Red Hat Enterprise Linux: Updated ovirt-hosted-engine-ha packages that fix two bugs are now available.
Monthly Archives: September 2015
RHBA-2015:1711-1: selinux-policy bug fix update
Red Hat Enterprise Linux: An updated selinux-policy package that fixes one bug is now available for Red
Hat Enterprise Linux 6.
CVE-2015-1516
Cross-site scripting (XSS) vulnerability in Polycom RealPresence CloudAXIS Suite before 1.7.0 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
CVE-2015-4552
Cross-site scripting (XSS) vulnerability in the quick edit function in xmlhttp.php in MyBB (aka MyBulletinBoard) before 1.8.5 allows remote attackers to inject arbitrary web script or HTML via the content of a post.
CVE-2015-6545
Cross-site request forgery (CSRF) vulnerability in ajax.php in Cerb before 7.0.4 allows remote attackers to hijack the authentication of administrators for requests that add an administrator account via a saveWorkerPeek action.
Cisco Patches File Overwrite Bug in IMC Supervisor and UCS Director
Cisco has patched a remote file-overwrite vulnerability in a couple of its products that could allow an attacker to replace arbitrary files and cause target systems to become unstable. The vulnerability affects the Cisco Integrated Management Controlled Supervisor and UCS Director software. The company has fixed the bug in new versions of the software, 1.0.0.1 […]
USN-2728-1: Bind vulnerability
Ubuntu Security Notice USN-2728-1
2nd September, 2015
bind9 vulnerability
A security issue affects these releases of Ubuntu and its
derivatives:
- Ubuntu 15.04
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
Summary
Bind could be made to crash if it received specially crafted network
traffic.
Software description
- bind9
– Internet Domain Name Server
Details
Hanno Böck discovered that Bind incorrectly handled certain malformed keys
when configured to perform DNSSEC validation. A remote attacker could use
this issue with specially crafted zone data to cause Bind to crash,
resulting in a denial of service.
Update instructions
The problem can be corrected by updating your system to the following
package version:
- Ubuntu 15.04:
-
bind9
1:9.9.5.dfsg-9ubuntu0.3
- Ubuntu 14.04 LTS:
-
bind9
1:9.9.5.dfsg-3ubuntu0.5
- Ubuntu 12.04 LTS:
-
bind9
1:9.8.1.dfsg.P1-4ubuntu0.13
To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.
In general, a standard system update will make all the necessary changes.
References
USN-2729-1: libvdpau vulnerabilities
Ubuntu Security Notice USN-2729-1
3rd September, 2015
libvdpau vulnerabilities
A security issue affects these releases of Ubuntu and its
derivatives:
- Ubuntu 15.04
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
Summary
libvdpau could be made to run programs as an administrator.
Software description
- libvdpau
– Video Decode and Presentation API for Unix
Details
Florian Weimer discovered that libvdpau incorrectly handled certain
environment variables. A local attacker could possibly use this issue to
gain privileges.
Update instructions
The problem can be corrected by updating your system to the following
package version:
- Ubuntu 15.04:
-
libvdpau1
0.9-1ubuntu0.1
- Ubuntu 14.04 LTS:
-
libvdpau1
0.7-1ubuntu0.1
- Ubuntu 12.04 LTS:
-
libvdpau1
0.4.1-3ubuntu1.2
To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.
In general, a standard system update will make all the necessary changes.
References
USN-2730-1: OpenSLP vulnerabilities
Ubuntu Security Notice USN-2730-1
3rd September, 2015
openslp-dfsg vulnerabilities
A security issue affects these releases of Ubuntu and its
derivatives:
- Ubuntu 15.04
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
Summary
OpenSLP could be made to crash if it received specially crafted network
traffic.
Software description
- openslp-dfsg
– OpenSLP development files
Details
Georgi Geshev discovered that OpenSLP incorrectly handled processing
certain service requests. A remote attacker could possibly use this issue
to cause OpenSLP to crash, resulting in a denial of service. This issue
only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2012-4428)
Qinghao Tang discovered that OpenSLP incorrectly handled processing certain
messages. A remote attacker could possibly use this issue to cause
OpenSLP to crash, resulting in a denial of service. (CVE-2015-5177)
Update instructions
The problem can be corrected by updating your system to the following
package version:
- Ubuntu 15.04:
-
libslp1
1.2.1-10ubuntu0.1
- Ubuntu 14.04 LTS:
-
libslp1
1.2.1-9ubuntu0.2
- Ubuntu 12.04 LTS:
-
libslp1
1.2.1-7.8ubuntu1.1
To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.
In general, a standard system update will make all the necessary changes.
References
Cisco Releases Security Updates
Original release date: September 03, 2015
Cisco has released security updates to address vulnerabilities in its Integrated Management Controller (IMC) Supervisor, and the UCS Director (formally known as Cloupia Unified Infrastructure Controller). Exploitation of these vulnerabilities may allow a remote attacker to gain unauthorized access, or cause a denial-of-service condition.
US-CERT encourages users and administrators to review the Cisco Security Advisory, and apply the necessary updates.
This product is provided subject to this Notification and this Privacy & Use policy.