1. Vulnerabilities in Apache Products (109035,
109037)
[18/12/2015]
Vulnerabilities were identified in the Apache
Camel and Apache Subversion. An attacker could bypass security restrictions,
obtain sensitive information, execute arbitrary code, cause a denial of service
condition and crash the system.. These vulnerabilities affect multiple versions
of the mentioned products. Security patches are available to resolve these
vulnerabilities.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109035
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109037
2. Vulnerability in IBM Notes and Domino
(1971751)
[18/12/2015]
Vulnerability was identified in the IBM Notes
and Domino. An attacker could bypass security restrictions and execute arbitrary
code on the system. This vulnerability affects multiple versions of the
mentioned products. Security patches are available to resolve this
vulnerability.
URL:www.ibm.com/support/docview.wss?uid=swg21971751
3. Vulnerabilities in Cisco Products
(cisco-sa-20151217-fsm, cisco-sa-20151217-gateway,
cisco-sa-20151217-pnsc)
[18/12/2015] Vulnerabilities were identified in multiple Cisco products.
An attacker could bypass security restrictions, obtain sensitive information and
execute arbitrary code on the system. These vulnerabilities affect multiple
versions of the mentioned products. Security patches are available to resolve
these
vulnerabilities.
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151217-fsm
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151217-gateway
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151217-pnsc
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109039
4. Vulnerabilities in Novell Products (5225150,
5229994)
[18/12/2015]
Vulnerabilities were identified in the Novell
Identity Manager and Novell Messenger. An attacker could bypass security
restrictions, gain elevated privileges, execute arbitrary code, cause a denial
of service condition and crash the system. These vulnerabilities affect multiple
versions of the mentioned products. Security patches are available to resolve
these
vulnerabilities.
URL:download.novell.com/Download?buildid=iuNGCHxR7XI~
URL:download.novell.com/Download?buildid=JFXvL2H0KXI~
5. Vulnerabilities in Juniper ScreenOS (JSA10712,
JSA10713)
[18/12/2015]
Vulnerabilities were identified in the Juniper
ScreenOS. An attacker could bypass security restrictions, obtain sensitive
information, gain elevated privileges, execute arbitrary code, cause a denial of
service condition and compromise the system. These vulnerabilities affect
multiple versions of the mentioned products. Security patches are available to
resolve these
vulnerabilities.
URL:kb.juniper.net/index?page=content&id=JSA10712
URL:kb.juniper.net/index?page=content&id=JSA10713
URL:www.us-cert.gov/ncas/current-activity/2015/12/17/Juniper-Releases-Out-band-Security-Advisory-ScreenOS
6. Vulnerability in Drupal
(DRUPAL-SA-CONTRIB-2015-173)
[18/12/2015] Vulnerability was identified in the Select2 Field Widget
module for Drupal. An attacker could bypass security restrictions, obtain
sensitive information, execute arbitrary code and perform cross-site scripting
attacks. This vulnerability affects versions prior to 7.x-2.9 of the mentioned
product. Security patches are available to resolve this
vulnerability.
URL:www.drupal.org/node/2636352
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109021
7. Vulnerability in WinRAR
(109011)
[18/12/2015]
Vulnerability was identified in the WinRAR. An
attacker could bypass security restrictions, gain elevated privileges and
execute arbitrary code on the system. This vulnerability affects versions 5.30
beta 4 32 bit and 64 bit of the mentioned product. Security patches are
available to resolve this
vulnerability.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109011
8. Vulnerability in Zen Cart
(109027)
[18/12/2015]
Vulnerability was identified in the Zen Cart. An
attacker could bypass security restrictions, obtain sensitive information and
execute arbitrary code on the system. This vulnerability affects version 1.5.4
of the mentioned product. Security patches are available to resolve this
vulnerability.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109027
9. Security Updates in Debian (DSA-3421-1, DSA-3423-1,
DSA-3424-1, DSA-3425-1)
[18/12/2015] Debian has
released security update packages for fixing the vulnerabilities identified in
the grub2, cacti, subversion and tryton-server packages for multiple versions of
Debian GNU/Linux. Due to multiple errors, an attacker could bypass security
restrictions, obtain sensitive information, gain elevated privileges, execute
arbitrary code, cause a denial of service condition and compromise the
system.
