An iOS espionage Trojan has been discovered spying on jailbroken Apple devices, primarily used against pro-democracy protestors in Hong Kong.
Monthly Archives: October 2014
CEBA-2014:1334 CentOS 7 xz FASTTRACK BugFix Update
CentOS Errata and Bugfix Advisory 2014:1334 Upstream details at : https://rhn.redhat.com/errata/RHBA-2014-1334.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) x86_64: a0079faa6e0cd1829fdd43da437d6673aa1e6f4f1310e8452c1f7cd7e29668e6 xz-5.1.2-9alpha.el7.x86_64.rpm d4e97054a812beccffb9f5d81d8b05a9733dbcfd02708cf195deb49820595a6b xz-compat-libs-5.1.2-9alpha.el7.i686.rpm b455939a21d7df36de4666748e0b2f6f73ee77b99e9733d01f1a8c50ed58f79b xz-compat-libs-5.1.2-9alpha.el7.x86_64.rpm 05dd562e539ede1cae01c7d936fd9d16f8047b021a951de42fef0109bbaf02b6 xz-devel-5.1.2-9alpha.el7.i686.rpm 9d040dba58abe0e5ef8789f7e55295ed835fff3bf5b32d03554e22e78fa77157 xz-devel-5.1.2-9alpha.el7.x86_64.rpm 83aebf197819eb248b5c2bbb96a61e511924e472360eb7dff6d39af740149ecb xz-libs-5.1.2-9alpha.el7.i686.rpm e778ea132c925e46d093c01ffbb37395d9f800da00b2a96973545b3edbe28352 xz-libs-5.1.2-9alpha.el7.x86_64.rpm 79be81ad52214b3a4ff33047c62330b8fce438adc1b819d9f45d77783034ea7c xz-lzma-compat-5.1.2-9alpha.el7.x86_64.rpm Source: 7865e0bfbe79a0df2504a4c2d35cc9dd1d546c952884cac149b5f2741bba4817 xz-5.1.2-9alpha.el7.src.rpm
FBI opens malware tool for public “crowdsourcingâ€
The FBI has opened up its previously in-house malware analyzing tool to the public in order to crowdsource more samples for speedier response, according to The Register.
The post FBI opens malware tool for public “crowdsourcing†appeared first on We Live Security.
Found an exploit in Chrome? You could have just earned $15,000
In a bid to improve the security of its Chrome browser, Google has announced that it is upping the ‘bounty’ paid to people who successfully find bugs and exploits hidden in the browser up to a maximum of $15,000. This is an impressive increase on the previous cap of $5,000, reports betanews.
The post Found an exploit in Chrome? You could have just earned $15,000 appeared first on We Live Security.
CESA-2014:X011 Moderate kernel Xen4CentOSSecurity Update
CentOS Errata and Security Advisory 2014:X011 (Xen4CentOS)
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
-----------------------------
X86_64
-----------------------------
0ca23e081ddc488aa22b357fd2ad46b26526424f4613f5af7254bcbdcbcf1474 e1000e-2.5.4-3.10.55.2.el6.centos.alt.x86_64.rpm
2699989af4721eaef6615cda9fc3eaa92335e8e9f07bd635f50d0aa69ab6e7bf kernel-3.10.55-11.el6.centos.alt.x86_64.rpm
7339e016f40eb353feee27ff95ab9636f18b0a27087248da5e7bccd5d76dc69c kernel-devel-3.10.55-11.el6.centos.alt.x86_64.rpm
88759f4fa62f62469864d4c4c634903fe8731fb3e4ad93b0091b8aaad47c8493 kernel-doc-3.10.55-11.el6.centos.alt.noarch.rpm
fc3fcb15f42a98e7c20fc0ed71deaf44f289cebc6b4c69f8f216aad5860ee3d4 kernel-firmware-3.10.55-11.el6.centos.alt.noarch.rpm
f3719c6d0cbf6b9d2c28667de1ed5e067317d4835877c486cb10231c41af5b8c kernel-headers-3.10.55-11.el6.centos.alt.x86_64.rpm
a5f0586ce5ac4c26904ea21a3e5ffe166ca2014dfde0fbf940cdd3aa5f3c1fd6 perf-3.10.55-11.el6.centos.alt.x86_64.rpm
-----------------------------
Source:
-----------------------------
c6441ca87bfca69505b42b82d126e3b51db25361895e15215658fe15765bff13 e1000e-2.5.4-3.10.55.2.el6.centos.alt.src.rpm
fe4226dea73a76754332118ff7bca149f2303f7421dd3908b5e0d906eccb0b38 kernel-3.10.55-11.el6.centos.alt.src.rpm
=====================================================
Kernel Changelog info from the SPEC file:
* Fri Sep 24 2014 Johnny Hughes <johnny< at >centos.org> - 3.10.55-11
- upgraded to upstream 3.10.55
e1000e Changelog info from the SPEC file:
* Fri Sep 26 2014 Johnny Hughes <johnny< at >centos.org> - 2.5.4-3.10.55.2.el6.centos.alt
- build against version 3.10.55 kernel
=====================================================
The following kernel changelogs are available from kernel.org since the previous kernel:
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.44
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.45
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.46
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.47
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.48
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.49
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.50
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.51
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.52
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.53
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.54
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.55
=====================================================
The following security issues are addressed in this update:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0181
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0206
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3534 *
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3601
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-4014
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-4171
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-4508
* Applicable to s390 arch only, NA for x86_64
=====================================================
NOTE: You must run /usr/bin/grub-bootxen.sh to update the file
/boot/grub/grub.conf (or you must update that file manually)
to boot the new kernel on a dom0 xen machine. See for info:
http://wiki.centos.org/HowTos/Xen/Xen4QuickStart
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos at irc.freenode.net
CESA-2014:X012 Moderate libvirt Xen4CentOSSecurity Update
CentOS Errata and Security Advisory 2014:X012 (Xen4CentOS)
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
-----------------------------
X86_64
-----------------------------
6d3e7f3a8d393ffae6de4839da785c7102552c7880907b068d0869798cdd50fb libvirt-0.10.2.8-8.el6.centos.alt.x86_64.rpm
902819490821d9f6759d6e610317f1b1675856f4de47725ce01ed3fdb6c1e1b2 libvirt-client-0.10.2.8-8.el6.centos.alt.x86_64.rpm
1d9e492c4b4f78a67be4d149f1108faccccfb29be52cb40a8c348d644658cce7 libvirt-daemon-0.10.2.8-8.el6.centos.alt.x86_64.rpm
59860e8ebbdeacefc798830e0636756bf41fb67d3f106a1975ad8e6e927e4039 libvirt-daemon-config-network-0.10.2.8-8.el6.centos.alt.x86_64.rpm
35a87cdb65f857287354c9032f761e7d0c6cad3d4cf86202de6644c00eaea405 libvirt-daemon-config-nwfilter-0.10.2.8-8.el6.centos.alt.x86_64.rpm
0eb8be5a15cedd823cb8c1b2da525adb7d7a3d16a02db70620f64381c7297135 libvirt-daemon-driver-interface-0.10.2.8-8.el6.centos.alt.x86_64.rpm
8d2b45c5c63dd30194ede6c25b09771b62a1d592a6015465d87205e25de778f8 libvirt-daemon-driver-libxl-0.10.2.8-8.el6.centos.alt.x86_64.rpm
a09fce98bd35c27af511a97e99bee636b05fbb63ccf435f8449793e27a017e22 libvirt-daemon-driver-lxc-0.10.2.8-8.el6.centos.alt.x86_64.rpm
c23c059fb09bcb488ba7fead18d25bbd8927509842c256e7ee24f303c8d274fd libvirt-daemon-driver-network-0.10.2.8-8.el6.centos.alt.x86_64.rpm
e09d8ef08dcaecf7d385ec6c033380449d9f79ce75ed3dbe2eaffc2f7dc21899 libvirt-daemon-driver-nodedev-0.10.2.8-8.el6.centos.alt.x86_64.rpm
f10d0f38bdf90f6495fa8cb6a5b5d618099ff6ff1ea44122c05efda10834b0ea libvirt-daemon-driver-nwfilter-0.10.2.8-8.el6.centos.alt.x86_64.rpm
1d1f9dcee7aabdaa279c625e56c438c00cafa835196f6a40bd8aeec29f404d6b libvirt-daemon-driver-qemu-0.10.2.8-8.el6.centos.alt.x86_64.rpm
79369b437127406c419f68dfe2672775b03e4350cce7027f83c06f3e3c2e13a7 libvirt-daemon-driver-secret-0.10.2.8-8.el6.centos.alt.x86_64.rpm
ff7ee9a3143860d0be2f38ff7009027b266ac924188558a9b278fe86925a5994 libvirt-daemon-driver-storage-0.10.2.8-8.el6.centos.alt.x86_64.rpm
538c5d84925dea50dae206cb0ac076b2857c4786fa765a6d8026e2667780d33c libvirt-daemon-driver-xen-0.10.2.8-8.el6.centos.alt.x86_64.rpm
57d5eefe9d908d3b72019294df425952c32b64de334d35e03cfc65bd8ace4df5 libvirt-daemon-kvm-0.10.2.8-8.el6.centos.alt.x86_64.rpm
4b06fd1ce1718e0ba1cd64623c691bb29fe5be4cce77b2667449d69df8be76c6 libvirt-daemon-lxc-0.10.2.8-8.el6.centos.alt.x86_64.rpm
79cad5f6987a4a639eef61284847f3d676c4eaa0986d0c85973e2b77a82bc25b libvirt-daemon-xen-0.10.2.8-8.el6.centos.alt.x86_64.rpm
fbb04fb9dae9d3645cf736e14de32011b5d8786490944edad532abc7522921ac libvirt-debuginfo-0.10.2.8-8.el6.centos.alt.x86_64.rpm
d0a516d2b9043548d998cac2b6dd46f73c420d18c79680219c2db1b3b9063ceb libvirt-devel-0.10.2.8-8.el6.centos.alt.x86_64.rpm
2313676451f52684f8fef627a0062cad04c6a00f523bec3c7d13c0c1067e55a0 libvirt-docs-0.10.2.8-8.el6.centos.alt.x86_64.rpm
625f53461d147e76f1a6b1f879e745af321333a42ebc035343e19fb401abf34b libvirt-lock-sanlock-0.10.2.8-8.el6.centos.alt.x86_64.rpm
4b5c5b760888e3cdb9fb5a5ae98af91751becae8647d4f3f1ecf4b82445da2a5 libvirt-python-0.10.2.8-8.el6.centos.alt.x86_64.rpm
-----------------------------
Source:
-----------------------------
19d0268125091780a865cbdfed2dfb7142f75417742fe85db939cac49fb246e9 libvirt-0.10.2.8-8.el6.centos.alt.src.rpm
=====================================================
libvirt Changelog info from the SPEC file:
* Fri Sep 26 2014 Johnny Hughes <johnny< at >centos.org> 0.10.2.8-8.el6.centos.alt
- added in patches 417-420 from the 0.10.2-maint branch at libvirt.org
- patch 420 is for CVE-2014-3633
=====================================================
The following security issues are addressed in this update:
https://access.redhat.com/security/cve/CVE-2014-3633
=====================================================
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos at irc.freenode.net
CESA-2014:X013 Important xen Xen4CentOS SecurityUpdate
CentOS Errata and Security Advisory 2014:X013 (Xen4CentOS)
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
-----------------------------
X86_64
-----------------------------
7bdc9b1e50859e38f1a87d58c79b53d3fc428d102c3b7a1645c07e576927407c xen-4.2.5-34.el6.centos.alt.x86_64.rpm
ae27e1c510701c53459a61573a2f0cbcc06d543ddb995bcc35bc1f66f2e34298 xen-debuginfo-4.2.5-34.el6.centos.alt.x86_64.rpm
8a054f6de1d5c558546936bf90c0b4a9298a2b884c159018c1d4bfa14ac7c80d xen-devel-4.2.5-34.el6.centos.alt.x86_64.rpm
4363e339fa39e4b1b09d2beceb5d50e218dca4ef2a44520763f7eb7d73e8493a xen-doc-4.2.5-34.el6.centos.alt.x86_64.rpm
e84a36c1d483aedd758ebcb17a557748bc148b2685e4aa182888a171fa6952cc xen-hypervisor-4.2.5-34.el6.centos.alt.x86_64.rpm
b5cce0368cfa87df7744c81b0a3f76227a65d9aca27f8e27e0bd019e87e82103 xen-libs-4.2.5-34.el6.centos.alt.x86_64.rpm
4f3facba07e91ed5a1c5d1f2cc0db304d18ec9b09c18230e43ad73e82819a148 xen-licenses-4.2.5-34.el6.centos.alt.x86_64.rpm
6f6922cc7f842bc20652b8b8645bda61c14e62934113b4ed958527d045a1bbdb xen-ocaml-4.2.5-34.el6.centos.alt.x86_64.rpm
9513992c084c13f4050a09fc4fe83ec3ccdd8820ac999701205389cb3fdad5b6 xen-ocaml-devel-4.2.5-34.el6.centos.alt.x86_64.rpm
99faa9057ebd0d608971169c87f50038c7dfcceb540551f05a556ed16f873c56 xen-runtime-4.2.5-34.el6.centos.alt.x86_64.rpm
-----------------------------
Source:
-----------------------------
16de798571224461ea2dff22c1329f1299dc6b274d21471c299f510983894468 xen-4.2.5-34.el6.centos.alt.src.rpm
