1. Information
Updates on Microsoft Security Bulletins (3089656,
3089664)
[02/10/2015]
Microsoft has updated information on the
Security Bulletins for Microsoft Windows, Microsoft Office and Microsoft Lync.
(a) MS15-097 was revised to announce the availability of an update package for
Skype for Business 2016. Customers running Skype for Business 2016 should apply
the 2910994 update to be protected from the vulnerabilities discussed in this
bulletin. (b) MS15-099 was revised to announce the availability of an update
package for Microsoft Office 2016. Customers running Microsoft Office 2016
should apply the 2910993 update to be protected from the vulnerabilities
discussed in this
bulletin.
URL:technet.microsoft.com/en-us/library/security/MS15-097
URL:technet.microsoft.com/en-us/library/security/MS15-099
2. Vulnerabilities in Apple Products (HT205265, HT205267,
HT205284)
[02/10/2015]
Vulnerabilities were identified in the Apple
Safari, OS X El Capitan and iOS. An attacker could bypass security restrictions,
obtain sensitive information, gain elevated privileges, execute arbitrary code,
cause a denial of service condition and compromise the system. These
vulnerabilities affect multiple versions of the mentioned products. Security
patches are available to resolve these
vulnerabilities.
URL:support.apple.com/en-us/HT205265
URL:support.apple.com/en-us/HT205267
URL:support.apple.com/en-us/HT205284
URL:www.us-cert.gov/ncas/current-activity/2015/09/30/Apple-Releases-Security-Updates-OS-X-El-Capitan-Safari-and-iOS
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106791
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106792
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106793
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106794
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106795
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106796
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106797
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106798
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106799
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106800
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106801
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106802
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106803
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106804
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106805
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106806
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106807
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106808
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106809
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106810
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106820
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106821
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106822
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106823
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106824
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106825
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106826
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106827
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106828
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106829
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106830
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106831
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106832
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106833
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106834
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106835
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106836
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106837
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106838
3. Vulnerabilities in Novell Products (5222811, 5215470,
5223930, 5222810, 5222950, 5222970)
[02/10/2015] Vulnerabilities were identified in the Novell Identity
Manager, NetIQ eDirectory, iPrint Appliance and iManager. An attacker could
bypass security restrictions, obtain sensitive information, gain elevated
privileges, execute arbitrary code, cause a denial of service condition and
compromise the system. These vulnerabilities affect multiple versions of the
mentioned products. Security patches are available to resolve these
vulnerabilities.
URL:download.novell.com/Download?buildid=_Aqx7f-FORM~
URL:download.novell.com/Download?buildid=9bLbzxnAzfg~
URL:download.novell.com/Download?buildid=DABS0AbzYyk~
URL:download.novell.com/Download?buildid=gqgOZsM7Rsk~
URL:download.novell.com/Download?buildid=H1x1cmkx6bY~
URL:download.novell.com/Download?buildid=TcmKoExKmdI~
4. Vulnerability in Symantec NetBackup OpsCenter Server
(SYM15-010)
[02/10/2015] Vulnerability was identified in the Symantec NetBackup
OpsCenter Server. An attacker could bypass security restrictions, execute
arbitrary code and perform cross-site scripting attacks. This vulnerability
affects versions prior to 7.7.1 of the mentioned product. Security patches are
available to resolve this
vulnerability.
URL:www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2015&suid=20151001_00
5. Vulnerabilities in Huawei Products
(Huawei-SA-20150930-01-Routers, HW-455869, HW-456258)
[02/10/2015] Vulnerabilities were identified in multiple Huawei products.
An attacker could bypass security restrictions, obtain sensitive information,
gain elevated privileges, execute arbitrary code, cause a denial of service
condition and compromise the system. These vulnerabilities affect multiple
versions of the mentioned products. Security patches are available to resolve
these
vulnerabilities.
URL:www.huawei.com/en/security/psirt/security-bulletins/security-advisories/archive/hw-455876.htm
URL:www.huawei.com/en/security/psirt/security-bulletins/security-notices/archive/hw-455869.htm
URL:www.huawei.com/en/security/psirt/security-bulletins/security-notices/archive/hw-456258.htm
6. Vulnerabilities in Kaspersky Products (106839, 106840,
106841, 106842, 106843, 106844)
[02/10/2015] Vulnerabilities were identified in multiple Kaspersky
Products. An attacker could bypass security restrictions and obtain sensitive
information. These vulnerabilities affect multiple versions of the mentioned
products. Security patches are available to resolve these
vulnerabilities.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106839
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106840
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106841
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106842
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106843
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106844
7. Vulnerability in VMware vCenter and ESXi
(VMSA-2015-0007)
[02/10/2015] Vulnerabilities were identified in the VMware vCenter and
ESXi. An attacker could bypass security restrictions, obtain sensitive
information, gain elevated privileges, execute arbitrary code, cause a denial of
service condition and compromise the system. These vulnerabilities affect
multiple versions of the mentioned products. Security patches are available to
resolve these
vulnerabilities.
URL:www.vmware.com/security/advisories/VMSA-2015-0007.html
URL:www.hkcert.org/my_url/en/alert/15100205
URL:www.us-cert.gov/ncas/current-activity/2015/10/01/VMware-Releases-Security-Advisory
8. Vulnerability in Datalex airline booking software
(VU#693036)
[02/10/2015] Vulnerability was identified in the Datalex airline booking
software. An attacker could bypass security restrictions, obtain sensitive
information and execute arbitrary code. This vulnerability affects multiple
versions of the mentioned product. Security patches are available to resolve
this
vulnerability.
URL:www.kb.cert.org/vuls/id/693036
9. Vulnerabilities in Omron Products
(ICSA-15-274-01)
[02/10/2015] Vulnerabilities were identified in multiple Omron Products.
An attacker could bypass security restrictions, obtain sensitive information,
gain elevated privileges, execute arbitrary code, cause a denial of service
condition and compromise the system. These vulnerabilities affect multiple
versions of the mentioned products. Security patches are available to resolve
these
vulnerabilities.
URL:ics-cert.us-cert.gov/advisories/ICSA-15-274-01
10.
Security Updates in Oracle Linux
(ELSA-2015-1852)
[02/10/2015] Oracle has
released security update packages for fixing the vulnerabilities identified in
the thunderbird packages for Oracle Linux 5, 6 and 7. Due to multiple errors, an
attacker could bypass security restrictions, obtain sensitive information, gain
elevated privileges, execute arbitrary code, cause a denial of service condition
and compromise the
system.
URL:linux.oracle.com/errata/ELSA-2015-1852.html
11.
Security Updates in Red Hat Enterprise
Linux (RHSA-2015:1844-1, RHSA-2015:1852-1,
RHSA-2015:1855-1)
[02/10/2015] Red Hat
has released security update packages for fixing the vulnerabilities identified
in the Red Hat OpenShift Enterprise, mod_proxy_fcgi and thunderbird packages for
Red Hat Enterprise Linux 5, 6, and 7. Due to multiple errors, an attacker could
bypass security restrictions, obtain sensitive information, gain elevated
privileges, execute arbitrary code, cause a denial of service condition and
compromise the
system.
URL:rhn.redhat.com/errata/RHSA-2015-1844.html
URL:rhn.redhat.com/errata/RHSA-2015-1852.html
URL:rhn.redhat.com/errata/RHSA-2015-1855.html
12.
Security Updates in Slackware
(SSA:2015-274-01, SSA:2015-274-02, SSA:2015-274-03)
[02/10/2015] Slackware has released security update packages for fixing
the vulnerabilities identified in the mozilla-thunderbird, php and seamonkey
packages for multiple versions of Slackware Linux. Due to multiple errors, an
attacker could bypass security restrictions, obtain sensitive information, gain
elevated privileges, execute arbitrary code, cause a denial of service condition
and compromise the
system.
URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.360174
URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.399477
URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.491293
13.
