Sunday, October 25, 2015
IT Security Alerts Weekly Digest (18 Oct ~ 24 Oct 2015)
1. Vulnerabilities IBM Domino (1969050)
[23/10/2015] Vulnerabilities were identified in the IBM Domino. An attacker could bypass security restrictions, execute arbitrary code, cause a denial of service condition and crash the system. These vulnerabilities affect multiple versions of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:www.ibm.com/support/docview.wss?uid=swg21969050
2. Vulnerability Juniper MX Series router (JSA10485)
[23/10/2015] Vulnerability was identified in the Juniper MX Series router. An attacker could bypass security restrictions, execute arbitrary code, cause a denial of service condition and crash the system. This vulnerability affects multiple Junos versions of the mentioned product. Security patches are available to resolve this vulnerability.
URL:kb.juniper.net/index?page=content&id=JSA10485
3. Vulnerability in 3S CODESYS Gateway (ICSA-15-293-03)
[23/10/2015] Vulnerability was identified in the 3S CODESYS Gateway. An attacker could bypass security restrictions, cause a denial of service condition and crash the system. This vulnerability affect firmware versions prior to 2.3.9.48 of the mentioned product. Security patches are available to resolve this vulnerability.
URL:ics-cert.us-cert.gov/advisories/ICSA-15-293-03
4. Vulnerabilities in IniNet Solutions Products (ICSA-15-293-01, ICSA-15-293-02)
[23/10/2015] Vulnerabilities were identified in the IniNet Solutions embeddedWebServer (eWebServer) and SCADA Web Server. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the system. These vulnerabilities affect versions prior to 2.02 of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:ics-cert.us-cert.gov/advisories/ICSA-15-293-01
URL:ics-cert.us-cert.gov/advisories/ICSA-15-293-02
5. Vulnerabilities in Janitza UMG Power Quality Measuring Products (ICSA-15-265-03)
[23/10/2015] Vulnerabilities were identified in the Janitza UMG Power Quality Measuring Products. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system. These vulnerabilities affect multiple firmware versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:ics-cert.us-cert.gov/advisories/ICSA-15-265-03
6. Vulnerabilities in Linux Kernel (107416, 107417)
[23/10/2015] Vulnerabilities were identified in the Linux Kernel. An attacker could bypass security restrictions and obtain sensitive information. These vulnerabilities affect multiple versions of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107416
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107417
7. Vulnerabilities in Network Time Protocol Daemon
[23/10/2015] Vulnerabilities were identified in the Network Time Protocol Daemon (NTP). An attacker could bypass security restrictions, execute arbitrary code, cause a denial of service condition and crash the system. These vulnerabilities affect versions prior to 4.2.8p4 of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities
URL:www.us-cert.gov/ncas/current-activity/2015/10/21/Vulnerabilities-Identified-Network-Time-Protocol-Daemon-ntpd
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107436
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107437
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107438
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107439
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107440
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107441
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107442
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107443
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107444
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107445
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107445
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107447
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107447
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107449
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107450
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107451
8. Security Updates in Oracle Linux and Oracle Solaris (ELSA-2015-1917, ELSA-2015-1919, ELSA-2015-1920, ELSA-2015-1921, ELSA-2015-1924, ELSA-2015-1925)
[23/10/2015] Oracle has released security update packages for fixing the vulnerabilities identified in the libwmf, java-1.8.0-openjdk, java-1.7.0-openjdk and qemu-kvm packages for Oracle Linux 5, 6 and 7, SSH, Apache HTTP server and Apache Tomcat packages for Oracle Solaris 10 and 11.2. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:linux.oracle.com/errata/ELSA-2015-1917.html
URL:linux.oracle.com/errata/ELSA-2015-1919.html
URL:linux.oracle.com/errata/ELSA-2015-1920.html
URL:linux.oracle.com/errata/ELSA-2015-1921.html
URL:linux.oracle.com/errata/ELSA-2015-1924.html
URL:linux.oracle.com/errata/ELSA-2015-1925.html
URL:www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
URL:www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
9. Security Updates in Red Hat Enterprise Linux (RHSA-2015:1923-1, RHSA-2015:1924-1, RHSA-2015:1925-1, RHSA-2015:1926-1, RHSA-2015:1927-1, RHSA-2015:1928-1)
[23/10/2015] Red Hat has released security update packages for fixing the vulnerabilities identified in the qemu-kvm-rhev, qemu-kvm, kvm, java-1.8.0-oracle, java-1.7.0-oracle and java-1.6.0-sun packages for Red Hat Enterprise Virtualization 3, Red Hat Enterprise Linux 5, 6 and 7. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:rhn.redhat.com/errata/RHSA-2015-1923.html
URL:rhn.redhat.com/errata/RHSA-2015-1924.html
URL:rhn.redhat.com/errata/RHSA-2015-1925.html
URL:rhn.redhat.com/errata/RHSA-2015-1926.html
URL:rhn.redhat.com/errata/RHSA-2015-1927.html
URL:rhn.redhat.com/errata/RHSA-2015-1928.html
10. Security Updates in Ubuntu GNU/Linux (USN-2770-2)
[23/10/2015] Ubuntu has released security update packages for fixing the vulnerabilities identified in the oxide-qt packages for versions 15.10 of Ubuntu GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:www.ubuntu.com/usn/usn-2770-2/
11. Security Updates in Oracle Products
[22/10/2015] Oracle has released security update packages for fixing the vulnerabilities identified in the Oracle Database Server, Mobile/Lite Server, Oracle Fusion Applications and Middleware, Oracle Enterprise Manager, Oracle E-Business Suite, Oracle Supply Chain Products Suite, Oracle PeopleSoft Products, Oracle Siebel, Oracle Industry Applications, Oracle Communications Applications, Oracle Retail Applications, Oracle Health Sciences Applications, Oracle Java SE, Oracle and Sun Systems Products, Pillar Axiom, Oracle Linux and Virtualization, Oracle MySQL and Support Tools. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system. Security patches are available to resolve these vulnerabilities.
URL:www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
URL:blogs.oracle.com/sunsecurity/entry/cve_2014_7185_integer_overflow
URL:www.hkcert.org/my_url/en/alert/15102201
URL:www.us-cert.gov/ncas/current-activity/2015/10/20/Oracle-Releases-Security-Bulletin
12. Vulnerabilities in Apple Products (HT205317, HT205370, HT205372, HT205375, HT205376, HT205377, HT205378, HT205379)
[22/10/2015] Vulnerabilities were identified in the Apple Mac EFI, iOS, iTunes, OS X El Capitan, OS X Server, Safari, watchOS and Xcode. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:support.apple.com/en-hk/HT205317
URL:support.apple.com/en-hk/HT205370
URL:support.apple.com/en-hk/HT205372
URL:support.apple.com/en-hk/HT205375
URL:support.apple.com/en-hk/HT205376
URL:support.apple.com/en-hk/HT205377
URL:support.apple.com/en-hk/HT205378
URL:support.apple.com/en-hk/HT205379
URL:www.hkcert.org/my_url/en/alert/15102202
URL:www.us-cert.gov/ncas/current-activity/2015/10/21/Apple-Releases-Multiple-Security-Updates
13. Vulnerabilities in Cisco Products (cisco-sa-20151021-asa-dhcp1, cisco-sa-20151021-asa-dns1, cisco-sa-20151021-asa-dns2, cisco-sa-20151021-asa-ike, cisco-sa-20151021-ntp)
[22/10/2015] Vulnerabilities were identified in multiple Cisco products. An attacker could bypass security restrictions, gain elevated privileges, cause a denial of service condition and crash the system. These vulnerabilities affect multiple firmware versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151021-asa-dhcp1
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151021-asa-dns1
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151021-asa-dns2
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151021-asa-ike
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151021-ntp
URL:www.us-cert.gov/ncas/current-activity/2015/10/21/Cisco-Releases-Security-Updates
14. Vulnerabilities HP Products (VU#840844, VU#966927)
[22/10/2015] Vulnerabilities were identified in the HP Photosmart B210 printer, HP Client Autiomation and Radia Client Automation. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code on the system. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities identified in HP Client Autiomation and Radia Client Automation.
URL:www.kb.cert.org/vuls/id/840844
URL:www.kb.cert.org/vuls/id/966927
15. Vulnerabilities IBM HTTP Server (1969062)
[22/10/2015] Vulnerabilities were identified in the IBM HTTP Server bundled with IBM Domino. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the system. These vulnerabilities affect version 8.5.5.5 of IBM HTTP Server bundled in versions 9.0.0x and 9.0.1x of IBM Domino. Security patches are available to resolve these vulnerabilities.
URL:www.ibm.com/support/docview.wss?uid=swg21969062
16. Vulnerabilities in Virtual Machine Monitors (VU#935424)
[22/10/2015] Vulnerabilities were identified in the Virtual Machine Monitors. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges and execute arbitrary code. These vulnerabilities affect multiple versions of the mentioned products.
URL:www.kb.cert.org/vuls/id/935424
17. Vulnerabilities in Medicomp MEDCIN Engine (VU#675052)
[22/10/2015] Vulnerabilities were identified in the Medicomp MEDCIN Engine. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the system. These vulnerabilities affect versions prior to 2.22.20153.226 of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:www.kb.cert.org/vuls/id/675052
18. Vulnerabilities in Huawei products (Huawei-SA-20151021-01-USG, Huawei-SA-20151021-01-Routers)
[22/10/2015] Vulnerabilities were identified in multiple Huawei products. An attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and crash the system. These vulnerabilities affect multiple firmware versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:www.huawei.com/en/security/psirt/security-bulletins/security-advisories/archive/hw-457916.htm
URL:www.huawei.com/en/security/psirt/security-bulletins/security-advisories/archive/hw-457933.htm
19. Security Updates in Debian (DSA-3375-1, DSA-3376-1)
[22/10/2015] Debian has released security update packages for fixing the vulnerabilities identified in the wordpress and chromium-browser packages for multiple versions of Debian GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:www.debian.org/security/2015/dsa-3375
URL:www.debian.org/security/2015/dsa-3376
20. Security Updates in SUSE (SUSE-SU-2015:1782-1, SUSE-SU-2015:1785-1)
[22/10/2015] SUSE has released security update packages for fixing the vulnerabilities identified in the qemu and librsvg packages of SUSE Linux Enterprise 11 and 12. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:lists.opensuse.org/opensuse-security-announce/2015-10/msg00019.html
URL:lists.opensuse.org/opensuse-security-announce/2015-10/msg00020.html
21. Security Updates in Red Hat Enterprise Linux (RHSA-2015:1917-1, RHSA-2015:1918-1, RHSA-2015:1919-1, RHSA-2015:1920-1, RHSA-2015:1921-1)
[22/10/2015] Red Hat has released security update packages for fixing the vulnerabilities identified in the libwmf, swiftonfile, java-1.8.0-openjdk and java-1.7.0-openjdk packages for Red Hat Enterprise Linux 5, 6 and 7, and Red Hat Gluster Storage 3.1 for Red Hat Enterprise Linux 6 and 7. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:rhn.redhat.com/errata/RHSA-2015-1917.html
URL:rhn.redhat.com/errata/RHSA-2015-1918.html
URL:rhn.redhat.com/errata/RHSA-2015-1919.html
URL:rhn.redhat.com/errata/RHSA-2015-1920.html
URL:rhn.redhat.com/errata/RHSA-2015-1921.html
22. Security Updates in Ubuntu GNU/Linux (USN-2770-1, USN-2773-1, USN-2774-1, USN-2775-1, USN-2776-1, USN-2777-1, USN-2778-1, USN-2779-1, USN-2780-1)
[22/10/2015] Ubuntu has released security update packages for fixing the vulnerabilities identified in the oxide-qt, linux, linux-ti-omap4, linux-lts-trusty, linux-lts-utopic, linux-lts-vivid and miniupnpc packages for versions 12.04 LTS, 14.04 LTS and 15.04 of Ubuntu GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:www.ubuntu.com/usn/usn-2770-1/
URL:www.ubuntu.com/usn/usn-2773-1/
URL:www.ubuntu.com/usn/usn-2774-1/
URL:www.ubuntu.com/usn/usn-2775-1/
URL:www.ubuntu.com/usn/usn-2776-1/
URL:www.ubuntu.com/usn/usn-2777-1/
URL:www.ubuntu.com/usn/usn-2778-1/
URL:www.ubuntu.com/usn/usn-2779-1/
URL:www.ubuntu.com/usn/usn-2780-1/
23. Information Updates on Microsoft Security Advisory (2755801)
[20/10/2015] Microsoft has updated information on the Security Advisory for Adobe Flash Player in Internet Explorer on all supported editions of Windows. KB2755801 added the 3105216 update to the Current Update section.
URL:technet.microsoft.com/library/security/2755801.aspx
24. Vulnerabilities in Cisco Products (cisco-sa-20151016-asrcdma, cisco-sa-20151016-fmc)
[20/10/2015] Vulnerabilities were identified in the Cisco ASR 5000 CDMA PMIpv6 and Cisco FireSIGHT Management Center Policy Code for VMware. An attacker could bypass security restrictions, gain elevated privileges, cause a denial of service condition and crash the system. These vulnerabilities affect multiple firmware versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151016-asrcdma
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151016-fmc
25. Vulnerabilities in HP ArcSight Logger (VU#842252)
[20/10/2015] Vulnerabilities were identified in the HP ArcSight Logger. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system. These vulnerabilities affect versions prior to v6.0 P2 of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:www.kb.cert.org/vuls/id/842252
26. Vulnerabilities in F5 Products (SOL17458, SOL17460, SOL17462)
[20/10/2015] Vulnerabilities were identified in the F5 BIG-IP LTM, BIG-IP AAM, BIG-IP AFM, BIG-IP Analytics, BIG-IP APM, BIG-IP ASM, BIG-IP DNS, BIG-IP Edge Gateway, BIG-IP GTM, BIG-IP Link Controller, BIG-IP PEM, BIG-IP PSM, BIG-IP WebAccelerator, BIG-IP WOM, ARX, Enterprise Manager, BIG-IQ Cloud, BIG-IQ Device, BIG-IQ Security and BIG-IQ ADC. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the system. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:support.f5.com/kb/en-us/solutions/public/17000/400/sol17458.html
URL:support.f5.com/kb/en-us/solutions/public/17000/400/sol17460.html
URL:support.f5.com/kb/en-us/solutions/public/17000/400/sol17462.html
27. Security Updates in Debian (DSA-3374-1)
[20/10/2015] Debian has released security update packages for fixing the vulnerabilities identified in the postgresql-9.4 packages for multiple versions of Debian GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and crash the system.
