1. Information
Updates on Microsoft Security Bulletin (3096441,
3096447)
[30/10/2015]
Microsoft has updated information on the
Security Bulletins for Microsoft Internet Explorer and Microsoft Windows. (a)
MS15-106 was revised to announce the release of a new Windows 10 cumulative
update (3105210) to address an additional vulnerability, CVE-2015-6045, which
has been added to this bulletin. Only customers running Windows 10 systems need
to install this new update. Earlier operating systems are either not affected or
have received the fix in the original updates of October 13, 2015. (b) MS15-111
was revised to announce a detection change in the 3088195 update for all
supported editions of Windows 7, Windows Server 2008 R2, Windows 8, Windows
Server 2012, Windows RT, Windows 8.1, Windows Server 2012 R2, and Windows RT
8.1. The detection change temporarily blocks deployment of the 3088195 update to
systems running a specific version of USB Blocker software that is incompatible
with the
update.
URL:technet.microsoft.com/en-us/library/security/MS15-106
URL:technet.microsoft.com/en-us/library/security/MS15-111
2. Vulnerabilities in Apache
OpenOffice
[30/10/2015]
Vulnerabilities were identified in the Apache
OpenOffice. An attacker could bypass security restrictions, execute arbitrary
code, cause a denial of service condition and crash the system. These
vulnerabilities affect versions prior to 4.1.2 of the mentioned product.
Security patches are available to resolve these
vulnerabilities.
URL:www.openoffice.org/security/cves/CVE-2015-1774.html
URL:blogs.apache.org/OOo/entry/announcing_apache_openoffice_4_11
3. Vulnerabilities in Cisco FireSIGHT Management Center
(cisco-sa-20151029-fsmc1, cisco-sa-20151029-fsmc2)
[30/10/2015] Vulnerabilities were identified in the Cisco FireSIGHT
Management Center (MC). An attacker could bypass security restrictions, execute
arbitrary code, perform code injection and cross-site scripting attacks. These
vulnerabilities affect multiple firmware versions of the mentioned products.
Security patches are available to resolve these
vulnerabilities.
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151029-fsmc1
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151029-fsmc2
4. Vulnerability in Huawei P8 Phones
(Huawei-SA-20151029-01-UE)
[30/10/2015] Vulnerability was identified in the Huawei P8 Phones. An
attacker could bypass security restrictions and obtain sensitive information.
This vulnerability affects multiple firmware versions of the mentioned product.
Security patches are available to resolve this
vulnerability.
URL:www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-459832.htm
5. Vulnerabilities in Qolsys IQ Panel
(VU#573848)
[30/10/2015] Vulnerabilities were identified in the Qolsys IQ Panel. An
attacker could bypass security restrictions, gain elevated privileges, execute
arbitrary code, cause a denial of service condition and compromise the system.
These vulnerabilities affect multiple firmware versions of the mentioned
product.
URL:www.kb.cert.org/vuls/id/573848
6. Vulnerabilities in Xen (XSA-145, XSA-146, XSA-147, XSA-148,
XSA-149, XSA-150, XSA-151, XSA-152, XSA-153)
[30/10/2015] Vulnerabilities were identified in the Xen. An attacker could
bypass security restrictions, gain elevated privileges, execute arbitrary code,
cause a denial of service condition and crash the system. These vulnerabilities
affect multiple versions of the mentioned product. Security patches are
available to resolve these
vulnerabilities.
URL:xenbits.xen.org/xsa/advisory-145.html
URL:xenbits.xen.org/xsa/advisory-146.html
URL:xenbits.xen.org/xsa/advisory-147.html
URL:xenbits.xen.org/xsa/advisory-148.html
URL:xenbits.xen.org/xsa/advisory-149.html
URL:xenbits.xen.org/xsa/advisory-150.html
URL:xenbits.xen.org/xsa/advisory-151.html
URL:xenbits.xen.org/xsa/advisory-152.html
URL:xenbits.xen.org/xsa/advisory-153.html
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107664
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107665
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107666
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107667
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107668
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107669
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107670
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107674
7. Security Updates in Debian (DSA-3382-1,
DSA-3383-1)
[30/10/2015] Debian has
released security update packages for fixing the vulnerabilities identified in
the phpmyadmin and wordpress packages for multiple versions of Debian GNU/Linux.
Due to multiple errors, an attacker could bypass security restrictions, obtain
sensitive information, gain elevated privileges, execute arbitrary code, cause a
denial of service condition and compromise the
system.
URL:www.debian.org/security/2015/dsa-3382
URL:www.debian.org/security/2015/dsa-3383
8. Security Updates in Slackware (SSA:2015-302-01,
SSA:2015-302-02, SSA:2015-302-03)
[30/10/2015] Slackware
has released security update packages for fixing the vulnerabilities identified
in the curl, jasper and ntp packages for multiple versions of Slackware Linux.
Due to multiple errors, an attacker could bypass security restrictions, obtain
sensitive information, gain elevated privileges, execute arbitrary code, cause a
denial of service condition and compromise the
system.
URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.513154
URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.538606
URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.581166
9. Security Updates in Ubuntu GNU/Linux
(USN-2788-1)
[30/10/2015] Ubuntu has
released security update packages for fixing the vulnerabilities identified in
the unzip packages for versions 12.04 LTS, 14.04 LTS, 15.04 and 15.10 of Ubuntu
GNU/Linux. Due to multiple errors, an attacker could bypass security
restrictions, execute arbitrary code, cause a denial of service condition and
crash the
system.
URL:www.ubuntu.com/usn/usn-2788-1/
10. Vulnerabilities in Cisco Products
(cisco-sa-20151027-ucd, cisco-sa-20151028-asr,
cisco-sa-20151028-psc)
[29/10/2015] Vulnerabilities were identified in the Cisco Unified
Communications Domain Manager, Cisco ASR 5500 System Architecture Evolution
(SAE) Gateway and Cisco Prime Service Catalog. An attacker could bypass security
restrictions, obtain sensitive information, execute arbitrary code, cause a
denial of service condition and crash the system. These vulnerabilities affect
multiple firmware versions of the mentioned products. Security patches are
available to resolve these
vulnerabilities.
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151027-ucd
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151028-asr
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151028-psc
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107593
11.
Vulnerabilities in F5 Products (SOL17407,
SOL17461, SOL17475, SOL17494)
[29/10/2015] Vulnerabilities were identified in the F5 BIG-IP LTM, BIG-IP
AAM, BIG-IP AFM, BIG-IP Analytics, BIG-IP APM, BIG-IP ASM, BIG-IP DNS, BIG-IP
Edge Gateway, BIG-IP GTM, BIG-IP Link Controller, BIG-IP PEM, BIG-IP PSM, BIG-IP
WebAccelerator, BIG-IP WOM, ARX, Enterprise Manager, BIG-IQ Cloud, BIG-IQ
Device, BIG-IQ Security, BIG-IQ ADC and Traffix SDC. An attacker could bypass
security restrictions, obtain sensitive information, gain elevated privileges,
execute arbitrary code, cause a denial of service condition and compromise the
system. These vulnerabilities affect multiple versions of the mentioned
products. Security patches are available to resolve these
vulnerabilities.
URL:support.f5.com/kb/en-us/solutions/public/17000/400/sol17407.html
URL:support.f5.com/kb/en-us/solutions/public/17000/400/sol17461.html
URL:support.f5.com/kb/en-us/solutions/public/17000/400/sol17475.html
URL:support.f5.com/kb/en-us/solutions/public/17000/400/sol17494.html
12.
Vulnerabilities in Infinite Automation
Systems Mango Automation (ICSA-15-300-02)
[29/10/2015] Vulnerabilities were identified in the Infinite Automation
Systems Mango Automation. An attacker could bypass security restrictions, obtain
sensitive information, gain elevated privileges, execute arbitrary code, perform
code injection and cross-site scripting attacks. These vulnerabilities affect
multiple versions of the mentioned product. Security patches are available to
resolve these vulnerabilities all but two of the identified vulnerabilities - OS
Command Injection and Cross-site Request Forgery
vulnerabilities.
URL:ics-cert.us-cert.gov/advisories/ICSA-15-300-02
13.
