1. Information
Updates on Microsoft Security Bulletins (3004365, 3065718,
3076321)
[24/07/2015]
Microsoft has updated information on the
Security Bulletins for Microsoft Windows, Microsoft SQL Server and Microsoft
Internet Explorer. (a) MS15-006 was revised to inform customers of the July 14,
2015 reoffering of the 3004365 update for Windows 8.1 and Windows Server 2012 R2
systems. (b) MS15-058 was revised to improve the Update FAQ section to help
customers more easily identify the correct update to apply based on a currently
installed version of SQL Server. (c) MS15-065 corrected the affected software
entries for CVE-2015-1733 in the Severity Ratings and Vulnerability Identifiers
table.
URL:technet.microsoft.com/en-us/library/security/MS15-006
URL:technet.microsoft.com/en-us/library/security/MS15-058
URL:technet.microsoft.com/en-us/library/security/MS15-065
2. Vulnerabilities in F5 Products (SOL16907,
SOL16908)
[24/07/2015]
Vulnerabilities were identified in the F5 BIG-IP
LTM, BIG-IP Analytics, BIG-IP APM, BIG-IP ASM, BIG-IP Edge Gateway, BIG-IP GTM,
BIG-IP Link Controller, BIG-IP PSM, BIG-IP WebAccelerator, BIG-IP WOM and ARX.
An attacker could bypass security restrictions, obtain sensitive information,
gain elevated privileges, cause a denial of service condition and crash the
system. These vulnerabilities affect multiple versions of the mentioned
products. Security patches are available to resolve these
vulnerabilities.
URL:support.f5.com/kb/en-us/solutions/public/16000/900/sol16907.html
URL:support.f5.com/kb/en-us/solutions/public/16000/900/sol16908.html
3. Vulnerabilities in NetCracker Resource Management
(104985, 104986)
[24/07/2015] Vulnerabilities were identified in the NetCracker Resource
Management. An attacker could bypass security restrictions, execute arbitrary
code, perform code injection and cross-site scripting attacks. These
vulnerabilities affect versions prior to 8.2 of the mentioned product. Security
patches are available to resolve these
vulnerabilities.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/104985
URL:exchange.xforce.ibmcloud.com/vulnerabilities/104986
4. Vulnerabilities in
WordPress
[24/07/2015]
Vulnerabilities were identified in the
WordPress. An attacker could bypass security restrictions, obtain sensitive
information, gain elevated privileges, execute arbitrary code, cause a denial of
service condition and compromise the system. These vulnerabilities affect
versions prior to 4.2.3 of the mentioned product. Security patches are available
to resolve these
vulnerabilities.
URL:wordpress.org/news/2015/07/wordpress-4-2-3/
URL:www.us-cert.gov/ncas/current-activity/2015/07/23/WordPress-Releases-Security-Update
5. Security Updates in Oracle Linux
(ELSA-2015-1483)
[24/07/2015] Oracle has
released security update packages for fixing the vulnerabilities identified in
the libuser package for Oracle Linux 7. Due to multiple errors, an attacker
could bypass security restriction, obtain sensitive information, gain elevated
privileges, execute arbitrary code, cause a denial of service condition and
compromise the
system.
URL:linux.oracle.com/errata/ELSA-2015-1483.html
6. Security Updates in Debian
(DSA-3313-1)
[24/07/2015] Debian has
released security update packages for fixing the vulnerabilities identified in
the linux package for multiple versions of Debian GNU/Linux. Due to multiple
errors, an attacker could bypass security restrictions, gain elevated
privileges, execute arbitrary code, cause a denial of service condition and
compromise the
system.
URL:www.debian.org/security/2015/dsa-3313
7. Security Updates in FreeBSD
(FreeBSD-SA-15:13.tcp)
[24/07/2015] FreeBSD
has released security update packages for fixing the vulnerability identified in
the Transmission Control Protocol package for multiple versions of FreeBSD
Linux. An attacker could bypass security restrictions, cause a denial of service
condition and crash the
system.
URL:www.freebsd.org/security/advisories/FreeBSD-SA-15:13.tcp.asc
8. Security Updates in Gentoo Linux (GLSA
201507-22)
[24/07/2015]
Gentoo has released security update packages for
fixing the vulnerability identified in the e2fsprogs package for multiple
versions of Gentoo Linux. An attacker could bypass security restrictions and
execute arbitrary
code.
URL:security.gentoo.org/glsa/201507-22
9. Security Updates in Mageia (MGASA-2015-0276,
MGASA-2015-0277)
[24/07/2015] Mageia has
released security update packages for fixing the vulnerabilities identified in
the php, php-apc and java-1.7.0-openjdk packages for multiple versions of
Mageia. Due to multiple errors, an attacker could bypass security restrictions,
obtain sensitive information, gain elevated privileges, execute arbitrary code,
cause a denial of service condition and compromise the
system.
URL:advisories.mageia.org/MGASA-2015-0276.html
URL:advisories.mageia.org/MGASA-2015-0277.html
10.
Security Updates in Red Hat Enterprise
Linux (RHSA-2015:1482-1, RHSA-2015:1483-1,
RHSA-2015:1488-1)
[24/07/2015] Red Hat
has released security update packages for fixing the vulnerabilities identified
in the libuser and java-1.7.0-ibm packages for Red Hat Enterprise Linux 5, 6 and
7. Due to multiple errors, an attacker could bypass security restrictions,
obtain sensitive information, gain elevated privileges, execute arbitrary code,
cause a denial of service condition and compromise the
system.
URL:rhn.redhat.com/errata/RHSA-2015-1482.html
URL:rhn.redhat.com/errata/RHSA-2015-1483.html
URL:rhn.redhat.com/errata/RHSA-2015-1488.html
11.
Security Updates in Ubuntu GNU/Linux
(USN-2678-1, USN-2679-1, USN-2680-1, USN-2681-1, USN-2682-1, USN-2683-1,
USN-2684-1)
[24/07/2015] Ubuntu has
released security update packages for fixing the vulnerabilities identified in
the linux, linux-ti-omap4, linux-lts-trusty, linux-lts-utopic and
linux-lts-vivid packages for versions 12.04 LTS, 14.04 LTS and 15.04 of Ubuntu
GNU/Linux. Due to multiple errors, an attacker could bypass security
restrictions, obtain sensitive information, gain elevated privileges, execute
arbitrary code, cause a denial of service condition and compromise the
system.
URL:www.ubuntu.com/usn/usn-2678-1/
URL:www.ubuntu.com/usn/usn-2679-1/
URL:www.ubuntu.com/usn/usn-2680-1/
URL:www.ubuntu.com/usn/usn-2681-1/
URL:www.ubuntu.com/usn/usn-2682-1/
URL:www.ubuntu.com/usn/usn-2683-1/
URL:www.ubuntu.com/usn/usn-2684-1/
12.
Vulnerabilities in Cisco Products
(cisco-sa-20150722-apic, cisco-sa-20150722-mp,
cisco-sa-20150722-tftp)
[23/07/2015] Vulnerabilities were identified in the Cisco Application
Policy Infrastructure Controller (APIC), Cisco Nexus 9000 Series ACI Mode
Switch, Cisco Unified MeetingPlace Web Conferencing application, Cisco IOS and
Cisco IOS XE Software. An attacker could bypass security restrictions, obtain
sensitive information, gain elevated privileges, execute arbitrary code, perform
cross-site request forgery attacks, cause a denial of service condition and
compromise the system. These vulnerabilities affect multiple firmware versions
of the mentioned products. Security patches are available to resolve these
vulnerabilities.
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150722-apic
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150722-mp
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150722-tftp
URL:tools.cisco.com/security/center/viewAlert.x?alertId=40068
URL:exchange.xforce.ibmcloud.com/vulnerabilities/104948
URL:exchange.xforce.ibmcloud.com/vulnerabilities/104949
URL:exchange.xforce.ibmcloud.com/vulnerabilities/104951
URL:exchange.xforce.ibmcloud.com/vulnerabilities/104952
13.
