| ID: MITRE:28571 |
Title: SUSE-SU-2014:1650-1 -- Security update for flash-player |
Type: Software |
Bulletins:
MITRE:28571 |
Severity: Low |
| Description: This flash-player security update fixes the following issues: * Security update to 11.2.202.425 (bnc#909219): o APSB14-27, CVE-2014-0580, CVE-2014-0587, CVE-2014-8443, CVE-2014-9162, CVE-2014-9163, CVE-2014-9164 Security Issues: * CVE-2014-0580 | ||||
| Applies to: flash-player |
Created: 2014-12-30 |
Updated: 2015-02-23 |
||
| ID: MITRE:28176 |
Title: SUSE-SU-2014:1623-1 -- Security update for pidgin |
Type: Software |
Bulletins:
MITRE:28176 |
Severity: Low |
| Description: This pidgin update fixes the following security issues: * bnc#902408: remote information leak via crafted XMPP message (CVE-2014-3698) * bnc#902410: denial of service parsing Groupwise server message (CVE-2014-3696) * bnc#902409: crash in MXit protocol plug-in (CVE-2014-3695) Security Issues: * CVE-2014-3698 | ||||
| Applies to: pidgin |
Created: 2014-12-30 |
Updated: 2015-02-23 |
||
| ID: MITRE:28044 |
Title: SUSE-SU-2014:1557-2 -- Security update for compat-openssl097g |
Type: Software |
Bulletins:
MITRE:28044 |
Severity: Low |
| Description: The SLES 9 compatibility package compat-openssl097g received a roll up update fixing various security issues: * Build option no-ssl3 is incomplete (CVE-2014-3568) * Add support for TLS_FALLBACK_SCSV (CVE-2014-3566) * Information leak in pretty printing functions (CVE-2014-3508) * OCSP bad key DoS attack (CVE-2013-0166) * SSL/TLS CBC plaintext recovery attack (CVE-2013-0169) * Anonymous ECDH denial of service (CVE-2014-3470) * SSL/TLS MITM vulnerability (CVE-2014-0224) Security Issues: * CVE-2013-0166 | ||||
| Applies to: compat-openssl097g |
Created: 2014-12-30 |
Updated: 2015-02-23 |
||
| ID: MITRE:28499 |
Title: SUSE-SU-2014:1545-1 -- Security update for flash-player |
Type: Software |
Bulletins:
MITRE:28499 |
Severity: Low |
| Description: The following vulnerability is fixed with this update: * bnc#907257 hardening against a remote code execution flaw (APSB14-26) Security Issues: * CVE-2014-8439 | ||||
| Applies to: flash-player |
Created: 2014-12-30 |
Updated: 2015-02-23 |
||
| ID: MITRE:28460 |
Title: RHSA-2014:2025 -- ntp security update |
Type: Miscellaneous |
Bulletins:
MITRE:28460 |
Severity: Low |
| Description: The Network Time Protocol (NTP) is used to synchronize a computer's time with a referenced time source. Multiple buffer overflow flaws were discovered in ntpd's crypto_recv(), ctl_putdata(), and configure() functions. A remote attacker could use either of these flaws to send a specially crafted request packet that could crash ntpd or, potentially, execute arbitrary code with the privileges of the ntp user. Note: the crypto_recv() flaw requires non-default configurations to be active, while the ctl_putdata() flaw, by default, can only be exploited via local attackers, and the configure() flaw requires additional authentication to exploit. (CVE-2014-9295) It was found that ntpd automatically generated weak keys for its internal use if no ntpdc request authentication key was specified in the ntp.conf configuration file. A remote attacker able to match the configured IP restrictions could guess the generated key, and possibly use it to send ntpdc query or configuration requests. (CVE-2014-9293) It was found that ntp-keygen used a weak method for generating MD5 keys. This could possibly allow an attacker to guess generated MD5 keys that could then be used to spoof an NTP client or server. Note: it is recommended to regenerate any MD5 keys that had explicitly been generated with ntp-keygen; the default installation does not contain such keys). (CVE-2014-9294) All ntp users are advised to upgrade to this updated package, which contains backported patches to resolve these issues. After installing the update, the ntpd daemon will restart automatically. | ||||
| Applies to: ntp |
Created: 2014-12-30 |
Updated: 2015-03-16 |
||
| ID: MITRE:28483 |
Title: RHSA-2014:2024 -- ntp security update |
Type: Miscellaneous |
Bulletins:
MITRE:28483 |
Severity: Low |
