1. Information
Updates on Microsoft Security Bulletin (3080790)
[04/09/2015] Microsoft has updated information on the Security Bulletin
for Microsoft Office. MS15-081 was revised to announce that the 3039798 update
for Microsoft Office 2013 RT Service Pack 1 is available via Windows
Update.
URL:technet.microsoft.com/en-us/library/security/MS15-081
2. Vulnerabilities in BIND (AA-01287,
AA-01291)
[04/09/2015]
Vulnerabilities were identified in the BIND. An
attacker could bypass security restrictions, cause a denial of service condition
and crash the system. These vulnerabilities affect versions prior to 9.9.7-P3,
9.10.2-P4, 9.9.8rc1 or 9.10.3rc1 of the mentioned product. Security patches are
available to resolve these
vulnerabilities.
URL:kb.isc.org/article/AA-01287/
URL:kb.isc.org/article/AA-01291/
URL:www.hkcert.org/my_url/en/alert/15090402
URL:www.us-cert.gov/ncas/current-activity/2015/09/02/Internet-Systems-Consortium-ISC-Releases-Security-Updates-BIND
3. Vulnerabilities in Cisco Products
(cisco-sa-20150902-cimcs)
[04/09/2015] Vulnerabilities were identified in the Cisco Integrated
Management Controller (IMC) Supervisor, Cisco UCS Director and Cisco
TelePresence IX5000 Systems. An attacker could bypass security restrictions,
obtain sensitive information, gain elevated privileges, execute arbitrary code,
cause a denial of service condition and compromise the system. These
vulnerabilities affect multiple firmware versions of the mentioned products.
Security patches are available to resolve these
vulnerabilities.
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150902-cimcs
URL:tools.cisco.com/security/center/viewAlert.x?alertId=40727
URL:www.us-cert.gov/ncas/current-activity/2015/09/03/Cisco-Releases-Security-Updates
4. Vulnerability in Symantec Ghost Explorer Utility
(SYM15-008)
[04/09/2015] Vulnerability was identified in Symantec Ghost Explorer
Utility. An attacker could bypass security restrictions, execute arbitrary code,
cause a denial of service condition and crash the system. This vulnerability
affects versions prior to GSS 3.0 HF2 (12.0.0.8010) and DS 7.6 HF4 (12.0.0.7045)
of the mentioned product. Security patches are available to resolve this
vulnerability.
URL:www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2015&suid=20150902_00
5. Vulnerabilities in Cogent DataHub
(ICSA-15-246-01)
[04/09/2015] Vulnerabilities were identified in the Cogent DataHub. An
attacker could bypass security restrictions, obtain sensitive information, gain
elevated privileges, execute arbitrary code, cause a denial of service condition
and compromise the system. These vulnerabilities affect versions 7.3.8 and prior
of the mentioned product. Security patches are available to resolve these
vulnerabilities.
URL:ics-cert.us-cert.gov/advisories/ICSA-15-246-01
6. Vulnerabilities in Moxa Industrial Managed Switch
(ICSA-15-246-03)
[04/09/2015] Vulnerabilities were identified in multiple Moxa Industrial
Managed Switch. An attacker could bypass security restrictions, execute
arbitrary code and compromise the system. These vulnerabilities affect firmware
version V3.4 build 14031419 and prior of the mentioned product. Security patches
are available to resolve these
vulnerabilities.
URL:ics-cert.us-cert.gov/advisories/ICSA-15-246-03
7. Vulnerability in Sunny WebBox
(ICSA-15-181-02)
[04/09/2015] Vulnerability was identified in the Sunny WebBox. An attacker
could bypass security restrictions, obtain sensitive information, gain elevated
privileges, execute arbitrary code and compromise the system. This vulnerability
affects ALL versions of the mentioned
product.
