Monthly Archives: January 2015

CentOS

CESA-2015:0102 Important CentOS 7 kernel SecurityUpdate

CentOS Errata and Security Advisory 2015:0102 Important

Upstream details at : https://rhn.redhat.com/errata/RHSA-2015-0102.html

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( sha256sum Filename ) 

x86_64:
5953bcabb2801ceddffe79684dbef64022546b17d1cebb24a2151e0b2778a04a  kernel-3.10.0-123.20.1.el7.x86_64.rpm
584521ddf9d103e9e869e22f50953f6232f9de6ea0a78ade5e9bdb081e7f17a9  kernel-abi-whitelists-3.10.0-123.20.1.el7.noarch.rpm
cafb58042763975693af60cce298fd9d28aae34ba75e2d92b98d0eb94ae1ad82  kernel-debug-3.10.0-123.20.1.el7.x86_64.rpm
535b053dda66e67f163dc0dc05398d5ee0b8aecbc7192071cdf13f3f2f0075c1  kernel-debug-devel-3.10.0-123.20.1.el7.x86_64.rpm
81bc8dc435ff275160c5e3d63180924af1a96dd14307df2c6e7ea2232d86d3fe  kernel-devel-3.10.0-123.20.1.el7.x86_64.rpm
39171964cd2f7baa878b6033d5b14d06d3251dd058f92b2237de3dcb3609b5a5  kernel-doc-3.10.0-123.20.1.el7.noarch.rpm
a88bfde708df6f4c0e4a8f894c52812b50d4323e5e1f3912af163fc18a5245ce  kernel-headers-3.10.0-123.20.1.el7.x86_64.rpm
36fe40c396d283c429e74204458da5883a5dc1047f4ed39c6395d44693c7f70a  kernel-tools-3.10.0-123.20.1.el7.x86_64.rpm
05aeaf149987da5bc8e8fd927c4517f93cdb3df7519a48ada13363d944f836f1  kernel-tools-libs-3.10.0-123.20.1.el7.x86_64.rpm
755f49173741b2c38925cf6eeeae21f0aacfbe03257002af866f6114cb10a710  kernel-tools-libs-devel-3.10.0-123.20.1.el7.x86_64.rpm
e4fbd51094a12cb9e44cc2c279e6415aa87bc6198eb794cb2cb18f6b586c6228  perf-3.10.0-123.20.1.el7.x86_64.rpm
98a1598f025b8c3c2029a7d30bbcfaabca3121562c5a64a5fb81c5875a910dac  python-perf-3.10.0-123.20.1.el7.x86_64.rpm

Source:
c8c549348d11f6a676976c6a81ba1551b382f8bfd1cae8d1cd25cd2df6e754be  kernel-3.10.0-123.20.1.el7.src.rpm
Apple

CVE-2014-8826

LaunchServices in Apple OS X before 10.10.2 does not properly handle file-type metadata, which allows attackers to bypass the Gatekeeper protection mechanism via a crafted JAR archive. (CVSS:5.0) (Last Update:2017-01-02)

Apple

CVE-2014-4492

libnetcore in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not verify that certain values have the expected data type, which allows attackers to execute arbitrary code in an _networkd context via a crafted XPC message from a sandboxed app, as demonstrated by lack of verification of the XPC dictionary data type. (CVSS:7.5) (Last Update:2015-03-02)

Apple

CVE-2014-8835

The xpc_data_get_bytes function in libxpc in Apple OS X before 10.10.2 does not verify that a dictionary’s Attributes key has the xpc_data data type, which allows attackers to execute arbitrary code by providing a crafted dictionary to sysmond, related to an “XPC type confusion” issue. (CVSS:10.0) (Last Update:2015-02-02)

Full Disclosure

NEW VMSA-2015-0002 VMware vSphere Data Protection product update addresses a certificate validation vulnerability

Posted by VMware Security Response Center on Jan 29

————————————————————————
VMware Security Advisory

Advisory ID: VMSA-2015-0002
Synopsis: VMware vSphere Data Protection product update addresses a
certificate validation vulnerability.
Issue date: 2015-01-29
Updated on: 2015-01-29 (Initial Advisory)
CVE number: CVE-2014-4632

————————————————————————

1. Summary…