Debian Linux Security Advisory 3038-1 – Several vulnerabilities were discovered in Libvirt, a virtualisation abstraction library.
All posts by 007admin
Debian Security Advisory 3039-1
Debian Linux Security Advisory 3039-1 – Several vulnerabilities were discovered in the chromium web browser.
Slackware Security Advisory – mozilla-firefox Updates
Slackware Security Advisory – New mozilla-firefox packages are available for Slackware 14.1 and -current to fix security issues.
Ubuntu Security Notice USN-2365-1
Ubuntu Security Notice 2365-1 – Nicolas Ruff discovered that LibVNCServer incorrectly handled memory when being advertised large screen sizes by the server. If a user were tricked into connecting to a malicious server, an attacker could use this issue to cause a denial of service, or possibly execute arbitrary code. Nicolas Ruff discovered that LibVNCServer incorrectly handled large ClientCutText messages. A remote attacker could use this issue to cause a server to crash, resulting in a denial of service. Various other issues were also addressed.
Red Hat Security Advisory 2014-1318-01
Red Hat Security Advisory 2014-1318-01 – Red Hat Enterprise MRG is a next-generation IT infrastructure for enterprise computing. MRG offers increased performance, reliability, interoperability, and faster computing for enterprise customers. MRG Realtime provides the highest levels of predictability for consistent low-latency response times to meet the needs of time-sensitive workloads. MRG Realtime also provides new levels of determinism by optimizing lengthy kernel code paths to ensure that they do not become bottlenecks. This allows for better prioritization of applications, resulting in consistent, predictable response times for high-priority applications.
Red Hat Security Advisory 2014-1320-01
Red Hat Security Advisory 2014-1320-01 – Red Hat JBoss Enterprise Web Platform is a platform for Java applications, which integrates the JBoss Web Server with JBoss Hibernate and JBoss Seam. It was found that the fix for CVE-2012-5783 was incomplete: the code added to check that the server host name matches the domain name in a subject’s Common Name field in X.509 certificates was flawed. A man-in-the-middle attacker could use this flaw to spoof an SSL server using a specially crafted X.509 certificate. It was discovered that the HttpClient incorrectly extracted host name from an X.509 certificate subject’s Common Name field. A man-in-the-middle attacker could use this flaw to spoof an SSL server using a specially crafted X.509 certificate.
CVE-2014-4330
The Dumper method in Data::Dumper before 2.154, as used in Perl 5.20.1 and earlier, allows context-dependent attackers to cause a denial of service (stack consumption and crash) via an Array-Reference with many nested Array-References, which triggers a large number of recursive calls to the DD_dump function. (CVSS:2.1) (Last Update:2014-10-01)
DSA-3040 rsyslog – security update
Rainer Gerhards, the rsyslog project leader, reported a vulnerability in
Rsyslog, a system for log processing. As a consequence of this
vulnerability an attacker can send malformed messages to a server, if
this one accepts data from untrusted sources, and trigger a denial of
service attack.
Bacula-web 5.2.10 SQL Injection
Bacula-web version 5.2.10 suffers from a remote SQL injection vulnerability.
Apple Patches Shellshock Vulnerability in Bash for OS X
Apple released its patch for the Bash vulnerability, repairing versions of OS X vulnerable to Shellshock exploits.