URL:ics-cert.us-cert.gov/advisories/ICSA-15-181-02
8. Vulnerability in Huawei UAP2105 device
(Huawei-SA-20150902-01-UAP2105)
[04/09/2015] Vulnerability was identified in the Huawei UAP2105 device. An
attacker could bypass security restrictions, obtain sensitive information, gain
elevated privileges, execute arbitrary code and compromise the system. This
vulnerability affects firmware versions prior to V300R012C00SPC160(BootRom) [1]
of the mentioned product. Security patches are available to resolve this
vulnerability.
URL:www.huawei.com/en/security/psirt/security-bulletins/security-advisories/archive/hw-452865.htm
9. Security Updates in Oracle Linux (ELSA-2015-1705,
ELSA-2015-1706, ELSA-2015-1707, ELSA-2015-1708, ELSA-2015-1714,
ELSA-2015-1715)
[04/09/2015] Oracle has
released security update packages for fixing the vulnerabilities identified in
the bind, bind97, libXfont, spice and spice-server packages for Oracle Linux 5,
6 and 7. Due to multiple errors, an attacker could bypass security restrictions,
obtain sensitive information, gain elevated privileges, execute arbitrary code,
cause a denial of service condition and compromise the
system.
URL:linux.oracle.com/errata/ELSA-2015-1705.html
URL:linux.oracle.com/errata/ELSA-2015-1706.html
URL:linux.oracle.com/errata/ELSA-2015-1707.html
URL:linux.oracle.com/errata/ELSA-2015-1708.html
URL:linux.oracle.com/errata/ELSA-2015-1714.html
URL:linux.oracle.com/errata/ELSA-2015-1715.html
10.
Security Updates in Debian (DSA-3347-1,
DSA-3348-1, DSA-3349-1, DSA-3350-1)
[04/09/2015] Debian has
released security update packages for fixing the vulnerabilities identified in
the pdns, qemu, qemu-kvm and bind9 packages for multiple versions of Debian
GNU/Linux. Due to multiple errors, an attacker could bypass security
restrictions, obtain sensitive information, gain elevated privileges, execute
arbitrary code, cause a denial of service condition and compromise the
system.
URL:www.debian.org/security/2015/dsa-3347
URL:www.debian.org/security/2015/dsa-3348
URL:www.debian.org/security/2015/dsa-3349
URL:www.debian.org/security/2015/dsa-3350
11.
Security Updates in FreeBSD
(FreeBSD-SA-15:23.bind)
[04/09/2015] FreeBSD
has released security update packages for fixing the vulnerability identified in
the bind packages for multiple versions of FreeBSD Linux. A an attacker could
bypass security restrictions, cause a denial of service condition and crash the
system.
URL:www.freebsd.org/security/advisories/FreeBSD-SA-15:23.bind.asc
12.
Security Updates in Red Hat Enterprise
Linux (RHSA-2015:1705-1, RHSA-2015:1706-1, RHSA-2015:1707-1, RHSA-2015:1708-1,
RHSA-2015:1712-1)
[04/09/2015] Red Hat
has released security update packages for fixing the vulnerabilities identified
in the bind, bind97, libXfont and chromium-browser packages for Red Hat
Enterprise Linux 5, 6 and 7. Due to multiple errors, an attacker could bypass
security restrictions, obtain sensitive information, gain elevated privileges,
execute arbitrary code, cause a denial of service condition and compromise the
system.
URL:rhn.redhat.com/errata/RHSA-2015-1705.html
URL:rhn.redhat.com/errata/RHSA-2015-1706.html
URL:rhn.redhat.com/errata/RHSA-2015-1707.html
URL:rhn.redhat.com/errata/RHSA-2015-1708.html
URL:rhn.redhat.com/errata/RHSA-2015-1712.html
13.
Security Updates in Slackware
(SSA:2015-245-01, SSA:2015-246-01)
[04/09/2015] Slackware
has released security update packages for fixing the vulnerabilities identified
in the bind and seamonkey packages for multiple versions of Slackware Linux. Due
to multiple errors, an attacker could bypass security restrictions, obtain
sensitive information, gain elevated privileges, execute arbitrary code, cause a
denial of service condition and compromise the
system.
URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.490056
URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.604342
14.
