Red Hat Enterprise Linux: Updated condor packages that fix one security issue are now available for
Red Hat Enterprise MRG 2.5 for Red Hat Enterprise Linux 6.
Red Hat Product Security has rated this update as having Important security
impact. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available from the CVE link in the
References section.
CVE-2014-8126
RHN Satellite and Proxy: Red Hat Satellite 5.7.0 is now available. Updated packages that fix two
security issues, several bugs, and add various enhancements are now
available for Red Hat Satellite 5.
Red Hat Product Security has rated this update as having Moderate security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.
CVE-2014-7811, CVE-2014-7812
RHN Satellite and Proxy: This is the upgrade component to the Red Hat Satellite 5.7.0 General
Availability release.
Red Hat Enterprise Linux: Red Hat Network Tools 5.7.0 are now available.
RHN Satellite and Proxy: Red Hat Satellite Proxy 5.7.0 is now available.
Red Hat Enterprise Linux: Updated httpd packages that fix one bug and add one enhancement are now
available for Red Hat Enterprise Linux 7.
Red Hat Enterprise Linux: Updated openssl packages that fix one bug are now available for Red Hat
Enterprise Linux 5.
12th January, 2015
A security issue affects these releases of Ubuntu and its
derivatives:
Several security issues were fixed in OpenSSL.
Pieter Wuille discovered that OpenSSL incorrectly handled Bignum squaring.
(CVE-2014-3570)
Markus Stenberg discovered that OpenSSL incorrectly handled certain crafted
DTLS messages. A remote attacker could use this issue to cause OpenSSL to
crash, resulting in a denial of service. (CVE-2014-3571)
Karthikeyan Bhargavan discovered that OpenSSL incorrectly handled certain
handshakes. A remote attacker could possibly use this issue to downgrade to
ECDH, removing forward secrecy from the ciphersuite. (CVE-2014-3572)
Antti Karjalainen, Tuomo Untinen and Konrad Kraszewski discovered that
OpenSSL incorrectly handled certain certificate fingerprints. A remote
attacker could possibly use this issue to trick certain applications that
rely on the uniqueness of fingerprints. (CVE-2014-8275)
Karthikeyan Bhargavan discovered that OpenSSL incorrectly handled certain
key exchanges. A remote attacker could possibly use this issue to downgrade
the security of the session to EXPORT_RSA. (CVE-2015-0204)
Karthikeyan Bhargavan discovered that OpenSSL incorrectly handled client
authentication. A remote attacker could possibly use this issue to
authenticate without the use of a private key in certain limited scenarios.
This issue only affected Ubuntu 14.04 LTS and Ubuntu 14.10. (CVE-2015-0205)
Chris Mueller discovered that OpenSSL incorrect handled memory when
processing DTLS records. A remote attacker could use this issue to cause
OpenSSL to consume resources, resulting in a denial of service. This issue
only affected Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 14.10.
(CVE-2015-0206)
The problem can be corrected by updating your system to the following
package version:
To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.
After a standard system update you need to reboot your computer to make
all the necessary changes.
12th January, 2015
A security issue affects these releases of Ubuntu and its
derivatives:
Applications using PyYAML could be made to crash if they received
specially crafted input.
Stanisław Pitucha and Jonathan Gray discovered that PyYAML did not
properly handle wrapped strings. An attacker could create specially
crafted YAML data to trigger an assert, causing a denial of service.
The problem can be corrected by updating your system to the following
package version:
To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.
After a standard system update you need to restart applications using
PyYAML to make all the necessary changes.
12th January, 2015
A security issue affects these releases of Ubuntu and its
derivatives:
Applications using LibYAML could be made to crash if they received
specially crafted input.
Stanisław Pitucha and Jonathan Gray discovered that LibYAML did not
properly handle wrapped strings. An attacker could create specially
crafted YAML data to trigger an assert, causing a denial of service.
The problem can be corrected by updating your system to the following
package version:
To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.
After a standard system update you need to restart applications using
LibYAML to make all the necessary changes.