Red Hat Security Advisory 2014-1339-01 - OpenStack Networking is a pluggable, scalable, and API-driven system that provisions networking services to virtual machines. Its main function is to manage connectivity to and from virtual machines. As of Red Hat Enterprise Linux OpenStack Platform 4.0, 'neutron' replaces 'quantum' as the core component of OpenStack Networking. It was discovered that the openstack-neutron package in Red Hat Enterprise Linux Open Stack Platform 5.0 for Red Hat Enterprise Linux 6 was released with a sudoers file containing a configuration error. This error caused OpenStack Networking to be vulnerable to the CVE-2013-6433 issue.
bff2f168207f16748a9471e409d1309c41d63ced215838936fe0a973dc0a5b32Red Hat Security Advisory 2014-1338-01 - OpenStack Image service provides discovery, registration, and delivery services for disk and server images. It provides the ability to copy or snapshot a server image, and immediately store it away. Stored images can be used as a template to get new servers up and running quickly and more consistently than installing a server operating system and individually configuring additional services. It was discovered that the image_size_cap configuration option in glance was not honored. An authenticated user could use this flaw to upload an image to glance and consume all available storage space, resulting in a denial of service.
f177fb1c8e6430ce1a57ea004a7e4940022f0075aa05c108ce92e8f63be8418aRed Hat Security Advisory 2014-1337-01 - OpenStack Image service provides discovery, registration, and delivery services for disk and server images. It provides the ability to copy or snapshot a server image, and immediately store it away. Stored images can be used as a template to get new servers up and running quickly and more consistently than installing a server operating system and individually configuring additional services. It was discovered that the image_size_cap configuration option in glance was not honored. An authenticated user could use this flaw to upload an image to glance and consume all available storage space, resulting in a denial of service.
d0852ef434c7e2862d722a5b793ea19f253b9c1b248cfef89282acc344965e2eRed Hat Security Advisory 2014-1340-01 - In accordance with the Red Hat Enterprise Linux Errata Support Policy, Extended Update Support for Red Hat Enterprise Linux 5.9 will be retired as of March 31, 2015, and support will no longer be provided. Accordingly, Red Hat will no longer provide updated packages, including Critical impact security patches or urgent priority bug fixes, for Red Hat Enterprise Linux 5.9 EUS after March 31, 2015. In addition, technical support through Red Hat's Global Support Services will no longer be provided after this date. We encourage customers to plan their migration from Red Hat Enterprise Linux 5.9 to a more recent version of Red Hat Enterprise Linux. As a benefit of the Red Hat subscription model, customers can use their active subscriptions to entitle any system on any currently supported Red Hat Enterprise Linux release.
5b12f7a290ae0e7660690f81388f22031352628e1ef9d543f14d44d9b7ccba9fRed Hat Security Advisory 2014-1335-01 - OpenStack Dashboard provides administrators and users a graphical interface to access, provision and automate cloud-based resources. The dashboard allows cloud administrators to get an overall view of the size and state of the cloud and it provides end-users a self-service portal to provision their own resources within the limits set by administrators. A persistent cross-site scripting flaw was found in the horizon host aggregate interface. A user with sufficient privileges to add a host aggregate could potentially use this flaw to capture the credentials of another user.
a575bb471a1906d5d85b6e187c16d39615daade3d959d131ea5d7f03ef1d6817Red Hat Security Advisory 2014-1336-01 - OpenStack Dashboard provides administrators and users a graphical interface to access, provision and automate cloud-based resources. The dashboard allows cloud administrators to get an overall view of the size and state of the cloud and it provides end-users a self-service portal to provision their own resources within the limits set by administrators. A persistent cross-site scripting flaw was found in the horizon host aggregate interface. A user with sufficient privileges to add a host aggregate could potentially use this flaw to capture the credentials of another user.
1271e2967ba63c6cc6c8f8bd1e589f316acff78246e6cbd79b866aad9c595c1dUbuntu Security Notice 2366-1 - Daniel P. Berrange and Richard Jones discovered that libvirt incorrectly handled XML documents containing XML external entity declarations. An attacker could use this issue to cause libvirtd to crash, resulting in a denial of service on all affected releases, or possibly read arbitrary files if fine grained access control was enabled on Ubuntu 14.04 LTS. Luyao Huang discovered that libvirt incorrectly handled certain blkiotune queries. An attacker could use this issue to cause libvirtd to crash, resulting in a denial of service. This issue only applied to Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. Various other issues were also addressed.
02dbf1264d90f9aa14f459ed2d1774ac83a6b77b75e361cb24f526417195c704Adobe Flash version 14.0.0.145 copyPixelsToByteArray() heap overflow proof of concept exploit.
