Sunday, October 25, 2015
IT Security Alerts Weekly Digest (18 Oct ~ 24 Oct 2015)
1. Vulnerabilities IBM Domino (1969050)
[23/10/2015] Vulnerabilities were identified in the IBM Domino. An attacker could bypass security restrictions, execute arbitrary code, cause a denial of service condition and crash the system. These vulnerabilities affect multiple versions of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:www.ibm.com/support/docview.wss?uid=swg21969050
2. Vulnerability Juniper MX Series router (JSA10485)
[23/10/2015] Vulnerability was identified in the Juniper MX Series router. An attacker could bypass security restrictions, execute arbitrary code, cause a denial of service condition and crash the system. This vulnerability affects multiple Junos versions of the mentioned product. Security patches are available to resolve this vulnerability.
URL:kb.juniper.net/index?page=content&id=JSA10485
3. Vulnerability in 3S CODESYS Gateway (ICSA-15-293-03)
[23/10/2015] Vulnerability was identified in the 3S CODESYS Gateway. An attacker could bypass security restrictions, cause a denial of service condition and crash the system. This vulnerability affect firmware versions prior to 2.3.9.48 of the mentioned product. Security patches are available to resolve this vulnerability.
URL:ics-cert.us-cert.gov/advisories/ICSA-15-293-03
4. Vulnerabilities in IniNet Solutions Products (ICSA-15-293-01, ICSA-15-293-02)
[23/10/2015] Vulnerabilities were identified in the IniNet Solutions embeddedWebServer (eWebServer) and SCADA Web Server. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the system. These vulnerabilities affect versions prior to 2.02 of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:ics-cert.us-cert.gov/advisories/ICSA-15-293-01
URL:ics-cert.us-cert.gov/advisories/ICSA-15-293-02
5. Vulnerabilities in Janitza UMG Power Quality Measuring Products (ICSA-15-265-03)
[23/10/2015] Vulnerabilities were identified in the Janitza UMG Power Quality Measuring Products. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system. These vulnerabilities affect multiple firmware versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:ics-cert.us-cert.gov/advisories/ICSA-15-265-03
6. Vulnerabilities in Linux Kernel (107416, 107417)
[23/10/2015] Vulnerabilities were identified in the Linux Kernel. An attacker could bypass security restrictions and obtain sensitive information. These vulnerabilities affect multiple versions of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107416
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107417
7. Vulnerabilities in Network Time Protocol Daemon
[23/10/2015] Vulnerabilities were identified in the Network Time Protocol Daemon (NTP). An attacker could bypass security restrictions, execute arbitrary code, cause a denial of service condition and crash the system. These vulnerabilities affect versions prior to 4.2.8p4 of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities
URL:www.us-cert.gov/ncas/current-activity/2015/10/21/Vulnerabilities-Identified-Network-Time-Protocol-Daemon-ntpd
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107436
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107437
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107438
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107439
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107440
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107441
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107442
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107443
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107444
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107445
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107445
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107447
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107447
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107449
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107450
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107451
8. Security Updates in Oracle Linux and Oracle Solaris (ELSA-2015-1917, ELSA-2015-1919, ELSA-2015-1920, ELSA-2015-1921, ELSA-2015-1924, ELSA-2015-1925)
[23/10/2015] Oracle has released security update packages for fixing the vulnerabilities identified in the libwmf, java-1.8.0-openjdk, java-1.7.0-openjdk and qemu-kvm packages for Oracle Linux 5, 6 and 7, SSH, Apache HTTP server and Apache Tomcat packages for Oracle Solaris 10 and 11.2. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:linux.oracle.com/errata/ELSA-2015-1917.html