Security Updates in SUSE
(openSUSE-SU-2015:1658-1, SUSE-SU-2015:1663-1,
openSUSE-SU-2015:1667-1)
[02/10/2015] SUSE has
released security update packages for fixing the vulnerabilities identified in
the MozillaFirefox, haproxy and bind packages of openSUSE 13.1 and 13.2, SUSE
OpenStack Cloud Compute 5, SUSE Linux Enterprise High Availability 12 and
openSUSE Evergreen 11.4. Due to multiple errors, an attacker could bypass
security restrictions, obtain sensitive information, gain elevated privileges,
execute arbitrary code, cause a denial of service condition and compromise the
system.
URL:lists.opensuse.org/opensuse-security-announce/2015-10/msg00000.html
URL:lists.opensuse.org/opensuse-security-announce/2015-10/msg00001.html
URL:lists.opensuse.org/opensuse-security-announce/2015-10/msg00002.html
14.
Security Updates in Ubuntu GNU/Linux
(USN-2753-2, USN-2755-1, USN-2756-1, USN-2758-1, USN-2759-1,
USN-2760-1)
[02/10/2015] Ubuntu has
released security update packages for fixing the vulnerabilities identified in
the lxc, cyrus-sasl2, rpcbind, php5, linux and linux-ti-omap4 packages for
versions 12.04 LTS, 14.04 LTS and 15.04 of Ubuntu GNU/Linux. Due to multiple
errors, an attacker could bypass security restrictions, obtain sensitive
information, gain elevated privileges, execute arbitrary code, cause a denial of
service condition and compromise the
system.
URL:www.ubuntu.com/usn/usn-2753-2/
URL:www.ubuntu.com/usn/usn-2755-1/
URL:www.ubuntu.com/usn/usn-2756-1/
URL:www.ubuntu.com/usn/usn-2758-1/
URL:www.ubuntu.com/usn/usn-2759-1/
URL:www.ubuntu.com/usn/usn-2760-1/
15.
Vulnerabilities in F5 Products (SOL17331,
SOL17335)
[30/09/2015]
Vulnerabilities were identified in the F5 BIG-IP
LTM, BIG-IP AAM, BIG-IP AFM, BIG-IP Analytics, BIG-IP APM, BIG-IP ASM, BIG-IP
DNS, BIG-IP Edge Gateway, BIG-IP GTM, BIG-IP Link Controller, BIG-IP PEM, BIG-IP
PSM, BIG-IP WebAccelerator, BIG-IP WOM, ARX, Enterprise Manager, BIG-IQ Cloud,
BIG-IQ Device, BIG-IQ Security, BIG-IQ ADC and Traffix SDC. An attacker could
bypass security restrictions, execute arbitrary code, cause a denial of service
condition and crash the system. These vulnerabilities affect multiple versions
of the mentioned products. Security patches are available to resolve these
vulnerabilities.
URL:support.f5.com/kb/en-us/solutions/public/17000/300/sol17331.html
URL:support.f5.com/kb/en-us/solutions/public/17000/300/sol17335.html
16.
Vulnerability in Huawei Enterprise Proxy
Servers (HW-455619)
[30/09/2015] Vulnerability was identified in the Huawei Enterprise Proxy
Servers. An attacker could bypass security restrictions, execute arbitrary code
and perform SQL injection attacks. This vulnerability affects version V400R001
of the mentioned
product.
URL:www.huawei.com/en/security/psirt/security-bulletins/security-notices/archive/hw-455619.htm
17.
Vulnerabilities in EMC Products (106716,
106717, 106720)
[30/09/2015] Vulnerabilities were identified in the EMC RSA Web Threat
Detection and EMC RSA OneStep. An attacker could bypass security restrictions,
obtain sensitive information, gain elevated privileges, execute arbitrary code
and compromise the system. These vulnerabilities affect multiple versions of the
mentioned products. Security patches are available to resolve these
vulnerabilities.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106716
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106717
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106720
18.
Vulnerability in Honeywell Experion PKS
software (ICSA-15-272-01)
[30/09/2015] Vulnerability was identified in the Honeywell Experion PKS
software. An attacker could bypass security restrictions, obtain sensitive
information, gain elevated privileges, execute arbitrary code and compromise the
system. This vulnerability affects versions 310.x and prior of the mentioned
product. Security patches are available to resolve this
vulnerability.
URL:ics-cert.us-cert.gov/advisories/ICSA-15-272-01
19.
Vulnerability in Kaseya Virtual System
Administrator (106664)
[30/09/2015] Vulnerability was identified in the Kaseya Virtual System
Administrator. An attacker could bypass security restrictions and execute
arbitrary code on the system. This vulnerability affects multiple versions of
the mentioned product. Security patches are available to resolve this
vulnerability.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106664
20.
Vulnerability in Mitsubishi Electric
MELSEC FX-Series Controllers (ICSA-15-146-01)
[30/09/2015] Vulnerability was identified in the Mitsubishi Electric
MELSEC FX-Series Controllers. An attacker could bypass security restrictions,
cause a denial of service condition and crash the system. This vulnerability
affects version FX3G Series of the mentioned product. Security patches are
available to resolve this
vulnerability.
URL:ics-cert.us-cert.gov/advisories/ICSA-15-146-01
21.
Vulnerability in Schneider Electric
InduSoft Web Studio (106704)
[30/09/2015] Vulnerability was identified in the Schneider Electric
InduSoft Web Studio. An attacker could bypass security restrictions and execute
arbitrary code on the system. This vulnerability affects version 7.1.3.4 of the
mentioned product. Security patches are available to resolve this
vulnerability.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106704
22.
Vulnerability in Vtiger CRM
(106711)
[30/09/2015]
Vulnerability was identified in the Vtiger CRM.
An attacker could bypass security restrictions and execute arbitrary code on the
system. This vulnerability affects version 6.3 of the mentioned
product.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106711
23.
Security Updates in Oracle Linux
(ELSA-2015-1840)
[30/09/2015] Oracle has
released security update packages for fixing the vulnerability identified in the
openldap packages for Oracle Linux 5, 6 and 7. An attacker could bypass security
restrictions, cause a denial of service condition and crash the
system.
URL:linux.oracle.com/errata/ELSA-2015-1840.html
24.
Security Updates in FreeBSD
(FreeBSD-SA-15:24.rpcbind)
[30/09/2015] FreeBSD
has released security update packages for fixing the vulnerability identified in
the rpcbind packages for multiple versions of FreeBSD Linux. A an attacker could
bypass security restrictions, cause a denial of service condition and crash the
system.
URL:www.freebsd.org/security/advisories/FreeBSD-SA-15:24.rpcbind.asc
25.
Security Updates in Red Hat Enterprise
Linux (RHSA-2015:1840-1, RHSA-2015:1841-1)
[30/09/2015] Red Hat
has released security update packages for fixing the vulnerabilities identified
in the openldap and chromium-browser packages for Red Hat Enterprise Linux 5, 6,
and 7. Due to multiple errors, an attacker could bypass security restrictions,
obtain sensitive information, gain elevated privileges, execute arbitrary code,
cause a denial of service condition and compromise the
system.
URL:rhn.redhat.com/errata/RHSA-2015-1840.html
URL:rhn.redhat.com/errata/RHSA-2015-1841.html
26.
Security Updates in Ubuntu GNU/Linux
(USN-2749-1, USN-2750-1, USN-2751-1, USN-2752-1,
USN-2753-1)
[30/09/2015] Ubuntu has
released security update packages for fixing the vulnerabilities identified in
the linux-lts-trusty, linux-lts-utopic, linux-lts-vivid, linux and lxc packages
for versions 12.04 LTS, 14.04 LTS and 15.04 of Ubuntu GNU/Linux. Due to multiple
errors, an attacker could bypass security restrictions, obtain sensitive
information, gain elevated privileges, execute arbitrary code, cause a denial of
service condition and compromise the
system.
URL:www.ubuntu.com/usn/usn-2749-1/
URL:www.ubuntu.com/usn/usn-2750-1/
URL:www.ubuntu.com/usn/usn-2751-1/
URL:www.ubuntu.com/usn/usn-2752-1/
URL:www.ubuntu.com/usn/usn-2753-1/
27.
Information Updates on Microsoft Security
Bulletins (3086251, 3089662)
[29/09/2015] Microsoft
has updated information on the Security Bulletins for Microsoft .NET Framework.