| Description: The Network Time Protocol (NTP) is used to synchronize a computer's time with a referenced time source. Multiple buffer overflow flaws were discovered in ntpd's crypto_recv(), ctl_putdata(), and configure() functions. A remote attacker could use either of these flaws to send a specially crafted request packet that could crash ntpd or, potentially, execute arbitrary code with the privileges of the ntp user. Note: the crypto_recv() flaw requires non-default configurations to be active, while the ctl_putdata() flaw, by default, can only be exploited via local attackers, and the configure() flaw requires additional authentication to exploit. (CVE-2014-9295) It was found that ntpd automatically generated weak keys for its internal use if no ntpdc request authentication key was specified in the ntp.conf configuration file. A remote attacker able to match the configured IP restrictions could guess the generated key, and possibly use it to send ntpdc query or configuration requests. (CVE-2014-9293) It was found that ntp-keygen used a weak method for generating MD5 keys. This could possibly allow an attacker to guess generated MD5 keys that could then be used to spoof an NTP client or server. Note: it is recommended to regenerate any MD5 keys that had explicitly been generated with ntp-keygen; the default installation does not contain such keys). (CVE-2014-9294) A missing return statement in the receive() function could potentially allow a remote attacker to bypass NTP's authentication mechanism. (CVE-2014-9296) All ntp users are advised to upgrade to this updated package, which contains backported patches to resolve these issues. After installing the update, the ntpd daemon will restart automatically. | ||||
| Applies to: ntp |
Created: 2014-12-30 |
Updated: 2015-04-13 |
||
| ID: MITRE:28439 |
Title: RHSA-2014:2023 -- glibc security and bug fix update |
Type: Miscellaneous |
Bulletins:
MITRE:28439 |
Severity: Low |
| Description: The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the Name Server Caching Daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. It was found that the wordexp() function would perform command substitution even when the WRDE_NOCMD flag was specified. An attacker able to provide specially crafted input to an application using the wordexp() function, and not sanitizing the input correctly, could potentially use this flaw to execute arbitrary commands with the credentials of the user running that application. (CVE-2014-7817) This issue was discovered by Tim Waugh of the Red Hat Developer Experience Team. This update also fixes the following bug: * Prior to this update, if a file stream that was opened in append mode and its underlying file descriptor were used at the same time and the file was truncated using the ftruncate() function on the file descriptor, a subsequent ftell() call on the stream incorrectly modified the file offset by seeking to the new end of the file. This update ensures that ftell() modifies the state of the file stream only when it is in append mode and its buffer is not empty. As a result, the described incorrect changes to the file offset no longer occur. (BZ#1170187) All glibc users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. | ||||
| Applies to: glibc |
Created: 2014-12-30 |
Updated: 2015-02-23 |
||
| ID: MITRE:28532 |
Title: RHSA-2014:2021 -- jasper security update |
Type: Miscellaneous |
Bulletins:
MITRE:28532 |
Severity: Low |
| Description: JasPer is an implementation of Part 1 of the JPEG 2000 image compression standard. Multiple off-by-one flaws, leading to heap-based buffer overflows, were found in the way JasPer decoded JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash or, possibly, execute arbitrary code. (CVE-2014-9029) A heap-based buffer overflow flaw was found in the way JasPer decoded JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash or, possibly, execute arbitrary code. (CVE-2014-8138) A double free flaw was found in the way JasPer parsed ICC color profiles in JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash or, possibly, execute arbitrary code. (CVE-2014-8137) Red Hat would like to thank oCERT for reporting these issues. oCERT acknowledges Jose Duart of the Google Security Team as the original reporter. All JasPer users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. All applications using the JasPer libraries must be restarted for the update to take effect. | ||||
| Applies to: jasper |
Created: 2014-12-30 |
Updated: 2015-02-23 |
||
| ID: MITRE:28630 |
Title: RHSA-2014:2010 -- kernel security update |
Type: Software |
Bulletins:
MITRE:28630 |
Severity: Low |
| Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. * A flaw was found in the way the Linux kernel handled GS segment register base switching when recovering from a #SS (stack segment) fault on an erroneous return to user space. A local, unprivileged user could use this flaw to escalate their privileges on the system. (CVE-2014-9322, Important) Red Hat would like to thank Andy Lutomirski for reporting this issue. All kernel users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. The system must be rebooted for this update to take effect. | ||||
| Applies to: kernel |
Created: 2014-12-30 |
Updated: 2015-02-23 |
||
| ID: MITRE:28453 |
Title: RHSA-2014:2008 -- kernel security update |
Type: Software |
Bulletins:
MITRE:28453 |
Severity: Low |
| Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. * A flaw was found in the way the Linux kernel handled GS segment register base switching when recovering from a #SS (stack segment) fault on an erroneous return to user space. A local, unprivileged user could use this flaw to escalate their privileges on the system. (CVE-2014-9322, Important) Red Hat would like to thank Andy Lutomirski for reporting this issue. All kernel users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. The system must be rebooted for this update to take effect. | ||||
| Applies to: kernel |
Created: 2014-12-30 |
Updated: 2015-02-23 |
||
| ID: MITRE:28385 |
Title: RHSA-2014:1999 -- mailx security update |
Type: Software |
Bulletins:
MITRE:28385 |
Severity: Low |
| Description: The mailx packages contain a mail user agent that is used to manage mail using scripts. A flaw was found in the way mailx handled the parsing of email addresses. A syntactically valid email address could allow a local attacker to cause mailx to execute arbitrary shell commands through shell meta-characters and the direct command execution functionality. (CVE-2004-2771, CVE-2014-7844) Note: Applications using mailx to send email to addresses obtained from untrusted sources will still remain vulnerable to other attacks if they accept email addresses which start with "-" (so that they can be confused with mailx options). To counteract this issue, this update also introduces the "--" option, which will treat the remaining command line arguments as email addresses. All mailx users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. | ||||
| Applies to: mailx |
Created: 2014-12-30 |
Updated: 2015-02-23 |
||
| ID: MITRE:27703 |
Title: RHSA-2014:1997 -- kernel security and bug fix update |
Type: Software |
Bulletins:
MITRE:27703 |
Severity: Low |
| Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. * A flaw was found in the way the Linux kernel handled GS segment register base switching when recovering from a #SS (stack segment) fault on an erroneous return to user space. A local, unprivileged user could use this flaw to escalate their privileges on the system. (CVE-2014-9322, Important) * A flaw was found in the way the Linux kernel's SCTP implementation handled malformed or duplicate Address Configuration Change Chunks (ASCONF). A remote attacker could use either of these flaws to crash the system. (CVE-2014-3673, CVE-2014-3687, Important) * A flaw was found in the way the Linux kernel's SCTP implementation handled the association's output queue. A remote attacker could send specially crafted packets that would cause the system to use an excessive amount of memory, leading to a denial of service. (CVE-2014-3688, Important) * A stack overflow flaw caused by infinite recursion was found in the way the Linux kernel's UDF file system implementation processed indirect ICBs. An attacker with physical access to the system could use a specially crafted UDF image to crash the system. (CVE-2014-6410, Low) * It was found that the Linux kernel's networking implementation did not correctly handle the setting of the keepalive socket option on raw sockets. A local user able to create a raw socket could use this flaw to crash the system. (CVE-2012-6657, Low) * It was found that the parse_rock_ridge_inode_internal() function of the Linux kernel's ISOFS implementation did not correctly check relocated directories when processing Rock Ridge child link (CL) tags. An attacker with physical access to the system could use a specially crafted ISO image to crash the system or, potentially, escalate their privileges on the system. (CVE-2014-5471, CVE-2014-5472, Low) Red Hat would like to thank Andy