Monthly Archives: December 2015

CentOS

CESA-2015:2671 Important CentOS 5jakarta-commons-collections Security Update

CentOS Errata and Security Advisory 2015:2671 Important

Upstream details at : https://rhn.redhat.com/errata/RHSA-2015-2671.html

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( sha256sum Filename ) 

i386:
3e91e8870eb490c06269ba53179728b3afbe6df74144a5033bd5d762591f3b3b  jakarta-commons-collections-3.2-2jpp.4.i386.rpm
e204902787c9476bbeee8f399eef182ddbe8dac776d6ddd23850498558ed4399  jakarta-commons-collections-javadoc-3.2-2jpp.4.i386.rpm
81ca9f0edcf5d0cde39f5f6f81c7535ddd5f01c444e731e3387b947751f2a696  jakarta-commons-collections-testframework-3.2-2jpp.4.i386.rpm
1401ddec74229e5f7bb0da50a3d5c47b7912a2276296284096394f73c37a85b6  jakarta-commons-collections-testframework-javadoc-3.2-2jpp.4.i386.rpm
ab3d96dfe6aebc3c7b4f7ce7f0f307ddc210b1885e72ccf2d14bb9427bcd315a  jakarta-commons-collections-tomcat5-3.2-2jpp.4.i386.rpm

x86_64:
74add7a4f0f7879d2108f06e5216602dd05963b88c7984b6d247d136578dc449  jakarta-commons-collections-3.2-2jpp.4.x86_64.rpm
48eb0f726e79b462a8505f7960481006a6c252bccbf37a3cccbb416030b48da8  jakarta-commons-collections-javadoc-3.2-2jpp.4.x86_64.rpm
0934cf0cb13caf4cbac653a13895b933648e40a76a4d900c8b08d1a51d2a5231  jakarta-commons-collections-testframework-3.2-2jpp.4.x86_64.rpm
314c67cfaf4bef3c95326d83fa164d64c3ede371d7c712e40598e12eebe42064  jakarta-commons-collections-testframework-javadoc-3.2-2jpp.4.x86_64.rpm
356b54c0aded684d0d0b7f5ecc056c2f62f666011c84c342b95a6863b4499b87  jakarta-commons-collections-tomcat5-3.2-2jpp.4.x86_64.rpm

Source:
1470c341f4d068e5c6fe3f8dc619f4a2be4ab7c0b720a54dd15a80a3fe1d5502  jakarta-commons-collections-3.2-2jpp.4.src.rpm
Hackers News

How to Turn Any Non-Touch Screen PC Into a Touch Screen

Want to buy a touch-screen laptop but couldn’t afford it?

But what if I told you that you can turn your existing non-touch-screen laptop into a Touch Screen laptop?

Yes, it’s possible. You can now convert your laptop or PC into a touch screen with the help of a new device called AirBar.

Touch screen has become a popular feature on laptops these days, and many laptops are moving

ESET

The security review: Nemucod malware, Star Wars and China on cyber sovereignty

Our latest recap of the last seven days in information security includes the spread of the Nemucod trojan, the importance of improving awareness of online safety in children and young people and how Star Wars offers plenty of top cyber advice.

The post The security review: Nemucod malware, Star Wars and China on cyber sovereignty appeared first on We Live Security.

Hackers News

AlienVault Unified Security Management: Real-Time Threat Detection Starting on Day 1

As organizations expand their IT infrastructure to match their evolving business models and meet changing regulatory requirements, they often find that their networks have become extremely complex and challenging to manage.

A primary concern for many IT teams is detecting threats in the mountain of event data being generated every day.

Even a relatively small network can generate

NVD

CVE-2015-6934

Serialized-object interfaces in VMware vRealize Orchestrator 6.x, vCenter Orchestrator 5.x, vRealize Operations 6.x, vCenter Operations 5.x, and vCenter Application Discovery Manager (vADM) 7.x allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library.

Ubuntu

USN-2846-1: Linux kernel vulnerabilities

Ubuntu Security Notice USN-2846-1

19th December, 2015

linux vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

  • Ubuntu 12.04 LTS

Summary

Several security issues were fixed in the kernel.