URL:linux.oracle.com/errata/ELSA-2015-1919.html
URL:linux.oracle.com/errata/ELSA-2015-1920.html
URL:linux.oracle.com/errata/ELSA-2015-1921.html
URL:linux.oracle.com/errata/ELSA-2015-1924.html
URL:linux.oracle.com/errata/ELSA-2015-1925.html
URL:www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
URL:www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
9. Security Updates in Red Hat Enterprise Linux (RHSA-2015:1923-1, RHSA-2015:1924-1, RHSA-2015:1925-1, RHSA-2015:1926-1, RHSA-2015:1927-1, RHSA-2015:1928-1)
[23/10/2015] Red Hat has released security update packages for fixing the vulnerabilities identified in the qemu-kvm-rhev, qemu-kvm, kvm, java-1.8.0-oracle, java-1.7.0-oracle and java-1.6.0-sun packages for Red Hat Enterprise Virtualization 3, Red Hat Enterprise Linux 5, 6 and 7. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:rhn.redhat.com/errata/RHSA-2015-1923.html
URL:rhn.redhat.com/errata/RHSA-2015-1924.html
URL:rhn.redhat.com/errata/RHSA-2015-1925.html
URL:rhn.redhat.com/errata/RHSA-2015-1926.html
URL:rhn.redhat.com/errata/RHSA-2015-1927.html
URL:rhn.redhat.com/errata/RHSA-2015-1928.html
10. Security Updates in Ubuntu GNU/Linux (USN-2770-2)
[23/10/2015] Ubuntu has released security update packages for fixing the vulnerabilities identified in the oxide-qt packages for versions 15.10 of Ubuntu GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:www.ubuntu.com/usn/usn-2770-2/
11. Security Updates in Oracle Products
[22/10/2015] Oracle has released security update packages for fixing the vulnerabilities identified in the Oracle Database Server, Mobile/Lite Server, Oracle Fusion Applications and Middleware, Oracle Enterprise Manager, Oracle E-Business Suite, Oracle Supply Chain Products Suite, Oracle PeopleSoft Products, Oracle Siebel, Oracle Industry Applications, Oracle Communications Applications, Oracle Retail Applications, Oracle Health Sciences Applications, Oracle Java SE, Oracle and Sun Systems Products, Pillar Axiom, Oracle Linux and Virtualization, Oracle MySQL and Support Tools. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system. Security patches are available to resolve these vulnerabilities.
URL:www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
URL:blogs.oracle.com/sunsecurity/entry/cve_2014_7185_integer_overflow
URL:www.hkcert.org/my_url/en/alert/15102201
URL:www.us-cert.gov/ncas/current-activity/2015/10/20/Oracle-Releases-Security-Bulletin
12. Vulnerabilities in Apple Products (HT205317, HT205370, HT205372, HT205375, HT205376, HT205377, HT205378, HT205379)
[22/10/2015] Vulnerabilities were identified in the Apple Mac EFI, iOS, iTunes, OS X El Capitan, OS X Server, Safari, watchOS and Xcode. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:support.apple.com/en-hk/HT205317
URL:support.apple.com/en-hk/HT205370
URL:support.apple.com/en-hk/HT205372
URL:support.apple.com/en-hk/HT205375
URL:support.apple.com/en-hk/HT205376
URL:support.apple.com/en-hk/HT205377
URL:support.apple.com/en-hk/HT205378
URL:support.apple.com/en-hk/HT205379
URL:www.hkcert.org/my_url/en/alert/15102202
URL:www.us-cert.gov/ncas/current-activity/2015/10/21/Apple-Releases-Multiple-Security-Updates
13. Vulnerabilities in Cisco Products (cisco-sa-20151021-asa-dhcp1, cisco-sa-20151021-asa-dns1, cisco-sa-20151021-asa-dns2, cisco-sa-20151021-asa-ike, cisco-sa-20151021-ntp)
[22/10/2015] Vulnerabilities were identified in multiple Cisco products. An attacker could bypass security restrictions, gain elevated privileges, cause a denial of service condition and crash the system. These vulnerabilities affect multiple firmware versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151021-asa-dhcp1
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151021-asa-dns1
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151021-asa-dns2
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151021-asa-ike
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151021-ntp
URL:www.us-cert.gov/ncas/current-activity/2015/10/21/Cisco-Releases-Security-Updates
14. Vulnerabilities HP Products (VU#840844, VU#966927)
[22/10/2015] Vulnerabilities were identified in the HP Photosmart B210 printer, HP Client Autiomation and Radia Client Automation. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code on the system. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities identified in HP Client Autiomation and Radia Client Automation.