URL:www.debian.org/security/2015/dsa-3374
28. Security Updates in SUSE (openSUSE-SU-2015:1781-1)
[20/10/2015] SUSE has released security update packages for fixing the vulnerabilities identified in the flash-player packages of openSUSE Evergreen 11.4. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:lists.opensuse.org/opensuse-security-announce/2015-10/msg00018.html
29. Vulnerabilities in Adobe Flash Player (APSB15-27)
[19/10/2015] Vulnerabilities were identified in the Adobe Flash Player. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system. These vulnerabilities affect multiple versions of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:helpx.adobe.com/security/products/flash-player/apsb15-27.html
URL:www.us-cert.gov/ncas/current-activity/2015/10/16/Adobe-Releases-Security-Updates-Flash-Player
30. Vulnerability in Cisco Wireless LAN Controller (cisco-sa-20151016-wlc)
[19/10/2015] Vulnerability was identified in the Cisco Wireless LAN Controller. An attacker could bypass security restrictions and cause a denial of service condition. This vulnerability affects firmware version 8.0(120) of the mentioned product. Security patches are available to resolve this vulnerability.
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151016-wlc
31. Vulnerabilities in F5 Products (SOL17443, SOL17444, SOL17447, SOL17448)
[19/10/2015] Vulnerabilities were identified in the F5 BIG-IP LTM, BIG-IP AAM, BIG-IP AFM, BIG-IP Analytics, BIG-IP APM, BIG-IP ASM, BIG-IP DNS, BIG-IP Edge Gateway, BIG-IP GTM, BIG-IP Link Controller, BIG-IP PEM, BIG-IP PSM, BIG-IP WebAccelerator, BIG-IP WOM, ARX, Enterprise Manager, BIG-IQ Cloud, BIG-IQ Device, BIG-IQ Security and BIG-IQ ADC. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the system. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:support.f5.com/kb/en-us/solutions/public/17000/400/sol17443.html
URL:support.f5.com/kb/en-us/solutions/public/17000/400/sol17444.html
URL:support.f5.com/kb/en-us/solutions/public/17000/400/sol17447.html
URL:support.f5.com/kb/en-us/solutions/public/17000/400/sol17448.html
32. Vulnerabilities in Long Term Evolution (LTE) Mobile Networks (VU#943167)
[19/10/2015] Vulnerabilities were identified in the Long Term Evolution (LTE) mobile networks. An attacker could bypass security restrictions, obtain sensitive information, silently place phone calls without the user's knowledge. These vulnerabilities affects ALL Android versions of the mentioned products.
URL:www.kb.cert.org/vuls/id/943167
33. Vulnerability in Twilio module for Drupal (DRUPAL-SA-CONTRIB-2015-157)
[19/10/2015] Vulnerability was identified in the Twilio module for Drupal. An attacker could bypass security restrictions. This vulnerability affects versions prior to 7.x-1.11 of the mentioned product. Security patches are available to resolve this vulnerability.
URL:www.drupal.org/node/2592901
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107180
34. Security Updates in Oracle Linux (ELSA-2015-3087)
[19/10/2015] Oracle has released security update packages for fixing the vulnerability identified in the lxc packages for Oracle Linux 6 and 7. An attacker could bypass security restrictions and cause a denial of service condition.
URL:linux.oracle.com/errata/ELSA-2015-3087.html
35. Security Updates in Debian (DSA-3373-1)
[19/10/2015] Debian has released security update packages for fixing the vulnerabilities identified in the ownCloud packages for multiple versions of Debian GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the system.
URL:www.debian.org/security/2015/dsa-3373
36. Security Updates in Gentoo Linux (GLSA 201510-01)
[19/10/2015] Gentoo has released security update packages for fixing the vulnerabilities identified in the BIND packages for multiple versions of Gentoo Linux. Due to multiple errors, an attacker could bypass security restrictions, execute arbitrary code, cause a denial of service condition and crash the system.
URL:security.gentoo.org/glsa/201510-01
37. Security Updates in Mageia (MGASA-2015-0401, MGASA-2015-0402, MGASA-2015-0403, MGASA-2015-0404)
[19/10/2015] Mageia has released security update packages for fixing the vulnerabilities identified in the cyrus-imapd, 389-ds-base, wireshark and flash-player-plugin packages for multiple versions of Mageia. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:advisories.mageia.org/MGASA-2015-0401.html
URL:advisories.mageia.org/MGASA-2015-0402.html
URL:advisories.mageia.org/MGASA-2015-0403.html
URL:advisories.mageia.org/MGASA-2015-0404.html
38. Security Updates in Red Hat Enterprise Linux (RHSA-2015:1913-1)
[19/10/2015] Red Hat has released security update packages for fixing the vulnerabilities identified in the Adobe Flash Player packages for Red Hat Enterprise Linux 6. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:rhn.redhat.com/errata/RHSA-2015-1913.html
39. Security Updates in SUSE (openSUSE-SU-2015:1768-1, SUSE-SU-2015:1770-1, SUSE-SU-2015:1771-1)
[19/10/2015] SUSE has released security update packages for fixing the vulnerabilities identified in the flash-player packages of openSUSE 13.1 and 13.2, SUSE Linux Enterprise 11 and 12. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:lists.opensuse.org/opensuse-security-announce/2015-10/msg00015.html
URL:lists.opensuse.org/opensuse-security-announce/2015-10/msg00016.html
URL:lists.opensuse.org/opensuse-security-announce/2015-10/msg00017.html
40. Security Updates in Ubuntu GNU/Linux (USN-2768-1, USN-2772-1)
[19/10/2015] Ubuntu has released security update packages for fixing the vulnerabilities identified in the firefox, postgresql-9.1, postgresql-9.3 and postgresql-9.4 packages for versions 12.04 LTS, 14.04 LTS and 15.04 of Ubuntu GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the system.
URL:www.ubuntu.com/usn/usn-2768-1/
URL:www.ubuntu.com/usn/usn-2772-1/
Sunday, October 18, 2015
IT Security Alerts Weekly Digest (11 Oct ~ 17 Oct 2015)
Security Alerts
1. Information Updates on Microsoft Security Bulletin (3096441)
[16/10/2015] Microsoft has updated information on the Security Bulletin for Microsoft Internet Explorer. MS15-106 was revised to correct the security impact and severity for CVE-2015-6046.
URL:technet.microsoft.com/en-us/library/security/MS15-106
2. Vulnerabilities in Apple Products (HT205373)
[16/10/2015] Vulnerabilities were identified in the Apple Keynote, Pages, Numbers and iWork. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:support.apple.com/en-hk/HT205373
3. Vulnerability in Mozilla Firefox (MFSA 2015-115)
[16/10/2015] Vulnerability was identified in the Mozilla Firefox. An attacker could bypass security restrictions and obtain sensitive information. This vulnerability affects versions prior to 41.0.2 of the mentioned product. Security patches are available to resolve this vulnerability.
URL:www.mozilla.org/en-US/security/advisories/mfsa2015-115/
URL:www.hkcert.org/my_url/en/alert/15101601
URL:www.us-cert.gov/ncas/current-activity/2015/10/15/Mozilla-Releases-Security-Update-Firefox
4. Vulnerability in F5 Products (SOL17386)
[16/10/2015] Vulnerability was identified in the F5 BIG-IP LTM, BIG-IP AAM, BIG-IP AFM, BIG-IP Analytics, BIG-IP APM, BIG-IP ASM, BIG-IP Edge Gateway, BIG-IP GTM, BIG-IP Link Controller, BIG-IP PEM, BIG-IP PSM, BIG-IP WebAccelerator and BIG-IP WOM. An attacker could bypass security restrictions, cause a denial of service condition and crash the system. This vulnerability affects multiple versions of the mentioned products. Security patches are available to resolve this vulnerability.
