Red Hat Enterprise Linux: Updated kernel packages that fix one security issue are now available for
Red Hat Enterprise Linux 5.9 Extended Update Support.
Red Hat Product Security has rated this update as having Important security
impact. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available from the CVE link in the
References section.
CVE-2014-9322
Red Hat Enterprise Linux: Updated kernel packages that fix one security issue are now available for
Red Hat Enterprise Linux 6.2 Advanced Update Support.
Red Hat Product Security has rated this update as having Important security
impact. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available from the CVE link in the
References section.
CVE-2014-9322
Red Hat Enterprise Linux: Updated dracut packages that fix one bug are now available for Red Hat
Enterprise Linux 6.5 Extended Update Support.
22nd December, 2014
A security issue affects these releases of Ubuntu and its
derivatives:
Several security issues were fixed in NTP.
Neel Mehta discovered that NTP generated weak authentication keys. A remote
attacker could possibly use this issue to brute force the authentication
key and send requests if permitted by IP restrictions. (CVE-2014-9293)
Stephen Roettger discovered that NTP generated weak MD5 keys. A remote
attacker could possibly use this issue to brute force the MD5 key and spoof
a client or server. (CVE-2014-9294)
Stephen Roettger discovered that NTP contained buffer overflows in the
crypto_recv(), ctl_putdata() and configure() functions. In non-default
configurations, a remote attacker could use these issues to cause NTP to
crash, resulting in a denial of service, or possibly execute arbitrary
code. The default compiler options for affected releases should reduce the
vulnerability to a denial of service. In addition, attackers would be
isolated by the NTP AppArmor profile. (CVE-2014-9295)
Stephen Roettger discovered that NTP incorrectly continued processing when
handling certain errors. (CVE-2014-9296)
The problem can be corrected by updating your system to the following
package version:
To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.
After a standard system update you need to regenerate any MD5 keys that
were manually created with ntp-keygen.
IBM Security AppScan Enterprise 8.5 before 8.5 IFix 002, 8.6 before 8.6 IFix 004, 8.7 before 8.7 IFix 004, 8.8 before 8.8 iFix 003, 9.0 before 9.0.0.1 iFix 003, and 9.0.1 before 9.0.1 iFix 001 allows remote attackers to execute arbitrary code via a crafted executable file in an archive.
Cross-site scripting (XSS) vulnerability in IBM Security AppScan Enterprise 8.5 before 8.5 IFix 002, 8.6 before 8.6 IFix 004, 8.7 before 8.7 IFix 004, 8.8 before 8.8 iFix 003, 9.0 before 9.0.0.1 iFix 003, and 9.0.1 before 9.0.1 iFix 001 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
IBM Security AppScan Enterprise 8.5 before 8.5 IFix 002, 8.6 before 8.6 IFix 004, 8.7 before 8.7 IFix 004, 8.8 before 8.8 iFix 003, 9.0 before 9.0.0.1 iFix 003, and 9.0.1 before 9.0.1 iFix 001 allows remote authenticated users to write to arbitrary folders, and consequently execute arbitrary commands, via a modified argument.