Red Hat Enterprise Linux: Updated OpenStack Block Storage packages that resolve various issues are
now available for Red Hat Enterprise Linux OpenStack Platform 5.0
(Icehouse) for RHEL 7.
Monthly Archives: April 2015
RHBA-2015:0817-1: kdelibs bug fix update
Red Hat Enterprise Linux: Updated kdelibs packages that fix two bugs are now available for Red Hat
Enterprise Linux 6.
USN-2569-2: Apport vulnerability
Ubuntu Security Notice USN-2569-2
16th April, 2015
apport vulnerability
A security issue affects these releases of Ubuntu and its
derivatives:
- Ubuntu 14.10
- Ubuntu 14.04 LTS
Summary
Apport could be tricked into running programs as an administrator.
Software description
- apport
– automatically generate crash reports for debugging
Details
USN-2569-1 fixed a vulnerability in Apport. Tavis Ormandy discovered that
the fixed packages were still vulnerable to a privilege escalation attack.
This update completely disables crash report handling for containers until
a more complete solution is available.
Original advisory details:
Stéphane Graber and Tavis Ormandy independently discovered that Apport
incorrectly handled the crash reporting feature. A local attacker could use
this issue to gain elevated privileges.
Update instructions
The problem can be corrected by updating your system to the following
package version:
- Ubuntu 14.10:
-
apport
2.14.7-0ubuntu8.4
- Ubuntu 14.04 LTS:
-
apport
2.14.1-0ubuntu3.10
To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.
In general, a standard system update will make all the necessary changes.
References
Reflected XSS in Citizen Space allows attackers to view sensitive information of the attacker’s ch oosing (WordPress plugin)
Posted by dxw Security on Apr 16
Details
================
Software: Citizen Space
Version: 1.1
Homepage: http://wordpress.org/plugins/citizen-space/
Advisory report:
https://security.dxw.com/advisories/reflected-xss-in-citizen-space-allows-attackers-to-view-sensitive-information-of-the-attackers-choosing/
CVE: Awaiting assignment
CVSS: 6.4 (Medium; AV:N/AC:L/Au:N/C:P/I:P/A:N)
Description
================
Reflected XSS in Citizen Space allows attackers to view sensitive…
CEBA-2015:0817 CentOS 6 kdelibs BugFix Update
CentOS Errata and Bugfix Advisory 2015:0817 Upstream details at : https://rhn.redhat.com/errata/RHBA-2015-0817.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: c975b917bdae041e063e7c6e10feb945b75353d41a999128ac57a2afa8f219ce kdelibs-4.3.4-23.el6_6.i686.rpm 389b3427db0aa9c1ec190b68ebbeb96b1c5608226a7865c0ab10bbc4d541a4d9 kdelibs-apidocs-4.3.4-23.el6_6.noarch.rpm 0ca04fb3a946ebd75935d94dcc17be09cf98debc046d47ac5faca5ced067d477 kdelibs-common-4.3.4-23.el6_6.i686.rpm 85b1234aa3b4a233c8c8c72369e8bb07e37401387d5ef7c174e052ccec63f3da kdelibs-devel-4.3.4-23.el6_6.i686.rpm x86_64: c975b917bdae041e063e7c6e10feb945b75353d41a999128ac57a2afa8f219ce kdelibs-4.3.4-23.el6_6.i686.rpm ac4a090e2040bc0c86bb16d1202e8374003e31c26a83ccd01dfcd8f941deb818 kdelibs-4.3.4-23.el6_6.x86_64.rpm 389b3427db0aa9c1ec190b68ebbeb96b1c5608226a7865c0ab10bbc4d541a4d9 kdelibs-apidocs-4.3.4-23.el6_6.noarch.rpm 582cfb9cce3c4a34e021b63177c89201dcde6623cd424f560cc4a241e984d07b kdelibs-common-4.3.4-23.el6_6.x86_64.rpm 85b1234aa3b4a233c8c8c72369e8bb07e37401387d5ef7c174e052ccec63f3da kdelibs-devel-4.3.4-23.el6_6.i686.rpm dcca1c741d99e7a608b4a2bc21a06dcd1a3ce1c51e472f30a284a47696baea14 kdelibs-devel-4.3.4-23.el6_6.x86_64.rpm Source: cfa00bed58c19b65415066f6cecd188637af37c34ec9d5ef429850e6f87960c2 kdelibs-4.3.4-23.el6_6.src.rpm
CSRF and stored XSS in WordPress Content Slide allow an attacker to have full admin privileges (WordPress plugin)
Posted by dxw Security on Apr 16
Details
================
Software: WordPress Content Slide
Version: 1.4.2
Homepage: http://wordpress.org/plugins/content-slide/
Advisory report:
https://security.dxw.com/advisories/csrf-and-stored-xss-in-wordpress-content-slide-allow-an-attacker-to-have-full-admin-privileges/
CVE: Awaiting assignment
CVSS: 6.8 (Medium; AV:N/AC:M/Au:N/C:P/I:P/A:P)
Description
================
CSRF and stored XSS in WordPress Content Slide allow an attacker to…
CVE-2015-2566
Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via vectors related to DML.
CVE-2015-2567
Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Privileges.
CVE-2015-2568
Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote attackers to affect availability via unknown vectors related to Server : Security : Privileges.
CVE-2015-2570
Unspecified vulnerability in the Oracle Demand Planning component in Oracle Supply Chain Products Suite 11.5.10, 12.0, 12.1, and 12.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Security.