Red Hat Enterprise Linux: Red Hat OpenShift Enterprise release 2.0.8 is now available with updated
packages that fix a bug.
Monthly Archives: January 2015
RHBA-2015:0039-1: Red Hat Storage Console 3.0 enhancement and bug fix update #3
Red Hat Enterprise Linux: Updated gluster-nagios-common, rhsc-monitoring-uiplugin,
rhsc-setup-plugins, org.ovirt.engine-root, rhevm-branding-rhev,
otopi, ovirt-host-deploy, nagios-server-addons, and rhsc-doc
packages that fix multiple bugs and adds various enhancements
are now available for Red Hat Storage Console 3.
RHBA-2015:0038-1: Red Hat Storage 3.0 enhancement and bug fix update #3
Red Hat Enterprise Linux: Updated glusterfs, gluster-afr, gluster-dht, distribution, build,
gluster-nfs, gluster-quota, gluster-smb, gluster-snapshot, gluster-swift,
glusterfs-geo-replication, glusterfs-rdma, and glusterfs-server packages
that fix numerous bugs and add various enhancements are now available
for Red Hat Storage 3.0.
USN-2474-1: curl vulnerability
Ubuntu Security Notice USN-2474-1
15th January, 2015
curl vulnerability
A security issue affects these releases of Ubuntu and its
derivatives:
- Ubuntu 14.10
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
- Ubuntu 10.04 LTS
Summary
curl could be tricked into adding arbitrary requests when following certain
URLs.
Software description
- curl
– HTTP, HTTPS, and FTP client and client libraries
Details
Andrey Labunets discovered that curl incorrectly handled certain URLs when
using a proxy server. If a user or automated system were tricked into using
a specially crafted URL, an attacker could possibly use this issue to
inject arbitrary HTTP requests.
Update instructions
The problem can be corrected by updating your system to the following
package version:
- Ubuntu 14.10:
-
libcurl3-nss
7.37.1-1ubuntu3.2
-
libcurl3-gnutls
7.37.1-1ubuntu3.2
-
libcurl3
7.37.1-1ubuntu3.2
- Ubuntu 14.04 LTS:
-
libcurl3-nss
7.35.0-1ubuntu2.3
-
libcurl3-gnutls
7.35.0-1ubuntu2.3
-
libcurl3
7.35.0-1ubuntu2.3
- Ubuntu 12.04 LTS:
-
libcurl3-nss
7.22.0-3ubuntu4.12
-
libcurl3-gnutls
7.22.0-3ubuntu4.12
-
libcurl3
7.22.0-3ubuntu4.12
- Ubuntu 10.04 LTS:
-
libcurl3-gnutls
7.19.7-1ubuntu1.11
-
libcurl3
7.19.7-1ubuntu1.11
To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.
In general, a standard system update will make all the necessary changes.
References
USN-2475-1: GTK+ update
Ubuntu Security Notice USN-2475-1
15th January, 2015
gtk+3.0 update
A security issue affects these releases of Ubuntu and its
derivatives:
- Ubuntu 14.04 LTS
Summary
GTK+ improperly handled the menu key, possibly allowing lock screen bypass.
Software description
- gtk+3.0
– GTK+ graphical user interface library
Details
Clemens Fries discovered that GTK+ allowed bypassing certain screen locks
by using the menu key. An attacker with physical access could possibly use
this flaw to gain access to a locked session.
Update instructions
The problem can be corrected by updating your system to the following
package version:
- Ubuntu 14.04 LTS:
-
libgtk-3-0
3.10.8-0ubuntu1.4
To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.
After a standard system update you need to restart your session to make
all the necessary changes.
References
Alienvault OSSIM/USM 4.14.X Command Execution
Alienvault OSSIM/USM versions 4.14.x and below suffer from a remote command execution vulnerability. Proof of concept included.
Mandriva Linux Security Advisory 2015-025
Mandriva Linux Security Advisory 2015-025 – A buffer overflow was reported in mpfr. This is due to incorrect GMP documentation for mpn_set_str about the size of a buffer.
Debian Security Advisory 3128-1
Debian Linux Security Advisory 3128-1 – Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or information leaks.
Mandriva Linux Security Advisory 2015-023
Mandriva Linux Security Advisory 2015-023 – The qemuDomainMigratePerform and qemuDomainMigrateFinish2 functions in qemu/qemu_driver.c in libvirt do not unlock the domain when an ACL check fails, which allow local users to cause a denial of service via unspecified vectors.
Mandriva Linux Security Advisory 2015-024
Mandriva Linux Security Advisory 2015-024 – libsndfile contains multiple buffer-overflow vulnerabilities in src/sd2.c because it fails to properly bounds-check user supplied input, which may allow an attacker to execute arbitrary code or cause a denial of service. libsndfile contains a divide-by-zero error in src/file_io.c which may allow an attacker to cause a denial of service.