Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler before 15.0.0.356 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0576, CVE-2014-0581, and CVE-2014-8440.
Monthly Archives: November 2014
CESA-2014:1826 Moderate CentOS 6 libvncserverSecurity Update
CentOS Errata and Security Advisory 2014:1826 Moderate Upstream details at : https://rhn.redhat.com/errata/RHSA-2014-1826.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: 0716f57168140f6062b8cdb0efc7c601ffa3fe81855f759d3e2733d5b7d7a355 libvncserver-0.9.7-7.el6_6.1.i686.rpm 266355a2ec31bea7285f3a530991345604875e1662bcbcfd200be9d8876f4e7d libvncserver-devel-0.9.7-7.el6_6.1.i686.rpm x86_64: 0716f57168140f6062b8cdb0efc7c601ffa3fe81855f759d3e2733d5b7d7a355 libvncserver-0.9.7-7.el6_6.1.i686.rpm 2c8f243f3b7de8151b420b84178764b8f19bd64c510dec6f6d95c8f7b8838086 libvncserver-0.9.7-7.el6_6.1.x86_64.rpm 266355a2ec31bea7285f3a530991345604875e1662bcbcfd200be9d8876f4e7d libvncserver-devel-0.9.7-7.el6_6.1.i686.rpm 5134ca78f7182719b16a45f8a33b576d108dee4f4b4de10ddc92e10e8e73cafe libvncserver-devel-0.9.7-7.el6_6.1.x86_64.rpm Source: 7d83f556540cd4df5e71bc1be7f4106483c604c95da62af25f4dc0c3894d060a libvncserver-0.9.7-7.el6_6.1.src.rpm
CEBA-2014:1830 CentOS 6 389-ds-base BugFix Update
CentOS Errata and Bugfix Advisory 2014:1830 Upstream details at : https://rhn.redhat.com/errata/RHBA-2014-1830.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: 598b9c7bcdd7d03a53c8899dce8971f572fbef57aa354cd3c6c48bf2b1d6cbe5 389-ds-base-1.2.11.15-48.el6_6.i686.rpm 5dba5b47c36830686f1d7514cf3c45fdce59775bf20323dfc6624926f7e039c8 389-ds-base-devel-1.2.11.15-48.el6_6.i686.rpm d0a6aa276bcbeb90a532c63043d60965ed44a95ce06b52f8b77987fa674ff8f7 389-ds-base-libs-1.2.11.15-48.el6_6.i686.rpm x86_64: 70b26cfa45e124b5e9c365df809137b2311dd778b472fa27a605ed0f03d2de98 389-ds-base-1.2.11.15-48.el6_6.x86_64.rpm 5dba5b47c36830686f1d7514cf3c45fdce59775bf20323dfc6624926f7e039c8 389-ds-base-devel-1.2.11.15-48.el6_6.i686.rpm 392a5802599973ebb2438d406d1fc164ab45877895e20ccfa0866b900b6c01f3 389-ds-base-devel-1.2.11.15-48.el6_6.x86_64.rpm d0a6aa276bcbeb90a532c63043d60965ed44a95ce06b52f8b77987fa674ff8f7 389-ds-base-libs-1.2.11.15-48.el6_6.i686.rpm f0f1c4306530146674c7f0cc80f80d96ab58410cd911678d7ddab8006559f353 389-ds-base-libs-1.2.11.15-48.el6_6.x86_64.rpm Source: 49d58c1b04e66ff35d3070e8f071a5fc0d59857fead6db4840245e61ba779103 389-ds-base-1.2.11.15-48.el6_6.src.rpm
CVE-2014-6321
Schannel in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via crafted packets, aka “Microsoft Schannel Remote Code Execution Vulnerability.”
CVE-2014-4077
Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, and Office 2007 SP3, when IMJPDCT.EXE (aka IME for Japanese) is installed, allow remote attackers to bypass a sandbox protection mechanism via a crafted PDF document, aka “Microsoft IME (Japanese) Elevation of Privilege Vulnerability,” as exploited in the wild in 2014.
CVE-2014-4076
Microsoft Windows Server 2003 SP2 allows local users to gain privileges via a crafted IOCTL call to (1) tcpip.sys or (2) tcpip6.sys, aka “TCP/IP Elevation of Privilege Vulnerability.”
CVE-2014-4078
The IP Security feature in Microsoft Internet Information Services (IIS) 8.0 and 8.5 does not properly process wildcard allow and deny rules for domains within the “IP Address and Domain Restrictions” list, which makes it easier for remote attackers to bypass an intended rule set via an HTTP request, aka “IIS Security Feature Bypass Vulnerability.”
CVE-2014-6317
Array index error in win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to cause a denial of service (reboot) via a crafted TrueType font, aka “Denial of Service in Windows Kernel Mode Driver Vulnerability.”
CVE-2014-6318
The audit logon feature in Remote Desktop Protocol (RDP) in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly log unauthorized login attempts supplying valid credentials, which makes it easier for remote attackers to bypass intended access restrictions via a series of attempts, aka “Remote Desktop Protocol (RDP) Failure to Audit Vulnerability.”
CVE-2014-4116
Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Foundation 2010 SP2 allows remote authenticated users to inject arbitrary web script or HTML via a modified list, aka “SharePoint Elevation of Privilege Vulnerability.”