This bulletin summary lists one bulletin that has undergone a major revision increment for December, 2014.

Debian Linux Security Advisory 3095-1 – Ilja van Sprundel of IOActive discovered several security issues in the X.org X server, which may lead to privilege escalation or denial of service.

Ubuntu Security Notice 2438-1 – It was discovered that the NVIDIA graphics drivers incorrectly handled GLX indirect rendering support. An attacker able to connect to an X server, either locally or remotely, could use these issues to cause the X server to crash or execute arbitrary code resulting in possible privilege escalation.

Ubuntu Security Notice 2436-2 – USN-2436-1 fixed vulnerabilities in the X.Org X server. Since publication, additional fixes have been made available for these issues. This update adds the additional fixes. Ilja van Sprundel discovered a multitude of security issues in the X.Org X server. An attacker able to connect to an X server, either locally or remotely, could use these issues to cause the X server to crash or execute arbitrary code resulting in possible privilege escalation. Various other issues were also addressed.

HP Security Bulletin HPSBST03106 2 – A potential security vulnerability has been identified in the HP P2000 G3 MSA Array System, the HP MSA 2040 Storage, and the HP MSA 1040 Storage running OpenSSL. This vulnerability could be exploited remotely resulting in unauthorized access or disclosure of information. Revision 2 of this advisory.

HP Security Bulletin HPSBMU03043 1 – A potential security vulnerability has been identified in HP Smart Update Manager for Windows and Linux. The vulnerability could be exploited to allow the local disclosure of information. Revision 1 of this advisory.

Red Hat Security Advisory 2014-1981-01 – The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities are detailed in the Adobe Security Bulletin APSB14-27, listed in the References section. Multiple flaws were found in the way flash-plugin displayed certain SWF content. An attacker could use these flaws to create a specially crafted SWF file that would cause flash-plugin to crash or, potentially, execute arbitrary code when the victim loaded a page containing the malicious SWF content.

InfiniteWP suffers from remote shell upload, insecure password storage, and remote SQL injection vulnerabilities.