166a57b3405bb750c323b5344a65f63fcd9ab165a71edf5188ec594b3a88fa98Slackware Security Advisory - New bash packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix a security issue.
be6f6a9e5104d41f7402944c82e83177992bfeb1f8b70d5018ff4ca22b9460e4Slackware Security Advisory - New seamonkey packages are available for Slackware 14.0, 14.1, and -current to fix security issues.
cf51b50e9624204660d6c978242197701c4ef1a44063f4b6d5d6347fe405215eSlackware Security Advisory - New mozilla-thunderbird packages are available for Slackware 14.1 and -current to fix security issues.
d4caf9f0e8a25e45e20d1cec68f49e8eebddab6521b4c5d08d00b90998dda089Red Hat Security Advisory 2014-1327-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. PHP's fileinfo module provides functions used to identify a particular file according to the type of data contained by the file. A buffer overflow flaw was found in the way the File Information extension processed certain Pascal strings. A remote attacker able to make a PHP application using fileinfo convert a specially crafted Pascal string provided by an image file could cause that application to crash. Multiple flaws were found in the File Information extension regular expression rules for detecting various files. A remote attacker could use either of these flaws to cause a PHP application using fileinfo to consume an excessive amount of CPU.
6a71101f9027da35ad2d54fca7f225499970b35424f7287f9634bd7f550538a2Mandriva Linux Security Advisory 2014-191 - The mkxmltype and mkdtskel scripts provided in perl-XML-DT allow local users to overwrite arbitrary files via a symlink attack on a /tmp/_xml_##### temporary file.
1cf9c6f1fe3daede8b43bab97142f9d19a3b4444639c60766d3b82d501a4862dRed Hat Security Advisory 2014-1326-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. PHP's fileinfo module provides functions used to identify a particular file according to the type of data contained by the file. It was found that the fix for CVE-2012-1571 was incomplete; the File Information extension did not correctly parse certain Composite Document Format files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted CDF file. A NULL pointer dereference flaw was found in the gdImageCreateFromXpm() function of PHP's gd extension. A remote attacker could use this flaw to crash a PHP application using gd via a specially crafted X PixMap file.
5c6f1e4eaec50602108e7360a8250b3b39234096dade279768f0a35c5149024dPayPal's Service Manager allows for malicious script insertion into emails.
32c3aa2d32434412f3ba18de975e91934321b06699145ab95fd13bb62b1133cfPayPal's Bill Later finance marketing site suffered from a cross site scripting vulnerability.
2b0d6091a34a9d8ef2eac452a58ceb133de6b66079bc93dab4ae7d302dbdb150WordPress All In One Security and Firewall plugin version 3.8.3 suffers from multiple cross site scripting vulnerabilities.
db783d9eb3082219bd9f83769b870c5ad53985269cc356b78213878cfeeb2f14WordPress Refraction theme suffers from cross site scripting, path disclosure, and content spoofing vulnerabilities.
c816398f2c96c3e445f7ab98c1fcf691ac315402025d625f6886a12e52cce0b7Moab suffers from an insecure message signing authentication bypass vulnerability. All versions up to 8 can be affected depending on the configuration.
85a019a8c4de29f5f84586a14f07c354e859db1b6a19ccec9cbb5d70e45cbceaMoab versions prior to 7.2.9 and 8 suffer from a user impersonation vulnerability.
06269ab2431aa1292e9d181643ace50442b15f7c22b2ca8e0be470c5e444f592Moab versions prior to 7.2.9 and 8 suffer from a dynamic reconfiguration authentication bypass issue that allows for remote code execution.
1d947c3d312bda1ccebc5c7622d54bcdfee0aa44575fcd3b9fa4410d0c6e6878IPFire versions 2.15 and below core 82 authenticated CGI remote command injection exploit that leverages the bash vulnerability.
012683f158b1fbd6670d51a9c56bc769954678884f249efc8a122651350705c8This Metasploit module exploits a stack buffer overflow in HP Network Node Manager I (NNMi). The vulnerability exists in the pmd service, due to the insecure usage of functions like strcpy and strcat while handling stack_option packets with user controlled data. In order to bypass ASLR this module uses a proto_tbl packet to leak an libov pointer from the stack and finally build the rop chain to avoid NX.
ed8dcf6077fc962dee63928b9374f08f765d9613b6097985fa09b44f33f8d338Debian Linux Security Advisory 3038-1 - Several vulnerabilities were discovered in Libvirt, a virtualisation abstraction library.
1a4a88bcc37a4dfcaefe8151a6a76a58d64abfb087ff4bbc6d0d4dbe95432653Debian Linux Security Advisory 3037-1 - Antoine Delignat-Lavaud from Inria discovered an issue in the way NSS (the Mozilla Network Security Service library, embedded in Wheezy's Icedove), was parsing ASN.1 data used in signatures, making it vulnerable to a signature forgery attack.
4acb09686b97b7299d7b15ee86526511323b29697f34fc6d95d0c6d451ac0093
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed