Posted by Matteo Beccati on Oct 08
========================================================================
Revive Adserver Security Advisory REVIVE-SA-2015-001
========================================================================
http://www.revive-adserver.com/security/revive-sa-2015-001
========================================================================
CVE-IDs: CVE-2015-7364, CVE-2015-7365, CVE-2015-7366,…
Posted by Alexandre Herzog on Oct 08
Hi Joe,
Thanks for your feedback. Daniel, who discovered the issue and liaised with Netgear to get the issue patched, is in CC
of this email.
Would you mind to share some further details? This may help putting pressure on Netgear to release the patch they
actually developed beginning of September (!) but did not yet publish…
Thanks,
Alexandre
From: Joe G [mailto:joseph.giron13 () gmail com]
Sent: Dienstag, 6. Oktober 2015 19:02
To:…
Re: Local RedHat Enterprise Linux DoS â?? RHEL 7.1 Kernel crashes on invalid USB device descriptors (usbvision driver)
Advanced Information Security Corporation, Security Advisory (MYSQL v5.6.24 Buffer Overflows)
[REVIVE-SA-2015-001] Revive Adserver – Multiple vulnerabilities
Advanced Information Security Corporation, Security Advisory (Oracle’s MYSQL v5.6.24 Latest – Buffer Overflows) Repost
Red Hat Enterprise Linux: Updated tzdata packages that add various enhancements are now available for Red
Hat Enterprise Linux 4 Extended Life Cycle Support, Red Hat Enterprise Linux 5.6
Long Life, Red Hat Enterprise Linux 5.11, Red Hat Enterprise Linux 5.9 Advanced
Update Support, Red Hat Enterprise Linux 6.2 Advanced Update Support, Red Hat
Enterprise Linux 6.4 Extended Update Support, Red Hat Enterprise Linux 6.5
Extended Update Support, Red Hat Enterprise Linux 6.6 Extended Update Support,
Red Hat Enterprise Linux 6.7, Red Hat Enterprise Linux 7.1, and Red Hat
Enterprise Linux 7.1 Little Endian.
Red Hat Enterprise Linux: Updated Red Hat Enterprise MRG Realtime packages that add one enhancement are
now available for Red Hat Enterprise MRG 2.5.
6th October, 2015
A security issue affects these releases of Ubuntu and its
derivatives:
Spice could be made to crash or run programs.
Frediano Ziglio discovered multiple buffer overflows, undefined behavior
signed integer operations, race conditions, memory leaks, and denial
of service issues in Spice. A malicious guest operating system could
potentially exploit these issues to escape virtualization. (CVE-2015-5260,
CVE-2015-5261)
The problem can be corrected by updating your system to the following
package version:
To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.
After a standard system update you need to restart qemu guests to make
all the necessary changes.