URL:www.debian.org/security/2015/dsa-3421
URL:www.debian.org/security/2015/dsa-3423
URL:www.debian.org/security/2015/dsa-3424
URL:www.debian.org/security/2015/dsa-3425
10.
Security Updates in SUSE
(openSUSE-SU-2015:2290-1, openSUSE-SU-2015:2291-1,
SUSE-SU-2015:2292-1)
[18/12/2015] SUSE has
released security update packages for fixing the vulnerabilities identified in
the Chromium and Linux Kernel packages of openSUSE 13.1, 13.2, Leap 42.1 and
SUSE Linux Enterprise 12. Due to multiple errors, an attacker could bypass
security restrictions, obtain sensitive information, gain elevated privileges,
execute arbitrary code, cause a denial of service condition and compromise the
system.
URL:lists.opensuse.org/opensuse-security-announce/2015-12/msg00016.html
URL:lists.opensuse.org/opensuse-security-announce/2015-12/msg00017.html
URL:lists.opensuse.org/opensuse-security-announce/2015-12/msg00018.html
11.
Security Updates in Red Hat Enterprise
Linux (RHSA-2015:2665-1, RHSA-2015:2666-1)
[18/12/2015] Red Hat
has released security update packages for fixing the vulnerabilities identified
in the chromium-browser packages for Red Hat Enterprise Linux 6, and Red Hat
OpenShift Enterprise 2. Due to multiple errors, an attacker could bypass
security restrictions, obtain sensitive information, execute arbitrary code,
cause a denial of service condition and crash the
system.
URL:rhn.redhat.com/errata/RHSA-2015-2665.html
URL:rhn.redhat.com/errata/RHSA-2015-2666.html
12.
Security Updates in Ubuntu GNU/Linux
(USN-2840-1, USN-2840-2, USN-2841-1, USN-2841-2, USN-2842-1, USN-2842-2,
USN-2843-1, USN-2843-2, USN-2843-3)
[18/12/2015] Ubuntu has
released security update packages for fixing the vulnerabilities identified in
the linux, linux-ti-omap4, linux-lts-trusty, linux-lts-vivid, linux-lts-wily,
linux-raspi2 and linux-lts-utopic packages for versions 12.04 LTS, 14.04 LTS,
15.04 and Ubuntu 15.10. Due to multiple errors, an attacker could bypass
security restrictions, obtain sensitive information, gain elevated privileges,
execute arbitrary code, cause a denial of service condition and compromise the
system.
URL:www.ubuntu.com/usn/usn-2840-1/
URL:www.ubuntu.com/usn/usn-2840-2/
URL:www.ubuntu.com/usn/usn-2841-1/
URL:www.ubuntu.com/usn/usn-2841-2/
URL:www.ubuntu.com/usn/usn-2842-1/
URL:www.ubuntu.com/usn/usn-2842-2/
URL:www.ubuntu.com/usn/usn-2843-1/
URL:www.ubuntu.com/usn/usn-2843-2/
URL:www.ubuntu.com/usn/usn-2843-3/
URL:www.ubuntu.com/usn/usn-2844-1/
13.
Vulnerability in Cisco Application Policy
Infrastructure Controller (cisco-sa-20151216-apic)
[17/12/2015] Vulnerability was identified in the Cisco Application Policy
Infrastructure Controller (APIC). An attacker could bypass security
restrictions, gain elevated privileges, execute arbitrary code and compromise
the system. This vulnerability affects version 1.1(0.920a) of the mentioned
product. Security patches are available to resolve this
vulnerability.
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151216-apic
14.
Vulnerabilities in IBM WebSphere
Application Server (1969251)
[17/12/2015] Vulnerabilities were identified in the Apache HTTP Components
used in IBM WebSphere Application Server. An attacker could bypass security
restrictions, execute arbitrary code and perform spoofing attacks. These
vulnerabilities affect versions 8.0, 8.5 and 8.5.5 of the mentioned product.
Security patches are available to resolve these
vulnerabilities.
