Security Alerts
1. Information Updates on Microsoft Security Bulletin
(3096441)
[16/10/2015]
Microsoft has updated information on the
Security Bulletin for Microsoft Internet Explorer. MS15-106 was revised to
correct the security impact and severity for
CVE-2015-6046.
URL:technet.microsoft.com/en-us/library/security/MS15-106
2. Vulnerabilities in Apple Products
(HT205373)
[16/10/2015]
Vulnerabilities were identified in the Apple
Keynote, Pages, Numbers and iWork. An attacker could bypass security
restrictions, obtain sensitive information, gain elevated privileges, execute
arbitrary code, cause a denial of service condition and compromise the system.
These vulnerabilities affect multiple versions of the mentioned products.
Security patches are available to resolve these
vulnerabilities.
URL:support.apple.com/en-hk/HT205373
3. Vulnerability in Mozilla Firefox (MFSA
2015-115)
[16/10/2015]
Vulnerability was identified in the Mozilla
Firefox. An attacker could bypass security restrictions and obtain sensitive
information. This vulnerability affects versions prior to 41.0.2 of the
mentioned product. Security patches are available to resolve this
vulnerability.
URL:www.mozilla.org/en-US/security/advisories/mfsa2015-115/
URL:www.hkcert.org/my_url/en/alert/15101601
URL:www.us-cert.gov/ncas/current-activity/2015/10/15/Mozilla-Releases-Security-Update-Firefox
4. Vulnerability in F5 Products
(SOL17386)
[16/10/2015]
Vulnerability was identified in the F5 BIG-IP
LTM, BIG-IP AAM, BIG-IP AFM, BIG-IP Analytics, BIG-IP APM, BIG-IP ASM, BIG-IP
Edge Gateway, BIG-IP GTM, BIG-IP Link Controller, BIG-IP PEM, BIG-IP PSM, BIG-IP
WebAccelerator and BIG-IP WOM. An attacker could bypass security restrictions,
cause a denial of service condition and crash the system. This vulnerability
affects multiple versions of the mentioned products. Security patches are
available to resolve this
vulnerability.
URL:support.f5.com/kb/en-us/solutions/public/17000/300/sol17386.html
5. Vulnerability in 3S CODESYS Runtime Toolkit
(ICSA-15-288-01)
[16/10/2015] Vulnerability was identified in the 3S CODESYS Runtime
Toolkit. An attacker could bypass security restrictions, cause a denial of
service condition and crash the system. This vulnerability affects versions
prior to 2.4.7.48 of the mentioned product. Security patches are available to
resolve this
vulnerability.+
URL:ics-cert.us-cert.gov/advisories/ICSA-15-288-01
6. Security Updates in Red Hat Enterprise Linux
(RHSA-2015:1893-1, RHSA-2015:1894-1, RHSA-2015:1895-1, RHSA-2015:1896-1,
RHSA-2015:1897-1)
[16/10/2015] Red Hat
has released security update packages for fixing the vulnerabilities identified
in the Adobe Flash Player, python-django, openstack-swift, qemu-kvm-rhev and
openstack-glance packages for Red Hat Enterprise Linux 5, 6 and 7. Due to
multiple errors, an attacker could bypass security restrictions, obtain
sensitive information, gain elevated privileges, execute arbitrary code, cause a
denial of service condition and compromise the
system.
URL:rhn.redhat.com/errata/RHSA-2015-1893.html
URL:rhn.redhat.com/errata/RHSA-2015-1894.html
URL:rhn.redhat.com/errata/RHSA-2015-1895.html
URL:rhn.redhat.com/errata/RHSA-2015-1896.html
URL:rhn.redhat.com/errata/RHSA-2015-1897.html
7. Security Updates in SUSE
(SUSE-SU-2015:1757-1)
[16/10/2015] SUSE has
released security update packages for fixing the vulnerabilities identified in
the docker packages of SUSE Linux Enterprise 12. Due to multiple errors, an
attacker could bypass security restrictions, execute arbitrary code, cause a
denial of service condition and crash the
system.
