CentOS Errata and Security Advisory 2015:0729 Important Upstream details at : https://rhn.redhat.com/errata/RHSA-2015-0729.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) x86_64: e212780d7247c3913fc6f60d698827e7e947b96ecc84b9ce0519db5a54ae9ce2 setroubleshoot-3.2.17-4.1.el7_1.x86_64.rpm a3e269b0d49eb051f416cb5be1d36e8b75697a62769082531b29d37b64976025 setroubleshoot-server-3.2.17-4.1.el7_1.x86_64.rpm Source: 2fc1aca4929d15a5574f7322b5f2bb170bd0487bed9b534e36f9a61ebc34e0ad setroubleshoot-3.2.17-4.1.el7_1.src.rpm
Monthly Archives: March 2015
CESA-2015:0750 Moderate CentOS 7 postgresqlSecurity Update
CentOS Errata and Security Advisory 2015:0750 Moderate Upstream details at : https://rhn.redhat.com/errata/RHSA-2015-0750.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) x86_64: 77ba0458628c9a8a99ecd5c06e42f90c7492da86576c3566439ecb28f3aad535 postgresql-9.2.10-2.el7_1.i686.rpm 790023ac8ee7b4b1f491d3315ea6425d4c35b4a2c5a294d775229e0faaeddd09 postgresql-9.2.10-2.el7_1.x86_64.rpm b315d01bae42047a450f3917014711e52f9ffdb800e2bd558b396264b507eaf7 postgresql-contrib-9.2.10-2.el7_1.x86_64.rpm 4a565e2ddec4a2632f185a843df2cc2ac3aefb5e3e0232150cb5a8b8e60f23fb postgresql-devel-9.2.10-2.el7_1.i686.rpm 133620e77b471f4ce03a5b96e0cbf09f81b151c5ebebe62c8fadb04da73b8013 postgresql-devel-9.2.10-2.el7_1.x86_64.rpm 3b79da8474b294b3e919c62106379f56c033a4ba364ae2819d66eeee59e022dd postgresql-docs-9.2.10-2.el7_1.x86_64.rpm 223c81d30e229f584d29ec192d83fba248d110f8f7244b816e96f29dd4ab06a4 postgresql-libs-9.2.10-2.el7_1.i686.rpm 8af2450166411b4fa91a4caa8abbfe1470522c97cc9947d25938ae76b65c5702 postgresql-libs-9.2.10-2.el7_1.x86_64.rpm 63020945b1e6542d9f4fb72420638053a8e4fc0d9971c988754e56d78c26a1e3 postgresql-plperl-9.2.10-2.el7_1.x86_64.rpm e95b01115bd615493d22b4a26b9b6be52c01de051cf0eec13d0800006c8fe2bc postgresql-plpython-9.2.10-2.el7_1.x86_64.rpm 33dc3c25a5d957e7069cfb7e8881ac22113c27fa4e5178cff6463bc70e5f211a postgresql-pltcl-9.2.10-2.el7_1.x86_64.rpm 06093093b30853670154bdec1bff6052e3c6c6bebfb866118cc7361eefbf5eee postgresql-server-9.2.10-2.el7_1.x86_64.rpm 8d60e3c174909e7c4260cae8a957ccdc85b30acdc3172155b1bae664526955d2 postgresql-test-9.2.10-2.el7_1.x86_64.rpm 9cbfbc520dd9fba011248da73431615dbd3c1c0eba52ea836dd0c8952d256000 postgresql-upgrade-9.2.10-2.el7_1.x86_64.rpm Source: 387108bf8d8b60debc02b243bb97c7f53b3ab497e0727f7bd00eadb7349f6ea9 postgresql-9.2.10-2.el7_1.src.rpm
CEEA-2015:0735 CentOS 7 qemu-kvm EnhancementUpdate
CentOS Errata and Enhancement Advisory 2015:0735 Upstream details at : https://rhn.redhat.com/errata/RHEA-2015-0735.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) x86_64: 855462f320dcb5daee782539a250d56aca915264cf38e01e6e700310180a07b4 libcacard-1.5.3-86.el7_1.1.i686.rpm 044ab33caf79b1971c0e80f9dd1df3456a35520add1ddd1750805f8340e403dc libcacard-1.5.3-86.el7_1.1.x86_64.rpm a6d4cfeb5dd311f08148aac21a565eafd2228cf18f779039f617ea1f30d2db02 libcacard-devel-1.5.3-86.el7_1.1.i686.rpm 03afd6ab025cc4bd43b5f08120a336476ebbc427d6a68b1fe106591df9bccabb libcacard-devel-1.5.3-86.el7_1.1.x86_64.rpm 39fc863f9b5ccf1147f7c719b7d95a2fc0696c3458e91b315875eac5e8f635c5 libcacard-tools-1.5.3-86.el7_1.1.x86_64.rpm 653d877e81ec19be3ab0b9c3e103c32d36219d49b8955830c84ed341a0adebcd qemu-img-1.5.3-86.el7_1.1.x86_64.rpm 18201f78f81537acee7337099a666b67f982e42521f3bb5d6b91a6f79aed6248 qemu-kvm-1.5.3-86.el7_1.1.x86_64.rpm bc136e83c9cdeffb5963a3c1ecb31c4f26f72e91de0d5092a799dca7e67a96fb qemu-kvm-common-1.5.3-86.el7_1.1.x86_64.rpm ac170c90d53d311821281023a8b98f0b8fada1beb70a243797acc0efd4bd7dd0 qemu-kvm-tools-1.5.3-86.el7_1.1.x86_64.rpm Source: 1801760e3d8655f327abe88da4da8a9643331e4053fb94623eacabb262110923 qemu-kvm-1.5.3-86.el7_1.1.src.rpm
CVE-2015-1892
The Multicast DNS (mDNS) responder in IBM Security Access Manager for Web 7.x before 7.0.0 FP12 and 8.x before 8.0.1 FP1 inadvertently responds to unicast queries with source addresses that are not link-local, which allows remote attackers to cause a denial of service (traffic amplification) or obtain potentially sensitive information via port-5353 UDP packets.
CVE-2015-2808
The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic that occasionally relies on keys affected by the Invariance Weakness, and then using a brute-force approach involving LSB values, aka the “Bar Mitzvah” issue.
CVE-2015-2809
The Multicast DNS (mDNS) responder in Synology DiskStation Manager (DSM) before 3.1 inadvertently responds to unicast queries with source addresses that are not link-local, which allows remote attackers to cause a denial of service (traffic amplification) or obtain potentially sensitive information via port-5353 UDP packets to the Avahi component.
Packet Storm New Exploits For March, 2015
This archive contains 224 exploits that were added to Packet Storm in March, 2015.
Ericsson Drutt MSDP (Instance Monitor) Directory Traversal / File Access
Ericsson Drutt MSDP (Instance Monitor) versions 4, 5, and 6 suffer from directory traversal and arbitrary file access vulnerabilities.
Ericsson Drutt MSDP (Report Viewer) Cross Site Scripting
Ericsson Drutt MSDP (Report Viewer) versions 4, 5, and 6 suffer from a cross site scripting vulnerability.
Ericsson Drutt MSDP (3PI Manager) Cross Site Scripting
Ericsson Drutt MSDP (3PI Manager) versions 4, 5, and 6 suffer from a cross site scripting vulnerability.