URL:www.ibm.com/support/docview.wss?uid=swg21969251
URL:www.hkcert.org/my_url/en/alert/15121701
15.
Vulnerabilities in Novell Products
(5229870, 5229994, 5230133)
[17/12/2015] Vulnerabilities were identified in the Novell NetIQ Sentinel,
Novell Messenger and Novell Filr. An attacker could bypass security
restrictions, gain elevated privileges, execute arbitrary code, cause a denial
of service condition and compromise the system. These vulnerabilities affect
multiple versions of the mentioned products. Security patches are available to
resolve these
vulnerabilities.
URL:download.novell.com/Download?buildid=HN3Bit9V_zo~
URL:download.novell.com/Download?buildid=JFXvL2H0KXI~
URL:download.novell.com/Download?buildid=lu4l-OPupGE~
16.
Vulnerability in F5 Products
(SOL34250741)
[17/12/2015] Vulnerability was identified in the F5 BIG-IP LTM, BIG-IP
AAM, BIG-IP AFM, BIG-IP Analytics, BIG-IP APM, BIG-IP ASM, BIG-IP DNS, BIG-IP
Edge Gateway, BIG-IP GTM, BIG-IP Link Controller, BIG-IP PEM, BIG-IP PSM, BIG-IP
WebAccelerator, BIG-IP WOM, Enterprise Manager, BIG-IQ Cloud, BIG-IQ Device,
BIG-IQ Security, BIG-IQ ADC, BIG-IQ Centralized Management and BIG-IQ Cloud and
Orchestration. An attacker could bypass security restrictions, cause a denial of
service condition and crash the system. This vulnerability affects multiple
versions of the mentioned products. Security patches are available to resolve
this
vulnerability.
URL:support.f5.com/kb/en-us/solutions/public/k/34/sol34250741.html
17.
Security Updates in Oracle Linux
(ELSA-2015-2655, ELSA-2015-2656, ELSA-2015-2657,
ELSA-2015-2658)
[17/12/2015] Oracle has
released security update packages for fixing the vulnerabilities identified in
the bind, bind97 and firefox packages for Oracle Linux 5, 6 and 7. Due to
multiple errors, an attacker could bypass security restrictions, obtain
sensitive information, gain elevated privileges, execute arbitrary code, cause a
denial of service condition and compromise the
system.
URL:linux.oracle.com/errata/ELSA-2015-2655.html
URL:linux.oracle.com/errata/ELSA-2015-2656.html
URL:linux.oracle.com/errata/ELSA-2015-2657.html
URL:linux.oracle.com/errata/ELSA-2015-2658.html
18.
Security Updates in Debian (DSA-3420-1,
DSA-3422-1)
[17/12/2015] Debian has
released security update packages for fixing the vulnerabilities identified in
the bind9 and iceweasel packages for multiple versions of Debian GNU/Linux. Due
to multiple errors, an attacker could bypass security restrictions, obtain
sensitive information, gain elevated privileges, execute arbitrary code, cause a
denial of service condition and compromise the
system.
URL:www.debian.org/security/2015/dsa-3420
URL:www.debian.org/security/2015/dsa-3422
19.
Security Updates in FreeBSD
(FreeBSD-SA-15:27.bind)
[17/12/2015] FreeBSD
has released security update packages for fixing the vulnerability identified in
the bind packages for multiple versions of FreeBSD Linux. A an attacker could
bypass security restrictions, cause a denial of service condition and crash the
system.
URL:www.freebsd.org/security/advisories/FreeBSD-SA-15:27.bind.asc
20.
Security Updates in Mageia
(MGASA-2015-0472, MGASA-2015-0473, MGASA-2015-0474, MGASA-2015-0475,
MGASA-2015-0476, MGASA-2015-0477)
[17/12/2015] Mageia has
released security update packages for fixing the vulnerabilities identified in
the redis, libpng12, libpng, potrace, quassel, cups-filters, nspr, nss, firefox
and firefox-l10n packages for multiple versions of Mageia. Due to multiple
errors, an attacker could bypass security restrictions, obtain sensitive
information, gain elevated privileges, execute arbitrary code, cause a denial of
service condition and compromise the
system.
