Ubuntu Security Notice 2366-1 – Daniel P. Berrange and Richard Jones discovered that libvirt incorrectly handled XML documents containing XML external entity declarations. An attacker could use this issue to cause libvirtd to crash, resulting in a denial of service on all affected releases, or possibly read arbitrary files if fine grained access control was enabled on Ubuntu 14.04 LTS. Luyao Huang discovered that libvirt incorrectly handled certain blkiotune queries. An attacker could use this issue to cause libvirtd to crash, resulting in a denial of service. This issue only applied to Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. Various other issues were also addressed.
Category Archives: Security
Security
Adobe Flash 14.0.0.145 copyPixelsToByteArray() Heap Overflow
Adobe Flash version 14.0.0.145 copyPixelsToByteArray() heap overflow proof of concept exploit.
Google Ups Chrome Bug Bounty, Offers More Money For Exploits
Google is again increasing the amount of money it offers to researchers who report vulnerabilities in Chrome as part of the company’s bug bounty program. Now, researchers will be able to earn $15,000 at the high end of the scale, and Google also is offering more cash for researchers who can submit a working exploit for […]
CEBA-2014:1332 CentOS 7 pacemaker BugFix Update
CentOS Errata and Bugfix Advisory 2014:1332 Upstream details at : https://rhn.redhat.com/errata/RHBA-2014-1332.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) x86_64: c3558fc340a9913cc5e0dadd901fac00c9a1db5f45ea4099254cdcaef81bfd98 pacemaker-1.1.10-32.el7_0.1.x86_64.rpm 71c8c1cc78390bb0289c19e91cff5b34a1b2c7d06fb9e2d53286babcdb715d0d pacemaker-cli-1.1.10-32.el7_0.1.x86_64.rpm 3e0cd2632f0b727fe78b41b22069bd123eb296295de2bc3852f66496f45d59dd pacemaker-cluster-libs-1.1.10-32.el7_0.1.i686.rpm 716a3b02478163810c12d11d3736caa1f84bfc03e9e044774575383429670e9f pacemaker-cluster-libs-1.1.10-32.el7_0.1.x86_64.rpm 457a234f5c012826a9b17592f1403b84a51f25fb6f6cd7a31d5140fcf560b47d pacemaker-cts-1.1.10-32.el7_0.1.x86_64.rpm a97438a0f2932331db905b92965c4a5a6aa703a99d6ca039f4870284a1ece4ff pacemaker-doc-1.1.10-32.el7_0.1.x86_64.rpm 5e37d7c34ac6282085e6f5c8467b5a64a4dd430f5e509047763f67f30cdee804 pacemaker-libs-1.1.10-32.el7_0.1.i686.rpm 50b7ab48041c9c46a9cc16a22b245e01231ca911ef9ea1ef50b808136db35cd7 pacemaker-libs-1.1.10-32.el7_0.1.x86_64.rpm 92a2d70dc52e31375e72397967ed68417d9b90d0c97a1e5a31e225bd325dd47f pacemaker-libs-devel-1.1.10-32.el7_0.1.i686.rpm ff4dfd9b2d602b731fc83343303d3432d071dccbe052a4961a07873b22ce0cec pacemaker-libs-devel-1.1.10-32.el7_0.1.x86_64.rpm c22f54d558d61546e01cf6f4456e9348491ca3f6d0dd702c9fa7aa7f868aedc2 pacemaker-remote-1.1.10-32.el7_0.1.x86_64.rpm Source: 36b2baccba41eb4c355c39413fef599d79ab19abf0a0ab1370f819bd2e3a77dd pacemaker-1.1.10-32.el7_0.1.src.rpm
CEBA-2014:1333 CentOS 6 net-snmp BugFix Update
