Sunday, August 9, 2015

IT Security Alerts Weekly Digest (2 Aug ~ 8 Aug 2015)

1. Vulnerabilities in Mozilla Products (MFSA 2015-72, MFSA 2015-73, MFSA 2015-74, MFSA 2015-75, MFSA 2015-76, MFSA 2015-77, MFSA 2015-78)
[07/08/2015] Vulnerabilities were identified in Mozilla Firefox OS, Mozilla Firefox and Mozilla Firefox ESR. An attacker could bypass security restriction, obtain sensitive information, execute arbitrary code, cause a denial of service condition and crash the system. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.

URL:www.mozilla.org/en-US/security/known-vulnerabilities/firefox/
URL:www.mozilla.org/en-US/security/known-vulnerabilities/firefox-esr/
URL:www.mozilla.org/en-US/security/advisories/mfsa2015-72/
URL:www.mozilla.org/en-US/security/advisories/mfsa2015-73/
URL:www.mozilla.org/en-US/security/advisories/mfsa2015-74/
URL:www.mozilla.org/en-US/security/advisories/mfsa2015-75/
URL:www.mozilla.org/en-US/security/advisories/mfsa2015-76/
URL:www.mozilla.org/en-US/security/advisories/mfsa2015-77/
URL:www.mozilla.org/en-US/security/advisories/mfsa2015-78/

2. Vulnerabilities in F5 Products (SOL17079)
[07/08/2015] Vulnerabilities were identified in the F5 BIG-IP LTM, BIG-IP AAM, BIG-IP AFM, BIG-IP Analytics, BIG-IP APM, BIG-IP ASM, BIG-IP Edge Gateway, BIG-IP GTM, BIG-IP Link Controller, BIG-IP PEM, BIG-IP PSM, BIG-IP WebAccelerator, BIG-IP WOM, Enterprise Manager, BIG-IQ Cloud, BIG-IQ Device, BIG-IQ Security and BIG-IQ ADC. An attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and crash the system. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.

URL:support.f5.com/kb/en-us/solutions/public/17000/000/sol17079.html

3. Vulnerability in Websense Triton Content Manager (105344)
[07/08/2015] Vulnerability was identified in the Websense Triton Content Manager. An attacker could bypass security restrictions, execute arbitrary code, cause a denial of service condition and crash the system. This vulnerability affects versions prior to 8.0.0 HF02 of the mentioned product. Security patches are available to resolve this vulnerability.

URL:exchange.xforce.ibmcloud.com/vulnerabilities/105344

4. Vulnerabilities in Linux Kernel (105346, 105348)
[07/08/2015] Vulnerabilities were identified in the Linux Kernel. An attacker could bypass security restrictions, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system. These vulnerabilities affect multiple versions of the mentioned product. Security patches are available to resolve these vulnerabilities.

URL:exchange.xforce.ibmcloud.com/vulnerabilities/105346
URL:exchange.xforce.ibmcloud.com/vulnerabilities/105348

5. Vulnerability in WordPress (105343)
[07/08/2015] Vulnerability was identified in the WordPress. An attacker could bypass security restrictions, execute arbitrary code and perform cross-site scripting attacks. This vulnerability affects version 4.2.2 of the mentioned product.

URL:exchange.xforce.ibmcloud.com/vulnerabilities/105343

6. Security Updates in Oracle Linux (ELSA-2015-3066, ELSA-2015-3067, ELSA-2015-3068)
[07/08/2015] Oracle has released security update packages for fixing the vulnerabilities identified in the kernel package for Oracle Linux 5, 6 and 7. Due to multiple errors, an attacker could bypass security restriction, execute arbitrary code, cause a denial of service condition and crash the system.

URL:linux.oracle.com/errata/ELSA-2015-3066.html
URL:linux.oracle.com/errata/ELSA-2015-3067.html
URL:linux.oracle.com/errata/ELSA-2015-3068.html

7. Security Updates in SUSE (SUSE-SU-2015:1353-1)
[07/08/2015] SUSE has released security update packages for fixing the vulnerabilities identified in the oracle-update package of SUSE Manager 2.1. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.

URL:lists.opensuse.org/opensuse-security-announce/2015-08/msg00003.html

8. Security Updates in Ubuntu GNU/Linux (USN-2703-1, USN-2704-1, USN-2705-1, USN-2706-1)
[07/08/2015] Ubuntu has released security update packages for fixing the vulnerabilities identified in the cinder, swift, python-keystoneclient, python-keystonemiddleware and openjdk-6 packages for versions 12.04 LTS, 14.04 LTS and 15.04 of Ubuntu GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.

