1. Vulnerabilities in Mozilla Firefox (MFSA 2016-13, MFSA
2016-14)
[12/02/2016]
Vulnerabilities were identified in the Mozilla
Firefox and Firefox ESR. An attacker could bypass security restrictions, obtain
sensitive information, execute arbitrary code, cause a denial of service
condition and compromise the system. These vulnerabilities affect versions prior
to Firefox 44.0.2 and Firefox ESR 38.6.1 of the mentioned products. Security
patches are available to resolve these
vulnerabilities.
URL:www.mozilla.org/en-US/security/advisories/mfsa2016-13/
URL:www.mozilla.org/en-US/security/advisories/mfsa2016-14/
2. Vulnerabilities in Cisco Products
(cisco-sa-20160208-apic, cisco-sa-20160208-ucm, cisco-sa-20160208-vcs,
cisco-sa-20160209-pcp, cisco-sa-20160210-sp1, cisco-sa-20160210-sp2,
cisco-sa-20160210-sp3, cisco-sa-20160211-esaamp)
[12/02/2016] Vulnerabilities were identified in multiple Cisco products.
An attacker could bypass security restrictions, execute arbitrary code, cause a
denial of service condition and crash the system. These vulnerabilities affect
multiple versions of the mentioned products. Security patches are available to
resolve these
vulnerabilities.
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160208-apic
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-201600208-ucm
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160208-vcs
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160209-pcp
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160210-sp1
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160210-sp2
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160210-sp3
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160211-esaamp
URL:exchange.xforce.ibmcloud.com/vulnerabilities/110475
URL:exchange.xforce.ibmcloud.com/vulnerabilities/110476
URL:exchange.xforce.ibmcloud.com/vulnerabilities/110477
URL:exchange.xforce.ibmcloud.com/vulnerabilities/110478
URL:exchange.xforce.ibmcloud.com/vulnerabilities/110521
URL:exchange.xforce.ibmcloud.com/vulnerabilities/110535
URL:exchange.xforce.ibmcloud.com/vulnerabilities/110536
URL:exchange.xforce.ibmcloud.com/vulnerabilities/110537
URL:exchange.xforce.ibmcloud.com/vulnerabilities/110545
3. Vulnerabilities in Novell ZENworks Products (5235390,
5235410)
[12/02/2016]
Vulnerabilities were identified in multiple
Novell ZENworks products. An attacker could bypass security restrictions and
execute arbitrary code on the system. These vulnerabilities affect multiple
versions of the mentioned products. Security patches are available to resolve
these
vulnerabilities.
URL:download.novell.com/Download?buildid=SOM6P0NdZ5U~
URL:download.novell.com/Download?buildid=vt0EO0DgaX8~
4. Vulnerabilities in Dell Sonicwall GMS (110546,
110547)
[12/02/2016]
Vulnerabilities were identified in the Dell
Sonicwall GMS. An attacker could bypass security restrictions, obtain sensitive
information, execute arbitrary code, cause a denial of service condition and
compromise the system. These vulnerabilities affect version 7.2 of the mentioned
product. Security patches are available to resolve these
vulnerabilities.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/110546
URL:exchange.xforce.ibmcloud.com/vulnerabilities/110547
5. Security Updates in Oracle Linux (ELSA-2014-1913,
ELSA-2014-1972, ELSA-2015-1053, ELSA-2015-1064, ELSA-2015-1066, ELSA-2015-1186,
ELSA-2015-1219, ELSA-2015-1666, ELSA-2015-2515,
ELSA-2016-0152)
[12/02/2016] Oracle has
released security update packages for fixing the vulnerabilities identified in
the ruby193-ruby, httpd24-httpd, php55, python27, php54, php55-php, php54-php,
git19-git and sos packages for Oracle Linux 6 and 7. Due to multiple errors, an
attacker could bypass security restrictions, obtain sensitive information, gain
elevated privileges, execute arbitrary code, cause a denial of service condition
and compromise the
system.
