictions, execute arbitrary code and perform cross-site scripting attacks. This vulnerability affects versions prior to 9.4 of the mentioned product. Security patches are available to resolve this vulnerability.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103793
2. Vulnerabilities in Cisco Products (cisco-sa-20150611-iosxr)
[12/06/2015] Vulnerabilities were identified in the Cisco IOS XR Software for Cisco CRS-3 Carrier Routing System, and Cisco Identity Services Engine. An attacker could bypass security restrictions, gain elevated privileges, cause a denial of service condition and crash the system. These vulnerabilities affect multiple firmware versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150611-iosxr
URL:tools.cisco.com/security/center/viewAlert.x?alertId=39271
URL:tools.cisco.com/security/center/viewAlert.x?alertId=39299
URL:www.us-cert.gov/ncas/current-activity/2015/06/11/Cisco-IOS-XR-Denial-Service-Vulnerability
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103794
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103795
3. Vulnerabilities in libmspack (103797, 103798, 103799, 103800, 103801, 103802, 103803)
[12/06/2015] Vulnerabilities were identified in the libmspack. An attacker could bypass security restrictions, execute arbitrary code, cause a denial of service condition and crash the system. These vulnerabilities affect versions prior to 0.5.1 of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103797
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103798
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103799
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103800
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103801
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103802
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103803
4. Vulnerabilities in OpenSSL
[12/06/2015] Vulnerabilities were identified in the OpenSSL. An attacker could bypass security restrictions, execute arbitrary code, cause a denial of service condition and crash the system. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:www.openssl.org/news/secadv_20150611.txt
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103778
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103779
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103780
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103781
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103782
5. Vulnerability in OSSEC (103796)
[12/06/2015] Vulnerability was identified in the OSSEC. An attacker could bypass security restrictions and gain elevated privileges. This vulnerability affects versions prior to 2.8.2 of the mentioned product. Security patches are available to resolve this vulnerability.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103796
6. Vulnerabilities in Xen (XSA-134, XSA-136)
[12/06/2015] Vulnerabilities were identified in the Xen. An attacker could bypass security restrictions, cause a denial of service condition and crash the system. These vulnerabilities affect multiple versions of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:xenbits.xen.org/xsa/advisory-134.html
URL:xenbits.xen.org/xsa/advisory-136.html
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103787
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103788
7. Security Updates in Oracle Linux (ELSA-2015-1090)
[12/06/2015] Oracle has released security update packages for fixing the vulnerabilities identified in the wpa_supplicant packages for Oracle Linux 7. Due to multiple errors, an attacker could bypass security restrictions and execute arbitrary code.
URL:linux.oracle.com/errata/ELSA-2015-1090.html
8. Security Updates in Red Hat Enterprise Linux (RHSA-2015:1090-1, RHSA-2015:1091-1)
[12/06/2015] Red Hat has released security update packages for fixing the vulnerabilities identified in the wpa_supplicant and java-1.6.0-ibm packages for Red Hat Enterprise Linux 5, 6 and 7. Due to multiple errors, an attacker could bypass security restrictions, execute arbitrary code, cause a denial of service condition and crash the system.
URL:rhn.redhat.com/errata/RHSA-2015-1090.html
URL:rhn.redhat.com/errata/RHSA-2015-1091.html
9. Security Updates in Slackware (SSA:2015-162-01, SSA:2015-162-02)
[12/06/2015] Slackware has released security update packages for fixing the vulnerabilities identified in the openssl and php packages for multiple versions of Slackware Linux. Due to multiple errors, an attacker could bypass security restriction, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the system.
URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.414774
URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.750596
10. Security Updates in SUSE (SUSE-SU-2015:1041-1, SUSE-SU-2015:1042-1, SUSE-SU-2015:1043-1, SUSE-SU-2015:1044-1, SUSE-SU-2015:1044-2, SUSE-SU-2015:1045-1, openSUSE-SU-2015:1047-1)
[12/06/2015] SUSE has released security update packages for fixing the vulnerability identified in the cups, xen, flash-player and cups154 packages of SUSE Linux Enterprise 11 and 12, openSUSE 13.1 and 13.2. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, perform cross-site scripting attacks, cause a denial of service condition and compromise the system.
URL:lists.opensuse.org/opensuse-security-announce/2015-06/msg00003.html
URL:lists.opensuse.org/opensuse-security-announce/2015-06/msg00004.html
URL:lists.opensuse.org/opensuse-security-announce/2015-06/msg00005.html
URL:lists.opensuse.org/opensuse-security-announce/2015-06/msg00006.html
URL:lists.opensuse.org/opensuse-security-announce/2015-06/msg00007.html
URL:lists.opensuse.org/opensuse-security-announce/2015-06/msg00008.html
URL:lists.opensuse.org/opensuse-security-announce/2015-06/msg00009.html
11. Security Updates in Ubuntu GNU/Linux (USN-2639-1)
[12/06/2015] Ubuntu has released security update packages for fixing the vulnerabilities identified in the openssl packages for versions 12.04 LTS, 14.04 LTS, 14.10 and 15.04 of Ubuntu GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, execute arbitrary code, cause a denial of service condition and crash the system.
URL:www.ubuntu.com/usn/usn-2639-1/
12. Vulnerabilities in Cisco Products
[11/06/2015] Vulnerabilities were identified in the Cisco Nexus, Cisco Multilayer Director Switches and Cisco IOS XR Software. An attacker could bypass security restrictions, cause a denial of service condition and crash the system. These vulnerabilities affect multiple firmware versions of the mentioned products. Security patches are available to resolve these vulnerabilities of Cisco IOS XR Software.
URL:tools.cisco.com/security/center/viewAlert.x?alertId=39280
URL:tools.cisco.com/security/center/viewAlert.x?alertId=39293
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103745
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103746
13. Vulnerabilities in Alcatel-Lucent OmniSwitch (103749, 103750)
[11/06/2015] Vulnerabilities were identified in the Alcatel-Lucent OmniSwitch. An attacker could bypass security restrictions, execute arbitrary code, cause a denial of service condition and crash the system. These vulnerabilities affect multiple firmware versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103749
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103750
14. Vulnerability in Avigilon Control Center (VU#555984)
[11/06/2015] Vulnerability was identified in the Avigilon Control Center. An attacker could bypass security restrictions and obtain sensitive information. This vulnerability affects multiple versions of the mentioned products. Security patches are available to resolve this vulnerability.
URL:www.kb.cert.org/vuls/id/555984
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103744
15. Vulnerabilities in VMWare Products (VMSA-2015-0004)
[11/06/2015] Vulnerabilities were identified in the VMware Workstation, Fusion and Horizon View Client. An attacker could bypass security restrictions, execute arbitrary code, cause a denial of service condition and crash the system. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:www.vmware.com/security/advisories/VMSA-2015-0004.html
URL:www.hkcert.org/my_url/en/alert/15061102
URL:www.us-cert.gov/ncas/current-activity/2015/06/09/VMWare-Releases-Security-Updates-Multiple-Products
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103732
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103733
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103734
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103735
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103736
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103737
16. Vulnerability in Libmimedir (103747)
[11/06/2015] Vulnerability was identified in the Libmimedir. An attacker could bypass security restrictions and execute arbitrary code. This vulnerability affects version 0.5.1 of the mentioned product.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103747
17. Vulnerability in PHP (103741)
[11/06/2015] Vulnerability was identified in the PHP. An attacker could bypass security restrictions and execute arbitrary code. This vulnerability affects version 5.6.9 of the mentioned product. Security patches are available to resolve this vulnerability.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103741
18. Vulnerability in Xen (XSA-135)
[11/06/2015] Vulnerability was identified in the Xen. An attacker could bypass security restrictions, execute arbitrary code, cause a denial of service condition and crash the system. This vulnerability affects multiple versions of the mentioned product. Security patches are available to resolve this vulnerability.
URL:xenbits.xen.org/xsa/advisory-135.html
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103740
19. Security Updates in Oracle Linux (ELSA-2015-1087, ELSA-2015-3041, ELSA-2015-3042, ELSA-2015-3043)
[11/06/2015] Oracle has released security update packages for fixing the vulnerabilities identified in the qemu-kvm and kernel packages for Oracle Linux 5, 6 and 7. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:linux.oracle.com/errata/ELSA-2015-1087.html
URL:linux.oracle.com/errata/ELSA-2015-3041.html
URL:linux.oracle.com/errata/ELSA-2015-3042.html
URL:linux.oracle.com/errata/ELSA-2015-3043.html
20. Security Updates in Red Hat Enterprise Linux (RHSA-2015:1086-1, RHSA-2015:1087-1, RHSA-2015:1088-1, RHSA-2015:1089-1)
[11/06/2015] Red Hat has released security update packages for fixing the vulnerabilities identified in the Adobe Flash Player, qemu-kvm and qemu-kvm-rhev packages for Red Hat Enterprise Linux 5 and 6, Red Hat Enterprise Virtualization 3.5 and Red Hat Enterprise Linux OpenStack Platform 5.0. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:rhn.redhat.com/errata/RHSA-2015-1086.html
URL:rhn.redhat.com/errata/RHSA-2015-1087.html
URL:rhn.redhat.com/errata/RHSA-2015-1088.html
URL:rhn.redhat.com/errata/RHSA-2015-1089.html
21. Security Updates in Ubuntu GNU/Linux (USN-2629-1, USN-2630-1, USN-2631-1, USN-2632-1, USN-2633-1, USN-2634-1, USN-2635-1, USN-2636-1, USN-2637-1, USN-2638-1)
[11/06/2015] Ubuntu has released security update packages for fixing the vulnerabilities identified in the cups, qemu, qemu-kvm, linux, linux-ti-omap4, linux-lts-trusty, linux-lts-utopic and linux-lts-vivid packages for versions 12.04 LTS, 14.04 LTS, 14.10 and 15.04 of Ubuntu GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:www.ubuntu.com/usn/usn-2629-1/
URL:www.ubuntu.com/usn/usn-2630-1/
URL:www.ubuntu.com/usn/usn-2631-1/
URL:www.ubuntu.com/usn/usn-2632-1/
URL:www.ubuntu.com/usn/usn-2633-1/
URL:www.ubuntu.com/usn/usn-2634-1/
URL:www.ubuntu.com/usn/usn-2635-1/
URL:www.ubuntu.com/usn/usn-2636-1/
URL:www.ubuntu.com/usn/usn-2637-1/
URL:www.ubuntu.com/usn/usn-2638-1/
22. Vulnerabilities in Microsoft Products (3033890, 3057839, 3058515, 3059317, 3062157, 3062577, 3063858, 3064949)
[10/06/2015] Vulnerabilities were identified in the Microsoft Internet Explorer, Microsoft Windows, Microsoft Office, Microsoft Active Directory Federation Services (AD FS) and Microsoft Exchange Server. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code and compromise the system. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:technet.microsoft.com/en-us/library/security/ms15-jun.aspx
URL:technet.microsoft.com/library/security/MS15-056
URL:technet.microsoft.com/library/security/MS15-057
URL:technet.microsoft.com/library/security/MS15-058
URL:technet.microsoft.com/library/security/MS15-059
URL:technet.microsoft.com/library/security/MS15-060
URL:technet.microsoft.com/library/security/MS15-061
URL:technet.microsoft.com/library/security/MS15-062
URL:technet.microsoft.com/library/security/MS15-063
URL:technet.microsoft.com/library/security/MS15-064
URL:www.hkcert.org/my_url/en/alert/15061001
URL:www.hkcert.org/my_url/en/alert/15061002
URL:www.hkcert.org/my_url/en/alert/15061003
URL:www.hkcert.org/my_url/en/alert/15061004
URL:www.hkcert.org/my_url/en/alert/15061005
URL:www.hkcert.org/my_url/en/alert/15061006
URL:www.hkcert.org/my_url/en/alert/15061007
URL:www.hkcert.org/my_url/en/alert/15061008
URL:www.us-cert.gov/ncas/current-activity/2015/06/09/Microsoft-Releases-June-2015-Security-Bulletin
23. Information Updates on Microsoft Security Advisory and Bulletin (2962393, 3057181)
[10/06/2015] Microsoft has updated information on the Security Advisory and Bulletin for Microsoft Windows and Microsoft Office. (a) The 3062760 update was added to the Juniper VPN Client Update section. (b) MS15-046 was re-released to comprehensively address CVE-2015-1682. Microsoft recommends that customers running affected Office 2010 software should install the security updates released with this bulletin revision.
