1. Vulnerabilities in Mozilla Products (MFSA 2015-72, MFSA
2015-73, MFSA 2015-74, MFSA 2015-75, MFSA 2015-76, MFSA 2015-77, MFSA
2015-78)
[07/08/2015]
Vulnerabilities were identified in Mozilla
Firefox OS, Mozilla Firefox and Mozilla Firefox ESR. An attacker could bypass
security restriction, obtain sensitive information, execute arbitrary code,
cause a denial of service condition and crash the system. These vulnerabilities
affect multiple versions of the mentioned products. Security patches are
available to resolve these
vulnerabilities.
URL:www.mozilla.org/en-US/security/known-vulnerabilities/firefox/
URL:www.mozilla.org/en-US/security/known-vulnerabilities/firefox-esr/
URL:www.mozilla.org/en-US/security/advisories/mfsa2015-72/
URL:www.mozilla.org/en-US/security/advisories/mfsa2015-73/
URL:www.mozilla.org/en-US/security/advisories/mfsa2015-74/
URL:www.mozilla.org/en-US/security/advisories/mfsa2015-75/
URL:www.mozilla.org/en-US/security/advisories/mfsa2015-76/
URL:www.mozilla.org/en-US/security/advisories/mfsa2015-77/
URL:www.mozilla.org/en-US/security/advisories/mfsa2015-78/
2. Vulnerabilities in F5 Products
(SOL17079)
[07/08/2015]
Vulnerabilities were identified in the F5 BIG-IP
LTM, BIG-IP AAM, BIG-IP AFM, BIG-IP Analytics, BIG-IP APM, BIG-IP ASM, BIG-IP
Edge Gateway, BIG-IP GTM, BIG-IP Link Controller, BIG-IP PEM, BIG-IP PSM, BIG-IP
WebAccelerator, BIG-IP WOM, Enterprise Manager, BIG-IQ Cloud, BIG-IQ Device,
BIG-IQ Security and BIG-IQ ADC. An attacker could bypass security restrictions,
obtain sensitive information, execute arbitrary code, cause a denial of service
condition and crash the system. These vulnerabilities affect multiple versions
of the mentioned products. Security patches are available to resolve these
vulnerabilities.
URL:support.f5.com/kb/en-us/solutions/public/17000/000/sol17079.html
3. Vulnerability in Websense Triton Content Manager
(105344)
[07/08/2015]
Vulnerability was identified in the Websense
Triton Content Manager. An attacker could bypass security restrictions, execute
arbitrary code, cause a denial of service condition and crash the system. This
vulnerability affects versions prior to 8.0.0 HF02 of the mentioned product.
Security patches are available to resolve this
vulnerability.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/105344
4. Vulnerabilities in Linux Kernel (105346,
105348)
[07/08/2015]
Vulnerabilities were identified in the Linux
Kernel. An attacker could bypass security restrictions, gain elevated
privileges, execute arbitrary code, cause a denial of service condition and
compromise the system. These vulnerabilities affect multiple versions of the
mentioned product. Security patches are available to resolve these
vulnerabilities.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/105346
URL:exchange.xforce.ibmcloud.com/vulnerabilities/105348
5. Vulnerability in WordPress
(105343)
[07/08/2015]
Vulnerability was identified in the WordPress.
An attacker could bypass security restrictions, execute arbitrary code and
perform cross-site scripting attacks. This vulnerability affects version 4.2.2
of the mentioned
product.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/105343
6. Security Updates in Oracle Linux (ELSA-2015-3066,
ELSA-2015-3067, ELSA-2015-3068)
[07/08/2015] Oracle has
released security update packages for fixing the vulnerabilities identified in
the kernel package for Oracle Linux 5, 6 and 7. Due to multiple errors, an
attacker could bypass security restriction, execute arbitrary code, cause a
denial of service condition and crash the
system.
URL:linux.oracle.com/errata/ELSA-2015-3066.html
URL:linux.oracle.com/errata/ELSA-2015-3067.html
URL:linux.oracle.com/errata/ELSA-2015-3068.html
7. Security Updates in SUSE
(SUSE-SU-2015:1353-1)
[07/08/2015] SUSE has
released security update packages for fixing the vulnerabilities identified in
the oracle-update package of SUSE Manager 2.1. Due to multiple errors, an
attacker could bypass security restrictions, obtain sensitive information, gain
elevated privileges, execute arbitrary code, cause a denial of service condition
and compromise the
system.