URL:support.f5.com/kb/en-us/solutions/public/17000/300/sol17386.html
5. Vulnerability in 3S CODESYS Runtime Toolkit (ICSA-15-288-01)
[16/10/2015] Vulnerability was identified in the 3S CODESYS Runtime Toolkit. An attacker could bypass security restrictions, cause a denial of service condition and crash the system. This vulnerability affects versions prior to 2.4.7.48 of the mentioned product. Security patches are available to resolve this vulnerability.+
URL:ics-cert.us-cert.gov/advisories/ICSA-15-288-01
6. Security Updates in Red Hat Enterprise Linux (RHSA-2015:1893-1, RHSA-2015:1894-1, RHSA-2015:1895-1, RHSA-2015:1896-1, RHSA-2015:1897-1)
[16/10/2015] Red Hat has released security update packages for fixing the vulnerabilities identified in the Adobe Flash Player, python-django, openstack-swift, qemu-kvm-rhev and openstack-glance packages for Red Hat Enterprise Linux 5, 6 and 7. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:rhn.redhat.com/errata/RHSA-2015-1893.html
URL:rhn.redhat.com/errata/RHSA-2015-1894.html
URL:rhn.redhat.com/errata/RHSA-2015-1895.html
URL:rhn.redhat.com/errata/RHSA-2015-1896.html
URL:rhn.redhat.com/errata/RHSA-2015-1897.html
7. Security Updates in SUSE (SUSE-SU-2015:1757-1)
[16/10/2015] SUSE has released security update packages for fixing the vulnerabilities identified in the docker packages of SUSE Linux Enterprise 12. Due to multiple errors, an attacker could bypass security restrictions, execute arbitrary code, cause a denial of service condition and crash the system.
URL:lists.opensuse.org/opensuse-security-announce/2015-10/msg00014.html
8. Security Updates in Ubuntu GNU/Linux (USN-2771-1)
[16/10/2015] Ubuntu has released security update packages for fixing the vulnerability identified in the click packages for versions 14.04 LTS and 15.04 of Ubuntu GNU/Linux. An attacker could bypass security restrictions and gain elevated privileges.
URL:www.ubuntu.com/usn/usn-2771-1/
9. Vulnerability in Adobe Flash Player (APSA15-05)
[15/10/2015] Vulnerability was identified in the Adobe Flash Player. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system. These vulnerabilities affect multiple versions of the mentioned products.
URL:helpx.adobe.com/security/products/flash-player/apsa15-05.html
10. Vulnerabilities in Juniper Products (JSA10695, JSA10699, JSA10700, JSA10701, JSA10702, JSA10703, JSA10704, JSA10705, JSA10706, JSA10707, JSA10708)
[15/10/2015] Vulnerabilities were identified in multiple Juniper products. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:kb.juniper.net/index?page=content&id=JSA10695
URL:kb.juniper.net/index?page=content&id=JSA10699
URL:kb.juniper.net/index?page=content&id=JSA10700
URL:kb.juniper.net/index?page=content&id=JSA10701
URL:kb.juniper.net/index?page=content&id=JSA10702
URL:kb.juniper.net/index?page=content&id=JSA10703
URL:kb.juniper.net/index?page=content&id=JSA10704
URL:kb.juniper.net/index?page=content&id=JSA10705
URL:kb.juniper.net/index?page=content&id=JSA10706
URL:kb.juniper.net/index?page=content&id=JSA10707
URL:kb.juniper.net/index?page=content&id=JSA10708
11. Vulnerability in HP Smart Profile Server (c04845334)
[15/10/2015] Vulnerability was identified in the HP Smart Profile Server. An attacker could bypass security restrictions, execute arbitrary code and perform cross-site scripting attacks. This vulnerability affects versions prior to 2.3.5 of the mentioned product. Security patches are available to resolve this vulnerability.
URL:h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04845334
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107094
12. Vulnerability in Nordex NC2 (ICSA-15-286-01)
[15/10/2015] Vulnerability was identified in the Nordex NC2. An attacker could bypass security restrictions, execute arbitrary code and perform cross-site scripting attacks. This vulnerability affects firmware versions V16 and prior of the mentioned product. Security patches are available to resolve this vulnerability.
URL:ics-cert.us-cert.gov/advisories/ICSA-15-286-01
13. Security Updates in Oracle Linux (ELSA-2015-3085)
[15/10/2015] Oracle has released security update packages for fixing the vulnerabilities identified in the docker-engine packages for Oracle Linux 6 and 7. Due to multiple errors, an attacker could bypass security restrictions, execute arbitrary code, cause a denial of service condition and crash the system.
URL:linux.oracle.com/errata/ELSA-2015-3085.html
14. Security Updates in Mageia (MGASA-2015-0396, MGASA-2015-0397, MGASA-2015-0398, MGASA-2015-0399, MGASA-2015-0400)
[15/10/2015] Mageia has released security update packages for fixing the vulnerabilities identified in the git, qemu, openjpeg2, flash-player-plugin and roundcubemail packages for multiple versions of Mageia. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:advisories.mageia.org/MGASA-2015-0396.html
URL:advisories.mageia.org/MGASA-2015-0397.html
URL:advisories.mageia.org/MGASA-2015-0398.html
URL:advisories.mageia.org/MGASA-2015-0399.html
URL:advisories.mageia.org/MGASA-2015-0400.html
15. Security Updates in SUSE (openSUSE-SU-2015:1734-1, SUSE-SU-2015:1740-1, SUSE-SU-2015:1742-1, openSUSE-SU-2015:1744-1)
[15/10/2015] SUSE has released security update packages for fixing the vulnerabilities identified in the polkit and flash-player packages of openSUSE 13.1 and 13.2, SUSE Linux Enterprise 11 and 12. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:lists.opensuse.org/opensuse-security-announce/2015-10/msg00010.html
URL:lists.opensuse.org/opensuse-security-announce/2015-10/msg00011.html
URL:lists.opensuse.org/opensuse-security-announce/2015-10/msg00012.html
URL:lists.opensuse.org/opensuse-security-announce/2015-10/msg00013.html
16. Security Updates in Ubuntu GNU/Linux (USN-2709-2, USN-2769-1)
[15/10/2015] Ubuntu has released security update packages for fixing the vulnerabilities identified in the pollinate and commons-httpclient packages for versions 12.04 LTS, 14.04 LTS and 15.04 of Ubuntu GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and crash the system.
URL:www.ubuntu.com/usn/usn-2709-2/
URL:www.ubuntu.com/usn/usn-2769-1/
17. Vulnerabilities in Microsoft Products (3089659, 3096440, 3096441, 3096443, 3096447, 3096448)
[14/10/2015] Vulnerabilities were identified in the Microsoft Internet Explorer, Edge, Windows and Office. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:technet.microsoft.com/en-us/library/security/ms15-oct.aspx
URL:technet.microsoft.com/library/security/MS15-106
URL:technet.microsoft.com/library/security/MS15-107
URL:technet.microsoft.com/library/security/MS15-108
URL:technet.microsoft.com/library/security/MS15-109
URL:technet.microsoft.com/library/security/MS15-110
URL:technet.microsoft.com/library/security/MS15-111
URL:www.hkcert.org/my_url/en/alert/15101401
URL:www.hkcert.org/my_url/en/alert/15101402
URL:www.hkcert.org/my_url/en/alert/15101403
URL:www.hkcert.org/my_url/en/alert/15101404
URL:www.hkcert.org/my_url/en/alert/15101405
URL:www.hkcert.org/my_url/en/alert/15101406
URL:www.us-cert.gov/ncas/current-activity/2015/10/13/Microsoft-Releases-October-2015-Security-Bulletin
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106737
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106739
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106740
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106741
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106742
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106744
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106745
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106746
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106747
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106749
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106751
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106753
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106755
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106756
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106757
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106758
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106759
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106760
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106761
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106762
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106763
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106765
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106766
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106768
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106769
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106770
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106771
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106772
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106774
18. Information Updates on Microsoft Security Advisories (2960358, 3042058, 3097966)
[14/10/2015] Microsoft has updated information on the Security Advisories for Microsoft .NET Framework and Microsoft Windows. (a) KB2960358 was revised to broaden the affected software list to include Windows 10 systems that are running .NET Framework 3.5 applications and systems with .NET Framework 4.6 installed that are running .NET Framework 4.5/4.5.1/4.5.2 applications, and to provide customers running these configurations with steps for manually disabling RC4 in TLS. (b) KB3042058 was revised to announce that the Default Cipher Suite Prioritization update (3042058), originally released May 12, 2015 via the Microsoft Download Center (DLC) only, is now also available via Microsoft Update (MU) and Windows Server Update Services (WSUS). (c) KB3097966 was revised to notify customers that an update is available that modifies the Code Integrity component in Windows to extend trust removal for the four digital certificates addressed by this advisory to also preclude kernel-mode code signing.
