Chromium: Multiple vulnerabilities
Monthly Archives: October 2014
GLSA 201409-07 (Normal): c-icap
c-icap: Denial of Service
GLSA 201409-08 (Normal): libxml2
libxml2: Denial of Service
GLSA 201409-09 (High): bash
Bash: Code Injection
GLSA 201409-10 (High): bash
Bash: Code Injection (Updated fix for GLSA 201409-09)
GLSA 201410-01 (High): bash
Bash: Multiple vulnerabilities
MDVSA-2014:180: gnupg
Updated gnupg packages fix security vulnerability:
The gnupg program before version 1.4.16 is vulnerable to an ELGAMAL
side-channel attack (CVE-2014-5270).
MDVSA-2014:186: bash
A flaw was found in the way Bash evaluated certain specially crafted
environment variables. An attacker could use this flaw to override or
bypass environment restrictions to execute shell commands. Certain
services and applications allow remote unauthenticated attackers to
provide environment variables, allowing them to exploit this issue
(CVE-2014-6271).
MDVSA-2014:185: libgadu
Updated libgadu packages fix security vulnerability:
Libgadu before 1.12.0 was found to not be performing SSL certificate
validation (CVE-2013-4488).
MDVSA-2014:184: net-snmp
Updated net-snmp packages fix security vulnerabilities:
A remote denial-of-service flaw was found in the way snmptrapd handled
certain SNMP traps when started with the -OQ option. If an attacker
sent an SNMP trap containing a variable with a NULL type where an
integer variable type was expected, it would cause snmptrapd to crash
(CVE-2014-3565).