Law enforcement agencies from around the globe, aided by Microsoft security researchers, today announced the disruption of one of the most widely distributed malware families – Win32/Dorkbot.
The post News from the Dorkside: Dorkbot botnet disrupted appeared first on We Live Security.
3rd December, 2015
A security issue affects these releases of Ubuntu and its
derivatives:
Several security issues were fixed in the kernel.
It was discovered that the SCTP protocol implementation in the Linux kernel
performed an incorrect sequence of protocol-initialization steps. A local
attacker could use this to cause a denial of service (system crash).
(CVE-2015-5283)
Dmitry Vyukov discovered that the Linux kernel’s keyring handler attempted
to garbage collect incompletely instantiated keys. A local unprivileged
attacker could use this to cause a denial of service (system crash).
(CVE-2015-7872)
The problem can be corrected by updating your system to the following
package version:
To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed. If
you use linux-restricted-modules, you have to update that package as
well to get modules which work with the new kernel version. Unless you
manually uninstalled the standard kernel metapackages (e.g. linux-generic,
linux-server, linux-powerpc), a standard system upgrade will automatically
perform this as well.
3rd December, 2015
A security issue affects these releases of Ubuntu and its
derivatives:
Several security issues were fixed in OpenJDK 6.
Multiple vulnerabilities were discovered in the OpenJDK JRE related to
information disclosure, data integrity and availability. An attacker
could exploit these to cause a denial of service or expose sensitive
data over the network. (CVE-2015-4805, CVE-2015-4835, CVE-2015-4843,
CVE-2015-4844, CVE-2015-4860, CVE-2015-4881, CVE-2015-4883)
A vulnerability was discovered in the OpenJDK JRE related to
information disclosure and data integrity. An attacker could exploit
this to expose sensitive data over the network. (CVE-2015-4806)
A vulnerability was discovered in the OpenJDK JRE related to data
integrity. An attacker could exploit this expose sensitive data over
the network. (CVE-2015-4872)
Multiple vulnerabilities were discovered in the OpenJDK JRE related
to information disclosure. An attacker could exploit these to expose
sensitive data over the network. (CVE-2015-4734, CVE-2015-4842,
CVE-2015-4903)
Multiple vulnerabilities were discovered in the OpenJDK JRE related
to availability. An attacker could exploit these to cause a denial of
service. (CVE-2015-4803, CVE-2015-4893, CVE-2015-4911)
The problem can be corrected by updating your system to the following
package version:
To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.
This update uses a new upstream release, which includes additional
bug fixes. After a standard system update you need to restart any
Java applications or applets to make all the necessary changes.
3rd December, 2015
A security issue affects these releases of Ubuntu and its
derivatives:
Several security issues were fixed in QEMU.
Jason Wang discovered that QEMU incorrectly handled the virtio-net device.
A remote attacker could use this issue to cause guest network consumption,
resulting in a denial of service. (CVE-2015-7295)
Qinghao Tang and Ling Liu discovered that QEMU incorrectly handled the
pcnet driver when used in loopback mode. A malicious guest could use this
issue to cause a denial of service, or possibly execute arbitrary code on
the host as the user running the QEMU process. In the default installation,
when QEMU is used with libvirt, attackers would be isolated by the libvirt
AppArmor profile. (CVE-2015-7504)
Ling Liu and Jason Wang discovered that QEMU incorrectly handled the
pcnet driver. A remote attacker could use this issue to cause a denial of
service, or possibly execute arbitrary code on the host as the user running
the QEMU process. In the default installation, when QEMU is used with
libvirt, attackers would be isolated by the libvirt AppArmor profile.
(CVE-2015-7512)
Qinghao Tang discovered that QEMU incorrectly handled the eepro100 driver.
A malicious guest could use this issue to cause an infinite loop, leading
to a denial of service. (CVE-2015-8345)
The problem can be corrected by updating your system to the following
package version:
To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.
After a standard system update you need to restart all QEMU virtual
machines to make all the necessary changes.
The Debian build procedure for the smokeping package in wheezy before 2.6.8-2+deb7u1 and jessie before 2.6.9-1+deb8u1 does not properly configure the way Apache httpd passes arguments to smokeping_cgi, which allows remote attackers to execute arbitrary code via crafted CGI arguments.
Off-by-one error in the extracthalf function in dpkg-deb/extract.c in the dpkg-deb component in Debian dpkg 1.16.x before 1.16.17 and 1.17.x before 1.17.26 allows remote attackers to execute arbitrary code via the archive magic version number in an “old-style” Debian binary package, which triggers a stack-based buffer overflow.
CRLF injection vulnerability in the Ceph Object Gateway (aka radosgw or RGW) in Ceph before 0.94.4 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted bucket name.
The index_urlfetch function in index.c in Cyrus IMAP 2.3.x before 2.3.19, 2.4.x before 2.4.18, 2.5.x before 2.5.4 allows remote attackers to obtain sensitive information or possibly have unspecified other impact via vectors related to the urlfetch range, which triggers an out-of-bounds heap read.
Integer overflow in the index_urlfetch function in imap/index.c in Cyrus IMAP 2.3.19, 2.4.18, and 2.5.6 allows remote attackers to have unspecified impact via vectors related to urlfetch range checks and the start_octet variable. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-8076.
Integer overflow in the index_urlfetch function in imap/index.c in Cyrus IMAP 2.3.19, 2.4.18, and 2.5.6 allows remote attackers to have unspecified impact via vectors related to urlfetch range checks and the section_offset variable. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-8076.