URL:www.ubuntu.com/usn/usn-2703-1/
URL:www.ubuntu.com/usn/usn-2704-1/
URL:www.ubuntu.com/usn/usn-2705-1/
URL:www.ubuntu.com/usn/usn-2706-1/

9. Vulnerability in Juniper Pulse Secure (105288)
[06/08/2015] Vulnerability was identified in the Juniper Pulse Secure. An attacker could bypass security restrictions and obtain sensitive information. This vulnerability affects versions 7.1 and 8.0 of the mentioned product. Security patches are available to resolve this vulnerability.

URL:exchange.xforce.ibmcloud.com/vulnerabilities/105288

10. Vulnerability in FortiNet FortiSandbox WebUI (105316)
[06/08/2015] Vulnerability was identified in the FortiNet FortiSandbox WebUI. An attacker could bypass security restrictions, execute arbitrary code and perform cross-site scripting attacks. This vulnerability affects versions prior to 2.1 of the mentioned product. Security patches are available to resolve this vulnerability.

URL:exchange.xforce.ibmcloud.com/vulnerabilities/105316

11. Vulnerabilities in Huawei Products (Huawei-SA-20150805-01-ME906, Huawei-SA-20150805-01-VRP)
[06/08/2015] Vulnerabilities were identified in the Huawei mobile Internet access module and Huawei switches. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system. These vulnerabilities affect multiple firmware versions of the mentioned products. Security patches are available to resolve these vulnerabilities.

URL:www.huawei.com/en/security/psirt/security-bulletins/security-advisories/archive/hw-446601.htm
URL:www.huawei.com/en/security/psirt/security-bulletins/security-advisories/archive/hw-446634.htm

12. Vulnerability in VirtueMart extension for Joomla (105318)
[06/08/2015] Vulnerability was identified in the VirtueMart extension for Joomla. An attacker could bypass security restrictions. This vulnerability affects version 3.0.9 of the mentioned product.

URL:exchange.xforce.ibmcloud.com/vulnerabilities/105318

13. Security Updates in Oracle Linux (ELSA-2015-1534)
[06/08/2015] Oracle has released security update packages for fixing the vulnerabilities identified in the kernel package for Oracle Linux 7. Due to multiple errors, an attacker could bypass security restriction, execute arbitrary code, cause a denial of service condition and crash the system.

URL:linux.oracle.com/errata/ELSA-2015-1534.html

14. Security Updates in FreeBSD (FreeBSD-SA-15:18.bsdpatch, FreeBSD-SA-15:19.routed)
[06/08/2015] FreeBSD has released security update packages for fixing the vulnerability identified in the patch and routed packages for multiple versions of FreeBSD Linux. Due to multiple errors, an attacker could bypass security restriction, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.

URL:www.freebsd.org/security/advisories/FreeBSD-SA-15:18.bsdpatch.asc
URL:www.freebsd.org/security/advisories/FreeBSD-SA-15:19.routed.asc

15. Security Updates in SUSE (SUSE-SU-2015:1345-1)
[06/08/2015] SUSE has released security update packages for fixing the vulnerabilities identified in the java-1_6_0-ibm packages of SUSE Linux Enterprise 12. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.

URL:lists.opensuse.org/opensuse-security-announce/2015-08/msg00002.html

16. Vulnerability in Android devices
[05/08/2015] Vulnerability was identified in the mediaserver service of Android devices. An attacker could bypass security restrictions, cause a denial of service condition and crash the system. This vulnerability affects multiple versions of the mentioned products.

URL:www.hkcert.org/my_url/en/alert/15080501

17. Vulnerabilities in WordPress
[05/08/2015] Vulnerabilities were identified in the WordPress. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system. These vulnerabilities affect versions prior to 4.2.4 of the mentioned product. Security patches are available to resolve these vulnerabilities.

URL:wordpress.org/news/2015/08/wordpress-4-2-4-security-and-maintenance-release/
URL:www.us-cert.gov/ncas/current-activity/2015/08/04/WordPress-Releases-Security-Update

18. Security Updates in Red Hat Enterprise Linux (RHSA-2015:1544-1, RHSA-2015:1545-1, RHSA-2015:1546-1)
[05/08/2015] Red Hat has released security update packages for fixing the vulnerabilities identified in the java-1.5.0-ibm and node.js packages for Red Hat OpenShift Enterprise 2.0 and 2.1, and Red Hat Enterprise Linux 5 and 6. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.

URL:rhn.redhat.com/errata/RHSA-2015-1544.html
URL:rhn.redhat.com/errata/RHSA-2015-1545.html
URL:rhn.redhat.com/errata/RHSA-2015-1546.html

19. Security Updates in Ubuntu GNU/Linux (USN-2677-1)
[05/08/2015] Ubuntu has released security update packages for fixing the vulnerabilities identified in the oxide-qt package for versions 14.04 LTS and 15.04 of Ubuntu GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.

URL:www.ubuntu.com/usn/usn-2677-1/

20. Vulnerabilities in F5 Products (SOL15273, SOL15532, SOL15889, SOL17028)
[04/08/2015] Vulnerabilities were identified in the F5 BIG-IP LTM, BIG-IP AAM, BIG-IP AFM, BIG-IP Analytics, BIG-IP APM, BIG-IP ASM, BIG-IP Edge Gateway, BIG-IP GTM, BIG-IP Link Controller, BIG-IP PEM, BIG-IP PSM, BIG-IP WebAccelerator, BIG-IP WOM, ARX, Enterprise Manager, FirePass, BIG-IQ Cloud, BIG-IQ Device, BIG-IQ Security and BIG-IQ ADC. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.

URL:support.f5.com/kb/en-us/solutions/public/15000/200/sol15273.html
URL:support.f5.com/kb/en-us/solutions/public/15000/500/sol15532.html
URL:support.f5.com/kb/en-us/solutions/public/15000/800/sol15889.html
URL:support.f5.com/kb/en-us/solutions/public/17000/000/sol17028.html

21. Vulnerabilities in Xen (XSA-139, XSA-140)
[04/08/2015] Vulnerabilities were identified in the Xen. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges and execute arbitrary code. These vulnerabilities affect multiple versions of the mentioned product. Security patches are available to resolve these vulnerabilities.

URL:xenbits.xen.org/xsa/advisory-139.html
URL:xenbits.xen.org/xsa/advisory-140.html
URL:exchange.xforce.ibmcloud.com/vulnerabilities/105253
URL:exchange.xforce.ibmcloud.com/vulnerabilities/105254

22. Vulnerability in devscripts (105242)
[04/08/2015] Vulnerability was identified in the devscripts. An attacker could bypass security restrictions and execute arbitrary code. This vulnerability affects multiple versions of the mentioned product. Security patches are available to resolve this vulnerability.

URL:exchange.xforce.ibmcloud.com/vulnerabilities/105242

23. Vulnerabilities in Linux Kernel (105236, 105237)
[04/08/2015] Vulnerabilities were identified in the Linux Kernel. An attacker could bypass security restrictions and execute arbitrary code. These vulnerabilities affect multiple versions of the mentioned product. Security patches are available to resolve these vulnerabilities.

URL:exchange.xforce.ibmcloud.com/vulnerabilities/105236
URL:exchange.xforce.ibmcloud.com/vulnerabilities/105237

24. Security Updates in Debian (DSA-3327-1)
[04/08/2015] Debian has released security update packages for fixing the vulnerability identified in the squid3 package for multiple versions of Debian GNU/Linux. An attacker could bypass security restrictions.

URL:www.debian.org/security/2015/dsa-3327

25. Security Updates in Mageia (MGASA-2015-0300, MGASA-2015-0301, MGASA-2015-0302, MGASA-2015-0303)
[04/08/2015] Mageia has released security update packages for fixing the vulnerabilities identified in the ipython, pdns, pdns-recursor, moodle and php packages for multiple versions of Mageia. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.

URL:advisories.mageia.org/MGASA-2015-0300.html
URL:advisories.mageia.org/MGASA-2015-0301.html
URL:advisories.mageia.org/MGASA-2015-0302.html
URL:advisories.mageia.org/MGASA-2015-0303.html

26. Security Updates in SUSE (openSUSE-SU-2015:1332-1, openSUSE-SU-2015:1335-1)
[04/08/2015] SUSE has released security update packages for fixing the vulnerabilities identified in the libuser and bind packages of openSUSE 13.1 and 13.2. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the system.

URL:lists.opensuse.org/opensuse-security-announce/2015-08/msg00000.html
URL:lists.opensuse.org/opensuse-security-announce/2015-08/msg00001.html

27. Vulnerabilities in Trend Micro OfficeScan
[03/08/2015] Vulnerabilities were identified in the Trend Micro OfficeScan 11. An attacker could bypass security restrictions, obtain sensitive information, cause a denial of service condition and crash the system. These vulnerabilities affect versions prior to 11.0 Service Pack 1 of the mentioned product. Security patches are available to resolve these vulnerabilities.

URL:docs.trendmicro.com/all/ent/officescan/v11.0/en-us/osce_11.0_sp1_cp_server_readme.htm
URL:downloadcenter.trendmicro.com/index.php?regs=NABU&clk=tbl&clkval=4569&cm_mmc=RSS-_-Download%20Center-_-product-_-5

28. Vulnerabilities in Chiyu Technology fingerprint access control devices (VU#360431)
[03/08/2015] Vulnerabilities were identified in the Chiyu Technology fingerprint access control devices. An attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code and perform cross-site scripting attacks. These vulnerabilities affect multiple firmware versions of the mentioned products.

URL:www.kb.cert.org/vuls/id/360431
URL:exchange.xforce.ibmcloud.com/vulnerabilities/105233
URL:exchange.xforce.ibmcloud.com/vulnerabilities/105234

29. Vulnerability in Net-SNMP (105232)
[03/08/2015] Vulnerability was identified in the Net-SNMP. An attacker could bypass security restrictions, execute arbitrary code, cause a denial of service condition and crash the system. This vulnerability affects multiple versions of the mentioned product. Security patches are available to resolve this vulnerability.

URL:exchange.xforce.ibmcloud.com/vulnerabilities/105232

30. Security Updates in Oracle Linux (ELSA-2015-3054, ELSA-2015-3055, ELSA-2015-3065)
[03/08/2015] Oracle has released security update packages for fixing the vulnerabilities identified in the kernel and lxc packages for Oracle Linux 5, 6 and 7. Due to multiple errors, an attacker could bypass security restriction, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.

URL:linux.oracle.com/errata/ELSA-2015-3054.html
URL:linux.oracle.com/errata/ELSA-2015-3055.html
URL:linux.oracle.com/errata/ELSA-2015-3065.html

31. Security Updates in Debian (DSA-3322-1, DSA-3323-1, DSA-3324-1, DSA-3325-1, DSA-3326-1)
[03/08/2015] Debian has released security update packages for fixing the vulnerabilities identified in the ruby-rack, icu, icedove, apache2 and ghostscript packages for multiple versions of Debian GNU/Linux. Due to multiple errors, an attacker could bypass security restriction, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.

URL:www.debian.org/security/2015/dsa-3322
URL:www.debian.org/security/2015/dsa-3323
URL:www.debian.org/security/2015/dsa-3324
URL:www.debian.org/security/2015/dsa-3325
URL:www.debian.org/security/2015/dsa-3326

32. Security Updates in Mageia (MGASA-2015-0297, MGASA-2015-0298, MGASA-2015-0299)
[03/08/2015] Mageia has released security update packages for fixing the vulnerabilities identified in the icu, bind and remind packages for multiple versions of Mageia. Due to multiple errors, an attacker could bypass security restrictions, execute arbitrary code, cause a denial of service condition and crash the system.

URL:advisories.mageia.org/MGASA-2015-0297.html
URL:advisories.mageia.org/MGASA-2015-0298.html
URL:advisories.mageia.org/MGASA-2015-0299.html

33. Security Updates in SUSE (SUSE-SU-2015:1324-1, openSUSE-SU-2015:1326-1, SUSE-SU-2015:1329-1, SUSE-SU-2015:1331-1)
[03/08/2015] SUSE has released security update packages for fixing the vulnerabilities identified in the kernel, bind and java-1_7_1-ibm packages of SUSE Linux Enterprise 11 and 12, and openSUSE Evergreen 11.4. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.

URL:lists.opensuse.org/opensuse-security-announce/2015-07/msg00049.html
URL:lists.opensuse.org/opensuse-security-announce/2015-07/msg00050.html
URL:lists.opensuse.org/opensuse-security-announce/2015-07/msg00051.html
URL:lists.opensuse.org/opensuse-security-announce/2015-07/msg00052.html

34. Security Updates in Ubuntu GNU/Linux (USN-2700-1, USN-2701-1)
[03/08/2015] Ubuntu has released security update packages for fixing the vulnerabilities identified in the linux and linux-lts-trusty packages for versions 12.04 LTS and 14.04 LTS of Ubuntu GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.

URL:www.ubuntu.com/usn/usn-2700-1/
URL:www.ubuntu.com/usn/usn-2701-1/



No comments:

Post a Comment