security update to oracle CPU july 2015 – http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
Monthly Archives: July 2015
Fedora 22 Security Update: java-1.8.0-openjdk-1.8.0.51-4.b16.fc22
security update to oracle CPU july 2015 – http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
Fedora 21 Security Update: drupal7-path_breadcrumbs-3.3-1.fc21
Resolved Bugs
1243614 – drupal7-path_breadcrumbs-3.3 is available<br
## 7.x-3.3
See [SA-CONTRIB-2015-133](https://www.drupal.org/node/2533926)
* New token `%site:current-page:path-menu-trail:pb-join:*` is an alternative approach to build breadcrumbs based on path hierarchy.
* Fixed #2473109: Destination parameter is present but doesn’t work during editing breadcrumb
* Other improvements and fixes.
CESA-2015:1455 Important CentOS 5 thunderbirdSecurity Update
CentOS Errata and Security Advisory 2015:1455 Important Upstream details at : https://rhn.redhat.com/errata/RHSA-2015-1455.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: 71e13945aaa34415a1489d6be98d36579dfc2d7c4ed433128175375d9e60d9e3 thunderbird-31.8.0-1.el5.centos.i386.rpm x86_64: 6f9f03fef1a9676b20f6ec08e3bff07cc5c5e45bc115a93575ae4b7226c25ef2 thunderbird-31.8.0-1.el5.centos.x86_64.rpm Source: 97adedeb5fcdffe9817e3778ac332822e61b60f7041e18bed49d91e79d0506e1 thunderbird-31.8.0-1.el5.centos.src.rpm
Vuln: Oracle Java SE CVE-2015-0403 Local Java SE Vulnerability
Oracle Java SE CVE-2015-0403 Local Java SE Vulnerability
CVE-2015-0253
The read_request_line function in server/protocol.c in the Apache HTTP Server 2.4.12 does not initialize the protocol structure member, which allows remote attackers to cause a denial of service (NULL pointer dereference and process crash) by sending a request that lacks a method to an installation that enables the INCLUDES filter and has an ErrorDocument 400 directive specifying a local URI.
CVE-2015-2862
Directory traversal vulnerability in Kaseya Virtual System Administrator (VSA) 7.x before 7.0.0.29, 8.x before 8.0.0.18, 9.0 before 9.0.0.14, and 9.1 before 9.1.0.4 allows remote authenticated users to read arbitrary files via a crafted HTTP request.
CVE-2015-2863
Open redirect vulnerability in Kaseya Virtual System Administrator (VSA) 7.x before 7.0.0.29, 8.x before 8.0.0.18, 9.0 before 9.0.0.14, and 9.1 before 9.1.0.4 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
CVE-2015-3183
The chunked transfer coding implementation in the Apache HTTP Server before 2.4.14 does not properly parse chunk headers, which allows remote attackers to conduct HTTP request smuggling attacks via a crafted request, related to mishandling of large chunk-size values and invalid chunk-extension characters in modules/http/http_filters.c.
CVE-2015-3185
The ap_some_auth_required function in server/request.c in the Apache HTTP Server 2.4.x before 2.4.14 does not consider that a Require directive may be associated with an authorization setting rather than an authentication setting, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging the presence of a module that relies on the 2.2 API behavior.