Lutomirski for reporting CVE-2014-9322. The CVE-2014-3673 issue was discovered by Liu Wei of Red Hat. Bug fixes: * This update fixes a race condition issue between the sock_queue_err_skb function and sk_forward_alloc handling in the socket error queue (MSG_ERRQUEUE), which could occasionally cause the kernel, for example when using PTP, to incorrectly track allocated memory for the error queue, in which case a traceback would occur in the system log. (BZ#1155427) * The zcrypt device driver did not detect certain crypto cards and the related domains for crypto adapters on System z and s390x architectures. Consequently, it was not possible to run the system on new crypto hardware. This update enables toleration mode for such devices so that the system can make use of newer crypto hardware. (BZ#1158311) * After mounting and unmounting an XFS file system several times consecutively, the umount command occasionally became unresponsive. This was caused by the xlog_cil_force_lsn() function that was not waiting for completion as expected. With this update, xlog_cil_force_lsn() has been modified to correctly wait for completion, thus fixing this bug. (BZ#1158325) * When using the ixgbe adapter with disabled LRO and the tx-usec or rs-usec variables set to 0, transmit interrupts could not be set lower than the default of 8 buffered tx frames. Consequently, a delay of TCP transfer occurred. The restriction of a minimum of 8 buffered frames has been removed, and the TCP delay no longer occurs. (BZ#1158326) * The offb driver has been updated for the QEMU standard VGA adapter, fixing an incorrect displaying of colors issue. (BZ#1158328) * Under certain circumstances, when a discovered MTU expired, the IPv6 connection became unavailable for a short period of time. This bug has been fixed, and the connection now works as expected. (BZ#1161418) * A low throughput occurred when using the dm-thin driver to write to unprovisioned or shared chunks for a thin pool with the chunk size bigger than the max_sectors_kb variable. (BZ#1161420) * Large write workloads on thin LVs could cause the iozone and smallfile utilities to terminate unexpectedly. (BZ#1161421) | ||||
| Applies to: kernel |
Created: 2014-12-30 |
Updated: 2015-02-23 |
||
| ID: MITRE:28498 |
Title: RHSA-2014:1985 -- bind97 security update |
Type: Software |
Bulletins:
MITRE:28498 |
Severity: Low |
| Description: The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. A denial of service flaw was found in the way BIND followed DNS delegations. A remote attacker could use a specially crafted zone containing a large number of referrals which, when looked up and processed, would cause named to use excessive amounts of memory or crash. (CVE-2014-8500) All bind97 users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the update, the BIND daemon (named) will be restarted automatically. | ||||
| Applies to: bind97 |
Created: 2014-12-30 |
Updated: 2015-03-16 |
||
| ID: MITRE:28588 |
Title: RHSA-2014:1984 -- bind security update |
Type: Software |
Bulletins:
MITRE:28588 |
Severity: Low |
| Description: The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. A denial of service flaw was found in the way BIND followed DNS delegations. A remote attacker could use a specially crafted zone containing a large number of referrals which, when looked up and processed, would cause named to use excessive amounts of memory or crash. (CVE-2014-8500) All bind users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the update, the BIND daemon (named) will be restarted automatically. | ||||
| Applies to: bind |
Created: 2014-12-30 |
Updated: 2015-03-16 |
||
| ID: MITRE:28613 |
Title: RHSA-2014:1983 -- xorg-x11-server security update |
Type: Software |
Bulletins:
MITRE:28613 |
Severity: Low |
