Monthly Archives: February 2015
Bicameral, Bipartisan Seeks To Modernize Electronic Privacy Law
Siemens Sighs: SCADA Bugs Abound
CEBA-2015:0130 CentOS 6 resource-agents BugFixUpdate
CentOS Errata and Bugfix Advisory 2015:0130 Upstream details at : https://rhn.redhat.com/errata/RHBA-2015-0130.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: 042e4525d919eefcb11ddd40daf3f8b36bfd36835c541d4d9d9559fb93f1ffed resource-agents-3.9.5-12.el6_6.3.i686.rpm x86_64: 2ddf1fa020816a97162c1ef712a2faa93ba927a83a8a5143447c139501afcb9f resource-agents-3.9.5-12.el6_6.3.x86_64.rpm 50d0851b848ee248cfdf075a76ad49d76e76415b3cfc59f21444c2fcc8ed2b4f resource-agents-sap-3.9.5-12.el6_6.3.x86_64.rpm Source: b6c9abc00209e828586393c24414fa391f3abe05dadbad2f6e2f3e79823f3482 resource-agents-3.9.5-12.el6_6.3.src.rpm
CEBA-2015:0123 CentOS 6 xorg-x11-server BugFixUpdate
CentOS Errata and Bugfix Advisory 2015:0123 Upstream details at : https://rhn.redhat.com/errata/RHBA-2015-0123.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: 2c2e39e0ba36026de247eedaa5a733f27403600578a6330da9f7c1180c5fec19 xorg-x11-server-common-1.15.0-25.1.el6.centos.i686.rpm 81080ae713a1acd0ea30d84be54b04dba632c231399357d935bad3d591b73957 xorg-x11-server-devel-1.15.0-25.1.el6.centos.i686.rpm b4014fd130801be327a405a7d7bcce8e2448546daa8a9244171194a40f4d1ef4 xorg-x11-server-source-1.15.0-25.1.el6.centos.noarch.rpm 8322884a868f43d2c213987a6df3f3e4437440a2602d9f1c81b34b48c94aeb9a xorg-x11-server-Xdmx-1.15.0-25.1.el6.centos.i686.rpm e5cd7b182deb9e54ac4f580ad009baa48b6959f230caa18dd78cf574c3f854be xorg-x11-server-Xephyr-1.15.0-25.1.el6.centos.i686.rpm 93148cb5b77194501ba3ea7f915c40c1e529f2c3ba391c8dd7fb4987bb17a7b6 xorg-x11-server-Xnest-1.15.0-25.1.el6.centos.i686.rpm 58c14d3273d8edc6d5c215b1fc519064750a48181c413c7e4e1cee415c4b56aa xorg-x11-server-Xorg-1.15.0-25.1.el6.centos.i686.rpm 8b1583b961d2e31f720b7674883187c602e46fa8d4429557f14eac0dc463464c xorg-x11-server-Xvfb-1.15.0-25.1.el6.centos.i686.rpm x86_64: da6cb1aadca9ac7539113bcc892011e7aec0902b4c81ab350eb6754855b354b7 xorg-x11-server-common-1.15.0-25.1.el6.centos.x86_64.rpm 81080ae713a1acd0ea30d84be54b04dba632c231399357d935bad3d591b73957 xorg-x11-server-devel-1.15.0-25.1.el6.centos.i686.rpm 6adf16b9a2cc397fc54bab110093f1591bc02586c196de8b4b7c9fbd94bcce65 xorg-x11-server-devel-1.15.0-25.1.el6.centos.x86_64.rpm b4014fd130801be327a405a7d7bcce8e2448546daa8a9244171194a40f4d1ef4 xorg-x11-server-source-1.15.0-25.1.el6.centos.noarch.rpm aac00cfabe20cadf545cc9218f97b990e175ba2ded7928b4078a0e5755f30e8b xorg-x11-server-Xdmx-1.15.0-25.1.el6.centos.x86_64.rpm c7515cf4862ca3d74df10cb2e8c63449295920f85f6d74e00d3c475ce80e7242 xorg-x11-server-Xephyr-1.15.0-25.1.el6.centos.x86_64.rpm 88efbb1cd6d3cd08c363703c46486b158e4d0046ff04eb09e622edfbb1a91bf4 xorg-x11-server-Xnest-1.15.0-25.1.el6.centos.x86_64.rpm 0651a9d480cc2a883183892165b66a06d648490fa00d29a2306239d9457b6c13 xorg-x11-server-Xorg-1.15.0-25.1.el6.centos.x86_64.rpm 9379a70a17375b21779f28036a4a138dcbf30eb652c63399a3672a65dac4080b xorg-x11-server-Xvfb-1.15.0-25.1.el6.centos.x86_64.rpm Source: 9cc1156ecd7ce73b45b49aa8c0c28a13b5f4f33ce67e3ebc1cf4d552ccc13f8d xorg-x11-server-1.15.0-25.1.el6.centos.src.rpm
CEBA-2015:0129 CentOS 6 device-mapper-multipathBugFix Update
