Monthly Archives: October 2014

NVD

CVE-2014-6473

Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Zone Framework.

NVD

CVE-2014-6472

Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.3, 12.2.2, 12.2.3, and 12.2.4 allows remote attackers to affect integrity via vectors related to LOV, a different vulnerability than CVE-2014-6539.

NVD

CVE-2014-6467

Unspecified vulnerability in the Java VM component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2014-6453, CVE-2014-6545, and CVE-2014-6560.

NVD

CVE-2014-6485

Unspecified vulnerability in Oracle Java SE 8u20 and JavaFX 2.2.65 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.

CentOS

CEBA-2014:1639 CentOS 5 net-snmp BugFix Update

CentOS Errata and Bugfix Advisory 2014:1639 

Upstream details at : https://rhn.redhat.com/errata/RHBA-2014-1639.html

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( sha256sum Filename ) 

i386:
b70149570ae2995abb99608eed92879d7a858eb2cfca30bd1df788fac005143d  net-snmp-5.3.2.2-25.el5_11.i386.rpm
a309f1be7154379823dbb4dcad793a426860d57a9063a9071c6c4fc25d86f8da  net-snmp-devel-5.3.2.2-25.el5_11.i386.rpm
16daccea483c63520a2665dd6b8f5b6b9e5ca7a3d990109b8389fd8a7f17b5b4  net-snmp-libs-5.3.2.2-25.el5_11.i386.rpm
011f4a8144dac538d55631f98c1a4db05f9316dc5c1bc63dbd3affc81b07e655  net-snmp-perl-5.3.2.2-25.el5_11.i386.rpm
557ebacc5f44df2073603b637603c92ff8f6576d2fa0352a644aa2f785169e2d  net-snmp-utils-5.3.2.2-25.el5_11.i386.rpm

x86_64:
b18f5a065751910d91b014c2b57e8e4a1156eb19cf008a938640ba7f7be00b7e  net-snmp-5.3.2.2-25.el5_11.x86_64.rpm
a309f1be7154379823dbb4dcad793a426860d57a9063a9071c6c4fc25d86f8da  net-snmp-devel-5.3.2.2-25.el5_11.i386.rpm
61850313ddb00551779bdda13504f64c1c976d19587c9a4dfb579b041d1600cf  net-snmp-devel-5.3.2.2-25.el5_11.x86_64.rpm
16daccea483c63520a2665dd6b8f5b6b9e5ca7a3d990109b8389fd8a7f17b5b4  net-snmp-libs-5.3.2.2-25.el5_11.i386.rpm
96c97bea6d12840f8c5634d6310c1271778c521194d7f1341f78072f8c0a739c  net-snmp-libs-5.3.2.2-25.el5_11.x86_64.rpm
075c93c0d56e59b7ed95cb8891b20517a6f0b1e35fed6ff59189345db6e31702  net-snmp-perl-5.3.2.2-25.el5_11.x86_64.rpm
d82127347b7a456a59e73b896c11e557a04f55c9132ab67921e5168e65a7f902  net-snmp-utils-5.3.2.2-25.el5_11.x86_64.rpm

Source:
9fa4c80c2a48f0197074d61efb65fa96a19528029ce279cf6a675a99e92a4ad7  net-snmp-5.3.2.2-25.el5_11.src.rpm
CentOS

CESA-2014:1634 Important CentOS 5java-1.6.0-openjdk Security Update

CentOS Errata and Security Advisory 2014:1634 Important

Upstream details at : https://rhn.redhat.com/errata/RHSA-2014-1634.html

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( sha256sum Filename ) 

i386:
661ee4730f4b847a6759206f27d39ea88e796f5f75326a8e8b6a50c8534d0c50  java-1.6.0-openjdk-1.6.0.33-1.13.5.0.el5_11.i386.rpm
2e0b2410b3fb71b755e5425d8fdac9ce8cc32a16e9d5fdad7fe7de1b6fe69684  java-1.6.0-openjdk-demo-1.6.0.33-1.13.5.0.el5_11.i386.rpm
8cd100f0e593436a38106a1eb418d4015f7efda3ce22cd47bd2ff31c6dcff9b9  java-1.6.0-openjdk-devel-1.6.0.33-1.13.5.0.el5_11.i386.rpm
c28a3885d6f74565bc890487d860e2ca144d9ab3480b514c49262ed5e597f54a  java-1.6.0-openjdk-javadoc-1.6.0.33-1.13.5.0.el5_11.i386.rpm
a631d1939042978f2aa4cf19899e35b6ff09c4decc439d471270871ef9105d1b  java-1.6.0-openjdk-src-1.6.0.33-1.13.5.0.el5_11.i386.rpm

x86_64:
08570abc3fa70ee0eb250bde4c3a7679b9f00acbf968c63d2308e30cb5713a83  java-1.6.0-openjdk-1.6.0.33-1.13.5.0.el5_11.x86_64.rpm
af80d8b7b6e438c5a7bafab1f848c453bad845b01afbf10a83261b2707847342  java-1.6.0-openjdk-demo-1.6.0.33-1.13.5.0.el5_11.x86_64.rpm
e53c299c6b906b6e126d599a88cdab2d9fd8e6209e1b5ab955c8aef42d4be1d1  java-1.6.0-openjdk-devel-1.6.0.33-1.13.5.0.el5_11.x86_64.rpm
2b0ff42033c13fe5b819463e68ee2818a5caa1ae7f73e9a15f8414bdca458980  java-1.6.0-openjdk-javadoc-1.6.0.33-1.13.5.0.el5_11.x86_64.rpm
8fb298b923222215736751045c40c818c96e25da8bd1c2db6755e1e725a9abf5  java-1.6.0-openjdk-src-1.6.0.33-1.13.5.0.el5_11.x86_64.rpm

Source:
ed6c6e06e2aebf5e17428ea9a88a6e64fae6c1dc92cc464daad06cca96e90c9f  java-1.6.0-openjdk-1.6.0.33-1.13.5.0.el5_11.src.rpm
Security

Red Hat Security Advisory 2014-1634-01

Red Hat Security Advisory 2014-1634-01 – The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. Multiple flaws were discovered in the Libraries, 2D, and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. It was discovered that the StAX XML parser in the JAXP component in OpenJDK performed expansion of external parameter entities even when external entity substitution was disabled. A remote attacker could use this flaw to perform XML eXternal Entity attack against applications using the StAX parser to parse untrusted XML documents.

Security

Red Hat Security Advisory 2014-1636-01

Red Hat Security Advisory 2014-1636-01 – The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. It was discovered that the Libraries component in OpenJDK failed to properly handle ZIP archives that contain entries with a NUL byte used in the file names. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions. Multiple flaws were discovered in the Libraries, 2D, and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions.