[SECURITY] [DSA 3296-1] libcrypto++ security update
Monthly Archives: June 2015
Bugtraq: [SECURITY] [DSA 3297-1] unattended-upgrades security update
[SECURITY] [DSA 3297-1] unattended-upgrades security update
Click-fraud evolved, and it has a plan
We all know what malware is capable of and that’s why we use a good and reliable antivirus like Avira. But while most of the things malware does sounds horrible and scary there are some that … well, do not.
The perfect example would be click-fraud malware, a kind of malware that does exactly what its name says: It clicks on advertisement. Basically the advertiser has to pay each time a real person or – in the case of malware – a bot-infected device clicks on an ad. A recent report claims that businesses are losing as much as $6.3 billion a year to click-fraud. Crazy, right? But still nothing to lose any sleep over since you are not the one paying the bill.
According to the security researchers from Damballa though, click-fraud can evolve: “Click-fraud malware infections can become something more sinister. In May, Damballa Failsafe tracked and recorded the activity of a click-fraud infection that pulled in three additional click-fraud infections plus CryptoWall, which encrypts the files on the host system to render them inaccessible to the user. Within a couple of a couple hours a simple click-fraud infection escalated to a crippling malware infection. Suddenly, that infected device became a high-risk priority.“
If there is one lesson to be learned from all of this: No malware is too small or “unimportant” to become really dangerous at some point.
The post Click-fraud evolved, and it has a plan appeared first on Avira Blog.
RHSA-2015:1196-1: Moderate: rh-postgresql94-postgresql security update
Red Hat Enterprise Linux: Updated rh-postgresql94-postgresql packages that fix three security issues
are now available for Red Hat Software Collections 2.
Red Hat Product Security has rated this update as having Moderate security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.
CVE-2015-3165, CVE-2015-3166, CVE-2015-3167
RHSA-2015:1195-1: Moderate: postgresql92-postgresql security update
Red Hat Enterprise Linux: Updated postgresql92-postgresql packages that fix three security issues
are now available for Red Hat Software Collections 2.
Red Hat Product Security has rated this update as having Moderate security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.
CVE-2015-3165, CVE-2015-3166, CVE-2015-3167
RHSA-2015:1194-1: Moderate: postgresql security update
Red Hat Enterprise Linux: Updated postgresql packages that fix three security issues are now
available for Red Hat Enterprise Linux 6 and 7.
Red Hat Product Security has rated this update as having Moderate
security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.
CVE-2015-3165, CVE-2015-3166, CVE-2015-3167
RHSA-2015:1193-1: Moderate: xerces-c security update
Red Hat Enterprise Linux: An updated xerces-c package that fixes one security issue is now available
for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having Moderate security
impact. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available from the CVE link in the
References section.
CVE-2015-0252
RHBA-2015:1192-1: openssl bug fix update
Red Hat Enterprise Linux: Updated openssl packages that fix one bug are now available for Red Hat
Enterprise Linux 7.
RHSA-2015:1197-1: Moderate: openssl security update
Red Hat Enterprise Linux: Updated openssl packages that fix three security issues are now available
for Red Hat Enterprise Linux 5.
Red Hat Product Security has rated this update as having Moderate security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.
CVE-2015-1789, CVE-2015-1790, CVE-2015-4000
USN-2657-1: unattended-upgrades vulnerability
Ubuntu Security Notice USN-2657-1
29th June, 2015
unattended-upgrades vulnerability
A security issue affects these releases of Ubuntu and its
derivatives:
- Ubuntu 15.04
- Ubuntu 14.10
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
Summary
An attacker could trick unattended-upgrades into installing altered
packages.
Software description
- unattended-upgrades
– automatic installation of security upgrades
Details
It was discovered that unattended-upgrades incorrectly performed
authentication checks in certain configurations. If a remote attacker were
able to perform a man-in-the-middle attack, this flaw could potentially be
used to install altered packages.
Update instructions
The problem can be corrected by updating your system to the following
package version:
- Ubuntu 15.04:
-
unattended-upgrades
0.83.6ubuntu1
- Ubuntu 14.10:
-
unattended-upgrades
0.82.8ubuntu0.3
- Ubuntu 14.04 LTS:
-
unattended-upgrades
0.82.1ubuntu2.3
- Ubuntu 12.04 LTS:
-
unattended-upgrades
0.76ubuntu1.1
To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.
In general, a standard system update will make all the necessary changes.