CentOS Errata and Bugfix Advisory 2015:0129 Upstream details at : https://rhn.redhat.com/errata/RHBA-2015-0129.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: a50f6c4932fdf9d035576570d981131142bbadcd65741393c30897273253a0eb device-mapper-multipath-0.4.9-80.el6_6.3.i686.rpm 8c66823188be42a06e0725d1721314ccb33d09f701f006afabea0cac304523d9 device-mapper-multipath-libs-0.4.9-80.el6_6.3.i686.rpm 41db17f1ee29ecf64e69670d6b69be517bcdf74f3d4b3327e313468deb78a9fb kpartx-0.4.9-80.el6_6.3.i686.rpm x86_64: 29128315b4a8b219f9db11277fba2775033e473cb93ad37b716bad8084566279 device-mapper-multipath-0.4.9-80.el6_6.3.x86_64.rpm 8c66823188be42a06e0725d1721314ccb33d09f701f006afabea0cac304523d9 device-mapper-multipath-libs-0.4.9-80.el6_6.3.i686.rpm e441885d3aadb68fd2054ad47e5347ac382509379735036c6c70e424b96ce55f device-mapper-multipath-libs-0.4.9-80.el6_6.3.x86_64.rpm 402a73ef2ac94a4c61ea0f5078c7e6255f86d5c0d490b1341abcb63a7db1d227 kpartx-0.4.9-80.el6_6.3.x86_64.rpm Source: 8c32f972a4afea74c8362d6e75747eb147314f0e37bcb6b890c2a996ad8372a8 device-mapper-multipath-0.4.9-80.el6_6.3.src.rpm
[ MDVSA-2015:030 ] bugzilla
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2015:030 http://www.mandriva.com/en/support/security/ _______________________________________________________________________ Package : bugzilla Date : February 5, 2015 Affected: Business Server 1.0 _______________________________________________________________________ Problem Description: Updated bugzilla packages fix security vulnerability: Some code in Bugzilla does not properly utilize 3 arguments form for open() and it is possible for an account with editcomponents permissions to inject commands into product names and other attributes (CVE-2014-8630). _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8630 http://advisories.mageia.org/MGASA-2015-0048.html _____________________________________________________
[ MDVSA-2015:029 ] binutils
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2015:029 http://www.mandriva.com/en/support/security/ _______________________________________________________________________ Package : binutils Date : February 5, 2015 Affected: Business Server 1.0 _______________________________________________________________________ Problem Description: Multiple vulnerabilities has been found and corrected in binutils: Multiple integer overflows in the (1) _objalloc_alloc function in objalloc.c and (2) objalloc_alloc macro in include/objalloc.h in GNU libiberty, as used by binutils 2.22, allow remote attackers to cause a denial of service (crash) via vectors related to the addition of CHUNK_HEADER_SIZE to the length, which triggers a heap-based buffer overflow (CVE-2012-3509). The srec_scan function in bfd/srec.c in libdbfd in GNU binutils before 2.25 allows remot
Magento Server MAGMI Cross Site Scripting / Local File Inclusion
Magento Server MAGMI suffers from cross site scripting and local file inclusion vulnerabilities.
[ MDVSA-2015:028 ] aircrack-ng
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2015:028 http://www.mandriva.com/en/support/security/ _______________________________________________________________________ Package : aircrack-ng Date : February 5, 2015 Affected: Business Server 1.0 _______________________________________________________________________ Problem Description: Updated aircrack-ng package fixes security vulnerabilities: A length parameter inconsistency in Aircrack-ng before 1.2-rc1 at aireplay tcp_test() which may lead to remote code execution (CVE-2014-8322). A missing check for data format in Aircrack-ng before 1.2-rc1 at buddy-ng which may lead to denial of service (CVE-2014-8323). A missing check for invalid values in Aircrack-ng before 1.2-rc1 at airserv-ng net_get() which may lead to denial of service (CVE-2014-8324). __________________________________________