Ubuntu Security Notice 2437-1 – Florian Maury discovered that Bind incorrectly handled delegation. A remote attacker could possibly use this issue to cause Bind to consume resources and crash, resulting in a denial of service.

Debian Linux Security Advisory 3094-1 – It was discovered that BIND, a DNS server, is prone to a denial of service vulnerability. By making use of maliciously-constructed zones or a rogue server, an attacker can exploit an oversight in the code BIND 9 uses to follow delegations in the Domain Name Service, causing BIND to issue unlimited queries in an attempt to follow the delegation. This can lead to resource exhaustion and denial of service (up to and including termination of the named server process).

HP Security Bulletin HPSBGN03222 1 – A potential security vulnerability has been identified with HP Enterprise Maps running SSLv3. This is the SSLv3 vulnerability known as “Padding Oracle on Downgraded Legacy Encryption” also known as “Poodle”, which could be exploited remotely to allow disclosure of information. Revision 1 of this advisory.

HP Security Bulletin HPSBGN03208 1 – A potential security vulnerability has been identified with HP Cloud Service Automation running SSLv3. This is the SSLv3 vulnerability known as “Padding Oracle on Downgraded Legacy Encryption” also known as “Poodle”, which could be exploited remotely to allow disclosure of information. Revision 1 of this advisory.

Ubuntu Security Notice 2436-1 – Ilja van Sprundel discovered a multitude of security issues in the X.Org X server. An attacker able to connect to an X server, either locally or remotely, could use these issues to cause the X server to crash or execute arbitrary code resulting in possible privilege escalation.

Ubuntu Security Notice 2435-1 – It was discovered that graphviz incorrectly handled parsing errors. An attacker could use this issue to cause graphviz to crash or possibly execute arbitrary code.

Red Hat Security Advisory 2014-1971-01 – A flaw was found in the way the Linux kernel’s SCTP implementation handled malformed or duplicate Address Configuration Change Chunks. A remote attacker could use either of these flaws to crash the system. A flaw was found in the way the Linux kernel’s SCTP implementation handled the association’s output queue. A remote attacker could send specially crafted packets that would cause the system to use an excessive amount of memory, leading to a denial of service.

Red Hat Security Advisory 2014-1972-01 – The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. A NULL pointer dereference flaw was found in the way the mod_cache httpd module handled Content-Type headers. A malicious HTTP server could cause the httpd child process to crash when the Apache HTTP server was configured to proxy to a server with caching enabled. A flaw was found in the way httpd handled HTTP Trailer headers when processing requests using chunked encoding. A malicious client could use Trailer headers to set additional HTTP headers after header processing was performed by other modules. This could, for example, lead to a bypass of header restrictions defined with mod_headers.

Scarlet Daisy Web CMS suffers from a cross site scripting vulnerability. Note that this finding houses site-specific data.

B-Sides Vancouver 2015 has announced its Call For Papers. It will be held March 16th and 17th, 2015 in Vancouver, British Columbia, Canada.