Resolved Bugs
1192340 – drupal6-views-2.18 is available
1192962 – drupal6-views: drupal-views: multiple vulnerabilities (SA-CONTRIB-2015-039) [epel-all]
1192959 – drupal-views: multiple vulnerabilities (SA-CONTRIB-2015-039)<br
Latest upstream release.
Monthly Archives: February 2015
Fedora EPEL 6 Security Update: python-crypto2.6-2.6.1-2.el6
Resolved Bugs
1103566 – python-crypto2.6 breaks ansible in epel repository<br
* Disable C extension accelerator to avoid a timing vulnerability with the version of libgmp available on RHEL6
Fedora EPEL 5 Security Update: drupal6-views-2.18-1.el5
Fedora EPEL 6 Security Update: unbound-1.5.1-1.el6
Resolved Bugs
1172067 – CVE-2014-8602 unbound: specially crafted request can lead to denial of service [epel-all]<br
Updated to 1.5.1 for CVE-2014-8602 (rhbz#1172067)
Vuln: ClamAV CVE-2013-6497 Local Denial of Service Vulnerability
ClamAV CVE-2013-6497 Local Denial of Service Vulnerability
Vuln: ClamAV CVE-2014-9328 Multiple Heap Buffer Overflow Vulnerabilities
ClamAV CVE-2014-9328 Multiple Heap Buffer Overflow Vulnerabilities
UNIT4 Prosoft HRMS 8.14.230.47 Cross Site Scripting
UNIT4 Prosoft HRMS version 8.14.230.47 suffers from a cross site scripting vulnerability.
Google Adds Grace Period to Disclosure Policy
Google announced that it was adding a 14-day grace period to its 90-day vulnerability disclosure deadline if the affected vendor says it will have a patch ready inside the extension.
Landsknecht Adminsystems CMS 4.0.1 CSRF / XSS / File Upload
Landsknecht Adminsystems CMS version 4.0.1 (dev and beta versions) suffer from cross site request forgery, cross site scripting, and remote file upload vulnerabilities.
HP Security Bulletin HPSBGN03258 1
HP Security Bulletin HPSBGN03258 1 – A potential security vulnerability has been identified with HP Insight Control server deployment Windows Pre-boot Execution Environment that could be exploited remotely resulting in arbitrary execution of code. This is the vulnerability known as Winshock. HP Insight Control server deployment uses the Windows Automated Installation Kit 2.0 to generate the Windows Pre-boot Execution Environment service operating system. WAIK 2.0 is vulnerable to CVE-2014-6321 (Microsoft Schannel Remote Code Execution vulnerability). This bulletin provides instructions to update the Windows Pre-boot Execution Environment with updates from Microsoft. Revision 1 of this advisory.