Security Updates in Debian
(DSA-3381-1)
[29/10/2015] Debian has
released security update packages for fixing the vulnerabilities identified in
the openjdk-7 packages for multiple versions of Debian GNU/Linux. Due to
multiple errors, an attacker could bypass security restrictions, obtain
sensitive information, gain elevated privileges, execute arbitrary code, cause a
denial of service condition and crash the
system.
URL:www.debian.org/security/2015/dsa-3381
14.
Security Updates in Mageia
(MGASA-2015-0414, MGASA-2015-0415)
[29/10/2015] Mageia has
released security update packages for fixing the vulnerabilities identified in
the sqlite3, iceape, kmod-vboxadditions, kmod-virtualbox and virtualbox packages
for multiple versions of Mageia. Due to multiple errors, an attacker could
bypass security restrictions, obtain sensitive information, gain elevated
privileges, execute arbitrary code, cause a denial of service condition and
compromise the
system.
URL:advisories.mageia.org/MGASA-2015-0414.html
URL:advisories.mageia.org/MGASA-2015-0415.html
15.
Security Updates in Ubuntu GNU/Linux
(USN-2784-1, USN-2786-1, USN-2787-1)
[29/10/2015] Ubuntu has
released security update packages for fixing the vulnerabilities identified in
the openjdk-7, php5 and audiofile packages for versions 12.04 LTS, 14.04 LTS,
15.04 and 15.10 of Ubuntu GNU/Linux. Due to multiple errors, an attacker could
bypass security restrictions, obtain sensitive information, gain elevated
privileges, execute arbitrary code, cause a denial of service condition and
compromise the
system.
URL:www.ubuntu.com/usn/usn-2784-1/
URL:www.ubuntu.com/usn/usn-2786-1/
URL:www.ubuntu.com/usn/usn-2787-1/
16.
Vulnerability in Adobe Shockwave Player
(APSB15-26)
[28/10/2015] Vulnerability was identified in the Adobe Shockwave Player.
An attacker could bypass security restrictions, execute arbitrary code and
compromise the system. This vulnerability affects versions prior to 12.2.1.171
of the mentioned product. Security patches are available to resolve this
vulnerability.
URL:helpx.adobe.com/security/products/shockwave/apsb15-26.html
URL:www.us-cert.gov/ncas/current-activity/2015/10/27/Security-update-available-Adobe-Shockwave-Player
17.
Vulnerability in Cisco Adaptive Security
Appliance (cisco-sa-20151027-cas)
[28/10/2015] Vulnerability was identified in Cisco Adaptive Security
Appliance (ASA) CX Context-Aware Security. An attacker could bypass security
restrictions and obtain sensitive information. This vulnerability affects
firmware version 9.3(4.1.11) of the mentioned product. Security patches are
available to resolve this
vulnerability.
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151027-cas
18.
Vulnerabilities in HP ArcSight
SmartConnector (VU#350508)
[28/10/2015] Vulnerabilities were identified in the HP ArcSight
SmartConnector. An attacker could bypass security restrictions, obtain sensitive
information, gain elevated privileges and execute arbitrary code on the system.
These vulnerabilities affect multiple versions of the mentioned product.
Security patches are available to resolve these
vulnerabilities.
URL:www.kb.cert.org/vuls/id/350508
19.
Vulnerability in EPSON Network
Utility
[28/10/2015]
Vulnerability was identified in the EPSON
Network Utility. An attacker could bypass security restrictions, gain elevated
privileges and execute arbitrary code on the system. These vulnerabilities
affect multiple versions of the mentioned product. Security patches are
available to resolve these
vulnerabilities.
URL:www.epson.com/cgi-bin/Store/support/supAdvice.jsp?type=highlights¬eoid=288045
URL:www.kb.cert.org/vuls/id/672500
20.
Vulnerabilities in Rockwell Automation
Micrologix 1100 and 1400 PLC Systems (ICSA-15-300-03)
[28/10/2015] Vulnerabilities were identified in the Rockwell Automation
Micrologix 1100 and 1400 PLC Systems. An attacker could bypass security
restrictions, obtain sensitive information, gain elevated privileges, execute
arbitrary code, cause a denial of service condition and compromise the system.
These vulnerabilities affect multiple firmware versions of the mentioned
products. Security patches are available to resolve these
vulnerabilities.
URL:ics-cert.us-cert.gov/advisories/ICSA-15-300-03
21.
Vulnerability in Free Printables
articleFR (1075280)
[28/10/2015] Vulnerability was identified in the Free Printables
articleFR. An attacker could bypass security restrictions and execute arbitrary
code on the system. These vulnerabilities affect version 3.0.7 of the mentioned
product.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107528
22.
Vulnerabilities in
PHP
[28/10/2015] Vulnerabilities were identified in the PHP. An
attacker could bypass security restrictions and obtain sensitive information.
These vulnerabilities affect versions prior to 5.4.45-0+deb7u2 (wheezy) or
5.6.14+dfsg-1 (jessie) of the mentioned product. Security patches are available
to resolve these
vulnerabilities.
URL:php.net/ChangeLog-5.php#5.4.45
URL:php.net/ChangeLog-5.php#5.6.14
URL:www.hkcert.org/my_url/en/alert/15102801
23.
Security Updates in Oracle Linux
(ELSA-2015-1943)
[28/10/2015] Oracle has
released security update packages for fixing the vulnerability identified in the
qemu-kvm packages for Oracle Linux 7. An attacker could bypass security
restrictions, execute arbitrary code, cause a denial of service condition and
crash the
system.
URL:linux.oracle.com/errata/ELSA-2015-1943.html
24.
Security Updates in Debian
(DSA-3380-1)
[28/10/2015] Debian has
released security update packages for fixing the vulnerabilities identified in
the php5 packages for multiple versions of Debian GNU/Linux. Due to multiple
errors, an attacker could bypass security restrictions, obtain sensitive
information, execute arbitrary code, cause a denial of service condition and
crash the
system.
URL:www.debian.org/security/2015/dsa-3380
25.
Security Updates in FreeBSD
(FreeBSD-SA-15:25.ntp)
[28/10/2015] FreeBSD
has released security update packages for fixing the vulnerabilities identified
in the ntp packages for multiple versions of FreeBSD Linux. A an attacker could
bypass security restrictions, cause a denial of service condition and crash the
system.
URL:www.freebsd.org/security/advisories/FreeBSD-SA-15:25.ntp.asc
26.
Security Updates in Red Hat Enterprise
Linux (RHSA-2015:1943-1)
[28/10/2015] Red Hat
has released security update packages for fixing the vulnerability identified in
the qemu-kvm packages for Red Hat Enterprise Linux 7. An attacker could bypass
security restrictions, execute arbitrary code, cause a denial of service
condition and crash the
system.
URL:rhn.redhat.com/errata/RHSA-2015-1943.html
27.
Security Updates in SUSE
(SUSE-SU-2015:1818-1, openSUSE-SU-2015:1831-1)
[28/10/2015] SUSE has
released security update packages for fixing the vulnerabilities identified in
the php53 and haproxy packages of SUSE Linux Enterprise 11 and openSUSE 13.2.
Due to multiple errors, an attacker could bypass security restrictions, obtain
sensitive information, gain elevated privileges, execute arbitrary code, cause a
denial of service condition and crash the
system.
URL:lists.opensuse.org/opensuse-security-announce/2015-10/msg00022.html
URL:lists.opensuse.org/opensuse-security-announce/2015-10/msg00023.html
28.
Security Updates in Ubuntu GNU/Linux
(USN-2782-1, USN-2783-1)
[28/10/2015] Ubuntu has
released security update packages for fixing the vulnerabilities identified in
the apport and ntp packages for versions 12.04 LTS, 14.04 LTS, 15.04 and 15.10
of Ubuntu GNU/Linux. Due to multiple errors, an attacker could bypass security
restrictions, gain elevated privileges, execute arbitrary code, cause a denial
of service condition and compromise the
system.
URL:www.ubuntu.com/usn/usn-2782-1/
URL:www.ubuntu.com/usn/usn-2783-1/
29.