URL:technet.microsoft.com/en-us/library/security/2962393
URL:technet.microsoft.com/en-us/library/security/MS15-046
24. Vulnerabilities in Adobe Flash Player (APSB15-11)
[10/06/2015] Vulnerabilities were identified in the Adobe Flash Player. An attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and compromise the system. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:helpx.adobe.com/security/products/flash-player/apsb15-11.html
URL:technet.microsoft.com/en-us/library/security/2755801
URL:www.hkcert.org/my_url/en/alert/15061009
URL:www.us-cert.gov/ncas/current-activity/2015/06/09/Adobe-Releases-Security-Updates-Flash-Player
25. Vulnerabilities in Cisco Products
[10/06/2015] Vulnerabilities were identified in the Cisco Prime Network Control System, Cisco TelePresence Video Communication Server, Cisco FireSIGHT Management Center and Cisco Application and Content Networking System. An attacker could bypass security restrictions, execute arbitrary code, perform cross-site scripting attacks, cause a denial of service condition and crash the system. These vulnerabilities affect multiple firmware versions of the mentioned products. Security patches are available to resolve these vulnerabilities of Cisco FireSIGHT Management Center and Cisco Application and Content Networking System.
URL:tools.cisco.com/security/center/viewAlert.x?alertId=39192
URL:tools.cisco.com/security/center/viewAlert.x?alertId=39240
URL:tools.cisco.com/security/center/viewAlert.x?alertId=39256
URL:tools.cisco.com/security/center/viewAlert.x?alertId=39257
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103728
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103729
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103730
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103731
26. Vulnerabilities in IBM Notes and Domino (1903541)
[10/06/2015] Vulnerabilities were identified in the IBM Notes and Domino. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system. These vulnerabilities affects multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:www.ibm.com/support/docview.wss?uid=swg21903541
URL:www.hkcert.org/my_url/en/alert/15061010
27. Vulnerability in Huawei FusionCompute (Huawei-SA-20150609-01-VENOM)
[10/06/2015] Vulnerability was identified in Huawei FusionCompute. An attacker could bypass security restrictions, gain elevated privileges, execute arbitrary code and compromise the system. This vulnerability affects multiple versions of the mentioned products. Security patches are available to resolve this vulnerability.
URL:www.huawei.com/en/security/psirt/security-bulletins/security-advisories/archive/hw-438937.htm
28. Security Updates in Oracle Linux (ELSA-2015-1081, ELSA-2015-1083)
[10/06/2015] Oracle has released security update packages for fixing the vulnerability identified in the kernel and abrt packages for Oracle Linux 6 and 7. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:linux.oracle.com/errata/ELSA-2015-1081.html
URL:linux.oracle.com/errata/ELSA-2015-1083.html
29. Security Updates in Debian (DSA-3283-1)
[10/06/2015] Debian has released security update packages for fixing the vulnerabilities identified in the cups packages for multiple versions of Debian GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, gain elevated privileges, execute arbitrary code and perform cross-site scripting attacks.
URL:www.debian.org/security/2015/dsa-3283
30. Security Updates in Red Hat Enterprise Linux (RHSA-2015:1081-1, RHSA-2015:1082-1, RHSA-2015:1083-1)
[10/06/2015] Red Hat has released security update packages for fixing the vulnerabilities identified in the kernel and abrt packages for Red Hat Enterprise Linux 6 and 7. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:rhn.redhat.com/errata/RHSA-2015-1081.html
URL:rhn.redhat.com/errata/RHSA-2015-1082.html
URL:rhn.redhat.com/errata/RHSA-2015-1083.html
31. Vulnerability in Microsoft Windows (103672)
[09/06/2015] Vulnerability was identified in the Microsoft Windows. An attacker could bypass security restrictions, cause a denial of service condition and crash the system. This vulnerability affects multiple versions of the mentioned product.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103672
32. Vulnerabilities in Cisco Products
[09/06/2015] Vulnerabilities were identified in the Cisco FireSIGHT Management Center and Cisco Catalyst 6500 Series Switches. An attacker could bypass security restrictions, execute arbitrary code, perform cross-site scripting attacks, cause a denial of service condition and crash the system. These vulnerabilities affect multiple firmware versions of the mentioned products.
URL:tools.cisco.com/security/center/viewAlert.x?alertId=38883
URL:tools.cisco.com/security/center/viewAlert.x?alertId=39233
33. Vulnerability in Aptexx Resident Anywhere (VU#595884)
[09/06/2015] Vulnerability was identified in the Aptexx Resident Anywhere. An attacker could bypass security restrictions and obtain sensitive information. This vulnerability affects multiple versions of the mentioned product.
URL:www.kb.cert.org/vuls/id/595884
34. Vulnerabilities in D-Link Products (103667, 103669, 103671)
[09/06/2015] Vulnerabilities were identified in multiple D-Link products. An attacker could bypass security restrictions, execute arbitrary code and perform DNS hijacking attacks, cause a denial of service condition and crash the system. These vulnerabilities affect multiple firmware versions of the mentioned products.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103667
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103669
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103671
35. Vulnerability in Netlux Antivirus (103675)
[09/06/2015] Vulnerability was identified in the Netlux Antivirus. An attacker could bypass security restrictions, gain elevated privileges and execute arbitrary code. This vulnerability affects versions 1.0.1.4 and 1.0.1.8 of the mentioned product.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103675
36. Vulnerabilities in Toshiba Products (VU#301788, VU#924506)
[09/06/2015] Vulnerabilities were identified in the Toshiba CHEC and Toshiba 4690 operating system. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges and execute arbitrary code. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve the vulnerability identified in Toshiba CHEC.
URL:www.kb.cert.org/vuls/id/301788
URL:www.kb.cert.org/vuls/id/924506
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103665
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103666
37. Security Updates in Debian (DSA-3280-1, DSA-3282-1)
[09/06/2015] Debian has released security update packages for fixing the vulnerabilities identified in the php5 and strongswan packages for multiple versions of Debian GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, execute arbitrary code, cause a denial of service condition and crash the system.
URL:www.debian.org/security/2015/dsa-3280
URL:www.debian.org/security/2015/dsa-3282
38. Security Updates in Mageia (MGASA-2015-0240, MGASA-2015-0241, MGASA-2015-0242, MGASA-2015-0243)
[09/06/2015] Mageia has released security update packages for fixing the vulnerabilities identified in the rabbitmq-server, php-ZendFramework, jackrabbit and ipsec-tools packages for multiple versions of Mageia. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, perform cross-site scripting and code injection attacks, cause a denial of service condition and crash the system.
URL:advisories.mageia.org/MGASA-2015-0240.html
URL:advisories.mageia.org/MGASA-2015-0241.html
URL:advisories.mageia.org/MGASA-2015-0242.html
URL:advisories.mageia.org/MGASA-2015-0243.html
39. Security Updates in SUSE (SUSE-SU-2015:1011-1)
[09/06/2015] SUSE has released security update packages for fixing the vulnerability identified in the cups package of SUSE Linux Enterprise 11. An attacker could bypass security restrictions, gain elevated privileges, execute arbitrary code and perform cross-site scripting attacks.
URL:lists.opensuse.org/opensuse-security-announce/2015-06/msg00002.html
40. Security Updates in Ubuntu GNU/Linux (USN-2628-1)
[09/06/2015] Ubuntu has released security update packages for fixing the vulnerability identified in the strongswan package for versions 14.04 LTS, 14.10 and 15.04 of Ubuntu GNU/Linux. An attacker could bypass security restrictions and obtain sensitive information.
URL:www.ubuntu.com/usn/usn-2628-1/
41. Vulnerabilities in CA Common Services (CA20150604-01)
[08/06/2015] Vulnerabilities were identified in the CA Common Services. An attacker could bypass security restrictions, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the system. These vulnerabilities affect multiple versions of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:www.ca.com/us/support/ca-support-online/product-content/recommended-reading/security-notices/ca20150604-01-security-notice-for-ca-common-services.aspx
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103628
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103629
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103630
42. Vulnerabilities in F5 Products (SOL161715, SOL16716)
[08/06/2015] Vulnerabilities were identified in the F5 BIG-IP LTM, BIG-IP AAM, BIG-IP AFM, BIG-IP Analytics, BIG-IP APM, BIG-IP ASM, BIG-IP Edge Gateway, BIG-IP GTM, BIG-IP Link Controller, BIG-IP PEM, BIG-IP PSM, BIG-IP WebAccelerator, BIG-IP WOM, Enterprise Manager, BIG-IQ Cloud, BIG-IQ Device, BIG-IQ Security and BIG-IQ ADC. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, cause a denial of service condition and crash the system. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:support.f5.com/kb/en-us/solutions/public/16000/700/sol16715.html
URL:support.f5.com/kb/en-us/solutions/public/16000/700/sol16716.html
43. Vulnerabilities in ManageEngine NetFlow Analyzer (103624, 103625, 103626)
[08/06/2015] Vulnerabilities were identified in the ManageEngine NetFlow Analyzer. An attacker could bypass security restrictions, gain elevated privileges, execute arbitrary code and perform cross-site scripting attacks. These vulnerabilities affect versions prior to (build 10250) of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103624
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103625
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103626
44. Security Updates in Debian (DSA-3279-1)
[08/06/2015] Debian has released security update packages for fixing the vulnerability identified in the redis package for multiple versions of Debian GNU/Linux. An attacker could bypass security restrictions and execute arbitrary code.
URL:www.debian.org/security/2015/dsa-3279
45. Security Updates in Red Hat Enterprise Linux (RHSA-2015:1066-1)
[08/06/2015] Red Hat has released security update packages for fixing the vulnerabilities identified in the php54 package for Red Hat Software Collections 1 for RHEL 6 and 7. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the system.
URL:rhn.redhat.com/errata/RHSA-2015-1066.html
[12/06/2015] Vulnerability was identified in the Adobe Connect. An attacker could bypass security restrictions, execute arbitrary code and perform cross-site scripting attacks. This vulnerability affects versions prior to 9.4 of the mentioned product. Security patches are available to resolve this vulnerability.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103793
2. Vulnerabilities in Cisco Products (cisco-sa-20150611-iosxr)
[12/06/2015] Vulnerabilities were identified in the Cisco IOS XR Software for Cisco CRS-3 Carrier Routing System, and Cisco Identity Services Engine. An attacker could bypass security restrictions, gain elevated privileges, cause a denial of service condition and crash the system. These vulnerabilities affect multiple firmware versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150611-iosxr
URL:tools.cisco.com/security/center/viewAlert.x?alertId=39271
URL:tools.cisco.com/security/center/viewAlert.x?alertId=39299
URL:www.us-cert.gov/ncas/current-activity/2015/06/11/Cisco-IOS-XR-Denial-Service-Vulnerability
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103794
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103795
3. Vulnerabilities in libmspack (103797, 103798, 103799, 103800, 103801, 103802, 103803)
[12/06/2015] Vulnerabilities were identified in the libmspack. An attacker could bypass security restrictions, execute arbitrary code, cause a denial of service condition and crash the system. These vulnerabilities affect versions prior to 0.5.1 of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103797
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103798
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103799
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103800
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103801
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103802
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103803
4. Vulnerabilities in OpenSSL
[12/06/2015] Vulnerabilities were identified in the OpenSSL. An attacker could bypass security restrictions, execute arbitrary code, cause a denial of service condition and crash the system. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:www.openssl.org/news/secadv_20150611.txt
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103778
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103779
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103780
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103781
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103782
5. Vulnerability in OSSEC (103796)
[12/06/2015] Vulnerability was identified in the OSSEC. An attacker could bypass security restrictions and gain elevated privileges. This vulnerability affects versions prior to 2.8.2 of the mentioned product. Security patches are available to resolve this vulnerability.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103796
6. Vulnerabilities in Xen (XSA-134, XSA-136)
[12/06/2015] Vulnerabilities were identified in the Xen. An attacker could bypass security restrictions, cause a denial of service condition and crash the system. These vulnerabilities affect multiple versions of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:xenbits.xen.org/xsa/advisory-134.html
URL:xenbits.xen.org/xsa/advisory-136.html
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103787
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103788
7. Security Updates in Oracle Linux (ELSA-2015-1090)
[12/06/2015] Oracle has released security update packages for fixing the vulnerabilities identified in the wpa_supplicant packages for Oracle Linux 7. Due to multiple errors, an attacker could bypass security restrictions and execute arbitrary code.
URL:linux.oracle.com/errata/ELSA-2015-1090.html
8. Security Updates in Red Hat Enterprise Linux (RHSA-2015:1090-1, RHSA-2015:1091-1)
[12/06/2015] Red Hat has released security update packages for fixing the vulnerabilities identified in the wpa_supplicant and java-1.6.0-ibm packages for Red Hat Enterprise Linux 5, 6 and 7. Due to multiple errors, an attacker could bypass security restrictions, execute arbitrary code, cause a denial of service condition and crash the system.
URL:rhn.redhat.com/errata/RHSA-2015-1090.html
URL:rhn.redhat.com/errata/RHSA-2015-1091.html
9. Security Updates in Slackware (SSA:2015-162-01, SSA:2015-162-02)
[12/06/2015] Slackware has released security update packages for fixing the vulnerabilities identified in the openssl and php packages for multiple versions of Slackware Linux. Due to multiple errors, an attacker could bypass security restriction, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the system.
URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.414774
URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.750596
10. Security Updates in SUSE (SUSE-SU-2015:1041-1, SUSE-SU-2015:1042-1, SUSE-SU-2015:1043-1, SUSE-SU-2015:1044-1, SUSE-SU-2015:1044-2, SUSE-SU-2015:1045-1, openSUSE-SU-2015:1047-1)
[12/06/2015] SUSE has released security update packages for fixing the vulnerability identified in the cups, xen, flash-player and cups154 packages of SUSE Linux Enterprise 11 and 12, openSUSE 13.1 and 13.2. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, perform cross-site scripting attacks, cause a denial of service condition and compromise the system.
URL:lists.opensuse.org/opensuse-security-announce/2015-06/msg00003.html
URL:lists.opensuse.org/opensuse-security-announce/2015-06/msg00004.html
URL:lists.opensuse.org/opensuse-security-announce/2015-06/msg00005.html
URL:lists.opensuse.org/opensuse-security-announce/2015-06/msg00006.html
URL:lists.opensuse.org/opensuse-security-announce/2015-06/msg00007.html
URL:lists.opensuse.org/opensuse-security-announce/2015-06/msg00008.html
URL:lists.opensuse.org/opensuse-security-announce/2015-06/msg00009.html
11. Security Updates in Ubuntu GNU/Linux (USN-2639-1)
[12/06/2015] Ubuntu has released security update packages for fixing the vulnerabilities identified in the openssl packages for versions 12.04 LTS, 14.04 LTS, 14.10 and 15.04 of Ubuntu GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, execute arbitrary code, cause a denial of service condition and crash the system.
URL:www.ubuntu.com/usn/usn-2639-1/
12. Vulnerabilities in Cisco Products
[11/06/2015] Vulnerabilities were identified in the Cisco Nexus, Cisco Multilayer Director Switches and Cisco IOS XR Software. An attacker could bypass security restrictions, cause a denial of service condition and crash the system. These vulnerabilities affect multiple firmware versions of the mentioned products. Security patches are available to resolve these vulnerabilities of Cisco IOS XR Software.
