1. Vulnerabilities in Cisco Products
[10/07/2015] Vulnerabilities were identified in the Cisco ASR 5000 Series
Software, Cisco TelePresence, Cisco Unified Computing System C-Series Servers
and Cisco Hosted Collaboration Solution. An attacker could bypass security
restrictions, obtain sensitive information, gain elevated privileges, execute
arbitrary code, perform code injection and cross-site scripting attacks, and
compromise the system. These vulnerabilities affect multiple firmware versions
of the mentioned products. Security patches are available to resolve these
vulnerabilities identified in the Cisco ASR 5000 Series
Software.
URL:tools.cisco.com/security/center/viewAlert.x?alertId=39677
URL:tools.cisco.com/security/center/viewAlert.x?alertId=39795
URL:tools.cisco.com/security/center/viewAlert.x?alertId=39796
URL:tools.cisco.com/security/center/viewAlert.x?alertId=39798
URL:tools.cisco.com/security/center/viewAlert.x?alertId=39800
URL:tools.cisco.com/security/center/viewAlert.x?alertId=39801
URL:tools.cisco.com/security/center/viewAlert.x?alertId=39802
URL:tools.cisco.com/security/center/viewAlert.x?alertId=39803
URL:tools.cisco.com/security/center/viewAlert.x?alertId=39804
URL:exchange.xforce.ibmcloud.com/vulnerabilities/104501
URL:exchange.xforce.ibmcloud.com/vulnerabilities/104503
URL:exchange.xforce.ibmcloud.com/vulnerabilities/104504
URL:exchange.xforce.ibmcloud.com/vulnerabilities/104505
URL:exchange.xforce.ibmcloud.com/vulnerabilities/104506
2. Vulnerabilities in Novell Products (5214390, 5214430,
5214470, 5214490, 5214510, 5214530, 5214550)
[10/07/2015] Vulnerabilities were identified in the Novell GroupWise,
Novell Identity Manager, Novell NetIQ eDirectory and Novel NetIQ Identity
Manager . An attacker could bypass security restrictions, obtain sensitive
information, gain elevated privileges, execute arbitrary code, cause a denial of
service condition and compromise the system. These vulnerabilities affect
multiple versions of the mentioned products. Security patches are available to
resolve these
vulnerabilities.
URL:download.novell.com/Download?buildid=476IczXGJFc~
URL:download.novell.com/Download?buildid=atRZf4SGjxY~
URL:download.novell.com/Download?buildid=BtFb4ujh8x0~
URL:download.novell.com/Download?buildid=lV8c71H58Dg~
URL:download.novell.com/Download?buildid=SGYULBtBMaU~
URL:download.novell.com/Download?buildid=xAAP9aYg1to~
URL:download.novell.com/Download?buildid=Zl8580Kelx4~
3. Vulnerability in Symantec Endpoint Protection agent
(104502)
[10/07/2015]
Vulnerability was identified in the Symantec
Endpoint Protection agent. An attacker could bypass security restrictions, cause
a denial of service condition and crash the system. This vulnerability affects
version 12.1.4013 of the mentioned
product.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/104502
4. Vulnerabilities in F5 Products
(SOL16900)
[10/07/2015]
Vulnerabilities were identified in the F5 BIG-IP
LTM, BIG-IP AAM, BIG-IP AFM, BIG-IP Analytics, BIG-IP APM, BIG-IP ASM, BIG-IP
Edge Gateway, BIG-IP GTM, BIG-IP Link Controller, BIG-IP PEM, BIG-IP PSM, BIG-IP
WebAccelerator, BIG-IP WOM, ARX, Enterprise Manager, BIG-IQ Cloud, BIG-IQ
Device, BIG-IQ Security and BIG-IQ ADC. An attacker could bypass security
restrictions, obtain sensitive information, gain elevated privileges, execute
arbitrary code, cause a denial of service condition and crash the system. These
vulnerabilities affect multiple versions of the mentioned products. Security
patches are available to resolve these
vulnerabilities.
URL:support.f5.com/kb/en-us/solutions/public/16000/900/sol16900.html
5. Vulnerability in Drupal
(SA-CONTRIB-2015-132)
[10/07/2015] Vulnerability was identified in the Administration Views
module for Drupal. An attacker could bypass security restrictions and obtain
sensitive information. This vulnerability affects versions prior to 7.x-1.5 of
the mentioned product. Security patches are available to resolve this
vulnerability.
