Severity Rating: Important
Revision Note: V1.0 (January 13, 2015): V1.0 (January 13, 2015): Bulletin published.
Summary: This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker convinces a user to run a specially crafted application. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
MS15-001 – Important: Vulnerability in Windows Application Compatibility Cache Could Allow Elevation of Privilege (3023266) – Version: 1.0
Severity Rating: Important
Revision Note: V1.0 (January 13, 2015): V1.0 (January 13, 2015): Bulletin published.
Summary: This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker logs on to a system and runs a specially crafted application. An authenticated attacker who successfully exploited this vulnerability could bypass existing permission checks that are performed during cache modification in the Microsoft Windows Application Compatibility component and execute arbitrary code with elevated privileges.
MDVA-2015:002: mariadb
This is a maintenance and bugfix release that upgrades MariaDB to
the latest 5.5.41 version which resolves various upstream bugs.
MDVSA-2015:022: wireshark
Updated wireshark packages fix security vulnerabilities:
The DEC DNA Routing Protocol dissector could crash (CVE-2015-0562).
The SMTP dissector could crash (CVE-2015-0563).
Wireshark could crash while decypting TLS/SSL sessions (CVE-2015-0564).
MDVSA-2015:021: curl
Updated curl packages fix security vulnerability:
When libcurl sends a request to a server via a HTTP proxy, it copies
the entire URL into the request and sends if off. If the given URL
contains line feeds and carriage returns those will be sent along to
the proxy too, which allows the program to for example send a separate
HTTP request injected embedded in the URL (CVE-2014-8150).
MDVSA-2015:020: libssh
Updated libssh packages fix security vulnerability:
Double free vulnerability in the ssh_packet_kexinit function in kex.c
in libssh 0.5.x and 0.6.x before 0.6.4 allows remote attackers to
cause a denial of service via a crafted kexinit packet (CVE-2014-8132).
RHSA-2015:0036-1: Important: condor security update
Red Hat Enterprise Linux: Updated condor packages that fix one security issue are now available for
Red Hat Enterprise MRG 2.5 for Red Hat Enterprise Linux 5.
Red Hat Product Security has rated this update as having Important security
impact. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available from the CVE link in the
References section.
CVE-2014-8126
RHSA-2015:0035-1: Important: condor security update
Red Hat Enterprise Linux: Updated condor packages that fix one security issue are now available for
Red Hat Enterprise MRG 2.5 for Red Hat Enterprise Linux 6.
Red Hat Product Security has rated this update as having Important security
impact. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available from the CVE link in the
References section.
CVE-2014-8126
RHSA-2015:0033-1: Moderate: Red Hat Satellite 5.7.0 General Availability
RHN Satellite and Proxy: Red Hat Satellite 5.7.0 is now available. Updated packages that fix two
security issues, several bugs, and add various enhancements are now
available for Red Hat Satellite 5.
Red Hat Product Security has rated this update as having Moderate security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.
CVE-2014-7811, CVE-2014-7812
RHEA-2015:0032-1: Red Hat Satellite 5.7.0 Upgrade
RHN Satellite and Proxy: This is the upgrade component to the Red Hat Satellite 5.7.0 General
Availability release.