[security bulletin] HPSBGN03424 rev.1 – HP Cloud Service Automation, Remote Authentication Bypass
Monthly Archives: October 2015
Bugtraq: [security bulletin] HPSBPV03516 rev.1 – HP VAN SDN Controller, Multiple Vulnerabilities
[security bulletin] HPSBPV03516 rev.1 – HP VAN SDN Controller, Multiple Vulnerabilities
RHSA-2015:1855-1: Low: mod_proxy_fcgi security update
Red Hat Enterprise Linux: An updated mod_proxy_fcgi package that fixes one security issue is now
available for Red Hat Ceph Storage 1.2 for Red Hat Enterprise Linux 6.
Red Hat Product Security has rated this update as having Low security
impact. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available from the CVE link in the
References section.
CVE-2014-3583
RHSA-2015:1852-1: Important: thunderbird security update
Red Hat Enterprise Linux: An updated thunderbird package that fixes multiple security issues is now
available for Red Hat Enterprise Linux 5, 6, and 7.
Red Hat Product Security has rated this update as having Important security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.
CVE-2015-4500, CVE-2015-4509, CVE-2015-4517, CVE-2015-4519, CVE-2015-4520, CVE-2015-4521, CVE-2015-4522, CVE-2015-7174, CVE-2015-7175, CVE-2015-7176, CVE-2015-7177, CVE-2015-7180
RHBA-2015:1856-1: ceph bug fix update
Red Hat Enterprise Linux: Updated ceph packages that fix one bug are now available for Red Hat
Enterprise Linux 6 and 7.
USN-2759-1: Linux kernel vulnerabilities
Ubuntu Security Notice USN-2759-1
1st October, 2015
linux vulnerabilities
A security issue affects these releases of Ubuntu and its
derivatives:
- Ubuntu 12.04 LTS
Summary
Several security issues were fixed in the kernel.
Software description
- linux
– Linux kernel
Details
It was discovered that an integer overflow error existed in the SCSI
generic (sg) driver in the Linux kernel. A local attacker with write
permission to a SCSI generic device could use this to cause a denial of
service (system crash) or potentially escalate their privileges.
(CVE-2015-5707)
Marc-André Lureau discovered that the vhost driver did not properly
release the userspace provided log file descriptor. A privileged attacker
could use this to cause a denial of service (resource exhaustion).
(CVE-2015-6252)
It was discovered that the Linux kernel’s perf subsystem did not bound
callchain backtraces on PowerPC 64. A local attacker could use this to
cause a denial of service. (CVE-2015-6526)
Update instructions
The problem can be corrected by updating your system to the following
package version:
- Ubuntu 12.04 LTS:
-
linux-image-3.2.0-91-generic-pae
3.2.0-91.129
-
linux-image-3.2.0-91-powerpc64-smp
3.2.0-91.129
-
linux-image-3.2.0-91-generic
3.2.0-91.129
-
linux-image-3.2.0-91-virtual
3.2.0-91.129
-
linux-image-3.2.0-91-omap
3.2.0-91.129
-
linux-image-3.2.0-91-powerpc-smp
3.2.0-91.129
-
linux-image-3.2.0-91-highbank
3.2.0-91.129
To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed. If
you use linux-restricted-modules, you have to update that package as
well to get modules which work with the new kernel version. Unless you
manually uninstalled the standard kernel metapackages (e.g. linux-generic,
linux-server, linux-powerpc), a standard system upgrade will automatically
perform this as well.
References
USN-2760-1: Linux kernel (OMAP4) vulnerabilities
Ubuntu Security Notice USN-2760-1
1st October, 2015
linux-ti-omap4 vulnerabilities
A security issue affects these releases of Ubuntu and its
derivatives:
- Ubuntu 12.04 LTS
Summary
Several security issues were fixed in the kernel.
Software description
- linux-ti-omap4
– Linux kernel for OMAP4
Details
It was discovered that an integer overflow error existed in the SCSI
generic (sg) driver in the Linux kernel. A local attacker with write
permission to a SCSI generic device could use this to cause a denial of
service (system crash) or potentially escalate their privileges.
(CVE-2015-5707)
Marc-André Lureau discovered that the vhost driver did not properly
release the userspace provided log file descriptor. A privileged attacker
could use this to cause a denial of service (resource exhaustion).
(CVE-2015-6252)
It was discovered that the Linux kernel’s perf subsystem did not bound
callchain backtraces on PowerPC 64. A local attacker could use this to
cause a denial of service. (CVE-2015-6526)
Update instructions
The problem can be corrected by updating your system to the following
package version:
- Ubuntu 12.04 LTS:
-
linux-image-3.2.0-1471-omap4
3.2.0-1471.92
To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed. If
you use linux-restricted-modules, you have to update that package as
well to get modules which work with the new kernel version. Unless you
manually uninstalled the standard kernel metapackages (e.g. linux-generic,
linux-server, linux-powerpc), a standard system upgrade will automatically
perform this as well.
References
APPLE-SA-2015-09-30-01 iOS 9.0.2
Posted by Apple Product Security on Oct 01
APPLE-SA-2015-09-30-01 iOS 9.0.2
iOS 9.0.2 is now available and addresses the following:
Lock Screen
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A person with physical access to an iOS device may be able
to access photos and contacts from the lock screen
Description: A lock screen issue allowed access to photos and
contacts on a locked device. This issue was addressed by restricting…
APPLE-SA-2015-09-30-2 Safari 9
Posted by Apple Product Security on Oct 01
APPLE-SA-2015-09-30-2 Safari 9
Safari 9 is now available and addresses the following:
Safari
Available for: OS X Mavericks v10.9.5,
OS X Yosemite v10.10.5 and OS X El Capitan v10.11
Impact: Visiting a malicious website may lead to user interface
spoofing
Description: Multiple user interface inconsistencies may have
allowed a malicious website to display an arbitrary URL. These issues
were addressed through improved URL display logic.
CVE-ID…
APPLE-SA-2015-09-30-3 OS X El Capitan 10.11
Posted by Apple Product Security on Oct 01
APPLE-SA-2015-09-30-3 OS X El Capitan 10.11
OS X El Capitan 10.11 is now available and addresses the following:
Address Book
Available for: Mac OS X v10.6.8 and later
Impact: A local attacker may be able to inject arbitrary code to
processes loading the Address Book framework
Description: An issue existed in Address Book framework’s handling
of an environment variable. This issue was addressed through improved
environment variable…