URL:linux.oracle.com/errata/ELSA-2014-1913.html
URL:linux.oracle.com/errata/ELSA-2014-1972.html
URL:linux.oracle.com/errata/ELSA-2015-1053.html
URL:linux.oracle.com/errata/ELSA-2015-1064.html
URL:linux.oracle.com/errata/ELSA-2015-1066.html
URL:linux.oracle.com/errata/ELSA-2015-1186.html
URL:linux.oracle.com/errata/ELSA-2015-1219.html
URL:linux.oracle.com/errata/ELSA-2015-1666.html
URL:linux.oracle.com/errata/ELSA-2015-2515.html
URL:linux.oracle.com/errata/ELSA-2016-0152.html
6. Security Updates in Slackware (SSA:2016-039-01,
SSA:2016-039-02, SSA:2016-042-01)
[12/02/2016] Slackware
has released security update packages for fixing the vulnerabilities identified
in the curl, libsndfile and mozilla-firefox packages for multiple versions of
Slackware Linux. Due to multiple errors, an attacker could bypass security
restrictions, obtain sensitive information, gain elevated privileges, execute
arbitrary code, cause a denial of service condition and compromise the
system.
URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.355940
URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.458383
URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.519965
7. Security Updates in SUSE (SUSE-SU-2016:0354-1,
openSUSE-SU-2016:0356-1, openSUSE-SU-2016:0367-1, openSUSE-SU-2016:0377-1,
SUSE-SU-2016:0380-1, SUSE-SU-2016:0381-1, SUSE-SU-2016:0383-1,
SUSE-SU-2016:0384-1, SUSE-SU-2016:0386-1, SUSE-SU-2016:0387-1,
SUSE-SU-2016:0390-1, SUSE-SU-2016:0391-1, SUSE-SU-2016:0398-1,
SUSE-SU-2016:0399-1, SUSE-SU-2016:0400-1, SUSE-SU-2016:0401-1,
openSUSE-SU-2016:0412-1, openSUSE-SU-2016:0415-1, SUSE-SU-2016:0428-1,
SUSE-SU-2016:0431-1, SUSE-SU-2016:0433-1,
SUSE-SU-2016:0434-1)
[12/02/2016] SUSE has
released security update packages for fixing the vulnerabilities identified in
the Linux Kernel, rubygem-rails-html-sanitizer, MySQL, kernel live patch 1 - 7,
java-1_8_0-ibm, flash-player, java-1_7_1-ibm, java-1_6_0-ibm and java-1_7_0-ibm
packages of SUSE Linux Enterprise 11 and 12, openSUSE Leap 42.1, 13.1 and 13.2,
SUSE Enterprise Storage 2.1, SUSE Linux Enterprise Module for Legacy Software 12
and SUSE Linux Enterprise Live Patching 12. Due to multiple errors, an attacker
could bypass security restrictions, obtain sensitive information, gain elevated
privileges, execute arbitrary code, cause a denial of service condition and
compromise the
system.
URL:lists.opensuse.org/opensuse-security-announce/2016-02/msg00013.html
URL:lists.opensuse.org/opensuse-security-announce/2016-02/msg00014.html
URL:lists.opensuse.org/opensuse-security-announce/2016-02/msg00015.html
URL:lists.opensuse.org/opensuse-security-announce/2016-02/msg00016.html
URL:lists.opensuse.org/opensuse-security-announce/2016-02/msg00017.html
URL:lists.opensuse.org/opensuse-security-announce/2016-02/msg00018.html
URL:lists.opensuse.org/opensuse-security-announce/2016-02/msg00019.html
URL:lists.opensuse.org/opensuse-security-announce/2016-02/msg00020.html
URL:lists.opensuse.org/opensuse-security-announce/2016-02/msg00021.html
URL:lists.opensuse.org/opensuse-security-announce/2016-02/msg00022.html
URL:lists.opensuse.org/opensuse-security-announce/2016-02/msg00023.html
URL:lists.opensuse.org/opensuse-security-announce/2016-02/msg00024.html
URL:lists.opensuse.org/opensuse-security-announce/2016-02/msg00025.html
URL:lists.opensuse.org/opensuse-security-announce/2016-02/msg00026.html
URL:lists.opensuse.org/opensuse-security-announce/2016-02/msg00027.html
URL:lists.opensuse.org/opensuse-security-announce/2016-02/msg00028.html
URL:lists.opensuse.org/opensuse-security-announce/2016-02/msg00029.html
URL:lists.opensuse.org/opensuse-security-announce/2016-02/msg00030.html
URL:lists.opensuse.org/opensuse-security-announce/2016-02/msg00031.html
URL:lists.opensuse.org/opensuse-security-announce/2016-02/msg00032.html
URL:lists.opensuse.org/opensuse-security-announce/2016-02/msg00033.html
URL:lists.opensuse.org/opensuse-security-announce/2016-02/msg00034.html
8. Security Updates in Ubuntu GNU/Linux (USN-2893-1,
USN-2894-1)
[12/02/2016] Ubuntu has
released security update packages for fixing the vulnerabilities identified in
the firefox, postgresql-9.1, postgresql-9.3 and postgresql-9.4 packages for
versions 12.04 LTS, 14.04 LTS and 15.10. Due to multiple errors, an attacker
could bypass security restrictions, obtain sensitive information, gain elevated
privileges, execute arbitrary code, cause a denial of service condition and
compromise the
system.
