The MiWay Insurance Ltd (aka com.MiWay.MD) application 1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
Category Archives: Security
Security
CVE-2014-7029
The Bultmonster Registret (aka com.bultmonster.registret) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-7002
The Sopexa Pavillon France (aka com.goomeoevents.pavillonfrance) application 3.6.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-6969
The Deltin Suites (aka com.DeltinSuites) application 3.4.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
HP Security Bulletin HPSBMU03126
HP Security Bulletin HPSBMU03126 – Potential security vulnerabilities have been identified with HP Operations Manager (formerly OpenView Communications Broker). The vulnerabilities could be exploited resulting in remote cross-site scripting (XSS). Revision 1 of this advisory.
CESA-2014:1653 Moderate CentOS 5 openssl SecurityUpdate
CentOS Errata and Security Advisory 2014:1653 Moderate Upstream details at : https://rhn.redhat.com/errata/RHSA-2014-1653.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: 0c3787137a7d1a0402612833b173693910eb27f79e0c4f8cedf6185b4f7141f9 openssl-0.9.8e-31.el5_11.i386.rpm 5ef64e16dd1349a254a96e91cfdfdd6215fb9daa846360d2efff515bbb6a56b8 openssl-devel-0.9.8e-31.el5_11.i386.rpm b98e5df6d59eddee85d544ca35bf0b7ca469a4c7032138465189c4c7bc27e5e6 openssl-perl-0.9.8e-31.el5_11.i386.rpm x86_64: 85ee93123052e86fd4204694e3ac52fad6797b3f7009d8bce8e1f908bfed5352 openssl-0.9.8e-31.el5_11.x86_64.rpm 5ef64e16dd1349a254a96e91cfdfdd6215fb9daa846360d2efff515bbb6a56b8 openssl-devel-0.9.8e-31.el5_11.i386.rpm 11362d4d6755f5e33609a8adf6fbd0002f1343e72cd5e06ddbf2c8e99cf0d514 openssl-devel-0.9.8e-31.el5_11.x86_64.rpm 4aa6b35c036489a83a193ceb26fea4d1b5da93e7fddc08245fe59ffde0d7f509 openssl-perl-0.9.8e-31.el5_11.x86_64.rpm Source: 1741388be54beb7176f7b5d90a3ddd1be99e1fcd5296725f4999c446a30c35c5 openssl-0.9.8e-31.el5_11.src.rpm
RHBA-2014:1651-1: spacewalk-java bug fix update
RHN Satellite and Proxy: Updated spacewalk-java packages that fix one bug are now available for Red Hat
Satellite 5.6 and Red Hat Network Satellite 5.5.
RHEA-2014:1649-1: kpatch enhancement update
Red Hat Enterprise Linux: An updated kpatch package that adds two enhancements is now available for Red
Hat Enterprise Linux 7.
RHBA-2014:1650-1: rsync bug fix update
Red Hat Enterprise Linux: Updated rsync packages that fix one bug are now available for Red Hat Enterprise
Linux 5 Extended Update Support.
USN-2384-1: MySQL vulnerabilities
Ubuntu Security Notice USN-2384-1
15th October, 2014
mysql-5.5 vulnerabilities
A security issue affects these releases of Ubuntu and its
derivatives:
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
Summary
Several security issues were fixed in MySQL.
Software description
- mysql-5.5
– MySQL database
Details
Multiple security issues were discovered in MySQL and this update includes
a new upstream MySQL version to fix these issues. MySQL has been updated to
5.5.40.
In addition to security fixes, the updated packages contain bug fixes,
new features, and possibly incompatible changes.
Please see the following for more information:
http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-39.html
http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-40.html
http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html
Update instructions
The problem can be corrected by updating your system to the following
package version:
- Ubuntu 14.04 LTS:
-
mysql-server-5.5
5.5.40-0ubuntu0.14.04.1
- Ubuntu 12.04 LTS:
-
mysql-server-5.5
5.5.40-0ubuntu0.12.04.1
To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.
In general, a standard system update will make all the necessary changes.