=====================================================
xen Changelog info from the SPEC file:
* Wed Oct 01 2014 Johnny Hughes <johnny< at >centos.org> - 4.2.5-34.el6.centos
- Roll in Patch209 (XSA-108, CVE-2014-7188)
=====================================================
The following Release info is available from the Xen site regarding XSAs:
http://xenbits.xen.org/xsa/advisory-108.html
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos at irc.freenode.net
CESA-2014:X010 Moderate xen Xen4CentOS SecurityUpdate
CentOS Errata and Security Advisory 2014:X010 (Xen4CentOS)
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
-----------------------------
X86_64
-----------------------------
f5a30e6c7c17a391dfc218cce2c2ca52dba4bf61d6c2d664faecda673d72fdea xen-4.2.5-33.el6.centos.alt.x86_64.rpm
993a2d96e1444b4ead48ddb2e04c0dbd96e0ddeffd388c81ef5496c5edc627cc xen-debuginfo-4.2.5-33.el6.centos.alt.x86_64.rpm
8ea623bd210e4b01e99de1e13a12bfad209238feaed9c540ea2fe84d0c09dbaf xen-devel-4.2.5-33.el6.centos.alt.x86_64.rpm
29f2053460161edb3a93e1f4902a817196b9de9ed800e73ca26ac5a8c9aa1946 xen-doc-4.2.5-33.el6.centos.alt.x86_64.rpm
b194d1ef94332bd3ee4d5e60190764e244809e270ab0ad506128cdd57ded09f6 xen-hypervisor-4.2.5-33.el6.centos.alt.x86_64.rpm
2d89359ac8ad6b9f853cd9e55b0c6ce6bb740295273157689544f8a4eeacbcf0 xen-libs-4.2.5-33.el6.centos.alt.x86_64.rpm
bca6d03a749e531fce006d571847ab2077e2283c0350012f3e2135e26c3a38b3 xen-licenses-4.2.5-33.el6.centos.alt.x86_64.rpm
13ccd1ba3d1af1a68e63c930663bd7afe2b3c635dba58183c076f9c3cd6c3a5a xen-ocaml-4.2.5-33.el6.centos.alt.x86_64.rpm
fbb2c5d49177333b0f8fb578ad38de824cba1dc2a2de2364ad1763bb20ab25c9 xen-ocaml-devel-4.2.5-33.el6.centos.alt.x86_64.rpm
2683887a4c4a1f98e0b9479d9587ab5ec7d0ea382538fea4be8c5a92f12c6f61 xen-runtime-4.2.5-33.el6.centos.alt.x86_64.rpm
-----------------------------
Source:
-----------------------------
f11fbc39bf07f06834fc05e81d3f3b4d916dc5a1ee5aaec6d048041d62cd5aae xen-4.2.5-33.el6.centos.alt.src.rpm
=====================================================
xen Changelog info from the SPEC file:
* Fri Sep 26 2014 Johnny Hughes <johnny< at >centos.org> - 4.2.5-33.el6.centos
- upgrade to upstream Xen version 4.2.5
- removed patches that are already part of 4.2.5
- Added Patch205 (XSA-97, CVE-2014-5146,CVE-2014-5149)
- Added Patch206 (XSA-104, CVE-2014-7154)
- Added Patch207 (XSA-105, CVE-2014-7155)
- Added Patch208 (XSA-106, CVE-2014-7156)
=====================================================
The following informaion is available for Xen 4.2.5 from XenProject.org:
http://bit.ly/1mABNPg
=====================================================
The following Release info is available from the Xen site regarding XSAs:
http://xenbits.xen.org/xsa/advisory-97.html
http://xenbits.xen.org/xsa/advisory-104.html
http://xenbits.xen.org/xsa/advisory-105.html
http://xenbits.xen.org/xsa/advisory-106.html
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos at irc.freenode.net
Schneider Electric Fixes Remotely Exploitable Flaw in 22 Different Products
There’s a remotely exploitable directory traversal vulnerability in more than 20 individual products from Schneider Electric that can enable an attacker to gain control of an affected machine.
HP Security Bulletin HPSBHF03119
HP Security Bulletin HPSBHF03119 – A potential security vulnerability has been identified with HP DreamColor Display running Bash Shell. This is the Bash Shell vulnerability known as “ShellShock” which could be exploited remotely to allow execution of code. NOTE: Only the Z27x model is vulnerable. Revision 1 of this advisory.