URL:advisories.mageia.org/MGASA-2015-0472.html
URL:advisories.mageia.org/MGASA-2015-0473.html
URL:advisories.mageia.org/MGASA-2015-0474.html
URL:advisories.mageia.org/MGASA-2015-0475.html
URL:advisories.mageia.org/MGASA-2015-0476.html
URL:advisories.mageia.org/MGASA-2015-0477.html
21.
Security Updates in Red Hat Enterprise
Linux (RHSA-2015:2620-1, RHSA-2015:2655-1, RHSA-2015:2656-1, RHSA-2015:2657-1,
RHSA-2015:2658-1)
[17/12/2015] Red Hat
has released security update packages for fixing the vulnerabilities identified
in the cfme, bind, firefox and bind97 packages for Red Hat CloudForms 3.2, Red
Hat Enterprise Linux 5, 6 and 7. Due to multiple errors, an attacker could
bypass security restrictions, obtain sensitive information, gain elevated
privileges, execute arbitrary code, cause a denial of service condition and
compromise the
system.
URL:rhn.redhat.com/errata/RHSA-2015-2620.html
URL:rhn.redhat.com/errata/RHSA-2015-2655.html
URL:rhn.redhat.com/errata/RHSA-2015-2656.html
URL:rhn.redhat.com/errata/RHSA-2015-2657.html
URL:rhn.redhat.com/errata/RHSA-2015-2658.html
22.
Security Updates in Slackware
(SSA:2015-349-01, SSA:2015-349-02, SSA:2015-349-03,
SSA:2015-349-04)
[17/12/2015] Slackware
has released security update packages for fixing the vulnerabilities identified
in the mozilla-firefox, libpng, bind and openssl packages for multiple versions
of Slackware Linux. Due to multiple errors, an attacker could bypass security
restrictions, obtain sensitive information, gain elevated privileges, execute
arbitrary code, cause a denial of service condition and compromise the
system.
URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.356015
URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.504203
URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.539966
URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.754583
23.
Security Updates in Ubuntu GNU/Linux
(USN-2838-1, USN-2838-2, USN-2839-1)
[17/12/2015] Ubuntu has
released security update packages for fixing the vulnerabilities identified in
the cups-filters, foomatic-filters and cups packages for versions 12.04 LTS,
14.04 LTS, 15.04 and Ubuntu 15.10. Due to multiple errors, an attacker could
bypass security restrictions, obtain sensitive information and execute arbitrary
code on the
system.
URL:www.ubuntu.com/usn/usn-2838-1/
URL:www.ubuntu.com/usn/usn-2838-2/
URL:www.ubuntu.com/usn/usn-2839-1/
24.
Vulnerability in Apache
TomEE
[16/12/2015]
Vulnerability was identified in the Apache
TomEE. An attacker could bypass security restrictions and execute arbitrary code
on the system. The affected version was not
specified.
URL:www.hkcert.org/my_url/en/alert/15121604
25.
Vulnerabilities in BIND (AA-01317,
AA-01319)
[16/12/2015]
Vulnerabilities were identified in the BIND 9.
An attacker could bypass security restrictions, execute arbitrary code, cause a
denial of service condition and crash the system. These vulnerabilities affect
multiple versions of the mentioned product. Security patches are available to
resolve these
vulnerabilities.
URL:kb.isc.org/article/AA-01317
URL:kb.isc.org/article/AA-01319
URL:www.hkcert.org/my_url/en/alert/15121602
URL:www.us-cert.gov/ncas/current-activity/2015/12/15/Internet-Systems-Consortium-ISC-Releases-Security-Updates-BIND
26.
Vulnerabilities in Mozilla Firefox (MFSA
2015-133, MFSA 2015-134, MFSA 2015-135, MFSA 2015-136, MFSA 2015-137, MFSA
2015-138, MFSA 2015-139, MFSA 2015-140, MFSA 2015-141, MFSA 2015-142, MFSA
2015-143, MFSA 2015-144, MFSA 2015-145, MFSA 2015-146, MFSA 2015-147, MFSA
2015-148, MFSA 2015-149)
[16/12/2015] Vulnerabilities were identified in the Mozilla Firefox and
Firefox ESR. An attacker could bypass security restrictions, obtain sensitive
information, gain elevated privileges, execute arbitrary code, cause a denial of
service condition and compromise the system. These vulnerabilities affect
multiple versions of the mentioned products. Security patches are available to
resolve these
vulnerabilities.
