1. Vulnerabilities in OpenSSL
[29/01/2016] Vulnerabilities were identified in the OpenSSL. An attacker
could bypass security restrictions, obtain sensitive information, gain elevated
privileges, execute arbitrary code, cause a denial of service condition and
crash the system. These vulnerabilities affect versions prior to 1.0.1r or
1.0.2f of the mentioned product. Security patches are available to resolve these
vulnerabilities.
URL:www.openssl.org/news/secadv/20160128.txt
URL:www.us-cert.gov/ncas/current-activity/2016/01/28/OpenSSL-Releases-Security-Advisory
URL:www.kb.cert.org/vuls/id/257823
URL:exchange.xforce.ibmcloud.com/vulnerabilities/110234
URL:exchange.xforce.ibmcloud.com/vulnerabilities/110235
2. Vulnerabilities in Cisco Products
(cisco-sa-20160128-sbs, cisco-sa-20160128-uc)
[29/01/2016] Vulnerabilities were identified in Cisco Small Business 500
Series Stackable Managed Switches and Cisco Unity Connection. An attacker could
bypass security restrictions, obtain sensitive information, gain elevated
privileges, execute arbitrary code, cause a denial of service condition and
crash the system. These vulnerabilities affect multiple versions of the
mentioned products. Security patches are available to resolve these
vulnerabilities.
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160128-sbs
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160128-uc
3. Vulnerabilities in Novell Filr (5233170, 5233171,
5233172, 5233550, 5233551, 5233552, 5233670, 5233690)
[29/01/2016] Vulnerabilities were identified in the Novell Identity
Manager, NetIQ eDirectory and Designer for Identity Manager. An attacker could
bypass security restrictions, obtain sensitive information, gain elevated
privileges, execute arbitrary code, cause a denial of service condition and
compromise the system. These vulnerabilities affect multiple versions of the
mentioned products. Security patches are available to resolve these
vulnerabilities.
URL:download.novell.com/Download?buildid=Drw3BqUXIo4~
URL:download.novell.com/Download?buildid=E9m024HXLHw~
URL:download.novell.com/Download?buildid=HTund35qCFk~
URL:download.novell.com/Download?buildid=l6ulyqWxDv8~
URL:download.novell.com/Download?buildid=N63wVOwZf_s~
URL:download.novell.com/Download?buildid=QgHXVOxv310~
URL:download.novell.com/Download?buildid=Rjs_0SapjGg~
URL:download.novell.com/Download?buildid=RYH_EkORvU4~
4. Vulnerability in Westermo industrial switches
(ICSA-16-028-01)
[29/01/2016] Vulnerability was identified in the Westermo industrial
switches. An attacker could bypass security restrictions, obtain sensitive
information, gain elevated privileges, execute arbitrary code, cause a denial of
service condition and compromise the system. This vulnerability affects OS
versions prior to 4.19.0 of the mentioned products. Security patches are
available to resolve this
vulnerability.
URL:ics-cert.us-cert.gov/advisories/ICSA-16-028-01
5. Vulnerabilities in KDDI HOME SPOT CUBE (110200,
110201, 110202, 110203, 110204, 110205)
[29/01/2016] Vulnerabilities were identified in the KDDI HOME SPOT CUBE.
An attacker could bypass security restrictions, obtain sensitive information,
gain elevated privileges, execute arbitrary code, cause a denial of service
condition and compromise the system. The affected version was not
specified.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/110200
URL:exchange.xforce.ibmcloud.com/vulnerabilities/110201
URL:exchange.xforce.ibmcloud.com/vulnerabilities/110202
URL:exchange.xforce.ibmcloud.com/vulnerabilities/110203
URL:exchange.xforce.ibmcloud.com/vulnerabilities/110204
URL:exchange.xforce.ibmcloud.com/vulnerabilities/110205
6. Vulnerabilities in NetGear Products (110207, 110209,
110213, 110214)
[29/01/2016] Vulnerabilities were identified in multiple NetGear products.
An attacker could bypass security restrictions, obtain sensitive information,
gain elevated privileges, execute arbitrary code, cause a denial of service
condition and compromise the system. These vulnerabilities affect multiple
versions of the mentioned
products.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/110207
URL:exchange.xforce.ibmcloud.com/vulnerabilities/110209
URL:exchange.xforce.ibmcloud.com/vulnerabilities/110213
URL:exchange.xforce.ibmcloud.com/vulnerabilities/110214
7. Vulnerability in Linux Kernel
(110242)
[29/01/2016]
Vulnerability was identified in the Linux
Kernel. An attacker could bypass security restrictions, execute arbitrary code,
cause a denial of service condition and crash the system. The affected version
was not specified. Security patches are available to resolve this
vulnerability.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/110242
8. Security Updates in Oracle Linux (ELSA-2016-0082,
ELSA-2016-0083)
[29/01/2016] Oracle has
released security update packages for fixing the vulnerability identified in the
qemu-kvm packages for Oracle Linux 6 and 7. An attacker could bypass security
restrictions, obtain sensitive information, gain elevated privileges, execute
arbitrary code, cause a denial of service condition and crash the
system.
URL:linux.oracle.com/errata/ELSA-2016-0082.html
URL:linux.oracle.com/errata/ELSA-2016-0083.html
9. Security Updates in Debian (DSA-3457-1, DSA-3458-1,
DSA-3459-1)
[29/01/2016] Debian has
released security update packages for fixing the vulnerabilities identified in
the iceweasel, openjdk-7 and mysql-5.5 packages for multiple versions of Debian
GNU/Linux. Due to multiple errors, an attacker could bypass security
restrictions, obtain sensitive information, gain elevated privileges, execute
arbitrary code, cause a denial of service condition and compromise the
system.
URL:www.debian.org/security/2016/dsa-3457
URL:www.debian.org/security/2016/dsa-3458
URL:www.debian.org/security/2016/dsa-3459
10.
Security Updates in Red Hat Enterprise
Linux (RHSA-2016:0072-1, RHSA-2016:0073-1, RHSA-2016:0074-1, RHSA-2016:0078-1,
RHSA-2016:0079-1, RHSA-2016:0081-1, RHSA-2016:0082-1, RHSA-2016:0083-1,
RHSA-2016:0085-1, RHSA-2016:0086-1, RHSA-2016:0087-1)
[29/01/2016] Red
Hat has released security update packages for fixing the vulnerabilities
identified in the chromium-browser, bind, bind97, qemu-kvm-rhev and qemu-kvm
packages for Red Hat Enterprise Linux 5, 6 and 7, Red Hat Enterprise
Virtualization, Red Hat Enterprise Linux OpenStack Platform for Red Hat
Enterprise Linux 5, 6 and 7. Due to multiple errors, an attacker could bypass
security restrictions, obtain sensitive information, gain elevated privileges,
execute arbitrary code, cause a denial of service condition and compromise the
system.
URL:rhn.redhat.com/errata/RHSA-2016-0072.html
URL:rhn.redhat.com/errata/RHSA-2016-0073.html
URL:rhn.redhat.com/errata/RHSA-2016-0074.html
URL:rhn.redhat.com/errata/RHSA-2016-0078.html
URL:rhn.redhat.com/errata/RHSA-2016-0079.html
URL:rhn.redhat.com/errata/RHSA-2016-0081.html
URL:rhn.redhat.com/errata/RHSA-2016-0082.html
URL:rhn.redhat.com/errata/RHSA-2016-0083.html
URL:rhn.redhat.com/errata/RHSA-2016-0085.html
URL:rhn.redhat.com/errata/RHSA-2016-0086.html
URL:rhn.redhat.com/errata/RHSA-2016-0087.html
11.
Security Updates in Ubuntu GNU/Linux
(USN-2883-1)
[29/01/2016] Ubuntu has
released security update packages for fixing the vulnerability identified in the
openssl package for version 15.10. An attacker could bypass security
restrictions, obtain sensitive information, gain elevated privileges and execute
arbitrary code.
URL:www.ubuntu.com/usn/usn-2883-1/
12.
Vulnerabilities in Cisco Products
(cisco-sa-20160127-ntpd, cisco-sa-20160127-rv220, cisco-sa-20160127-sbms,
cisco-sa-20160127-uc, cisco-sa-20160127-waascifs)
[28/01/2016] Vulnerabilities were identified in multiple Cisco products.
An attacker could bypass security restrictions, obtain sensitive information,
gain elevated privileges, execute arbitrary code, cause a denial of service
condition and compromise the system. These vulnerabilities affect multiple
versions of the mentioned products. Security patches are available to resolve
these
vulnerabilities.
