Sunday, June 14, 2015

IT Security Alerts Weekly Digest (7 Jun ~ 13 Jun 2015)

1. Vulnerability in Adobe Connect (103793)
[12/06/2015] Vulnerability was identified in the Adobe Connect. An attacker could bypass security restrictions, execute arbitrary code and perform cross-site scripting attacks. This vulnerability affects versions prior to 9.4 of the mentioned product. Security patches are available to resolve this vulnerability.

URL:exchange.xforce.ibmcloud.com/vulnerabilities/103793
2. Vulnerabilities in Cisco Products (cisco-sa-20150611-iosxr)
[12/06/2015] Vulnerabilities were identified in the Cisco IOS XR Software for Cisco CRS-3 Carrier Routing System, and Cisco Identity Services Engine. An attacker could bypass security restrictions, gain elevated privileges, cause a denial of service condition and crash the system. These vulnerabilities affect multiple firmware versions of the mentioned products. Security patches are available to resolve these vulnerabilities.

URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150611-iosxr
URL:tools.cisco.com/security/center/viewAlert.x?alertId=39271
URL:tools.cisco.com/security/center/viewAlert.x?alertId=39299
URL:www.us-cert.gov/ncas/current-activity/2015/06/11/Cisco-IOS-XR-Denial-Service-Vulnerability
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103794
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103795
3. Vulnerabilities in libmspack (103797, 103798, 103799, 103800, 103801, 103802, 103803)
[12/06/2015] Vulnerabilities were identified in the libmspack. An attacker could bypass security restrictions, execute arbitrary code, cause a denial of service condition and crash the system. These vulnerabilities affect versions prior to 0.5.1 of the mentioned product. Security patches are available to resolve these vulnerabilities.

URL:exchange.xforce.ibmcloud.com/vulnerabilities/103797
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103798
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103799
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103800
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103801
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103802
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103803
4. Vulnerabilities in OpenSSL
[12/06/2015] Vulnerabilities were identified in the OpenSSL. An attacker could bypass security restrictions, execute arbitrary code, cause a denial of service condition and crash the system. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.

URL:www.openssl.org/news/secadv_20150611.txt
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103778
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103779
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103780
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103781
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103782
5. Vulnerability in OSSEC (103796)
[12/06/2015] Vulnerability was identified in the OSSEC. An attacker could bypass security restrictions and gain elevated privileges. This vulnerability affects versions prior to 2.8.2 of the mentioned product. Security patches are available to resolve this vulnerability.

URL:exchange.xforce.ibmcloud.com/vulnerabilities/103796
6. Vulnerabilities in Xen (XSA-134, XSA-136)
[12/06/2015] Vulnerabilities were identified in the Xen. An attacker could bypass security restrictions, cause a denial of service condition and crash the system. These vulnerabilities affect multiple versions of the mentioned product. Security patches are available to resolve these vulnerabilities.

URL:xenbits.xen.org/xsa/advisory-134.html
URL:xenbits.xen.org/xsa/advisory-136.html
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103787
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103788
7. Security Updates in Oracle Linux (ELSA-2015-1090)
[12/06/2015] Oracle has released security update packages for fixing the vulnerabilities identified in the wpa_supplicant packages for Oracle Linux 7. Due to multiple errors, an attacker could bypass security restrictions and execute arbitrary code.

URL:linux.oracle.com/errata/ELSA-2015-1090.html
8. Security Updates in Red Hat Enterprise Linux (RHSA-2015:1090-1, RHSA-2015:1091-1)
[12/06/2015] Red Hat has released security update packages for fixing the vulnerabilities identified in the wpa_supplicant and java-1.6.0-ibm packages for Red Hat Enterprise Linux 5, 6 and 7. Due to multiple errors, an attacker could bypass security restrictions, execute arbitrary code, cause a denial of service condition and crash the system.

URL:rhn.redhat.com/errata/RHSA-2015-1090.html
URL:rhn.redhat.com/errata/RHSA-2015-1091.html
9. Security Updates in Slackware (SSA:2015-162-01, SSA:2015-162-02)
[12/06/2015] Slackware has released security update packages for fixing the vulnerabilities identified in the openssl and php packages for multiple versions of Slackware Linux. Due to multiple errors, an attacker could bypass security restriction, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the system.

URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.414774
URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.750596
10. Security Updates in SUSE (SUSE-SU-2015:1041-1, SUSE-SU-2015:1042-1, SUSE-SU-2015:1043-1, SUSE-SU-2015:1044-1, SUSE-SU-2015:1044-2, SUSE-SU-2015:1045-1, openSUSE-SU-2015:1047-1)
[12/06/2015] SUSE has released security update packages for fixing the vulnerability identified in the cups, xen, flash-player and cups154 packages of SUSE Linux Enterprise 11 and 12, openSUSE 13.1 and 13.2. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, perform cross-site scripting attacks, cause a denial of service condition and compromise the system.

URL:lists.opensuse.org/opensuse-security-announce/2015-06/msg00003.html
URL:lists.opensuse.org/opensuse-security-announce/2015-06/msg00004.html
URL:lists.opensuse.org/opensuse-security-announce/2015-06/msg00005.html
URL:lists.opensuse.org/opensuse-security-announce/2015-06/msg00006.html
URL:lists.opensuse.org/opensuse-security-announce/2015-06/msg00007.html
URL:lists.opensuse.org/opensuse-security-announce/2015-06/msg00008.html
URL:lists.opensuse.org/opensuse-security-announce/2015-06/msg00009.html
11. Security Updates in Ubuntu GNU/Linux (USN-2639-1)
[12/06/2015] Ubuntu has released security update packages for fixing the vulnerabilities identified in the openssl packages for versions 12.04 LTS, 14.04 LTS, 14.10 and 15.04 of Ubuntu GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, execute arbitrary code, cause a denial of service condition and crash the system.

URL:www.ubuntu.com/usn/usn-2639-1/
12. Vulnerabilities in Cisco Products
[11/06/2015] Vulnerabilities were identified in the Cisco Nexus, Cisco Multilayer Director Switches and Cisco IOS XR Software. An attacker could bypass security restrictions, cause a denial of service condition and crash the system. These vulnerabilities affect multiple firmware versions of the mentioned products. Security patches are available to resolve these vulnerabilities of Cisco IOS XR Software.

URL:tools.cisco.com/security/center/viewAlert.x?alertId=39280
URL:tools.cisco.com/security/center/viewAlert.x?alertId=39293
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103745
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103746
13. Vulnerabilities in Alcatel-Lucent OmniSwitch (103749, 103750)
[11/06/2015] Vulnerabilities were identified in the Alcatel-Lucent OmniSwitch. An attacker could bypass security restrictions, execute arbitrary code, cause a denial of service condition and crash the system. These vulnerabilities affect multiple firmware versions of the mentioned products. Security patches are available to resolve these vulnerabilities.

URL:exchange.xforce.ibmcloud.com/vulnerabilities/103749
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103750
14. Vulnerability in Avigilon Control Center (VU#555984)
[11/06/2015] Vulnerability was identified in the Avigilon Control Center. An attacker could bypass security restrictions and obtain sensitive information. This vulnerability affects multiple versions of the mentioned products. Security patches are available to resolve this vulnerability.

URL:www.kb.cert.org/vuls/id/555984
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103744
15. Vulnerabilities in VMWare Products (VMSA-2015-0004)
[11/06/2015] Vulnerabilities were identified in the VMware Workstation, Fusion and Horizon View Client. An attacker could bypass security restrictions, execute arbitrary code, cause a denial of service condition and crash the system. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.

URL:www.vmware.com/security/advisories/VMSA-2015-0004.html
URL:www.hkcert.org/my_url/en/alert/15061102
URL:www.us-cert.gov/ncas/current-activity/2015/06/09/VMWare-Releases-Security-Updates-Multiple-Products
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103732
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103733
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103734
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103735
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103736
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103737
16. Vulnerability in Libmimedir (103747)
[11/06/2015] Vulnerability was identified in the Libmimedir. An attacker could bypass security restrictions and execute arbitrary code. This vulnerability affects version 0.5.1 of the mentioned product.