URL:lists.opensuse.org/opensuse-security-announce/2015-10/msg00014.html
8. Security Updates in Ubuntu GNU/Linux
(USN-2771-1)
[16/10/2015] Ubuntu has
released security update packages for fixing the vulnerability identified in the
click packages for versions 14.04 LTS and 15.04 of Ubuntu GNU/Linux. An attacker
could bypass security restrictions and gain elevated
privileges.
URL:www.ubuntu.com/usn/usn-2771-1/
9. Vulnerability in Adobe Flash Player
(APSA15-05)
[15/10/2015] Vulnerability was identified in the Adobe Flash Player. An
attacker could bypass security restrictions, obtain sensitive information, gain
elevated privileges, execute arbitrary code, cause a denial of service condition
and compromise the system. These vulnerabilities affect multiple versions of the
mentioned
products.
URL:helpx.adobe.com/security/products/flash-player/apsa15-05.html
10.
Vulnerabilities in Juniper Products
(JSA10695, JSA10699, JSA10700, JSA10701, JSA10702, JSA10703, JSA10704, JSA10705,
JSA10706, JSA10707, JSA10708)
[15/10/2015] Vulnerabilities were identified in multiple Juniper products.
An attacker could bypass security restrictions, obtain sensitive information,
gain elevated privileges, execute arbitrary code, cause a denial of service
condition and compromise the system. These vulnerabilities affect multiple
versions of the mentioned products. Security patches are available to resolve
these
vulnerabilities.
URL:kb.juniper.net/index?page=content&id=JSA10695
URL:kb.juniper.net/index?page=content&id=JSA10699
URL:kb.juniper.net/index?page=content&id=JSA10700
URL:kb.juniper.net/index?page=content&id=JSA10701
URL:kb.juniper.net/index?page=content&id=JSA10702
URL:kb.juniper.net/index?page=content&id=JSA10703
URL:kb.juniper.net/index?page=content&id=JSA10704
URL:kb.juniper.net/index?page=content&id=JSA10705
URL:kb.juniper.net/index?page=content&id=JSA10706
URL:kb.juniper.net/index?page=content&id=JSA10707
URL:kb.juniper.net/index?page=content&id=JSA10708
11.
Vulnerability in HP Smart Profile Server
(c04845334)
[15/10/2015] Vulnerability was identified in the HP Smart Profile Server.
An attacker could bypass security restrictions, execute arbitrary code and
perform cross-site scripting attacks. This vulnerability affects versions prior
to 2.3.5 of the mentioned product. Security patches are available to resolve
this
vulnerability.
URL:h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04845334
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107094
12.
Vulnerability in Nordex NC2
(ICSA-15-286-01)
[15/10/2015] Vulnerability was identified in the Nordex NC2. An attacker
could bypass security restrictions, execute arbitrary code and perform
cross-site scripting attacks. This vulnerability affects firmware versions V16
and prior of the mentioned product. Security patches are available to resolve
this
vulnerability.
URL:ics-cert.us-cert.gov/advisories/ICSA-15-286-01
13.
Security Updates in Oracle Linux
(ELSA-2015-3085)
[15/10/2015] Oracle has
released security update packages for fixing the vulnerabilities identified in
the docker-engine packages for Oracle Linux 6 and 7. Due to multiple errors, an
attacker could bypass security restrictions, execute arbitrary code, cause a
denial of service condition and crash the
system.
URL:linux.oracle.com/errata/ELSA-2015-3085.html
14.
Security Updates in Mageia
(MGASA-2015-0396, MGASA-2015-0397, MGASA-2015-0398, MGASA-2015-0399,
MGASA-2015-0400)
[15/10/2015] Mageia has
released security update packages for fixing the vulnerabilities identified in
the git, qemu, openjpeg2, flash-player-plugin and roundcubemail packages for
multiple versions of Mageia. Due to multiple errors, an attacker could bypass
security restrictions, obtain sensitive information, gain elevated privileges,
execute arbitrary code, cause a denial of service condition and compromise the
system.
URL:advisories.mageia.org/MGASA-2015-0396.html
URL:advisories.mageia.org/MGASA-2015-0397.html
URL:advisories.mageia.org/MGASA-2015-0398.html
URL:advisories.mageia.org/MGASA-2015-0399.html
URL:advisories.mageia.org/MGASA-2015-0400.html
15.