Vulnerabilities in F5 Products (SOL16983,
SOL16993)
[23/07/2015]
Vulnerabilities were identified in the F5 BIG-IP
LTM, BIG-IP AAM, BIG-IP AFM, BIG-IP Analytics, BIG-IP APM, BIG-IP ASM, BIG-IP
Edge Gateway, BIG-IP GTM, BIG-IP Link Controller, BIG-IP PEM, BIG-IP PSM, BIG-IP
WebAccelerator, BIG-IP WOM, ARX, Enterprise Manager, BIG-IQ Cloud, BIG-IQ
Device, BIG-IQ Security, BIG-IQ ADC and Traffix SDC. An attacker could bypass
security restrictions, obtain sensitive information, gain elevated privileges,
execute arbitrary code, cause a denial of service condition and crash the
system. These vulnerabilities affect multiple versions of the mentioned
products. Security patches are available to resolve these
vulnerabilities.
URL:support.f5.com/kb/en-us/solutions/public/16000/900/sol16983.html
URL:support.f5.com/kb/en-us/solutions/public/16000/900/sol16993.html
14.
Vulnerability in EMC
(104950)
[23/07/2015]
Vulnerability was identified in the EMC Avamar
and Avamar Virtual Edition (AVE). An attacker could bypass security restrictions
and obtain sensitive information. This vulnerability affects versions prior to
7.1.2 of the mentioned products. Security patches are available to resolve this
vulnerability.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/104950
15.
Vulnerability in Elasticsearch Logstash
(104947)
[23/07/2015]
Vulnerability was identified in the
Elasticsearch Logstash. An attacker could bypass security restrictions, obtain
sensitive information and perform FREAK attacks. This vulnerability affects
versions prior to 1.4.4 or 1.5.3 of the mentioned product. Security patches are
available to resolve this
vulnerability.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/104947
16.
Vulnerability in Portfolio Plugin for
WordPress (104932)
[23/07/2015] Vulnerability was identified in the Portfolio Plugin for
WordPress. An attacker could bypass security restrictions, execute arbitrary
code and perform cross-site request forgery attacks. This vulnerability affects
version 1.0 of the mentioned product. Security patches are available to resolve
this
vulnerability.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/104932
17.
Security Updates in Debian
(DSA-3312-1)
[23/07/2015] Debian has
released security update packages for fixing the vulnerability identified in the
cacti package for multiple versions of Debian GNU/Linux. An attacker could
bypass security restrictions, execute arbitrary code and perform code injection
attacks.
URL:www.debian.org/security/2015/dsa-3312
18.
Security Updates in Gentoo Linux (GLSA
201507-21)
[23/07/2015]
Gentoo has released security update packages for
fixing the vulnerabilities identified in the libXfont package for multiple
versions of Gentoo Linux. Due to multiple errors, an attacker could bypass
security restrictions, execute arbitrary code, cause a denial of service
condition and crash the
system.
URL:security.gentoo.org/glsa/201507-21
19.
Security Updates in SUSE
(openSUSE-SU-2015:1277-1)
[23/07/2015] SUSE has
released security update packages for fixing the vulnerabilities identified in
the libressl package of openSUSE 13.2. Due to multiple errors, an attacker could
bypass security restrictions, obtain sensitive information, gain elevated
privileges, execute arbitrary code, cause a denial of service condition and
compromise the
system.
URL:lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html
20.
Security Updates in Ubuntu GNU/Linux
(USN-2675-1, USN-2676-1)
[23/07/2015] Ubuntu has
released security update packages for fixing the vulnerabilities identified in
the lxc and NBD packages for versions 12.04 LTS, 14.04 LTS, 14.10 and 15.04 of
Ubuntu GNU/Linux. Due to multiple errors, an attacker could bypass security
restrictions, obtain sensitive information, gain elevated privileges, execute
arbitrary code, cause a denial of service condition and compromise the
system.
