Posted by BSidesLV on Jan 26
We’re a small, non-profit volunteer organization so please help us by
spreading the word.
Scope
The 2015 BSides SF aims at bringing together researchers in the field of
reliability, network security, privacy, cryptography and information
security, practitioners, developers, and users to foster cooperation,
exchange techniques, tools, experiences and ideas. The conference seeks
submissions from independent researchers, academia, government,…
Posted by bkm () evolution-sec com on Jan 26
Document Title:
===============
Barracuda Networks Cloud Series – Filter Bypass Vulnerability
References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=754
Barracuda Networks Security ID (BNSEC): 731
Release Date:
=============
2015-01-19
Vulnerability Laboratory ID (VL-ID):
====================================
754
Common Vulnerability Scoring System:
====================================
4.1
Abstract…
Ubuntu Security Notice 2476-1 – Several memory corruption bugs were discovered in ICU. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via renderer crash or execute arbitrary code with the privileges of the sandboxed render process. A use-after-free was discovered in the IndexedDB implementation. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking the program. Various other issues were also addressed.
Red Hat Security Advisory 2015-0086-01 – Oracle Java SE version 6 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit.
Ubuntu Security Notice 2483-2 – USN-2483-1 fixed vulnerabilities in JasPer. This update provides the corresponding fix for the JasPer library embedded in the Ghostscript package. Jose Duart discovered that JasPer incorrectly handled ICC color profiles in JPEG-2000 image files. If a user were tricked into opening a specially crafted JPEG-2000 image file, a remote attacker could cause JasPer to crash or possibly execute arbitrary code with user privileges. Jose Duart discovered that JasPer incorrectly decoded certain malformed JPEG-2000 image files. If a user were tricked into opening a specially crafted JPEG-2000 image file, a remote attacker could cause JasPer to crash or possibly execute arbitrary code with user privileges. It was discovered that JasPer incorrectly handled certain malformed JPEG-2000 image files. If a user were tricked into opening a specially crafted JPEG-2000 image file, a remote attacker could cause JasPer to crash or possibly execute arbitrary code with user privileges. It was discovered that JasPer incorrectly handled memory when processing JPEG-2000 image files. If a user were tricked into opening a specially crafted JPEG-2000 image file, a remote attacker could cause JasPer to crash or possibly execute arbitrary code with user privileges. Various other issues were also addressed.
Red Hat Security Advisory 2015-0085-01 – The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. A flaw was found in the way the Hotspot component in OpenJDK verified bytecode from the class files. An untrusted Java application or applet could possibly use this flaw to bypass Java sandbox restrictions. Multiple improper permission check issues were discovered in the JAX-WS, and RMI components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions.
Ubuntu Security Notice 2483-1 – Jose Duart discovered that JasPer incorrectly handled ICC color profiles in JPEG-2000 image files. If a user were tricked into opening a specially crafted JPEG-2000 image file, a remote attacker could cause JasPer to crash or possibly execute arbitrary code with user privileges. Jose Duart discovered that JasPer incorrectly decoded certain malformed JPEG-2000 image files. If a user were tricked into opening a specially crafted JPEG-2000 image file, a remote attacker could cause JasPer to crash or possibly execute arbitrary code with user privileges. Various other issues were also addressed.
Ubuntu Security Notice 2484-1 – Florian Maury discovered that Unbound incorrectly handled delegation. A remote attacker could possibly use this issue to cause Unbound to consume resources, resulting in a denial of service.
CentOS Errata and Security Advisory 2015:0085 Important Upstream details at : https://rhn.redhat.com/errata/RHSA-2015-0085.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) x86_64: a12ac158dd046c4b2fcca4e459c73c423feaa0ffbe2b742a6468b118ca71bdec java-1.6.0-openjdk-1.6.0.34-1.13.6.1.el7_0.x86_64.rpm bdbdaa4bb3124fd61ef79f123f7a5084eec1b30a464fe1936dc507b864b5423a java-1.6.0-openjdk-demo-1.6.0.34-1.13.6.1.el7_0.x86_64.rpm 6804f0158a96aac2e44be109ccd743b6bdfe646ae38701fad6aeebc322d98a42 java-1.6.0-openjdk-devel-1.6.0.34-1.13.6.1.el7_0.x86_64.rpm bd73ffdc593af0fd8aad8c6c92ae3aa5878f66595cf19188f7fc1e957f1cf9a8 java-1.6.0-openjdk-javadoc-1.6.0.34-1.13.6.1.el7_0.x86_64.rpm 99dd0f3f41a8b7117b12d8cd2fcbefe2ec6629dcbe6ef071777d34cd41be520f java-1.6.0-openjdk-src-1.6.0.34-1.13.6.1.el7_0.x86_64.rpm Source: e2bfb4c35aa042b816db749b87aba4dab4951672dbd98a28481d8f89127b2d5d java-1.6.0-openjdk-1.6.0.34-1.13.6.1.el7_0.src.rpm
Original release date: January 26, 2015
Adobe has released Flash Player desktop version 16.0.0.296 to address a critical vulnerability (CVE-2015-0311) in 16.0.0.287 and earlier versions for Windows and Macintosh. This vulnerability could allow an attacker to take control of the affected system.
Users and administrators are encouraged to review Adobe Security Bulletin APSB15-01 and apply the necessary updates.
This product is provided subject to this Notification and this Privacy & Use policy.