URL:tools.cisco.com/security/center/viewAlert.x?alertId=39280
URL:tools.cisco.com/security/center/viewAlert.x?alertId=39293
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103745
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103746
13. Vulnerabilities in Alcatel-Lucent OmniSwitch (103749, 103750)
[11/06/2015] Vulnerabilities were identified in the Alcatel-Lucent OmniSwitch. An attacker could bypass security restrictions, execute arbitrary code, cause a denial of service condition and crash the system. These vulnerabilities affect multiple firmware versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103749
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103750
14. Vulnerability in Avigilon Control Center (VU#555984)
[11/06/2015] Vulnerability was identified in the Avigilon Control Center. An attacker could bypass security restrictions and obtain sensitive information. This vulnerability affects multiple versions of the mentioned products. Security patches are available to resolve this vulnerability.
URL:www.kb.cert.org/vuls/id/555984
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103744
15. Vulnerabilities in VMWare Products (VMSA-2015-0004)
[11/06/2015] Vulnerabilities were identified in the VMware Workstation, Fusion and Horizon View Client. An attacker could bypass security restrictions, execute arbitrary code, cause a denial of service condition and crash the system. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:www.vmware.com/security/advisories/VMSA-2015-0004.html
URL:www.hkcert.org/my_url/en/alert/15061102
URL:www.us-cert.gov/ncas/current-activity/2015/06/09/VMWare-Releases-Security-Updates-Multiple-Products
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103732
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103733
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103734
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103735
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103736
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103737
16. Vulnerability in Libmimedir (103747)
[11/06/2015] Vulnerability was identified in the Libmimedir. An attacker could bypass security restrictions and execute arbitrary code. This vulnerability affects version 0.5.1 of the mentioned product.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103747
17. Vulnerability in PHP (103741)
[11/06/2015] Vulnerability was identified in the PHP. An attacker could bypass security restrictions and execute arbitrary code. This vulnerability affects version 5.6.9 of the mentioned product. Security patches are available to resolve this vulnerability.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103741
18. Vulnerability in Xen (XSA-135)
[11/06/2015] Vulnerability was identified in the Xen. An attacker could bypass security restrictions, execute arbitrary code, cause a denial of service condition and crash the system. This vulnerability affects multiple versions of the mentioned product. Security patches are available to resolve this vulnerability.
URL:xenbits.xen.org/xsa/advisory-135.html
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103740
19. Security Updates in Oracle Linux (ELSA-2015-1087, ELSA-2015-3041, ELSA-2015-3042, ELSA-2015-3043)
[11/06/2015] Oracle has released security update packages for fixing the vulnerabilities identified in the qemu-kvm and kernel packages for Oracle Linux 5, 6 and 7. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:linux.oracle.com/errata/ELSA-2015-1087.html
URL:linux.oracle.com/errata/ELSA-2015-3041.html
URL:linux.oracle.com/errata/ELSA-2015-3042.html
URL:linux.oracle.com/errata/ELSA-2015-3043.html
20. Security Updates in Red Hat Enterprise Linux (RHSA-2015:1086-1, RHSA-2015:1087-1, RHSA-2015:1088-1, RHSA-2015:1089-1)
[11/06/2015] Red Hat has released security update packages for fixing the vulnerabilities identified in the Adobe Flash Player, qemu-kvm and qemu-kvm-rhev packages for Red Hat Enterprise Linux 5 and 6, Red Hat Enterprise Virtualization 3.5 and Red Hat Enterprise Linux OpenStack Platform 5.0. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:rhn.redhat.com/errata/RHSA-2015-1086.html
URL:rhn.redhat.com/errata/RHSA-2015-1087.html
URL:rhn.redhat.com/errata/RHSA-2015-1088.html
URL:rhn.redhat.com/errata/RHSA-2015-1089.html
21. Security Updates in Ubuntu GNU/Linux (USN-2629-1, USN-2630-1, USN-2631-1, USN-2632-1, USN-2633-1, USN-2634-1, USN-2635-1, USN-2636-1, USN-2637-1, USN-2638-1)
[11/06/2015] Ubuntu has released security update packages for fixing the vulnerabilities identified in the cups, qemu, qemu-kvm, linux, linux-ti-omap4, linux-lts-trusty, linux-lts-utopic and linux-lts-vivid packages for versions 12.04 LTS, 14.04 LTS, 14.10 and 15.04 of Ubuntu GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:www.ubuntu.com/usn/usn-2629-1/
URL:www.ubuntu.com/usn/usn-2630-1/
URL:www.ubuntu.com/usn/usn-2631-1/
URL:www.ubuntu.com/usn/usn-2632-1/
URL:www.ubuntu.com/usn/usn-2633-1/
URL:www.ubuntu.com/usn/usn-2634-1/
URL:www.ubuntu.com/usn/usn-2635-1/
URL:www.ubuntu.com/usn/usn-2636-1/
URL:www.ubuntu.com/usn/usn-2637-1/
URL:www.ubuntu.com/usn/usn-2638-1/
22. Vulnerabilities in Microsoft Products (3033890, 3057839, 3058515, 3059317, 3062157, 3062577, 3063858, 3064949)
[10/06/2015] Vulnerabilities were identified in the Microsoft Internet Explorer, Microsoft Windows, Microsoft Office, Microsoft Active Directory Federation Services (AD FS) and Microsoft Exchange Server. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code and compromise the system. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:technet.microsoft.com/en-us/library/security/ms15-jun.aspx
URL:technet.microsoft.com/library/security/MS15-056
URL:technet.microsoft.com/library/security/MS15-057
URL:technet.microsoft.com/library/security/MS15-058
URL:technet.microsoft.com/library/security/MS15-059
URL:technet.microsoft.com/library/security/MS15-060
URL:technet.microsoft.com/library/security/MS15-061
URL:technet.microsoft.com/library/security/MS15-062
URL:technet.microsoft.com/library/security/MS15-063
URL:technet.microsoft.com/library/security/MS15-064
URL:www.hkcert.org/my_url/en/alert/15061001
URL:www.hkcert.org/my_url/en/alert/15061002
URL:www.hkcert.org/my_url/en/alert/15061003
URL:www.hkcert.org/my_url/en/alert/15061004
URL:www.hkcert.org/my_url/en/alert/15061005
URL:www.hkcert.org/my_url/en/alert/15061006
URL:www.hkcert.org/my_url/en/alert/15061007
URL:www.hkcert.org/my_url/en/alert/15061008
URL:www.us-cert.gov/ncas/current-activity/2015/06/09/Microsoft-Releases-June-2015-Security-Bulletin
23. Information Updates on Microsoft Security Advisory and Bulletin (2962393, 3057181)
[10/06/2015] Microsoft has updated information on the Security Advisory and Bulletin for Microsoft Windows and Microsoft Office. (a) The 3062760 update was added to the Juniper VPN Client Update section. (b) MS15-046 was re-released to comprehensively address CVE-2015-1682. Microsoft recommends that customers running affected Office 2010 software should install the security updates released with this bulletin revision.