URL:lists.opensuse.org/opensuse-security-announce/2015-08/msg00003.html
8. Security Updates in Ubuntu GNU/Linux (USN-2703-1,
USN-2704-1, USN-2705-1, USN-2706-1)
[07/08/2015] Ubuntu has
released security update packages for fixing the vulnerabilities identified in
the cinder, swift, python-keystoneclient, python-keystonemiddleware and
openjdk-6 packages for versions 12.04 LTS, 14.04 LTS and 15.04 of Ubuntu
GNU/Linux. Due to multiple errors, an attacker could bypass security
restrictions, obtain sensitive information, gain elevated privileges, execute
arbitrary code, cause a denial of service condition and compromise the
system.
URL:www.ubuntu.com/usn/usn-2703-1/
URL:www.ubuntu.com/usn/usn-2704-1/
URL:www.ubuntu.com/usn/usn-2705-1/
URL:www.ubuntu.com/usn/usn-2706-1/
9. Vulnerability in Juniper Pulse Secure
(105288)
[06/08/2015]
Vulnerability was identified in the Juniper
Pulse Secure. An attacker could bypass security restrictions and obtain
sensitive information. This vulnerability affects versions 7.1 and 8.0 of the
mentioned product. Security patches are available to resolve this
vulnerability.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/105288
10.
Vulnerability in FortiNet FortiSandbox
WebUI (105316)
[06/08/2015] Vulnerability was identified in the FortiNet FortiSandbox
WebUI. An attacker could bypass security restrictions, execute arbitrary code
and perform cross-site scripting attacks. This vulnerability affects versions
prior to 2.1 of the mentioned product. Security patches are available to resolve
this
vulnerability.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/105316
11.
Vulnerabilities in Huawei Products
(Huawei-SA-20150805-01-ME906,
Huawei-SA-20150805-01-VRP)
[06/08/2015] Vulnerabilities were identified in the Huawei mobile Internet
access module and Huawei switches. An attacker could bypass security
restrictions, obtain sensitive information, gain elevated privileges, execute
arbitrary code, cause a denial of service condition and compromise the system.
These vulnerabilities affect multiple firmware versions of the mentioned
products. Security patches are available to resolve these
vulnerabilities.
URL:www.huawei.com/en/security/psirt/security-bulletins/security-advisories/archive/hw-446601.htm
URL:www.huawei.com/en/security/psirt/security-bulletins/security-advisories/archive/hw-446634.htm
12.
Vulnerability in VirtueMart extension for
Joomla (105318)
[06/08/2015] Vulnerability was identified in the VirtueMart extension for
Joomla. An attacker could bypass security restrictions. This vulnerability
affects version 3.0.9 of the mentioned
product.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/105318
13.
Security Updates in Oracle Linux
(ELSA-2015-1534)
[06/08/2015] Oracle has
released security update packages for fixing the vulnerabilities identified in
the kernel package for Oracle Linux 7. Due to multiple errors, an attacker could
bypass security restriction, execute arbitrary code, cause a denial of service
condition and crash the
system.
URL:linux.oracle.com/errata/ELSA-2015-1534.html
14.
Security Updates in FreeBSD
(FreeBSD-SA-15:18.bsdpatch, FreeBSD-SA-15:19.routed)
[06/08/2015] FreeBSD has released security update packages for fixing the
vulnerability identified in the patch and routed packages for multiple versions
of FreeBSD Linux. Due to multiple errors, an attacker could bypass security
restriction, obtain sensitive information, gain elevated privileges, execute
arbitrary code, cause a denial of service condition and compromise the
system.
URL:www.freebsd.org/security/advisories/FreeBSD-SA-15:18.bsdpatch.asc
URL:www.freebsd.org/security/advisories/FreeBSD-SA-15:19.routed.asc
15.
