Oracle Java SE CVE-2014-4266 Remote Security Vulnerability
Monthly Archives: November 2014
Vuln: IBM WebSphere Real Time CVE-2014-3086 Unspecified Privilege Escalation Vulnerability
IBM WebSphere Real Time CVE-2014-3086 Unspecified Privilege Escalation Vulnerability
USN-2399-1: curl vulnerability
Ubuntu Security Notice USN-2399-1
10th November, 2014
curl vulnerability
A security issue affects these releases of Ubuntu and its
derivatives:
- Ubuntu 14.10
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
- Ubuntu 10.04 LTS
Summary
curl could expose sensitive information over the network.
Software description
- curl
– HTTP, HTTPS, and FTP client and client libraries
Details
Symeon Paraschoudis discovered that curl incorrectly handled memory when
being used with CURLOPT_COPYPOSTFIELDS and curl_easy_duphandle(). This may
result in sensitive data being incorrectly sent to the remote server.
Update instructions
The problem can be corrected by updating your system to the following
package version:
- Ubuntu 14.10:
-
libcurl3-nss
7.37.1-1ubuntu3.1
-
libcurl3-gnutls
7.37.1-1ubuntu3.1
-
libcurl3
7.37.1-1ubuntu3.1
- Ubuntu 14.04 LTS:
-
libcurl3-nss
7.35.0-1ubuntu2.2
-
libcurl3-gnutls
7.35.0-1ubuntu2.2
-
libcurl3
7.35.0-1ubuntu2.2
- Ubuntu 12.04 LTS:
-
libcurl3-nss
7.22.0-3ubuntu4.11
-
libcurl3-gnutls
7.22.0-3ubuntu4.11
-
libcurl3
7.22.0-3ubuntu4.11
- Ubuntu 10.04 LTS:
-
libcurl3-gnutls
7.19.7-1ubuntu1.10
-
libcurl3
7.19.7-1ubuntu1.10
To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.
In general, a standard system update will make all the necessary changes.
References
USN-2400-1: LibreOffice vulnerability
Ubuntu Security Notice USN-2400-1
10th November, 2014
libreoffice vulnerability
A security issue affects these releases of Ubuntu and its
derivatives:
- Ubuntu 12.04 LTS
Summary
LibreOffice could be made to embed sensitive information into documents.
Software description
- libreoffice
– Office productivity suite
Details
It was discovered that LibreOffice incorrectly handled OLE preview
generation. If a user were tricked into opening a crafted document, an
attacker could possibly exploit this to embed arbitrary data into
documents.
Update instructions
The problem can be corrected by updating your system to the following
package version:
- Ubuntu 12.04 LTS:
-
libreoffice-core
1:3.5.7-0ubuntu7
To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.
After a standard system update you need to restart LibreOffice to make all
the necessary changes.
References
Red Hat Security Advisory 2014-1833-01
Red Hat Security Advisory 2014-1833-01 – Red Hat JBoss Enterprise Web Platform is a platform for Java applications, which integrates the JBoss Web Server with JBoss Hibernate and JBoss Seam. It was discovered that the HttpClient incorrectly extracted host name from an X.509 certificate subject’s Common Name field. A man-in-the-middle attacker could use this flaw to spoof an SSL server using a specially crafted X.509 certificate. The CVE-2012-6153 issue was discovered by Florian Weimer of Red Hat Product Security.
Red Hat Security Advisory 2014-1834-01
Red Hat Security Advisory 2014-1834-01 – Red Hat JBoss Enterprise Application Platform is a platform for Java applications, which integrates the JBoss Application Server with JBoss Hibernate and JBoss Seam. It was discovered that the HttpClient incorrectly extracted host name from an X.509 certificate subject’s Common Name field. A man-in-the-middle attacker could use this flaw to spoof an SSL server using a specially crafted X.509 certificate. The CVE-2012-6153 issue was discovered by Florian Weimer of Red Hat Product Security.
Red Hat Security Advisory 2014-1835-01
Red Hat Security Advisory 2014-1835-01 – Red Hat JBoss Enterprise Web Platform is a platform for Java applications, which integrates the JBoss Web Server with JBoss Hibernate and JBoss Seam. It was discovered that the HttpClient incorrectly extracted host name from an X.509 certificate subject’s Common Name field. A man-in-the-middle attacker could use this flaw to spoof an SSL server using a specially crafted X.509 certificate. The CVE-2012-6153 issue was discovered by Florian Weimer of Red Hat Product Security.
Red Hat Security Advisory 2014-1836-01
Red Hat Security Advisory 2014-1836-01 – Red Hat JBoss Enterprise Application Platform is a platform for Java applications, which integrates the JBoss Application Server with JBoss Hibernate and JBoss Seam. It was discovered that the HttpClient incorrectly extracted host name from an X.509 certificate subject’s Common Name field. A man-in-the-middle attacker could use this flaw to spoof an SSL server using a specially crafted X.509 certificate. The CVE-2012-6153 issue was discovered by Florian Weimer of Red Hat Product Security.
Ubuntu Security Notice USN-2401-1
Ubuntu Security Notice 2401-1 – Manuel Nickschas discovered that Konversation did not properly perform input sanitization when using Blowfish ECB encryption. A remote attacker could exploit this to cause a denial of service.