Red Hat Security Advisory 2015-0103-01 – In accordance with the Red Hat Enterprise Linux Errata Support Policy, Extended Update Support for Red Hat Enterprise Linux 6.4 will be retired as of February 28, 2015, and support will no longer be provided. Accordingly, Red Hat will no longer provide updated packages, including Critical impact security patches or urgent priority bug fixes, for Red Hat Enterprise Linux 6.4 EUS after February 28, 2015. In addition, technical support through Red Hat’s Global Support Services will no longer be provided after this date. We encourage customers to plan their migration from Red Hat Enterprise Linux 6.4 to a more recent version of Red Hat Enterprise Linux. As a benefit of the Red Hat subscription model, customers can use their active subscriptions to entitle any system on any currently supported Red Hat Enterprise Linux release.

Red Hat Security Advisory 2015-0104-01 – The Network Time Protocol is used to synchronize a computer’s time with a referenced time source. Multiple buffer overflow flaws were discovered in ntpd’s crypto_recv(), ctl_putdata(), and configure() functions. A remote attacker could use either of these flaws to send a specially crafted request packet that could crash ntpd or, potentially, execute arbitrary code with the privileges of the ntp user. Note: the crypto_recv() flaw requires non-default configurations to be active, while the ctl_putdata() flaw, by default, can only be exploited via local attackers, and the configure() flaw requires additional authentication to exploit.

Ubuntu Security Notice 2487-1 – Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity and availability. An attacker could exploit these to cause a denial of service or expose sensitive data over the network.

Red Hat Security Advisory 2015-0100-01 – YAML is a data serialization format designed for human readability and interaction with scripting languages. LibYAML is a YAML parser and emitter written in C. An assertion failure was found in the way the libyaml library parsed wrapped strings. An attacker able to load specially crafted YAML input into an application using libyaml could cause the application to crash. All libyaml users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. All running applications linked against the libyaml library must be restarted for this update to take effect.

Debian Linux Security Advisory 3143-1 – Two vulnerabilities have been discovered in VirtualBox, a x86 virtualization solution, which might result in denial of service.

Red Hat Security Advisory 2015-0102-01 – The kernel packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way the Linux kernel’s SCTP implementation validated INIT chunks when performing Address Configuration Change. A remote attacker could use this flaw to crash the system by sending a specially crafted SCTP packet to trigger a NULL pointer dereference on the system. A race condition flaw was found in the way the Linux kernel’s mmap, madvise, and fallocate system calls interacted with each other while operating on virtual memory file system files. A local user could use this flaw to cause a denial of service.

Red Hat Security Advisory 2015-0099-01 – The glibc packages provide the standard C libraries, POSIX thread libraries, standard math libraries, and the Name Server Caching Daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. A heap-based buffer overflow was found in glibc’s __nss_hostname_digits_dots() function, which is used by the gethostbyname() and gethostbyname2() glibc function calls. A remote attacker able to make an application call either of these functions could use this flaw to execute arbitrary code with the permissions of the user running the application.