URL:www.drupal.org/node/2529378
URL:exchange.xforce.ibmcloud.com/vulnerabilities/104498
6. Vulnerability in OpenSSL
[10/07/2015] Vulnerability was identified in the OpenSSL. An attacker
could bypass security restrictions and execute arbitrary code. This
vulnerability affects versions prior to 1.0.1p or 1.0.2d of the mentioned
product. Security patches are available to resolve this
vulnerability.
URL:www.openssl.org/news/secadv_20150709.txt
URL:www.us-cert.gov/ncas/current-activity/2015/07/09/OpenSSL-Releases-Security-Advisory
URL:exchange.xforce.ibmcloud.com/vulnerabilities/104500
7. Security Updates in Oracle Linux
(ELSA-2015-1218)
[10/07/2015] Oracle has
released security update packages for fixing the vulnerabilities identified in
the php package for Oracle Linux 6. Due to multiple errors, an attacker could
bypass security restriction, obtain sensitive information, gain elevated
privileges, execute arbitrary code, cause a denial of service condition and
compromise the
system.
URL:linux.oracle.com/errata/ELSA-2015-1218.html
8. Security Updates in Debian
(DSA-3305-1)
[10/07/2015] Debian has
released security update packages for fixing the vulnerabilities identified in
the python-django package for multiple versions of Debian GNU/Linux. Due to
multiple errors, an attacker could bypass security restrictions, obtain
sensitive information, execute arbitrary code and perform code injection
attacks.
URL:www.debian.org/security/2015/dsa-3305
9. Security Updates in FreeBSD
(FreeBSD-SA-15:12.openssl)
[10/07/2015] FreeBSD
has released security update packages for fixing the vulnerability identified in
the openssl package for multiple versions of FreeBSD Linux. An attacker could
bypass security restrictions and execute arbitrary
code.
URL:www.freebsd.org/security/advisories/FreeBSD-SA-15:12.openssl.asc
10.
Security Updates in Gentoo Linux (GLSA
201507-09)
[10/07/2015]
Gentoo has released security update packages for
fixing the vulnerability identified in the pypam packages for multiple versions
of Gentoo Linux. An attacker could bypass security restrictions, execute
arbitrary code, cause a denial of service condition and crash the
system.
URL:security.gentoo.org/glsa/201507-09
11.
Security Updates in Mageia
(MGASA-2015-0271, MGASA-2015-0272, MGASA-2015-0273)
[10/07/2015] Mageia has released security update packages for fixing the
vulnerabilities identified in the openssh, bind and flash-player-plugin packages
for multiple versions of Mageia. Due to multiple errors, an attacker could
bypass security restrictions, obtain sensitive information, gain elevated
privileges, execute arbitrary code, cause a denial of service condition and
compromise the
system.
URL:advisories.mageia.org/MGASA-2015-0271.html
URL:advisories.mageia.org/MGASA-2015-0272.html
URL:advisories.mageia.org/MGASA-2015-0273.html
12.
Security Updates in Red Hat Enterprise
Linux (RHSA-2015:1218-1, RHSA-2015:1219-1)
[10/07/2015] Red Hat
has released security update packages for fixing the vulnerabilities identified
in the php and php54-php packages for Red Hat Software Collections 2, Red Hat
Enterprise Linux 6 and 7. Due to multiple errors, an attacker could bypass
security restrictions, obtain sensitive information, gain elevated privileges,
execute arbitrary code, cause a denial of service condition and compromise the
system.
URL:rhn.redhat.com/errata/RHSA-2015-1218.html
URL:rhn.redhat.com/errata/RHSA-2015-1219.html
13.
Security Updates in Slackware
(SSA:2015-190-01)
[10/07/2015] Slackware
has released security update packages for fixing the vulnerability identified in
the openssl packages for multiple versions of Slackware Linux. An attacker could
bypass security restriction and execute arbitrary
code.
URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.561427
14.
Security Updates in SUSE
(SUSE-SU-2015:1211-1, SUSE-SU-2015:1214-1,
openSUSE-SU-2015:1216-1)
[10/07/2015] SUSE has
released security update packages for fixing the vulnerabilities identified in
the flash-player and MariaDB packages of SUSE Linux Enterprise 11 and 12, and
openSUSE 13.1 and 13.2. Due to multiple errors, an attacker could bypass
security restrictions, obtain sensitive information, gain elevated privileges,
execute arbitrary code, cause a denial of service condition and compromise the
system.
URL:lists.opensuse.org/opensuse-security-announce/2015-07/msg00017.html
URL:lists.opensuse.org/opensuse-security-announce/2015-07/msg00018.html
URL:lists.opensuse.org/opensuse-security-announce/2015-07/msg00020.html
15.