URL:www.mozilla.org/en-US/security/advisories/mfsa2015-133/
URL:www.mozilla.org/en-US/security/advisories/mfsa2015-134/
URL:www.mozilla.org/en-US/security/advisories/mfsa2015-135/
URL:www.mozilla.org/en-US/security/advisories/mfsa2015-136/
URL:www.mozilla.org/en-US/security/advisories/mfsa2015-137/
URL:www.mozilla.org/en-US/security/advisories/mfsa2015-138/
URL:www.mozilla.org/en-US/security/advisories/mfsa2015-139/
URL:www.mozilla.org/en-US/security/advisories/mfsa2015-140/
URL:www.mozilla.org/en-US/security/advisories/mfsa2015-141/
URL:www.mozilla.org/en-US/security/advisories/mfsa2015-142/
URL:www.mozilla.org/en-US/security/advisories/mfsa2015-143/
URL:www.mozilla.org/en-US/security/advisories/mfsa2015-144/
URL:www.mozilla.org/en-US/security/advisories/mfsa2015-145/
URL:www.mozilla.org/en-US/security/advisories/mfsa2015-146/
URL:www.mozilla.org/en-US/security/advisories/mfsa2015-147/
URL:www.mozilla.org/en-US/security/advisories/mfsa2015-148/
URL:www.mozilla.org/en-US/security/advisories/mfsa2015-149/
URL:www.mozilla.org/en-US/security/known-vulnerabilities/firefox/#firefox43
URL:www.mozilla.org/en-US/security/known-vulnerabilities/firefox-esr/#firefoxesr38.5
URL:www.hkcert.org/my_url/en/alert/15121603
URL:www.us-cert.gov/ncas/current-activity/2015/12/15/Mozilla-Releases-Security-Updates-Firefox-and-Firefox-ESR
27.
Vulnerability in Cisco Products
(cisco-sa-20151215-ucmim)
[16/12/2015] Vulnerability was identified in the Cisco Unified
Communications Manager (UCM). An attacker could bypass security restrictions,
execute arbitrary code, cause a denial of service condition and crash the
system. This vulnerability affects version 10.5(0.98000.88) of the mentioned
product. Security patches are available to resolve this
vulnerability.
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151215-ucmim
URL:exchange.xforce.ibmcloud.com/vulnerabilities/108935
28.
Vulnerabilities in HPE Network Switches
(c04920918)
[16/12/2015] Vulnerabilities were identified in the HPE Network Switches.
An attacker could bypass security restrictions, gain elevated privileges,
execute arbitrary code, cause a denial of service condition and compromise the
system. These vulnerabilities affect versions prior to v15.18.0007 of the
mentioned products. Security patches are available to resolve these
vulnerabilities.
URL:h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04920918
URL:exchange.xforce.ibmcloud.com/vulnerabilities/108946
URL:exchange.xforce.ibmcloud.com/vulnerabilities/108947
29.
Vulnerabilities in F5 Products
(SOL30518307, SOL59010802)
[16/12/2015] Vulnerabilities were identified in the F5 BIG-IP LTM, BIG-IP
AAM, BIG-IP AFM, BIG-IP Analytics, BIG-IP APM, BIG-IP ASM, BIG-IP DNS, BIG-IP
Edge Gateway, BIG-IP GTM, BIG-IP Link Controller, BIG-IP PEM, BIG-IP PSM, BIG-IP
WebAccelerator, BIG-IP WOM, ARX and Enterprise Manager. An attacker could bypass
security restrictions, obtain sensitive information, gain elevated privileges,
execute arbitrary code, cause a denial of service condition and crash the
system. These vulnerabilities affect multiple versions of the mentioned
products. Security patches are available to resolve these
vulnerabilities.
URL:support.f5.com/kb/en-us/solutions/public/k/30/sol30518307.html
URL:support.f5.com/kb/en-us/solutions/public/k/59/sol59010802.html
30.