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-ntpd
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-rv220
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-sbms
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-uc
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-waascifs
URL:www.us-cert.gov/ncas/current-activity/2016/01/27/Cisco-Releases-Security-Update
URL:www.hkcert.org/my_url/en/alert/16012801
URL:exchange.xforce.ibmcloud.com/vulnerabilities/110177
URL:exchange.xforce.ibmcloud.com/vulnerabilities/110178
URL:exchange.xforce.ibmcloud.com/vulnerabilities/110179
URL:exchange.xforce.ibmcloud.com/vulnerabilities/110180
13.
Vulnerability in Novell Filr (5233810,
5233830)
[28/01/2016]
Vulnerability was identified in the Novell Filr.
An attacker could bypass security restrictions, obtain sensitive information,
gain elevated privileges, execute arbitrary code, cause a denial of service
condition and compromise the system. This vulnerability affects versions 1.1 and
1.2 of the mentioned product. Security patches are available to resolve this
vulnerability.
URL:download.novell.com/Download?buildid=GGjGx_IhcY4~
URL:download.novell.com/Download?buildid=Sww_cAfKic0~
14.
Vulnerabilities in F5 Products
(SOL05013313, SOL13145361)
[28/01/2016] Vulnerabilities were identified in the F5 BIG-IP LTM, BIG-IP
AAM, BIG-IP AFM, BIG-IP Analytics, BIG-IP APM, BIG-IP ASM, BIG-IP DNS, BIG-IP
Edge Gateway, BIG-IP GTM, BIG-IP Link Controller, BIG-IP PEM, BIG-IP PSM, BIG-IP
WebAccelerator, BIG-IP WOM, Enterprise Manager, BIG-IQ Cloud, BIG-IQ Device,
BIG-IQ Security, BIG-IQ ADC, BIG-IQ Centralized Management and BIG-IQ Cloud and
Orchestration. An attacker could bypass security restrictions, obtain sensitive
information, gain elevated privileges, execute arbitrary code, cause a denial of
service condition and crash the system. These vulnerabilities affect multiple
versions of the mentioned products. Security patches are available to resolve
these
vulnerabilities.
URL:support.f5.com/kb/en-us/solutions/public/k/05/sol05013313.html
URL:support.f5.com/kb/en-us/solutions/public/k/13/sol13145361.html
15.
Security Updates in Oracle Linux
(ELSA-2016-0071, ELSA-2016-0073, ELSA-2016-0074)
[28/01/2016] Oracle has released security update packages for fixing the
vulnerabilities identified in the firefox, bind and bind97 packages for Oracle
Linux 5, 6 and 7. Due to multiple errors, an attacker could bypass security
restrictions, obtain sensitive information, gain elevated privileges, execute
arbitrary code, cause a denial of service condition and compromise the
system.
URL:linux.oracle.com/errata/ELSA-2016-0071.html
URL:linux.oracle.com/errata/ELSA-2016-0073.html
URL:linux.oracle.com/errata/ELSA-2016-0074.html
16.
Security Updates in Debian (DSA-3454-1,
DSA-3455-1, DSA-3456-1)
[28/01/2016] Debian has
released security update packages for fixing the vulnerability identified in the
virtualbox, curl and chromium-browser packages for multiple versions of Debian
GNU/Linux. Due to multiple errors, an attacker could bypass security
restrictions, obtain sensitive information, gain elevated privileges, execute
arbitrary code, cause a denial of service condition and compromise the
system.
URL:www.debian.org/security/2016/dsa-3454
URL:www.debian.org/security/2016/dsa-3455
URL:www.debian.org/security/2016/dsa-3456
17.
Security Updates in FreeBSD
(FreeBSD-SA-16:08.bind, FreeBSD-SA-16:09.ntp,
FreeBSD-SA-16:10.linux)
[28/01/2016] FreeBSD
has released security update packages for fixing the vulnerability identified in
the bind, ntp and kernel packages for multiple versions of FreeBSD Linux. Due to
multiple errors, an attacker could bypass security restrictions, obtain
sensitive information, gain elevated privileges, execute arbitrary code, cause a
denial of service condition and compromise the
system.
URL:www.freebsd.org/security/advisories/FreeBSD-SA-16:08.bind.asc
URL:www.freebsd.org/security/advisories/FreeBSD-SA-16:09.ntp.asc
URL:www.freebsd.org/security/advisories/FreeBSD-SA-16:10.linux.asc
18.
Security Updates in Gentoo Linux (GLSA
201601-02, GLSA 201601-03, GLSA 201601-04)
[28/01/2016] Gentoo has
released security update packages for fixing the vulnerabilities identified in
the webkit-gtk, adobe-flash and opensmtpd packages for multiple versions of
Gentoo Linux. Due to multiple errors, an attacker could bypass security
restrictions, obtain sensitive information, gain elevated privileges, execute
arbitrary code, cause a denial of service condition and compromise the
system.
URL:security.gentoo.org/glsa/201601-02
URL:security.gentoo.org/glsa/201601-03
URL:security.gentoo.org/glsa/201601-04
19.
Security Updates in Red Hat Enterprise
Linux (RHSA-2016:0071-1)
[28/01/2016] Red Hat
has released security update packages for fixing the vulnerabilities identified
in the firefox packages for Red Hat Enterprise Linux 5, 6 and 7. Due to multiple
errors, an attacker could bypass security restrictions, obtain sensitive
information, gain elevated privileges, execute arbitrary code, cause a denial of
service condition and compromise the
system.
URL:rhn.redhat.com/errata/RHSA-2016-0071.html
20.
Security Updates in SUSE
(openSUSE-SU-2016:0255-1, SUSE-SU-2016:0256-1, openSUSE-SU-2016:0261-1,
SUSE-SU-2016:0262-1, openSUSE-SU-2016:0263-1, SUSE-SU-2016:0265-1,
openSUSE-SU-2016:0268-1, SUSE-SU-2016:0269-1, openSUSE-SU-2016:0270-1,
openSUSE-SU-2016:0271-1, openSUSE-SU-2016:0272-1)
[28/01/2016] SUSE has released security update packages for fixing the
vulnerabilities identified in the openldap2, java-1_8_0-openjdk,
java-1_7_0-openjdk, Chromium and Java7 packages of SUSE Linux Enterprise 11 and
12, SUSE Studio Onsite 1.3, openSUSE Leap 42.1, openSUSE 13.1 and 13.2. Due to
multiple errors, an attacker could bypass security restrictions, obtain
sensitive information, gain elevated privileges, execute arbitrary code, cause a
denial of service condition and compromise the
system.
URL:lists.opensuse.org/opensuse-security-announce/2016-01/msg00035.html
URL:lists.opensuse.org/opensuse-security-announce/2016-01/msg00036.html
URL:lists.opensuse.org/opensuse-security-announce/2016-01/msg00037.html
URL:lists.opensuse.org/opensuse-security-announce/2016-01/msg00038.html
URL:lists.opensuse.org/opensuse-security-announce/2016-01/msg00039.html
URL:lists.opensuse.org/opensuse-security-announce/2016-01/msg00040.html
URL:lists.opensuse.org/opensuse-security-announce/2016-01/msg00041.html
URL:lists.opensuse.org/opensuse-security-announce/2016-01/msg00042.html
URL:lists.opensuse.org/opensuse-security-announce/2016-01/msg00043.html
URL:lists.opensuse.org/opensuse-security-announce/2016-01/msg00044.html
URL:lists.opensuse.org/opensuse-security-announce/2016-01/msg00045.html
URL:lists.opensuse.org/opensuse-security-announce/2016-01/msg00046.html
URL:lists.opensuse.org/opensuse-security-announce/2016-01/msg00047.html
21.
Security Updates in Ubuntu GNU/Linux
(USN-2877-1, USN-2880-1, USN-2882-1)
[28/01/2016] Ubuntu has
released security update packages for fixing the vulnerabilities identified in
the oxide-qt, firefox and curl packages for versions 12.04 LTS, 14.04 LTS, 15.04
and 15.10. Due to multiple errors, an attacker could bypass security
restrictions, obtain sensitive information, gain elevated privileges, execute
arbitrary code, cause a denial of service condition and compromise the
system.
URL:www.ubuntu.com/usn/usn-2877-1/
URL:www.ubuntu.com/usn/usn-2880-1/
URL:www.ubuntu.com/usn/usn-2882-1/
22.
Vulnerabilities in Mozilla Firefox (MFSA
2016-01, MFSA 2016-02, MFSA 2016-03, MFSA 2016-04, MFSA 2016-05, MFSA 2016-06,
MFSA 2016-07, MFSA 2016-08, MFSA 2016-09, MFSA 2016-10, MFSA 2016-11, MFSA
2016-12)
[27/01/2016]
Vulnerabilities were identified in the Mozilla
Firefox. An attacker could execute arbitrary code, cause integer overflow, crash
the application, perform spoofing attacks and obtain sensitive information.
These vulnerabilities affect multiple versions of the mentioned product.
Security patches are available to resolve these
vulnerabilities.
URL:www.mozilla.org/en-US/security/advisories/mfsa2016-01/
URL:www.mozilla.org/en-US/security/advisories/mfsa2016-02/
URL:www.mozilla.org/en-US/security/advisories/mfsa2016-03/
URL:www.mozilla.org/en-US/security/advisories/mfsa2016-04/
URL:www.mozilla.org/en-US/security/advisories/mfsa2016-05/
URL:www.mozilla.org/en-US/security/advisories/mfsa2016-06/
URL:www.mozilla.org/en-US/security/advisories/mfsa2016-07/
URL:www.mozilla.org/en-US/security/advisories/mfsa2016-08/
URL:www.mozilla.org/en-US/security/advisories/mfsa2016-09/
URL:www.mozilla.org/en-US/security/advisories/mfsa2016-10/
URL:www.mozilla.org/en-US/security/advisories/mfsa2016-11/
URL:www.mozilla.org/en-US/security/advisories/mfsa2016-12/
URL:www.hkcert.org/my_url/en/alert/16012701
URL:www.us-cert.gov/ncas/current-activity/2016/01/26/Mozilla-Releases-Security-Updates
23.
Vulnerability in Buffalo NAS device
(110079)
[27/01/2016]
Vulnerability was identified in Buffalo NAS
device. An attacker could cause a denial of service condition. This
vulnerability affects multiple versions of the mentioned
product.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/110079
24.
Vulnerability in Rockwell Automation
Allen-Bradley MicroLogix (ICSA-16-026-02)
[27/01/2016] Vulnerability was identified in the Rockwell Automation
Allen-Bradley MicroLogix 1100 programmable logic controller systems. An attacker
could cause a stack-based buffer overflow. This vulnerability affects multiple
versions of the mentioned product. Security patches are available to resolve the
vulnerability in Allen-Bradley MicroLogix 1100 controller, hardware Series B, in
firmware Version
15.002.
URL:ics-cert.us-cert.gov/advisories/ICSA-16-026-02
25.
Security Updates in Oracle Linux
(ELSA-2016-0067)
[27/01/2016] Oracle has
released security update packages for fixing the vulnerabilities identified in
the java-1.6.0-openjdk packages for Oracle Linux 5, 6 and 7. Due to multiple
errors, an attacker could bypass security restrictions, obtain sensitive
information and cause a denial of service
condition.
URL:linux.oracle.com/errata/ELSA-2016-0067.html
26.
Security Updates in Debian
(DSA-3453-1)
[27/01/2016] Debian has
released security update packages for fixing the vulnerabilities identified in
the mariadb-10.0 packages for multiple versions of Debian GNU/Linux. An attacker
could perform man-in-the-middle
attacks.
URL:www.debian.org/security/2016/dsa-3453
27.
Security Updates in Red Hat Enterprise
Linux (RHSA-2016:0067-1, RHSA-2016:0068-1)
[27/01/2016] Red Hat
has released security update packages for fixing the vulnerabilities identified
in the java-1.6.0-openjdk and kernel-rt packages for Red Hat Enterprise Linux 5,
6 and 7. Due to multiple errors, an attacker could bypass security restrictions,
gain escalated privileges and execute arbitrary
code.
URL:rhn.redhat.com/errata/RHSA-2016-0067.html
URL:rhn.redhat.com/errata/RHSA-2016-0068.html
28.
Security Updates in Ubuntu GNU/Linux
(USN-2888-1)
[27/01/2016] Ubuntu has
released security update packages for fixing the vulnerabilities identified in
the mysql-5.5 and mysql-5.6 packages for versions 12.04 LTS, 14.04 LTS, 15.04
and 15.10. An attacker could cause buffer
overflow.
URL:www.ubuntu.com/usn/usn-2888-1/
29.
Vulnerabilities in Apple tvOS
(HT205729)
[26/01/2016]
Vulnerabilities were identified in the Apple
tvOS. An attacker could bypass security restrictions, obtain sensitive
information, gain elevated privileges, execute arbitrary code, cause a denial of
service condition and compromise the system. These vulnerabilities affect
versions 9.1.1 of the mentioned product. Security patches are available to
resolve these
vulnerabilities.
URL:support.apple.com/en-hk/HT205729
30.
Vulnerabilities in Cisco Products
(cisco-sa-20160125-api, cisco-sa-20160125-ucce)
[26/01/2016] Vulnerabilities were identified in the Cisco Application
Policy Infrastructure Controller Enterprise Module (APIC-EM) and Cisco Unified
Contact Center Express. An attacker could bypass security restrictions, obtain
sensitive information, gain elevated privileges, execute arbitrary code, cause a
denial of service condition and compromise the system. These vulnerabilities
affect multiple versions of the mentioned products. Security patches are
available to resolve these
vulnerabilities.
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160125-api
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160125-ucce
URL:exchange.xforce.ibmcloud.com/vulnerabilities/110049
31.
Vulnerabilities in Atlassian Bamboo
(110015, 110016, 110017)
[26/01/2016] Vulnerabilities were identified in the Atlassian Bamboo . An
attacker could bypass security restrictions, obtain sensitive information, gain
elevated privileges, execute arbitrary code, cause a denial of service condition
and compromise the system. These vulnerabilities affect versions prior to 5.9.9
or 5.10.0 of the mentioned products. Security patches are available to resolve
these
vulnerabilities.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/110015
URL:exchange.xforce.ibmcloud.com/vulnerabilities/110016
URL:exchange.xforce.ibmcloud.com/vulnerabilities/110017
32.
Vulnerabilities in Buffalo Products
(110035, 110038)
[26/01/2016] Vulnerabilities were identified in multiple Buffalo network
devices. An attacker could bypass security restrictions, obtain sensitive
information, gain elevated privileges, execute arbitrary code, cause a denial of
service condition and compromise the system. These vulnerabilities affect
multiple versions of the mentioned products. Security patches are available to
resolve these
vulnerabilities.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/110035
URL:exchange.xforce.ibmcloud.com/vulnerabilities/110038
33.
Vulnerability in WiX Toolset installer
(110032)
[26/01/2016]
Vulnerability was identified in the WiX Toolset
installer. An attacker could bypass security restrictions and execute arbitrary
code on the system. The affected version was not
specified.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/110032
34.
Vulnerability in OpenSSH
(110030)
[26/01/2016]
Vulnerability was identified in the OpenSSH. An
attacker could bypass security restrictions and execute arbitrary code on the
system. This vulnerability affects versions prior to 7.1p2 of the mentioned
product. Security patches are available to resolve this
vulnerability.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/110030
35.
Vulnerability in OpenVAS Greenbone
Security Assistant (110029)
[26/01/2016] Vulnerability was identified in the OpenVAS Greenbone
Security Assistant (GSA). An attacker could bypass security restrictions, obtain
sensitive information and execute arbitrary code on the system. This
vulnerability affects version 6.0.8 of the mentioned product. Security patches
are available to resolve this
vulnerability.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/110029
36.
Vulnerabilities in Quick CMS (110047,
110048)
[26/01/2016]
Vulnerabilities were identified in the Quick
CMS. An attacker could bypass security restrictions, obtain sensitive
information, gain elevated privileges, execute arbitrary code, cause a denial of
service condition and compromise the system. These vulnerabilities affect
version 6.1 of the mentioned
product.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/110047
URL:exchange.xforce.ibmcloud.com/vulnerabilities/110048
37.
Vulnerabilities in Linux Kernel (110050,
110051, 110052)
[26/01/2016] Vulnerabilities were identified in the Linux Kernel. An
attacker could bypass security restrictions, obtain sensitive information, gain
elevated privileges, execute arbitrary code, cause a denial of service condition
and compromise the system. These vulnerabilities affect multiple versions of the
mentioned
product.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/110050
URL:exchange.xforce.ibmcloud.com/vulnerabilities/110051
URL:exchange.xforce.ibmcloud.com/vulnerabilities/110052
38.
Vulnerability in Ubuntu xwpe
(110034)
[26/01/2016]
Vulnerability was identified in the Ubuntu xwpe.
An attacker could bypass security restrictions and execute arbitrary code on the
system. This vulnerability affects version 1.5.30a-2.1 of the mentioned
product.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/110034
39.
Security Updates in Oracle Linux
(ELSA-2016-0063, ELSA-2016-0064)
[26/01/2016] Oracle has
released security update packages for fixing the vulnerabilities identified in
the ntp and kernel packages for Oracle Linux 6 and 7. Due to multiple errors, an
attacker could bypass security restrictions, gain elevated privileges, execute
arbitrary code, cause a denial of service condition and crash the
system.
URL:linux.oracle.com/errata/ELSA-2016-0063.html
URL:linux.oracle.com/errata/ELSA-2016-0064.html
40.
