During his RSA keynote today, Juniper Networks’ Chris Hoff shared the stage with 9-year-old hacker Reuben Paul, in a talk meant to be a call to action for the security industry to teach young programmers security and privacy from the outset.
Monthly Archives: April 2015
FreePBX 12.0.43 Cross Site Scripting
FreePBX version 12.0.43 suffers from multiple cross site scripting vulnerabilities.
RHSA-2015:0870-1: Important: kernel security update
Red Hat Enterprise Linux: Updated kernel packages that fix one security issue are now available for
Red Hat Enterprise Linux 5.9 Long Life.
Red Hat Product Security has rated this update as having Important security
impact. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available from the CVE link in the
References section.
CVE-2014-8159
RHSA-2015:0869-1: Important: kvm security update
Red Hat Enterprise Linux: Updated kvm packages that fix two security issues are now available for Red
Hat Enterprise Linux 5.
Red Hat Product Security has rated this update as having Important security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.
CVE-2014-3610, CVE-2014-3611
RHBA-2015:0871-1: dbus bugfix update
Red Hat Enterprise Linux: Updated dbus packages that fix one bug in the command-line parsing functionality
are now available for Red Hat Enterprise Linux 6.
Netgear WNR2000v4 Abuse / XSS / Command Injection
Netgear WNR2000v4 suffers from code execution, missing abuse control, and cross site scripting vulnerabilities.
Red Hat Security Advisory 2015-0870-01
Red Hat Security Advisory 2015-0870-01 – The kernel packages contain the Linux kernel, the core of any Linux operating system. It was found that the Linux kernel’s Infiniband subsystem did not properly sanitize input parameters while registering memory regions from user space via the verbs API. A local user with access to a /dev/infiniband/uverbsX device could use this flaw to crash the system or, potentially, escalate their privileges on the system.
Red Hat Security Advisory 2015-0869-01
Red Hat Security Advisory 2015-0869-01 – KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. KVM is a Linux kernel module built for the standard Red Hat Enterprise Linux kernel. It was found that KVM’s Write to Model Specific Register instruction emulation would write non-canonical values passed in by the guest to certain MSRs in the host’s context. A privileged guest user could use this flaw to crash the host. A race condition flaw was found in the way the Linux kernel’s KVM subsystem handled PIT emulation. A guest user who has access to the PIT I/O ports could use this flaw to crash the host.
Debian Security Advisory 3232-1
Debian Linux Security Advisory 3232-1 – Several vulnerabilities were discovered in cURL, an URL transfer library.
Slackware Security Advisory – php Updates
Slackware Security Advisory – New php packages are available for Slackware 14.0, 14.1, and -current to fix security issues.