Monthly Archives: January 2015

CentOS

CESA-2015:0092 Critical CentOS 7 glibc SecurityUpdate

CentOS Errata and Security Advisory 2015:0092 Critical

Upstream details at : https://rhn.redhat.com/errata/RHSA-2015-0092.html

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( sha256sum Filename ) 

x86_64:
88b4a73933e26f68fc1d20993a76ff10a1c3d4df1ac7145f8850ef0287868bb1  glibc-2.17-55.el7_0.5.i686.rpm
6bb674826ea44a4d021fced67a4078e2f91b4afef53288be2d4757a9359bfecd  glibc-2.17-55.el7_0.5.x86_64.rpm
b12773c817fe1881497465aa0fc8ed279ae3bc716d8fda1f8435f07ae12a4db3  glibc-common-2.17-55.el7_0.5.x86_64.rpm
91df89963799570660ef1e7d34ce88d52e69970a4bdfb3df8352e4ce06a88fd5  glibc-devel-2.17-55.el7_0.5.i686.rpm
82405edb7d6418eca472b5976726a6ed1601e26d14e4aa712b1ffc114ac62ebc  glibc-devel-2.17-55.el7_0.5.x86_64.rpm
fbc16ddd14487d6b532267f9bed5efdd04bc731ab820bb27c2e983372c3685a5  glibc-headers-2.17-55.el7_0.5.x86_64.rpm
1c9bd186806e5947e0b5154c36647dbe0b4402184bdb1598ae9979fd2a77442d  glibc-static-2.17-55.el7_0.5.i686.rpm
88eba00f312596074ce272a51c303989ee75e370c2326d884581b48d27939d10  glibc-static-2.17-55.el7_0.5.x86_64.rpm
9240f40f44e819baa1e76d6f8c98022aea7e337ee7e12c1391b64ce0edd20272  glibc-utils-2.17-55.el7_0.5.x86_64.rpm
a96da73287ae765e5f399b54abbe89f056fddd088a1f4e2f62a3a6d749455bc3  nscd-2.17-55.el7_0.5.x86_64.rpm

Source:
80325956daa24dd2b64563d642917db6c30e53d895d07a2f8de87082cacd2b4d  glibc-2.17-55.el7_0.5.src.rpm
Security

Red Hat Security Advisory 2015-0087-01

Red Hat Security Advisory 2015-0087-01 – The kernel packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way the Linux kernel’s SCTP implementation validated INIT chunks when performing Address Configuration Change. A remote attacker could use this flaw to crash the system by sending a specially crafted SCTP packet to trigger a NULL pointer dereference on the system. An integer overflow flaw was found in the way the Linux kernel’s Advanced Linux Sound Architecture implementation handled user controls. A local, privileged user could use this flaw to crash the system.

Security

Red Hat Security Advisory 2015-0093-01

Red Hat Security Advisory 2015-0093-01 – Chromium is an open-source web browser, powered by WebKit. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash or, potentially, execute arbitrary code with the privileges of the user running Chromium.

Security

Red Hat Security Advisory 2015-0094-01

Red Hat Security Advisory 2015-0094-01 – The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities are detailed in the Adobe Security Bulletin APSB15-02, and APSB15-03, listed in the References section. Multiple flaws were found in the way flash-plugin displayed certain SWF content. An attacker could use these flaws to create a specially crafted SWF file that would cause flash-plugin to crash or, potentially, execute arbitrary code when the victim loaded a page containing the malicious SWF content.

Security

Ubuntu Security Notice USN-2486-1

Ubuntu Security Notice 2486-1 – Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity and availability. An attacker could exploit these to cause a denial of service or expose sensitive data over the network. Various other issues were also addressed.

Security

FreeBSD Kernel Crash / Code Execution / Disclosure

Core Security Technologies Advisory – Multiple vulnerabilities have been found in the FreeBSD kernel code that implements the vt console driver (previously known as Newcons) and the code that implements SCTP sockets. These vulnerabilities could allow local unprivileged attackers to disclose kernel memory containing sensitive information, crash the system, and execute arbitrary code with superuser privileges.