Cisco Security Advisory – Cisco Adaptive Security Appliance (ASA) Software is affected by denial of service, cross site scripting, and command injection vulnerabilities. Cisco has released free software updates that address these vulnerabilities. Workarounds that mitigate some of these vulnerabilities are available.

HP Security Bulletin HPSBMU03110 – Potential security vulnerabilities have been identified with HP Sprinter. The vulnerabilities could be exploited remotely to allow execution of code. Revision 1 of this advisory.

HP Security Bulletin HPSBHF03136 – A potential security vulnerability has been identified with HP TippingPoint NGFW running OpenSSL. This is the OpenSSL vulnerability known as “Heartbleed” which could be exploited remotely resulting in disclosure of information. Revision 1 of this advisory.

HP Security Bulletin HPSBMU03127 – A potential security vulnerability has been identified with HP Operations Manager for UNIX. The vulnerability can be exploited remotely to execute arbitrary code. Revision 1 of this advisory.

Ubuntu Security Notice 2379-1 – Steven Vittitoe reported multiple stack buffer overflows in Linux kernel’s magicmouse HID driver. A physically proximate attacker could exploit this flaw to cause a denial of service (system crash) or possibly execute arbitrary code via specially crafted devices. Ben Hawkes reported some off by one errors for report descriptors in the Linux kernel’s HID stack. A physically proximate attacker could exploit these flaws to cause a denial of service (out-of-bounds write) via a specially crafted device. Various other issues were also addressed.

Ubuntu Security Notice 2381-1 – It was discovered that Rsyslog incorrectly handled invalid PRI values. An attacker could use this issue to send malformed messages to the Rsyslog server and cause it to stop responding, resulting in a denial of service and possibly message loss.

Red Hat Security Advisory 2014-1370-01 – Apache POI is a library providing Java API for working with OOXML document files. It was found that Apache POI would resolve entities in OOXML documents. A remote attacker able to supply OOXML documents that are parsed by Apache POI could use this flaw to read files accessible to the user running the application server, and potentially perform more advanced XML External Entity attacks. It was found that Apache POI would expand an unlimited number of entities in OOXML documents. A remote attacker able to supply OOXML documents that are parsed by Apache POI could use this flaw to trigger a denial of service attack via excessive CPU and memory consumption.

Ubuntu Security Notice 2375-1 – Ben Hawkes reported some off by one errors for report descriptors in the Linux kernel’s HID stack. A physically proximate attacker could exploit these flaws to cause a denial of service (out-of-bounds write) via a specially crafted device. Several bounds check flaws allowing for buffer overflows were discovered in the Linux kernel’s Whiteheat USB serial driver. A physically proximate attacker could exploit these flaws to cause a denial of service (system crash) via a specially crafted device. Various other issues were also addressed.

Ubuntu Security Notice 2377-1 – Steven Vittitoe reported multiple stack buffer overflows in Linux kernel’s magicmouse HID driver. A physically proximate attacker could exploit this flaw to cause a denial of service (system crash) or possibly execute arbitrary code via specially crafted devices. Ben Hawkes reported some off by one errors for report descriptors in the Linux kernel’s HID stack. A physically proximate attacker could exploit these flaws to cause a denial of service (out-of-bounds write) via a specially crafted device. Various other issues were also addressed.