Security Updates in Ubuntu GNU/Linux
(USN-2656-1, USN-2671-1, USN-2672-1)
[10/07/2015] Ubuntu has
released security update packages for fixing the vulnerabilities identified in
the firefox, python-django and nss packages for versions 12.04 LTS, 14.04 LTS,
14.10 and 15.04 of Ubuntu GNU/Linux. Due to multiple errors, an attacker could
bypass security restrictions, obtain sensitive information, gain elevated
privileges, execute arbitrary code, perform header injection attacks, cause a
denial of service condition and compromise the
system.
URL:www.ubuntu.com/usn/usn-2656-1/
URL:www.ubuntu.com/usn/usn-2671-1/
URL:www.ubuntu.com/usn/usn-2672-1/
16.
Vulnerability in Adobe Type Manager
module (VU#103336)
[09/07/2015] Vulnerability was identified in the Adobe Type Manager module
in Microsoft Windows. An attacker could bypass security restrictions, gain
elevated privileges, execute arbitrary code and compromise the system. This
vulnerability affects versions Microsoft Windows XP, Microsoft Windows 8 and
Microsoft Windows 8.1 of the mentioned
product
URL:www.kb.cert.org/vuls/id/103336
URL:exchange.xforce.ibmcloud.com/vulnerabilities/104447
17.
Vulnerabilities in Adobe Flash Player
(APSA15-16)
[09/07/2015] Vulnerabilities were identified in the Adobe Flash Player. An
attacker could bypass security restrictions, obtain sensitive information,
execute arbitrary code, cause a denial of service condition and compromise the
system. These vulnerabilities affect multiple versions of the mentioned product.
Security patches are available to resolve these
vulnerabilities.
URL:helpx.adobe.com/security/products/flash-player/apsb15-16.html
URL:technet.microsoft.com/en-us/library/security/2755801
URL:www.hkcert.org/my_url/en/alert/15070901
URL:www.us-cert.gov/ncas/current-activity/2015/07/08/Adobe-Releases-Security-Updates-Flash-Player
18.
Vulnerabilities in Juniper Products
(JSA10683, JSA10684, JSA10685, JSA10686, JSA10687, JSA10688, JSA10690, JSA10691,
JSA10692, JSA10693)
[09/07/2015] Vulnerabilities were identified in the Juniper Junos OS,
Juniper NSM Appliance and Juniper CTPView. An attacker could bypass security
restrictions, obtain sensitive information, gain elevated privileges, execute
arbitrary code, cause a denial of service condition and compromise the system.
These vulnerabilities affect multiple firmware versions of the mentioned
products. Security patches are available to resolve these
vulnerabilities.
URL:kb.juniper.net/index?page=content&id=JSA10683
URL:kb.juniper.net/index?page=content&id=JSA10684
URL:kb.juniper.net/index?page=content&id=JSA10685
URL:kb.juniper.net/index?page=content&id=JSA10686
URL:kb.juniper.net/index?page=content&id=JSA10687
URL:kb.juniper.net/index?page=content&id=JSA10688
URL:kb.juniper.net/index?page=content&id=JSA10690
URL:kb.juniper.net/index?page=content&id=JSA10691
URL:kb.juniper.net/index?page=content&id=JSA10692
URL:kb.juniper.net/index?page=content&id=JSA10693
19.
Vulnerabilities in F5 Products (SOL16864,
SOL16865, SOL16871, SOL16938, SOL16940)
[09/07/2015] Vulnerabilities were identified in the F5 BIG-IP LTM, BIG-IP
AAM, BIG-IP AFM, BIG-IP Analytics, BIG-IP APM, BIG-IP ASM, BIG-IP Edge Gateway,
BIG-IP GTM, BIG-IP Link Controller, BIG-IP PEM, BIG-IP PSM, BIG-IP
WebAccelerator, BIG-IP WOM, ARX, Enterprise Manager, FirePass, BIG-IQ Cloud,
BIG-IQ Device, BIG-IQ Security, BIG-IQ ADC, LineRate and Traffix-SDC. An
attacker could bypass security restrictions, obtain sensitive information, gain
elevated privileges, execute arbitrary code, cause a denial of service condition
and crash the system. These vulnerabilities affect multiple versions of the
mentioned products. Security patches are available to resolve these
vulnerabilities.
URL:support.f5.com/kb/en-us/solutions/public/16000/800/sol16864.html
URL:support.f5.com/kb/en-us/solutions/public/16000/800/sol16865.html
URL:support.f5.com/kb/en-us/solutions/public/16000/800/sol16871.html
URL:support.f5.com/kb/en-us/solutions/public/16000/900/sol16938.html
URL:support.f5.com/kb/en-us/solutions/public/16000/900/sol16940.html
20.
Vulnerabilities in Grandstream GXV3275 IP
Multimedia Phone (104443, 104444, 104445, 10446)
[09/07/2015] Vulnerabilities were identified in the Grandstream GXV3275 IP
Multimedia Phone. An attacker could bypass security restrictions, obtain
sensitive information, gain elevated privileges, execute arbitrary code, cause a
denial of service condition and compromise the system. These vulnerabilities
affect firmware versions prior to 1.0.3.30 of the mentioned products. Security
patches are available to resolve these vulnerabilities except the default SSH
key
issue.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/104443
URL:exchange.xforce.ibmcloud.com/vulnerabilities/104444
URL:exchange.xforce.ibmcloud.com/vulnerabilities/104445
URL:exchange.xforce.ibmcloud.com/vulnerabilities/104446
21.
Vulnerability in
Joomla!
[09/07/2015]
Vulnerabilities were identified in the Joomla!.
An attacker could bypass security restrictions, execute arbitrary code, perform
cross-site request forgery attacks. These vulnerabilities affect versions prior
to 3.4.2 of the mentioned product. Security patches are available to resolve
these
vulnerabilities.
URL:www.hkcert.org/my_url/en/alert/15070802
22.
Security Updates in Debian
(DSA-3304-1)
[09/07/2015] Debian has
released security update packages for fixing the vulnerability identified in the
bind9 package for multiple versions of Debian GNU/Linux. An attacker could
bypass security restriction, cause a denial of service condition and crash the
system.
URL:www.debian.org/security/2015/dsa-3304
23.
Security Updates in Mageia
(MGASA-2015-0269, MGASA-2015-0270)
[09/07/2015] Mageia has
released security update packages for fixing the vulnerabilities identified in
the virtuoso-opensource and cups-filters packages for multiple versions of
Mageia. Due to multiple errors, an attacker could bypass security restrictions,
gain elevated privileges, execute arbitrary code, cause a denial of service
condition and crash the
system.
URL:advisories.mageia.org/MGASA-2015-0269.html
URL:advisories.mageia.org/MGASA-2015-0270.html
24.
Security Updates in Red Hat Enterprise
Linux (RHSA-2015:1214-1)
[09/07/2015] Red Hat
has released security update packages for fixing the vulnerabilities identified
in the Adobe Flash Player package for Red Hat Enterprise Linux 5 and 6. Due to
multiple errors, an attacker could bypass security restrictions, obtain
sensitive information, gain elevated privileges, execute arbitrary code, cause a
denial of service condition and compromise the
system.
URL:rhn.redhat.com/errata/RHSA-2015-1214.html
25.
Security Updates in SUSE
(SUSE-SU-2015:1205-1, SUSE-SU-2015:1206-1, openSUSE-SU-2015:1207-1,
openSUSE-SU-2015:1210-1)
[09/07/2015] SUSE has
released security update packages for fixing the vulnerabilities identified in
the bind, xen and flash-player packages of SUSE Linux Enterprise 10 and 11,
openSUSE 13.1 and 13.2, and openSUSE Evergreen 11.4. Due to multiple errors, an
attacker could bypass security restrictions, obtain sensitive information, gain
elevated privileges, execute arbitrary code, cause a denial of service condition
and compromise the
system.
URL:lists.opensuse.org/opensuse-security-announce/2015-07/msg00013.html
URL:lists.opensuse.org/opensuse-security-announce/2015-07/msg00014.html
URL:lists.opensuse.org/opensuse-security-announce/2015-07/msg00015.html
URL:lists.opensuse.org/opensuse-security-announce/2015-07/msg00016.html
26.
Security Updates in Ubuntu GNU/Linux
(USN-2670-1)
[09/07/2015] Ubuntu has
released security update packages for fixing the vulnerabilities identified in
the libwmf packages for versions 12.04 LTS, 14.04 LTS, 14.10 and 15.04 of Ubuntu
GNU/Linux. Due to multiple errors, an attacker could bypass security
restrictions, obtain sensitive information, gain elevated privileges, execute
arbitrary code, cause a denial of service condition and compromise the
system.
URL:www.ubuntu.com/usn/usn-2670-1/
27. Vulnerability in ISC BIND
(AA-01267)
[08/07/2015]
Vulnerability was identified in the ISC BIND. An
attacker could bypass security restrictions, cause a denial of service condition
and crash the system. This vulnerability affects multiple versions of the
mentioned product. Security patches are available to resolve this
vulnerability.
URL:kb.isc.org/article/AA-01267
URL:exchange.xforce.ibmcloud.com/vulnerabilities/104434
28.
Vulnerability in Adobe Flash Player
(APSA15-03)
[08/07/2015] Vulnerability was identified in the Adobe Flash Player. An
attacker could bypass security restrictions, obtain sensitive information,
execute arbitrary code, cause a denial of service condition and compromise the
system. This vulnerability affects multiple versions of the mentioned product.
Adobe expects to make updates available on July 8,
2015.
URL:helpx.adobe.com/security/products/flash-player/apsa15-03.html
URL:www.kb.cert.org/vuls/id/561288
URL:www.us-cert.gov/ncas/current-activity/2015/07/07/Adobe-Flash-ActionScript-3-ByteArray-Use-After-Free-Vulnerability
URL:exchange.xforce.ibmcloud.com/vulnerabilities/104407
29.
Vulnerabilities in Cisco
Products
[08/07/2015]
Vulnerabilities were identified in the Cisco IP
Communicator, Cisco Adaptive Security Appliance, Cisco FireSIGHT Management
Center and Cisco IOS XE for Cisco 1000 Series ASR routers. An attacker could
bypass security restrictions, gain elevated privileges, cause a denial of
service condition and crash the system. These vulnerabilities affect multiple
firmware versions of the mentioned products. Security patches are available to
resolve these
vulnerabilities.
URL:tools.cisco.com/security/center/viewAlert.x?alertId=39623
URL:tools.cisco.com/security/center/viewAlert.x?alertId=39641
URL:tools.cisco.com/security/center/viewAlert.x?alertId=39643
URL:tools.cisco.com/security/center/viewAlert.x?alertId=39675
URL:exchange.xforce.ibmcloud.com/vulnerabilities/104426
URL:exchange.xforce.ibmcloud.com/vulnerabilities/104427
URL:exchange.xforce.ibmcloud.com/vulnerabilities/104432
URL:exchange.xforce.ibmcloud.com/vulnerabilities/104433
30.
Vulnerabilities in F5 Products (SOL16861,
SOL16863, SOL16869, SOL16870, SOL16872, SOL16898, SOL16913, SOL16914, SOL16915,
SOL16920)
[08/07/2015]
Vulnerabilities were identified in the F5 BIG-IP
LTM, BIG-IP AAM, BIG-IP AFM, BIG-IP Analytics, BIG-IP APM, BIG-IP ASM, BIG-IP
Edge Gateway, BIG-IP GTM, BIG-IP Link Controller, BIG-IP PEM, BIG-IP PSM, BIG-IP
WebAccelerator, BIG-IP WOM, ARX, Enterprise Manager, FirePass, BIG-IQ Cloud,
BIG-IQ Device, BIG-IQ Security, BIG-IQ ADC, LineRate, F5 WebSafe and
Traffix-SDC. An attacker could bypass security restrictions, obtain sensitive
information, gain elevated privileges, execute arbitrary code, cause a denial of
service condition and crash the system. These vulnerabilities affect multiple
versions of the mentioned products. Security patches are available to resolve
these
vulnerabilities.
URL:support.f5.com/kb/en-us/solutions/public/16000/800/sol16861.html
URL:support.f5.com/kb/en-us/solutions/public/16000/800/sol16863.html
URL:support.f5.com/kb/en-us/solutions/public/16000/800/sol16869.html
URL:support.f5.com/kb/en-us/solutions/public/16000/800/sol16870.html
URL:support.f5.com/kb/en-us/solutions/public/16000/800/sol16872.html
URL:support.f5.com/kb/en-us/solutions/public/16000/800/sol16898.html
URL:support.f5.com/kb/en-us/solutions/public/16000/900/sol16913.html
URL:support.f5.com/kb/en-us/solutions/public/16000/900/sol16914.html
URL:support.f5.com/kb/en-us/solutions/public/16000/900/sol16915.html
URL:support.f5.com/kb/en-us/solutions/public/16000/900/sol16920.html
31.
Vulnerability in Grandstream GXV3611_HD
camera (VU#253708)
[08/07/2015] Vulnerability was identified in the Grandstream GXV3611_HD
camera. An attacker could bypass security restrictions, execute arbitrary code
and perform code injection attacks. This vulnerability affects firmware versions
prior to 1.0.3.9 beta of the mentioned product. Security patches are available
to resolve this
vulnerability.