Vulnerabilities in Huawei Products
(HW-408044)
[16/12/2015] Vulnerabilities were identified in multiple Huawei Products.
An attacker could bypass security restrictions and execute arbitrary code on the
system. These vulnerabilities affect multiple versions of the mentioned
products. Security patches are available to resolve these
vulnerabilities.
URL:www1.huawei.com/en/security/psirt/security-bulletins/security-notices/archive/hw-408044.htm
31.
Vulnerability in Juniper JunosE
(JSA10651)
[16/12/2015]
Vulnerability was identified in the Juniper
JunosE. An attacker could bypass security restrictions, execute arbitrary code,
cause a denial of service condition and crash the system. This vulnerability
affects versions prior to 13.3.3p0-1, 14.3.1p0-0-1, 14.3.2 or 15.1.0 of the
mentioned product. Security patches are available to resolve this
vulnerability.
URL:kb.juniper.net/InfoCenter/index?page=content&id=JSA10651
32.
Vulnerabilities in Adcon Telemetry A840
(ICSA-15-349-01)
[16/12/2015] Vulnerabilities were identified in the Adcon Telemetry A840.
An attacker could bypass security restrictions, obtain sensitive information,
gain elevated privileges, execute arbitrary code, cause a denial of service
condition and compromise the system. These vulnerabilities affect all versions
of the mentioned
product.
URL:ics-cert.us-cert.gov/advisories/ICSA-15-349-01
33.
Vulnerabilities in Google
Chrome
[16/12/2015]
Vulnerabilities were identified in the Google
Chrome. An attacker could bypass security restrictions, obtain sensitive
information, execute arbitrary code, cause a denial of service condition and
crash the system. These vulnerabilities affect versions prior to 47.0.2526.106
of the mentioned product. Security patches are available to resolve these
vulnerabilities.
URL:googlechromereleases.blogspot.hk/search/label/Stable%20updates
URL:www.hkcert.org/my_url/en/alert/15121601
URL:www.us-cert.gov/ncas/current-activity/2015/12/15/Google-Releases-Security-Update-Chrome
34.
Security Updates in Oracle Linux
(ELSA-2015-2623, ELSA-2015-2636)
[16/12/2015] Oracle has
released security update packages for fixing the vulnerabilities identified in
the grub2 and kernel packages for Oracle Linux 6 and 7. Due to multiple errors,
an attacker could bypass security restrictions, obtain sensitive information,
gain elevated privileges, execute arbitrary code, cause a denial of service
condition and compromise the
system.
URL:linux.oracle.com/errata/ELSA-2015-2623.html
URL:linux.oracle.com/errata/ELSA-2015-2636.html
35.
Security Updates in Debian (DSA-3418-1,
DSA-3419-1)
[16/12/2015] Debian has
released security update packages for fixing the vulnerabilities identified in
the chromium-browser and cups-filters packages for multiple versions of Debian
GNU/Linux. Due to multiple errors, an attacker could bypass security
restrictions, obtain sensitive information, gain elevated privileges, execute
arbitrary code, cause a denial of service condition and crash the
system.
URL:www.debian.org/security/2015/dsa-3418
URL:www.debian.org/security/2015/dsa-3419
36.
Security Updates in Red Hat Enterprise
Linux (RHSA-2015:2623-1)
[16/12/2015] Red Hat
has released security update packages for fixing the vulnerability identified in
the grub2 packages for Red Hat Enterprise Linux 7. An attacker could bypass
security restrictions, gain elevated privileges, execute arbitrary code, cause a
denial of service condition and compromise the
system.
URL:rhn.redhat.com/errata/RHSA-2015-2623.html
37.
Security Updates in Ubuntu GNU/Linux
(USN-2833-1, USN-2835-1, USN-2836-1, USN-2837-1)
[16/12/2015] Ubuntu has released security update packages for fixing the
vulnerabilities identified in the firefox, git, grub2 and bind9 packages for
versions 12.04 LTS, 14.04 LTS, 15.04 and Ubuntu 15.10. Due to multiple errors,
an attacker could bypass security restrictions, execute arbitrary code, cause a
denial of service condition and compromise the
system.
