Monthly Archives: September 2015

CentOS

CEBA-2015:1831 CentOS 6 dovecot BugFix Update

CentOS Errata and Bugfix Advisory 2015:1831 

Upstream details at : https://rhn.redhat.com/errata/RHBA-2015-1831.html

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( sha256sum Filename ) 

i386:
971d2c83179505af4521a9c962924c34a1b20df3ed39b8e036c7c14993e6d475  dovecot-2.0.9-19.el6_7.2.i686.rpm
d7c19807bd0fc080533987460a9dc2753c5c0249c1173ac778b11aeffc315715  dovecot-devel-2.0.9-19.el6_7.2.i686.rpm
d774b01db2ed7884b4ab29ae8d2da72e8ac3286aeea767ef4e475e56dafa8cd7  dovecot-mysql-2.0.9-19.el6_7.2.i686.rpm
1256c5af224d0aa49dd16993bc11ca25748c7bb4fa0dbe957ca36507cb4bc319  dovecot-pgsql-2.0.9-19.el6_7.2.i686.rpm
3a3d3afde4ac8d56240b42a87405f7c345ee3ae138b6923b233e2f8b3be0d29c  dovecot-pigeonhole-2.0.9-19.el6_7.2.i686.rpm

x86_64:
971d2c83179505af4521a9c962924c34a1b20df3ed39b8e036c7c14993e6d475  dovecot-2.0.9-19.el6_7.2.i686.rpm
07e768a1327a879925edaf8a0f184b68bc95438acbad90ec294555b0406dc49c  dovecot-2.0.9-19.el6_7.2.x86_64.rpm
cf97e2b0fd95821c733cafeb15a7daf55f9ca3dd286f49312f100f01a1624311  dovecot-devel-2.0.9-19.el6_7.2.x86_64.rpm
c2a2f4129974af512d0f1d6a74cc409313f393d502fc1ca86c3fd366ce99b9c7  dovecot-mysql-2.0.9-19.el6_7.2.x86_64.rpm
176b94fc8f68716f052c9b89532b22b37493bb227bd74d1ac8e80f8c50f77fa3  dovecot-pgsql-2.0.9-19.el6_7.2.x86_64.rpm
0471d01f64fdb944604c35c6d8c40881dde14a7359a27b0e36cc6185b7c17a19  dovecot-pigeonhole-2.0.9-19.el6_7.2.x86_64.rpm

Source:
a2c15b3a4b9ffeaefb65a5bbb6147fc71c7d9ec7df30eee8c2f3abf0ef6bba88  dovecot-2.0.9-19.el6_7.2.src.rpm
CentOS

CEBA-2015:1820 CentOS 6 rng-tools BugFix Update

CentOS Errata and Bugfix Advisory 2015:1820 

Upstream details at : https://rhn.redhat.com/errata/RHBA-2015-1820.html

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( sha256sum Filename ) 

i386:
a2da454db80ffb5bcea67a0cd214c76a5fff24b82ffb845c53f4cb3490687c8e  rng-tools-5-2.el6_7.i686.rpm

x86_64:
8267cfdbd75a8ea989e357def0483e2ce36ecccdd99b58e97fc82e6fc6c3c9e8  rng-tools-5-2.el6_7.x86_64.rpm

Source:
92cbbaac74a8429a70b8b451b72cb446a8e448456a406dc1a5d2603dd137c32f  rng-tools-5-2.el6_7.src.rpm
CentOS

CEBA-2015:1815 CentOS 6 texlive-texmf BugFixUpdate

CentOS Errata and Bugfix Advisory 2015:1815 

Upstream details at : https://rhn.redhat.com/errata/RHBA-2015-1815.html

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( sha256sum Filename ) 

i386:
1b0e542c98506f21fc94f5adb0db649ec9d385268871be2741a43bc29d72b124  texlive-texmf-2007-39.el6_7.noarch.rpm
e050fd12da933721f6d6e390b5d8c976cb24b31f445c7d4a2d716726ddf20734  texlive-texmf-afm-2007-39.el6_7.noarch.rpm
15fc68033a0fceef6ef873256b32727a9aac21467e2b817166ddb701e3500066  texlive-texmf-context-2007-39.el6_7.noarch.rpm
094bd1249d48d4c3571d390f5b1ed9478b3a54cf9dab9a0b426476469eb42791  texlive-texmf-doc-2007-39.el6_7.noarch.rpm
b4de7e1552eedf3342a1de7df23408b417bdfe31e906b4419a24bcac7994ff8e  texlive-texmf-dvips-2007-39.el6_7.noarch.rpm
7f03e73eafd8933b432f8c09e3bdd186e51dfa274f97db8e5e8a33adfa969445  texlive-texmf-east-asian-2007-39.el6_7.noarch.rpm
5d5c3f393175e94c95a9c802224ea349a8ce2a8260a25eab923afdccf02118da  texlive-texmf-fonts-2007-39.el6_7.noarch.rpm
1da5d6d4ab2e725b726520826de1d30b3227363c89aafb1468aebd0949c55811  texlive-texmf-latex-2007-39.el6_7.noarch.rpm
14f278c8cdfb3cb71673ea1bc4a286c80d33f92730aff2de57ec57c72c6f3d31  texlive-texmf-xetex-2007-39.el6_7.noarch.rpm