URL:www.kb.cert.org/vuls/id/253708
32.
Vulnerability in Xen
(XSA-137)
[08/07/2015]
Vulnerability was identified in the Xen. An
attacker could bypass security restrictions, execute arbitrary code, cause a
denial of service condition and crash the system. This vulnerability affects
multiple versions of the mentioned product. Security patches are available to
resolve this
vulnerability.
URL:xenbits.xen.org/xsa/advisory-137.html
URL:exchange.xforce.ibmcloud.com/vulnerabilities/104408
33.
Security Updates in Oracle Linux
(ELSA-2015-1210)
[08/07/2015] Oracle has
released security update packages for fixing the vulnerabilities identified in
the abrt package for Oracle Linux 6. Due to multiple errors, an attacker could
bypass security restriction, obtain sensitive information, gain elevated
privileges, execute arbitrary code, cause a denial of service condition and
compromise the
system.
URL:linux.oracle.com/errata/ELSA-2015-1210.html
34.
Security Updates in Debian
(DSA-3303-1)
[08/07/2015] Debian has
released security update packages for fixing the vulnerabilities identified in
the cups-filters package for multiple versions of Debian GNU/Linux. Due to
multiple errors, an attacker could bypass security restriction, execute
arbitrary code, cause a denial of service condition and crash the
system.
URL:www.debian.org/security/2015/dsa-3303
35.
Security Updates in FreeBSD
(FreeBSD-SA-15:11.bind)
[08/07/2015] FreeBSD
has released security update packages for fixing the vulnerability identified in
the bind package for multiple versions of FreeBSD Linux. Due to multiple errors,
an attacker could bypass security restrictions, execute arbitrary code, cause a
denial of service condition and crash the
system.
URL:www.freebsd.org/security/advisories/FreeBSD-SA-15:11.bind.asc
36.
Security Updates in Gentoo Linux (GLSA
201507-03, GLSA 201507-04, GLSA 201507-05, GLSA 201507-06, GLSA 201507-07, GLSA
201507-08)
[08/07/2015]
Gentoo has released security update packages for
fixing the vulnerabilities identified in the exiv2, icu, sqlite, unrtf,
libvncserver and libxml2 packages for multiple versions of Gentoo Linux. Due to
multiple errors, an attacker could bypass security restrictions, obtain
sensitive information, gain elevated privileges, execute arbitrary code, cause a
denial of service condition and compromise the
system.
URL:security.gentoo.org/glsa/201507-03
URL:security.gentoo.org/glsa/201507-04
URL:security.gentoo.org/glsa/201507-05
URL:security.gentoo.org/glsa/201507-06
URL:security.gentoo.org/glsa/201507-07
URL:security.gentoo.org/glsa/201507-08
37.
Security Updates in Slackware
(SSA:2015-188-01, SSA:2015-188-02, SSA:2015-188-03,
SSA:2015-188-04)
[08/07/2015] Slackware
has released security update packages for fixing the vulnerabilities identified
in the cups, mozilla-firefox, ntp and bind packages for multiple versions of
Slackware Linux. Due to multiple errors, an attacker could bypass security
restriction, obtain sensitive information, gain elevated privileges, execute
arbitrary code, cause a denial of service condition and crash the
system.
URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.354975
URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.507395
URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.525959
URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.544749
38.
Security Updates in Red Hat Enterprise
Linux (RHSA-2015:1210-1, RHSA-2015:1211-1)
[08/07/2015] Red Hat
has released security update packages for fixing the vulnerabilities identified
in the abrt and kernel packages for Red Hat Enterprise Linux 6. Due to multiple
errors, an attacker could bypass security restrictions, obtain sensitive
information, gain elevated privileges, execute arbitrary code, cause a denial of
service condition and compromise the
system.
URL:rhn.redhat.com/errata/RHSA-2015-1210.html
URL:rhn.redhat.com/errata/RHSA-2015-1211.html
39.
Security Updates in Ubuntu GNU/Linux
(USN-2660-1, USN-2661-1, USN-2662-1, USN-2663-1, USN-2664-1, USN-2665-1,
USN-2666-1, USN-2667-1, USN-2668-1, USN-2669-1)
[08/07/2015] Ubuntu has released security update packages for fixing the
vulnerabilities identified in the linux, linux-ti-omap4, linux-lts-trusty,
linux-lts-utopic, linux-lts-vivid, haproxy and bind9 packages for versions 12.04
LTS, 14.04 LTS, 14.10 and 15.04 of Ubuntu GNU/Linux. Due to multiple errors, an
attacker could bypass security restrictions, obtain sensitive information, gain
elevated privileges, execute arbitrary code, cause a denial of service condition
and compromise the
system.
URL:www.ubuntu.com/usn/usn-2660-1/
URL:www.ubuntu.com/usn/usn-2661-1/
URL:www.ubuntu.com/usn/usn-2662-1/
URL:www.ubuntu.com/usn/usn-2663-1/
URL:www.ubuntu.com/usn/usn-2664-1/
URL:www.ubuntu.com/usn/usn-2665-1/
URL:www.ubuntu.com/usn/usn-2666-1/
URL:www.ubuntu.com/usn/usn-2667-1/
URL:www.ubuntu.com/usn/usn-2668-1/
URL:www.ubuntu.com/usn/usn-2669-1/
40.
Vulnerabilities in ANTlabs InnGate
(VU#485324)
[07/07/2015] Vulnerabilities were identified in the ANTlabs InnGate. An
attacker could bypass security restrictions, obtain sensitive information, gain
elevated privileges, execute arbitrary code, perform code injection and
cross-site scripting attacks. These vulnerabilities affect multiple firmware
versions of the mentioned product. Security patches are available to resolve
these
vulnerabilities.
URL:www.kb.cert.org/vuls/id/485324
41.
Vulnerability in Node.js and
io.js
[07/07/2015]
Vulnerability was identified in the Node.js and
io.js. An attacker could bypass security restrictions, cause a denial of service
condition and crash the system. This vulnerability affects versions prior to
0.12.6, 1.8.3 or 2.3.3 of the mentioned product. Security patches are available
to resolve this
vulnerability.
URL:www.us-cert.gov/ncas/current-activity/2015/07/06/Security-Updates-Nodejs-and-iojs
42.
Security Updates in Debian
(DSA-3302-1)
[07/07/2015] Debian has
released security update packages for fixing the vulnerabilities identified in
the libwmf package for multiple versions of Debian GNU/Linux. Due to multiple
errors, an attacker could bypass security restriction, execute arbitrary code,
cause a denial of service condition and crash the
system.
URL:www.debian.org/security/2015/dsa-3302
43.
Security Updates in Gentoo Linux (GLSA
201507-02)
[07/07/2015]
Gentoo has released security update packages for
fixing the vulnerabilities identified in the Tor package for multiple versions
of Gentoo Linux. Due to multiple errors, an attacker could bypass security
restrictions, cause a denial of service condition and crash the
system.
URL:security.gentoo.org/glsa/201507-02
44.
Security Updates in SUSE
(openSUSE-SU-2015:1197-1)
[07/07/2015] SUSE has
released security update packages for fixing the vulnerabilities identified in
the php5 package of openSUSE 13.1 and 13.2. Due to multiple errors, an attacker
could bypass security restrictions, obtain sensitive information, execute
arbitrary code, cause a denial of service condition and crash the
system.
URL:lists.opensuse.org/opensuse-security-announce/2015-07/msg00012.html
45.
Security Updates in Ubuntu GNU/Linux
(USN-2658-1, USN-2659-1)
[07/07/2015] Ubuntu has
released security update packages for fixing the vulnerabilities identified in
the php5 and cups-filters packages for versions 12.04 LTS, 14.04 LTS, 14.10 and
15.04 of Ubuntu GNU/Linux. Due to multiple errors, an attacker could bypass
security restrictions, obtain sensitive information, gain elevated privileges,
execute arbitrary code, cause a denial of service condition and compromise the
system.
URL:www.ubuntu.com/usn/usn-2658-1/
URL:www.ubuntu.com/usn/usn-2659-1/
46.
Vulnerability in easy2map plugin for
WordPress (104372)
[06/07/2015] Vulnerability was identified in the easy2map plugin for
WordPress. An attacker could bypass security restrictions, execute arbitrary
code and perform code injection attacks. This vulnerability affects version 1.24
of the mentioned product. Security patches are available to resolve this
vulnerability.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/104372
47.
Security Updates in Oracle Linux
(ELSA-2015-1207)
[06/07/2015] Oracle has
released security update packages for fixing the vulnerabilities identified in
the firefox package for Oracle Linux 5, 6 and 7. Due to multiple errors, an
attacker could bypass security restriction, obtain sensitive information, gain
elevated privileges, execute arbitrary code, cause a denial of service condition
and compromise the
system.
URL:linux.oracle.com/errata/ELSA-2015-1207.html
48.