Security Updates in Debian
(DSA-3452-1)
[26/01/2016] Debian has
released security update packages for fixing the vulnerability identified in the
claws-mail packages for multiple versions of Debian GNU/Linux. An attacker could
bypass security restrictions, gain elevated privileges and execute arbitrary
code on the
system.
URL:www.debian.org/security/2016/dsa-3452
41.
Security Updates in Red Hat Enterprise
Linux (RHSA-2016:0063-1, RHSA-2016:0064-1)
[26/01/2016] Red Hat
has released security update packages for fixing the vulnerabilities identified
in the ntp and kernel packages for Red Hat Enterprise Linux 6 and 7. Due to
multiple errors, an attacker could bypass security restrictions, gain elevated
privileges, execute arbitrary code, cause a denial of service condition and
crash the
system.
URL:rhn.redhat.com/errata/RHSA-2016-0063.html
URL:rhn.redhat.com/errata/RHSA-2016-0064.html
42.
Security Updates in SUSE
(SUSE-SU-2016:0224-1, openSUSE-SU-2016:0226-1, SUSE-SU-2016:0227-1,
openSUSE-SU-2016:0243-1)
[26/01/2016] SUSE has
released security update packages for fixing the vulnerabilities identified in
the openldap2, bind and ffmpeg packages of SUSE Linux Enterprise 10 and 12,
openSUSE Leap 42.1 and openSUSE 13.2. Due to multiple errors, an attacker could
bypass security restrictions, obtain sensitive information, gain elevated
privileges, execute arbitrary code, cause a denial of service condition and
compromise the
system.
URL:lists.opensuse.org/opensuse-security-announce/2016-01/msg00031.html
URL:lists.opensuse.org/opensuse-security-announce/2016-01/msg00032.html
URL:lists.opensuse.org/opensuse-security-announce/2016-01/msg00033.html
URL:lists.opensuse.org/opensuse-security-announce/2016-01/msg00034.html
43.
Vulnerability in Avast! Antivirus
(110013)
[25/01/2016]
Vulnerability was identified in the Avast!
Antivirus. An attacker could bypass security restrictions and gain elevated
privileges. The affected version was not
specified.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/110013
44.
Security Updates in Debian
(DSA-3451-1)
[25/01/2016] Debian has
released security update packages for fixing the vulnerability identified in the
fuse packages for multiple versions of Debian GNU/Linux. Due to multiple errors,
an attacker could bypass security restrictions, obtain sensitive information and
gain elevated
privileges.
URL:www.debian.org/security/2016/dsa-3451
45.
Security Updates in Mageia
(MGASA-2016-0035)
[25/01/2016] Mageia has
released security update packages for fixing the vulnerability identified in the
virtualbox, kmod-virtualbox and kmod-vboxadditions packages for multiple
versions of Mageia. Due to multiple errors, an attacker could bypass security
restrictions, execute arbitrary code, cause a denial of service condition and
crash the
system.
URL:advisories.mageia.org/MGASA-2016-0035.html
46.
Security Updates in SUSE
(openSUSE-SU-2016:0197-1, openSUSE-SU-2016:0199-1, SUSE-SU-2016:0200-1,
openSUSE-SU-2016:0204-1, SUSE-SU-2016:0205-1, openSUSE-SU-2016:0207-1,
openSUSE-SU-2016:0210-1, openSUSE-SU-2016:0213-1,
openSUSE-SU-2016:0214-1)
[25/01/2016] SUSE has
released security update packages for fixing the vulnerabilities identified in
the bind, kernel, giflib and roundcubemail packages of openSUSE Leap 42.1,
openSUSE 13.1 and 13.2, SUSE Linux Enterprise 11 and 12. Due to multiple errors,
an attacker could bypass security restrictions, obtain sensitive information,
gain elevated privileges, execute arbitrary code, cause a denial of service
condition and compromise the
system.
URL:lists.opensuse.org/opensuse-security-announce/2016-01/msg00022.html
URL:lists.opensuse.org/opensuse-security-announce/2016-01/msg00023.html
URL:lists.opensuse.org/opensuse-security-announce/2016-01/msg00024.html
URL:lists.opensuse.org/opensuse-security-announce/2016-01/msg00025.html
URL:lists.opensuse.org/opensuse-security-announce/2016-01/msg00026.html
URL:lists.opensuse.org/opensuse-security-announce/2016-01/msg00027.html
URL:lists.opensuse.org/opensuse-security-announce/2016-01/msg00028.html
URL:lists.opensuse.org/opensuse-security-announce/2016-01/msg00029.html
URL:lists.opensuse.org/opensuse-security-announce/2016-01/msg00030.html
Sunday, January 31, 2016
Sunday, January 24, 2016
IT Security Alerts Weekly Digest (17 Jan ~ 23 Jan 2016)
1. Vulnerabilities in Google Chrome
[22/01/2016] Vulnerabilities were identified in the Google Chrome. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system. These vulnerabilities affect versions prior to 49.0.2623.0 of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:googlechromereleases.blogspot.hk/2016/01/stable-channel-update_20.html
URL:www.us-cert.gov/ncas/current-activity/2016/01/20/Google-Releases-Security-Update-Chrome
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109995
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109996
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109997
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109998
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109999
URL:exchange.xforce.ibmcloud.com/vulnerabilities/110000
URL:exchange.xforce.ibmcloud.com/vulnerabilities/110001
URL:exchange.xforce.ibmcloud.com/vulnerabilities/110002
URL:exchange.xforce.ibmcloud.com/vulnerabilities/110003
2. Vulnerabilities in F5 Products (SOL02360853, SOL49580002, SOL53445000, SOL60352002, SOL62700573)
[22/01/2016] Vulnerabilities were identified in the F5 BIG-IP LTM, BIG-IP AAM, BIG-IP AFM, BIG-IP Analytics, BIG-IP APM, BIG-IP ASM, BIG-IP DNS, BIG-IP Edge Gateway, BIG-IP GTM, BIG-IP Link Controller, BIG-IP PEM, BIG-IP PSM, BIG-IP WebAccelerator, BIG-IP WOM, Enterprise Manager, BIG-IQ Cloud, BIG-IQ Device, BIG-IQ Security, BIG-IQ ADC, BIG-IQ Centralized Management, BIG-IQ Cloud and Orchestration and Traffix SDC. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the system. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:support.f5.com/kb/en-us/solutions/public/k/02/sol02360853.html
URL:support.f5.com/kb/en-us/solutions/public/k/49/sol49580002.html
URL:support.f5.com/kb/en-us/solutions/public/k/53/sol53445000.html
URL:support.f5.com/kb/en-us/solutions/public/k/60/sol60352002.html
URL:support.f5.com/kb/en-us/solutions/public/k/62/sol62700573.html
3. Vulnerability in CAREL PlantVisor Enhanced (ICSA-16-021-01)
[22/01/2016] Vulnerability was identified in the CAREL PlantVisor Enhanced. An attacker could bypass security restrictions. This vulnerability affects ALL versions of the mentioned product.
URL:ics-cert.us-cert.gov/advisories/ICSA-16-021-01
4. Vulnerability in Hospira Products (ICSA-15-337-02)
[22/01/2016] Vulnerability was identified in the multiple Hospira products. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code and compromise the system. This vulnerability affects multiple versions of the mentioned products. Security patches are available to resolve this vulnerability.
URL:ics-cert.us-cert.gov/advisories/ICSA-15-337-02
5. Vulnerability in Harman AMX multimedia devices (VU#992624)
[22/01/2016] Vulnerability was identified in the Harman AMX multimedia devices. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code and compromise the system. This vulnerability affects multiple versions of the mentioned product. Security patches are available to resolve this vulnerability.