| Description: X.Org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. Multiple integer overflow flaws and out-of-bounds write flaws were found in the way the X.Org server calculated memory requirements for certain X11 core protocol and GLX extension requests. A malicious, authenticated client could use either of these flaws to crash the X.Org server or, potentially, execute arbitrary code with root privileges. (CVE-2014-8092, CVE-2014-8093, CVE-2014-8098) It was found that the X.Org server did not properly handle SUN-DES-1 (Secure RPC) authentication credentials. A malicious, unauthenticated client could use this flaw to crash the X.Org server by submitting a specially crafted authentication request. (CVE-2014-8091) Multiple out-of-bounds access flaws were found in the way the X.Org server calculated memory requirements for certain requests. A malicious, authenticated client could use either of these flaws to crash the X.Org server, or leak memory contents to the client. (CVE-2014-8097) An integer overflow flaw was found in the way the X.Org server calculated memory requirements for certain DRI2 extension requests. A malicious, authenticated client could use this flaw to crash the X.Org server. (CVE-2014-8094) Multiple out-of-bounds access flaws were found in the way the X.Org server calculated memory requirements for certain requests. A malicious, authenticated client could use either of these flaws to crash the X.Org server. (CVE-2014-8095, CVE-2014-8096, CVE-2014-8099, CVE-2014-8100, CVE-2014-8101, CVE-2014-8102, CVE-2014-8103) All xorg-x11-server users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. | ||||
| Applies to: xorg-x11-server |
Created: 2014-12-30 |
Updated: 2015-02-23 |
||
| ID: MITRE:28652 |
Title: RHSA-2014:1982 -- xorg-x11-server security update |
Type: Software |
Bulletins:
MITRE:28652 |
Severity: Low |
| Description: X.Org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. Multiple integer overflow flaws and out-of-bounds write flaws were found in the way the X.Org server calculated memory requirements for certain X11 core protocol and GLX extension requests. A malicious, authenticated client could use either of these flaws to crash the X.Org server or, potentially, execute arbitrary code with root privileges. (CVE-2014-8092, CVE-2014-8093, CVE-2014-8098) It was found that the X.Org server did not properly handle SUN-DES-1 (Secure RPC) authentication credentials. A malicious, unauthenticated client could use this flaw to crash the X.Org server by submitting a specially crafted authentication request. (CVE-2014-8091) Multiple out-of-bounds access flaws were found in the way the X.Org server calculated memory requirements for certain requests. A malicious, authenticated client could use either of these flaws to crash the X.Org server, or leak memory contents to the client. (CVE-2014-8097) Multiple out-of-bounds access flaws were found in the way the X.Org server calculated memory requirements for certain requests. A malicious, authenticated client could use either of these flaws to crash the X.Org server. (CVE-2014-8095, CVE-2014-8096, CVE-2014-8099, CVE-2014-8100, CVE-2014-8101, CVE-2014-8102) All xorg-x11-server users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. | ||||
| Applies to: xorg-x11-server |
Created: 2014-12-30 |
Updated: 2015-02-23 |
||
| ID: MITRE:28437 |
Title: RHSA-2014:1976 -- rpm security update |
Type: Software |
Bulletins:
MITRE:28437 |
Severity: Low |
| Description: The RPM Package Manager (RPM) is a powerful command line driven package management system capable of installing, uninstalling, verifying, querying, and updating software packages. Each software package consists of an archive of files along with information about the package such as its version, description, and other information. It was found that RPM wrote file contents to the target installation directory under a temporary name, and verified its cryptographic signature only after the temporary file has been written completely. Under certain conditions, the system interprets the unverified temporary file contents and extracts commands from it. This could allow an attacker to modify signed RPM files in such a way that they would execute code chosen by the attacker during package installation. (CVE-2013-6435) It was found that RPM could encounter an integer overflow, leading to a stack-based buffer overflow, while parsing a crafted CPIO header in the payload section of an RPM file. This could allow an attacker to modify signed RPM files in such a way that they would execute code chosen by the attacker during package installation. (CVE-2014-8118) These issues were discovered by Florian Weimer of Red Hat Product Security. All rpm users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. All running applications linked against the RPM library must be restarted for this update to take effect. | ||||
| Applies to: rpm |
Created: 2014-12-30 |
Updated: 2015-02-23 |
||
| ID: MITRE:28661 |
Title: RHSA-2014:1974 -- rpm security update |