Security Updates in Debian (DSA-3300-1,
DSA-3301-1)
[06/07/2015] Debian has
released security update packages for fixing the vulnerabilities identified in
the iceweasel and haproxy packages for multiple versions of Debian GNU/Linux.
Due to multiple errors, an attacker could bypass security restriction, obtain
sensitive information, gain elevated privileges, execute arbitrary code, cause a
denial of service condition and compromise the
system.
URL:www.debian.org/security/2015/dsa-3300
URL:www.debian.org/security/2015/dsa-3301
49.
Security Updates in Gentoo Linux (GLSA
201507-01)
[06/07/2015]
Gentoo has released security update packages for
fixing the vulnerabilities identified in the chrony package for multiple
versions of Gentoo Linux. Due to multiple errors, an attacker could bypass
security restrictions, execute arbitrary code, cause a denial of service
condition and crash the
system.
URL:security.gentoo.org/glsa/201507-01
50.
Security Updates in Mageia
(MGASA-2015-0255, MGASA-2015-0256, MGASA-2015-0257, MGASA-2015-0258,,
MGASA-2015-0259, MGASA-2015-0260, MGASA-2015-0261, MGASA-2015-0262,
MGASA-2015-0263, MGASA-2015-0264, MGASA-2015-0265, MGASA-2015-0266,
MGASA-2015-0267, MGASA-2015-0268)
[06/07/2015] Mageia has
released security update packages for fixing the vulnerabilities identified in
the mysql-connector-java, owncloud-client, tidy, php, php-apc, coreutils,
filezilla, libwmf, polkit, curl, wireshark, chromium-browser-stable, pam, pcre,
sqlite3, nss, firefox and firefox-l10n packages for multiple versions of Mageia.
Due to multiple errors, an attacker could bypass security restrictions, obtain
sensitive information, gain elevated privileges, execute arbitrary code, cause a
denial of service condition and compromise the
system.
URL:advisories.mageia.org/MGASA-2015-0255.html
URL:advisories.mageia.org/MGASA-2015-0256.html
URL:advisories.mageia.org/MGASA-2015-0257.html
URL:advisories.mageia.org/MGASA-2015-0258.html
URL:advisories.mageia.org/MGASA-2015-0259.html
URL:advisories.mageia.org/MGASA-2015-0260.html
URL:advisories.mageia.org/MGASA-2015-0261.html
URL:advisories.mageia.org/MGASA-2015-0262.html
URL:advisories.mageia.org/MGASA-2015-0263.html
URL:advisories.mageia.org/MGASA-2015-0264.html
URL:advisories.mageia.org/MGASA-2015-0265.html
URL:advisories.mageia.org/MGASA-2015-0266.html
URL:advisories.mageia.org/MGASA-2015-0267.html
URL:advisories.mageia.org/MGASA-2015-0268.html
51.
Security Updates in SUSE
(openSUSE-SU-2015:1180-1, SUSE-SU-2015:1181-1, SUSE-SU-2015:1181-2,
SUSE-SU-2015:1182-1, SUSE-SU-2015:1182-2, SUSE-SU-2015:1183-1,
SUSE-SU-2015:1183-2, SUSE-SU-2015:1184-1, SUSE-SU-2015:1184-2,
SUSE-SU-2015:1185-1)
[06/07/2015] SUSE has
released security update packages for fixing the vulnerabilities identified in
the Adobe Flash Player and OpenSSL packages of openSUSE Evergreen 11.4, SUSE
Studio Onsite 1.3, SUSE Linux Enterprise for SAP Applications, and SUSE Linux
Enterprise 10 and 11. Due to multiple errors, an attacker could bypass security
restrictions, obtain sensitive information, execute arbitrary code, cause a
denial of service condition and crash the
system.
URL:lists.opensuse.org/opensuse-security-announce/2015-07/msg00002.html
URL:lists.opensuse.org/opensuse-security-announce/2015-07/msg00003.html
URL:lists.opensuse.org/opensuse-security-announce/2015-07/msg00004.html
URL:lists.opensuse.org/opensuse-security-announce/2015-07/msg00005.html
URL:lists.opensuse.org/opensuse-security-announce/2015-07/msg00006.html
URL:lists.opensuse.org/opensuse-security-announce/2015-07/msg00007.html
URL:lists.opensuse.org/opensuse-security-announce/2015-07/msg00008.html
URL:lists.opensuse.org/opensuse-security-announce/2015-07/msg00009.html
URL:lists.opensuse.org/opensuse-security-announce/2015-07/msg00010.html
URL:lists.opensuse.org/opensuse-security-announce/2015-07/msg00011.html
No comments:
Post a Comment