1. Vulnerability
in Symantec DV Certificate Issuance System
(SYM16-001)
[05/02/2016] Vulnerability was identified in the Symantec DV Certificate
Issuance System. An attacker could bypass security restrictions. This
vulnerability affects ALL versions of the mentioned
product.
URL:www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160204_00
2. Vulnerabilities in F5 Products (SOL16015326,
SOL20225390)
[05/02/2016] Vulnerabilities were identified in the F5 BIG-IP LTM, BIG-IP
AAM, BIG-IP AFM, BIG-IP Analytics, BIG-IP APM, BIG-IP ASM, BIG-IP DNS, BIG-IP
Edge Gateway, BIG-IP GTM, BIG-IP Link Controller, BIG-IP PEM, BIG-IP PSM, BIG-IP
WebAccelerator, BIG-IP WOM, ARX, Enterprise Manager, BIG-IQ Cloud, BIG-IQ
Device, BIG-IQ Security, BIG-IQ ADC, BIG-IQ Centralized Management, BIG-IQ Cloud
and Orchestration, LineRate and Traffix SDC. An attacker could bypass security
restrictions, obtain sensitive information, gain elevated privileges, execute
arbitrary code, cause a denial of service condition and compromise the system.
These vulnerabilities affect multiple versions of the mentioned products.
Security patches are available to resolve these
vulnerabilities.
URL:support.f5.com/kb/en-us/solutions/public/k/16/sol16015326.html
URL:support.f5.com/kb/en-us/solutions/public/k/20/sol20225390.html
3. Vulnerability in Dell SecureWorks for iOS
(110408)
[05/02/2016]
Vulnerability was identified in the Dell
SecureWorks for iOS. An attacker could bypass security restrictions and obtain
sensitive information. This vulnerability affects versions prior to 42.1 of the
mentioned product. Security patches are available to resolve this
vulnerability.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/110408
4. Vulnerability in Huawei Smart Phone
(huawei-sa-20160203-01-smartphone)
[05/02/2016] Vulnerability was identified in multiple Huawei smart phones.
An attacker could bypass security restrictions, gain elevated privileges,
execute arbitrary code, cause a denial of service condition and crash the
system. This vulnerability affects multiple firmware versions of the mentioned
products. Security patches are available to resolve this
vulnerability.
URL:www.huawei.com/en/psirt/security-advisories/huawei-sa-20160203-01-smartphone
5. Vulnerability in Comodo Chromodo browser
(VU#305096)
[05/02/2016] Vulnerability was identified in the Comodo Chromodo browser.
An attacker could bypass security restrictions, obtain sensitive information,
gain elevated privileges, execute arbitrary code, cause a denial of service
condition and compromise the system. This vulnerability affects versions
45.8.12.392, 45.8.12.391, and possibly earlier of the mentioned
product.
URL:www.kb.cert.org/vuls/id/305096
6. Vulnerabilities in Asterisk (110405, 110406,
110407)
[05/02/2016]
Vulnerabilities were identified in the Asterisk.
An attacker could bypass security restrictions, obtain sensitive information,
execute arbitrary code, cause a denial of service condition and crash the
system. These vulnerabilities affect multiple versions of the mentioned product.