URL:exchange.xforce.ibmcloud.com/vulnerabilities/103747
17. Vulnerability in PHP (103741)
[11/06/2015] Vulnerability was identified in the PHP. An attacker could bypass security restrictions and execute arbitrary code. This vulnerability affects version 5.6.9 of the mentioned product. Security patches are available to resolve this vulnerability.

URL:exchange.xforce.ibmcloud.com/vulnerabilities/103741
18. Vulnerability in Xen (XSA-135)
[11/06/2015] Vulnerability was identified in the Xen. An attacker could bypass security restrictions, execute arbitrary code, cause a denial of service condition and crash the system. This vulnerability affects multiple versions of the mentioned product. Security patches are available to resolve this vulnerability.

URL:xenbits.xen.org/xsa/advisory-135.html
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103740
19. Security Updates in Oracle Linux (ELSA-2015-1087, ELSA-2015-3041, ELSA-2015-3042, ELSA-2015-3043)
[11/06/2015] Oracle has released security update packages for fixing the vulnerabilities identified in the qemu-kvm and kernel packages for Oracle Linux 5, 6 and 7. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.

URL:linux.oracle.com/errata/ELSA-2015-1087.html
URL:linux.oracle.com/errata/ELSA-2015-3041.html
URL:linux.oracle.com/errata/ELSA-2015-3042.html
URL:linux.oracle.com/errata/ELSA-2015-3043.html
20. Security Updates in Red Hat Enterprise Linux (RHSA-2015:1086-1, RHSA-2015:1087-1, RHSA-2015:1088-1, RHSA-2015:1089-1)
[11/06/2015] Red Hat has released security update packages for fixing the vulnerabilities identified in the Adobe Flash Player, qemu-kvm and qemu-kvm-rhev packages for Red Hat Enterprise Linux 5 and 6, Red Hat Enterprise Virtualization 3.5 and Red Hat Enterprise Linux OpenStack Platform 5.0. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.

URL:rhn.redhat.com/errata/RHSA-2015-1086.html
URL:rhn.redhat.com/errata/RHSA-2015-1087.html
URL:rhn.redhat.com/errata/RHSA-2015-1088.html
URL:rhn.redhat.com/errata/RHSA-2015-1089.html
21. Security Updates in Ubuntu GNU/Linux (USN-2629-1, USN-2630-1, USN-2631-1, USN-2632-1, USN-2633-1, USN-2634-1, USN-2635-1, USN-2636-1, USN-2637-1, USN-2638-1)
[11/06/2015] Ubuntu has released security update packages for fixing the vulnerabilities identified in the cups, qemu, qemu-kvm, linux, linux-ti-omap4, linux-lts-trusty, linux-lts-utopic and linux-lts-vivid packages for versions 12.04 LTS, 14.04 LTS, 14.10 and 15.04 of Ubuntu GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.

URL:www.ubuntu.com/usn/usn-2629-1/
URL:www.ubuntu.com/usn/usn-2630-1/
URL:www.ubuntu.com/usn/usn-2631-1/
URL:www.ubuntu.com/usn/usn-2632-1/
URL:www.ubuntu.com/usn/usn-2633-1/
URL:www.ubuntu.com/usn/usn-2634-1/
URL:www.ubuntu.com/usn/usn-2635-1/
URL:www.ubuntu.com/usn/usn-2636-1/
URL:www.ubuntu.com/usn/usn-2637-1/
URL:www.ubuntu.com/usn/usn-2638-1/
22. Vulnerabilities in Microsoft Products (3033890, 3057839, 3058515, 3059317, 3062157, 3062577, 3063858, 3064949)
[10/06/2015] Vulnerabilities were identified in the Microsoft Internet Explorer, Microsoft Windows, Microsoft Office, Microsoft Active Directory Federation Services (AD FS) and Microsoft Exchange Server. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code and compromise the system. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.