Vulnerabilities in Cisco Products
(cisco-sa-20151023-acs, cisco-sa-20151023-acs_rbac, cisco-sa-20151023-acs_rbac1,
cisco-sa-20151023-acs_xss, cisco-sa-20151023-acs_xss1,
cisco-sa-20151026-cube)
[27/10/2015] Vulnerabilities were identified in Cisco Secure Access
Control Server and Cisco Unified Border Element. An attacker could perform code
injection, bypass security restrictions, gain elevated privileges, perform
cross-site scripting attack and cause a denial of service condition. These
vulnerabilities affect multiple versions of the mentioned products. Security
patches are available to resolve these
vulnerabilities.
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151023-acs
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151023-acs_rbac
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151023-acs_rbac1
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151023-acs_xss
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151023-acs_xss1
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151026-cube
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107509
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107510
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107511
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107512
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107513
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107514
30.
Vulnerability in HP AssetManager
(c04863562)
[27/10/2015] Vulnerability was identified in the HP AssetManager. An
attacker could obtain sensitive information. This vulnerability affects versions
9.40, 9.41 and 9.50 of the mentioned product. Security patches are available to
resolve this
vulnerability.
URL:h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04863562
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107508
31.
Vulnerability in Google Picasa
(107515)
[27/10/2015]
Vulnerability was identified in the Google
Picasa. An attacker could overflow a buffer, execute arbitrary code and cause
the application to crash. This vulnerability affects versions 3.9.140 Build 239
and Build 248 and possibly other versions of the mentioned
product.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107515
32.
Vulnerability in Bamboo
(107494)
[27/10/2015]
Vulnerability was identified in the Bamboo. An
attacker could execute arbitrary code. This vulnerability affects multiple
versions of the mentioned product. Security patches are available to resolve
this
vulnerability.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107494
33.
Security Updates in Ubuntu GNU/Linux
(USN-2781-1)
[27/10/2015] Ubuntu has
released security update packages for fixing the vulnerability identified in the
mysql packages for versions 12.04 LTS, 14.04 LTS, 15.04 and 15.10 of Ubuntu
GNU/Linux. An attacker could obtain sensitive
information.
URL:www.ubuntu.com/usn/usn-2781-1/
34.
Security Updates in Oracle Linux
(ELSA-2015-1930)
[27/10/2015] Oracle has
released security update packages for fixing the vulnerability identified in the
ntp packages for Oracle Linux 6 and 7. An attacker could bypass security
restrictions, execute arbitrary code, cause a denial of service condition and
crash the
system.
URL:linux.oracle.com/errata/ELSA-2015-1930.html
35.
Security Updates in Red Hat Enterprise
Linux (RHSA-2015:1930-1)
[27/10/2015] Red Hat
has released security update packages for fixing the vulnerabilities identified
in the ntp packages for Red Hat Enterprise Linux 6 and 7. An attacker could
bypass security restrictions, execute arbitrary code, cause a denial of service
condition and crash the
system.
URL:rhn.redhat.com/errata/RHSA-2015-1930.html
36.
Vulnerabilities in Juniper Products
(JSA10711)
[26/10/2015]
Vulnerabilities were identified in multiple
Juniper product or platform running NTP.org's NTP daemon. An attacker could
bypass security restrictions, execute arbitrary code, cause a denial of service
condition and crash the system. These vulnerabilities affect multiple versions
of the mentioned
products.
URL:kb.juniper.net/index?page=content&id=JSA10711
37.
Vulnerabilities in TeamSpeak Client
(107457, 107458, 107459)
[26/10/2015] Vulnerabilities were identified in the TeamSpeak Client. An
attacker could bypass security restrictions, obtain sensitive information and
execute arbitrary code on the system. These vulnerabilities affect versions
prior to 3.0.18.2 hotfix of the mentioned product. Security patches are
available to resolve these
vulnerabilities.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107457
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107458
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107459
38.
Vulnerabilities in Lime Survey (107460,
107461, 107462, 107463)
[26/10/2015] Vulnerabilities were identified in the Lime Survey. An
attacker could bypass security restrictions, obtain sensitive information, gain
elevated privileges, execute arbitrary code, cause a denial of service condition
and compromise the system. These vulnerabilities affect versions prior to 2.06+
Build 150930 of the mentioned product. Security patches are available to resolve
these
vulnerabilities.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107460
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107461
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107462
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107463
39.