Security patches are available to resolve these
vulnerabilities.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/110405
URL:exchange.xforce.ibmcloud.com/vulnerabilities/110406
URL:exchange.xforce.ibmcloud.com/vulnerabilities/110407
7. Vulnerability in OpenStack Glance
(110400)
[05/02/2016]
Vulnerability was identified in the OpenStack
Glance. An attacker could bypass security restrictions and execute arbitrary
code on the system. This vulnerability affects multiple versions the mentioned
product. Security patches are available to resolve this
vulnerability.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/110400
8. Vulnerabilities in MIT Kerberos (110393, 110394,
110395)
[05/02/2016]
Vulnerabilities were identified in the MIT
Kerberos. An attacker could bypass security restrictions, obtain sensitive
information, execute arbitrary code, cause a denial of service condition and
crash the system. These vulnerabilities affect version 5.1.14 of the mentioned
product. Security patches are available to resolve these
vulnerabilities.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/110393
URL:exchange.xforce.ibmcloud.com/vulnerabilities/110394
URL:exchange.xforce.ibmcloud.com/vulnerabilities/110395
9. Security Updates in SUSE (SUSE-SU-2016:0334-1,
SUSE-SU-2016:0335-1, SUSE-SU-2016:0336-1, SUSE-SU-2016:0337-1,
SUSE-SU-2016:0338-1, SUSE-SU-2016:0339-1,
SUSE-SU-2016:0341-1)
[05/02/2016] SUSE has
released security update packages for fixing the vulnerabilities identified in
the MozillaFirefox, MozillaFirefox-branding-SLED, mozilla-nss, kernel live patch
SP8-11 packages of SUSE Linux Enterprise 11 and 12. Due to multiple errors, an
attacker could bypass security restrictions, obtain sensitive information, gain
elevated privileges, execute arbitrary code, cause a denial of service condition
and compromise the
system.
URL:lists.opensuse.org/opensuse-security-announce/2016-02/msg00006.html
URL:lists.opensuse.org/opensuse-security-announce/2016-02/msg00007.html
URL:lists.opensuse.org/opensuse-security-announce/2016-02/msg00008.html
URL:lists.opensuse.org/opensuse-security-announce/2016-02/msg00009.html
URL:lists.opensuse.org/opensuse-security-announce/2016-02/msg00010.html
URL:lists.opensuse.org/opensuse-security-announce/2016-02/msg00011.html
URL:lists.opensuse.org/opensuse-security-announce/2016-02/msg00012.html
10.
Security Updates in Red Hat Enterprise
Linux (RHSA-2016:0121-1, RHSA-2016:0122-1,
RHSA-2016:0124-1)
[05/02/2016] Red Hat
has released security update packages for fixing the vulnerability identified in
the jboss-ec2-eap packages for Red Hat JBoss Enterprise Application Platform
6.4.6 on Red Hat Enterprise Linux 5 and 6. An attacker could bypass security
restrictions and execute arbitrary code on the
system.
URL:rhn.redhat.com/errata/RHSA-2016-0121.html
URL:rhn.redhat.com/errata/RHSA-2016-0122.html
URL:rhn.redhat.com/errata/RHSA-2016-0124.html
11.
Vulnerabilities in Cisco Products
(cisco-sa-20160203-apic, cisco-sa-20160203-jgs, cisco-sa-20160203-n9knci,
cisco-sa-20160203-prsm, cisco-sa-20160203-uc,
cisco-sa-20160203-ucm)
[04/02/2016] Vulnerabilities were identified in multiple Cisco products.
An attacker could bypass security restrictions, obtain sensitive information,
gain elevated privileges, execute arbitrary code, cause a denial of service
condition and compromise the system. These vulnerabilities affect multiple
versions of the mentioned products. Security patches are available to resolve
these
vulnerabilities.
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160203-apic
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160203-jgs
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160203-n9knci
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160203-prsm
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160203-uc
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160203-ucm
URL:exchange.xforce.ibmcloud.com/vulnerabilities/110354
URL:exchange.xforce.ibmcloud.com/vulnerabilities/110355
URL:exchange.xforce.ibmcloud.com/vulnerabilities/110356
URL:exchange.xforce.ibmcloud.com/vulnerabilities/110359
URL:exchange.xforce.ibmcloud.com/vulnerabilities/110363
URL:exchange.xforce.ibmcloud.com/vulnerabilities/110364
12.
