FreeBSD Security Advisory – There are a number of denial of service issues in the ELF parser used by file(1). An attacker who can cause file(1) or any other applications using the libmagic(3) library to be run on a maliciously constructed input can cause the application to crash or consume excessive CPU resources, resulting in a denial-of-service.

K7Sentry.sys kernel mode driver version 12.8.0.104 suffers from a null pointer dereference vulnerability.

FreeBSD Security Advisory – A programming error in the standard I/O library’s __sflush() function could erroneously adjust the buffered stream’s internal state even when no write actually occurred in the case when write(2) system call returns an error. The accounting mismatch would accumulate, if the caller does not check for stream status and will eventually lead to a heap buffer overflow. Such overflows may lead to data corruption or the execution of arbitrary code at the privilege level of the calling program.

VMware Security Advisory 2014-0014 – AirWatch by VMware product update addresses information disclosure vulnerabilities.

It is possible for users of ICE-X supercomputers to gain access to backups of system configuration databases.

SGI Tempo systems expose a database password in the world readable /etc/odapw file.

/opt/sgi/sgimc/bin/vx, a setuid binary on SGI Tempo systems, allows for privilege escalation.

This bulletin summary lists one bulletin that has undergone a major revision increment for December, 2014.

Debian Linux Security Advisory 3095-1 – Ilja van Sprundel of IOActive discovered several security issues in the X.org X server, which may lead to privilege escalation or denial of service.

Ubuntu Security Notice 2438-1 – It was discovered that the NVIDIA graphics drivers incorrectly handled GLX indirect rendering support. An attacker able to connect to an X server, either locally or remotely, could use these issues to cause the X server to crash or execute arbitrary code resulting in possible privilege escalation.