ESA-2015-043: RSA® Validation Manager Security Update for Multiple Vulnerabilities
Monthly Archives: June 2015
RHSA-2015:1120-1: Important: kernel security and bug fix update
Red Hat Enterprise Linux: Updated kernel packages that fix one security issue and one bug are now
available for Red Hat Enterprise Linux 5.9 Advanced Update Support.
Red Hat Product Security has rated this update as having Important security
impact. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available from the CVE link in the
References section.
CVE-2015-1805
RHBA-2015:1119-1: dmidecode bug fix update
Red Hat Enterprise Linux: Updated dmidecode packages that fix one bug are now available for Red Hat
Enterprise Linux 6.
RHBA-2015:1118-1: yum-langpacks bug fix update
Red Hat Enterprise Linux: An updated yum-langpacks package that fixes one bug is now available for Red Hat
Enterprise Linux 7.
RHBA-2015:1117-1: chromium-browser bug fix and enhancement update
Red Hat Enterprise Linux: Updated chromium-browser packages that fix several bugs and add various
enhancements are now available for Red Hat Enterprise Linux 6.
RHBA-2015:1116-1: ibus bug fix update
Red Hat Enterprise Linux: Updated ibus packages that fix two bugs are now available for Red Hat Enterprise
Linux 7.
USN-2648-1: Aptdaemon vulnerability
Ubuntu Security Notice USN-2648-1
16th June, 2015
aptdaemon vulnerability
A security issue affects these releases of Ubuntu and its
derivatives:
- Ubuntu 15.04
- Ubuntu 14.10
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
Summary
Aptdaemon could be made to expose sensitive information, or allow file
access as the administrator.
Software description
- aptdaemon
– transaction based package management service
Details
Tavis Ormandy discovered that Aptdeamon incorrectly handled the simulate
dbus method. A local attacker could use this issue to possibly expose
sensitive information, or perform other file access as the root user.
Update instructions
The problem can be corrected by updating your system to the following
package version:
- Ubuntu 15.04:
-
aptdaemon
1.1.1+bzr982-0ubuntu3.1
- Ubuntu 14.10:
-
aptdaemon
1.1.1+bzr980-0ubuntu1.1
- Ubuntu 14.04 LTS:
-
aptdaemon
1.1.1-1ubuntu5.2
- Ubuntu 12.04 LTS:
-
aptdaemon
0.43+bzr805-0ubuntu10
To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.
After a standard system update you need to reboot your computer to make
all the necessary changes.
References
USN-2649-1: devscripts vulnerability
Ubuntu Security Notice USN-2649-1
16th June, 2015
devscripts vulnerability
A security issue affects these releases of Ubuntu and its
derivatives:
- Ubuntu 14.10
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
Summary
devscripts could be made to overwrite files.
Software description
- devscripts
– scripts to make the life of a Debian Package maintainer easier
Details
It was discovered that the uupdate tool incorrectly handled symlinks.
If a user or automated system were tricked into processing specially
crafted files, a remote attacker could possibly replace arbitrary files,
leading to a privilege escalation.
Update instructions
The problem can be corrected by updating your system to the following
package version:
- Ubuntu 14.10:
-
devscripts
2.14.6ubuntu0.1
- Ubuntu 14.04 LTS:
-
devscripts
2.14.1ubuntu0.1
- Ubuntu 12.04 LTS:
-
devscripts
2.11.6ubuntu1.7
To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.
In general, a standard system update will make all the necessary changes.
References
USN-2650-1: wpa_supplicant and hostapd vulnerabilities
Ubuntu Security Notice USN-2650-1
16th June, 2015
wpa, wpasupplicant vulnerabilities
A security issue affects these releases of Ubuntu and its
derivatives:
- Ubuntu 15.04
- Ubuntu 14.10
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
Summary
wpa_supplicant and hostapd could be made to crash if they received
specially crafted network traffic.
Software description
- wpa
– client support for WPA and WPA2 - wpasupplicant
– client support for WPA and WPA2
Details
Kostya Kortchinsky discovered multiple flaws in wpa_supplicant and hostapd.
A remote attacker could use these issues to cause wpa_supplicant or hostapd
to crash, resulting in a denial of service. (CVE-2015-4141, CVE-2015-4142,
CVE-2015-4143, CVE-2015-4144, CVE-2015-4145, CVE-2015-4146)
Update instructions
The problem can be corrected by updating your system to the following
package version:
- Ubuntu 15.04:
-
hostapd
2.1-0ubuntu7.2
-
wpasupplicant
2.1-0ubuntu7.2
- Ubuntu 14.10:
-
hostapd
2.1-0ubuntu4.2
-
wpasupplicant
2.1-0ubuntu4.2
- Ubuntu 14.04 LTS:
-
hostapd
2.1-0ubuntu1.3
-
wpasupplicant
2.1-0ubuntu1.3
- Ubuntu 12.04 LTS:
-
wpasupplicant
0.7.3-6ubuntu2.4
To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.
After a standard system update you need to reboot your computer to make
all the necessary changes.
References
Adobe Releases Security Updates for Multiple Products
Original release date: June 16, 2015
Adobe has released security updates for Adobe Photoshop Creative Cloud (CC) and Bridge CC to address multiple vulnerabilities. Exploitation of one of these vulnerabilities may allow a remote attacker to take control of an affected system.
US-CERT encourages users and administrators to review Adobe Security Bulletins APSB15-12 and APSB15-13 and apply the necessary updates.
This product is provided subject to this Notification and this Privacy & Use policy.