Security Updates in SUSE
(openSUSE-SU-2015:1734-1, SUSE-SU-2015:1740-1, SUSE-SU-2015:1742-1,
openSUSE-SU-2015:1744-1)
[15/10/2015] SUSE has
released security update packages for fixing the vulnerabilities identified in
the polkit and flash-player packages of openSUSE 13.1 and 13.2, SUSE Linux
Enterprise 11 and 12. Due to multiple errors, an attacker could bypass security
restrictions, obtain sensitive information, gain elevated privileges, execute
arbitrary code, cause a denial of service condition and compromise the
system.
URL:lists.opensuse.org/opensuse-security-announce/2015-10/msg00010.html
URL:lists.opensuse.org/opensuse-security-announce/2015-10/msg00011.html
URL:lists.opensuse.org/opensuse-security-announce/2015-10/msg00012.html
URL:lists.opensuse.org/opensuse-security-announce/2015-10/msg00013.html
16.
Security Updates in Ubuntu GNU/Linux
(USN-2709-2, USN-2769-1)
[15/10/2015] Ubuntu has
released security update packages for fixing the vulnerabilities identified in
the pollinate and commons-httpclient packages for versions 12.04 LTS, 14.04 LTS
and 15.04 of Ubuntu GNU/Linux. Due to multiple errors, an attacker could bypass
security restrictions, obtain sensitive information, execute arbitrary code,
cause a denial of service condition and crash the
system.
URL:www.ubuntu.com/usn/usn-2709-2/
URL:www.ubuntu.com/usn/usn-2769-1/
17.
Vulnerabilities in Microsoft Products
(3089659, 3096440, 3096441, 3096443, 3096447,
3096448)
[14/10/2015]
Vulnerabilities were identified in the Microsoft
Internet Explorer, Edge, Windows and Office. An attacker could bypass security
restrictions, obtain sensitive information, gain elevated privileges, execute
arbitrary code, cause a denial of service condition and compromise the system.
These vulnerabilities affect multiple versions of the mentioned products.
Security patches are available to resolve these
vulnerabilities.
URL:technet.microsoft.com/en-us/library/security/ms15-oct.aspx
URL:technet.microsoft.com/library/security/MS15-106
URL:technet.microsoft.com/library/security/MS15-107
URL:technet.microsoft.com/library/security/MS15-108
URL:technet.microsoft.com/library/security/MS15-109
URL:technet.microsoft.com/library/security/MS15-110
URL:technet.microsoft.com/library/security/MS15-111
URL:www.hkcert.org/my_url/en/alert/15101401
URL:www.hkcert.org/my_url/en/alert/15101402
URL:www.hkcert.org/my_url/en/alert/15101403
URL:www.hkcert.org/my_url/en/alert/15101404
URL:www.hkcert.org/my_url/en/alert/15101405
URL:www.hkcert.org/my_url/en/alert/15101406
URL:www.us-cert.gov/ncas/current-activity/2015/10/13/Microsoft-Releases-October-2015-Security-Bulletin
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106737
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106739
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106740
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106741
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106742
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106744
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106745
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106746
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106747
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106749
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106751
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106753
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106755
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106756
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106757
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106758
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106759
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106760
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106761
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106762
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106763
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106765
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106766
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106768
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106769
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106770
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106771
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106772
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106774
18.
Information Updates on Microsoft Security
Advisories (2960358, 3042058, 3097966)
[14/10/2015] Microsoft
has updated information on the Security Advisories for Microsoft .NET Framework
and Microsoft Windows. (a) KB2960358 was revised to broaden the affected
software list to include Windows 10 systems that are running .NET Framework 3.5
applications and systems with .NET Framework 4.6 installed that are running .NET
Framework 4.5/4.5.1/4.5.2 applications, and to provide customers running these
configurations with steps for manually disabling RC4 in TLS. (b) KB3042058 was
revised to announce that the Default Cipher Suite Prioritization update
(3042058), originally released May 12, 2015 via the Microsoft Download Center
(DLC) only, is now also available via Microsoft Update (MU) and Windows Server
Update Services (WSUS). (c) KB3097966 was revised to notify customers that an
update is available that modifies the Code Integrity component in Windows to
extend trust removal for the four digital certificates addressed by this
advisory to also preclude kernel-mode code
signing.