URL:technet.microsoft.com/en-us/library/security/2962393
URL:technet.microsoft.com/en-us/library/security/MS15-046
24. Vulnerabilities in Adobe Flash Player (APSB15-11)
[10/06/2015] Vulnerabilities were identified in the Adobe Flash Player. An attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and compromise the system. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:helpx.adobe.com/security/products/flash-player/apsb15-11.html
URL:technet.microsoft.com/en-us/library/security/2755801
URL:www.hkcert.org/my_url/en/alert/15061009
URL:www.us-cert.gov/ncas/current-activity/2015/06/09/Adobe-Releases-Security-Updates-Flash-Player
25. Vulnerabilities in Cisco Products
[10/06/2015] Vulnerabilities were identified in the Cisco Prime Network Control System, Cisco TelePresence Video Communication Server, Cisco FireSIGHT Management Center and Cisco Application and Content Networking System. An attacker could bypass security restrictions, execute arbitrary code, perform cross-site scripting attacks, cause a denial of service condition and crash the system. These vulnerabilities affect multiple firmware versions of the mentioned products. Security patches are available to resolve these vulnerabilities of Cisco FireSIGHT Management Center and Cisco Application and Content Networking System.
URL:tools.cisco.com/security/center/viewAlert.x?alertId=39192
URL:tools.cisco.com/security/center/viewAlert.x?alertId=39240
URL:tools.cisco.com/security/center/viewAlert.x?alertId=39256
URL:tools.cisco.com/security/center/viewAlert.x?alertId=39257
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103728
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103729
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103730
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103731
26. Vulnerabilities in IBM Notes and Domino (1903541)
[10/06/2015] Vulnerabilities were identified in the IBM Notes and Domino. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system. These vulnerabilities affects multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:www.ibm.com/support/docview.wss?uid=swg21903541
URL:www.hkcert.org/my_url/en/alert/15061010
27. Vulnerability in Huawei FusionCompute (Huawei-SA-20150609-01-VENOM)
[10/06/2015] Vulnerability was identified in Huawei FusionCompute. An attacker could bypass security restrictions, gain elevated privileges, execute arbitrary code and compromise the system. This vulnerability affects multiple versions of the mentioned products. Security patches are available to resolve this vulnerability.
URL:www.huawei.com/en/security/psirt/security-bulletins/security-advisories/archive/hw-438937.htm
28. Security Updates in Oracle Linux (ELSA-2015-1081, ELSA-2015-1083)
[10/06/2015] Oracle has released security update packages for fixing the vulnerability identified in the kernel and abrt packages for Oracle Linux 6 and 7. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:linux.oracle.com/errata/ELSA-2015-1081.html
URL:linux.oracle.com/errata/ELSA-2015-1083.html
29. Security Updates in Debian (DSA-3283-1)
[10/06/2015] Debian has released security update packages for fixing the vulnerabilities identified in the cups packages for multiple versions of Debian GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, gain elevated privileges, execute arbitrary code and perform cross-site scripting attacks.
URL:www.debian.org/security/2015/dsa-3283
30. Security Updates in Red Hat Enterprise Linux (RHSA-2015:1081-1, RHSA-2015:1082-1, RHSA-2015:1083-1)
[10/06/2015] Red Hat has released security update packages for fixing the vulnerabilities identified in the kernel and abrt packages for Red Hat Enterprise Linux 6 and 7. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:rhn.redhat.com/errata/RHSA-2015-1081.html
URL:rhn.redhat.com/errata/RHSA-2015-1082.html
URL:rhn.redhat.com/errata/RHSA-2015-1083.html
31. Vulnerability in Microsoft Windows (103672)
[09/06/2015] Vulnerability was identified in the Microsoft Windows. An attacker could bypass security restrictions, cause a denial of service condition and crash the system. This vulnerability affects multiple versions of the mentioned product.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103672
32. Vulnerabilities in Cisco Products
[09/06/2015] Vulnerabilities were identified in the Cisco FireSIGHT Management Center and Cisco Catalyst 6500 Series Switches. An attacker could bypass security restrictions, execute arbitrary code, perform cross-site scripting attacks, cause a denial of service condition and crash the system. These vulnerabilities affect multiple firmware versions of the mentioned products.