URL:www.ubuntu.com/usn/usn-2675-1/
URL:www.ubuntu.com/usn/usn-2676-1/
21.
Vulnerabilities in Cisco
Products
[22/07/2015]
Vulnerabilities were identified in the Cisco
WebEx Meetings Server and Cisco IOS XR. An attacker could bypass security
restrictions, obtain sensitive information, execute arbitrary code, perform
cross-site request forgery attacks, cause a denial of service condition and
crash the system. These vulnerabilities affect multiple firmware versions of the
mentioned products. Security patches are available to resolve these
vulnerabilities.
URL:tools.cisco.com/security/center/viewAlert.x?alertId=40021
URL:tools.cisco.com/security/center/viewAlert.x?alertId=40067
URL:exchange.xforce.ibmcloud.com/vulnerabilities/104913
URL:exchange.xforce.ibmcloud.com/vulnerabilities/104914
22.
Vulnerabilities in Google
Chrome
[22/07/2015]
Vulnerabilities were identified in the Google
Chrome. An attacker could bypass security restrictions, obtain sensitive
information, gain elevated privileges, execute arbitrary code, cause a denial of
service condition and compromise the system. These vulnerabilities affect
versions prior to 44.0.2403.89 of the mentioned products. Security patches are
available to resolve these
vulnerabilities.
URL:googlechromereleases.blogspot.hk/2015/07/stable-channel-update_21.html
URL:www.us-cert.gov/ncas/current-activity/2015/07/21/Google-Releases-Security-Update-Chrome
23.
Vulnerability in Siemens SIPROTEC 4 and
SIPROTEC Compact devices (SSA-732541)
[22/07/2015] Vulnerability was identified in the Siemens SIPROTEC 4 and
SIPROTEC Compact devices. An attacker could bypass security restrictions, cause
a denial of service condition and crash the system. This vulnerability affects
firmware versions prior to V4.24 of the mentioned products. Security patches are
available to resolve this
vulnerability.
URL:www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-732541.pdf
URL:ics-cert.us-cert.gov/advisories/ICSA-15-202-01
24.
Vulnerability in Hospira Symbiq Infusion
System (ICSA-15-174-01)
[22/07/2015] Vulnerability was identified in the Hospira Symbiq Infusion
System. An attacker could bypass security restrictions, obtain sensitive
information, gain elevated privileges, execute arbitrary code and compromise the
system. This vulnerability affects versions prior to 3.13 of the mentioned
product. Security patches are available to resolve this
vulnerability.
URL:ics-cert.us-cert.gov/advisories/ICSA-15-174-01
25.
Vulnerability in Cacti
(104901)
[22/07/2015]
Vulnerability was identified in the Cacti. An
attacker could bypass security restrictions, execute arbitrary code and perform
code injection attacks. This vulnerability affects versions prior to 0.8.8e of
the mentioned product. Security patches are available to resolve this
vulnerability.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/104901
26.
Security Updates in SUSE
(SUSE-SU-2015:1273-1)
[22/07/2015] SUSE has
released security update packages for fixing the vulnerabilities identified in
the mariadb package of SUSE Linux Enterprise 12. Due to multiple errors, an
attacker could bypass security restrictions, obtain sensitive information, gain
elevated privileges, execute arbitrary code, cause a denial of service condition
and compromise the
system.
URL:lists.opensuse.org/opensuse-security-announce/2015-07/msg00036.html
27.
Security Updates in Ubuntu GNU/Linux
(USN-2674-1)
[22/07/2015] Ubuntu has
released security update packages for fixing the vulnerabilities identified in
the mysql-5.5 and mysql-5.6 packages for versions 12.04 LTS, 14.04 LTS, 14.10
and 15.04 of Ubuntu GNU/Linux. Due to multiple errors, an attacker could bypass
security restrictions, obtain sensitive information, gain elevated privileges,
execute arbitrary code, cause a denial of service condition and compromise the
system.
