Original release date: October 14, 2014
Adobe has released security updates to address multiple vulnerabilities in ColdFusion and Flash Player. Exploitation could allow attackers to take control of a vulnerable system.
Users and administrators are encouraged to review Adobe Security Bulletins APSB 14-23Â and APSB 14-22 and apply the necessary updates.
This product is provided subject to this Notification and this Privacy & Use policy.
Original release date: October 14, 2014
Oracle has released its Critical Patch Update for October 2014 to address 154 vulnerabilities across multiple products.
US-CERT encourages users and administrators to review the Oracle October 2014 Critical Patch Update and apply the necessary updates.
This product is provided subject to this Notification and this Privacy & Use policy.
Posted by Security Explorations on Oct 14
Hello All,
Oracle Oct 2014 CPU addresses 22 security issues affecting Java VM
implementation embedded in Oracle Database software.
We have published details of the fixed issues and a description of
some privilege elevation techniques abusing a complete Java security
sandbox bypass condition for gaining DBA role in an environment of
Oracle Database software.
All relevant materials accompanied with Proof of Concept codes can
be found at our…
Posted by Michal Zalewski on Oct 14
First of all, CVE-2014-1580 (MSFA 2014-78) is a bug that caused
Firefox prior to version 33 (released today) to leak bits of
uninitialized memory when rendering certain types of truncated images
onto <canvas>.
Mozilla’s advisory is here:
https://www.mozilla.org/security/announce/2014/mfsa2014-78.html
Bug is here:
https://bugzilla.mozilla.org/show_bug.cgi?id=1063733
PoC is here:
http://lcamtuf.coredump.cx/ffgif2/
Secondly, MSRC case…
Microsoft posted eight bulletins for Patch Tuesday, three of which are considered critical including a cumulative Internet Explorer update, while Adobe has fixes for Flash Player and ColdFusion.
Red Hat Enterprise Linux: Updated php and libcgroup packages are now available for Red Hat OpenShift
Enterprise release 2.1. These packages are required to avoid dependency issues
with the base channel for Red Hat Enterprise Linux 6.6.
Red Hat Enterprise Linux: Updated jenkins-plugin-openshift and openshift-origin-cartridge-jenkins packages
that fix a bug are now available for Red Hat OpenShift Enterprise 2.1.
Red Hat Enterprise Linux: Updated openstack-selinux packages that resolve one issue are now available for
Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 6.
Red Hat Enterprise Linux: Updated openstack-selinux and augeas packages that resolve one issue are now
available for Red Hat Enterprise Linux OpenStack Platform 4.0 (Havana).