(a) MS15-092 added a footnote to the Affected Software table to inform customers
that Windows Server Technical Preview 2 is affected. Customers running this
operating system are encouraged to apply the update. (b) MS15-101 removed
Windows Server Technical Preview 3 from the Affected Software table footnote
because it is not affected by the vulnerabilities described in this security
bulletin.
URL:technet.microsoft.com/en-us/library/security/MS15-092
URL:technet.microsoft.com/en-us/library/security/MS15-101
28.
Vulnerability in Apache Struts
(S2-026)
[29/09/2015]
Vulnerability was identified in the Apache
Struts. An attacker could bypass security restrictions, obtain sensitive
information, gain elevated privileges, execute arbitrary code, cause a denial of
service condition and compromise the system. This vulnerability affects versions
2.0.0 and 2.3.24 of the mentioned product. Security patches are available to
resolve this
vulnerability.
URL:struts.apache.org/docs/s2-026.html
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106695
29.
Vulnerability in Cisco FirePOWER 7000
Series and Cisco FirePOWER 8000 Series devices
[29/09/2015] Vulnerability was identified in the Cisco FirePOWER 7000
Series and Cisco FirePOWER 8000 Series devices. An attacker could bypass
security restrictions, cause a denial of service condition and crash the system.
This vulnerability affects multiple firmware versions of the mentioned products.
Security patches are available to resolve this
vulnerability.
URL:tools.cisco.com/security/center/viewAlert.x?alertId=41131
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106683
30.
Vulnerabilities in Google
Chrome
[29/09/2015]
Vulnerabilities were identified in the Google
Chrome. An attacker could bypass security restrictions, obtain sensitive
information, gain elevated privileges, execute arbitrary code, cause a denial of
service condition and compromise the system. These vulnerabilities affect
versions prior to 45.0.2454.101 of the mentioned products. Security patches are
available to resolve these
vulnerabilities.
URL:googlechromereleases.blogspot.hk/2015/09/stable-channel-update_24.html
URL:www.us-cert.gov/ncas/current-activity/2015/09/25/Google-Release-Security-Update-Chrome-0
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106676
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106677
31.
Vulnerabilities in F5 Products (SOL17315,
SOL17321, SOL17326, SOL17327, SOL17330)
[29/09/2015] Vulnerabilities were identified in the F5 BIG-IP LTM, BIG-IP
AAM, BIG-IP AFM, BIG-IP Analytics, BIG-IP APM, BIG-IP ASM, BIG-IP DNS, BIG-IP
Edge Gateway, BIG-IP GTM, BIG-IP Link Controller, BIG-IP PEM, BIG-IP PSM, BIG-IP
WebAccelerator, BIG-IP WOM, ARX, Enterprise Manager, BIG-IQ Cloud, BIG-IQ
Device, BIG-IQ Security, BIG-IQ ADC and Traffix SDC. An attacker could bypass
security restrictions, obtain sensitive information, gain elevated privileges,
execute arbitrary code, cause a denial of service condition and compromise the
system. These vulnerabilities affect multiple versions of the mentioned
products. Security patches are available to resolve these
vulnerabilities.
URL:support.f5.com/kb/en-us/solutions/public/17000/300/sol17315.html
URL:support.f5.com/kb/en-us/solutions/public/17000/300/sol17321.html
URL:support.f5.com/kb/en-us/solutions/public/17000/300/sol17326.html
URL:support.f5.com/kb/en-us/solutions/public/17000/300/sol17327.html
URL:support.f5.com/kb/en-us/solutions/public/17000/300/sol17330.html
32.
Vulnerability in NVIDIA Graphics Driver
(106690)
[29/09/2015]
Vulnerability was identified in the NVIDIA
Graphics Driver. An attacker could bypass security restrictions, gain elevated
privileges, execute arbitrary code and compromise the system. This vulnerability
affects multiple version of the mentioned product. Security patches are
available to resolve this
vulnerability.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106690
33.
Vulnerabilities in EMC RSA Archer GRC
(106692, 106693, 106694)
[29/09/2015] Vulnerabilities were identified in the EMC RSA Archer GRC. An
attacker could bypass security restrictions, obtain sensitive information,
execute arbitrary code and perform cross-site scripting attacks. These
vulnerabilities affect multiple versions of the mentioned product. Security
patches are available to resolve these
vulnerabilities.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106692
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106693
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106694
34.
