Monthly Archives: August 2015

Redhat

RHSA-2015:1629-1: Moderate: mysql55-mysql security update

Red Hat Enterprise Linux: Updated mysql55-mysql packages that fix several security issues are now
available for Red Hat Software Collections 2.

Red Hat Product Security has rated this update as having Moderate security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.
CVE-2015-0433, CVE-2015-0441, CVE-2015-0499, CVE-2015-0501, CVE-2015-0505, CVE-2015-2568, CVE-2015-2571, CVE-2015-2573, CVE-2015-2582, CVE-2015-2620, CVE-2015-2643, CVE-2015-2648, CVE-2015-4737, CVE-2015-4752, CVE-2015-4757

Redhat

RHSA-2015:1628-1: Moderate: mysql55-mysql security update

Red Hat Enterprise Linux: Updated mysql55-mysql packages that fix several security issues are now
available for Red Hat Enterprise Linux 5.

Red Hat Product Security has rated this update as having Moderate security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.
CVE-2014-6568, CVE-2015-0374, CVE-2015-0381, CVE-2015-0382, CVE-2015-0391, CVE-2015-0411, CVE-2015-0432, CVE-2015-0433, CVE-2015-0441, CVE-2015-0499, CVE-2015-0501, CVE-2015-0505, CVE-2015-2568, CVE-2015-2571, CVE-2015-2573, CVE-2015-2582, CVE-2015-2620, CVE-2015-2643, CVE-2015-2648, CVE-2015-4737, CVE-2015-4752, CVE-2015-4757

Redhat

RHSA-2015:1627-1: Moderate: glibc security update

Red Hat Enterprise Linux: Updated glibc packages that fix one security issue are now available for
Red Hat Linux 5.

Red Hat Product Security has rated this update as having Moderate security
impact. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available from the CVE link in the
References section.
CVE-2013-7424

NVD

CVE-2014-9743

Cross-site scripting (XSS) vulnerability in the httpd_HtmlError function in network/httpd.c in the web interface in VideoLAN VLC Media Player before 2.2.0 allows remote attackers to inject arbitrary web script or HTML via the path info.

NVD

CVE-2015-5531

Directory traversal vulnerability in Elasticsearch before 1.6.1 allows remote attackers to read arbitrary files via unspecified vectors related to snapshot API calls.

Full Disclosure

Weak authentication in EMC Secure Remote Services Virtual Edition Web Portal

Posted by Securify B.V. on Aug 17

————————————————————————
Weak authentication in EMC Secure Remote Services Virtual Edition Web
Portal
————————————————————————
Han Sahin, November 2014

————————————————————————
Abstract
————————————————————————
It was discovered that the session tokens in…

Full Disclosure

Insufficient certificate validation in EMC Secure Remote Services Virtual Edition

Posted by Securify B.V. on Aug 17

————————————————————————
Insufficient certificate validation in EMC Secure Remote Services
Virtual Edition
————————————————————————
Han Sahin, November 2014

————————————————————————
Abstract
————————————————————————
It was discovered that the server…

CentOS

CEBA-2015:1632 CentOS 7 phonon FASTTRACK BugFixUpdate

CentOS Errata and Bugfix Advisory 2015:1632 

Upstream details at : https://rhn.redhat.com/errata/RHBA-2015-1632.html

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( sha256sum Filename ) 

x86_64:
4cceea60898401dcdba81583d55428086db321d3f4bfcf47c4cb7116570381a2  phonon-4.6.0-10.el7.i686.rpm
8d5f8bd96d61d85323a44bd10c4286c8079499b2982a6cc9ad82f4d2941fee6c  phonon-4.6.0-10.el7.x86_64.rpm
3711bbd2ff3a00eafac297b6fdfb824c20ccae76170243d2e1e809b85929a526  phonon-devel-4.6.0-10.el7.i686.rpm
a2b8ae163fa19e1026c88d93e027bd0ad4e5d8e76d098470ed88678ef03304bd  phonon-devel-4.6.0-10.el7.x86_64.rpm

Source:
1604fc0ab643342bc2cb3466a7ef974958a3e75ed670093c770cdd3f21574c64  phonon-4.6.0-10.el7.src.rpm
Security

Red Hat Security Advisory 2015-1635-01

Red Hat Security Advisory 2015-1635-01 – SQLite is a C library that implements an SQL database engine. A large subset of SQL92 is supported. A complete database is stored in a single disk file. The API is designed for convenience and ease of use. Applications that link against SQLite can enjoy the power and flexibility of an SQL database without the administrative hassles of supporting a separate database server. A flaw was found in the way SQLite handled dequoting of collation-sequence names. A local attacker could submit a specially crafted COLLATE statement that would crash the SQLite process, or have other unspecified impacts.