Type: Software |
Bulletins:
MITRE:28661 |
Severity: Low |
| Description: The RPM Package Manager (RPM) is a powerful command line driven package management system capable of installing, uninstalling, verifying, querying, and updating software packages. Each software package consists of an archive of files along with information about the package such as its version, description, and other information. It was found that RPM wrote file contents to the target installation directory under a temporary name, and verified its cryptographic signature only after the temporary file has been written completely. Under certain conditions, the system interprets the unverified temporary file contents and extracts commands from it. This could allow an attacker to modify signed RPM files in such a way that they would execute code chosen by the attacker during package installation. (CVE-2013-6435) This issue was discovered by Florian Weimer of Red Hat Product Security. All rpm users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. All running applications linked against the RPM library must be restarted for this update to take effect. | ||||
| Applies to: rpm |
Created: 2014-12-30 |
Updated: 2015-02-23 |
||
| ID: MITRE:28399 |
Title: RHSA-2014:1971 -- kernel security and bug fix update |
Type: Software |
Bulletins:
MITRE:28399 |
Severity: Low |
| Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. * A flaw was found in the way the Linux kernel's SCTP implementation handled malformed or duplicate Address Configuration Change Chunks (ASCONF). A remote attacker could use either of these flaws to crash the system. (CVE-2014-3673, CVE-2014-3687, Important) * A flaw was found in the way the Linux kernel's SCTP implementation handled the association's output queue. A remote attacker could send specially crafted packets that would cause the system to use an excessive amount of memory, leading to a denial of service. (CVE-2014-3688, Important) * Two flaws were found in the way the Apple Magic Mouse/Trackpad multi-touch driver and the Minibox PicoLCD driver handled invalid HID reports. An attacker with physical access to the system could use these flaws to crash the system or, potentially, escalate their privileges on the system. (CVE-2014-3181, CVE-2014-3186, Moderate) * A memory corruption flaw was found in the way the USB ConnectTech WhiteHEAT serial driver processed completion commands sent via USB Request Blocks buffers. An attacker with physical access to the system could use this flaw to crash the system or, potentially, escalate their privileges on the system. (CVE-2014-3185, Moderate) * A flaw was found in the way the Linux kernel's keys subsystem handled the termination condition in the associative array garbage collection functionality. A local, unprivileged user could use this flaw to crash the system. (CVE-2014-3631, Moderate) * Multiple flaws were found in the way the Linux kernel's ALSA implementation handled user controls. A local, privileged user could use either of these flaws to crash the system. (CVE-2014-4654, CVE-2014-4655, CVE-2014-4656, Moderate) * A flaw was found in the way the Linux kernel's VFS subsystem handled reference counting when performing unmount operations on symbolic links. A local, unprivileged user could use this flaw to exhaust all available memory on the system or, potentially, trigger a use-after-free error, resulting in a system crash or privilege escalation. (CVE-2014-5045, Moderate) * A flaw was found in the way the get_dumpable() function return value was interpreted in the ptrace subsystem of the Linux kernel. When 'fs.suid_dumpable' was set to 2, a local, unprivileged local user could use this flaw to bypass intended ptrace restrictions and obtain potentially sensitive information. (CVE-2013-2929, Low) * A stack overflow flaw caused by infinite recursion was found in the way the Linux kernel's UDF file system implementation processed indirect ICBs. An attacker with physical access to the system could use a specially crafted UDF image to crash the system. (CVE-2014-6410, Low) * An information leak flaw in the way the Linux kernel handled media device enumerate entities IOCTL requests could allow a local user able to access the /dev/media0 device file to leak kernel memory bytes. (CVE-2014-1739, Low) * An out-of-bounds read flaw in the Logitech Unifying receiver driver could allow an