FreeBSD Security Advisory – There are a number of denial of service issues in the ELF parser used by file(1). An attacker who can cause file(1) or any other applications using the libmagic(3) library to be run on a maliciously constructed input can cause the application to crash or consume excessive CPU resources, resulting in a denial-of-service.
K7 Computing Multiple Products Null Pointer Dereference
K7Sentry.sys kernel mode driver version 12.8.0.104 suffers from a null pointer dereference vulnerability.
FreeBSD Security Advisory – stdio Buffer Overflow
FreeBSD Security Advisory – A programming error in the standard I/O library’s __sflush() function could erroneously adjust the buffered stream’s internal state even when no write actually occurred in the case when write(2) system call returns an error. The accounting mismatch would accumulate, if the caller does not check for stream status and will eventually lead to a heap buffer overflow. Such overflows may lead to data corruption or the execution of arbitrary code at the privilege level of the calling program.
VMware Security Advisory 2014-0014
VMware Security Advisory 2014-0014 – AirWatch by VMware product update addresses information disclosure vulnerabilities.
SGI Tempo Database Exposure
It is possible for users of ICE-X supercomputers to gain access to backups of system configuration databases.
SGI Tempo Database Password Disclosure
SGI Tempo systems expose a database password in the world readable /etc/odapw file.
SGI Tempo vx Setuid Privilege Escalation
/opt/sgi/sgimc/bin/vx, a setuid binary on SGI Tempo systems, allows for privilege escalation.
Microsoft Security Bulletin Revision Increment For December, 2014
This bulletin summary lists one bulletin that has undergone a major revision increment for December, 2014.
Debian Security Advisory 3095-1
Debian Linux Security Advisory 3095-1 – Ilja van Sprundel of IOActive discovered several security issues in the X.org X server, which may lead to privilege escalation or denial of service.
Ubuntu Security Notice USN-2438-1
Ubuntu Security Notice 2438-1 – It was discovered that the NVIDIA graphics drivers incorrectly handled GLX indirect rendering support. An attacker able to connect to an X server, either locally or remotely, could use these issues to cause the X server to crash or execute arbitrary code resulting in possible privilege escalation.