URL:technet.microsoft.com/en-us/library/security/2960358.aspx
URL:technet.microsoft.com/en-us/library/security/3042058.aspx
URL:technet.microsoft.com/en-us/library/security/3097966.aspx
19.
Vulnerabilities in Adobe Products
(APSB15-24, APSB15-25)
[14/10/2015] Vulnerabilities were identified in the Adobe Acrobat and
Reader, and Adobe Flash Player. An attacker could bypass security restrictions,
obtain sensitive information, gain elevated privileges, execute arbitrary code,
cause a denial of service condition and compromise the system. These
vulnerabilities affect multiple versions of the mentioned products. Security
patches are available to resolve these
vulnerabilities.
URL:helpx.adobe.com/security/products/acrobat/apsb15-24.html
URL:helpx.adobe.com/security/products/flash-player/apsb15-25.html
URL:technet.microsoft.com/en-us/library/security/2755801.aspx
URL:www.hkcert.org/my_url/en/alert/15101407
URL:www.hkcert.org/my_url/en/alert/15101408
URL:www.us-cert.gov/ncas/current-activity/2015/10/13/Adobe-Releases-Security-Updates-Reader-and-Acrobat
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107068
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107070
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107071
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107072
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107073
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107074
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107075
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107076
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107077
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107078
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107079
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107080
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107081
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107082
20.
Vulnerabilities in Apache Ambari (107063,
107064, 107065, 107066)
[14/10/2015] Vulnerabilities were identified in the Apache Ambari. An
attacker could bypass security restrictions, obtain sensitive information, gain
elevated privileges, execute arbitrary code and compromise the system. These
vulnerabilities affect versions prior to 2.1.2 of the mentioned product.
Security patches are available to resolve these
vulnerabilities.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107063
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107064
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107065
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107066
21.
Vulnerabilities in Google
Chrome
[14/10/2015]
Vulnerabilities were identified in the Google
Chrome. An attacker could bypass security restrictions, obtain sensitive
information, execute arbitrary code, cause a denial of service condition and
crash the system. These vulnerabilities affect versions prior to 46.0.2490.71 of
the mentioned product. Security patches are available to resolve these
vulnerabilities.
URL:googlechromereleases.blogspot.hk/2015/10/stable-channel-update.html
URL:www.hkcert.org/my_url/en/alert/15101409
URL:www.us-cert.gov/ncas/current-activity/2015/10/13/Google-Releases-Security-Update-Chrome
22.
Vulnerabilities in unzip (107059,
107060)
[14/10/2015]
Vulnerabilities were identified in the unzip. An
attacker could bypass security restrictions, execute arbitrary code, cause a
denial of service condition and crash the system. These vulnerabilities affect
version 6.0 of the mentioned
product.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107059
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107060
23.
Vulnerabilities in ZyXEL routers
(VU#870744)
[14/10/2015] Vulnerabilities were identified in multiple ZyXEL routers. An
attacker could bypass security restrictions, obtain sensitive information,
execute arbitrary code, perform code injections and cross-site scripting
attacks. These vulnerabilities affect multiple firmware versions of the
mentioned products. Security patches are available to resolve these
vulnerabilities.
URL:www.kb.cert.org/vuls/id/870744
24.
Security Updates in Debian
(DSA-3372-1)
[14/10/2015] Debian has
released security update packages for fixing the vulnerabilities identified in
the linux packages for multiple versions of Debian GNU/Linux. Due to multiple
errors, an attacker could bypass security restrictions, obtain sensitive
information, gain elevated privileges, execute arbitrary code, cause a denial of
service condition and compromise the
system.
URL:www.debian.org/security/2015/dsa-3372
25.
Security Updates in SUSE
(SUSE-SU-2015:1727-1)
[14/10/2015] SUSE has
released security update packages for fixing the vulnerabilities identified in
the kernel-source packages of SUSE Linux Enterprise 12. Due to multiple errors,
an attacker could bypass security restrictions, obtain sensitive information,
gain elevated privileges, execute arbitrary code, cause a denial of service
condition and crash the
system.
URL:lists.opensuse.org/opensuse-security-announce/2015-10/msg00009.html
26.