Vulnerabilities in
Joomla!
[26/10/2015]
Vulnerabilities were identified in the Joomla!.
An attacker could bypass security restrictions, obtain sensitive information,
gain elevated privileges, execute arbitrary code, cause a denial of service
condition and compromise the system. These vulnerabilities affect versions prior
to 3.4.5 of the mentioned product. Security patches are available to resolve
these
vulnerabilities.
URL:www.joomla.org/announcements/release-news/5634-joomla-3-4-5-released.html
URL:www.us-cert.gov/ncas/current-activity/2015/10/23/Joomla-Releases-Security-Update-CMS
40.
Security Updates in Debian (DSA-3377-1,
DSA-3378-1, DSA-3379-1)
[26/10/2015] Debian has
released security update packages for fixing the vulnerabilities identified in
the mysql-5.5, gdk-pixbuf and miniupnpc packages for multiple versions of Debian
GNU/Linux. Due to multiple errors, an attacker could bypass security
restrictions, obtain sensitive information, gain elevated privileges, execute
arbitrary code, cause a denial of service condition and compromise the
system.
URL:www.debian.org/security/2015/dsa-3377
URL:www.debian.org/security/2015/dsa-3378
URL:www.debian.org/security/2015/dsa-3379
41.
Security Updates in Mageia
(MGASA-2015-0405, MGASA-2015-0406, MGASA-2015-0407, MGASA-2015-0408,
MGASA-2015-0409, MGASA-2015-0410, MGASA-2015-0411, MGASA-2015-0412,
MGASA-2015-0413)
[26/10/2015] Mageia has
released security update packages for fixing the vulnerabilities identified in
the dbus, fuseiso, ldetect-lst, kmod-nvidia304, nvidia304, kmod-nvidia340,
nvidia340, kmod-nvidia-current, nvidia-current, audiofile, rsync,
chromium-browser-stable, lxdm, java-1.8.0-openjdk and ntp packages for multiple
versions of Mageia. Due to multiple errors, an attacker could bypass security
restrictions, obtain sensitive information, gain elevated privileges, execute
arbitrary code, cause a denial of service condition and compromise the
system.
URL:advisories.mageia.org/MGASA-2015-0405.html
URL:advisories.mageia.org/MGASA-2015-0406.html
URL:advisories.mageia.org/MGASA-2015-0407.html
URL:advisories.mageia.org/MGASA-2015-0408.html
URL:advisories.mageia.org/MGASA-2015-0409.html
URL:advisories.mageia.org/MGASA-2015-0410.html
URL:advisories.mageia.org/MGASA-2015-0411.html
URL:advisories.mageia.org/MGASA-2015-0412.html
URL:advisories.mageia.org/MGASA-2015-0413.html
42.
Security Updates in NetBSD
(SA2015-009)
[26/10/2015] NetBSD has
released security update packages for fixing the vulnerabilities identified in
the kernel packages for multiple versions of NetBSD GNU/Linux. Due to multiple
errors, an attacker could bypass security restrictions, execute arbitrary code,
cause a denial of service condition and crash the
system.
URL:ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2015-009.txt.asc
43.
Security Updates in SUSE
(openSUSE-SU-2015:1817-1)
[26/10/2015] SUSE has
released security update packages for fixing the vulnerability identified in the
MozillaFirefox packages of openSUSE 13.1 and 13.2. An attacker could bypass
security
restrictions.
URL:lists.opensuse.org/opensuse-security-announce/2015-10/msg00021.html
44.
Security Updates in Ubuntu GNU/Linux
(USN-2780-2)
[26/10/2015] Ubuntu has
released security update packages for fixing the vulnerability identified in the
miniupnpc packages for versions 15.10 of Ubuntu GNU/Linux. An attacker could
bypass security restrictions, execute arbitrary code, cause a denial of service
condition and crash the
system.
URL:www.ubuntu.com/usn/usn-2780-2/
No comments:
Post a Comment