The Connection Conversation Manager (CuCsMgr) process in Cisco Unity Connection 8.5 before 8.5(1)SU7, 8.6 before 8.6(2a)SU4, 9.x before 9.1(2)SU2, and 10.0 before 10.0(1)SU1, when SIP trunk integration is enabled, allows remote attackers to cause a denial of service (core dump and restart) via crafted SIP INVITE messages, aka Bug ID CSCul26267.
Monthly Archives: April 2015
CVE-2015-0615
The call-handling implementation in Cisco Unity Connection 8.5 before 8.5(1)SU7, 8.6 before 8.6(2a)SU4, 9.x before 9.1(2)SU2, and 10.0 before 10.0(1)SU1, when SIP trunk integration is enabled, allows remote attackers to cause a denial of service (port consumption) by improperly terminating SIP sessions, aka Bug ID CSCul28089.
CVE-2015-0616
The Connection Conversation Manager (CuCsMgr) process in Cisco Unity Connection 8.5 before 8.5(1)SU7, 8.6 before 8.6(2a)SU4, and 9.x before 9.1(2)SU2, when SIP trunk integration is enabled, allows remote attackers to cause a denial of service (core dump and restart) by improperly terminating SIP TCP connections, aka Bug ID CSCul69819.
Eugene Kaspersky: Know Your Particular Strengths and Make Them Work Towards Your Goals – Huffington Post
Proposed Amendments to US Cybersecurity Laws Under Scrutiny – Tech News World
Android App of the Week: Phound! – Notebook Review
Bitcoin's Blockchain Offers Safe Haven For Malware And Child Abuse, Warns Interpol – Forbes
MDVA-2015:007: mariadb
This is a maintenance and bugfix release that upgrades MariaDB to
the latest 5.5.42 version which resolves various upstream bugs.
MDVSA-2015:192: subversion
Multiple vulnerabilities has been discovered and corrected in
subversion:
Subversion HTTP servers with FSFS repositories are vulnerable to a
remotely triggerable excessive memory use with certain REPORT requests
(CVE-2015-0202).
Subversion mod_dav_svn and svnserve are vulnerable to a remotely
triggerable assertion DoS vulnerability for certain requests with
dynamically evaluated revision numbers (CVE-2015-0248).
Subversion HTTP servers allow spoofing svn:author property values
for new revisions (CVE-2015-0251).
The updated packages have been upgraded to the 1.7.20 and 1.8.13
versions where these security flaws has been fixed.
MDVA-2015:006: nss
This is a maintenance and bugfix release that upgrades NSS to the
latest 3.18 version which resolves various upstream bugs.
Additionally the rootcerts package has also been updated to the
latest version as of 2015-03-26, which adds, removes, and distrusts
several certificates.