Software description

  • linux
    – Linux kernel

Details

Felix Wilhelm discovered a race condition in the Xen paravirtualized
drivers which can cause double fetch vulnerabilities. An attacker in the
paravirtualized guest could exploit this flaw to cause a denial of service
(crash the host) or potentially execute arbitrary code on the host.
(CVE-2015-8550)

Konrad Rzeszutek Wilk discovered the Xen PCI backend driver does not
perform sanity checks on the device’s state. An attacker could exploit this
flaw to cause a denial of service (NULL dereference) on the host.
(CVE-2015-8551)

Konrad Rzeszutek Wilk discovered the Xen PCI backend driver does not
perform sanity checks on the device’s state. An attacker could exploit this
flaw to cause a denial of service by flooding the logging system with
WARN() messages causing the initial domain to exhaust disk space.
(CVE-2015-8552)

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 12.04 LTS:
linux-image-3.2.0-97-highbank

3.2.0-97.137
linux-image-3.2.0-97-omap

3.2.0-97.137
linux-image-3.2.0-97-generic-pae

3.2.0-97.137
linux-image-3.2.0-97-powerpc64-smp

3.2.0-97.137
linux-image-3.2.0-97-virtual

3.2.0-97.137
linux-image-3.2.0-97-generic

3.2.0-97.137
linux-image-3.2.0-97-powerpc-smp

3.2.0-97.137

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References

CVE-2015-8550,

CVE-2015-8551,

CVE-2015-8552

Ubuntu

USN-2847-1: Linux kernel (Trusty HWE) vulnerabilities

Ubuntu Security Notice USN-2847-1

19th December, 2015

linux-lts-trusty vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

  • Ubuntu 12.04 LTS

Summary

Several security issues were fixed in the kernel.

Software description

  • linux-lts-trusty
    – Linux hardware enablement kernel from Trusty

Details

Felix Wilhelm discovered a race condition in the Xen paravirtualized
drivers which can cause double fetch vulnerabilities. An attacker in the
paravirtualized guest could exploit this flaw to cause a denial of service
(crash the host) or potentially execute arbitrary code on the host.
(CVE-2015-8550)

Konrad Rzeszutek Wilk discovered the Xen PCI backend driver does not
perform sanity checks on the device’s state. An attacker could exploit this
flaw to cause a denial of service (NULL dereference) on the host.
(CVE-2015-8551)

Konrad Rzeszutek Wilk discovered the Xen PCI backend driver does not
perform sanity checks on the device’s state. An attacker could exploit this
flaw to cause a denial of service by flooding the logging system with
WARN() messages causing the initial domain to exhaust disk space.
(CVE-2015-8552)

Jann Horn discovered a ptrace issue with user namespaces in the Linux
kernel. The namespace owner could potentially exploit this flaw by ptracing
a root owned process entering the user namespace to elevate its privileges
and potentially gain access outside of the namespace.
(http://bugs.launchpad.net/bugs/1527374)

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 12.04 LTS:
linux-image-3.13.0-74-generic

3.13.0-74.118~precise1
linux-image-3.13.0-74-generic-lpae

3.13.0-74.118~precise1

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References

CVE-2015-8550,

CVE-2015-8551,

CVE-2015-8552,

CVE-2015-NNN2

Ubuntu

USN-2848-1: Linux kernel vulnerabilities

Ubuntu Security Notice USN-2848-1

19th December, 2015

linux vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

  • Ubuntu 14.04 LTS

Summary

Several security issues were fixed in the kernel.

Software description

  • linux
    – Linux kernel

Details

Felix Wilhelm discovered a race condition in the Xen paravirtualized
drivers which can cause double fetch vulnerabilities. An attacker in the
paravirtualized guest could exploit this flaw to cause a denial of service
(crash the host) or potentially execute arbitrary code on the host.
(CVE-2015-8550)

Konrad Rzeszutek Wilk discovered the Xen PCI backend driver does not
perform sanity checks on the device’s state. An attacker could exploit this
flaw to cause a denial of service (NULL dereference) on the host.
(CVE-2015-8551)

Konrad Rzeszutek Wilk discovered the Xen PCI backend driver does not
perform sanity checks on the device’s state. An attacker could exploit this
flaw to cause a denial of service by flooding the logging system with
WARN() messages causing the initial domain to exhaust disk space.
(CVE-2015-8552)

Jann Horn discovered a ptrace issue with user namespaces in the Linux
kernel. The namespace owner could potentially exploit this flaw by ptracing
a root owned process entering the user namespace to elevate its privileges
and potentially gain access outside of the namespace.
(http://bugs.launchpad.net/bugs/1527374)

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 14.04 LTS:
linux-image-3.13.0-74-powerpc64-emb

3.13.0-74.118
linux-image-3.13.0-74-lowlatency

3.13.0-74.118
linux-image-3.13.0-74-generic

3.13.0-74.118
linux-image-3.13.0-74-generic-lpae

3.13.0-74.118
linux-image-3.13.0-74-powerpc-e500mc

3.13.0-74.118
linux-image-3.13.0-74-powerpc-e500

3.13.0-74.118
linux-image-3.13.0-74-powerpc64-smp

3.13.0-74.118
linux-image-3.13.0-74-powerpc-smp

3.13.0-74.118

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References

CVE-2015-8550,

CVE-2015-8551,

CVE-2015-8552,

CVE-2015-NNN2

Ubuntu

USN-2849-1: Linux kernel (Utopic HWE) vulnerabilities

Ubuntu Security Notice USN-2849-1

19th December, 2015

linux-lts-utopic vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

  • Ubuntu 14.04 LTS

Summary

Several security issues were fixed in the kernel.

Software description

  • linux-lts-utopic
    – Linux hardware enablement kernel from Utopic

Details

Felix Wilhelm discovered a race condition in the Xen paravirtualized
drivers which can cause double fetch vulnerabilities. An attacker in the
paravirtualized guest could exploit this flaw to cause a denial of service
(crash the host) or potentially execute arbitrary code on the host.
(CVE-2015-8550)

Konrad Rzeszutek Wilk discovered the Xen PCI backend driver does not
perform sanity checks on the device’s state. An attacker could exploit this
flaw to cause a denial of service (NULL dereference) on the host.
(CVE-2015-8551)

Konrad Rzeszutek Wilk discovered the Xen PCI backend driver does not
perform sanity checks on the device’s state. An attacker could exploit this
flaw to cause a denial of service by flooding the logging system with
WARN() messages causing the initial domain to exhaust disk space.
(CVE-2015-8552)

Jann Horn discovered a ptrace issue with user namespaces in the Linux
kernel. The namespace owner could potentially exploit this flaw by ptracing
a root owned process entering the user namespace to elevate its privileges
and potentially gain access outside of the namespace.
(http://bugs.launchpad.net/bugs/1527374)

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 14.04 LTS:
linux-image-3.16.0-57-generic-lpae

3.16.0-57.77~14.04.1
linux-image-3.16.0-57-lowlatency

3.16.0-57.77~14.04.1
linux-image-3.16.0-57-powerpc-e500mc

3.16.0-57.77~14.04.1
linux-image-3.16.0-57-powerpc64-emb

3.16.0-57.77~14.04.1
linux-image-3.16.0-57-powerpc64-smp

3.16.0-57.77~14.04.1
linux-image-3.16.0-57-generic

3.16.0-57.77~14.04.1
linux-image-3.16.0-57-powerpc-smp

3.16.0-57.77~14.04.1

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References

CVE-2015-8550,

CVE-2015-8551,

CVE-2015-8552,

CVE-2015-NNN2

Ubuntu

USN-2850-1: Linux kernel vulnerabilities

Ubuntu Security Notice USN-2850-1

19th December, 2015

linux vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

  • Ubuntu 15.04

Summary

Several security issues were fixed in the kernel.

Software description

  • linux
    – Linux kernel

Details

Felix Wilhelm discovered a race condition in the Xen paravirtualized
drivers which can cause double fetch vulnerabilities. An attacker in the
paravirtualized guest could exploit this flaw to cause a denial of service
(crash the host) or potentially execute arbitrary code on the host.
(CVE-2015-8550)

Konrad Rzeszutek Wilk discovered the Xen PCI backend driver does not
perform sanity checks on the device’s state. An attacker could exploit this
flaw to cause a denial of service (NULL dereference) on the host.
(CVE-2015-8551)

Konrad Rzeszutek Wilk discovered the Xen PCI backend driver does not
perform sanity checks on the device’s state. An attacker could exploit this
flaw to cause a denial of service by flooding the logging system with
WARN() messages causing the initial domain to exhaust disk space.
(CVE-2015-8552)

Jann Horn discovered a ptrace issue with user namespaces in the Linux
kernel. The namespace owner could potentially exploit this flaw by ptracing
a root owned process entering the user namespace to elevate its privileges
and potentially gain access outside of the namespace.
(http://bugs.launchpad.net/bugs/1527374)

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 15.04:
linux-image-3.19.0-42-generic-lpae

3.19.0-42.48
linux-image-3.19.0-42-powerpc64-smp

3.19.0-42.48
linux-image-3.19.0-42-powerpc64-emb

3.19.0-42.48
linux-image-3.19.0-42-generic

3.19.0-42.48
linux-image-3.19.0-42-lowlatency

3.19.0-42.48
linux-image-3.19.0-42-powerpc-smp

3.19.0-42.48
linux-image-3.19.0-42-powerpc-e500mc

3.19.0-42.48

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References

CVE-2015-8550,

CVE-2015-8551,

CVE-2015-8552,

CVE-2015-NNN2