Apple Security Advisory 2015-09-30-02 – Safari 9 is now available and addresses spoofing, communication compromise, and various other vulnerabilities.

Apple Security Advisory 2015-09-30-01 – iOS 9.0.2 is now available and addresses a lock screen vulnerability.

This bulletin summary lists three bulletins that have undergone a major revision increment for September, 2015.

MakeSFX.exe version 1.44 suffers from stack-based buffer overflow vulnerability.

Apache James Server version 2.3.2 suffers from an arbitrary command execution vulnerability.

Proof of concept code that demonstrates a path traversal vulnerability in ElasticSearch that allows for arbitrary file disclosure.

The setuid root FinderLoadBundle that was included in older DropboxHelperTools versions for OS X allows loading of dynamically linked shared libraries that are residing in the same directory. The directory in which FinderLoadBundle is located is owned by root and that prevents placing arbitrary files there. But creating a hard link from FinderLoadBundle to somewhere in a directory in /tmp circumvents that protection thus making it possible to load a shared library containing a payload which creates a root shell.

Red Hat Security Advisory 2015-1852-01 – Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. Two information leak flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to disclose sensitive information or, in certain cases, crash.

WinRAR suffers from an expired notification OLE remote command execution vulnerability.

HP Security Bulletin HPSBST03502 1 – A potential security vulnerability has been identified in HP 3PAR Service Processor (SP) SPOCC. The vulnerability could be exploited to allow remote disclosure of information. Revision 1 of this advisory.