URL:technet.microsoft.com/en-us/library/security/ms15-jun.aspx
URL:technet.microsoft.com/library/security/MS15-056
URL:technet.microsoft.com/library/security/MS15-057
URL:technet.microsoft.com/library/security/MS15-058
URL:technet.microsoft.com/library/security/MS15-059
URL:technet.microsoft.com/library/security/MS15-060
URL:technet.microsoft.com/library/security/MS15-061
URL:technet.microsoft.com/library/security/MS15-062
URL:technet.microsoft.com/library/security/MS15-063
URL:technet.microsoft.com/library/security/MS15-064
URL:www.hkcert.org/my_url/en/alert/15061001
URL:www.hkcert.org/my_url/en/alert/15061002
URL:www.hkcert.org/my_url/en/alert/15061003
URL:www.hkcert.org/my_url/en/alert/15061004
URL:www.hkcert.org/my_url/en/alert/15061005
URL:www.hkcert.org/my_url/en/alert/15061006
URL:www.hkcert.org/my_url/en/alert/15061007
URL:www.hkcert.org/my_url/en/alert/15061008
URL:www.us-cert.gov/ncas/current-activity/2015/06/09/Microsoft-Releases-June-2015-Security-Bulletin
23. Information Updates on Microsoft Security Advisory and Bulletin (2962393, 3057181)
[10/06/2015] Microsoft has updated information on the Security Advisory and Bulletin for Microsoft Windows and Microsoft Office. (a) The 3062760 update was added to the Juniper VPN Client Update section. (b) MS15-046 was re-released to comprehensively address CVE-2015-1682. Microsoft recommends that customers running affected Office 2010 software should install the security updates released with this bulletin revision.

URL:technet.microsoft.com/en-us/library/security/2962393
URL:technet.microsoft.com/en-us/library/security/MS15-046
24. Vulnerabilities in Adobe Flash Player (APSB15-11)
[10/06/2015] Vulnerabilities were identified in the Adobe Flash Player. An attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and compromise the system. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.

URL:helpx.adobe.com/security/products/flash-player/apsb15-11.html
URL:technet.microsoft.com/en-us/library/security/2755801
URL:www.hkcert.org/my_url/en/alert/15061009
URL:www.us-cert.gov/ncas/current-activity/2015/06/09/Adobe-Releases-Security-Updates-Flash-Player
25. Vulnerabilities in Cisco Products
[10/06/2015] Vulnerabilities were identified in the Cisco Prime Network Control System, Cisco TelePresence Video Communication Server, Cisco FireSIGHT Management Center and Cisco Application and Content Networking System. An attacker could bypass security restrictions, execute arbitrary code, perform cross-site scripting attacks, cause a denial of service condition and crash the system. These vulnerabilities affect multiple firmware versions of the mentioned products. Security patches are available to resolve these vulnerabilities of Cisco FireSIGHT Management Center and Cisco Application and Content Networking System.

URL:tools.cisco.com/security/center/viewAlert.x?alertId=39192
URL:tools.cisco.com/security/center/viewAlert.x?alertId=39240
URL:tools.cisco.com/security/center/viewAlert.x?alertId=39256
URL:tools.cisco.com/security/center/viewAlert.x?alertId=39257
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103728
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103729
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103730
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103731
26. Vulnerabilities in IBM Notes and Domino (1903541)
[10/06/2015] Vulnerabilities were identified in the IBM Notes and Domino. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system. These vulnerabilities affects multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.

URL:www.ibm.com/support/docview.wss?uid=swg21903541
URL:www.hkcert.org/my_url/en/alert/15061010
27. Vulnerability in Huawei FusionCompute (Huawei-SA-20150609-01-VENOM)
[10/06/2015] Vulnerability was identified in Huawei FusionCompute. An attacker could bypass security restrictions, gain elevated privileges, execute arbitrary code and compromise the system. This vulnerability affects multiple versions of the mentioned products. Security patches are available to resolve this vulnerability.