URL:technet.microsoft.com/en-us/library/security/2960358.aspx
URL:technet.microsoft.com/en-us/library/security/3042058.aspx
URL:technet.microsoft.com/en-us/library/security/3097966.aspx
19. Vulnerabilities in Adobe Products (APSB15-24, APSB15-25)
[14/10/2015] Vulnerabilities were identified in the Adobe Acrobat and Reader, and Adobe Flash Player. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:helpx.adobe.com/security/products/acrobat/apsb15-24.html
URL:helpx.adobe.com/security/products/flash-player/apsb15-25.html
URL:technet.microsoft.com/en-us/library/security/2755801.aspx
URL:www.hkcert.org/my_url/en/alert/15101407
URL:www.hkcert.org/my_url/en/alert/15101408
URL:www.us-cert.gov/ncas/current-activity/2015/10/13/Adobe-Releases-Security-Updates-Reader-and-Acrobat
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107068
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107070
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107071
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107072
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107073
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107074
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107075
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107076
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107077
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107078
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107079
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107080
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107081
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107082
20. Vulnerabilities in Apache Ambari (107063, 107064, 107065, 107066)
[14/10/2015] Vulnerabilities were identified in the Apache Ambari. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code and compromise the system. These vulnerabilities affect versions prior to 2.1.2 of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107063
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107064
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107065
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107066
21. Vulnerabilities in Google Chrome
[14/10/2015] Vulnerabilities were identified in the Google Chrome. An attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and crash the system. These vulnerabilities affect versions prior to 46.0.2490.71 of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:googlechromereleases.blogspot.hk/2015/10/stable-channel-update.html
URL:www.hkcert.org/my_url/en/alert/15101409
URL:www.us-cert.gov/ncas/current-activity/2015/10/13/Google-Releases-Security-Update-Chrome
22. Vulnerabilities in unzip (107059, 107060)
[14/10/2015] Vulnerabilities were identified in the unzip. An attacker could bypass security restrictions, execute arbitrary code, cause a denial of service condition and crash the system. These vulnerabilities affect version 6.0 of the mentioned product.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107059
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107060
23. Vulnerabilities in ZyXEL routers (VU#870744)
[14/10/2015] Vulnerabilities were identified in multiple ZyXEL routers. An attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, perform code injections and cross-site scripting attacks. These vulnerabilities affect multiple firmware versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:www.kb.cert.org/vuls/id/870744
24. Security Updates in Debian (DSA-3372-1)
[14/10/2015] Debian has released security update packages for fixing the vulnerabilities identified in the linux packages for multiple versions of Debian GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:www.debian.org/security/2015/dsa-3372
25. Security Updates in SUSE (SUSE-SU-2015:1727-1)
[14/10/2015] SUSE has released security update packages for fixing the vulnerabilities identified in the kernel-source packages of SUSE Linux Enterprise 12. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the system.
URL:lists.opensuse.org/opensuse-security-announce/2015-10/msg00009.html
26. Security Updates in Ubuntu GNU/Linux (USN-2767-1)
[14/10/2015] Ubuntu has released security update packages for fixing the vulnerabilities identified in the gdk-pixbuf packages for versions 12.04 LTS, 14.04 LTS and 15.04 of Ubuntu GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and crash the system.
URL:www.ubuntu.com/usn/usn-2767-1/
27. Vulnerabilities in Cisco Products (cisco-sa-20151012-apic, cisco-sa-20151012-asr)
[13/10/2015] Vulnerabilities were identified in the Cisco Application Policy Infrastructure Controller (APIC), Cisco Aggregation Services Router (ASR) 5000 and ASR 5500 (ASR5K) System Software. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the system. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities in Cisco Aggregation Services Router (ASR) 5000 and ASR 5500 (ASR5K) System Software.
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151012-apic
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151012-asr
28. Vulnerability in F5 Products (SOL17381)
[13/10/2015] Vulnerability was identified in the F5 BIG-IP LTM, BIG-IP AAM, BIG-IP AFM, BIG-IP Analytics, BIG-IP APM, BIG-IP ASM, BIG-IP GTM, BIG-IP Link Controller, BIG-IP PEM, BIG-IQ Cloud, BIG-IQ Device and BIG-IQ Security. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the system. This vulnerability affects multiple versions of the mentioned products. Security patches are available to resolve this vulnerability.
URL:support.f5.com/kb/en-us/solutions/public/17000/300/sol17381.html
29. Vulnerabilities in EMC SourceOne Email Supervisor (107049, 107050, 107051, 107052)
[13/10/2015] Vulnerabilities were identified in the EMC SourceOne Email Supervisor. An attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and crash the system. These vulnerabilities affect versions prior to 7.2 of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107049
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107050
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107051
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107052
30. Vulnerability in QNAP QTS (VU#751328)
[13/10/2015] Vulnerability was identified in the QNAP QTS. An attacker could bypass security restrictions, obtain sensitive information and execute arbitrary code on the system. This vulnerability affects firmware versions prior to 4.1.4 Build 0910 or 4.2.0 Build 0910(RC2) of the mentioned product. Security patches are available to resolve this vulnerability.
URL:www.kb.cert.org/vuls/id/751328
31. Security Updates in Oracle Linux (ELSA-2015-1889, ELSA-2015-1890)
[13/10/2015] Oracle has released security update packages for fixing the vulnerabilities identified in the spice and spice-server packages for Oracle Linux 6 and 7. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges and execute arbitrary code on the system.
URL:linux.oracle.com/errata/ELSA-2015-1889.html
URL:linux.oracle.com/errata/ELSA-2015-1890.html
32. Security Updates in Red Hat Enterprise Linux (RHSA-2015:1889, RHSA-2015:1890-1)
[13/10/2015] RedHat has released security update packages for fixing the vulnerabilities identified in the spice and spice-server packages for Red Hat Enterprise Linux 6 and 7. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges and execute arbitrary code on the system.
URL:rhn.redhat.com/errata/RHSA-2015-1889.html
URL:rhn.redhat.com/errata/RHSA-2015-1890.html
33. Vulnerability in F5 Products (SOL17382)
[12/10/2015] Vulnerability was identified in the F5 BIG-IP LTM, BIG-IP APM, BIG-IP ASM, BIG-IP Edge Gateway, BIG-IP GTM, BIG-IP Link Controller, BIG-IP PSM, BIG-IP WebAccelerator and BIG-IP WOM. An attacker could bypass security restrictions. This vulnerability affects multiple versions of the mentioned products. Security patches are available to resolve this vulnerability.