URL:www.ubuntu.com/usn/usn-2893-1/
URL:www.ubuntu.com/usn/usn-2894-1/
9. Vulnerabilities in Microsoft Products (3133043,
3134220, 3134222, 3134225, 3134226, 3134228, 3134700, 3134811, 3136041, 3136082,
3137893, 3137909, 3138938)
[11/02/2016] Vulnerabilities were identified in the Microsoft Internet
Explorer, Edge, Windows, Office, .NET Framework, Active Directory Federation
Services (ADFS), Visual Studio. An attacker could bypass security restrictions,
obtain sensitive information, gain elevated privileges, execute arbitrary code,
cause a denial of service condition and compromise the system. These
vulnerabilities affect multiple versions of the mentioned products. Security
patches are available to resolve these
vulnerabilities.
URL:technet.microsoft.com/en-us/library/security/ms16-feb.aspx
URL:technet.microsoft.com/library/security/MS16-009
URL:technet.microsoft.com/library/security/MS16-011
URL:technet.microsoft.com/library/security/MS16-012
URL:technet.microsoft.com/library/security/MS16-013
URL:technet.microsoft.com/library/security/MS16-014
URL:technet.microsoft.com/library/security/MS16-015
URL:technet.microsoft.com/library/security/MS16-016
URL:technet.microsoft.com/library/security/MS16-017
URL:technet.microsoft.com/library/security/MS16-018
URL:technet.microsoft.com/library/security/MS16-019
URL:technet.microsoft.com/library/security/MS16-020
URL:technet.microsoft.com/library/security/MS16-021
URL:technet.microsoft.com/en-us/library/security/3137909
URL:www.hkcert.org/my_url/en/alert/16020501
URL:www.hkcert.org/my_url/en/alert/16021101
URL:www.hkcert.org/my_url/en/alert/16021102
URL:www.hkcert.org/my_url/en/alert/16021103
URL:www.hkcert.org/my_url/en/alert/16021104
URL:www.hkcert.org/my_url/en/alert/16021105
URL:www.hkcert.org/my_url/en/alert/16021106
URL:www.hkcert.org/my_url/en/alert/16021107
URL:www.hkcert.org/my_url/en/alert/16021108
URL:www.hkcert.org/my_url/en/alert/16021109
URL:www.hkcert.org/my_url/en/alert/16021110
URL:www.hkcert.org/my_url/en/alert/16021111
URL:www.hkcert.org/my_url/en/alert/16021112
URL:www.hkcert.org/my_url/en/alert/16021118
URL:www.us-cert.gov/ncas/current-activity/2016/02/09/Microsoft-Releases-February-2016-Security-Bulletin
10.
Information Updates on Microsoft Security
Advisories (2871997)
[11/02/2016] Microsoft
has updated information on the Security Advisories for Microsoft Windows.
KB2871997 was rereleased to announce the release of update 3126593 to enable the
Restricted Admin mode for Credential Security Support Provider (CredSSP) by
default.
URL:technet.microsoft.com/en-us/library/security/2871997
11.
Vulnerabilities in Adobe Products
(APSB16-03, APSB16-04, APSB16-05, APSB16-07)
[11/02/2016] Vulnerabilities were identified in the Adobe Photoshop CC and
Bridge CC, Adobe Flash Player, Adobe Experience Manager and Adobe Connect. An
attacker could bypass security restrictions, obtain sensitive information, gain
elevated privileges, execute arbitrary code and compromise the system. These
vulnerabilities affect multiple versions of the mentioned products. Security
patches are available to resolve these
vulnerabilities.
URL:helpx.adobe.com/security/products/photoshop/apsb16-03.html
URL:helpx.adobe.com/security/products/flash-player/apsb16-04.html
URL:helpx.adobe.com/security/products/experience-manager/apsb16-05.html
URL:helpx.adobe.com/security/products/connect/apsb16-07.html
URL:technet.microsoft.com/library/security/MS16-022
URL:www.hkcert.org/my_url/en/alert/16021115
URL:www.hkcert.org/my_url/en/alert/16021116
URL:www.us-cert.gov/ncas/current-activity/2016/02/09/Adobe-Releases-Security-Updates-Connect-Experience-Manager-Flash
12.
Vulnerability in Oracle Java
SE
[11/02/2016] Vulnerability was identified in the Oracle Java SE for
Windows. An attacker could bypass security restrictions and compromise the
system. This vulnerability affects versions JDK and JRE 6 Update 111, 7 Update
95, 8 Update 71 and 72 of the mentioned product. Security patches are available
to resolve this
vulnerability.
URL:www.oracle.com/technetwork/topics/security/alert-cve-2016-0603-2874360.html
URL:www.hkcert.org/my_url/en/alert/16021114
URL:www.us-cert.gov/ncas/current-activity/2016/02/08/Oracle-Releases-Security-Updates-Java
13.
Vulnerability in Cisco ASA Software
(cisco-sa-20160210-asa-ike)
[11/02/2016] Vulnerability was identified in the Cisco ASA Software. An
attacker could bypass security restrictions, execute arbitrary code, cause a
denial of service condition and crash the system. This vulnerability affects
multiple versions of the mentioned product. Security patches are available to
resolve this
vulnerability.
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160210-asa-ike
URL:www.hkcert.org/my_url/en/alert/16021119
URL:www.us-cert.gov/ncas/current-activity/2016/02/10/Cisco-Releases-Security-Update
14.
Vulnerability in ISC BIND Supported
Preview Edition (AA-01348)
[11/02/2016] Vulnerability was identified in the ISC BIND Supported
Preview Edition. An attacker could bypass security restrictions, cause a denial
of service condition and crash the system. This vulnerability affects versions
prior to 9.9.8-S5 of the mentioned product. Security patches are available to
resolve this
vulnerability.
URL:kb.isc.org/article/AA-01348
URL:www.hkcert.org/my_url/en/alert/16021113
15.
Vulnerabilities in Google
Chrome
[11/02/2016]
Vulnerabilities were identified in the Google
Chrome. An attacker could bypass security restrictions, obtain sensitive
information, execute arbitrary code, cause a denial of service condition and
crash the system. These vulnerabilities affect versions prior to 48.0.2564.109
of the mentioned product. Security patches are available to resolve these
vulnerabilities.
URL:googlechromereleases.blogspot.hk/2016/02/stable-channel-update_9.html
URL:www.hkcert.org/my_url/en/alert/16021117
URL:www.us-cert.gov/ncas/current-activity/2016/02/09/Google-Releases-Security-Update-Chrome
URL:exchange.xforce.ibmcloud.com/vulnerabilities/110515
URL:exchange.xforce.ibmcloud.com/vulnerabilities/110516
URL:exchange.xforce.ibmcloud.com/vulnerabilities/110517
URL:exchange.xforce.ibmcloud.com/vulnerabilities/110518
URL:exchange.xforce.ibmcloud.com/vulnerabilities/110519
URL:exchange.xforce.ibmcloud.com/vulnerabilities/110520
16.
