HP Security Bulletin HPSBMU03182 1 – A potential security vulnerability has been identified with HP Server Automation. This is the Bash Shell vulnerability known as “ShellShock” which could be exploited remotely to allow execution of code. Revision 1 of this advisory.
Monthly Archives: November 2014
Ubuntu Security Notice USN-2409-1
Ubuntu Security Notice 2409-1 – Laszlo Ersek discovered that QEMU incorrectly handled memory in the vga device. A malicious guest could possibly use this issue to read arbitrary host memory. This issue only affected Ubuntu 14.04 LTS and Ubuntu 14.10. Xavier Mehrenberger and Stephane Duverger discovered that QEMU incorrectly handled certain udp packets when using guest networking. A malicious guest could possibly use this issue to cause a denial of service. Various other issues were also addressed.
Debian Security Advisory 3050-3
Debian Linux Security Advisory 3050-3 – The previous update for iceweasel in DSA-3050-1 did not contain builds for the armhf architecture due to an error in the Debian packaging specific to the armhf build.
Red Hat Security Advisory 2014-1852-01
Red Hat Security Advisory 2014-1852-01 – The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes multiple vulnerabilities in Adobe Flash Player. Multiple flaws were found in the way flash-plugin displayed certain SWF content. An attacker could use these flaws to create a specially crafted SWF file that would cause flash-plugin to crash or, potentially, execute arbitrary code when the victim loaded a page containing the malicious SWF content.
Fedora 21 Security Update: avr-binutils-2.24-4.fc21
Resolved Bugs
1162655 – CVE-2014-8737 binutils: directory traversal vulnerability
1162657 – avr-binutils: binutils: directory traversal vulnerability [fedora-all]
1162594 – CVE-2014-8502 binutils: heap overflow in objdump
1162599 – CVE-2014-8502 avr-binutils: binutils: heap overflow in objdump [fedora-all]
1162570 – CVE-2014-8501 binutils: out-of-bounds write when parsing specially crafted PE executable
1162575 – CVE-2014-8501 avr-binutils: binutils: out-of-bounds write when parsing specially crafted PE executable [fedora-all]
1162621 – CVE-2014-8504 binutils: stack overflow in the SREC parser
1162623 – CVE-2014-8504 avr-binutils: binutils: stack overflow in the SREC parser [fedora-all]
1162666 – CVE-2014-8738 binutils: out of bounds memory write
1162670 – avr-binutils: binutils: out of bounds memory write [fedora-all]<br
– fix directory traversal vulnerability
– fix CVE-2014-8501: out-of-bounds write when parsing specially crafted PE executable
– fix CVE-2014-8502: heap overflow in objdump
– fix CVE-2014-8503: stack overflow in objdump when parsing specially crafted ihex file
– fix CVE-2014-8504: stack overflow in the SREC parser
– fix out of bounds memory write
Fedora 21 Security Update: avr-binutils-2.24-3.fc21
Resolved Bugs
1162655 – binutils: directory traversal vulnerability
1162657 – avr-binutils: binutils: directory traversal vulnerability [fedora-all]
1162594 – CVE-2014-8502 binutils: heap overflow in objdump
1162599 – CVE-2014-8502 avr-binutils: binutils: heap overflow in objdump [fedora-all]
1162570 – CVE-2014-8501 binutils: out-of-bounds write when parsing specially crafted PE executable
1162575 – CVE-2014-8501 avr-binutils: binutils: out-of-bounds write when parsing specially crafted PE executable [fedora-all]
1162621 – CVE-2014-8504 binutils: stack overflow in the SREC parser
1162623 – CVE-2014-8504 avr-binutils: binutils: stack overflow in the SREC parser [fedora-all]<br
– fix directory traversal vulnerability
– fix CVE-2014-8501: out-of-bounds write when parsing specially crafted PE executable
– fix CVE-2014-8502: heap overflow in objdump
– fix CVE-2014-8503: stack overflow in objdump when parsing specially crafted ihex file
– fix CVE-2014-8504: stack overflow in the SREC parser
Fedora 19 Security Update: python-pillow-2.0.0-16.gitd1c6db8.fc19
Resolved Bugs
1163343 – CVE-2014-3007 python-pillow: python-pillow, python-imaging: command injection issue [fedora-all]
1094101 – CVE-2014-3007 python-pillow, python-imaging: command injection issue
1063658 – CVE-2014-1932 python-pillow, python-imaging: insecure temporary file creation
1089795 – CVE-2014-1933 CVE-2014-1932 python-pillow: various flaws [fedora-all]<br
Security fix for CVE-2014-3007, updated fix for CVE-2014-1932.
Followup fix for CVE-2014-1933.
Fedora 20 Security Update: avr-binutils-2.24-3.fc20
Resolved Bugs
1162655 – CVE-2014-8737 binutils: directory traversal vulnerability
1162657 – avr-binutils: binutils: directory traversal vulnerability [fedora-all]
1162594 – CVE-2014-8502 binutils: heap overflow in objdump
1162599 – CVE-2014-8502 avr-binutils: binutils: heap overflow in objdump [fedora-all]
1162570 – CVE-2014-8501 binutils: out-of-bounds write when parsing specially crafted PE executable
1162575 – CVE-2014-8501 avr-binutils: binutils: out-of-bounds write when parsing specially crafted PE executable [fedora-all]
1162621 – CVE-2014-8504 binutils: stack overflow in the SREC parser
1162623 – CVE-2014-8504 avr-binutils: binutils: stack overflow in the SREC parser [fedora-all]
1162666 – CVE-2014-8738 binutils: out of bounds memory write
1162670 – avr-binutils: binutils: out of bounds memory write [fedora-all]<br
– fix directory traversal vulnerability
– fix CVE-2014-8501: out-of-bounds write when parsing specially crafted PE executable
– fix CVE-2014-8502: heap overflow in objdump
– fix CVE-2014-8503: stack overflow in objdump when parsing specially crafted ihex file
– fix CVE-2014-8504: stack overflow in the SREC parser
– fix out of bounds memory write
Fedora 20 Security Update: avr-binutils-2.24-2.fc20
Resolved Bugs
1162655 – binutils: directory traversal vulnerability
1162657 – avr-binutils: binutils: directory traversal vulnerability [fedora-all]
1162594 – CVE-2014-8502 binutils: heap overflow in objdump
1162599 – CVE-2014-8502 avr-binutils: binutils: heap overflow in objdump [fedora-all]
1162570 – CVE-2014-8501 binutils: out-of-bounds write when parsing specially crafted PE executable
1162575 – CVE-2014-8501 avr-binutils: binutils: out-of-bounds write when parsing specially crafted PE executable [fedora-all]
1162621 – CVE-2014-8504 binutils: stack overflow in the SREC parser
1162623 – CVE-2014-8504 avr-binutils: binutils: stack overflow in the SREC parser [fedora-all]<br
– fix directory traversal vulnerability
– fix CVE-2014-8501: out-of-bounds write when parsing specially crafted PE executable
– fix CVE-2014-8502: heap overflow in objdump
– fix CVE-2014-8503: stack overflow in objdump when parsing specially crafted ihex file
– fix CVE-2014-8504: stack overflow in the SREC parser
Fedora 19 Security Update: polarssl-1.2.12-1.fc19
Resolved Bugs
1159845 – CVE-2014-8627 CVE-2014-8628 polarssl: various issues fixed in 1.3.9<br
– Update to 1.2.12
– CVE-2014-8628 (#1159845)