Vulnerability in Git for Windows
(106688)
[29/09/2015]
Vulnerability was identified in the Git for
Windows. An attacker could bypass security restrictions, execute arbitrary code,
cause a denial of service condition and crash the system. This vulnerability
affects version 1.9.5 of the mentioned
product.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106688
35.
Vulnerability in Junos Pulse Secure
Meeting (106689)
[29/09/2015] Vulnerability was identified in the Junos Pulse Secure
Meeting. An attacker could bypass security restrictions. This vulnerability
affects versions 8.0.5 of the mentioned product. Security patches are available
to resolve this
vulnerability.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106689
36.
Security Updates in Debian (DSA-3367-1,
DSA-3368-1)
[29/09/2015] Debian has
released security update packages for fixing the vulnerabilities identified in
the wireshark and cyrus-sasl2 packages for multiple versions of Debian
GNU/Linux. Due to multiple errors, an attacker could bypass security
restrictions, execute arbitrary code, cause a denial of service condition and
crash the
system.
URL:www.debian.org/security/2015/dsa-3367
URL:www.debian.org/security/2015/dsa-3368
37.
Security Updates in Gentoo Linux (GLSA
201509-07)
[29/09/2015]
Gentoo has released security update packages for
fixing the vulnerabilities identified in the adobe-flash packages for multiple
versions of Gentoo Linux. Due to multiple errors, an attacker could bypass
security restrictions, obtain sensitive information, gain elevated privileges,
execute arbitrary code, cause a denial of service condition and compromise the
system.
URL:security.gentoo.org/glsa/201509-07
38.
Security Updates in Mageia
(MGASA-2015-0383, MGASA-2015-0384, MGASA-2015-0385)
[29/09/2015] Mageia has released security update packages for fixing the
vulnerabilities identified in the rpcbind, unzip and pixman packages for
multiple versions of Mageia. Due to multiple errors, an attacker could bypass
security restrictions, obtain sensitive information, gain elevated privileges,
execute arbitrary code, cause a denial of service condition and crash the
system.
URL:advisories.mageia.org/MGASA-2015-0383.html
URL:advisories.mageia.org/MGASA-2015-0384.html
URL:advisories.mageia.org/MGASA-2015-0385.html
39.
Security Updates in SUSE
(openSUSE-SU-2015:1628-1, SUSE-SU-2015:1633-1,
SUSE-SU-2015:1643-1)
[29/09/2015] SUSE has
released security update packages for fixing the vulnerabilities identified in
the php5 and Xen packages of SUSE Linux Enterprise 10 and 12, openSUSE 13.1 and
13.2. Due to multiple errors, an attacker could bypass security restrictions,
obtain sensitive information, gain elevated privileges, execute arbitrary code,
cause a denial of service condition and compromise the
system.
URL:lists.opensuse.org/opensuse-security-announce/2015-09/msg00025.html
URL:lists.opensuse.org/opensuse-security-announce/2015-09/msg00026.html
URL:lists.opensuse.org/opensuse-security-announce/2015-09/msg00027.html
40.
Security Updates in Ubuntu GNU/Linux
(USN-2746-2, USN-2747-3, USN-2748-1)
[29/09/2015] Ubuntu has
released security update packages for fixing the vulnerabilities identified in
the simplestreams, jockey, nvidia-graphics-drivers-304,
nvidia-graphics-drivers-304-updates, nvidia-graphics-drivers-340,
nvidia-graphics-drivers-340-updates, nvidia-graphics-drivers-346,
nvidia-graphics-drivers-346-updates and linux packages for versions 12.04 LTS,
14.04 LTS and 15.04 of Ubuntu GNU/Linux. Due to multiple errors, an attacker
could bypass security restrictions, obtain sensitive information, gain elevated
privileges, execute arbitrary code, cause a denial of service condition and
compromise the
system.
URL:www.ubuntu.com/usn/usn-2746-2/
URL:www.ubuntu.com/usn/usn-2747-1/
URL:www.ubuntu.com/usn/usn-2748-1/
No comments:
Post a Comment