Monthly Archives: October 2015

NVD

CVE-2015-4895

Unspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB.

NVD

CVE-2015-4896

Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.0.34, 4.1.42, 4.2.34, 4.3.32, and 5.0.8 allows remote attackers to affect availability via unknown vectors related to Core.

NVD

CVE-2015-4898

Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.3, 12.2.3, and 12.2.4 allows remote authenticated users to affect integrity via vectors related to Diagnostics and DMZ.

NVD

CVE-2015-4899

Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 3.0.1 and 3.1.2 allows remote attackers to affect confidentiality via unknown vectors related to Security.

NVD

CVE-2015-4900

Unspecified vulnerability in the XDB – XML Database component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.

Full Disclosure

Simple PHP static code analysis for security researchers

Posted by Marcin Probola on Oct 21

Hello,

I’ve just launched http://php-grinder.com where you can scan PHP projects
for potential vulnerabilities.

I hope you find it useful.

P.S. Underlying tool recently (before web-ui) discovered more than 100
vulnerable plugins (reported, confirmed and patched) in wordpress top 1000
list with more than 4.000.000 active installations in total. Details will
be revealed soon.

CentOS

CESA-2015:1921 Important CentOS 5java-1.7.0-openjdk Security Update

CentOS Errata and Security Advisory 2015:1921 Important

Upstream details at : https://rhn.redhat.com/errata/RHSA-2015-1921.html

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( sha256sum Filename ) 

i386:
728f0c0642d42864b96a7dbd7310360f8787ab90fa17bec6ee5ddb7bc0950b97  java-1.7.0-openjdk-1.7.0.91-2.6.2.1.el5_11.i386.rpm
707c41d31d5b7f03704db767124d21dd6de652d64d22a2cc0758afe6f5a68aec  java-1.7.0-openjdk-demo-1.7.0.91-2.6.2.1.el5_11.i386.rpm
4e6876cbad92bb25d26c0bd8b05c407eab7064e59d4eb58eab6b1f50ab122f9b  java-1.7.0-openjdk-devel-1.7.0.91-2.6.2.1.el5_11.i386.rpm
72055bec04fcf49a9b744866389d67dfd83bc0cb6ccd64a2c417f230e18a1431  java-1.7.0-openjdk-javadoc-1.7.0.91-2.6.2.1.el5_11.i386.rpm
35504f2d7eaebb7b10d3a7eb8bb918169f740a296984cf976db242947c77c1d9  java-1.7.0-openjdk-src-1.7.0.91-2.6.2.1.el5_11.i386.rpm

x86_64:
744c714a9d9dd4a4c54cedad94af99f6093dd5a41f230dba3cd1d30e989a6c80  java-1.7.0-openjdk-1.7.0.91-2.6.2.1.el5_11.x86_64.rpm
e7a6d7045f53ccc49104ac40c727708d3d91c553a81896a0e08ab141e441a4d8  java-1.7.0-openjdk-demo-1.7.0.91-2.6.2.1.el5_11.x86_64.rpm
f014c30d7aaa0935def0ec0fe8aaa46eab3a23abef79e8fedff1a071be61ddbc  java-1.7.0-openjdk-devel-1.7.0.91-2.6.2.1.el5_11.x86_64.rpm
7a6d280dd08f2936ed2aa8c66adabab6d400d8b6bfa072fe03d020e0cca76f40  java-1.7.0-openjdk-javadoc-1.7.0.91-2.6.2.1.el5_11.x86_64.rpm
fe02e4316dee3cb6c77a53cb3f3de560c88b343b36e66f46870928961d7b6c53  java-1.7.0-openjdk-src-1.7.0.91-2.6.2.1.el5_11.x86_64.rpm

Source:
5107c8d5774a3ba475574a51c986bb8af63414ca30a54ab7940bf5739da707e7  java-1.7.0-openjdk-1.7.0.91-2.6.2.1.el5_11.src.rpm
US-CERT

Apple Releases Multiple Security Updates

Original release date: October 21, 2015

Apple has released several security updates to address critical vulnerabilities in multiple Apple products. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system.

Available updates include:

  • OS X Server 5.0.15 for OS X Yosemite v10.10.5 and OS X El Capitan v10.11.1 or later
  • Xcode 7.1 for OS X Yosemite v10.10.5 or later
  • Mac EFI Security Update 2015-002 for OS X Mavericks v10.9.5
  • iTunes 12.3.1 for Windows 7 and later
  • OS X El Capitan 10.11.1 and Security Update 2015-007 for OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11
  • Safari 9.0.1 for OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11
  • watchOS 2.0.1 for Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes
  • iOS 9.1 for iPhones 4s and later, iPod Touch 5th generation and later, and iPad 2 and later

Users and administrators are encouraged to review Apple security updates and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

Full Disclosure

APPLE-SA-2015-10-21-6 Mac EFI Security Update 2015-002

Posted by Apple Product Security on Oct 21

APPLE-SA-2015-10-21-6 Mac EFI Security Update 2015-002

Mac EFI Security Update 2015-002 is now available and addresses the
following:

EFI
Available for: OS X Mavericks v10.9.5
Impact: An attacker can exercise unused EFI functions
Description: An issue existed with EFI argument handling. This was
addressed by removing the affected functions.
CVE-ID
CVE-2015-7035 : Corey Kallenberg, Xeno Kovah, John Butterworth, and
Sam Cornwell of The MITRE…

Full Disclosure

APPLE-SA-2015-10-21-7 Xcode 7.1

Posted by Apple Product Security on Oct 21

APPLE-SA-2015-10-21-7 Xcode 7.1

Xcode 7.1 is now available and addresses the following:

Swift
Available for: OS X Yosemite v10.10.5 or later
Impact: Swift programs performing certain type conversions may
receive unexpected values
Description: A type conversion issue existed that could lead to
conversions returning unexpected values. This issue was addressed
through improved type checking.
CVE-ID
CVE-2015-7030 : an anonymous researcher…