WordPress Acobot Live Chat and Contact Form plugin version 2.0 suffers from cross site request forgery and cross site scripting vulnerabilities.

Ubuntu Security Notice 2497-1 – Stephen Roettger, Sebastian Krahmer, and Harlan Stenn discovered that NTP incorrectly handled the length value in extension fields. A remote attacker could use this issue to possibly obtain leaked information, or cause the NTP daemon to crash, resulting in a denial of service. Stephen Roettger discovered that NTP incorrectly handled ACLs based on certain IPv6 addresses.

Debian Linux Security Advisory 3157-1 – Multiple vulnerabilities were discovered in the interpreter for the Ruby language.

HP Security Bulletin HPSBGN03252 1 – A potential security vulnerability has been identified with HP AppPulse Active running SSLv3. This is the SSLv3 vulnerability known as “Padding Oracle on Downgraded Legacy Encryption” also known as “Poodle”, which could be exploited remotely to allow disclosure of information. Revision 1 of this advisory.

HP Security Bulletin HPSBMU03224 1 – A potential security vulnerability has been identified with HP LoadRunner and Performance Center, Load Generator Virtual Machine Images, running Windows. The vulnerability in Windows running in virtual machine images provided with LoadRunner and Load Generator could be exploited remotely to allow elevation of privilege. Revision 1 of this advisory.

HP Security Bulletin HPSBGN03254 1 – A potential security vulnerability has been identified with HP Service Health Analyzer running SSLv3. This is the SSLv3 vulnerability known as “Padding Oracle on Downgraded Legacy Encryption” also known as “Poodle”, which could be exploited remotely to allow disclosure of information. Revision 1 of this advisory.

HP Security Bulletin HPSBMU03216 2 – Potential security vulnerabilities have been identified with HP Service Manager running SSLv3. The vulnerabilities could be exploited remotely resulting in Denial of Service (DoS), unauthorized access or disclosure of information. Revision 2 of this advisory.

Debian Linux Security Advisory 3154-2 – Marc Deslauriers reported that the patch applied to ntp for CVE-2014-9297 in DSA 3154-1 was incomplete. This update corrects that problem.

Debian Linux Security Advisory 3156-1 – A vulnerability was found in liveMedia, a set of C++ libraries for multimedia streaming. RTSP messages starting with whitespace were assumed to have a zero length, triggering an integer underflow, infinite loop, and then a buffer overflow. This could allow remote attackers to cause a denial of service (crash) or arbitrary code execution via crafted RTSP messages.

Debian Linux Security Advisory 2978-2 – It was discovered that the update released for libxml2 in DSA 2978 fixing CVE-2014-0191 was incomplete. This caused libxml2 to still fetch external entities regardless of whether entity substitution or validation is enabled.