URL:tools.cisco.com/security/center/viewAlert.x?alertId=38883
URL:tools.cisco.com/security/center/viewAlert.x?alertId=39233
33. Vulnerability in Aptexx Resident Anywhere (VU#595884)
[09/06/2015] Vulnerability was identified in the Aptexx Resident Anywhere. An attacker could bypass security restrictions and obtain sensitive information. This vulnerability affects multiple versions of the mentioned product.
URL:www.kb.cert.org/vuls/id/595884
34. Vulnerabilities in D-Link Products (103667, 103669, 103671)
[09/06/2015] Vulnerabilities were identified in multiple D-Link products. An attacker could bypass security restrictions, execute arbitrary code and perform DNS hijacking attacks, cause a denial of service condition and crash the system. These vulnerabilities affect multiple firmware versions of the mentioned products.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103667
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103669
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103671
35. Vulnerability in Netlux Antivirus (103675)
[09/06/2015] Vulnerability was identified in the Netlux Antivirus. An attacker could bypass security restrictions, gain elevated privileges and execute arbitrary code. This vulnerability affects versions 1.0.1.4 and 1.0.1.8 of the mentioned product.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103675
36. Vulnerabilities in Toshiba Products (VU#301788, VU#924506)
[09/06/2015] Vulnerabilities were identified in the Toshiba CHEC and Toshiba 4690 operating system. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges and execute arbitrary code. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve the vulnerability identified in Toshiba CHEC.
URL:www.kb.cert.org/vuls/id/301788
URL:www.kb.cert.org/vuls/id/924506
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103665
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103666
37. Security Updates in Debian (DSA-3280-1, DSA-3282-1)
[09/06/2015] Debian has released security update packages for fixing the vulnerabilities identified in the php5 and strongswan packages for multiple versions of Debian GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, execute arbitrary code, cause a denial of service condition and crash the system.
URL:www.debian.org/security/2015/dsa-3280
URL:www.debian.org/security/2015/dsa-3282
38. Security Updates in Mageia (MGASA-2015-0240, MGASA-2015-0241, MGASA-2015-0242, MGASA-2015-0243)
[09/06/2015] Mageia has released security update packages for fixing the vulnerabilities identified in the rabbitmq-server, php-ZendFramework, jackrabbit and ipsec-tools packages for multiple versions of Mageia. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, perform cross-site scripting and code injection attacks, cause a denial of service condition and crash the system.
URL:advisories.mageia.org/MGASA-2015-0240.html
URL:advisories.mageia.org/MGASA-2015-0241.html
URL:advisories.mageia.org/MGASA-2015-0242.html
URL:advisories.mageia.org/MGASA-2015-0243.html
39. Security Updates in SUSE (SUSE-SU-2015:1011-1)
[09/06/2015] SUSE has released security update packages for fixing the vulnerability identified in the cups package of SUSE Linux Enterprise 11. An attacker could bypass security restrictions, gain elevated privileges, execute arbitrary code and perform cross-site scripting attacks.
URL:lists.opensuse.org/opensuse-security-announce/2015-06/msg00002.html
40. Security Updates in Ubuntu GNU/Linux (USN-2628-1)
[09/06/2015] Ubuntu has released security update packages for fixing the vulnerability identified in the strongswan package for versions 14.04 LTS, 14.10 and 15.04 of Ubuntu GNU/Linux. An attacker could bypass security restrictions and obtain sensitive information.
URL:www.ubuntu.com/usn/usn-2628-1/
41. Vulnerabilities in CA Common Services (CA20150604-01)
[08/06/2015] Vulnerabilities were identified in the CA Common Services. An attacker could bypass security restrictions, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the system. These vulnerabilities affect multiple versions of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:www.ca.com/us/support/ca-support-online/product-content/recommended-reading/security-notices/ca20150604-01-security-notice-for-ca-common-services.aspx
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103628
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103629
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103630
42. Vulnerabilities in F5 Products (SOL161715, SOL16716)
[08/06/2015] Vulnerabilities were identified in the F5 BIG-IP LTM, BIG-IP AAM, BIG-IP AFM, BIG-IP Analytics, BIG-IP APM, BIG-IP ASM, BIG-IP Edge Gateway, BIG-IP GTM, BIG-IP Link Controller, BIG-IP PEM, BIG-IP PSM, BIG-IP WebAccelerator, BIG-IP WOM, Enterprise Manager, BIG-IQ Cloud, BIG-IQ Device, BIG-IQ Security and BIG-IQ ADC. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, cause a denial of service condition and crash the system. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:support.f5.com/kb/en-us/solutions/public/16000/700/sol16715.html
URL:support.f5.com/kb/en-us/solutions/public/16000/700/sol16716.html
43. Vulnerabilities in ManageEngine NetFlow Analyzer (103624, 103625, 103626)
[08/06/2015] Vulnerabilities were identified in the ManageEngine NetFlow Analyzer. An attacker could bypass security restrictions, gain elevated privileges, execute arbitrary code and perform cross-site scripting attacks. These vulnerabilities affect versions prior to (build 10250) of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103624
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103625
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103626
44. Security Updates in Debian (DSA-3279-1)
[08/06/2015] Debian has released security update packages for fixing the vulnerability identified in the redis package for multiple versions of Debian GNU/Linux. An attacker could bypass security restrictions and execute arbitrary code.
URL:www.debian.org/security/2015/dsa-3279
45. Security Updates in Red Hat Enterprise Linux (RHSA-2015:1066-1)
[08/06/2015] Red Hat has released security update packages for fixing the vulnerabilities identified in the php54 package for Red Hat Software Collections 1 for RHEL 6 and 7. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the system.
URL:rhn.redhat.com/errata/RHSA-2015-1066.html
Subscribe to:
Posts (Atom)