URL:www.kb.cert.org/vuls/id/992624
URL:exchange.xforce.ibmcloud.com/vulnerabilities/110011
6. Security Updates in Oracle Linux (ELSA-2016-0053, ELSA-2016-0054)
[22/01/2016] Oracle has released security update packages for fixing the vulnerabilities identified in the java-1.7.0-openjdk packages for Oracle Linux 5, 6 and 7. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:linux.oracle.com/errata/ELSA-2016-0053.html
URL:linux.oracle.com/errata/ELSA-2016-0054.html
7. Security Updates in Mageia (MGASA-2016-0025, MGASA-2016-0026, MGASA-2016-0027, MGASA-2016-0028, MGASA-2016-0029, MGASA-2016-0030, MGASA-2016-0031, MGASA-2016-0032, MGASA-2016-0033, MGASA-2016-0034)
[22/01/2016] Mageia has released security update packages for fixing the vulnerability identified in the cacti, encfs, perl, perl-PathTools, dhcp, moodle, bind, kernel-linus, kernel-tmb, kernel, kernel-userspace-headers, kmod-vboxadditions, kmod-virtualbox, kmod-xtables-addons, kmod-broadcom-wl, kmod-fglrx, kmod-nvidia304, kmod-nvidia340, kmod-nvidia-current and dhcpcd packages for multiple versions of Mageia. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:advisories.mageia.org/MGASA-2016-0025.html
URL:advisories.mageia.org/MGASA-2016-0026.html
URL:advisories.mageia.org/MGASA-2016-0027.html
URL:advisories.mageia.org/MGASA-2016-0028.html
URL:advisories.mageia.org/MGASA-2016-0029.html
URL:advisories.mageia.org/MGASA-2016-0030.html
URL:advisories.mageia.org/MGASA-2016-0031.html
URL:advisories.mageia.org/MGASA-2016-0032.html
URL:advisories.mageia.org/MGASA-2016-0033.html
URL:advisories.mageia.org/MGASA-2016-0034.html
8. Security Updates in Red Hat Enterprise Linux (RHSA-2016:0053-1, RHSA-2016:0054-1, RHSA-2016:0055-1, RHSA-2016:0056-1, RHSA-2016:0057-1, RHSA-2016:0061-1)
[22/01/2016] Red Hat has released security update packages for fixing the vulnerabilities identified in the java-1.7.0-openjdk, java-1.8.0-oracle, java-1.7.0-oracle, java-1.6.0-sun, httpd and httpd22 packages for Red Hat Enterprise Linux 5, 6 and 7, Red Hat JBoss Web Server 2.1.0 for Red Hat Enterprise Linux 5, 6, and 7. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:rhn.redhat.com/errata/RHSA-2016-0053.html
URL:rhn.redhat.com/errata/RHSA-2016-0054.html
URL:rhn.redhat.com/errata/RHSA-2016-0055.html
URL:rhn.redhat.com/errata/RHSA-2016-0056.html
URL:rhn.redhat.com/errata/RHSA-2016-0057.html
URL:rhn.redhat.com/errata/RHSA-2016-0061.html
9. Security Updates in Ubuntu GNU/Linux (USN-2878-1, USN-2879-1)
[22/01/2016] Ubuntu has released security update packages for fixing the vulnerabilities identified in the perl and rsync packages for versions 12.04 LTS, 14.04 LTS, 15.04 and 15.10. Due to multiple errors, an attacker could bypass security restrictions and obtain sensitive information.
URL:www.ubuntu.com/usn/usn-2878-1/
URL:www.ubuntu.com/usn/usn-2879-1/
10. Vulnerabilities in Cisco Products (cisco-sa-20160120-d9036, cisco-sa-20160120-ucsm)
[21/01/2016] Vulnerability was identified in the Cisco Modular Encoding Platform D9036 Software, Cisco Unified Computing System (UCS) Manager and the Cisco Firepower 9000 Series appliance. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160120-d9036
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160120-ucsm
URL:www.hkcert.org/my_url/en/alert/16012102
URL:www.us-cert.gov/ncas/current-activity/2016/01/20/Cisco-Releases-Security-Updates
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109741
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109742
11. Vulnerability in BlueControl (109710)
[21/01/2016] Vulnerability was identified in the BlueControl. An attacker could bypass security restrictions, execute arbitrary code and compromise the system. This vulnerability affects version 3.5.SR5 of the mentioned product.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109710
12. Vulnerability in Intel Driver Update Utility (109706)
[21/01/2016] Vulnerability was identified in the Intel Driver Update Utility. An attacker could bypass security restrictions and obtain sensitive information. This vulnerability affects versions prior to 3 of the mentioned product. Security patches are available to resolve this vulnerability.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109706
13. Vulnerability in Panda Security installer (109732)
[21/01/2016] Vulnerability was identified in the Panda Security installer. An attacker could bypass security restrictions, execute arbitrary code and compromise the system. This vulnerability affects version 2016 of the mentioned product.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109732
14. Vulnerabilities in Xen (XSA-167, XSA-168)
[21/01/2016] Vulnerabilities were identified in the Xen. An attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and crash the system. These vulnerabilities affect multiple versions of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:xenbits.xen.org/xsa/advisory-167.html
URL:xenbits.xen.org/xsa/advisory-168.html
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109739
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109740
15. Security Updates in Oracle Linux (ELSA-2016-0045, ELSA-2016-0045-1, ELSA-2016-0049, ELSA-2016-0050, ELSA-2016-3509, ELSA-2016-3510)
[21/01/2016] Oracle has released security update packages for fixing the vulnerabilities identified in the kernel, java-1.8.0-openjdk and kernel-uek packages for Oracle Linux 5, 6 and 7. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:linux.oracle.com/errata/ELSA-2016-0045.html
URL:linux.oracle.com/errata/ELSA-2016-0045-1.html
URL:linux.oracle.com/errata/ELSA-2016-0049.html
URL:linux.oracle.com/errata/ELSA-2016-0050.html
URL:linux.oracle.com/errata/ELSA-2016-3509.html
URL:linux.oracle.com/errata/ELSA-2016-3510.html
16. Security Updates in Debian (DSA-3450-1)
[21/01/2016] Debian has released security update packages for fixing the vulnerability identified in the ecryptfs-utils packages for multiple versions of Debian GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions and gain elevated privileges.
URL:www.debian.org/security/2016/dsa-3450
17. Security Updates in Red Hat Enterprise Linux (RHSA-2016:0049-1, RHSA-2016:0050-1)
[21/01/2016] Red Hat has released security update packages for fixing the vulnerabilities identified in the java-1.8.0-openjdk packages for Red Hat Enterprise Linux 6 and 7. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:rhn.redhat.com/errata/RHSA-2016-0049.html
URL:rhn.redhat.com/errata/RHSA-2016-0050.html
18. Security Updates in SUSE (SUSE-SU-2016:0180-1, SUSE-SU-2016:0186-1)
[21/01/2016] SUSE has released security update packages for fixing the vulnerabilities identified in the bind and kernel packages of SUSE Linux Enterprise 12. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:lists.opensuse.org/opensuse-security-announce/2016-01/msg00020.html
URL:lists.opensuse.org/opensuse-security-announce/2016-01/msg00021.html
19. Security Updates in Ubuntu GNU/Linux (USN-2876-1)
[21/01/2016] Ubuntu has released security update packages for fixing the vulnerability identified in the ecryptfs-utils packages for versions 12.04 LTS, 14.04 LTS, 15.04 and 15.10. An attacker could bypass security restrictions and gain elevated privileges.
URL:www.ubuntu.com/usn/usn-2876-1/
20. Vulnerabilities in ISC BIND9 (AA-01335, AA-01336)
[20/01/2016] Vulnerabilities were identified in the ISC BIND9. An attacker could bypass security restrictions, cause a denial of service condition and crash the system. These vulnerabilities affect versions prior to 9.9.8-P3, 9.9.8-S4 or 9.10.3-P3 of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:kb.isc.org/article/AA-01335
URL:kb.isc.org/article/AA-01336
URL:www.hkcert.org/my_url/en/alert/16012002
21. Security Updates in Oracle Products
[20/01/2016] Oracle has released security update packages for fixing the vulnerabilities identified in Oracle Java SE and multiple Oracle Products. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system. Security patches are available to resolve these vulnerabilities.
URL:www.oracle.com/technetwork/topics/security/alert-cve-2015-4852-2763333.html
URL:www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
URL:www.hkcert.org/my_url/en/alert/16012001
URL:www.us-cert.gov/ncas/current-activity/2016/01/19/Oracle-Releases-Security-Bulletin
22. Vulnerabilities in Apple Products (HT205730, HT205731, HT205732)
[20/01/2016] Vulnerabilities were identified in the Apple Safari, OS X El Capitan and iOS. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:support.apple.com/en-hk/HT205730
URL:support.apple.com/en-hk/HT205731
URL:support.apple.com/en-hk/HT205732
URL:prod.lists.apple.com/archives/security-announce/2016/Jan/msg00002.html
URL:prod.lists.apple.com/archives/security-announce/2016/Jan/msg00003.html
URL:prod.lists.apple.com/archives/security-announce/2016/Jan/msg00004.html
23. Vulnerability in Cisco Web Security Appliance (cisco-sa-20160119-wsa)
[20/01/2016] Vulnerability was identified in the Cisco Web Security Appliance (WSA). An attacker could bypass security restrictions. This vulnerability affects versions 8.5.3-055, 9.1.0-000 and 9.5.0-235 of the mentioned product. Security patches are available to resolve this vulnerability.
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160119-wsa
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109697
24. Vulnerability in Pivotal Cloud Foundry (109694)
[20/01/2016] Vulnerability was identified in the Pivotal Cloud Foundry. An attacker could bypass security restrictions and obtain sensitive information. This vulnerability affects versions prior to 1.5.11 or 1.6.11 of the mentioned product. Security patches are available to resolve this vulnerability.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109694
25. Vulnerability in Linux Kernel (109695)
[20/01/2016] Vulnerability was identified in the Linux Kernel. An attacker could bypass security restrictions, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system. This vulnerability affects versions 3.8, 3.9 rc1 and 4.0.5 of the mentioned product. Security patches are available to resolve this vulnerability.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109695
26. Vulnerability in OpenStack Heat (109698)
[20/01/2016] Vulnerability was identified in the OpenStack Heat. An attacker could bypass security restrictions, execute arbitrary code, cause a denial of service condition and crash the system. This vulnerability affects version 2015.1.2 of the mentioned product. Security patches are available to resolve this vulnerability.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109698
27. Security Updates in Debian (DSA-3448-1, DSA-3449-1)
[20/01/2016] Debian has released security update packages for fixing the vulnerabilities identified in the linux and bind9 packages for multiple versions of Debian GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:www.debian.org/security/2016/dsa-3448
URL:www.debian.org/security/2016/dsa-3449
28. Security Updates in Red Hat Enterprise Linux (RHSA-2016:0045-1, RHSA-2016:0046-1)
[20/01/2016] Red Hat has released security update packages for fixing the vulnerabilities identified in the kernel packages for Red Hat Enterprise Linux 5 and 6. Due to multiple errors, an attacker could bypass security restrictions, execute arbitrary code, cause a denial of service condition and crash the system.
URL:rhn.redhat.com/errata/RHSA-2016-0045.html
URL:rhn.redhat.com/errata/RHSA-2016-0046.html
29. Security Updates in SUSE (SUSE-SU-2016:0164-1, SUSE-SU-2016:0168-1, SUSE-SU-2016:0174-1)
[20/01/2016] SUSE has released security update packages for fixing the vulnerabilities identified in the samba, kernel and bind packages of SUSE Linux Enterprise 11 and 12. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:lists.opensuse.org/opensuse-security-announce/2016-01/msg00017.html
URL:lists.opensuse.org/opensuse-security-announce/2016-01/msg00018.html
URL:lists.opensuse.org/opensuse-security-announce/2016-01/msg00019.html
30. Security Updates in Ubuntu GNU/Linux (USN-2870-1, USN-2870-2, USN-2871-1, USN-2871-2, USN-2872-1, USN-2872-3, USN-2873-1, USN-2874-1, USN-2875-1)
[20/01/2016] Ubuntu has released security update packages for fixing the vulnerabilities identified in the linux, linux-lts-trusty, linux-lts-vivid, linux-lts-wily, linux-raspi2, linux-lts-utopic, bind9 and libxml2 packages for versions 12.04 LTS, 14.04 LTS, 15.04 and 15.10. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:www.ubuntu.com/usn/usn-2870-1/
URL:www.ubuntu.com/usn/usn-2870-2/
URL:www.ubuntu.com/usn/usn-2871-1/
URL:www.ubuntu.com/usn/usn-2871-2/
URL:www.ubuntu.com/usn/usn-2872-1/
URL:www.ubuntu.com/usn/usn-2872-2/
URL:www.ubuntu.com/usn/usn-2872-3/
URL:www.ubuntu.com/usn/usn-2873-1/
URL:www.ubuntu.com/usn/usn-2874-1/
URL:www.ubuntu.com/usn/usn-2875-1/
31. Vulnerability in SevOne NMS (109659)
[19/01/2016] Vulnerability was identified in the SevOne NMS. An attacker could bypass security restrictions and execute arbitrary code on the system. This vulnerability affects version 5.3.6.0 of the mentioned product.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109659
32. Vulnerability in Seeds acmailer (109653)
[19/01/2016] Vulnerability was identified in the Seeds acmailer. An attacker could execute arbitrary code on the system. This vulnerability affects multiple versions of the mentioned product. Security patches are available to resolve this vulnerability.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109653
33. Vulnerabilities in Cisco Products (cisco-sa-20160115-FireSIGHT, cisco-sa-20160115-fmc1, cisco-sa-20160115-asa)
[18/01/2016] Vulnerabilities were identified in the Cisco FireSIGHT Management Center and Cisco Adaptive Security Appliance (ASA). An attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code and perform cross-site scripting attacks. These vulnerabilities affect multiple firmware versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160115-FireSIGHT
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160115-fmc1
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160115-asa
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109648
34. Vulnerabilities in IBM Products (1973985, 1974157)
[18/01/2016] Vulnerabilities were identified in the IBM Rational Host On-Demand and IBM Tivoli Federated Identity Manager. An attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code and perform cross-site scripting attacks. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:www-01.ibm.com/support/docview.wss?uid=swg21973985
URL:www-01.ibm.com/support/docview.wss?uid=swg21974157
URL:exchange.xforce.ibmcloud.com/vulnerabilities/105255
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106216
35. Security Updates in Debian (DSA-3447-1)
[18/01/2016] Debian has released security update packages for fixing the vulnerability identified in the tomcat7 packages for multiple versions of Debian GNU/Linux. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:www.debian.org/security/2016/dsa-3447
36. Security Updates in FreeBSD (FreeBSD-SA-16:07.openssh)
[18/01/2016] FreeBSD has released security update packages for fixing the vulnerability identified in the openssh packages for multiple versions of FreeBSD Linux. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:www.freebsd.org/security/advisories/FreeBSD-SA-16:07.openssh.asc
37. Security Updates in Gentoo Linux (GLSA 201601-01)
[18/01/2016] Gentoo has released security update packages for fixing the vulnerability identified in the openssh packages for multiple versions of Gentoo Linux. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:security.gentoo.org/glsa/201601-01
38. Security Updates in Mageia (MGASA-2016-0022, MGASA-2016-0023, MGASA-2016-0024)
[18/01/2016] Mageia has released security update packages for fixing the vulnerability identified in the openssh, qemu and php packages for multiple versions of Mageia. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:advisories.mageia.org/MGASA-2016-0022.html
URL:advisories.mageia.org/MGASA-2016-0023.html
URL:advisories.mageia.org/MGASA-2016-0024.html
39. Security Updates in SUSE (openSUSE-SU-2016:0144-1, openSUSE-SU-2016:0145-1)
[18/01/2016] SUSE has released security update packages for fixing the vulnerabilities identified in the openssh packages of openSUSE Evergreen 11.4 and openSUSE 13.1. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:lists.opensuse.org/opensuse-security-announce/2016-01/msg00015.html
URL:lists.opensuse.org/opensuse-security-announce/2016-01/msg00016.html
40. Security Updates in Slackware (SSA:2016-014-01)
[18/01/2016] Slackware has released security update packages for fixing the vulnerability identified in the openssh packages for multiple versions of Slackware Linux. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.677958
[22/01/2016] Vulnerabilities were identified in the Google Chrome. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system. These vulnerabilities affect versions prior to 49.0.2623.0 of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:googlechromereleases.blogspot.hk/2016/01/stable-channel-update_20.html
URL:www.us-cert.gov/ncas/current-activity/2016/01/20/Google-Releases-Security-Update-Chrome
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109995
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109996
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109997
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109998
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109999
URL:exchange.xforce.ibmcloud.com/vulnerabilities/110000
URL:exchange.xforce.ibmcloud.com/vulnerabilities/110001
URL:exchange.xforce.ibmcloud.com/vulnerabilities/110002
URL:exchange.xforce.ibmcloud.com/vulnerabilities/110003
2. Vulnerabilities in F5 Products (SOL02360853, SOL49580002, SOL53445000, SOL60352002, SOL62700573)
[22/01/2016] Vulnerabilities were identified in the F5 BIG-IP LTM, BIG-IP AAM, BIG-IP AFM, BIG-IP Analytics, BIG-IP APM, BIG-IP ASM, BIG-IP DNS, BIG-IP Edge Gateway, BIG-IP GTM, BIG-IP Link Controller, BIG-IP PEM, BIG-IP PSM, BIG-IP WebAccelerator, BIG-IP WOM, Enterprise Manager, BIG-IQ Cloud, BIG-IQ Device, BIG-IQ Security, BIG-IQ ADC, BIG-IQ Centralized Management, BIG-IQ Cloud and Orchestration and Traffix SDC. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the system. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:support.f5.com/kb/en-us/solutions/public/k/02/sol02360853.html
URL:support.f5.com/kb/en-us/solutions/public/k/49/sol49580002.html
URL:support.f5.com/kb/en-us/solutions/public/k/53/sol53445000.html
URL:support.f5.com/kb/en-us/solutions/public/k/60/sol60352002.html
URL:support.f5.com/kb/en-us/solutions/public/k/62/sol62700573.html
3. Vulnerability in CAREL PlantVisor Enhanced (ICSA-16-021-01)
[22/01/2016] Vulnerability was identified in the CAREL PlantVisor Enhanced. An attacker could bypass security restrictions. This vulnerability affects ALL versions of the mentioned product.
URL:ics-cert.us-cert.gov/advisories/ICSA-16-021-01
4. Vulnerability in Hospira Products (ICSA-15-337-02)
[22/01/2016] Vulnerability was identified in the multiple Hospira products. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code and compromise the system. This vulnerability affects multiple versions of the mentioned products. Security patches are available to resolve this vulnerability.
URL:ics-cert.us-cert.gov/advisories/ICSA-15-337-02
5. Vulnerability in Harman AMX multimedia devices (VU#992624)
[22/01/2016] Vulnerability was identified in the Harman AMX multimedia devices. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code and compromise the system. This vulnerability affects multiple versions of the mentioned product. Security patches are available to resolve this vulnerability.
URL:www.kb.cert.org/vuls/id/992624
URL:exchange.xforce.ibmcloud.com/vulnerabilities/110011
6. Security Updates in Oracle Linux (ELSA-2016-0053, ELSA-2016-0054)
[22/01/2016] Oracle has released security update packages for fixing the vulnerabilities identified in the java-1.7.0-openjdk packages for Oracle Linux 5, 6 and 7. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:linux.oracle.com/errata/ELSA-2016-0053.html
URL:linux.oracle.com/errata/ELSA-2016-0054.html
7. Security Updates in Mageia (MGASA-2016-0025, MGASA-2016-0026, MGASA-2016-0027, MGASA-2016-0028, MGASA-2016-0029, MGASA-2016-0030, MGASA-2016-0031, MGASA-2016-0032, MGASA-2016-0033, MGASA-2016-0034)
[22/01/2016] Mageia has released security update packages for fixing the vulnerability identified in the cacti, encfs, perl, perl-PathTools, dhcp, moodle, bind, kernel-linus, kernel-tmb, kernel, kernel-userspace-headers, kmod-vboxadditions, kmod-virtualbox, kmod-xtables-addons, kmod-broadcom-wl, kmod-fglrx, kmod-nvidia304, kmod-nvidia340, kmod-nvidia-current and dhcpcd packages for multiple versions of Mageia. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:advisories.mageia.org/MGASA-2016-0025.html
URL:advisories.mageia.org/MGASA-2016-0026.html
URL:advisories.mageia.org/MGASA-2016-0027.html
URL:advisories.mageia.org/MGASA-2016-0028.html
URL:advisories.mageia.org/MGASA-2016-0029.html
URL:advisories.mageia.org/MGASA-2016-0030.html
URL:advisories.mageia.org/MGASA-2016-0031.html
URL:advisories.mageia.org/MGASA-2016-0032.html
URL:advisories.mageia.org/MGASA-2016-0033.html
URL:advisories.mageia.org/MGASA-2016-0034.html
8. Security Updates in Red Hat Enterprise Linux (RHSA-2016:0053-1, RHSA-2016:0054-1, RHSA-2016:0055-1, RHSA-2016:0056-1, RHSA-2016:0057-1, RHSA-2016:0061-1)
[22/01/2016] Red Hat has released security update packages for fixing the vulnerabilities identified in the java-1.7.0-openjdk, java-1.8.0-oracle, java-1.7.0-oracle, java-1.6.0-sun, httpd and httpd22 packages for Red Hat Enterprise Linux 5, 6 and 7, Red Hat JBoss Web Server 2.1.0 for Red Hat Enterprise Linux 5, 6, and 7. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:rhn.redhat.com/errata/RHSA-2016-0053.html
URL:rhn.redhat.com/errata/RHSA-2016-0054.html
URL:rhn.redhat.com/errata/RHSA-2016-0055.html
URL:rhn.redhat.com/errata/RHSA-2016-0056.html
URL:rhn.redhat.com/errata/RHSA-2016-0057.html
URL:rhn.redhat.com/errata/RHSA-2016-0061.html
9. Security Updates in Ubuntu GNU/Linux (USN-2878-1, USN-2879-1)
[22/01/2016] Ubuntu has released security update packages for fixing the vulnerabilities identified in the perl and rsync packages for versions 12.04 LTS, 14.04 LTS, 15.04 and 15.10. Due to multiple errors, an attacker could bypass security restrictions and obtain sensitive information.
URL:www.ubuntu.com/usn/usn-2878-1/
URL:www.ubuntu.com/usn/usn-2879-1/
10. Vulnerabilities in Cisco Products (cisco-sa-20160120-d9036, cisco-sa-20160120-ucsm)
[21/01/2016] Vulnerability was identified in the Cisco Modular Encoding Platform D9036 Software, Cisco Unified Computing System (UCS) Manager and the Cisco Firepower 9000 Series appliance. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160120-d9036
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160120-ucsm
URL:www.hkcert.org/my_url/en/alert/16012102
URL:www.us-cert.gov/ncas/current-activity/2016/01/20/Cisco-Releases-Security-Updates
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109741
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109742
11. Vulnerability in BlueControl (109710)
[21/01/2016] Vulnerability was identified in the BlueControl. An attacker could bypass security restrictions, execute arbitrary code and compromise the system. This vulnerability affects version 3.5.SR5 of the mentioned product.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109710
12. Vulnerability in Intel Driver Update Utility (109706)
[21/01/2016] Vulnerability was identified in the Intel Driver Update Utility. An attacker could bypass security restrictions and obtain sensitive information. This vulnerability affects versions prior to 3 of the mentioned product. Security patches are available to resolve this vulnerability.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109706
13. Vulnerability in Panda Security installer (109732)
[21/01/2016] Vulnerability was identified in the Panda Security installer. An attacker could bypass security restrictions, execute arbitrary code and compromise the system. This vulnerability affects version 2016 of the mentioned product.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109732
14. Vulnerabilities in Xen (XSA-167, XSA-168)
[21/01/2016] Vulnerabilities were identified in the Xen. An attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and crash the system. These vulnerabilities affect multiple versions of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:xenbits.xen.org/xsa/advisory-167.html
URL:xenbits.xen.org/xsa/advisory-168.html
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109739
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109740
15. Security Updates in Oracle Linux (ELSA-2016-0045, ELSA-2016-0045-1, ELSA-2016-0049, ELSA-2016-0050, ELSA-2016-3509, ELSA-2016-3510)
[21/01/2016] Oracle has released security update packages for fixing the vulnerabilities identified in the kernel, java-1.8.0-openjdk and kernel-uek packages for Oracle Linux 5, 6 and 7. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:linux.oracle.com/errata/ELSA-2016-0045.html
URL:linux.oracle.com/errata/ELSA-2016-0045-1.html
URL:linux.oracle.com/errata/ELSA-2016-0049.html
URL:linux.oracle.com/errata/ELSA-2016-0050.html
URL:linux.oracle.com/errata/ELSA-2016-3509.html
URL:linux.oracle.com/errata/ELSA-2016-3510.html
16. Security Updates in Debian (DSA-3450-1)
[21/01/2016] Debian has released security update packages for fixing the vulnerability identified in the ecryptfs-utils packages for multiple versions of Debian GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions and gain elevated privileges.
URL:www.debian.org/security/2016/dsa-3450
17. Security Updates in Red Hat Enterprise Linux (RHSA-2016:0049-1, RHSA-2016:0050-1)
[21/01/2016] Red Hat has released security update packages for fixing the vulnerabilities identified in the java-1.8.0-openjdk packages for Red Hat Enterprise Linux 6 and 7. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:rhn.redhat.com/errata/RHSA-2016-0049.html
URL:rhn.redhat.com/errata/RHSA-2016-0050.html
18. Security Updates in SUSE (SUSE-SU-2016:0180-1, SUSE-SU-2016:0186-1)
[21/01/2016] SUSE has released security update packages for fixing the vulnerabilities identified in the bind and kernel packages of SUSE Linux Enterprise 12. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:lists.opensuse.org/opensuse-security-announce/2016-01/msg00020.html
URL:lists.opensuse.org/opensuse-security-announce/2016-01/msg00021.html
19. Security Updates in Ubuntu GNU/Linux (USN-2876-1)
[21/01/2016] Ubuntu has released security update packages for fixing the vulnerability identified in the ecryptfs-utils packages for versions 12.04 LTS, 14.04 LTS, 15.04 and 15.10. An attacker could bypass security restrictions and gain elevated privileges.
