Mandriva

[ MDVSA-2014:193 ] xerces-j2

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2014:193
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : xerces-j2
 Date    : October 1, 2014
 Affected: Business Server 1.0
 _______________________________________________________________________

 Problem Description:

 A resource consumption issue was found in the way Xerces-J handled
 XML declarations. A remote attacker could use an XML document with
 a specially crafted declaration using a long pseudo-attribute name
 that, when parsed by an application using Xerces-J, would cause that
 application to use an excessive amount of CPU (CVE-2013-4002).
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4002
 https://rhn.redhat.com/errata/RHSA-2014-1319.
Mandriva

[ MDVSA-2014:192 ] perl-Email-Address

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2014:192
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : perl-Email-Address
 Date    : October 1, 2014
 Affected: Business Server 1.0
 _______________________________________________________________________

 Problem Description:

 Updated perl-Email-Address package fixes security vulnerability:
 
 The parse function in Email::Address module before 1.905 for Perl
 uses an inefficient regular expression, which allows remote attackers
 to cause a denial of service (CPU consumption) via an empty quoted
 string in an RFC 2822 address (CVE-2014-0477).
 
 The Email::Address module before 1.904 for Perl uses an inefficient
 regular expression, which allows remote attackers to cause a denial
 of service (CPU consumption) via vectors related to backtrack
CentOS

CEBA-2014:1334 CentOS 7 xz FASTTRACK BugFix Update

CentOS Errata and Bugfix Advisory 2014:1334 

Upstream details at : https://rhn.redhat.com/errata/RHBA-2014-1334.html

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( sha256sum Filename ) 

x86_64:
a0079faa6e0cd1829fdd43da437d6673aa1e6f4f1310e8452c1f7cd7e29668e6  xz-5.1.2-9alpha.el7.x86_64.rpm
d4e97054a812beccffb9f5d81d8b05a9733dbcfd02708cf195deb49820595a6b  xz-compat-libs-5.1.2-9alpha.el7.i686.rpm
b455939a21d7df36de4666748e0b2f6f73ee77b99e9733d01f1a8c50ed58f79b  xz-compat-libs-5.1.2-9alpha.el7.x86_64.rpm
05dd562e539ede1cae01c7d936fd9d16f8047b021a951de42fef0109bbaf02b6  xz-devel-5.1.2-9alpha.el7.i686.rpm
9d040dba58abe0e5ef8789f7e55295ed835fff3bf5b32d03554e22e78fa77157  xz-devel-5.1.2-9alpha.el7.x86_64.rpm
83aebf197819eb248b5c2bbb96a61e511924e472360eb7dff6d39af740149ecb  xz-libs-5.1.2-9alpha.el7.i686.rpm
e778ea132c925e46d093c01ffbb37395d9f800da00b2a96973545b3edbe28352  xz-libs-5.1.2-9alpha.el7.x86_64.rpm
79be81ad52214b3a4ff33047c62330b8fce438adc1b819d9f45d77783034ea7c  xz-lzma-compat-5.1.2-9alpha.el7.x86_64.rpm

Source:
7865e0bfbe79a0df2504a4c2d35cc9dd1d546c952884cac149b5f2741bba4817  xz-5.1.2-9alpha.el7.src.rpm
ESET

Found an exploit in Chrome? You could have just earned $15,000

In a bid to improve the security of its Chrome browser, Google has announced that it is upping the ‘bounty’ paid to people who successfully find bugs and exploits hidden in the browser up to a maximum of $15,000. This is an impressive increase on the previous cap of $5,000, reports betanews.

The post Found an exploit in Chrome? You could have just earned $15,000 appeared first on We Live Security.

CentOS

CESA-2014:X011 Moderate kernel Xen4CentOSSecurity Update

CentOS Errata and Security Advisory 2014:X011 (Xen4CentOS)

The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )

-----------------------------
X86_64
-----------------------------

0ca23e081ddc488aa22b357fd2ad46b26526424f4613f5af7254bcbdcbcf1474 e1000e-2.5.4-3.10.55.2.el6.centos.alt.x86_64.rpm
2699989af4721eaef6615cda9fc3eaa92335e8e9f07bd635f50d0aa69ab6e7bf kernel-3.10.55-11.el6.centos.alt.x86_64.rpm
7339e016f40eb353feee27ff95ab9636f18b0a27087248da5e7bccd5d76dc69c kernel-devel-3.10.55-11.el6.centos.alt.x86_64.rpm
88759f4fa62f62469864d4c4c634903fe8731fb3e4ad93b0091b8aaad47c8493 kernel-doc-3.10.55-11.el6.centos.alt.noarch.rpm
fc3fcb15f42a98e7c20fc0ed71deaf44f289cebc6b4c69f8f216aad5860ee3d4 kernel-firmware-3.10.55-11.el6.centos.alt.noarch.rpm
f3719c6d0cbf6b9d2c28667de1ed5e067317d4835877c486cb10231c41af5b8c kernel-headers-3.10.55-11.el6.centos.alt.x86_64.rpm
a5f0586ce5ac4c26904ea21a3e5ffe166ca2014dfde0fbf940cdd3aa5f3c1fd6 perf-3.10.55-11.el6.centos.alt.x86_64.rpm

-----------------------------
Source:
-----------------------------

c6441ca87bfca69505b42b82d126e3b51db25361895e15215658fe15765bff13 e1000e-2.5.4-3.10.55.2.el6.centos.alt.src.rpm
fe4226dea73a76754332118ff7bca149f2303f7421dd3908b5e0d906eccb0b38 kernel-3.10.55-11.el6.centos.alt.src.rpm

=====================================================

Kernel Changelog info from the SPEC file:

* Fri Sep 24 2014 Johnny Hughes <johnny< at >centos.org> - 3.10.55-11
- upgraded to upstream 3.10.55


e1000e Changelog info from the SPEC file:

* Fri Sep 26 2014 Johnny Hughes <johnny< at >centos.org> - 2.5.4-3.10.55.2.el6.centos.alt
- build against version 3.10.55 kernel


=====================================================

The following kernel changelogs are available from kernel.org since the previous kernel:

https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.44
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.45
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.46
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.47
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.48
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.49
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.50
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.51
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.52
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.53
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.54
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.55

=====================================================

The following security issues are addressed in this update:

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0181
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0206
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3534 *
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3601
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-4014
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-4171
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-4508

* Applicable to s390 arch only, NA for x86_64

=====================================================

NOTE: You must run /usr/bin/grub-bootxen.sh to update the file
      /boot/grub/grub.conf (or you must update that file manually)
      to boot the new kernel on a dom0 xen machine.  See for info:
      http://wiki.centos.org/HowTos/Xen/Xen4QuickStart
 
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos at irc.freenode.net

Software and Security Information