Security Updates in SUSE
(SUSE-SU-2015:1476-1, SUSE-SU-2015:1479-1, SUSE-SU-2015:1479-2,
SUSE-SU-2015:1478-1, SUSE-SU-2015:1480-1,
SUSE-SU-2015:1481-1)
[04/09/2015] SUSE has
released security update packages for fixing the vulnerabilities identified in
the MozillaFirefox, mozilla-nss, xen, Linux Kernel and bind packages of SUSE
Linux Enterprise 11 and 12. Due to multiple errors, an attacker could bypass
security restrictions, obtain sensitive information, gain elevated privileges,
execute arbitrary code, cause a denial of service condition and compromise the
system.
URL:lists.opensuse.org/opensuse-security-announce/2015-09/msg00001.html
URL:lists.opensuse.org/opensuse-security-announce/2015-09/msg00002.html
URL:lists.opensuse.org/opensuse-security-announce/2015-09/msg00003.html
URL:lists.opensuse.org/opensuse-security-announce/2015-09/msg00004.html
URL:lists.opensuse.org/opensuse-security-announce/2015-09/msg00005.html
URL:lists.opensuse.org/opensuse-security-announce/2015-09/msg00006.html
15.
Security Updates in Ubuntu GNU/Linux
(USN-2728-1, USN-2729-1, USN-2730-1, USN-2731-1, USN-2732-1, USN-2733-1,
USN-2734-1)
[04/09/2015] Ubuntu has
released security update packages for fixing the vulnerabilities identified in
the bind9, libvdpau, openslp-dfsg, linux, linux-ti-omap4 and linux-lts-trusty
packages for versions 12.04 LTS, 14.04 LTS and 15.04 of Ubuntu GNU/Linux. Due to
multiple errors, an attacker could bypass security restrictions, obtain
sensitive information, gain elevated privileges, execute arbitrary code, cause a
denial of service condition and compromise the
system.
URL:www.ubuntu.com/usn/usn-2728-1/
URL:www.ubuntu.com/usn/usn-2729-1/
URL:www.ubuntu.com/usn/usn-2730-1/
URL:www.ubuntu.com/usn/usn-2731-1/
URL:www.ubuntu.com/usn/usn-2732-1/
URL:www.ubuntu.com/usn/usn-2733-1/
URL:www.ubuntu.com/usn/usn-2734-1/
16.
Vulnerabilities in Cisco
Products
[02/09/2015]
Vulnerabilities were identified in the Cisco
TelePresence Video Communication Server Expressway and Cisco NX-OS. An attacker
could bypass security restrictions, gain elevated privileges, execute arbitrary
code, cause a denial of service condition and compromise the system. These
vulnerabilities affect multiple firmware versions of the mentioned products.
Security patches are available to resolve these
vulnerabilities.
URL:tools.cisco.com/security/center/viewAlert.x?alertId=40541
URL:tools.cisco.com/security/center/viewAlert.x?alertId=40748
URL:exchange.xforce.ibmcloud.com/vulnerabilities/105994
17.
Vulnerabilities in Google
Chrome
[02/09/2015]
Vulnerabilities were identified in the Google
Chrome. An attacker could bypass security restrictions, obtain sensitive
information, gain elevated privileges, execute arbitrary code, cause a denial of
service condition and compromise the system. These vulnerabilities affect
versions prior to 45.0.2454.85 of the mentioned products. Security patches are
available to resolve these
vulnerabilities.
URL:googlechromereleases.blogspot.hk/2015/09/stable-channel-update.html
URL:www.hkcert.org/my_url/en/alert/15090201
URL:www.us-cert.gov/ncas/current-activity/2015/09/01/Google-Releases-Security-Update-Chrome
URL:exchange.xforce.ibmcloud.com/vulnerabilities/105999
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106000
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106001
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106002
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106003
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106004
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106005
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106006
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106007
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106008
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106009
18.