Security Updates in Ubuntu GNU/Linux
(USN-2767-1)
[14/10/2015] Ubuntu has
released security update packages for fixing the vulnerabilities identified in
the gdk-pixbuf packages for versions 12.04 LTS, 14.04 LTS and 15.04 of Ubuntu
GNU/Linux. Due to multiple errors, an attacker could bypass security
restrictions, obtain sensitive information, execute arbitrary code, cause a
denial of service condition and crash the
system.
URL:www.ubuntu.com/usn/usn-2767-1/
27. Vulnerabilities in Cisco Products
(cisco-sa-20151012-apic, cisco-sa-20151012-asr)
[13/10/2015] Vulnerabilities were identified in the Cisco Application
Policy Infrastructure Controller (APIC), Cisco Aggregation Services Router (ASR)
5000 and ASR 5500 (ASR5K) System Software. An attacker could bypass security
restrictions, obtain sensitive information, gain elevated privileges, execute
arbitrary code, cause a denial of service condition and crash the system. These
vulnerabilities affect multiple versions of the mentioned products. Security
patches are available to resolve these vulnerabilities in Cisco Aggregation
Services Router (ASR) 5000 and ASR 5500 (ASR5K) System
Software.
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151012-apic
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151012-asr
28.
Vulnerability in F5 Products
(SOL17381)
[13/10/2015]
Vulnerability was identified in the F5 BIG-IP
LTM, BIG-IP AAM, BIG-IP AFM, BIG-IP Analytics, BIG-IP APM, BIG-IP ASM, BIG-IP
GTM, BIG-IP Link Controller, BIG-IP PEM, BIG-IQ Cloud, BIG-IQ Device and BIG-IQ
Security. An attacker could bypass security restrictions, obtain sensitive
information, gain elevated privileges, execute arbitrary code, cause a denial of
service condition and crash the system. This vulnerability affects multiple
versions of the mentioned products. Security patches are available to resolve
this
vulnerability.
URL:support.f5.com/kb/en-us/solutions/public/17000/300/sol17381.html
29.
Vulnerabilities in EMC SourceOne Email
Supervisor (107049, 107050, 107051, 107052)
[13/10/2015] Vulnerabilities were identified in the EMC SourceOne Email
Supervisor. An attacker could bypass security restrictions, obtain sensitive
information, execute arbitrary code, cause a denial of service condition and
crash the system. These vulnerabilities affect versions prior to 7.2 of the
mentioned product. Security patches are available to resolve these
vulnerabilities.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107049
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107050
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107051
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107052
30.
Vulnerability in QNAP QTS
(VU#751328)
[13/10/2015] Vulnerability was identified in the QNAP QTS. An attacker
could bypass security restrictions, obtain sensitive information and execute
arbitrary code on the system. This vulnerability affects firmware versions prior
to 4.1.4 Build 0910 or 4.2.0 Build 0910(RC2) of the mentioned product. Security
patches are available to resolve this
vulnerability.
URL:www.kb.cert.org/vuls/id/751328
31.
Security Updates in Oracle Linux
(ELSA-2015-1889, ELSA-2015-1890)
[13/10/2015] Oracle has
released security update packages for fixing the vulnerabilities identified in
the spice and spice-server packages for Oracle Linux 6 and 7. Due to multiple
errors, an attacker could bypass security restrictions, obtain sensitive
information, gain elevated privileges and execute arbitrary code on the
system.
URL:linux.oracle.com/errata/ELSA-2015-1889.html
URL:linux.oracle.com/errata/ELSA-2015-1890.html
32.
Security Updates in Red Hat Enterprise
Linux (RHSA-2015:1889, RHSA-2015:1890-1)
[13/10/2015] RedHat has
released security update packages for fixing the vulnerabilities identified in
the spice and spice-server packages for Red Hat Enterprise Linux 6 and 7. Due to
multiple errors, an attacker could bypass security restrictions, obtain
sensitive information, gain elevated privileges and execute arbitrary code on
the
system.
URL:rhn.redhat.com/errata/RHSA-2015-1889.html
URL:rhn.redhat.com/errata/RHSA-2015-1890.html
33.