URL:www.ubuntu.com/usn/usn-2833-1/
URL:www.ubuntu.com/usn/usn-2835-1/
URL:www.ubuntu.com/usn/usn-2836-1/
URL:www.ubuntu.com/usn/usn-2837-1/
38.
Vulnerabilities in Cisco Products
(cisco-sa-20151214-ios, cisco-sa-20151214-ucm)
[15/12/2015] Vulnerabilities were identified in the Cisco IOS XE Software
and Cisco Unified Communications Manager (UCM). An attacker could bypass
security restrictions, execute arbitrary code, perform cross-site scripting
attacks, cause a denial of service condition and crash the system. These
vulnerabilities affect multiple versions of the mentioned products. Security
patches are available to resolve these
vulnerabilities.
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151214-ios
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151214-ucm
39.
Vulnerability in Symantec Endpoint
Encryption Client (SYM15-012)
[15/12/2015] Vulnerability was identified in the Symantec Endpoint
Encryption Client. An attacker could bypass security restrictions and obtain
sensitive information. This vulnerability affects versions prior to 11.1.0 of
the mentioned product. Security patches are available to resolve this
vulnerability.
URL:www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2015&suid=20151214_00
40.
Vulnerabilities in F5 Products
(SOL08039035, SOL91245485)
[15/12/2015] Vulnerabilities were identified in the F5 Enterprise Manager
and Traffix SDC. An attacker could bypass security restrictions, obtain
sensitive information, execute arbitrary code, cause a denial of service
condition and crash the system. These vulnerabilities affect multiple versions
of the mentioned products. Security patches are available to resolve these
vulnerabilities.
URL:support.f5.com/kb/en-us/solutions/public/k/08/sol08039035.html
URL:support.f5.com/kb/en-us/solutions/public/k/91/sol91245485.html
41.
Vulnerability in
Joomla
[15/12/2015]
Vulnerability was identified in the Joomla. An
attacker could bypass security restrictions and execute arbitrary code on the
system. These vulnerabilities affect versions prior to 3.4.6 of the mentioned
product. Security patches are available to resolve this
vulnerability.
URL:developer.joomla.org/security-centre/630-20151214-core-remote-code-execution-vulnerability.html
URL:www.hkcert.org/my_url/en/alert/15121401
42.
Security Updates in Oracle Linux
(ELSA-2015-2616, ELSA-2015-2617, ELSA-2015-2619)
[15/12/2015] Oracle has released security update packages for fixing the
vulnerabilities identified in the openssl and libreoffice packages for Oracle
Linux 5, 6 and 7. Due to multiple errors, an attacker could bypass security
restrictions, obtain sensitive information, gain elevated privileges, execute
arbitrary code, cause a denial of service condition and compromise the
system.
URL:linux.oracle.com/errata/ELSA-2015-2616.html
URL:linux.oracle.com/errata/ELSA-2015-2617.html
URL:linux.oracle.com/errata/ELSA-2015-2619.html
43.
Security Updates in Debian
(DSA-3417-1)
[15/12/2015] Debian has
released security update packages for fixing the vulnerability identified in the
bouncycastle packages for multiple versions of Debian GNU/Linux. An attacker
could bypass security restrictions, obtain sensitive information and execute
arbitrary
code.
URL:www.debian.org/security/2015/dsa-3417
44.
Security Updates in Red Hat Enterprise
Linux (RHSA-2015:2616-1, RHSA-2015:2617-1, RHSA-2015:2618-1,
RHSA-2015:2619-1)
[15/12/2015] Red Hat
has released security update packages for fixing the vulnerabilities identified
in the openssl, chromium-browser and libreoffice packages for Red Hat Enterprise
Linux 5, 6 and 7. Due to multiple errors, an attacker could bypass security
restrictions, obtain sensitive information, gain elevated privileges, execute
arbitrary code, cause a denial of service condition and compromise the
system.
URL:rhn.redhat.com/errata/RHSA-2015-2616.html
URL:rhn.redhat.com/errata/RHSA-2015-2617.html
URL:rhn.redhat.com/errata/RHSA-2015-2618.html
URL:rhn.redhat.com/errata/RHSA-2015-2619.html
45.
Security Updates in SUSE
(SUSE-SU-2015:2268-1, SUSE-SU-2015:2168-2)
[15/12/2015] SUSE has
released security update packages for fixing the vulnerabilities identified in
the java-1_8_0-ibm and java-1_7_1-ibm packages of SUSE Linux Enterprise 12. Due
to multiple errors, an attacker could bypass security restrictions, obtain
sensitive information, gain elevated privileges, execute arbitrary code, cause a
denial of service condition and compromise the
system.
URL:lists.opensuse.org/opensuse-security-announce/2015-12/msg00014.html
URL:lists.opensuse.org/opensuse-security-announce/2015-12/msg00015.html
46.
Security Updates in Ubuntu GNU/Linux
(USN-2834-1)
[15/12/2015] Ubuntu has
released security update packages for fixing the vulnerabilities identified in
the libxml2 packages for versions 12.04 LTS, 14.04 LTS, 15.04 and Ubuntu 15.10.
Due to multiple errors, an attacker could bypass security restrictions, execute
arbitrary code, cause a denial of service condition and crash the
system.
URL:www.ubuntu.com/usn/usn-2834-1/
47. Vulnerabilities in Apple iTunes
(HT205636)
[14/12/2015]
Vulnerabilities were identified in the Apple
iTunes. An attacker could bypass security restrictions, execute arbitrary code
and compromise the system. These vulnerabilities affect version 12.3.2 of the
mentioned product. Security patches are available to resolve these
vulnerabilities.
URL:support.apple.com/en-us/HT205636
URL:www.us-cert.gov/ncas/current-activity/2015/12/11/Apple-Releases-Security-Update-iTunes
48.
Vulnerabilities in Cisco Products
(cisco-sa-20151211-fmc, cisco-sa-20151211-imc,
cisco-sa-20151211-ucdm)
[14/12/2015] Vulnerabilities were identified in the Cisco FireSIGHT
Management Center, Cisco Integrated Management Controller (IMC) and Cisco
Unified Communications Domain Manager (CUCDM). An attacker could bypass security
restrictions, obtain sensitive information, execute arbitrary code, cause a
denial of service condition and crash the system. These vulnerabilities affect
multiple versions of the mentioned products. Security patches are available to
resolve these
vulnerabilities.
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151211-fmc
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151211-imc
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151211-ucdm
49.
Vulnerability in F5 Traffix SDC
(SOL49233165)
[14/12/2015] Vulnerability was identified in the F5 Traffix SDC. An
attacker could bypass security restrictions, execute arbitrary code, cause a
denial of service condition and crash the system. This vulnerability affects
multiple versions of the mentioned product. Security patches are available to
resolve this
vulnerability.
URL:support.f5.com/kb/en-us/solutions/public/k/49/sol49233165.html
50.
Security Updates in Oracle Linux
(ELSA-2015-3107)
[14/12/2015] Oracle has
released security update packages for fixing the vulnerabilities identified in
the kernel packages for Oracle Linux 6 and 7. Due to multiple errors, an
attacker could bypass security restrictions, obtain sensitive information,
execute arbitrary code, cause a denial of service condition and crash the
system.
URL:linux.oracle.com/errata/ELSA-2015-3107.html
51.
Security Updates in Debian
(DSA-3416-1)
[14/12/2015] Debian has
released security update packages for fixing the vulnerability identified in the
libphp-phpmailer packages for multiple versions of Debian GNU/Linux. An attacker
could bypass security restrictions, obtain sensitive information and execute
arbitrary
code.
URL:www.debian.org/security/2015/dsa-3416
52.
Security Updates in SUSE
(openSUSE-SU-2015:2257-1)
[14/12/2015] SUSE has
released security update packages for fixing the vulnerability identified in the
mbedtls packages of openSUSE Leap 42.1. An attacker could bypass security
restrictions, execute arbitrary code, cause a denial of service condition and
crash the
system.
URL:lists.opensuse.org/opensuse-security-announce/2015-12/msg00013.html
No comments:
Post a Comment