Red Hat Enterprise Linux: Updated cfme packages that fix a security issue, several bugs,
and add various enhancements are now available for Red Hat
CloudForms 3.2.
Red Hat Product Security has rated this update as having Moderate
Security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.
CVE-2015-7502
Red Hat Enterprise Linux: Updated udev packages that fix two bugs are now available for Red Hat Enterprise
Linux 6.
Red Hat Enterprise Linux: Updated nodejs010 packages that fix one bug are now available for Red Hat
Software Collections.
16th December, 2015
A security issue affects these releases of Ubuntu and its
derivatives:
cups-filters could be made to run programs as the lp user if it processed a
specially crafted print job.
Adam Chester discovered that the cups-filters foomatic-rip filter
incorrectly stripped shell escape characters. A remote attacker could
possibly use this issue to execute arbitrary code as the lp user.
The problem can be corrected by updating your system to the following
package version:
To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.
In general, a standard system update will make all the necessary changes.
16th December, 2015
A security issue affects these releases of Ubuntu and its
derivatives:
foomatic-filters could be made to run programs as the lp user if it
processed a specially crafted print job.
Adam Chester discovered that the foomatic-filters foomatic-rip filter
incorrectly stripped shell escape characters. A remote attacker could
possibly use this issue to execute arbitrary code as the lp user.
The problem can be corrected by updating your system to the following
package version:
To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.
In general, a standard system update will make all the necessary changes.
16th December, 2015
A security issue affects these releases of Ubuntu and its
derivatives:
A security improvement has been made to CUPS.
As a security improvement against the POODLE attack, this update disables
SSLv3 support in the CUPS web interface.
For legacy environments where SSLv3 support is still required, it can be
re-enabled by adding “SSLOptions AllowSSL3” to /etc/cups/cupsd.conf.
The problem can be corrected by updating your system to the following
package version:
To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.
In general, a standard system update will make all the necessary changes.
CentOS Errata and Security Advisory 2015:2657 Critical Upstream details at : https://rhn.redhat.com/errata/RHSA-2015-2657.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: d878f9f3704a32b0f6a32031a6d2753fb71e62fa5cdb2946fba1387b83839713 firefox-38.5.0-2.el6.centos.i686.rpm x86_64: d878f9f3704a32b0f6a32031a6d2753fb71e62fa5cdb2946fba1387b83839713 firefox-38.5.0-2.el6.centos.i686.rpm ad885533c10648ffd203624dd51f6d066e4de23ece34439ed12b903b6e34a78c firefox-38.5.0-2.el6.centos.x86_64.rpm Source: 303db0ec83d7a6ea8fc31b43075a12c87a46f1dea5d7a63b99645a9d6876bc02 firefox-38.5.0-2.el6.centos.src.rpm
Red Hat JBoss Enterprise Application Platform (EAP) before 6.4.5 does not properly authorize access to shut down the server, which allows remote authenticated users with the Monitor, Deployer, or Auditor role to cause a denial of service via unspecified vectors.
Directory traversal vulnerability in the bitrix.xscan module before 1.0.4 for Bitrix allows remote authenticated users to rename arbitrary files, and consequently obtain sensitive information or cause a denial of service, via a .. (dot dot) in the file parameter to admin/bitrix.xscan_worker.php.
Directory traversal vulnerability in the bitrix.mpbuilder module before 1.0.12 for Bitrix allows remote administrators to include and execute arbitrary local files via a .. (dot dot) in the element name of the “work” array parameter to admin/bitrix.mpbuilder_step2.php.