CentOS Errata and Bugfix Advisory 2014:1333 Upstream details at : https://rhn.redhat.com/errata/RHBA-2014-1333.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: 5e7db7a0d97c9aa5f6533b661bcd81aec5f16cb494eae49b0eee0e3d41a68bbb net-snmp-5.5-49.el6_5.4.i686.rpm 457194e11f448eb91030b0e169fc004f44cc9fe3f7e4c0b13ff7f6bd74527348 net-snmp-devel-5.5-49.el6_5.4.i686.rpm 9e90ad52b6428e440374a700daf3f0b6d3a688ee46e9063a0bec69935bbd1c3a net-snmp-libs-5.5-49.el6_5.4.i686.rpm 3e7e783931cb248a3b2f08f6bec137700b90a6e0f82b6ca038bf8d4b1d3ec2cb net-snmp-perl-5.5-49.el6_5.4.i686.rpm de6b0608818158c09b29a2173a9a23e1411e6950572032680ead1cdeb270b1dd net-snmp-python-5.5-49.el6_5.4.i686.rpm 534273784522f5a348e256e8f5dd5cda65bd8a40ec9a766b2f7ee457f5cc5b6f net-snmp-utils-5.5-49.el6_5.4.i686.rpm x86_64: 876f52854a8daad8c0113c1b9457c45aeeac3b6a34b4eeb15f709d74a7b11563 net-snmp-5.5-49.el6_5.4.x86_64.rpm 457194e11f448eb91030b0e169fc004f44cc9fe3f7e4c0b13ff7f6bd74527348 net-snmp-devel-5.5-49.el6_5.4.i686.rpm 45dc91f41fbe5cd1892f8e0b7996c0ce873742f55f366c2d6499bc3f7aaf3da9 net-snmp-devel-5.5-49.el6_5.4.x86_64.rpm 9e90ad52b6428e440374a700daf3f0b6d3a688ee46e9063a0bec69935bbd1c3a net-snmp-libs-5.5-49.el6_5.4.i686.rpm f5af47e7f893ef52783a6b3a314ec7aa90bbe8cae8eb827fb7fa71d0339d88c1 net-snmp-libs-5.5-49.el6_5.4.x86_64.rpm 6f5484e6af936b22fd6bfa850ddbae72108a9f183f506063afc54787cc1e892a net-snmp-perl-5.5-49.el6_5.4.x86_64.rpm 9a59df5f7949cff8ca1eb72b3076b59ec183e38015b3af1ebcabb30d6edeafba net-snmp-python-5.5-49.el6_5.4.x86_64.rpm 3b463cce99dba750a2614a7f8592abe97d8f5f4f55eed3537a158a6cbbdcb657 net-snmp-utils-5.5-49.el6_5.4.x86_64.rpm Source: 41f222d6c934a9de1d8427277e87bf574728094befc6df38a89726ebba2547e4 net-snmp-5.5-49.el6_5.4.src.rpm
OpenVPN Vulnerable to Shellshock Bash Vulnerability
OpenVPN was found to be vulnerable to the Shellshock vulnerability in Bash as well. Fredrik Stromberg of Mullvad said the vulnerability is dangerous because it’s pre-authentication in OpenVPN.
Slackware Security Advisory – bash Updates
Slackware Security Advisory – New bash packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix a security issue.
Slackware Security Advisory – seamonkey Updates
Slackware Security Advisory – New seamonkey packages are available for Slackware 14.0, 14.1, and -current to fix security issues.
Slackware Security Advisory – mozilla-thunderbird Updates
Slackware Security Advisory – New mozilla-thunderbird packages are available for Slackware 14.1 and -current to fix security issues.
Red Hat Security Advisory 2014-1327-01
Red Hat Security Advisory 2014-1327-01 – PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. PHP’s fileinfo module provides functions used to identify a particular file according to the type of data contained by the file. A buffer overflow flaw was found in the way the File Information extension processed certain Pascal strings. A remote attacker able to make a PHP application using fileinfo convert a specially crafted Pascal string provided by an image file could cause that application to crash. Multiple flaws were found in the File Information extension regular expression rules for detecting various files. A remote attacker could use either of these flaws to cause a PHP application using fileinfo to consume an excessive amount of CPU.