Red Hat Security Advisory 2014-1337-01 – OpenStack Image service provides discovery, registration, and delivery services for disk and server images. It provides the ability to copy or snapshot a server image, and immediately store it away. Stored images can be used as a template to get new servers up and running quickly and more consistently than installing a server operating system and individually configuring additional services. It was discovered that the image_size_cap configuration option in glance was not honored. An authenticated user could use this flaw to upload an image to glance and consume all available storage space, resulting in a denial of service.
Monthly Archives: September 2014
Red Hat Security Advisory 2014-1338-01
Red Hat Security Advisory 2014-1338-01 – OpenStack Image service provides discovery, registration, and delivery services for disk and server images. It provides the ability to copy or snapshot a server image, and immediately store it away. Stored images can be used as a template to get new servers up and running quickly and more consistently than installing a server operating system and individually configuring additional services. It was discovered that the image_size_cap configuration option in glance was not honored. An authenticated user could use this flaw to upload an image to glance and consume all available storage space, resulting in a denial of service.
Red Hat Security Advisory 2014-1339-01
Red Hat Security Advisory 2014-1339-01 – OpenStack Networking is a pluggable, scalable, and API-driven system that provisions networking services to virtual machines. Its main function is to manage connectivity to and from virtual machines. As of Red Hat Enterprise Linux OpenStack Platform 4.0, ‘neutron’ replaces ‘quantum’ as the core component of OpenStack Networking. It was discovered that the openstack-neutron package in Red Hat Enterprise Linux Open Stack Platform 5.0 for Red Hat Enterprise Linux 6 was released with a sudoers file containing a configuration error. This error caused OpenStack Networking to be vulnerable to the CVE-2013-6433 issue.
Ubuntu Security Notice USN-2366-1
Ubuntu Security Notice 2366-1 – Daniel P. Berrange and Richard Jones discovered that libvirt incorrectly handled XML documents containing XML external entity declarations. An attacker could use this issue to cause libvirtd to crash, resulting in a denial of service on all affected releases, or possibly read arbitrary files if fine grained access control was enabled on Ubuntu 14.04 LTS. Luyao Huang discovered that libvirt incorrectly handled certain blkiotune queries. An attacker could use this issue to cause libvirtd to crash, resulting in a denial of service. This issue only applied to Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. Various other issues were also addressed.
Adobe Flash 14.0.0.145 copyPixelsToByteArray() Heap Overflow
Adobe Flash version 14.0.0.145 copyPixelsToByteArray() heap overflow proof of concept exploit.
Bootkits, Windigo, and Virus Bulletin
ESET research on Operation Windigo received an award at Virus Bulletin 2014. Our research on bootkits was also well received, and is now available publicly.
The post Bootkits, Windigo, and Virus Bulletin appeared first on We Live Security.
Google Ups Chrome Bug Bounty, Offers More Money For Exploits
Google is again increasing the amount of money it offers to researchers who report vulnerabilities in Chrome as part of the company’s bug bounty program. Now, researchers will be able to earn $15,000 at the high end of the scale, and Google also is offering more cash for researchers who can submit a working exploit for […]
CEBA-2014:1332 CentOS 7 pacemaker BugFix Update
