Updated otrs package fixes security vulnerability:
An attacker with valid OTRS credentials could access and manipulate
ticket data of other users via the GenericInterface, if a ticket
webservice is configured and not additionally secured (CVE-2014-9324).
Updated clamav packages fix security vulnerabilities:
ClamAV 0.98.6 is a maintenance release to fix some bugs, some of them
being security bugs:
Fix a heap out of bounds condition with crafted Yoda’s crypter
files. This issue was discovered by Felix Groebert of the Google
Security Team.
Fix a heap out of bounds condition with crafted mew packer files. This
issue was discovered by Felix Groebert of the Google Security Team.
Fix a heap out of bounds condition with crafted upx packer files. This
issue was discovered by Kevin Szkudlapski of Quarkslab.
Fix a heap out of bounds condition with crafted upack packer
files. This issue was discovered by Sebastian Andrzej Siewior
(CVE-2014-9328).
Compensate a crash due to incorrect compiler optimization when handling
crafted petite packer files. This issue was discovered by Sebastian
Andrzej Siewior.
Updated cabextract packages fix security vulnerability:
Libmspack, a library to provide compression and decompression of
some file formats used by Microsoft, is embedded in cabextract. A
specially crafted cab file can cause cabextract to hang forever. If
cabextract is exposed to any remotely-controlled user input, this
issue can cause a denial-of-service (CVE-2014-9556).
Updated zarafa packages fix security vulnerability:
Robert Scheck discovered a flaw in Zarafa WebAccess >= 7.0.0 and
Zarafa WebApp that could allow a remote unauthenticated attacker to
exhaust the disk space of /tmp (CVE-2014-9465).
This update also adds some patches from Robert Scheck which correct
some packaging issues with zarafa-webaccess.
Red Hat Enterprise Linux: Updated subversion packages that fix three security issues are now
available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having Moderate security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.
CVE-2014-3528, CVE-2014-3580, CVE-2014-8108
Red Hat Enterprise Linux: Updated subversion packages that fix two security issues are now available
for Red Hat Enterprise Linux 6.
Red Hat Product Security has rated this update as having Moderate security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.
CVE-2014-3528, CVE-2014-3580
Red Hat Enterprise Linux: Updated kernel packages that fix one security issue and several bugs are
now available for Red Hat Enterprise Linux 5.
Red Hat Product Security has rated this update as having Moderate security
impact. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available from the CVE link in the
References section.
CVE-2014-7822
Red Hat Enterprise Linux: Updated chromium-browser packages that fix multiple security issues are now
available for Red Hat Enterprise Linux 6 Supplementary.
Red Hat Product Security has rated this update as having Important security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.
CVE-2015-1209, CVE-2015-1210, CVE-2015-1211, CVE-2015-1212
Red Hat Enterprise Linux: Updated augeas packages that fix one bug are now available for Red Hat
Enterprise Linux 6.
10th February, 2015
A security issue affects these releases of Ubuntu and its
derivatives:
Several security issues were fixed in Oxide.
A use-after-free bug was discovered in the DOM implementation in Blink. If
a user were tricked in to opening a specially crafted website, an attacker
could potentially exploit this to cause a denial of service via renderer
crash or execute arbitrary code with the privileges of the sandboxed
render process. (CVE-2015-1209)
It was discovered that V8 did not properly consider frame access
restrictions when throwing exceptions in some circumstances. If a user
were tricked in to opening a specially crafted website, an attacker could
potentially exploit this to bypass same origin restrictions.
(CVE-2015-1210)
It was discovered that Chromium did not properly restrict the URI scheme
during ServiceWorker registration. If a user were tricked in to
downloading and opening a specially crafted HTML file, an attacker could
potentially exploit this to bypass security restrictions. (CVE-2015-1211)
Multiple security issues were discovered in Chromium. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit these to read uninitialized memory, cause a denial
of service via application crash or execute arbitrary code with the
privileges of the user invoking the program. (CVE-2015-1212)
The problem can be corrected by updating your system to the following
package version:
To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.
In general, a standard system update will make all the necessary changes.