Ubuntu Security Notice 2744-1 – Halfdog discovered that Apport incorrectly handled kernel crash dump files. A local attacker could use this issue to cause a denial of service, or possibly elevate privileges. The default symlink protections for affected releases should reduce the vulnerability to a denial of service.
Monthly Archives: September 2015
Unified Layer Shell Upload
Due to a server misconfiguration, customers of Unified Layer suffer from a remote shell upload vulnerability.
Cisco Semiannual Security Advisory Bundle
Original release date: September 24, 2015
Cisco has released its semiannual IOS and IOS XE Software Security Advisory bundle to address multiple vulnerabilities. Exploitation of these vulnerabilities could allow a remote attacker to bypass user authentication or cause a denial-of-service condition.
US-CERT encourages users and administrators to review the Cisco Security Advisory and apply the necessary updates.
This product is provided subject to this Notification and this Privacy & Use policy.
Debian Security Advisory 3366-1
Debian Linux Security Advisory 3366-1 – A remotely triggerable use-after-free vulnerability was found in rpcbind, a server that converts RPC program numbers into universal addresses. A remote attacker can take advantage of this flaw to mount a denial of service (rpcbind crash).
BMC Remedy AR 8.1 / 9.0 File Inclusion
A file inclusion vulnerability in the “BIRT Engine” servlet used in BMC Remedy AR Reporting has been discovered. Versions 8.1 and 9.0 are affected.
Flowdock API Script Insertion
Flowdock API suffered from a script insertion vulnerability.