CentOS Errata and Bugfix Advisory 2014:1332 Upstream details at : https://rhn.redhat.com/errata/RHBA-2014-1332.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) x86_64: c3558fc340a9913cc5e0dadd901fac00c9a1db5f45ea4099254cdcaef81bfd98 pacemaker-1.1.10-32.el7_0.1.x86_64.rpm 71c8c1cc78390bb0289c19e91cff5b34a1b2c7d06fb9e2d53286babcdb715d0d pacemaker-cli-1.1.10-32.el7_0.1.x86_64.rpm 3e0cd2632f0b727fe78b41b22069bd123eb296295de2bc3852f66496f45d59dd pacemaker-cluster-libs-1.1.10-32.el7_0.1.i686.rpm 716a3b02478163810c12d11d3736caa1f84bfc03e9e044774575383429670e9f pacemaker-cluster-libs-1.1.10-32.el7_0.1.x86_64.rpm 457a234f5c012826a9b17592f1403b84a51f25fb6f6cd7a31d5140fcf560b47d pacemaker-cts-1.1.10-32.el7_0.1.x86_64.rpm a97438a0f2932331db905b92965c4a5a6aa703a99d6ca039f4870284a1ece4ff pacemaker-doc-1.1.10-32.el7_0.1.x86_64.rpm 5e37d7c34ac6282085e6f5c8467b5a64a4dd430f5e509047763f67f30cdee804 pacemaker-libs-1.1.10-32.el7_0.1.i686.rpm 50b7ab48041c9c46a9cc16a22b245e01231ca911ef9ea1ef50b808136db35cd7 pacemaker-libs-1.1.10-32.el7_0.1.x86_64.rpm 92a2d70dc52e31375e72397967ed68417d9b90d0c97a1e5a31e225bd325dd47f pacemaker-libs-devel-1.1.10-32.el7_0.1.i686.rpm ff4dfd9b2d602b731fc83343303d3432d071dccbe052a4961a07873b22ce0cec pacemaker-libs-devel-1.1.10-32.el7_0.1.x86_64.rpm c22f54d558d61546e01cf6f4456e9348491ca3f6d0dd702c9fa7aa7f868aedc2 pacemaker-remote-1.1.10-32.el7_0.1.x86_64.rpm Source: 36b2baccba41eb4c355c39413fef599d79ab19abf0a0ab1370f819bd2e3a77dd pacemaker-1.1.10-32.el7_0.1.src.rpm
CEBA-2014:1333 CentOS 6 net-snmp BugFix Update
CentOS Errata and Bugfix Advisory 2014:1333 Upstream details at : https://rhn.redhat.com/errata/RHBA-2014-1333.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: 5e7db7a0d97c9aa5f6533b661bcd81aec5f16cb494eae49b0eee0e3d41a68bbb net-snmp-5.5-49.el6_5.4.i686.rpm 457194e11f448eb91030b0e169fc004f44cc9fe3f7e4c0b13ff7f6bd74527348 net-snmp-devel-5.5-49.el6_5.4.i686.rpm 9e90ad52b6428e440374a700daf3f0b6d3a688ee46e9063a0bec69935bbd1c3a net-snmp-libs-5.5-49.el6_5.4.i686.rpm 3e7e783931cb248a3b2f08f6bec137700b90a6e0f82b6ca038bf8d4b1d3ec2cb net-snmp-perl-5.5-49.el6_5.4.i686.rpm de6b0608818158c09b29a2173a9a23e1411e6950572032680ead1cdeb270b1dd net-snmp-python-5.5-49.el6_5.4.i686.rpm 534273784522f5a348e256e8f5dd5cda65bd8a40ec9a766b2f7ee457f5cc5b6f net-snmp-utils-5.5-49.el6_5.4.i686.rpm x86_64: 876f52854a8daad8c0113c1b9457c45aeeac3b6a34b4eeb15f709d74a7b11563 net-snmp-5.5-49.el6_5.4.x86_64.rpm 457194e11f448eb91030b0e169fc004f44cc9fe3f7e4c0b13ff7f6bd74527348 net-snmp-devel-5.5-49.el6_5.4.i686.rpm 45dc91f41fbe5cd1892f8e0b7996c0ce873742f55f366c2d6499bc3f7aaf3da9 net-snmp-devel-5.5-49.el6_5.4.x86_64.rpm 9e90ad52b6428e440374a700daf3f0b6d3a688ee46e9063a0bec69935bbd1c3a net-snmp-libs-5.5-49.el6_5.4.i686.rpm f5af47e7f893ef52783a6b3a314ec7aa90bbe8cae8eb827fb7fa71d0339d88c1 net-snmp-libs-5.5-49.el6_5.4.x86_64.rpm 6f5484e6af936b22fd6bfa850ddbae72108a9f183f506063afc54787cc1e892a net-snmp-perl-5.5-49.el6_5.4.x86_64.rpm 9a59df5f7949cff8ca1eb72b3076b59ec183e38015b3af1ebcabb30d6edeafba net-snmp-python-5.5-49.el6_5.4.x86_64.rpm 3b463cce99dba750a2614a7f8592abe97d8f5f4f55eed3537a158a6cbbdcb657 net-snmp-utils-5.5-49.el6_5.4.x86_64.rpm Source: 41f222d6c934a9de1d8427277e87bf574728094befc6df38a89726ebba2547e4 net-snmp-5.5-49.el6_5.4.src.rpm
Amazon announce Fire Phone UK launch
The Amazon Fire Phone, which launched in the US in July was launched in the UK this week.
The Fire Phone, which has a unique Dynamic Perspective feature which alters the display to offer the user a 3D screen from any angle. It achieves this via four front facing cameras which track the userâs face and allow gesture input.
The AVG team took full advantage of the unique head movement gesture control and built into the AVG Alarm Clock Extreme app so that users get can get the full Fire phone experience. This means that users who download the AVG app can nod or shake their head to âsnoozeâ or turn off their alarm and other physical gestures will provide a richer, more impactful experience.
We have developed two new apps, AVG AntiVirus PRO for Fire phone and AVG Alarm Clock Xtreme Free for Fire phone, both available to download from the Amazon store for FREE and are designed to take advantage of all the exiting new functionality built into the Amazon Fire phone.
Just as Amazon has done with the device, we wanted to provide users with a great experience that is engaging and exciting.