URL:www.huawei.com/en/security/psirt/security-bulletins/security-advisories/archive/hw-438937.htm
28. Security Updates in Oracle Linux (ELSA-2015-1081, ELSA-2015-1083)
[10/06/2015] Oracle has released security update packages for fixing the vulnerability identified in the kernel and abrt packages for Oracle Linux 6 and 7. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.

URL:linux.oracle.com/errata/ELSA-2015-1081.html
URL:linux.oracle.com/errata/ELSA-2015-1083.html
29. Security Updates in Debian (DSA-3283-1)
[10/06/2015] Debian has released security update packages for fixing the vulnerabilities identified in the cups packages for multiple versions of Debian GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, gain elevated privileges, execute arbitrary code and perform cross-site scripting attacks.

URL:www.debian.org/security/2015/dsa-3283
30. Security Updates in Red Hat Enterprise Linux (RHSA-2015:1081-1, RHSA-2015:1082-1, RHSA-2015:1083-1)
[10/06/2015] Red Hat has released security update packages for fixing the vulnerabilities identified in the kernel and abrt packages for Red Hat Enterprise Linux 6 and 7. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.

URL:rhn.redhat.com/errata/RHSA-2015-1081.html
URL:rhn.redhat.com/errata/RHSA-2015-1082.html
URL:rhn.redhat.com/errata/RHSA-2015-1083.html
31. Vulnerability in Microsoft Windows (103672)
[09/06/2015] Vulnerability was identified in the Microsoft Windows. An attacker could bypass security restrictions, cause a denial of service condition and crash the system. This vulnerability affects multiple versions of the mentioned product.

URL:exchange.xforce.ibmcloud.com/vulnerabilities/103672
32. Vulnerabilities in Cisco Products
[09/06/2015] Vulnerabilities were identified in the Cisco FireSIGHT Management Center and Cisco Catalyst 6500 Series Switches. An attacker could bypass security restrictions, execute arbitrary code, perform cross-site scripting attacks, cause a denial of service condition and crash the system. These vulnerabilities affect multiple firmware versions of the mentioned products.

URL:tools.cisco.com/security/center/viewAlert.x?alertId=38883
URL:tools.cisco.com/security/center/viewAlert.x?alertId=39233
33. Vulnerability in Aptexx Resident Anywhere (VU#595884)
[09/06/2015] Vulnerability was identified in the Aptexx Resident Anywhere. An attacker could bypass security restrictions and obtain sensitive information. This vulnerability affects multiple versions of the mentioned product.

URL:www.kb.cert.org/vuls/id/595884
34. Vulnerabilities in D-Link Products (103667, 103669, 103671)
[09/06/2015] Vulnerabilities were identified in multiple D-Link products. An attacker could bypass security restrictions, execute arbitrary code and perform DNS hijacking attacks, cause a denial of service condition and crash the system. These vulnerabilities affect multiple firmware versions of the mentioned products.

URL:exchange.xforce.ibmcloud.com/vulnerabilities/103667
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103669
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103671
35. Vulnerability in Netlux Antivirus (103675)
[09/06/2015] Vulnerability was identified in the Netlux Antivirus. An attacker could bypass security restrictions, gain elevated privileges and execute arbitrary code. This vulnerability affects versions 1.0.1.4 and 1.0.1.8 of the mentioned product.

URL:exchange.xforce.ibmcloud.com/vulnerabilities/103675
36. Vulnerabilities in Toshiba Products (VU#301788, VU#924506)
[09/06/2015] Vulnerabilities were identified in the Toshiba CHEC and Toshiba 4690 operating system. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges and execute arbitrary code. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve the vulnerability identified in Toshiba CHEC.

URL:www.kb.cert.org/vuls/id/301788
URL:www.kb.cert.org/vuls/id/924506
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103665
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103666
37. Security Updates in Debian (DSA-3280-1, DSA-3282-1)
[09/06/2015] Debian has released security update packages for fixing the vulnerabilities identified in the php5 and strongswan packages for multiple versions of Debian GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, execute arbitrary code, cause a denial of service condition and crash the system.

URL:www.debian.org/security/2015/dsa-3280
URL:www.debian.org/security/2015/dsa-3282
38. Security Updates in Mageia (MGASA-2015-0240, MGASA-2015-0241, MGASA-2015-0242, MGASA-2015-0243)
[09/06/2015] Mageia has released security update packages for fixing the vulnerabilities identified in the rabbitmq-server, php-ZendFramework, jackrabbit and ipsec-tools packages for multiple versions of Mageia. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, perform cross-site scripting and code injection attacks, cause a denial of service condition and crash the system.

URL:advisories.mageia.org/MGASA-2015-0240.html
URL:advisories.mageia.org/MGASA-2015-0241.html
URL:advisories.mageia.org/MGASA-2015-0242.html
URL:advisories.mageia.org/MGASA-2015-0243.html
39. Security Updates in SUSE (SUSE-SU-2015:1011-1)
[09/06/2015] SUSE has released security update packages for fixing the vulnerability identified in the cups package of SUSE Linux Enterprise 11. An attacker could bypass security restrictions, gain elevated privileges, execute arbitrary code and perform cross-site scripting attacks.

URL:lists.opensuse.org/opensuse-security-announce/2015-06/msg00002.html
40. Security Updates in Ubuntu GNU/Linux (USN-2628-1)
[09/06/2015] Ubuntu has released security update packages for fixing the vulnerability identified in the strongswan package for versions 14.04 LTS, 14.10 and 15.04 of Ubuntu GNU/Linux. An attacker could bypass security restrictions and obtain sensitive information.

URL:www.ubuntu.com/usn/usn-2628-1/
41. Vulnerabilities in CA Common Services (CA20150604-01)
[08/06/2015] Vulnerabilities were identified in the CA Common Services. An attacker could bypass security restrictions, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the system. These vulnerabilities affect multiple versions of the mentioned product. Security patches are available to resolve these vulnerabilities.

URL:www.ca.com/us/support/ca-support-online/product-content/recommended-reading/security-notices/ca20150604-01-security-notice-for-ca-common-services.aspx
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103628
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103629
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103630
42. Vulnerabilities in F5 Products (SOL161715, SOL16716)
[08/06/2015] Vulnerabilities were identified in the F5 BIG-IP LTM, BIG-IP AAM, BIG-IP AFM, BIG-IP Analytics, BIG-IP APM, BIG-IP ASM, BIG-IP Edge Gateway, BIG-IP GTM, BIG-IP Link Controller, BIG-IP PEM, BIG-IP PSM, BIG-IP WebAccelerator, BIG-IP WOM, Enterprise Manager, BIG-IQ Cloud, BIG-IQ Device, BIG-IQ Security and BIG-IQ ADC. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, cause a denial of service condition and crash the system. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.

URL:support.f5.com/kb/en-us/solutions/public/16000/700/sol16715.html
URL:support.f5.com/kb/en-us/solutions/public/16000/700/sol16716.html
43. Vulnerabilities in ManageEngine NetFlow Analyzer (103624, 103625, 103626)
[08/06/2015] Vulnerabilities were identified in the ManageEngine NetFlow Analyzer. An attacker could bypass security restrictions, gain elevated privileges, execute arbitrary code and perform cross-site scripting attacks. These vulnerabilities affect versions prior to (build 10250) of the mentioned product. Security patches are available to resolve these vulnerabilities.

URL:exchange.xforce.ibmcloud.com/vulnerabilities/103624
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103625
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103626
44. Security Updates in Debian (DSA-3279-1)
[08/06/2015] Debian has released security update packages for fixing the vulnerability identified in the redis package for multiple versions of Debian GNU/Linux. An attacker could bypass security restrictions and execute arbitrary code.

URL:www.debian.org/security/2015/dsa-3279
45. Security Updates in Red Hat Enterprise Linux (RHSA-2015:1066-1)
[08/06/2015] Red Hat has released security update packages for fixing the vulnerabilities identified in the php54 package for Red Hat Software Collections 1 for RHEL 6 and 7. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the system.

URL:rhn.redhat.com/errata/RHSA-2015-1066.html
Posted by at
Labels: , , , , , , , , , , , , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)