Vulnerability in F5 Products
(SOL17382)
[12/10/2015]
Vulnerability was identified in the F5 BIG-IP
LTM, BIG-IP APM, BIG-IP ASM, BIG-IP Edge Gateway, BIG-IP GTM, BIG-IP Link
Controller, BIG-IP PSM, BIG-IP WebAccelerator and BIG-IP WOM. An attacker could
bypass security restrictions. This vulnerability affects multiple versions of
the mentioned products. Security patches are available to resolve this
vulnerability.
URL:support.f5.com/kb/en-us/solutions/public/17000/300/sol17382.html
34.
Vulnerabilities in Huawei 3G routers
(107005, 107006, 107007, 107008)
[12/10/2015] Vulnerabilities were identified in the Huawei 3G routers. An
attacker could bypass security restrictions, obtain sensitive information, gain
elevated privileges, execute arbitrary code, cause a denial of service condition
and crash the system. These vulnerabilities affect multiple firmware versions of
the mentioned
products.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107005
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107006
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107007
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107008
35.
Vulnerabilities in Cybozu Garoon (107028,
107029)
[12/10/2015]
Vulnerabilities were identified in the Cybozu
Garoon. An attacker could bypass security restrictions and execute arbitrary
code on the system. These vulnerabilities affect multiple versions of the
mentioned product. Security patches are available to resolve these
vulnerabilities.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107028
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107029
36.
Vulnerabilities in PostgreSQL (107026,
107027)
[12/10/2015]
Vulnerabilities were identified in the
PostgreSQL. An attacker could bypass security restrictions, obtain sensitive
information, execute arbitrary code, cause a denial of service condition and
crash the system. These vulnerabilities affect versions prior to 9.0.23, 9.1.19,
9.2.14, 9.3.10 or 9.4.5 of the mentioned product. Security patches are available
to resolve these
vulnerabilities.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107026
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107027
37.
Vulnerability in UI::Dialog perl library
(107023)
[12/10/2015]
Vulnerability was identified in the UI::Dialog
perl library. An attacker could bypass security restrictions and execute
arbitrary code on the system. This vulnerability affects version 1.08-1.1 of the
mentioned
product.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107023
38.
Security Updates in Debian
(DSA-3371-1)
[12/10/2015] Debian has
released security update packages for fixing the vulnerabilities identified in
the spice packages for multiple versions of Debian GNU/Linux. Due to multiple
errors, an attacker could bypass security restrictions, obtain sensitive
information, gain elevated privileges, execute arbitrary code, cause a denial of
service condition and compromise the
system.
URL:www.debian.org/security/2015/dsa-3371
39.
Security Updates in Mageia
(MGASA-2015-0390, MGASA-2015-0391, MGASA-2015-0392, MGASA-2015-0393,
MGASA-2015-0394, MGASA-2015-0395)
[12/10/2015] Mageia has
released security update packages for fixing the vulnerabilities identified in
the kernel-linus, php-ZendFramework, php-ZendFramework2,
jakarta-commons-httpclient, httpcomponents-client, isodumper, spice, php and
php-timezonedb packages for multiple versions of Mageia. Due to multiple errors,
an attacker could bypass security restrictions, obtain sensitive information,
gain elevated privileges, execute arbitrary code, cause a denial of service
condition and compromise the
system.
URL:advisories.mageia.org/MGASA-2015-0390.html
URL:advisories.mageia.org/MGASA-2015-0391.html
URL:advisories.mageia.org/MGASA-2015-0392.html
URL:advisories.mageia.org/MGASA-2015-0393.html
URL:advisories.mageia.org/MGASA-2015-0394.html
URL:advisories.mageia.org/MGASA-2015-0395.html
40.
Security Updates in SUSE
(SUSE-SU-2015:1703-1, openSUSE-SU-2015:1719-1)
[12/10/2015] SUSE has
released security update packages for fixing the vulnerabilities identified in
the MozillaFirefox and Chromium packages of SUSE Linux Enterprise 11, openSUSE
13.1 and 13.2. Due to multiple errors, an attacker could bypass security
restrictions, obtain sensitive information, gain elevated privileges, execute
arbitrary code, cause a denial of service condition and compromise the
system.
URL:lists.opensuse.org/opensuse-security-announce/2015-10/msg00007.html
URL:lists.opensuse.org/opensuse-security-announce/2015-10/msg00008.html
No comments:
Post a Comment