URL:support.f5.com/kb/en-us/solutions/public/17000/300/sol17382.html
34. Vulnerabilities in Huawei 3G routers (107005, 107006, 107007, 107008)
[12/10/2015] Vulnerabilities were identified in the Huawei 3G routers. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the system. These vulnerabilities affect multiple firmware versions of the mentioned products.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107005
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107006
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107007
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107008
35. Vulnerabilities in Cybozu Garoon (107028, 107029)
[12/10/2015] Vulnerabilities were identified in the Cybozu Garoon. An attacker could bypass security restrictions and execute arbitrary code on the system. These vulnerabilities affect multiple versions of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107028
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107029
36. Vulnerabilities in PostgreSQL (107026, 107027)
[12/10/2015] Vulnerabilities were identified in the PostgreSQL. An attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and crash the system. These vulnerabilities affect versions prior to 9.0.23, 9.1.19, 9.2.14, 9.3.10 or 9.4.5 of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107026
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107027
37. Vulnerability in UI::Dialog perl library (107023)
[12/10/2015] Vulnerability was identified in the UI::Dialog perl library. An attacker could bypass security restrictions and execute arbitrary code on the system. This vulnerability affects version 1.08-1.1 of the mentioned product.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107023
38. Security Updates in Debian (DSA-3371-1)
[12/10/2015] Debian has released security update packages for fixing the vulnerabilities identified in the spice packages for multiple versions of Debian GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:www.debian.org/security/2015/dsa-3371
39. Security Updates in Mageia (MGASA-2015-0390, MGASA-2015-0391, MGASA-2015-0392, MGASA-2015-0393, MGASA-2015-0394, MGASA-2015-0395)
[12/10/2015] Mageia has released security update packages for fixing the vulnerabilities identified in the kernel-linus, php-ZendFramework, php-ZendFramework2, jakarta-commons-httpclient, httpcomponents-client, isodumper, spice, php and php-timezonedb packages for multiple versions of Mageia. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:advisories.mageia.org/MGASA-2015-0390.html
URL:advisories.mageia.org/MGASA-2015-0391.html
URL:advisories.mageia.org/MGASA-2015-0392.html
URL:advisories.mageia.org/MGASA-2015-0393.html
URL:advisories.mageia.org/MGASA-2015-0394.html
URL:advisories.mageia.org/MGASA-2015-0395.html
40. Security Updates in SUSE (SUSE-SU-2015:1703-1, openSUSE-SU-2015:1719-1)
[12/10/2015] SUSE has released security update packages for fixing the vulnerabilities identified in the MozillaFirefox and Chromium packages of SUSE Linux Enterprise 11, openSUSE 13.1 and 13.2. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:lists.opensuse.org/opensuse-security-announce/2015-10/msg00007.html
URL:lists.opensuse.org/opensuse-security-announce/2015-10/msg00008.html
1. Information Updates on Microsoft Security Bulletin (3096441)
[16/10/2015] Microsoft has updated information on the Security Bulletin for Microsoft Internet Explorer. MS15-106 was revised to correct the security impact and severity for CVE-2015-6046.
URL:technet.microsoft.com/en-us/library/security/MS15-106
2. Vulnerabilities in Apple Products (HT205373)
[16/10/2015] Vulnerabilities were identified in the Apple Keynote, Pages, Numbers and iWork. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:support.apple.com/en-hk/HT205373
3. Vulnerability in Mozilla Firefox (MFSA 2015-115)
[16/10/2015] Vulnerability was identified in the Mozilla Firefox. An attacker could bypass security restrictions and obtain sensitive information. This vulnerability affects versions prior to 41.0.2 of the mentioned product. Security patches are available to resolve this vulnerability.
URL:www.mozilla.org/en-US/security/advisories/mfsa2015-115/
URL:www.hkcert.org/my_url/en/alert/15101601
URL:www.us-cert.gov/ncas/current-activity/2015/10/15/Mozilla-Releases-Security-Update-Firefox
4. Vulnerability in F5 Products (SOL17386)
[16/10/2015] Vulnerability was identified in the F5 BIG-IP LTM, BIG-IP AAM, BIG-IP AFM, BIG-IP Analytics, BIG-IP APM, BIG-IP ASM, BIG-IP Edge Gateway, BIG-IP GTM, BIG-IP Link Controller, BIG-IP PEM, BIG-IP PSM, BIG-IP WebAccelerator and BIG-IP WOM. An attacker could bypass security restrictions, cause a denial of service condition and crash the system. This vulnerability affects multiple versions of the mentioned products. Security patches are available to resolve this vulnerability.
URL:support.f5.com/kb/en-us/solutions/public/17000/300/sol17386.html
5. Vulnerability in 3S CODESYS Runtime Toolkit (ICSA-15-288-01)
[16/10/2015] Vulnerability was identified in the 3S CODESYS Runtime Toolkit. An attacker could bypass security restrictions, cause a denial of service condition and crash the system. This vulnerability affects versions prior to 2.4.7.48 of the mentioned product. Security patches are available to resolve this vulnerability.+
URL:ics-cert.us-cert.gov/advisories/ICSA-15-288-01
6. Security Updates in Red Hat Enterprise Linux (RHSA-2015:1893-1, RHSA-2015:1894-1, RHSA-2015:1895-1, RHSA-2015:1896-1, RHSA-2015:1897-1)
[16/10/2015] Red Hat has released security update packages for fixing the vulnerabilities identified in the Adobe Flash Player, python-django, openstack-swift, qemu-kvm-rhev and openstack-glance packages for Red Hat Enterprise Linux 5, 6 and 7. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:rhn.redhat.com/errata/RHSA-2015-1893.html
URL:rhn.redhat.com/errata/RHSA-2015-1894.html
URL:rhn.redhat.com/errata/RHSA-2015-1895.html
URL:rhn.redhat.com/errata/RHSA-2015-1896.html
URL:rhn.redhat.com/errata/RHSA-2015-1897.html
7. Security Updates in SUSE (SUSE-SU-2015:1757-1)
[16/10/2015] SUSE has released security update packages for fixing the vulnerabilities identified in the docker packages of SUSE Linux Enterprise 12. Due to multiple errors, an attacker could bypass security restrictions, execute arbitrary code, cause a denial of service condition and crash the system.
URL:lists.opensuse.org/opensuse-security-announce/2015-10/msg00014.html
8. Security Updates in Ubuntu GNU/Linux (USN-2771-1)
[16/10/2015] Ubuntu has released security update packages for fixing the vulnerability identified in the click packages for versions 14.04 LTS and 15.04 of Ubuntu GNU/Linux. An attacker could bypass security restrictions and gain elevated privileges.
URL:www.ubuntu.com/usn/usn-2771-1/
9. Vulnerability in Adobe Flash Player (APSA15-05)
[15/10/2015] Vulnerability was identified in the Adobe Flash Player. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system. These vulnerabilities affect multiple versions of the mentioned products.
