Updated ppp packages fix security vulnerability:
Emanuele Rocca discovered that ppp was subject to a buffer
overflow when communicating with a RADIUS server. This would allow
unauthenticated users to cause a denial-of-service by crashing the
daemon (CVE-2015-3310).
Multiple vulnerabilities has been found and corrected in clamav:
Fix infinite loop condition on crafted y0da cryptor file. Identified
and patch suggested by Sebastian Andrzej Siewior (CVE-2015-2221).
Fix crash on crafted petite packed file. Reported and patch supplied
by Sebastian Andrzej Siewior (CVE-2015-2222).
Fix an infinite loop condition on a crafted xz archive file. This
was reported by Dimitri Kirchner and Goulven Guiheux (CVE-2015-2668).
Apply upstream patch for possible heap overflow in Henry Spencer’s
regex library (CVE-2015-2305).
Fix crash in upx decoder with crafted file. Discovered and patch
supplied by Sebastian Andrzej Siewior (CVE-2015-2170).
The updated packages provides a solution for these security issues.
Updated curl packages fix security vulnerabilities:
NTLM-authenticated connections could be wrongly reused for requests
without any credentials set, leading to HTTP requests being sent over
the connection authenticated as a different user (CVE-2015-3143).
When doing HTTP requests using the Negotiate authentication
method along with NTLM, the connection used would not be marked
as authenticated, making it possible to reuse it and send requests
for one user over the connection authenticated as a different user
(CVE-2015-3148).
Updated curl packages fix security vulnerabilities:
NTLM-authenticated connections could be wrongly reused for requests
without any credentials set, leading to HTTP requests being sent over
the connection authenticated as a different user (CVE-2015-3143).
When parsing HTTP cookies, if the parsed cookie’s path element consists
of a single double-quote, libcurl would try to write to an invalid
heap memory address. This could allow remote attackers to cause a
denial of service (crash) (CVE-2015-3145).
When doing HTTP requests using the Negotiate authentication
method along with NTLM, the connection used would not be marked
as authenticated, making it possible to reuse it and send requests
for one user over the connection authenticated as a different user
(CVE-2015-3148).
Red Hat Enterprise Linux: Updated OpenStack Compute packages that resolve various issues are now
available for Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse)
for RHEL 7.
Red Hat Enterprise Linux: Updated OpenStack Compute packages that resolve various issues are now
available for Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse)
for RHEL 6.
4th May, 2015
A security issue affects these releases of Ubuntu and its
derivatives:
XML::LibXML could be made to expose sensitive information.
Tilmann Haak discovered that XML::LibXML incorrectly handled the
expand_entities parameter in certain situations. A remote attacker could
possibly use this issue to access sensitive information.
The problem can be corrected by updating your system to the following
package version:
To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.
In general, a standard system update will make all the necessary changes.
4th May, 2015
A security issue affects these releases of Ubuntu and its
derivatives:
Dnsmasq could be made to crash or expose sensitive information if it
received specially crafted network traffic.
Nick Sampanis discovered that Dnsmasq incorrectly handled certain malformed
DNS requests. A remote attacker could use this issue to cause Dnsmasq to
crash, resulting in a denial of service, or possibly obtain sensitive
information.
The problem can be corrected by updating your system to the following
package version:
To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.
After a standard system update you need to reboot your computer to make
all the necessary changes.
PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network devices, detection of abnormal network activities including from remote snort sensors, isolation of problematic devices, remediation through a captive portal, and registration-based and scheduled vulnerability scans.
The openscap project is a set of open source libraries that support the SCAP (Security Content Automation Protocol) set of standards from NIST. It supports CPE, CCE, CVE, CVSS, OVAL, and XCCDF.