Vulnerabilities in F5 Products
(SOL15955144, SOL95698826)
[04/02/2016] Vulnerabilities were identified in the F5 BIG-IP LTM, BIG-IP
AAM, BIG-IP AFM, BIG-IP Analytics, BIG-IP APM, BIG-IP ASM, BIG-IP DNS, BIG-IP
Edge Gateway, BIG-IP GTM, BIG-IP Link Controller, BIG-IP PEM, BIG-IP PSM, BIG-IP
WebAccelerator, BIG-IP WOM, ARX, Enterprise Manager, BIG-IQ Cloud, BIG-IQ
Device, BIG-IQ Security, BIG-IQ ADC, BIG-IQ Centralized Management, BIG-IQ Cloud
and Orchestration. An attacker could bypass security restrictions, obtain
sensitive information, gain elevated privileges, execute arbitrary code, cause a
denial of service condition and crash the system. These vulnerabilities affect
multiple versions of the mentioned products. Security patches are available to
resolve these
vulnerabilities.
URL:support.f5.com/kb/en-us/solutions/public/k/15/sol15955144.html
URL:support.f5.com/kb/en-us/solutions/public/k/95/sol95698826.html
13.
Vulnerability in HP Client Security
Manager (110333)
[04/02/2016] Vulnerability was identified in the HP Client Security
Manager. An attacker could bypass security restrictions, execute arbitrary code
and perform cross-site scripting attacks. This vulnerability affects version
8.3.4.1811 of the mentioned
product.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/110333
14.
Vulnerabilities in Netgear Management
System NMS300 (VU#777024)
[04/02/2016] Vulnerabilities were identified in the Netgear Management
System NMS300. An attacker could bypass security restrictions, obtain sensitive
information, execute arbitrary code, cause a denial of service condition and
compromise the system. These vulnerabilities affect versions 1.5.0.11 and
earlier of the mentioned
product.
URL:www.kb.cert.org/vuls/id/777024
15. Vulnerabilities in WPS Office (110337,
110338)
[04/02/2016]
Vulnerabilities were identified in the WPS
Office. An attacker could bypass security restrictions and execute arbitrary
code. These vulnerabilities affect versions prior to 2016 of the mentioned
product. Security patches are available to resolve these
vulnerabilities.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/110337
URL:exchange.xforce.ibmcloud.com/vulnerabilities/110338
16.
Vulnerability in PHPSysInfo
(110343)
[04/02/2016]
Vulnerability was identified in the PHPSysInfo.
An attacker could bypass security restrictions and execute arbitrary code on the
system. This vulnerability affects version 3.1.12 of the mentioned
product.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/110343
17.
Vulnerabilities in eClinicalWorks
Population Health (110345, 110346, 110347, 110348)
[04/02/2016] Vulnerabilities were identified in the eClinicalWorks
Population Health. An attacker could bypass security restrictions, obtain
sensitive information, gain elevated privileges, execute arbitrary code, cause a
denial of service condition and compromise the system. The affected version was
not
specified.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/110345
URL:exchange.xforce.ibmcloud.com/vulnerabilities/110346
URL:exchange.xforce.ibmcloud.com/vulnerabilities/110347
URL:exchange.xforce.ibmcloud.com/vulnerabilities/110348
18.
Security Updates in Debian
(DSA-3465-1)
[04/02/2016] Debian has
released security update packages for fixing the vulnerabilities identified in
the openjdk-6 packages for multiple versions of Debian GNU/Linux. Due to
multiple errors, an attacker could bypass security restrictions, obtain
sensitive information, gain elevated privileges, execute arbitrary code, cause a
denial of service condition and compromise the
system.
URL:www.debian.org/security/2016/dsa-3465
19.
Security Updates in Slackware
(SSA:2016-034-01, SSA:2016-034-02, SSA:2016-034-03,
SSA:2016-034-04)
[04/02/2016] Slackware
has released security update packages for fixing the vulnerabilities identified
in the mozilla-firefox, MPlayer, openssl and php packages for multiple versions
of Slackware Linux. Due to multiple errors, an attacker could bypass security
restrictions, obtain sensitive information, gain elevated privileges, execute
arbitrary code, cause a denial of service condition and compromise the
system.
URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.355523
URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.529036
URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.492741
URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.461720
20.
Security Updates in SUSE
(openSUSE-SU-2016:0318-1)
[04/02/2016] SUSE has
released security update packages for fixing the vulnerabilities identified in
the Linux Kernel packages of openSUSE 13.2. Due to multiple errors, an attacker
could bypass security restrictions, obtain sensitive information, gain elevated
privileges, execute arbitrary code, cause a denial of service condition and
compromise the
system.
URL:lists.opensuse.org/opensuse-security-announce/2016-02/msg00005.html
21.
Security Updates in Red Hat Enterprise
Linux (RHSA-2016:0098-1, RHSA-2016:0099-1, RHSA-2016:0100-1, RHSA-2016:0101-1,
RHSA-2016:0103-1)
[04/02/2016] Red Hat
has released security update packages for fixing the vulnerabilities identified
in the java-1.8.0-ibm, java-1.7.1-ibm, java-1.7.0-ibm, java-1.6.0-ibm and kernel
packages for Red Hat Enterprise Linux 5, 6 and 7. Due to multiple errors, an
attacker could bypass security restrictions, obtain sensitive information, gain
elevated privileges, execute arbitrary code, cause a denial of service condition
and compromise the
system.
URL:rhn.redhat.com/errata/RHSA-2016-0098.html
URL:rhn.redhat.com/errata/RHSA-2016-0099.html
URL:rhn.redhat.com/errata/RHSA-2016-0100.html
URL:rhn.redhat.com/errata/RHSA-2016-0101.html
URL:rhn.redhat.com/errata/RHSA-2016-0103.html
22.
Security Updates in Ubuntu GNU/Linux
(USN-2891-1)
[04/02/2016] Ubuntu has
released security update packages for fixing the vulnerabilities identified in
the qemu and qemu-kvm packages for versions 12.04 LTS, 14.04 LTS and 15.10. Due
to multiple errors, an attacker could bypass security restrictions, obtain
sensitive information, gain elevated privileges, execute arbitrary code, cause a
denial of service condition and compromise the
system.
URL:www.ubuntu.com/usn/usn-2891-1/
23. Vulnerabilities in Cisco Products
(cisco-sa-20160202-fducce, cisco-sa-20160202-wms)
[03/02/2016] Vulnerabilities were identified in the Cisco Finesse Desktop
and Cisco Unified Contact Center Express applications, and Cisco WebEx Meetings
Server. An attacker could bypass security restrictions, execute arbitrary code
and perform cross-site scripting (XSS) attacks. These vulnerabilities affect
multiple versions of the mentioned products. Security patches are available to
resolve these
vulnerabilities.
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160202-fducce
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160202-wms
URL:exchange.xforce.ibmcloud.com/vulnerabilities/110329
24.
Vulnerability in F5 Products
(SOL15095307)
[03/02/2016] Vulnerability was identified in the F5 BIG-IP LTM, BIG-IP
AAM, BIG-IP AFM, BIG-IP Analytics, BIG-IP APM, BIG-IP ASM, BIG-IP DNS, BIG-IP
Edge Gateway, BIG-IP GTM, BIG-IP Link Controller, BIG-IP PEM, BIG-IP PSM, BIG-IP
WebAccelerator, BIG-IP WOM, ARX and Enterprise Manager. An attacker could bypass
security restrictions, execute arbitrary code, cause a denial of service
condition and crash the system. This vulnerability affects multiple versions of
the mentioned products. Security patches are available to resolve this
vulnerability.
URL:support.f5.com/kb/en-us/solutions/public/k/15/sol15095307.html
25.
Vulnerabilities in GE SNMP/Web Interface
adapter (ICSA-16-033-02)
[03/02/2016] Vulnerabilities were identified in the GE SNMP/Web Interface
adapter. An attacker could bypass security restrictions, obtain sensitive
information and execute arbitrary code on the system. These vulnerabilities
affect firmware versions prior to 4.8 of the mentioned product. Security patches
are available to resolve these
vulnerabilities.
URL:ics-cert.us-cert.gov/advisories/ICSA-16-033-02
26.
Vulnerabilities in Sauter moduWeb Vision
(ICSA-16-033-01)
[03/02/2016] Vulnerabilities were identified in the Sauter moduWeb Vision.
An attacker could bypass security restrictions, obtain sensitive information,
gain elevated privileges, execute arbitrary code and perform cross-site
scripting (XSS) attacks. These vulnerabilities affect versions 1.5.5 and prior
of the mentioned product. Security patches are available to resolve these
vulnerabilities.
URL:ics-cert.us-cert.gov/advisories/ICSA-16-033-01
27.
Vulnerability in Fisher-Price Smart Toy
(VU#719736)
[03/02/2016] Vulnerability was identified in the Fisher-Price Smart Toy.
An attacker could bypass security restrictions, execute arbitrary code and
compromise the system. This vulnerability affects multiple firmware versions of
the mentioned product. Security patches are available to resolve this
vulnerability.
URL:www.kb.cert.org/vuls/id/719736
URL:exchange.xforce.ibmcloud.com/vulnerabilities/110324
28.
Vulnerability in OpenELEC and RasPlex
(VU#544527)
[03/02/2016] Vulnerability was identified in the OpenELEC and RasPlex. An
attacker could bypass security restrictions, obtain sensitive information,
execute arbitrary code and compromise the system. This vulnerability affects
multiple versions of the mentioned
products.
URL:www.kb.cert.org/vuls/id/544527
URL:exchange.xforce.ibmcloud.com/vulnerabilities/110325
29.
Vulnerabilities in
WordPress
[03/02/2016]
Vulnerabilities were identified in the
WordPress. An attacker could bypass security restrictions and obtain sensitive
information. These vulnerabilities affect versions prior to 4.4.2 of the
mentioned product. Security patches are available to resolve these
vulnerabilities.
URL:wordpress.org/news/2016/02/wordpress-4-4-2-security-and-maintenance-release/
URL:www.us-cert.gov/ncas/current-activity/2016/02/02/WordPress-Releases-Security-Update
30.
Security Updates in Red Hat Enterprise
Linux (RHSA-2016:0098-1, RHSA-2016:0099-1, RHSA-2016:0100-1, RHSA-2016:0101-1,
RHSA-2016:0103-1)
[03/02/2016] Red Hat
has released security update packages for fixing the vulnerabilities identified
in the java-1.8.0-ibm, java-1.7.1-ibm, java-1.7.0-ibm, java-1.6.0-ibm and kernel
packages for Red Hat Enterprise Linux 5, 6 and 7. Due to multiple errors, an
attacker could bypass security restrictions, obtain sensitive information, gain
elevated privileges, execute arbitrary code, cause a denial of service condition
and compromise the
system.
URL:rhn.redhat.com/errata/RHSA-2016-0098.html
URL:rhn.redhat.com/errata/RHSA-2016-0099.html
URL:rhn.redhat.com/errata/RHSA-2016-0100.html
URL:rhn.redhat.com/errata/RHSA-2016-0101.html
URL:rhn.redhat.com/errata/RHSA-2016-0103.html
31.
Security Updates in Ubuntu GNU/Linux
(USN-2886-1, USN-2886-2, USN-2887-1, USN-2887-2, USN-2888-1, USN-2889-1,
USN-2889-2, USN-2890-1, USN-2890-2, USN-2890-3)
[03/02/2016] Ubuntu has released security update packages for fixing the
vulnerabilities identified in the linux, linux-ti-omap4, linux-lts-trusty,
linux-lts-utopic, linux-lts-vivid, linux-lts-wily and linux-raspi2 packages for
versions 12.04 LTS, 14.04 LTS, 15.04 and 15.10. Due to multiple errors, an
attacker could bypass security restrictions, obtain sensitive information, gain
elevated privileges, execute arbitrary code, cause a denial of service condition
and compromise the
system.
URL:www.ubuntu.com/usn/usn-2886-1/
URL:www.ubuntu.com/usn/usn-2886-2/
URL:www.ubuntu.com/usn/usn-2887-1/
URL:www.ubuntu.com/usn/usn-2887-2/
URL:www.ubuntu.com/usn/usn-2888-1/
URL:www.ubuntu.com/usn/usn-2889-1/
URL:www.ubuntu.com/usn/usn-2889-2/
URL:www.ubuntu.com/usn/usn-2890-1/
URL:www.ubuntu.com/usn/usn-2890-2/
URL:www.ubuntu.com/usn/usn-2890-3/
32.
Vulnerability in Apache
Camel
[02/02/2016]
Vulnerability was identified in the Apache
Camel. An attacker could bypass security restrictions, execute arbitrary code
and compromise the system. This vulnerability affects versions prior to 2.15.5
or 2.16.1 of the mentioned product. Security patches are available to resolve
this
vulnerability.
URL:camel.apache.org/security-advisories.data/CVE-2015-5344.txt.asc
URL:exchange.xforce.ibmcloud.com/vulnerabilities/110297
33.
Vulnerabilities in Cisco Products
(cisco-sa-20160201-apic-em, cisco-sa-20160201-fd)
[02/02/2016] Vulnerabilities were identified in the Cisco Application
Policy Infrastructure Controller Enterprise Module (APIC-EM) and Cisco Fog
Director web framework. An attacker could bypass security restrictions, execute
arbitrary code and perform cross-site scripting (XSS) attacks. These
vulnerabilities affect multiple versions of the mentioned products. Security
patches are available to resolve these
vulnerabilities.
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160201-apic-em
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160201-fd
URL:exchange.xforce.ibmcloud.com/vulnerabilities/110298
34.
Vulnerabilities in Huawei Products
(huawei-sa-20160129-01-dns,
huawei-sa-20160130-01-smartphone)
[02/02/2016] Vulnerabilities were identified in the Huawei Mobile WiFi
E5151 and E5186 routers, and multiple Huawei smart phones. An attacker could
bypass security restrictions, execute arbitrary code, perform DNS spoofing
attacks, compromise the normal service of DNS, cause a denial of service
condition and crash the system. These vulnerabilities affects multiple firmware
versions of the mentioned products. Security patches are available to resolve
these
vulnerabilities.
URL:www.huawei.com/en/psirt/security-advisories/huawei-sa-20160129-01-dns-en
URL:www.huawei.com/en/psirt/security-advisories/huawei-sa-20160130-01-smartphone-en
URL:www.kb.cert.org/vuls/id/972224
35.
Vulnerabilities in Nginx DNS (110280,
110282, 110283)
[02/02/2016] Vulnerabilities were identified in the Nginx DNS. An attacker
could bypass security restrictions, execute arbitrary code, cause a denial of
service condition and crash the system. These vulnerabilities affect versions
1.8.1 or 1.9.10 of the mentioned product. Security patches are available to
resolve these
vulnerabilities.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/110280
URL:exchange.xforce.ibmcloud.com/vulnerabilities/110282
URL:exchange.xforce.ibmcloud.com/vulnerabilities/110283
36.
Security Updates in Debian
(DSA-3463-1)
[02/02/2016] Debian has
released security update packages for fixing the vulnerability identified in the
prosody packages for multiple versions of Debian GNU/Linux. An attacker could
bypass security restrictions and obtain sensitive
information.
URL:www.debian.org/security/2016/dsa-3463
37.
Security Updates in Red Hat Enterprise
Linux (RHSA-2016:0095-1)
[02/02/2016] Red Hat
has released security update packages for fixing the vulnerability identified in
the redis packages for Red Hat Enterprise Linux OpenStack Platform 6.0 for Red
Hat Enterprise Linux 7. An attacker could bypass security restrictions, execute
arbitrary code, cause a denial of service condition and crash the
system.
URL:rhn.redhat.com/errata/RHSA-2016-0095.html
38.
Security Updates in SUSE
(openSUSE-SU-2016:0301-1, openSUSE-SU-2016:0306-1, openSUSE-SU-2016:0309-1,
openSUSE-SU-2016:0310-1)
[02/02/2016] SUSE has
released security update packages for fixing the vulnerabilities identified in
the Linux Kernel, Mozilla Firefox, mozilla-nss, mozilla-nspr and xulrunner
packages of openSUSE 13.1 and 13.2, and openSUSE Leap 42.1. Due to multiple
errors, an attacker could bypass security restrictions, obtain sensitive
information, gain elevated privileges, execute arbitrary code, cause a denial of
service condition and compromise the
system.
URL:lists.opensuse.org/opensuse-security-announce/2016-02/msg00000.html
URL:lists.opensuse.org/opensuse-security-announce/2016-02/msg00001.html
URL:lists.opensuse.org/opensuse-security-announce/2016-02/msg00002.html
URL:lists.opensuse.org/opensuse-security-announce/2016-02/msg00003.html
39.
Security Updates in Ubuntu GNU/Linux
(USN-2884-1, USN-2885-1)
[02/02/2016] Ubuntu has
released security update packages for fixing the vulnerabilities identified in
the openjdk-7 and openjdk-6 package for versions 12.04 LTS, 14.04 LTS, 15.04 and
15.10. Due to multiple errors, an attacker could bypass security restrictions,
obtain sensitive information, gain elevated privileges, execute arbitrary code,
cause a denial of service condition and compromise the
system.
URL:www.ubuntu.com/usn/usn-2884-1/
URL:www.ubuntu.com/usn/usn-2885-1/
40.
Vulnerabilities in Cisco Products
(cisco-sa-20160129-openssl)
[01/02/2016] Vulnerabilities were identified in multiple Cisco products.
An attacker could bypass security restrictions, obtain sensitive information,
gain elevated privileges, execute arbitrary code, cause a denial of service
condition and compromise the system. These vulnerabilities affect multiple
versions of the mentioned products. Security patches are available to resolve
these
vulnerabilities.
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160129-openssl
41.
Vulnerability in Furuno Voyage Data
Recorder (VU#820196)
[01/02/2016] Vulnerability was identified in the Furuno Voyage Data
Recorder (VDR). An attacker could bypass security restrictions, gain elevated
privileges, execute arbitrary code and compromise the system. This vulnerability
affects multiple versions of the mentioned product. Security patches are
available to resolve this
vulnerability.
URL:www.kb.cert.org/vuls/id/820196
42.
Vulnerability in Manage Engine
Applications Manager (110270)
[01/02/2016] Vulnerability was identified in the Manage Engine
Applications Manager. An attacker could bypass security restrictions, obtain
sensitive information, gain elevated privileges, execute arbitrary code, cause a
denial of service condition and compromise the system. This vulnerability
affects versions prior to 10.8 of the mentioned product. Security patches are
available to resolve this
vulnerability.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/110270
43.
Vulnerability in NEC EXPRESSCLUSTER X
(110271)
[01/02/2016]
Vulnerability was identified in the NEC
EXPRESSCLUSTER X. An attacker could bypass security restrictions, obtain
sensitive information and execute arbitrary code. This vulnerability affects
version 3.3 of the mentioned product. Security patches are available to resolve
this
vulnerability.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/110271
44.
Vulnerabilities in ProjectSend (110273,
110274, 110275, 110276)
[01/02/2016] Vulnerabilities were identified in the ProjectSend. An
attacker could bypass security restrictions, obtain sensitive information, gain
elevated privileges, execute arbitrary code, cause a denial of service condition
and compromise the system. These vulnerabilities affect version r582 of the
mentioned
product.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/110273
URL:exchange.xforce.ibmcloud.com/vulnerabilities/110274
URL:exchange.xforce.ibmcloud.com/vulnerabilities/110275
URL:exchange.xforce.ibmcloud.com/vulnerabilities/110276
45.
Vulnerabilities in ffmpeg and Libav
(VU#772447)
[01/02/2016] Vulnerabilities were identified in the ffmpeg and Libav. An
attacker could bypass security restrictions and obtain sensitive information.