URL:helpx.adobe.com/security/products/flash-player/apsa15-05.html
10. Vulnerabilities in Juniper Products (JSA10695, JSA10699, JSA10700, JSA10701, JSA10702, JSA10703, JSA10704, JSA10705, JSA10706, JSA10707, JSA10708)
[15/10/2015] Vulnerabilities were identified in multiple Juniper products. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:kb.juniper.net/index?page=content&id=JSA10695
URL:kb.juniper.net/index?page=content&id=JSA10699
URL:kb.juniper.net/index?page=content&id=JSA10700
URL:kb.juniper.net/index?page=content&id=JSA10701
URL:kb.juniper.net/index?page=content&id=JSA10702
URL:kb.juniper.net/index?page=content&id=JSA10703
URL:kb.juniper.net/index?page=content&id=JSA10704
URL:kb.juniper.net/index?page=content&id=JSA10705
URL:kb.juniper.net/index?page=content&id=JSA10706
URL:kb.juniper.net/index?page=content&id=JSA10707
URL:kb.juniper.net/index?page=content&id=JSA10708
11. Vulnerability in HP Smart Profile Server (c04845334)
[15/10/2015] Vulnerability was identified in the HP Smart Profile Server. An attacker could bypass security restrictions, execute arbitrary code and perform cross-site scripting attacks. This vulnerability affects versions prior to 2.3.5 of the mentioned product. Security patches are available to resolve this vulnerability.
URL:h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04845334
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107094
12. Vulnerability in Nordex NC2 (ICSA-15-286-01)
[15/10/2015] Vulnerability was identified in the Nordex NC2. An attacker could bypass security restrictions, execute arbitrary code and perform cross-site scripting attacks. This vulnerability affects firmware versions V16 and prior of the mentioned product. Security patches are available to resolve this vulnerability.
URL:ics-cert.us-cert.gov/advisories/ICSA-15-286-01
13. Security Updates in Oracle Linux (ELSA-2015-3085)
[15/10/2015] Oracle has released security update packages for fixing the vulnerabilities identified in the docker-engine packages for Oracle Linux 6 and 7. Due to multiple errors, an attacker could bypass security restrictions, execute arbitrary code, cause a denial of service condition and crash the system.
URL:linux.oracle.com/errata/ELSA-2015-3085.html
14. Security Updates in Mageia (MGASA-2015-0396, MGASA-2015-0397, MGASA-2015-0398, MGASA-2015-0399, MGASA-2015-0400)
[15/10/2015] Mageia has released security update packages for fixing the vulnerabilities identified in the git, qemu, openjpeg2, flash-player-plugin and roundcubemail packages for multiple versions of Mageia. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:advisories.mageia.org/MGASA-2015-0396.html
URL:advisories.mageia.org/MGASA-2015-0397.html
URL:advisories.mageia.org/MGASA-2015-0398.html
URL:advisories.mageia.org/MGASA-2015-0399.html
URL:advisories.mageia.org/MGASA-2015-0400.html
15. Security Updates in SUSE (openSUSE-SU-2015:1734-1, SUSE-SU-2015:1740-1, SUSE-SU-2015:1742-1, openSUSE-SU-2015:1744-1)
[15/10/2015] SUSE has released security update packages for fixing the vulnerabilities identified in the polkit and flash-player packages of openSUSE 13.1 and 13.2, SUSE Linux Enterprise 11 and 12. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:lists.opensuse.org/opensuse-security-announce/2015-10/msg00010.html
URL:lists.opensuse.org/opensuse-security-announce/2015-10/msg00011.html
URL:lists.opensuse.org/opensuse-security-announce/2015-10/msg00012.html
URL:lists.opensuse.org/opensuse-security-announce/2015-10/msg00013.html
16. Security Updates in Ubuntu GNU/Linux (USN-2709-2, USN-2769-1)
[15/10/2015] Ubuntu has released security update packages for fixing the vulnerabilities identified in the pollinate and commons-httpclient packages for versions 12.04 LTS, 14.04 LTS and 15.04 of Ubuntu GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and crash the system.
URL:www.ubuntu.com/usn/usn-2709-2/
URL:www.ubuntu.com/usn/usn-2769-1/
17. Vulnerabilities in Microsoft Products (3089659, 3096440, 3096441, 3096443, 3096447, 3096448)
[14/10/2015] Vulnerabilities were identified in the Microsoft Internet Explorer, Edge, Windows and Office. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:technet.microsoft.com/en-us/library/security/ms15-oct.aspx
URL:technet.microsoft.com/library/security/MS15-106
URL:technet.microsoft.com/library/security/MS15-107
URL:technet.microsoft.com/library/security/MS15-108
URL:technet.microsoft.com/library/security/MS15-109
URL:technet.microsoft.com/library/security/MS15-110
URL:technet.microsoft.com/library/security/MS15-111
URL:www.hkcert.org/my_url/en/alert/15101401
URL:www.hkcert.org/my_url/en/alert/15101402
URL:www.hkcert.org/my_url/en/alert/15101403
URL:www.hkcert.org/my_url/en/alert/15101404
URL:www.hkcert.org/my_url/en/alert/15101405
URL:www.hkcert.org/my_url/en/alert/15101406
URL:www.us-cert.gov/ncas/current-activity/2015/10/13/Microsoft-Releases-October-2015-Security-Bulletin
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106737
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106739
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106740
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106741
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106742
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106744
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106745
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106746
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106747
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106749
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106751
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106753
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106755
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106756
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106757
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106758
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106759
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106760
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106761
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106762
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106763
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106765
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106766
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106768
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106769
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106770
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106771
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106772
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106774
18. Information Updates on Microsoft Security Advisories (2960358, 3042058, 3097966)
[14/10/2015] Microsoft has updated information on the Security Advisories for Microsoft .NET Framework and Microsoft Windows. (a) KB2960358 was revised to broaden the affected software list to include Windows 10 systems that are running .NET Framework 3.5 applications and systems with .NET Framework 4.6 installed that are running .NET Framework 4.5/4.5.1/4.5.2 applications, and to provide customers running these configurations with steps for manually disabling RC4 in TLS. (b) KB3042058 was revised to announce that the Default Cipher Suite Prioritization update (3042058), originally released May 12, 2015 via the Microsoft Download Center (DLC) only, is now also available via Microsoft Update (MU) and Windows Server Update Services (WSUS). (c) KB3097966 was revised to notify customers that an update is available that modifies the Code Integrity component in Windows to extend trust removal for the four digital certificates addressed by this advisory to also preclude kernel-mode code signing.
URL:technet.microsoft.com/en-us/library/security/2960358.aspx
URL:technet.microsoft.com/en-us/library/security/3042058.aspx
URL:technet.microsoft.com/en-us/library/security/3097966.aspx
19. Vulnerabilities in Adobe Products (APSB15-24, APSB15-25)
[14/10/2015] Vulnerabilities were identified in the Adobe Acrobat and Reader, and Adobe Flash Player. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:helpx.adobe.com/security/products/acrobat/apsb15-24.html
URL:helpx.adobe.com/security/products/flash-player/apsb15-25.html
URL:technet.microsoft.com/en-us/library/security/2755801.aspx
URL:www.hkcert.org/my_url/en/alert/15101407
URL:www.hkcert.org/my_url/en/alert/15101408
URL:www.us-cert.gov/ncas/current-activity/2015/10/13/Adobe-Releases-Security-Updates-Reader-and-Acrobat
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107068
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107070
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107071
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107072
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107073
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107074
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107075
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107076
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107077
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107078
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107079
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107080
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107081
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107082
20. Vulnerabilities in Apache Ambari (107063, 107064, 107065, 107066)
[14/10/2015] Vulnerabilities were identified in the Apache Ambari. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code and compromise the system. These vulnerabilities affect versions prior to 2.1.2 of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107063
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107064
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107065
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107066
21. Vulnerabilities in Google Chrome
[14/10/2015] Vulnerabilities were identified in the Google Chrome. An attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and crash the system. These vulnerabilities affect versions prior to 46.0.2490.71 of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:googlechromereleases.blogspot.hk/2015/10/stable-channel-update.html
URL:www.hkcert.org/my_url/en/alert/15101409
URL:www.us-cert.gov/ncas/current-activity/2015/10/13/Google-Releases-Security-Update-Chrome
22. Vulnerabilities in unzip (107059, 107060)
[14/10/2015] Vulnerabilities were identified in the unzip. An attacker could bypass security restrictions, execute arbitrary code, cause a denial of service condition and crash the system. These vulnerabilities affect version 6.0 of the mentioned product.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107059
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107060
23. Vulnerabilities in ZyXEL routers (VU#870744)
[14/10/2015] Vulnerabilities were identified in multiple ZyXEL routers. An attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, perform code injections and cross-site scripting attacks. These vulnerabilities affect multiple firmware versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:www.kb.cert.org/vuls/id/870744
24. Security Updates in Debian (DSA-3372-1)
[14/10/2015] Debian has released security update packages for fixing the vulnerabilities identified in the linux packages for multiple versions of Debian GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:www.debian.org/security/2015/dsa-3372
25. Security Updates in SUSE (SUSE-SU-2015:1727-1)
[14/10/2015] SUSE has released security update packages for fixing the vulnerabilities identified in the kernel-source packages of SUSE Linux Enterprise 12. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the system.