Security Updates in SUSE
(SUSE-SU-2015:1345-1)
[06/08/2015] SUSE has
released security update packages for fixing the vulnerabilities identified in
the java-1_6_0-ibm packages of SUSE Linux Enterprise 12. Due to multiple errors,
an attacker could bypass security restrictions, obtain sensitive information,
gain elevated privileges, execute arbitrary code, cause a denial of service
condition and compromise the
system.
URL:lists.opensuse.org/opensuse-security-announce/2015-08/msg00002.html
16.
Vulnerability in Android
devices
[05/08/2015]
Vulnerability was identified in the mediaserver
service of Android devices. An attacker could bypass security restrictions,
cause a denial of service condition and crash the system. This vulnerability
affects multiple versions of the mentioned
products.
URL:www.hkcert.org/my_url/en/alert/15080501
17.
Vulnerabilities in
WordPress
[05/08/2015]
Vulnerabilities were identified in the
WordPress. An attacker could bypass security restrictions, obtain sensitive
information, gain elevated privileges, execute arbitrary code, cause a denial of
service condition and compromise the system. These vulnerabilities affect
versions prior to 4.2.4 of the mentioned product. Security patches are available
to resolve these
vulnerabilities.
URL:wordpress.org/news/2015/08/wordpress-4-2-4-security-and-maintenance-release/
URL:www.us-cert.gov/ncas/current-activity/2015/08/04/WordPress-Releases-Security-Update
18.
Security Updates in Red Hat Enterprise
Linux (RHSA-2015:1544-1, RHSA-2015:1545-1,
RHSA-2015:1546-1)
[05/08/2015] Red Hat
has released security update packages for fixing the vulnerabilities identified
in the java-1.5.0-ibm and node.js packages for Red Hat OpenShift Enterprise 2.0
and 2.1, and Red Hat Enterprise Linux 5 and 6. Due to multiple errors, an
attacker could bypass security restrictions, obtain sensitive information, gain
elevated privileges, execute arbitrary code, cause a denial of service condition
and compromise the
system.
URL:rhn.redhat.com/errata/RHSA-2015-1544.html
URL:rhn.redhat.com/errata/RHSA-2015-1545.html
URL:rhn.redhat.com/errata/RHSA-2015-1546.html
19.
Security Updates in Ubuntu GNU/Linux
(USN-2677-1)
[05/08/2015] Ubuntu has
released security update packages for fixing the vulnerabilities identified in
the oxide-qt package for versions 14.04 LTS and 15.04 of Ubuntu GNU/Linux. Due
to multiple errors, an attacker could bypass security restrictions, obtain
sensitive information, gain elevated privileges, execute arbitrary code, cause a
denial of service condition and compromise the
system.
URL:www.ubuntu.com/usn/usn-2677-1/
20. Vulnerabilities in F5 Products (SOL15273, SOL15532,
SOL15889, SOL17028)
[04/08/2015] Vulnerabilities were identified in the F5 BIG-IP LTM, BIG-IP
AAM, BIG-IP AFM, BIG-IP Analytics, BIG-IP APM, BIG-IP ASM, BIG-IP Edge Gateway,
BIG-IP GTM, BIG-IP Link Controller, BIG-IP PEM, BIG-IP PSM, BIG-IP
WebAccelerator, BIG-IP WOM, ARX, Enterprise Manager, FirePass, BIG-IQ Cloud,
BIG-IQ Device, BIG-IQ Security and BIG-IQ ADC. An attacker could bypass security
restrictions, obtain sensitive information, gain elevated privileges, execute
arbitrary code, cause a denial of service condition and compromise the system.
These vulnerabilities affect multiple versions of the mentioned products.
Security patches are available to resolve these
vulnerabilities.
URL:support.f5.com/kb/en-us/solutions/public/15000/200/sol15273.html
URL:support.f5.com/kb/en-us/solutions/public/15000/500/sol15532.html
URL:support.f5.com/kb/en-us/solutions/public/15000/800/sol15889.html
URL:support.f5.com/kb/en-us/solutions/public/17000/000/sol17028.html
21.