Vulnerabilities in Tollgrade SmartGrid
Sensor Management System Software (ICSA-16-040-01)
[11/02/2016] Vulnerabilities were identified in the Tollgrade SmartGrid
Sensor Management System Software. An attacker could bypass security
restrictions, obtain sensitive information, gain elevated privileges, execute
arbitrary code on the system. These vulnerabilities affect versions 4.1.0 Build
16 and 5.1 of the mentioned product. Security patches are available to resolve
these
vulnerabilities.
URL:ics-cert.us-cert.gov/advisories/ICSA-16-040-01
17.
Vulnerabilities in Siemens SIMATIC
S7-1500 CPU (ICSA-16-040-02)
[11/02/2016] Vulnerabilities were identified in the Siemens SIMATIC
S7-1500 CPU. An attacker could bypass security restrictions, execute arbitrary
code, cause a denial of service condition and crash the system. These
vulnerabilities affect versions prior to 1.8.3 of the mentioned product.
Security patches are available to resolve these
vulnerabilities.
URL:ics-cert.us-cert.gov/advisories/ICSA-16-040-02
18.
Security Updates in Debian (DSA-3466-1,
DSA-3467-1, DSA-3468-1, DSA-3469-1, DSA-3470-1, DSA-3471-1,
DSA-3472-1)
[11/02/2016] Debian has
released security update packages for fixing the vulnerabilities identified in
the krb5, tiff, polarssl, qemu, qemu-kvm and wordpress packages for multiple
versions of Debian GNU/Linux. Due to multiple errors, an attacker could bypass
security restrictions, obtain sensitive information, gain elevated privileges,
execute arbitrary code, cause a denial of service condition and compromise the
system.
URL:www.debian.org/security/2016/dsa-3466
URL:www.debian.org/security/2016/dsa-3467
URL:www.debian.org/security/2016/dsa-3468
URL:www.debian.org/security/2016/dsa-3469
URL:www.debian.org/security/2016/dsa-3470
URL:www.debian.org/security/2016/dsa-3471
URL:www.debian.org/security/2016/dsa-3472
19.
Security Updates in Red Hat Enterprise
Linux (RHSA-2016:0126-1, RHSA-2016:0127-1, RHSA-2016:0128-1, RHSA-2016:0129-1,
RHSA-2016:0152-1, RHSA-2016:0157-1, RHSA-2016:0158-1,
RHSA-2016:0166-1)
[11/02/2016] Red Hat
has released security update packages for fixing the vulnerabilities identified
in the openstack-swift, python-django, sos and Adobe Flash Player packages for
Red Hat Enterprise Linux OpenStack Platform 5.0 and 6.0 for Red Hat Enterprise
Linux 6 and 7, and Red Hat Enterprise Linux 5 and 6. Due to multiple errors, an
attacker could bypass security restrictions, obtain sensitive information, gain
elevated privileges, execute arbitrary code, cause a denial of service condition
and compromise the
system.
URL:rhn.redhat.com/errata/RHSA-2016-0126.html
URL:rhn.redhat.com/errata/RHSA-2016-0127.html
URL:rhn.redhat.com/errata/RHSA-2016-0128.html
URL:rhn.redhat.com/errata/RHSA-2016-0129.html
URL:rhn.redhat.com/errata/RHSA-2016-0152.html
URL:rhn.redhat.com/errata/RHSA-2016-0157.html
URL:rhn.redhat.com/errata/RHSA-2016-0158.html
URL:rhn.redhat.com/errata/RHSA-2016-0166.html
20.
Security Updates in Ubuntu GNU/Linux
(USN-2880-2, USN-2892-1)
[11/02/2016] Ubuntu has
released security update packages for fixing the vulnerabilities identified in
the firefox and nginx packages for versions 12.04 LTS, 14.04 LTS and 15.10. Due
to multiple errors, an attacker could bypass security restrictions, obtain
sensitive information, gain elevated privileges, execute arbitrary code, cause a
denial of service condition and compromise the
system.
URL:www.ubuntu.com/usn/usn-2880-2/
URL:www.ubuntu.com/usn/usn-2892-1/
No comments:
Post a Comment