These vulnerabilities affect versions prior to 2.8.5 of the mentioned products.
Security patches are available to resolve these
vulnerabilities.
URL:www.kb.cert.org/vuls/id/772447
46.
Vulnerabilities in Linux
Kernel
[01/02/2016]
Vulnerabilities were identified in the Linux
Kernel. An attacker could bypass security restrictions, obtain sensitive
information, execute arbitrary code, cause a denial of service condition and
crash the system. The affected version was not specified. Security patches are
available to resolve these
vulnerabilities.
URL:www.hkcert.org/my_url/en/alert/16020101
47.
Security Updates in Debian (DSA-3460-1,
DSA-3461-1, DSA-3462-1)
[01/02/2016] Debian has
released security update packages for fixing the vulnerabilities identified in
the privoxy, freetype and radicale packages for multiple versions of Debian
GNU/Linux. Due to multiple errors, an attacker could bypass security
restrictions, obtain sensitive information, gain elevated privileges, execute
arbitrary code, cause a denial of service condition and compromise the
system.
URL:www.debian.org/security/2016/dsa-3460
URL:www.debian.org/security/2016/dsa-3461
URL:www.debian.org/security/2016/dsa-3462
48.
Security Updates in FreeBSD
(FreeBSD-SA-16:11.openssl)
[01/02/2016] FreeBSD
has released security update packages for fixing the vulnerability identified in
the openssl packages for multiple versions of FreeBSD Linux. An attacker could
bypass security restrictions, obtain sensitive information, gain elevated
privileges, execute arbitrary code, cause a denial of service condition and
compromise the
system.
URL:www.freebsd.org/security/advisories/FreeBSD-SA-16:11.openssl.asc
49.
Security Updates in Gentoo Linux (GLSA
201601-05)
[01/02/2016]
Gentoo has released security update packages for
fixing the vulnerability identified in the openssl packages for multiple
versions of Gentoo Linux. An attacker could bypass security restrictions, obtain
sensitive information, gain elevated privileges, execute arbitrary code, cause a
denial of service condition and compromise the
system.
URL:security.gentoo.org/glsa/201601-05
50.
Security Updates in Mageia
(MGASA-2016-0036, MGASA-2016-0037, MGASA-2016-0038, MGASA-2016-0039,
MGASA-2016-0040, MGASA-2016-0041, MGASA-2016-0042)
[01/02/2016] Mageia has released security update packages for fixing the
vulnerabilities identified in the lxc, srtp, chrony, ntp, owncloud, firefox,
firefox-l10n and chromium-browser-stable packages for multiple versions of
Mageia. Due to multiple errors, an attacker could bypass security restrictions,
obtain sensitive information, gain elevated privileges, execute arbitrary code,
cause a denial of service condition and compromise the
system.
URL:advisories.mageia.org/MGASA-2016-0036.html
URL:advisories.mageia.org/MGASA-2016-0037.html
URL:advisories.mageia.org/MGASA-2016-0038.html
URL:advisories.mageia.org/MGASA-2016-0039.html
URL:advisories.mageia.org/MGASA-2016-0040.html
URL:advisories.mageia.org/MGASA-2016-0041.html
URL:advisories.mageia.org/MGASA-2016-0042.html
51.
Security Updates in SUSE
(openSUSE-SU-2016:0279-1, openSUSE-SU-2016:0280-1)
[01/02/2016] SUSE has released security update packages for fixing the
vulnerabilities identified in the java-1_7_0-openjdk and Linux Kernel packages
of openSUSE Leap 42.1. Due to multiple errors, an attacker could bypass security
restrictions, obtain sensitive information, gain elevated privileges, execute
arbitrary code, cause a denial of service condition and compromise the
system.
URL:lists.opensuse.org/opensuse-security-announce/2016-01/msg00048.html
URL:lists.opensuse.org/opensuse-security-announce/2016-01/msg00049.html
No comments:
Post a Comment