URL:www.kb.cert.org/vuls/id/840844
URL:www.kb.cert.org/vuls/id/966927
15. Vulnerabilities IBM HTTP Server (1969062)
[22/10/2015] Vulnerabilities were identified in the IBM HTTP Server bundled with IBM Domino. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the system. These vulnerabilities affect version 8.5.5.5 of IBM HTTP Server bundled in versions 9.0.0x and 9.0.1x of IBM Domino. Security patches are available to resolve these vulnerabilities.
URL:www.ibm.com/support/docview.wss?uid=swg21969062
16. Vulnerabilities in Virtual Machine Monitors (VU#935424)
[22/10/2015] Vulnerabilities were identified in the Virtual Machine Monitors. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges and execute arbitrary code. These vulnerabilities affect multiple versions of the mentioned products.
URL:www.kb.cert.org/vuls/id/935424
17. Vulnerabilities in Medicomp MEDCIN Engine (VU#675052)
[22/10/2015] Vulnerabilities were identified in the Medicomp MEDCIN Engine. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the system. These vulnerabilities affect versions prior to 2.22.20153.226 of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:www.kb.cert.org/vuls/id/675052
18. Vulnerabilities in Huawei products (Huawei-SA-20151021-01-USG, Huawei-SA-20151021-01-Routers)
[22/10/2015] Vulnerabilities were identified in multiple Huawei products. An attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and crash the system. These vulnerabilities affect multiple firmware versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:www.huawei.com/en/security/psirt/security-bulletins/security-advisories/archive/hw-457916.htm
URL:www.huawei.com/en/security/psirt/security-bulletins/security-advisories/archive/hw-457933.htm
19. Security Updates in Debian (DSA-3375-1, DSA-3376-1)
[22/10/2015] Debian has released security update packages for fixing the vulnerabilities identified in the wordpress and chromium-browser packages for multiple versions of Debian GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:www.debian.org/security/2015/dsa-3375
URL:www.debian.org/security/2015/dsa-3376
20. Security Updates in SUSE (SUSE-SU-2015:1782-1, SUSE-SU-2015:1785-1)
[22/10/2015] SUSE has released security update packages for fixing the vulnerabilities identified in the qemu and librsvg packages of SUSE Linux Enterprise 11 and 12. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:lists.opensuse.org/opensuse-security-announce/2015-10/msg00019.html
URL:lists.opensuse.org/opensuse-security-announce/2015-10/msg00020.html
21. Security Updates in Red Hat Enterprise Linux (RHSA-2015:1917-1, RHSA-2015:1918-1, RHSA-2015:1919-1, RHSA-2015:1920-1, RHSA-2015:1921-1)
[22/10/2015] Red Hat has released security update packages for fixing the vulnerabilities identified in the libwmf, swiftonfile, java-1.8.0-openjdk and java-1.7.0-openjdk packages for Red Hat Enterprise Linux 5, 6 and 7, and Red Hat Gluster Storage 3.1 for Red Hat Enterprise Linux 6 and 7. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:rhn.redhat.com/errata/RHSA-2015-1917.html
URL:rhn.redhat.com/errata/RHSA-2015-1918.html
URL:rhn.redhat.com/errata/RHSA-2015-1919.html
URL:rhn.redhat.com/errata/RHSA-2015-1920.html
URL:rhn.redhat.com/errata/RHSA-2015-1921.html
22. Security Updates in Ubuntu GNU/Linux (USN-2770-1, USN-2773-1, USN-2774-1, USN-2775-1, USN-2776-1, USN-2777-1, USN-2778-1, USN-2779-1, USN-2780-1)
[22/10/2015] Ubuntu has released security update packages for fixing the vulnerabilities identified in the oxide-qt, linux, linux-ti-omap4, linux-lts-trusty, linux-lts-utopic, linux-lts-vivid and miniupnpc packages for versions 12.04 LTS, 14.04 LTS and 15.04 of Ubuntu GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:www.ubuntu.com/usn/usn-2770-1/
URL:www.ubuntu.com/usn/usn-2773-1/
URL:www.ubuntu.com/usn/usn-2774-1/
URL:www.ubuntu.com/usn/usn-2775-1/
URL:www.ubuntu.com/usn/usn-2776-1/
URL:www.ubuntu.com/usn/usn-2777-1/
URL:www.ubuntu.com/usn/usn-2778-1/
URL:www.ubuntu.com/usn/usn-2779-1/
URL:www.ubuntu.com/usn/usn-2780-1/
23. Information Updates on Microsoft Security Advisory (2755801)
[20/10/2015] Microsoft has updated information on the Security Advisory for Adobe Flash Player in Internet Explorer on all supported editions of Windows. KB2755801 added the 3105216 update to the Current Update section.
