Monthly Archives: November 2015

Redhat

RHSA-2015:2068-1: Critical: nss, nss-util, and nspr security update

Red Hat Enterprise Linux: Updated nss, nss-util, and nspr packages that fix three security issues are
now available for Red Hat Enterprise Linux 6.2 and 6.4 Advanced Update
Support, and Red Hat Enterprise Linux 6.5 and 6.6 Extended Update Support.

Red Hat Product Security has rated this update as having Critical security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.
CVE-2015-7181, CVE-2015-7182, CVE-2015-7183

Ubuntu

USN-2813-1: LXCFS vulnerabilities

Ubuntu Security Notice USN-2813-1

17th November, 2015

lxcfs vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

  • Ubuntu 15.10
  • Ubuntu 15.04

Summary

Several security issues were fixed in LXCFS.

Software description

  • lxcfs
    – FUSE based filesystem for LXC

Details

It was discovered that LXCFS incorrectly enforced directory escapes. A
local attacker could use this issue to possibly escalate privileges.
(CVE-2015-1342)

It was discovered that LXCFS incorrectly checked certain permissions. A
local attacker could use this issue t possibly escalate privileges.
(CVE-2015-1344)

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 15.10:
lxcfs

0.10-0ubuntu2.1
Ubuntu 15.04:
lxcfs

0.7-0ubuntu4.1

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

References

CVE-2015-1342,

CVE-2015-1344

NVD

CVE-2015-6357 (firesight_system_software)

The rule-update feature in Cisco FireSIGHT Management Center (MC) 5.2 through 5.4.0.1 does not verify the X.509 certificate of the support.sourcefire.com SSL server, which allows man-in-the-middle attackers to spoof this server and provide an invalid package, and consequently execute arbitrary code, via a crafted certificate, aka Bug ID CSCuw06444.

Full Disclosure

Adobe Premiere Clip v1.1.1 iOS – (cid:x) Filter Bypass & Persistent Software Vulnerability

Posted by Vulnerability Lab on Nov 18

Document Title:
===============
Adobe Premiere Clip v1.1.1 iOS – (cid:x) Filter Bypass & Persistent Software Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1478

PSIRT ID: 3721

Video: http://www.vulnerability-lab.com/get_content.php?id=1479

Bulletin: https://helpx.adobe.com/security/products/premiereclip/apsb15-31.html

Acknowledgements:…

ESET

Fighting talk from Great Britain as it says it will hit back against internet attacks

British chancellor George Osborne has warned about the spectre of online terrorists attacking national infrastructure, and made some rather bold pronouncements about the UK’s willingness to engage in cyberwarfare to defend itself.

The post Fighting talk from Great Britain as it says it will hit back against internet attacks appeared first on We Live Security.

Security

Ubuntu Security Notice USN-2813-1

Ubuntu Security Notice 2813-1 – It was discovered that LXCFS incorrectly enforced directory escapes. A local attacker could use this issue to possibly escalate privileges. It was discovered that LXCFS incorrectly checked certain permissions. A local attacker could use this issue t possibly escalate privileges.