URL:www.ubuntu.com/usn/usn-2674-1/
28. Vulnerability in Microsoft Windows
(3079904)
[21/07/2015]
Vulnerability was identified in the Microsoft
Windows. An attacker could bypass security restrictions, obtain sensitive
information, gain elevated privileges, execute arbitrary code and compromise the
system. This vulnerability affects all supported versions of the mentioned
products. Security patches are available to resolve this
vulnerability.
URL:technet.microsoft.com/en-us/library/security/MS15-078
URL:www.us-cert.gov/ncas/current-activity/2015/07/20/Microsoft-Releases-Security-Update
URL:exchange.xforce.ibmcloud.com/vulnerabilities/104867
29.
Vulnerabilities in Cisco
Products
[21/07/2015]
Vulnerabilities were identified in the Cisco
WebEx Training Center, Cisco WebEx Meetings, Cisco WebEx, Cisco Unified
Computing System Manager and Cisco Videoscape Policy Resource Manager. An
attacker could bypass security restrictions, obtain sensitive information,
execute arbitrary code, perform code injection and cross-site scripting attacks,
cause a denial of service condition and compromise the system. These
vulnerabilities affect multiple firmware versions of the mentioned products.
Security patches are available to resolve these vulnerabilities except the Cisco
Videoscape Policy Resource
Manager.
URL:tools.cisco.com/security/center/viewAlert.x?alertId=39753
URL:tools.cisco.com/security/center/viewAlert.x?alertId=39755
URL:tools.cisco.com/security/center/viewAlert.x?alertId=39756
URL:tools.cisco.com/security/center/viewAlert.x?alertId=39990
URL:tools.cisco.com/security/center/viewAlert.x?alertId=40050
URL:exchange.xforce.ibmcloud.com/vulnerabilities/104878
URL:exchange.xforce.ibmcloud.com/vulnerabilities/104879
URL:exchange.xforce.ibmcloud.com/vulnerabilities/104880
URL:exchange.xforce.ibmcloud.com/vulnerabilities/104881
30.
Vulnerabilities in HP Client Automation
agent (104882, 104883)
[21/07/2015] Vulnerabilities were identified in the HP Client Automation
agent. An attacker could bypass security restrictions, obtain sensitive
information, gain elevated privileges, execute arbitrary code, cause a denial of
service condition and compromise the system. The affected version was not
specified.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/104882
URL:exchange.xforce.ibmcloud.com/vulnerabilities/104883
31.
Vulnerability in Total Commander's File
Info plugin (VU#813631)
[21/07/2015] Vulnerability was identified in the Total Commander's File
Info plugin. An attacker could bypass security restrictions, cause a denial of
service condition and crash the system. This vulnerability affects versions
prior to 2.22 of the mentioned product. Security patches are available to
resolve this
vulnerability.
URL:www.kb.cert.org/vuls/id/813631
32.
Vulnerability in SolarWinds N-Able
N-Central (VU#912036)
[21/07/2015] Vulnerability was identified in the SolarWinds N-Able
N-Central. An attacker could bypass security restrictions, obtain sensitive
information and gain elevated privileges. This vulnerability affects multiple
versions of the mentioned product. Security patches are available to resolve
this
vulnerability.
URL:www.kb.cert.org/vuls/id/912036
URL:exchange.xforce.ibmcloud.com/vulnerabilities/104874
33.
Vulnerability in OpenSSH
(104877)
[21/07/2015]
Vulnerability was identified in the OpenSSH. An
attacker could bypass security restrictions and obtain sensitive information.
The affected version was not
specified.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/104877
34.
Security Updates in Oracle Linux and
Solaris (ELSA-2015-1443, ELSA-2015-1455)
[21/07/2015] Oracle has
released security update packages for fixing the vulnerabilities identified in
the bind and thunderbird packages for Oracle Linux 5, 6 and 7. Due to multiple
errors, an attacker could bypass security restriction, obtain sensitive
information, gain elevated privileges, execute arbitrary code, cause a denial of
service condition and compromise the
system.
URL:linux.oracle.com/errata/ELSA-2015-1443.html
URL:linux.oracle.com/errata/ELSA-2015-1455.html
35.
Security Updates in Debian (DSA-3310-1,
DSA-3311-1)
[21/07/2015] Debian has
released security update packages for fixing the vulnerabilities identified in
the freexl and mariadb-10.0 packages for multiple versions of Debian GNU/Linux.
Due to multiple errors, an attacker could bypass security restrictions, obtain
sensitive information, gain elevated privileges, execute arbitrary code, cause a
denial of service condition and compromise the
system.
URL:www.debian.org/security/2015/dsa-3310
URL:www.debian.org/security/2015/dsa-3311
36.
Security Updates in Red Hat Enterprise
Linux (RHSA-2015:1443-1, RHSA-2015:11455-1)
[21/07/2015] Red Hat
has released security update packages for fixing the vulnerabilities identified
in the bind and thunderbird packages for Red Hat Enterprise Linux 5, 6 and 7.
Due to multiple errors, an attacker could bypass security restrictions, obtain
sensitive information, gain elevated privileges, execute arbitrary code, cause a
denial of service condition and compromise the
system.
URL:rhn.redhat.com/errata/RHSA-2015-1443.html
URL:rhn.redhat.com/errata/RHSA-2015-1455.html
37.
Security Updates in SUSE
(SUSE-SU-2015:1268-1, SUSE-SU-2015:1268-2,
SUSE-SU-2015:1269-1)
[21/07/2015] SUSE has
released security update packages for fixing the vulnerabilities identified in
the mozillafirefox, mozilla-nspr and mozilla-nss packages of SUSE Linux
Enterprise 11 and 12. Due to multiple errors, an attacker could bypass security
restrictions, obtain sensitive information, gain elevated privileges, execute
arbitrary code, cause a denial of service condition and compromise the
system.
URL:lists.opensuse.org/opensuse-security-announce/2015-07/msg00033.html
URL:lists.opensuse.org/opensuse-security-announce/2015-07/msg00034.html
URL:lists.opensuse.org/opensuse-security-announce/2015-07/msg00035.html
38.
Security Updates in Ubuntu GNU/Linux
(USN-2673-1)
[21/07/2015] Ubuntu has
released security update packages for fixing the vulnerabilities identified in
the thunderbird package for versions 12.04 LTS, 14.04 LTS, 14.10 and 15.04 of
Ubuntu GNU/Linux. Due to multiple errors, an attacker could bypass security
restrictions, obtain sensitive information, gain elevated privileges, execute
arbitrary code, cause a denial of service condition and compromise the
system.
URL:www.ubuntu.com/usn/usn-2673-1/
39. Vulnerability in Novell GroupWise
(104847)
[20/07/2015]
Vulnerability was identified in the Novell
GroupWise. An attacker could bypass security restrictions, execute arbitrary
code and perform cross-site scripting attacks. This vulnerability affects
versions prior to 2014 Support Pack 2 of the mentioned product. Security patches
are available to resolve this
vulnerability.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/104847
40.
Vulnerability in F5 Products
(SOL16984)
[20/07/2015]
Vulnerability was identified in the F5 ARX and
Traffix SDC. An attacker could bypass security restrictions and execute
arbitrary code. This vulnerability affects multiple versions of the mentioned
products. Security patches are available to resolve this
vulnerability.
URL:support.f5.com/kb/en-us/solutions/public/16000/900/sol16984.html
41.
Vulnerability in Siemens SICAM MIC
(SSA-632547)
[20/07/2015] Vulnerability was identified in the Siemens SICAM MIC
telecontrol device. An attacker could bypass security restrictions, execute
arbitrary code and compromise the system. This vulnerability affects firmware
versions prior to V2404 of the mentioned products. Security patches are
available to resolve this
vulnerability.
URL:www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-632547.pdf
URL:ics-cert.us-cert.gov/advisories/ICSA-15-195-01
42.