URL:technet.microsoft.com/library/security/2755801.aspx
24. Vulnerabilities in Cisco Products (cisco-sa-20151016-asrcdma, cisco-sa-20151016-fmc)
[20/10/2015] Vulnerabilities were identified in the Cisco ASR 5000 CDMA PMIpv6 and Cisco FireSIGHT Management Center Policy Code for VMware. An attacker could bypass security restrictions, gain elevated privileges, cause a denial of service condition and crash the system. These vulnerabilities affect multiple firmware versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151016-asrcdma
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151016-fmc
25. Vulnerabilities in HP ArcSight Logger (VU#842252)
[20/10/2015] Vulnerabilities were identified in the HP ArcSight Logger. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system. These vulnerabilities affect versions prior to v6.0 P2 of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:www.kb.cert.org/vuls/id/842252
26. Vulnerabilities in F5 Products (SOL17458, SOL17460, SOL17462)
[20/10/2015] Vulnerabilities were identified in the F5 BIG-IP LTM, BIG-IP AAM, BIG-IP AFM, BIG-IP Analytics, BIG-IP APM, BIG-IP ASM, BIG-IP DNS, BIG-IP Edge Gateway, BIG-IP GTM, BIG-IP Link Controller, BIG-IP PEM, BIG-IP PSM, BIG-IP WebAccelerator, BIG-IP WOM, ARX, Enterprise Manager, BIG-IQ Cloud, BIG-IQ Device, BIG-IQ Security and BIG-IQ ADC. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the system. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:support.f5.com/kb/en-us/solutions/public/17000/400/sol17458.html
URL:support.f5.com/kb/en-us/solutions/public/17000/400/sol17460.html
URL:support.f5.com/kb/en-us/solutions/public/17000/400/sol17462.html
27. Security Updates in Debian (DSA-3374-1)
[20/10/2015] Debian has released security update packages for fixing the vulnerabilities identified in the postgresql-9.4 packages for multiple versions of Debian GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and crash the system.
URL:www.debian.org/security/2015/dsa-3374
28. Security Updates in SUSE (openSUSE-SU-2015:1781-1)
[20/10/2015] SUSE has released security update packages for fixing the vulnerabilities identified in the flash-player packages of openSUSE Evergreen 11.4. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:lists.opensuse.org/opensuse-security-announce/2015-10/msg00018.html
29. Vulnerabilities in Adobe Flash Player (APSB15-27)
[19/10/2015] Vulnerabilities were identified in the Adobe Flash Player. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system. These vulnerabilities affect multiple versions of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:helpx.adobe.com/security/products/flash-player/apsb15-27.html
URL:www.us-cert.gov/ncas/current-activity/2015/10/16/Adobe-Releases-Security-Updates-Flash-Player
30. Vulnerability in Cisco Wireless LAN Controller (cisco-sa-20151016-wlc)
[19/10/2015] Vulnerability was identified in the Cisco Wireless LAN Controller. An attacker could bypass security restrictions and cause a denial of service condition. This vulnerability affects firmware version 8.0(120) of the mentioned product. Security patches are available to resolve this vulnerability.
