NVD

CVE-2015-2217

March 10, 2015 007admin

Multiple cross-site scripting (XSS) vulnerabilities in Ultimate PHP Board (aka myUPB) 2.2.7 allow remote attackers to inject arbitrary web script or HTML via the (1) q parameter to search.php or (2) avatar parameter to profile.php.

Fedora

Fedora EPEL 7 Security Update: 389-admin-1.1.38-1.el7

March 10, 2015 007admin

Resolved Bugs
1183154 – CVE-2015-0233 389-admin: multiple /tmp/ file vulnerabilities [epel-all]<br
releasing 1.1.38

Mandriva

MDVSA-2015:057: kernel

March 10, 2015 007admin

Multiple vulnerabilities has been found and corrected in the Linux
kernel:

The Crypto API in the Linux kernel before 3.18.5 allows local users
to load arbitrary kernel modules via a bind system call for an
AF_ALG socket with a parenthesized module template expression in
the salg_name field, as demonstrated by the vfat(aes) expression,
a different vulnerability than CVE-2013-7421 (CVE-2014-9644).

net/netfilter/nf_conntrack_proto_generic.c in the Linux kernel before
3.18 generates incorrect conntrack entries during handling of certain
iptables rule sets for the SCTP, DCCP, GRE, and UDP-Lite protocols,
which allows remote attackers to bypass intended access restrictions
via packets with disallowed port numbers (CVE-2014-8160).

The Crypto API in the Linux kernel before 3.18.5 allows local users
to load arbitrary kernel modules via a bind system call for an
AF_ALG socket with a module name in the salg_name field, a different
vulnerability than CVE-2014-9644 (CVE-2013-7421).

The updated packages provides a solution for these security issues.

Redhat