Vulnerabilities in Elasticsearch (104848,
104849)
[20/07/2015]
Vulnerabilities were identified in the
Elasticsearch. An attacker could bypass security restrictions, obtain sensitive
information and execute arbitrary code. These vulnerabilities affect versions
prior to 1.6.1 or 1.7.0 of the mentioned product. Security patches are available
to resolve these
vulnerabilities.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/104848
URL:exchange.xforce.ibmcloud.com/vulnerabilities/104849
43.
Security Updates in Debian (DSA-3308-1,
DSA-3309-1)
[20/07/2015] Debian has
released security update packages for fixing the vulnerabilities identified in
the mysql-5.5 and tidy packages for multiple versions of Debian GNU/Linux. Due
to multiple errors, an attacker could bypass security restrictions, obtain
sensitive information, gain elevated privileges, execute arbitrary code, cause a
denial of service condition and crash the
system.
URL:www.debian.org/security/2015/dsa-3308
URL:www.debian.org/security/2015/dsa-3309
44.
Security Updates in Gentoo Linux (GLSA
201507-20)
[20/07/2015]
Gentoo has released security update packages for
fixing the vulnerabilities identified in the postgresql package for multiple
versions of Gentoo Linux. Due to multiple errors, an attacker could bypass
security restrictions, obtain sensitive information, gain elevated privileges,
execute arbitrary code, cause a denial of service condition and compromise the
system.
URL:security.gentoo.org/glsa/201507-20
45.
Security Updates in Red Hat Enterprise
Linux (RHSA-2015:1241-1, RHSA-2015:1242-1,
RHSA-2015:1243-1)
[20/07/2015] Red Hat
has released security update packages for fixing the vulnerabilities identified
in the java-1.8.0-oracle, java-1.7.0-oracle and java-1.6.0-sun packages for Red
Hat Enterprise Linux 5, 6 and 7. Due to multiple errors, an attacker could
bypass security restrictions, obtain sensitive information, gain elevated
privileges, execute arbitrary code, cause a denial of service condition and
compromise the
system.
URL:rhn.redhat.com/errata/RHSA-2015-1241.html
URL:rhn.redhat.com/errata/RHSA-2015-1242.html
URL:rhn.redhat.com/errata/RHSA-2015-1243.html
46.
Security Updates in Slackware
(SSA:2015-198-01, SSA:2015-198-02)
[20/07/2015] Slackware
has released security update packages for fixing the vulnerabilities identified
in the httpd and php packages for multiple versions of Slackware Linux. An
attacker could bypass security restriction, obtain sensitive information, gain
elevated privileges, execute arbitrary code, cause a denial of service condition
and compromise the
system.
URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.420251
URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.455436
47.
Security Updates in SUSE
(SUSE-SU-2015:1253-1, SUSE-SU-2015:1253-2, SUSE-SU-2015:1255-1,
SUSE-SU-2015:1258-1, SUSE-SU-2015:1265-1, openSUSE-SU-2015:1266-1,
openSUSE-SU-2015:1267-1)
[20/07/2015] SUSE has
released security update packages for fixing the vulnerabilities identified in
the php5, flash-player, PHP and Mozilla (Firefox/Thunderbird) packages of SUSE
Linux Enterprise 11 and 12, and openSUSE Evergreen 11.4. Due to multiple errors,
an attacker could bypass security restrictions, obtain sensitive information,
gain elevated privileges, execute arbitrary code, cause a denial of service
condition and compromise the
system.
URL:lists.opensuse.org/opensuse-security-announce/2015-07/msg00026.html
URL:lists.opensuse.org/opensuse-security-announce/2015-07/msg00027.html
URL:lists.opensuse.org/opensuse-security-announce/2015-07/msg00028.html
URL:lists.opensuse.org/opensuse-security-announce/2015-07/msg00029.html
URL:lists.opensuse.org/opensuse-security-announce/2015-07/msg00030.html
URL:lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html
URL:lists.opensuse.org/opensuse-security-announce/2015-07/msg00032.html
No comments:
Post a Comment