Monthly Archives: October 2014

Full Disclosure

CVE-2014-7180 – ElectricCommander Local Privilege Escalation

Posted by Sean Wright on Oct 23

Classification: //Dell SecureWorks/Confidential – Limited External
Distribution:

############################################################################
######
# * Title: ElectricCommander Local Privilege Escalation
# * Advisory ID: SWRX-2014-010
# * Advisory
URL: http://www.secureworks.com/cyber-threat-intelligence/advisories/SWRX-20
14-010/
# * Date published: Wednesday, October 22, 2014
# * CVE: CVE-2014-7180
# * CVSS v2 base…

CentOS

CEBA-2014:1701 CentOS 7 systemd BugFix Update

CentOS Errata and Bugfix Advisory 2014:1701 

Upstream details at : https://rhn.redhat.com/errata/RHBA-2014-1701.html

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( sha256sum Filename ) 

x86_64:
47e2ae858a3ad8f46593faab1d8213d33aaa6b327acb4dc2890bade41cb151a4  libgudev1-208-11.el7_0.4.i686.rpm
ae05177c20bc9cfa1e772f32550fb3164be94573f018c1c3898a6a5e68193678  libgudev1-208-11.el7_0.4.x86_64.rpm
bd0ac9e271e3b926d44dae75d54c1d23668ecd3a5da70ae2130d9f09ccb7b820  libgudev1-devel-208-11.el7_0.4.i686.rpm
b0b3cf5fbe41bbbfb0b68eafdccf23e4783f61893e1432f6ff3ce3fc8fc425b4  libgudev1-devel-208-11.el7_0.4.x86_64.rpm
cde27c553e96c27edc123099365d12d67d66f2c2028f3b919c59f95a32eaf87b  systemd-208-11.el7_0.4.x86_64.rpm
1bb2412e0b7318d14ecc0b4c5a05e1f12c7e1532cbbed1267bccc89175918b77  systemd-devel-208-11.el7_0.4.i686.rpm
c3a1ccd0d2d8f917369fbeb5285f12075e6d9601cd22d86da59263eb0429b0b3  systemd-devel-208-11.el7_0.4.x86_64.rpm
368c32eb6b38e2892c2b8827be7a6992b0693a3c0b27adb8c2b2b1d5b7d328fa  systemd-journal-gateway-208-11.el7_0.4.x86_64.rpm
b70041d37d2e19bba37f04da50be9693a4fe535c15d6b91aa04fefce8912adad  systemd-libs-208-11.el7_0.4.i686.rpm
83178f01c882d4e84e339a0b162f0bab008cb143199ab7f4d052a289a299933b  systemd-libs-208-11.el7_0.4.x86_64.rpm
b7205eb655a08171cb6ab1b7a2ffc3675146603734647cefd906fdb987e68336  systemd-python-208-11.el7_0.4.x86_64.rpm
1088daf08db228a9534c3f5ee4cf56b1761cc1033495b227b6606570ad0de3b5  systemd-sysv-208-11.el7_0.4.x86_64.rpm

Source:
fade2f982be47395fbc6d17a6aea3b036bd6306cd8844a449569d3575a22d356  systemd-208-11.el7_0.4.src.rpm
CentOS

CEBA-2014:1698 CentOS 7 kexec-tools BugFix Update

CentOS Errata and Bugfix Advisory 2014:1698 

Upstream details at : https://rhn.redhat.com/errata/RHBA-2014-1698.html

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( sha256sum Filename ) 

x86_64:
fd3ba6ad69239b25013b7345f2522c584a56cefb67d308c355a40e1775e4f336  kexec-tools-2.0.4-32.el7.centos.5.x86_64.rpm
f93f8c9bc1e6bd2cf552d7170db9941eebe66e0b9c28da4c30a3af3363a3b792  kexec-tools-eppic-2.0.4-32.el7.centos.5.x86_64.rpm

Source:
c3410cc99a649aad6c8acb5ea9cd7ac069a908151462384acf3c4423b82d987a  kexec-tools-2.0.4-32.el7.centos.5.src.rpm
CentOS

CEBA-2014:1679 CentOS 7 perl-Authen-SASLFASTTRACK BugFix Update

CentOS Errata and Bugfix Advisory 2014:1679 

Upstream details at : https://rhn.redhat.com/errata/RHBA-2014-1679.html

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( sha256sum Filename ) 

x86_64:
1c0de42b7e9c425bbe61b7ebf40c18881c3d08a61d2bb02dcb9cab89c2aebc49  perl-Authen-SASL-2.15-10.el7.noarch.rpm

Source:
0a45c8765d2a5b8a5c76604aab4f810c45d630b5a8406d2e51b3d5ae1b734eb1  perl-Authen-SASL-2.15-10.el7.src.rpm
CentOS

CEBA-2014:1681 CentOS 7 mgetty FASTTRACK BugFixUpdate

CentOS Errata and Bugfix Advisory 2014:1681 

Upstream details at : https://rhn.redhat.com/errata/RHBA-2014-1681.html

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( sha256sum Filename ) 

x86_64:
332062d7298e7edaaf4d0ce1698c4bec4cc09c11dc37afdae4803a753eac7416  mgetty-1.1.36-28.el7.x86_64.rpm
018a513a4699cdebee014c191558f6cb4f98261cac829d7f6c1aa434027b90b2  mgetty-sendfax-1.1.36-28.el7.x86_64.rpm
acecec45586002eec6e8385a876a79c79bd74e66c52eb4095bbca64d41640878  mgetty-viewfax-1.1.36-28.el7.x86_64.rpm
4b2673228520e9ecfbcbf8c51d260e2ad976169b6e04012e9d21b0fdee60e413  mgetty-voice-1.1.36-28.el7.x86_64.rpm

Source:
f3223be0272301efdc6ff4fa1b508dae5fc6c05334d83506bf9cc6b20e555dde  mgetty-1.1.36-28.el7.src.rpm
CentOS

CEBA-2014:1700 CentOS 7 rsh FASTTRACK BugFixUpdate

CentOS Errata and Bugfix Advisory 2014:1700 

Upstream details at : https://rhn.redhat.com/errata/RHBA-2014-1700.html

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( sha256sum Filename ) 

x86_64:
cfb6a5f750485d0e34be98cc3adcc5c57016ed38627af1cec13355b7553697bb  rsh-0.17-76.el7.x86_64.rpm
e26027244ee995280b8cf16a5d56e5bf19ac8e869fc65b50382aa46f72475722  rsh-server-0.17-76.el7.x86_64.rpm

Source:
b12dd8aca7997b57abb656a4c4240731f041264b5ce033cb3d6fcbe364ffe249  rsh-0.17-76.el7.src.rpm
Fedora

Fedora 21 Security Update: kernel-3.17.1-303.fc21

Resolved Bugs
1153381 – Synaptics clickpad on Lenovo T440s does not work properly after kernel update on Fedora 20
1089731 – Ath9k WiFi now disabled by radio killswitch
1153322 – CVE-2014-3690 kernel: kvm: vmx: invalid host cr4 handling across vm entries
1155372 – CVE-2014-3690 kernel: kvm: vmx: invalid host cr4 handling across vm entries [fedora-all]
1155745 – CVE-2014-3688 kernel: net: sctp: remote memory pressure from excessive queueing
1155751 – CVE-2014-3688 kernel: net: sctp: remote memory pressure from excessive queueing [fedora-all]
1155731 – CVE-2014-3687 kernel: net: sctp: fix panic on duplicate ASCONF chunks
1155738 – CVE-2014-3687 kernel: net: sctp: fix panic on duplicate ASCONF chunks [fedora-all]
1147850 – CVE-2014-3673 kernel: sctp: skb_over_panic when receiving malformed ASCONF chunks
1155727 – CVE-2014-3673 kernel: sctp: skb_over_panic when receiving malformed ASCONF chunks [fedora-all]<br
CVE fixes for KVM and SCTP.