URL:lists.opensuse.org/opensuse-security-announce/2015-10/msg00009.html
26. Security Updates in Ubuntu GNU/Linux (USN-2767-1)
[14/10/2015] Ubuntu has released security update packages for fixing the vulnerabilities identified in the gdk-pixbuf packages for versions 12.04 LTS, 14.04 LTS and 15.04 of Ubuntu GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and crash the system.
URL:www.ubuntu.com/usn/usn-2767-1/
27. Vulnerabilities in Cisco Products (cisco-sa-20151012-apic, cisco-sa-20151012-asr)
[13/10/2015] Vulnerabilities were identified in the Cisco Application Policy Infrastructure Controller (APIC), Cisco Aggregation Services Router (ASR) 5000 and ASR 5500 (ASR5K) System Software. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the system. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities in Cisco Aggregation Services Router (ASR) 5000 and ASR 5500 (ASR5K) System Software.
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151012-apic
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151012-asr
28. Vulnerability in F5 Products (SOL17381)
[13/10/2015] Vulnerability was identified in the F5 BIG-IP LTM, BIG-IP AAM, BIG-IP AFM, BIG-IP Analytics, BIG-IP APM, BIG-IP ASM, BIG-IP GTM, BIG-IP Link Controller, BIG-IP PEM, BIG-IQ Cloud, BIG-IQ Device and BIG-IQ Security. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the system. This vulnerability affects multiple versions of the mentioned products. Security patches are available to resolve this vulnerability.
URL:support.f5.com/kb/en-us/solutions/public/17000/300/sol17381.html
29. Vulnerabilities in EMC SourceOne Email Supervisor (107049, 107050, 107051, 107052)
[13/10/2015] Vulnerabilities were identified in the EMC SourceOne Email Supervisor. An attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and crash the system. These vulnerabilities affect versions prior to 7.2 of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107049
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107050
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107051
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107052
30. Vulnerability in QNAP QTS (VU#751328)
[13/10/2015] Vulnerability was identified in the QNAP QTS. An attacker could bypass security restrictions, obtain sensitive information and execute arbitrary code on the system. This vulnerability affects firmware versions prior to 4.1.4 Build 0910 or 4.2.0 Build 0910(RC2) of the mentioned product. Security patches are available to resolve this vulnerability.
URL:www.kb.cert.org/vuls/id/751328
31. Security Updates in Oracle Linux (ELSA-2015-1889, ELSA-2015-1890)
[13/10/2015] Oracle has released security update packages for fixing the vulnerabilities identified in the spice and spice-server packages for Oracle Linux 6 and 7. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges and execute arbitrary code on the system.
URL:linux.oracle.com/errata/ELSA-2015-1889.html
URL:linux.oracle.com/errata/ELSA-2015-1890.html
32. Security Updates in Red Hat Enterprise Linux (RHSA-2015:1889, RHSA-2015:1890-1)
[13/10/2015] RedHat has released security update packages for fixing the vulnerabilities identified in the spice and spice-server packages for Red Hat Enterprise Linux 6 and 7. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges and execute arbitrary code on the system.
URL:rhn.redhat.com/errata/RHSA-2015-1889.html
URL:rhn.redhat.com/errata/RHSA-2015-1890.html
33. Vulnerability in F5 Products (SOL17382)
[12/10/2015] Vulnerability was identified in the F5 BIG-IP LTM, BIG-IP APM, BIG-IP ASM, BIG-IP Edge Gateway, BIG-IP GTM, BIG-IP Link Controller, BIG-IP PSM, BIG-IP WebAccelerator and BIG-IP WOM. An attacker could bypass security restrictions. This vulnerability affects multiple versions of the mentioned products. Security patches are available to resolve this vulnerability.
URL:support.f5.com/kb/en-us/solutions/public/17000/300/sol17382.html
34. Vulnerabilities in Huawei 3G routers (107005, 107006, 107007, 107008)
[12/10/2015] Vulnerabilities were identified in the Huawei 3G routers. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the system. These vulnerabilities affect multiple firmware versions of the mentioned products.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107005
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107006
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107007
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107008
35. Vulnerabilities in Cybozu Garoon (107028, 107029)
[12/10/2015] Vulnerabilities were identified in the Cybozu Garoon. An attacker could bypass security restrictions and execute arbitrary code on the system. These vulnerabilities affect multiple versions of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107028
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107029
36. Vulnerabilities in PostgreSQL (107026, 107027)
[12/10/2015] Vulnerabilities were identified in the PostgreSQL. An attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and crash the system. These vulnerabilities affect versions prior to 9.0.23, 9.1.19, 9.2.14, 9.3.10 or 9.4.5 of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107026
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107027
37. Vulnerability in UI::Dialog perl library (107023)
[12/10/2015] Vulnerability was identified in the UI::Dialog perl library. An attacker could bypass security restrictions and execute arbitrary code on the system. This vulnerability affects version 1.08-1.1 of the mentioned product.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107023
38. Security Updates in Debian (DSA-3371-1)
[12/10/2015] Debian has released security update packages for fixing the vulnerabilities identified in the spice packages for multiple versions of Debian GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:www.debian.org/security/2015/dsa-3371
39. Security Updates in Mageia (MGASA-2015-0390, MGASA-2015-0391, MGASA-2015-0392, MGASA-2015-0393, MGASA-2015-0394, MGASA-2015-0395)
[12/10/2015] Mageia has released security update packages for fixing the vulnerabilities identified in the kernel-linus, php-ZendFramework, php-ZendFramework2, jakarta-commons-httpclient, httpcomponents-client, isodumper, spice, php and php-timezonedb packages for multiple versions of Mageia. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:advisories.mageia.org/MGASA-2015-0390.html
URL:advisories.mageia.org/MGASA-2015-0391.html
URL:advisories.mageia.org/MGASA-2015-0392.html
URL:advisories.mageia.org/MGASA-2015-0393.html
URL:advisories.mageia.org/MGASA-2015-0394.html
URL:advisories.mageia.org/MGASA-2015-0395.html
40. Security Updates in SUSE (SUSE-SU-2015:1703-1, openSUSE-SU-2015:1719-1)
[12/10/2015] SUSE has released security update packages for fixing the vulnerabilities identified in the MozillaFirefox and Chromium packages of SUSE Linux Enterprise 11, openSUSE 13.1 and 13.2. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:lists.opensuse.org/opensuse-security-announce/2015-10/msg00007.html
URL:lists.opensuse.org/opensuse-security-announce/2015-10/msg00008.html
Subscribe to:
Posts (Atom)