RHEA-2014:1858-1: jboss-ec2-eap enhancement update for EAP 6.3.2

November 14, 2014 007admin

Red Hat Enterprise Linux: Updated jboss-ec2-eap packages that add an enhancement are now available for Red
Hat JBoss Enterprise Application Platform 6.3.2 on Red Hat Enterprise Linux 6.

Python

CVE-2014-2667

November 14, 2014 007admin

Race condition in the _get_masked_mode function in Lib/os.py in Python 3.2 through 3.5, when exist_ok is set to true and multiple threads are used, might allow local users to bypass intended file permissions by leveraging a separate application vulnerability before the umask has been set to the expected value. (CVSS:3.3) (Last Update:2014-11-17)

Security Focus

Vuln: Linux Kernel LZO Implementation 'lzo1x_decompress_safe.c' Memory Corruption Vulnerability

November 14, 2014 007admin

Linux Kernel LZO Implementation ‘lzo1x_decompress_safe.c’ Memory Corruption Vulnerability

Security Focus

Vuln: Linux Kernel 'ceph/auth_x.c' Buffer Overflow Vulnerability

November 14, 2014 007admin

Linux Kernel ‘ceph/auth_x.c’ Buffer Overflow Vulnerability

Security Focus

Vuln: HP System Management Homepage CVE-2014-2641 Unspecified Cross Site Request Forgery Vulnerability

November 14, 2014 007admin

HP System Management Homepage CVE-2014-2641 Unspecified Cross Site Request Forgery Vulnerability

Security Focus

Vuln: Linux Kernel CVE-2014-3153 Local Privilege Escalation Vulnerability

November 14, 2014 007admin

Linux Kernel CVE-2014-3153 Local Privilege Escalation Vulnerability

Full Disclosure

xdg-open RCE

November 14, 2014 007admin

Posted by joernchen on Nov 14

Hi,

I just ran into some RCE issue with xdg-open today and figured it’s known
and unfixed since 2013-06-10 [0] (respectively 2013-07-07 upstream [1])

As apparently noone cares about this I just leave a silly PoC [3]
(should work with Chromium on Arch/Gentoo Linux) here. Additional
requirement is a Window Manager which is _NOT_ one of the following:

* KDE
* GNOME
* MATE
* XFCE
* ENLIGHTENMENT

Cheers,

joernchen

[0]…

Full Disclosure