x86_64:
1b0e542c98506f21fc94f5adb0db649ec9d385268871be2741a43bc29d72b124  texlive-texmf-2007-39.el6_7.noarch.rpm
e050fd12da933721f6d6e390b5d8c976cb24b31f445c7d4a2d716726ddf20734  texlive-texmf-afm-2007-39.el6_7.noarch.rpm
15fc68033a0fceef6ef873256b32727a9aac21467e2b817166ddb701e3500066  texlive-texmf-context-2007-39.el6_7.noarch.rpm
094bd1249d48d4c3571d390f5b1ed9478b3a54cf9dab9a0b426476469eb42791  texlive-texmf-doc-2007-39.el6_7.noarch.rpm
b4de7e1552eedf3342a1de7df23408b417bdfe31e906b4419a24bcac7994ff8e  texlive-texmf-dvips-2007-39.el6_7.noarch.rpm
7f03e73eafd8933b432f8c09e3bdd186e51dfa274f97db8e5e8a33adfa969445  texlive-texmf-east-asian-2007-39.el6_7.noarch.rpm
5d5c3f393175e94c95a9c802224ea349a8ce2a8260a25eab923afdccf02118da  texlive-texmf-fonts-2007-39.el6_7.noarch.rpm
1da5d6d4ab2e725b726520826de1d30b3227363c89aafb1468aebd0949c55811  texlive-texmf-latex-2007-39.el6_7.noarch.rpm
14f278c8cdfb3cb71673ea1bc4a286c80d33f92730aff2de57ec57c72c6f3d31  texlive-texmf-xetex-2007-39.el6_7.noarch.rpm

Source:
62f593f61296ec657403a64903fba2fafe8c2cc1d14ade4321c66f366aeba72e  texlive-texmf-2007-39.el6_7.src.rpm
CentOS

CEBA-2015:1816 CentOS 6 389-ds-base BugFix Update

CentOS Errata and Bugfix Advisory 2015:1816 

Upstream details at : https://rhn.redhat.com/errata/RHBA-2015-1816.html

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( sha256sum Filename ) 

i386:
35e92106ef927687dfb26f699e35d28f1eab28f177e20b40a4d6477071c76f78  389-ds-base-1.2.11.15-62.el6_7.i686.rpm
543b9408f084b12b0b24c3c833ca215f0fa7327b4e6ec398e6ed3c4e0de7a5a6  389-ds-base-devel-1.2.11.15-62.el6_7.i686.rpm
2fc088aed433fc6359a7823022e40b6d0ae9209eecdc482bc42afe54fa85d0e6  389-ds-base-libs-1.2.11.15-62.el6_7.i686.rpm

x86_64:
99e6cdba8086f608248821afdafbf9f9052e9dab92d37ae9fd327f426a09e576  389-ds-base-1.2.11.15-62.el6_7.x86_64.rpm
543b9408f084b12b0b24c3c833ca215f0fa7327b4e6ec398e6ed3c4e0de7a5a6  389-ds-base-devel-1.2.11.15-62.el6_7.i686.rpm
f29d2d5082c7f1c7410e145ab17dbb6d7d337689cf38b9b39af7e84094311b69  389-ds-base-devel-1.2.11.15-62.el6_7.x86_64.rpm
2fc088aed433fc6359a7823022e40b6d0ae9209eecdc482bc42afe54fa85d0e6  389-ds-base-libs-1.2.11.15-62.el6_7.i686.rpm
599b8e294522ac2ce7dccf170b301a23edc05cfaacdc652077f13bb605130d44  389-ds-base-libs-1.2.11.15-62.el6_7.x86_64.rpm

Source:
ce7a4339c0810c543914356a44abb42f0b05ab8961e30054c5150dc3664eb12f  389-ds-base-1.2.11.15-62.el6_7.src.rpm
Full Disclosure

[Onapsis Security Advisory 2015-013] SAP Business Objects Memory Corruption

Posted by Onapsis Research Team on Sep 22

Onapsis Security Advisory 2015-013: SAP Business Objects Memory Corruption

1. Impact on Business
=====================

By exploiting this vulnerability an unauthenticated attacker could read or
write
any business-relevant information from the Business Intelligence Platform
and also
render the system unavailable to other users.

Risk Level: High

2. Advisory Information
=======================

* Public Release Date: 09/22/2015
* Last Revised:…

Full Disclosure

Cisco AnyConnect elevation of privileges via DLL side loading

Posted by Securify B.V. on Sep 22

————————————————————————
Cisco AnyConnect elevation of privileges via DLL side loading
————————————————————————
Yorick Koster, June 2015

————————————————————————
Abstract
————————————————————————
Cisco AnyConnect Secure Mobility Client for Windows is…

NVD

CVE-2015-6940

The GetResource servlet in Pentaho Business Analytics (BA) Suite 4.5.x, 4.8.x, and 5.0.x through 5.2.x and Pentaho Data Integration (PDI) Suite 4.3.x, 4.4.x, and 5.0.x through 5.2.x does not restrict access to files in the pentaho-solutions/system folder, which allows remote attackers to obtain passwords and other sensitive information via a file name in the resource parameter.

NVD

CVE-2015-7309

The theme editor in Bolt before 2.2.5 does not check the file extension when renaming files, which allows remote authenticated users to execute arbitrary code by renaming a crafted file and then directly accessing it.

NVD

CVE-2015-7310

McAfee Enterprise Security Manager (ESM), Enterprise Security Manager/Log Manager (ESMLM), and Enterprise Security Manager/Receiver (ESMREC) before 9.3.2MR18, 9.4.x before 9.4.2MR8, and 9.5.x before 9.5.0MR7 allow remote authenticated users to execute arbitrary OS commands via a crafted filename, which is not properly handled when downloading the file.