Red Hat Enterprise Linux: Updated shim packages that fix three security issues are now available for
Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having Moderate security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.
CVE-2014-3675, CVE-2014-3676, CVE-2014-3677
Red Hat Enterprise Linux: An updated mod_auth_mellon package that fixes two security issues is now
available for Red Hat Enterprise Linux 6.
Red Hat Product Security has rated this update as having Important security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.
CVE-2014-8566, CVE-2014-8567
Red Hat Enterprise Linux: Updated hwcert-client-info-1.6.5.2 package that adds one enhancement is now
available for Red Hat Enterprise Linux Hardware Certification.
Red Hat Enterprise Linux: Updated nfs-utils packages that add two enhancements are now available for Red
Hat Enterprise Linux 6 Extended Update Support.
Red Hat Enterprise Linux: Updated zsh packages that fix two bugs are now available for Red Hat Enterprise
Linux 6.
Red Hat Enterprise Linux: Updated java-1.6.0-openjdk packages that fix one bug are now available for Red
Hat Enterprise Linux 6.
4th November, 2014
A security issue affects these releases of Ubuntu and its
derivatives:
Several security issues were fixed in Ruby.
Will Wood discovered that Ruby incorrectly handled the encodes() function.
An attacker could possibly use this issue to cause Ruby to crash, resulting
in a denial of service, or possibly execute arbitrary code. The default
compiler options for affected releases should reduce the vulnerability to a
denial of service. (CVE-2014-4975)
Willis Vandevanter discovered that Ruby incorrectly handled XML entity
expansion. An attacker could use this flaw to cause Ruby to consume large
amounts of resources, resulting in a denial of service. (CVE-2014-8080)
The problem can be corrected by updating your system to the following
package version:
To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.
In general, a standard system update will make all the necessary changes.
5th November, 2014
A security issue affects these releases of Ubuntu and its
derivatives:
LibreOffice could be made to crash or run programs if it received specially
crafted network traffic.
It was discovered that LibreOffice incorrectly handled the Impress remote
control port. An attacker could possibly use this issue to cause Impress to
crash, resulting in a denial of service, or possibly execute arbitrary
code.
The problem can be corrected by updating your system to the following
package version:
To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.
This update uses a new upstream release, which includes additional bug
fixes. After a standard system update you need to restart LibreOffice to
make all the necessary changes.
Panelists at the Advanced Cyber Security Center annual conference discuss how readiness for the next Internet-scale bug is no longer a luxury.