URL:www.ubuntu.com/usn/usn-2876-1/
20. Vulnerabilities in ISC BIND9 (AA-01335, AA-01336)
[20/01/2016] Vulnerabilities were identified in the ISC BIND9. An attacker could bypass security restrictions, cause a denial of service condition and crash the system. These vulnerabilities affect versions prior to 9.9.8-P3, 9.9.8-S4 or 9.10.3-P3 of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:kb.isc.org/article/AA-01335
URL:kb.isc.org/article/AA-01336
URL:www.hkcert.org/my_url/en/alert/16012002
21. Security Updates in Oracle Products
[20/01/2016] Oracle has released security update packages for fixing the vulnerabilities identified in Oracle Java SE and multiple Oracle Products. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system. Security patches are available to resolve these vulnerabilities.
URL:www.oracle.com/technetwork/topics/security/alert-cve-2015-4852-2763333.html
URL:www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
URL:www.hkcert.org/my_url/en/alert/16012001
URL:www.us-cert.gov/ncas/current-activity/2016/01/19/Oracle-Releases-Security-Bulletin
22. Vulnerabilities in Apple Products (HT205730, HT205731, HT205732)
[20/01/2016] Vulnerabilities were identified in the Apple Safari, OS X El Capitan and iOS. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:support.apple.com/en-hk/HT205730
URL:support.apple.com/en-hk/HT205731
URL:support.apple.com/en-hk/HT205732
URL:prod.lists.apple.com/archives/security-announce/2016/Jan/msg00002.html
URL:prod.lists.apple.com/archives/security-announce/2016/Jan/msg00003.html
URL:prod.lists.apple.com/archives/security-announce/2016/Jan/msg00004.html
23. Vulnerability in Cisco Web Security Appliance (cisco-sa-20160119-wsa)
[20/01/2016] Vulnerability was identified in the Cisco Web Security Appliance (WSA). An attacker could bypass security restrictions. This vulnerability affects versions 8.5.3-055, 9.1.0-000 and 9.5.0-235 of the mentioned product. Security patches are available to resolve this vulnerability.
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160119-wsa
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109697
24. Vulnerability in Pivotal Cloud Foundry (109694)
[20/01/2016] Vulnerability was identified in the Pivotal Cloud Foundry. An attacker could bypass security restrictions and obtain sensitive information. This vulnerability affects versions prior to 1.5.11 or 1.6.11 of the mentioned product. Security patches are available to resolve this vulnerability.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109694
25. Vulnerability in Linux Kernel (109695)
[20/01/2016] Vulnerability was identified in the Linux Kernel. An attacker could bypass security restrictions, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system. This vulnerability affects versions 3.8, 3.9 rc1 and 4.0.5 of the mentioned product. Security patches are available to resolve this vulnerability.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109695
26. Vulnerability in OpenStack Heat (109698)
[20/01/2016] Vulnerability was identified in the OpenStack Heat. An attacker could bypass security restrictions, execute arbitrary code, cause a denial of service condition and crash the system. This vulnerability affects version 2015.1.2 of the mentioned product. Security patches are available to resolve this vulnerability.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109698
27. Security Updates in Debian (DSA-3448-1, DSA-3449-1)
[20/01/2016] Debian has released security update packages for fixing the vulnerabilities identified in the linux and bind9 packages for multiple versions of Debian GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:www.debian.org/security/2016/dsa-3448
URL:www.debian.org/security/2016/dsa-3449
28. Security Updates in Red Hat Enterprise Linux (RHSA-2016:0045-1, RHSA-2016:0046-1)
[20/01/2016] Red Hat has released security update packages for fixing the vulnerabilities identified in the kernel packages for Red Hat Enterprise Linux 5 and 6. Due to multiple errors, an attacker could bypass security restrictions, execute arbitrary code, cause a denial of service condition and crash the system.
URL:rhn.redhat.com/errata/RHSA-2016-0045.html
URL:rhn.redhat.com/errata/RHSA-2016-0046.html
29. Security Updates in SUSE (SUSE-SU-2016:0164-1, SUSE-SU-2016:0168-1, SUSE-SU-2016:0174-1)
[20/01/2016] SUSE has released security update packages for fixing the vulnerabilities identified in the samba, kernel and bind packages of SUSE Linux Enterprise 11 and 12. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:lists.opensuse.org/opensuse-security-announce/2016-01/msg00017.html
URL:lists.opensuse.org/opensuse-security-announce/2016-01/msg00018.html
URL:lists.opensuse.org/opensuse-security-announce/2016-01/msg00019.html
30. Security Updates in Ubuntu GNU/Linux (USN-2870-1, USN-2870-2, USN-2871-1, USN-2871-2, USN-2872-1, USN-2872-3, USN-2873-1, USN-2874-1, USN-2875-1)
[20/01/2016] Ubuntu has released security update packages for fixing the vulnerabilities identified in the linux, linux-lts-trusty, linux-lts-vivid, linux-lts-wily, linux-raspi2, linux-lts-utopic, bind9 and libxml2 packages for versions 12.04 LTS, 14.04 LTS, 15.04 and 15.10. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:www.ubuntu.com/usn/usn-2870-1/
URL:www.ubuntu.com/usn/usn-2870-2/
URL:www.ubuntu.com/usn/usn-2871-1/
URL:www.ubuntu.com/usn/usn-2871-2/
URL:www.ubuntu.com/usn/usn-2872-1/
URL:www.ubuntu.com/usn/usn-2872-2/
URL:www.ubuntu.com/usn/usn-2872-3/
URL:www.ubuntu.com/usn/usn-2873-1/
URL:www.ubuntu.com/usn/usn-2874-1/
URL:www.ubuntu.com/usn/usn-2875-1/
31. Vulnerability in SevOne NMS (109659)
[19/01/2016] Vulnerability was identified in the SevOne NMS. An attacker could bypass security restrictions and execute arbitrary code on the system. This vulnerability affects version 5.3.6.0 of the mentioned product.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109659
32. Vulnerability in Seeds acmailer (109653)
[19/01/2016] Vulnerability was identified in the Seeds acmailer. An attacker could execute arbitrary code on the system. This vulnerability affects multiple versions of the mentioned product. Security patches are available to resolve this vulnerability.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109653
33. Vulnerabilities in Cisco Products (cisco-sa-20160115-FireSIGHT, cisco-sa-20160115-fmc1, cisco-sa-20160115-asa)
[18/01/2016] Vulnerabilities were identified in the Cisco FireSIGHT Management Center and Cisco Adaptive Security Appliance (ASA). An attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code and perform cross-site scripting attacks. These vulnerabilities affect multiple firmware versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160115-FireSIGHT
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160115-fmc1
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160115-asa
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109648
34. Vulnerabilities in IBM Products (1973985, 1974157)
[18/01/2016] Vulnerabilities were identified in the IBM Rational Host On-Demand and IBM Tivoli Federated Identity Manager. An attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code and perform cross-site scripting attacks. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:www-01.ibm.com/support/docview.wss?uid=swg21973985
URL:www-01.ibm.com/support/docview.wss?uid=swg21974157
URL:exchange.xforce.ibmcloud.com/vulnerabilities/105255
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106216
35. Security Updates in Debian (DSA-3447-1)
[18/01/2016] Debian has released security update packages for fixing the vulnerability identified in the tomcat7 packages for multiple versions of Debian GNU/Linux. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:www.debian.org/security/2016/dsa-3447
36. Security Updates in FreeBSD (FreeBSD-SA-16:07.openssh)
[18/01/2016] FreeBSD has released security update packages for fixing the vulnerability identified in the openssh packages for multiple versions of FreeBSD Linux. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:www.freebsd.org/security/advisories/FreeBSD-SA-16:07.openssh.asc
37. Security Updates in Gentoo Linux (GLSA 201601-01)
[18/01/2016] Gentoo has released security update packages for fixing the vulnerability identified in the openssh packages for multiple versions of Gentoo Linux. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:security.gentoo.org/glsa/201601-01
38. Security Updates in Mageia (MGASA-2016-0022, MGASA-2016-0023, MGASA-2016-0024)
[18/01/2016] Mageia has released security update packages for fixing the vulnerability identified in the openssh, qemu and php packages for multiple versions of Mageia. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:advisories.mageia.org/MGASA-2016-0022.html
URL:advisories.mageia.org/MGASA-2016-0023.html
URL:advisories.mageia.org/MGASA-2016-0024.html
39. Security Updates in SUSE (openSUSE-SU-2016:0144-1, openSUSE-SU-2016:0145-1)
[18/01/2016] SUSE has released security update packages for fixing the vulnerabilities identified in the openssh packages of openSUSE Evergreen 11.4 and openSUSE 13.1. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:lists.opensuse.org/opensuse-security-announce/2016-01/msg00015.html
URL:lists.opensuse.org/opensuse-security-announce/2016-01/msg00016.html
40. Security Updates in Slackware (SSA:2016-014-01)
[18/01/2016] Slackware has released security update packages for fixing the vulnerability identified in the openssh packages for multiple versions of Slackware Linux. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.677958
Subscribe to:
Posts (Atom)