Vulnerability in F5 Products
(SOL17201)
[02/09/2015]
Vulnerability was identified in the F5 BIG-IP
LTM, BIG-IP AAM, BIG-IP AFM, BIG-IP Analytics, BIG-IP APM, BIG-IP ASM, BIG-IP
Edge Gateway, BIG-IP GTM, BIG-IP Link Controller, BIG-IP PEM, BIG-IP PSM, BIG-IP
WebAccelerator, BIG-IP WOM, ARX, Enterprise Manager, BIG-IQ Cloud, BIG-IQ Device
and BIG-IQ Security. An attacker could bypass security restrictions, execute
arbitrary code on the system. This vulnerability affects multiple versions of
the mentioned products. Security patches are available to resolve this
vulnerability.
URL:support.f5.com/kb/en-us/solutions/public/17000/200/sol17201.html
19.
Vulnerability in Samsung SyncThruWeb
(105987)
[02/09/2015]
Vulnerability was identified in the Samsung
SyncThruWeb. An attacker could bypass security restrictions and obtain sensitive
information. This vulnerability affects version 2.01.00.26 of the mentioned
product.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/105987
20.
Vulnerabilities in PCMan FTP Server
(105975, 105990)
[02/09/2015] Vulnerabilities were identified in PCMan FTP Server. An
attacker could bypass security restrictions, execute arbitrary code, cause a
denial of service condition and crash the system. These vulnerabilities affect
version 2.0.7 of the mentioned
product.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/105975
URL:exchange.xforce.ibmcloud.com/vulnerabilities/105990
21.
Security Updates in Oracle Linux
(ELSA-2015-1699)
[02/09/2015] Oracle has
released security update packages for fixing the vulnerability identified in the
nss-softokn packages for Oracle Linux 6 and 7. An attacker could bypass security
restrictions, gain elevated privileges and execute arbitrary code on the
system.
URL:linux.oracle.com/errata/ELSA-2015-1699.html
22.
Security Updates in Red Hat Enterprise
Linux (RHSA-2015:1699-1, RHSA-2015:1700-1)
[02/09/2015] Red Hat
has released security update packages for fixing the vulnerabilities identified
in the nss-softokn and pcs packages for Red Hat Enterprise Linux 6 and 7. Due to
multiple errors, an attacker could bypass security restrictions, gain elevated
privileges and execute arbitrary code on the
system.
URL:rhn.redhat.com/errata/RHSA-2015-1699.html
URL:rhn.redhat.com/errata/RHSA-2015-1700.html
23.
Security Updates in Slackware
(SSA:2015-244-01)
[02/09/2015] Slackware
has released security update packages for fixing the vulnerability identified in
the gdk-pixbuf2 packages for multiple versions of Slackware Linux. An attacker
could bypass security restrictions and execute arbitrary code on the
system.
URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.435174
24.
Security Updates in SUSE
(SUSE-SU-2015:1472-1)
[02/09/2015] SUSE has
released security update packages for fixing the vulnerability identified in the
kvm package of SUSE Linux Enterprise 11. An attacker could bypass security
restrictions and execute arbitrary code on the
system.
URL:lists.opensuse.org/opensuse-security-announce/2015-09/msg00000.html
25.
Security Updates in Ubuntu GNU/Linux
(USN-2727-1)
[02/09/2015] Ubuntu has
released security update packages for fixing the vulnerabilities identified in
the gnutls28 packages for version 15.04 of Ubuntu GNU/Linux. Due to multiple
errors, an attacker could bypass security restrictions, execute arbitrary code,
cause a denial of service condition and crash the
system.
URL:www.ubuntu.com/usn/usn-2727-1/
26. Vulnerability in Cisco ASR 1000 Series Aggregation
Services Routers
[01/09/2015] Vulnerability was identified in the Cisco ASR 1000 Series
Aggregation Services Routers. An attacker could bypass security restrictions,
cause a denial of service condition and crash the system. This vulnerability
affects firmware version 15.5 Base, (3)S of the mentioned
product.
URL:tools.cisco.com/security/center/viewAlert.x?alertId=40708
27.