attacker with physical access to the system to crash the system or, potentially, escalate their privileges on the system. (CVE-2014-3182, Low) * Multiple out-of-bounds write flaws were found in the way the Cherry Cymotion keyboard driver, KYE/Genius device drivers, Logitech device drivers, Monterey Genius KB29E keyboard driver, Petalynx Maxter remote control driver, and Sunplus wireless desktop driver handled invalid HID reports. An attacker with physical access to the system could use either of these flaws to write data past an allocated memory buffer. (CVE-2014-3184, Low) * An information leak flaw was found in the RAM Disks Memory Copy (rd_mcp) back end driver of the iSCSI Target subsystem could allow a privileged user to leak the contents of kernel memory to an iSCSI initiator remote client. (CVE-2014-4027, Low) * An information leak flaw in the Linux kernel's ALSA implementation could allow a local, privileged user to leak kernel memory to user space. (CVE-2014-4652, Low) | ||||
| Applies to: kernel |
Created: 2014-12-30 |
Updated: 2015-02-23 |
||
| ID: MITRE:28056 |
Title: TypeFilterLevel vulnerability |
Type: Software |
Bulletins:
MITRE:28056 CVE-2014-4149 |
Severity: High |
| Description: Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 does not properly perform TypeFilterLevel checks, which allows remote attackers to execute arbitrary code via crafted data to a .NET Remoting endpoint, aka "TypeFilterLevel Vulnerability." | ||||
| Applies to: Microsoft .NET Framework 1.1 Microsoft .NET Framework 2.0 Microsoft .NET Framework 3.5.1 Microsoft .NET Framework 4.0 Microsoft .NET Framework 4.5 Microsoft .NET Framework 4.5.1 Microsoft .NET Framework 4.5.2 |
Created: 2014-12-29 |
Updated: 2024-01-17 |
||
| ID: MITRE:27794 |
Title: Microsoft schannel remote code execution vulnerability |
Type: Software |
Bulletins:
MITRE:27794 CVE-2014-6321 |
Severity: High |
| Description: Schannel in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via crafted packets, aka "Microsoft Schannel Remote Code Execution Vulnerability." | ||||
| Applies to: |
Created: 2014-12-29 |
Updated: 2024-01-17 |
||
| ID: MITRE:27356 |
Title: Internet Explorer memory corruption vulnerability |
Type: Web |
Bulletins:
MITRE:27356 CVE-2014-4143 |
Severity: High |
| Description: Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-6341. | ||||
| Applies to: Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 Microsoft Internet Explorer 6 Microsoft Internet Explorer 7 Microsoft Internet Explorer 8 Microsoft Internet Explorer 9 |
Created: 2014-12-29 |
Updated: 2024-01-17 |
||
| ID: MITRE:27372 |
Title: Internet Explorer memory corruption vulnerability |
Type: Software |
Bulletins:
MITRE:27372 CVE-2014-6337 |
Severity: High |
| Description: Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability." | ||||
| Applies to: Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 |
Created: 2014-12-29 |
Updated: 2024-01-17 |
||
| ID: MITRE:27601 |
Title: Internet Explorer memory corruption vulnerability |
Type: Web |
Bulletins:
MITRE:27601 CVE-2014-6351 |
Severity: High |
| Description: Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability." | ||||
| Applies to: Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 Microsoft Internet Explorer 8 Microsoft Internet Explorer 9 |
Created: 2014-12-29 |
Updated: 2024-01-17 |
||
| ID: MITRE:28177 |
Title: Internet Explorer memory corruption vulnerability |
Type: Web |
Bulletins:
MITRE:28177 CVE-2014-6341 |
Severity: High |
| Description: Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-4143. | ||||
| Applies to: Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 Microsoft Internet Explorer 6 Microsoft Internet Explorer 7 Microsoft Internet Explorer 8 Microsoft Internet Explorer 9 |
Created: 2014-12-29 |
Updated: 2024-01-17 |
||
| ID: MITRE:28205 |
Title: Internet Explorer memory corruption vulnerability |
Type: Web |
Bulletins:
MITRE:28205 CVE-2014-6353 |
Severity: High |
| Description: Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability." | ||||
| Applies to: Microsoft Internet Explorer 10 Microsoft Internet Explorer 6 Microsoft Internet Explorer 7 Microsoft Internet Explorer 8 Microsoft Internet Explorer 9 |
Created: 2014-12-29 |
Updated: 2024-01-17 |
||
| ID: MITRE:28358 |
Title: Internet Explorer memory corruption vulnerability |
Type: Software |
Bulletins:
MITRE:28358 CVE-2014-6343 |
Severity: High |
