Red Hat Enterprise Linux: Updated openstack-selinux and augeas packages that resolve one issue are now
available for Red Hat Enterprise Linux OpenStack Platform 4.0 (Havana).
Category Archives: Security
Security
RHBA-2014:1629-1: openstack-selinux bug fix advisory
Red Hat Enterprise Linux: Updated openstack-selinux packages that resolve one issue are now available for
Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 6.
RHBA-2014:1630-1: Red Hat OpenShift Enterprise 2.1 jenkins-plugin-openshift bug fix update
Red Hat Enterprise Linux: Updated jenkins-plugin-openshift and openshift-origin-cartridge-jenkins packages
that fix a bug are now available for Red Hat OpenShift Enterprise 2.1.
RHBA-2014:1631-1: Red Hat OpenShift Enterprise 2.1 php and libcgroup bug fix update
Red Hat Enterprise Linux: Updated php and libcgroup packages are now available for Red Hat OpenShift
Enterprise release 2.1. These packages are required to avoid dependency issues
with the base channel for Red Hat Enterprise Linux 6.6.
RHBA-2014:1374-1: libvirt bug fix and enhancement update
Red Hat Enterprise Linux: Updated libvirt packages that fix numerous bugs and add various enhancements are
now available for Red Hat Enterprise Linux 6.
RHBA-2014:1622-1: pki-core bug fix update
Red Hat Enterprise Linux: Updated pki-core packages that fix one bug are now available for Red Hat
Enterprise Linux 6.
Microsoft Releases October 2014 Security Bulletin
Original release date: October 14, 2014
Microsoft has released updates to address vulnerabilities in Windows, Office, Office Services and Web Apps, Developer Tools, .NET Framework, and Internet Explorer as part of the Microsoft Security Bulletin Summary for October 2014. These vulnerabilities could allow remote code execution, elevation of privilege, or security feature bypass.
US-CERT encourages users and administrators to review the bulletin and apply the necessary updates.
This product is provided subject to this Notification and this Privacy & Use policy.
Fwd: Re: CSP Bypass on Android prior to 4.4
Posted by Vitor Ventura on Oct 14
———- Mensagem encaminhada ———-
De: “Vitor Ventura” <ventura.vitor () gmail com>
Data: 14/10/2014 12:32
Assunto: Re: [FD] CSP Bypass on Android prior to 4.4
Para: “E Boogie” <evanjjohns () gmail com>
Cc:
Hello,
My testing was done on BQ aquaris 5 HD with android 4.2.1 using chrome.
It wasn’t vulnerable.
Regards
VV
Em 14/10/2014 00:12, “E Boogie” <evanjjohns () gmail com>…
Re: CVE-2014-2021 – vBulletin 5.x/4.x – persistent XSS in AdminCP/ApiLog via xmlrpc API (post-auth)
Posted by oststrom (public) on Oct 14
Hash: SHA1
CVE-2013-2021 – vBulletin 5.x/4.x – persistent XSS in AdminCP/ApiLog via
xmlrpc API (post-auth)
============================================================================
====================
Overview
——–
date : 10/12/2014
cvss : 4.6 (AV:N/AC:H/Au:S/C:P/I:P/A:P) base
cwe : 79
vendor : vBulletin Solutions
product : vBulletin 4
versions affected : latest 4.x and 5.x (to date);…
Re: CVE-2013-2021 – vBulletin 5.x/4.x – persistent XSS in AdminCP/ApiLog via xmlrpc API (post-auth)
Posted by Henri Salo on Oct 14
Can you confirm that this should be CVE-2014-2021 and not 2013 ID, thank you.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2021 says:
“pdf.c in ClamAV 0.97.1 through 0.97.7 allows remote attackers to cause a denial
of service (out-of-bounds-read) via a crafted length value in an encrypted PDF
file.”
—
Henri Salo