Vulnerabilities in Belkin N600 DB
Wireless Dual Band N+ router (VU#201168)
[01/09/2015] Vulnerabilities were identified in the Belkin N600 DB
Wireless Dual Band N+ router. An attacker could bypass security restrictions,
obtain sensitive information, gain elevated privileges, execute arbitrary code,
cause a denial of service condition and compromise the system. These
vulnerabilities affects multiple firmware versions of the mentioned
product.
URL:www.kb.cert.org/vuls/id/201168
URL:exchange.xforce.ibmcloud.com/vulnerabilities/105961
URL:exchange.xforce.ibmcloud.com/vulnerabilities/105962
URL:exchange.xforce.ibmcloud.com/vulnerabilities/105963
URL:exchange.xforce.ibmcloud.com/vulnerabilities/105964
28.
Vulnerabilities in Philippine Long
Distance Telephone SpeedSurf 504AN and Kasda KW58293
(VU#525276)
[01/09/2015] Vulnerabilities were identified in the Philippine Long
Distance Telephone SpeedSurf 504AN and Kasda KW58293. An attacker could bypass
security restrictions, obtain sensitive information, gain elevated privileges,
execute arbitrary code, cause a denial of service condition and compromise the
system. These vulnerabilities affects multiple firmware versions of the
mentioned
products.
URL:www.kb.cert.org/vuls/id/525276
29.
Vulnerabilities in Home routers
implementing the UPnP protocol (VU#361684)
[01/09/2015] Vulnerabilities were identified in multiple Home routers
implementing the UPnP protocol. An attacker could bypass security restrictions,
obtain sensitive information, gain elevated privileges, execute arbitrary code,
cause a denial of service condition and compromise the system. These
vulnerabilities affects multiple firmware versions of the mentioned
products.
URL:www.kb.cert.org/vuls/id/361684
30.
Security Updates in Oracle Linux
(ELSA-2015-1694, ELSA-2015-1695)
[01/09/2015] Oracle has
released security update packages for fixing the vulnerabilities identified in
the gdk-pixbuf2 and jakarta-taglibs-standard packages for Oracle Linux 6 and 7.
Due to multiple errors, an attacker could bypass security restrictions, gain
elevated privileges, execute arbitrary code, cause a denial of service condition
and crash the
system.
URL:linux.oracle.com/errata/ELSA-2015-1694.html
URL:linux.oracle.com/errata/ELSA-2015-1695.html
31.
Security Updates in Debian
(DSA-3346-1)
[01/09/2015] Debian has
released security update packages for fixing the vulnerabilities identified in
the drupal7 packages for multiple versions of Debian GNU/Linux. Due to multiple
errors, an attacker could bypass security restrictions, obtain sensitive
information, gain elevated privileges, execute arbitrary code and compromise the
system.
URL:www.debian.org/security/2015/dsa-3346
32.
Security Updates in Mageia
(MGASA-2015-0331, MGASA-2015-0332, MGASA-2015-0333,
MGASA-2015-0334)
[01/09/2015] Mageia has
released security update packages for fixing the vulnerabilities identified in
the firefox, firefox-l10n, nspr, nss, glusterfs, audit and glusterfs packages
for multiple versions of Mageia. Due to multiple errors, an attacker could
bypass security restrictions, obtain sensitive information, gain elevated
privileges, execute arbitrary code, cause a denial of service condition and
compromise the
system.
URL:advisories.mageia.org/MGASA-2015-0331.html
URL:advisories.mageia.org/MGASA-2015-0332.html
URL:advisories.mageia.org/MGASA-2015-0333.html
URL:advisories.mageia.org/MGASA-2015-0334.html
33.
Security Updates in Red Hat Enterprise
Linux (RHSA-2015:1694-1, RHSA-2015:1695-1)
[01/09/2015] Red Hat
has released security update packages for fixing the vulnerabilities identified
in the gdk-pixbuf2 and akarta-taglibs-standard packages for Red Hat Enterprise
Linux 6 and 7. Due to multiple errors, an attacker could bypass security
restrictions, gain elevated privileges, execute arbitrary code, cause a denial
of service condition and crash the
system.
URL:rhn.redhat.com/errata/RHSA-2015-1694.html
URL:rhn.redhat.com/errata/RHSA-2015-1695.html
34.
Security Updates in SUSE
(SUSE-SU-2015:1455-1)
[01/09/2015] SUSE has
released security update packages for fixing the vulnerability identified in the
kvm package of SUSE Linux Enterprise 11. An attacker could bypass security
restrictions and execute arbitrary code on the
system.
URL:lists.opensuse.org/opensuse-security-announce/2015-08/msg00022.html
35.
Security Updates in Ubuntu GNU/Linux
(USN-2726-1)
[01/09/2015] Ubuntu has
released security update packages for fixing the vulnerability identified in the
expat packages for versions 12.04 LTS, 14.04 LTS and 15.04 of Ubuntu GNU/Linux.
Due to multiple errors, an attacker could bypass security restrictions, execute
arbitrary code, cause a denial of service condition and crash the
system.
URL:www.ubuntu.com/usn/usn-2726-1/
36. Vulnerabilities in Novell NetIQ Access Manager
(5219890)
[31/08/2015]
Vulnerabilities were identified in the Novell
NetIQ Access Manager. An attacker could bypass security restrictions, obtain
sensitive information, gain elevated privileges, execute arbitrary code, cause a
denial of service condition and crash the system. These vulnerabilities affects
versions 4.1 and 4.1.1 of the mentioned product. Security patches are available
to resolve these
vulnerabilities.
URL:download.novell.com/Download?buildid=ceIVdhBEV2o~
37.
Vulnerabilities in F5 Products (SOL17173,
SOL17189)
[31/08/2015]
Vulnerabilities were identified in the F5 BIG-IP
LTM, BIG-IP AAM, BIG-IP AFM, BIG-IP Analytics, BIG-IP APM, BIG-IP ASM, BIG-IP
Edge Gateway, BIG-IP GTM, BIG-IP Link Controller, BIG-IP PEM, BIG-IP PSM, BIG-IP
WebAccelerator, BIG-IP WOM, ARX, Enterprise Manager, BIG-IQ Cloud, BIG-IQ
Device, BIG-IQ Security and BIG-IQ ADC. An attacker could bypass security
restrictions, obtain sensitive information, gain elevated privileges, execute
arbitrary code, cause a denial of service condition and crash the system. These
vulnerabilities affect multiple versions of the mentioned products. Security
patches are available to resolve these
vulnerabilities.
URL:support.f5.com/kb/en-us/solutions/public/17000/100/sol17173.html
URL:support.f5.com/kb/en-us/solutions/public/17000/100/sol17189.html
38.
Security Updates in Debian
(DSA-3345-1)
[31/08/2015] Debian has
released security update packages for fixing the vulnerabilities identified in
the iceweasel packages for multiple versions of Debian GNU/Linux. Due to
multiple errors, an attacker could bypass security restrictions, obtain
sensitive information, gain elevated privileges, execute arbitrary code, cause a
denial of service condition and crash the
system.
URL:www.debian.org/security/2015/dsa-3345
39.
Security Updates in Slackware
(SSA:2015-241-01)
[31/08/2015] Slackware
has released security update packages for fixing the vulnerability identified in
the mozilla-firefox package for multiple versions of Slackware Linux. Due to
multiple errors, an attacker could bypass security restrictions, obtain
sensitive information, gain elevated privileges, execute arbitrary code, cause a
denial of service condition and compromise the
system.
URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.356225
40.
Security Updates in SUSE
(SUSE-SU-2015:1449-1)
[31/08/2015] SUSE has
released security update packages for fixing the vulnerabilities identified in
the MozillaFirefox and mozilla-nss package of SUSE Linux Enterprise 11. Due to
multiple errors, an attacker could bypass security restrictions, obtain
sensitive information, gain elevated privileges, execute arbitrary code, cause a
denial of service condition and compromise the
system.
URL:lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html
Source(s)
of above information:
No comments:
Post a Comment