Vulnerabilities in Xen (XSA-139,
XSA-140)
[04/08/2015]
Vulnerabilities were identified in the Xen. An
attacker could bypass security restrictions, obtain sensitive information, gain
elevated privileges and execute arbitrary code. These vulnerabilities affect
multiple versions of the mentioned product. Security patches are available to
resolve these
vulnerabilities.
URL:xenbits.xen.org/xsa/advisory-139.html
URL:xenbits.xen.org/xsa/advisory-140.html
URL:exchange.xforce.ibmcloud.com/vulnerabilities/105253
URL:exchange.xforce.ibmcloud.com/vulnerabilities/105254
22.
Vulnerability in devscripts
(105242)
[04/08/2015]
Vulnerability was identified in the devscripts.
An attacker could bypass security restrictions and execute arbitrary code. This
vulnerability affects multiple versions of the mentioned product. Security
patches are available to resolve this
vulnerability.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/105242
23.
Vulnerabilities in Linux Kernel (105236,
105237)
[04/08/2015]
Vulnerabilities were identified in the Linux
Kernel. An attacker could bypass security restrictions and execute arbitrary
code. These vulnerabilities affect multiple versions of the mentioned product.
Security patches are available to resolve these
vulnerabilities.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/105236
URL:exchange.xforce.ibmcloud.com/vulnerabilities/105237
24.
Security Updates in Debian
(DSA-3327-1)
[04/08/2015] Debian has
released security update packages for fixing the vulnerability identified in the
squid3 package for multiple versions of Debian GNU/Linux. An attacker could
bypass security
restrictions.
URL:www.debian.org/security/2015/dsa-3327
25.
Security Updates in Mageia
(MGASA-2015-0300, MGASA-2015-0301, MGASA-2015-0302,
MGASA-2015-0303)
[04/08/2015] Mageia has
released security update packages for fixing the vulnerabilities identified in
the ipython, pdns, pdns-recursor, moodle and php packages for multiple versions
of Mageia. Due to multiple errors, an attacker could bypass security
restrictions, obtain sensitive information, gain elevated privileges, execute
arbitrary code, cause a denial of service condition and compromise the
system.
URL:advisories.mageia.org/MGASA-2015-0300.html
URL:advisories.mageia.org/MGASA-2015-0301.html
URL:advisories.mageia.org/MGASA-2015-0302.html
URL:advisories.mageia.org/MGASA-2015-0303.html
26.
Security Updates in SUSE
(openSUSE-SU-2015:1332-1, openSUSE-SU-2015:1335-1)
[04/08/2015] SUSE has released security update packages for fixing the
vulnerabilities identified in the libuser and bind packages of openSUSE 13.1 and
13.2. Due to multiple errors, an attacker could bypass security restrictions,
obtain sensitive information, gain elevated privileges, execute arbitrary code,
cause a denial of service condition and crash the
system.
URL:lists.opensuse.org/opensuse-security-announce/2015-08/msg00000.html
URL:lists.opensuse.org/opensuse-security-announce/2015-08/msg00001.html
27.
Vulnerabilities in Trend Micro
OfficeScan
[03/08/2015]
Vulnerabilities were identified in the Trend
Micro OfficeScan 11. An attacker could bypass security restrictions, obtain
sensitive information, cause a denial of service condition and crash the system.
These vulnerabilities affect versions prior to 11.0 Service Pack 1 of the
mentioned product. Security patches are available to resolve these
vulnerabilities.
URL:docs.trendmicro.com/all/ent/officescan/v11.0/en-us/osce_11.0_sp1_cp_server_readme.htm
URL:downloadcenter.trendmicro.com/index.php?regs=NABU&clk=tbl&clkval=4569&cm_mmc=RSS-_-Download%20Center-_-product-_-5
28.
Vulnerabilities in Chiyu Technology
fingerprint access control devices (VU#360431)
[03/08/2015] Vulnerabilities were identified in the Chiyu Technology
fingerprint access control devices. An attacker could bypass security
restrictions, obtain sensitive information, execute arbitrary code and perform
cross-site scripting attacks. These vulnerabilities affect multiple firmware
versions of the mentioned
products.
URL:www.kb.cert.org/vuls/id/360431
URL:exchange.xforce.ibmcloud.com/vulnerabilities/105233
URL:exchange.xforce.ibmcloud.com/vulnerabilities/105234
29.
Vulnerability in Net-SNMP
(105232)
[03/08/2015]
Vulnerability was identified in the Net-SNMP. An
attacker could bypass security restrictions, execute arbitrary code, cause a
denial of service condition and crash the system. This vulnerability affects
multiple versions of the mentioned product. Security patches are available to
resolve this
vulnerability.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/105232
30.
Security Updates in Oracle Linux
(ELSA-2015-3054, ELSA-2015-3055, ELSA-2015-3065)
[03/08/2015] Oracle has released security update packages for fixing the
vulnerabilities identified in the kernel and lxc packages for Oracle Linux 5, 6
and 7. Due to multiple errors, an attacker could bypass security restriction,
obtain sensitive information, gain elevated privileges, execute arbitrary code,
cause a denial of service condition and compromise the
system.
URL:linux.oracle.com/errata/ELSA-2015-3054.html
URL:linux.oracle.com/errata/ELSA-2015-3055.html
URL:linux.oracle.com/errata/ELSA-2015-3065.html
31.
Security Updates in Debian (DSA-3322-1,
DSA-3323-1, DSA-3324-1, DSA-3325-1, DSA-3326-1)
[03/08/2015] Debian has released security update packages for fixing the
vulnerabilities identified in the ruby-rack, icu, icedove, apache2 and
ghostscript packages for multiple versions of Debian GNU/Linux. Due to multiple
errors, an attacker could bypass security restriction, obtain sensitive
information, gain elevated privileges, execute arbitrary code, cause a denial of
service condition and compromise the
system.
URL:www.debian.org/security/2015/dsa-3322
URL:www.debian.org/security/2015/dsa-3323
URL:www.debian.org/security/2015/dsa-3324
URL:www.debian.org/security/2015/dsa-3325
URL:www.debian.org/security/2015/dsa-3326
32.
Security Updates in Mageia
(MGASA-2015-0297, MGASA-2015-0298, MGASA-2015-0299)
[03/08/2015] Mageia has released security update packages for fixing the
vulnerabilities identified in the icu, bind and remind packages for multiple
versions of Mageia. Due to multiple errors, an attacker could bypass security
restrictions, execute arbitrary code, cause a denial of service condition and
crash the
system.
URL:advisories.mageia.org/MGASA-2015-0297.html
URL:advisories.mageia.org/MGASA-2015-0298.html
URL:advisories.mageia.org/MGASA-2015-0299.html
33.
Security Updates in SUSE
(SUSE-SU-2015:1324-1, openSUSE-SU-2015:1326-1, SUSE-SU-2015:1329-1,
SUSE-SU-2015:1331-1)
[03/08/2015] SUSE has
released security update packages for fixing the vulnerabilities identified in
the kernel, bind and java-1_7_1-ibm packages of SUSE Linux Enterprise 11 and 12,
and openSUSE Evergreen 11.4. Due to multiple errors, an attacker could bypass
security restrictions, obtain sensitive information, gain elevated privileges,
execute arbitrary code, cause a denial of service condition and compromise the
system.
URL:lists.opensuse.org/opensuse-security-announce/2015-07/msg00049.html
URL:lists.opensuse.org/opensuse-security-announce/2015-07/msg00050.html
URL:lists.opensuse.org/opensuse-security-announce/2015-07/msg00051.html
URL:lists.opensuse.org/opensuse-security-announce/2015-07/msg00052.html
34.
Security Updates in Ubuntu GNU/Linux
(USN-2700-1, USN-2701-1)
[03/08/2015] Ubuntu has
released security update packages for fixing the vulnerabilities identified in
the linux and linux-lts-trusty packages for versions 12.04 LTS and 14.04 LTS of
Ubuntu GNU/Linux. Due to multiple errors, an attacker could bypass security
restrictions, obtain sensitive information, gain elevated privileges, execute
arbitrary code, cause a denial of service condition and compromise the
system.
URL:www.ubuntu.com/usn/usn-2700-1/
URL:www.ubuntu.com/usn/usn-2701-1/
No comments:
Post a Comment