Red Hat Enterprise Linux: Updated kernel packages that fix one security issue and one bug are now
available for Red Hat Enterprise Linux 6.4 Extended Update Support.
Red Hat Product Security has rated this update as having Important security
impact. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available from the CVE link in the
References section.
CVE-2014-5077
Red Hat Enterprise Linux: Updated libXfont packages that fix three security issues are now available
for Red Hat Enterprise Linux 6 and 7.
Red Hat Product Security has rated this update as having Important security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.
CVE-2014-0209, CVE-2014-0210, CVE-2014-0211
Red Hat Enterprise Linux: New kmod-oracleasm packages are now available for Red Hat Enterprise Linux 6.
Red Hat Enterprise Linux: An updated sos package that fixes two bugs and adds various enhancements is now
available for Red Hat Enterprise Linux 7.
Red Hat Enterprise Linux: Updated device-mapper packages that fix one bug are now available for Red Hat
Enterprise Linux 5.
Red Hat Enterprise Linux: Updated nss-softokn packages that fix one bug and add one enhancement are now
available for Red Hat Enterprise Linux 6.
This is a tool to exploit .NET Remoting Services vulnerable to CVE-2014-1806 or CVE-2014-4149. It only works on Windows although some aspects might work in Mono on *nix.
Snowfox CMS version 1.0 suffers from a cross site request forgery vulnerability.
Posted by Jann Horn on Nov 19
In Android <5.0, java.io.ObjectInputStream did not check whether the Object that
is being deserialized is actually serializable. That issue was fixed in Android
5.0 with this commit:
<https://android.googlesource.com/platform/libcore/+/738c833d38d41f8f76eb7e77ab39add82b1ae1e2>
This means that when ObjectInputStream is used on untrusted inputs, an attacker
can cause an instance of any class with a non-private parameterless constructor
to…
Apple Security Advisory 2014-11-17-3 – Apple TV 7.0.2 is now available and addresses arbitrary code execution and unsigned code execution security issues.