Red Hat Security Advisory 2014-1365-01 – The kernel packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way the Linux kernel’s futex subsystem handled reference counting when requeuing futexes during futex_wait(). A local, unprivileged user could use this flaw to zero out the reference counter of an inode or an mm struct that backs up the memory area of the futex, which could lead to a use-after-free flaw, resulting in a system crash or, potentially, privilege escalation. The security impact of this issue was discovered by Mateusz Guzik of Red Hat.
All posts by 007admin
Oracle Patches Bash Vulnerabilities
Original release date: October 07, 2014
Oracle has released security updates to address bash vulnerabilities found across multiple products.
US-CERT recommends users and administrators review the Oracle Security Article for additional details, and apply updates as necessary.
This product is provided subject to this Notification and this Privacy & Use policy.
Nessus Web UI 2.3.3 Cross Site Scripting
Nessus Web UI version 2.3.3 suffers from a persistent cross site scripting vulnerability.
Google Releases Security Updates for Chrome and Chrome OS
Original release date: October 07, 2014
Google has released security updates to address multiple vulnerabilities in Chrome and Chrome OS, some of which could potentially allow an attacker to take control of the affected system or cause a denial of service condition.
Updates available include:
- Chrome 38.0.2125.101 for Windows, Mac and Linux
- Chrome 38.0.2125.59 for iPhone and iPad
- Chrome OS 38.0.2125.101 for all Chrome OS devices except Chromeboxes
Users and administrators are encouraged to review the Google Chrome blog entries 1, 2 and 3, and apply the necessary updates.
This product is provided subject to this Notification and this Privacy & Use policy.
Bugzilla Account Creation / XSS / Information Leak
Bugzilla Security Advisory – Bugzilla versions 2.23.3 to 4.0.14, 4.1.1 to 4.2.10, 4.3.1 to 4.4.5, and 4.5.1 to 4.5.5 suffer from unauthorized account creation, cross site scripting, and information leak vulnerabilities.
CPUMiner Stack Overflow
CPUMiner versions prior to 2.4.1 suffer from a stack overflow vulnerability.
CVE-2014-7204 (debian_linux, exuberant_ctags, mageia, ubuntu_linux)
jscript.c in Exuberant Ctags 5.8 allows remote attackers to cause a denial of service (infinite loop and CPU and disk consumption) via a crafted JavaScript file.
Arbor: DDoS Attacks Getting Bigger as Reflection Increases
New reflected distributed denial of service attack techniques are increasing the volume of each attack as well as the overall frequency of large-scale DDoS attacks.
Twitter Files Suit Over Government Restrictions on National Security Letter Data
Twitter has filed a lawsuit in federal court asking that the United States Department of Justice’s prohibitions on publishing the number and kind of government requests for data the company receives be declared unconstitutional. The suit claims that the rules infringe on Twitter’s right to free speech by requiring that the company “engage in speech […]
CEBA-2014:1363 CentOS 7 at BugFix Update
CentOS Errata and Bugfix Advisory 2014:1363 Upstream details at : https://rhn.redhat.com/errata/RHBA-2014-1363.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) x86_64: 9dd4644ca7404cf3dddad613977b02ee4bca3f003dffda38bd97573b496effd3 at-3.1.13-17.el7_0.1.x86_64.rpm 711dac18746220c0ba7c8636587734a8686e4ff1703219ef0e82df01fadf4ac2 at-sysvinit-3.1.13-17.el7_0.1.x86_64.rpm Source: c25678308970744e2bd12c5429ae263d2ee6af1b3ea158f6a3d9c65e74cb2d92 at-3.1.13-17.el7_0.1.src.rpm