Ettercap versions 8.0 and 8.1 suffer from code execution and denial of service vulnerabilities.

Elefant CMS version 1.3.9 suffers from a cross site scripting vulnerability.

Arris Touchstone TG862G/CT suffers from a cross site scripting vulnerability.

Arris Touchstone TG862G/CT suffers from a cross site request forgery vulnerability.

iWifi for Chat versions 1.1 suffers from a denial of service vulnerability.

iUSB version 1.2 suffers from an arbitrary code execution vulnerability.

Red Hat Security Advisory 2014-1998-01 – The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way the Linux kernel handled GS segment register base switching when recovering from a #SS fault on an erroneous return to user space. A local, unprivileged user could use this flaw to escalate their privileges on the system.

Red Hat Security Advisory 2014-1997-01 – A flaw was found in the way the Linux kernel handled GS segment register base switching when recovering from a #SS fault on an erroneous return to user space. A local, unprivileged user could use this flaw to escalate their privileges on the system. A flaw was found in the way the Linux kernel’s SCTP implementation handled malformed or duplicate Address Configuration Change Chunks. A remote attacker could use either of these flaws to crash the system. A flaw was found in the way the Linux kernel’s SCTP implementation handled the association’s output queue. A remote attacker could send specially crafted packets that would cause the system to use an excessive amount of memory, leading to a denial of service.

Red Hat Security Advisory 2014-1999-01 – The mailx packages contain a mail user agent that is used to manage mail using scripts. A flaw was found in the way mailx handled the parsing of email addresses. A syntactically valid email address could allow a local attacker to cause mailx to execute arbitrary shell commands through shell meta-characters and the direct command execution functionality. Note: Applications using mailx to send email to addresses obtained from untrusted sources will still remain vulnerable to other attacks if they accept email addresses which start with “-“. To counteract this issue, this update also introduces the “–” option, which will treat the remaining command line arguments as email addresses.

Mandriva Linux Security Advisory 2014-252 – In the QuickDER decoder in NSS before 3.17.3, ASN.1 DER decoding of lengths is too permissive, allowing undetected smuggling of arbitrary data. This update adds support for the TLS Fallback Signaling Cipher Suite Value in NSS, which can be used to prevent protocol downgrade attacks against applications which re-connect using a lower SSL/TLS protocol version when the initial connection indicating the highest supported protocol version fails. This can prevent a forceful downgrade of the communication to SSL 3.0, mitigating also known as POODLE. SSL 3.0 support has also been disabled by default in this Firefox and Thunderbird update, further mitigating POODLE.