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151016-wlc
31. Vulnerabilities in F5 Products (SOL17443, SOL17444, SOL17447, SOL17448)
[19/10/2015] Vulnerabilities were identified in the F5 BIG-IP LTM, BIG-IP AAM, BIG-IP AFM, BIG-IP Analytics, BIG-IP APM, BIG-IP ASM, BIG-IP DNS, BIG-IP Edge Gateway, BIG-IP GTM, BIG-IP Link Controller, BIG-IP PEM, BIG-IP PSM, BIG-IP WebAccelerator, BIG-IP WOM, ARX, Enterprise Manager, BIG-IQ Cloud, BIG-IQ Device, BIG-IQ Security and BIG-IQ ADC. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the system. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:support.f5.com/kb/en-us/solutions/public/17000/400/sol17443.html
URL:support.f5.com/kb/en-us/solutions/public/17000/400/sol17444.html
URL:support.f5.com/kb/en-us/solutions/public/17000/400/sol17447.html
URL:support.f5.com/kb/en-us/solutions/public/17000/400/sol17448.html
32. Vulnerabilities in Long Term Evolution (LTE) Mobile Networks (VU#943167)
[19/10/2015] Vulnerabilities were identified in the Long Term Evolution (LTE) mobile networks. An attacker could bypass security restrictions, obtain sensitive information, silently place phone calls without the user's knowledge. These vulnerabilities affects ALL Android versions of the mentioned products.
URL:www.kb.cert.org/vuls/id/943167
33. Vulnerability in Twilio module for Drupal (DRUPAL-SA-CONTRIB-2015-157)
[19/10/2015] Vulnerability was identified in the Twilio module for Drupal. An attacker could bypass security restrictions. This vulnerability affects versions prior to 7.x-1.11 of the mentioned product. Security patches are available to resolve this vulnerability.
URL:www.drupal.org/node/2592901
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107180
34. Security Updates in Oracle Linux (ELSA-2015-3087)
[19/10/2015] Oracle has released security update packages for fixing the vulnerability identified in the lxc packages for Oracle Linux 6 and 7. An attacker could bypass security restrictions and cause a denial of service condition.
URL:linux.oracle.com/errata/ELSA-2015-3087.html
35. Security Updates in Debian (DSA-3373-1)
[19/10/2015] Debian has released security update packages for fixing the vulnerabilities identified in the ownCloud packages for multiple versions of Debian GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the system.
URL:www.debian.org/security/2015/dsa-3373
36. Security Updates in Gentoo Linux (GLSA 201510-01)
[19/10/2015] Gentoo has released security update packages for fixing the vulnerabilities identified in the BIND packages for multiple versions of Gentoo Linux. Due to multiple errors, an attacker could bypass security restrictions, execute arbitrary code, cause a denial of service condition and crash the system.
URL:security.gentoo.org/glsa/201510-01
37. Security Updates in Mageia (MGASA-2015-0401, MGASA-2015-0402, MGASA-2015-0403, MGASA-2015-0404)
[19/10/2015] Mageia has released security update packages for fixing the vulnerabilities identified in the cyrus-imapd, 389-ds-base, wireshark and flash-player-plugin packages for multiple versions of Mageia. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:advisories.mageia.org/MGASA-2015-0401.html
URL:advisories.mageia.org/MGASA-2015-0402.html
URL:advisories.mageia.org/MGASA-2015-0403.html
URL:advisories.mageia.org/MGASA-2015-0404.html
38. Security Updates in Red Hat Enterprise Linux (RHSA-2015:1913-1)
[19/10/2015] Red Hat has released security update packages for fixing the vulnerabilities identified in the Adobe Flash Player packages for Red Hat Enterprise Linux 6. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:rhn.redhat.com/errata/RHSA-2015-1913.html
39. Security Updates in SUSE (openSUSE-SU-2015:1768-1, SUSE-SU-2015:1770-1, SUSE-SU-2015:1771-1)
[19/10/2015] SUSE has released security update packages for fixing the vulnerabilities identified in the flash-player packages of openSUSE 13.1 and 13.2, SUSE Linux Enterprise 11 and 12. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:lists.opensuse.org/opensuse-security-announce/2015-10/msg00015.html
URL:lists.opensuse.org/opensuse-security-announce/2015-10/msg00016.html
URL:lists.opensuse.org/opensuse-security-announce/2015-10/msg00017.html
40. Security Updates in Ubuntu GNU/Linux (USN-2768-1, USN-2772-1)
[19/10/2015] Ubuntu has released security update packages for fixing the vulnerabilities identified in the firefox, postgresql-9.1, postgresql-9.3 and postgresql-9.4 packages for versions 12.04 LTS, 14.04 LTS and 15.04 of Ubuntu GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the system.
URL:www.ubuntu.com/usn/usn-2768-1/
URL:www.ubuntu.com/usn/usn-2772-1/
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment