This bulletin summary lists twelve released Microsoft security bulletins for September, 2015.
Monthly Archives: September 2015
Microsoft Security Bulletin Revision Increment For September, 2015
This bulletin summary lists one bulletin that has undergone a major revision increment for September, 2015.
CESA-2015:1741 Important CentOS 6 haproxySecurity Update
CentOS Errata and Security Advisory 2015:1741 Important Upstream details at : https://rhn.redhat.com/errata/RHSA-2015-1741.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: d4fc2abb0dfd295ca7c60bf84a21d21307764c65861003dd3802499585a42d93 haproxy-1.5.4-2.el6_7.1.i686.rpm x86_64: a5b21cea5b73ac1e468a5737fc034c6379c678baff3bd1f0cd175c2c1afef340 haproxy-1.5.4-2.el6_7.1.x86_64.rpm Source: a68d2f70f31ae1f411bcd557a17b03e4f000491d8bde3c642551b885844d655e haproxy-1.5.4-2.el6_7.1.src.rpm
RHSA-2015:1742-1: Moderate: subversion security update
Red Hat Enterprise Linux: Updated subversion packages that fix multiple security issues are now
available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having Moderate security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.
CVE-2015-0248, CVE-2015-0251, CVE-2015-3184, CVE-2015-3187
RHSA-2015:1741-1: Important: haproxy security update
Red Hat Enterprise Linux: An updated haproxy package that fixes one security issue is now available
for Red Hat Enterprise Linux 6 and 7.
Red Hat Product Security has rated this update as having Important security
impact. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available from the CVE link in the
References section.
CVE-2015-3281
RHBA-2015:1743-1: radvd bug fix update
Red Hat Enterprise Linux: Updated radvd packages that fix one bug are now available for Red Hat Enterprise
Linux 7.
Microsoft Patches Graphics Component Flaw Under Attack
Microsoft patched a vulnerability in its graphics component present in Windows, Office and Lync that has been publicly attacked,
TLS Implementations Vulnerable to RSA Key Leaks
A number of TLS software implementations contain vulnerabilities that allow hackers with minimal computational expense to learn RSA keys.
USN-2736-1: Spice vulnerability
Ubuntu Security Notice USN-2736-1
8th September, 2015
spice vulnerability
A security issue affects these releases of Ubuntu and its
derivatives:
- Ubuntu 15.04
- Ubuntu 14.04 LTS
Summary
Spice could be made to crash or run programs.
Software description
- spice
– SPICE protocol client and server library
Details
Frediano Ziglio discovered that Spice incorrectly handled monitor configs.
A malicious guest could use this issue to cause a denial of service, or
possibly execute arbitrary code on the host as the user running the QEMU
process. In the default installation, when QEMU is used with libvirt,
attackers would be isolated by the libvirt AppArmor profile.
Update instructions
The problem can be corrected by updating your system to the following
package version:
- Ubuntu 15.04:
-
libspice-server1
0.12.5-1ubuntu0.1
- Ubuntu 14.04 LTS:
-
libspice-server1
0.12.4-0nocelt2ubuntu1.1
To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.
After a standard system update you need to restart all QEMU virtual
machines using Spice to make the necessary changes.
References
Re: Integer overflow in .NET Framework System.DirectoryServices.Protocols.Utility class
Posted by Securify B.V. on Sep 08
Microsoft released MS15-101 that addresses this issue:
https://technet.microsoft.com/library/security/ms15-101