| Description: Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability." | ||||
| Applies to: Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 Microsoft Internet Explorer 9 |
Created: 2014-12-29 |
Updated: 2024-01-17 |
||
| ID: MITRE:27897 |
Title: Internet Explorer elevation of privilege vulnerability |
Type: Software |
Bulletins:
MITRE:27897 CVE-2014-6350 |
Severity: Medium |
| Description: Microsoft Internet Explorer 10 and 11 allows remote attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of Privilege Vulnerability," a different vulnerability than CVE-2014-6349. | ||||
| Applies to: Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 |
Created: 2014-12-29 |
Updated: 2024-01-17 |
||
| ID: MITRE:28266 |
Title: Internet Explorer elevation of privilege vulnerability |
Type: Software |
Bulletins:
MITRE:28266 CVE-2014-6349 |
Severity: Medium |
| Description: Microsoft Internet Explorer 10 and 11 allows remote attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of Privilege Vulnerability," a different vulnerability than CVE-2014-6350. | ||||
| Applies to: Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 |
Created: 2014-12-29 |
Updated: 2024-01-17 |
||
| ID: MITRE:28339 |
Title: Internet Explorer cross-domain information disclosure vulnerability. |
Type: Web |
Bulletins:
MITRE:28339 CVE-2014-6340 |
Severity: Medium |
| Description: Microsoft Internet Explorer 6 through 11 allows remote attackers to read content from a different (1) domain or (2) zone via a crafted web site, aka "Internet Explorer Cross-domain Information Disclosure Vulnerability." | ||||
| Applies to: Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 Microsoft Internet Explorer 6 Microsoft Internet Explorer 7 Microsoft Internet Explorer 8 Microsoft Internet Explorer 9 |
Created: 2014-12-29 |
Updated: 2024-01-17 |
||
| ID: MITRE:28204 |
Title: Internet Explorer cross-domain information disclosure vulnerability |
Type: Software |
Bulletins:
MITRE:28204 CVE-2014-6345 |
Severity: Medium |
| Description: Microsoft Internet Explorer 9 and 10 allows remote attackers to read content from a different (1) domain or (2) zone via a crafted web site, aka "Internet Explorer Cross-domain Information Disclosure Vulnerability." | ||||
| Applies to: Microsoft Internet Explorer 10 Microsoft Internet Explorer 9 |
Created: 2014-12-29 |
Updated: 2024-01-17 |
||
| ID: MITRE:28290 |
Title: Internet Explorer cross-domain information disclosure vulnerability |
Type: Web |
Bulletins:
MITRE:28290 CVE-2014-6346 |
Severity: Medium |
| Description: Microsoft Internet Explorer 8 through 11 allows remote attackers to read content from a different (1) domain or (2) zone via a crafted web site, aka "Internet Explorer Cross-domain Information Disclosure Vulnerability." | ||||
| Applies to: Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 Microsoft Internet Explorer 8 Microsoft Internet Explorer 9 |
Created: 2014-12-29 |
Updated: 2024-01-17 |
||
| ID: MITRE:28334 |
Title: Internet Explorer Clipboard Information Disclosure Vulnerability |
Type: Web |
Bulletins:
MITRE:28334 CVE-2014-6323 |
Severity: Medium |
| Description: Microsoft Internet Explorer 7 through 11 allows remote attackers to obtain sensitive clipboard information via a crafted web site, aka "Internet Explorer Clipboard Information Disclosure Vulnerability." | ||||
| Applies to: Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 Microsoft Internet Explorer 7 Microsoft Internet Explorer 8 Microsoft Internet Explorer 9 |
Created: 2014-12-29 |
Updated: 2024-01-17 |
||
| ID: MITRE:28173 |
Title: Active Directory Federation Services information disclosure vulnerability |
Type: Software |
Bulletins:
MITRE:28173 CVE-2014-6331 |
Severity: Medium |
| Description: Microsoft Active Directory Federation Services (AD FS) 2.0, 2.1, and 3.0, when a configured SAML Relying Party lacks a sign-out endpoint, does not properly process logoff actions, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation, aka "Active Directory Federation Services Information Disclosure Vulnerability." | ||||
| Applies to: Microsoft Active Directory Federation Services |
Created: 2014-12-29 |
Updated: 2024-01-17 |
||
| ID: MITRE:28647 |
Title: ELSA-2014-3108 -- Unbreakable Enterprise kernel security update |
Type: Software |
Bulletins:
MITRE:28647 |
Severity: Low |
| Description: kernel-uek [2.6.32-400.36.13uek] - net: guard tcp_set_keepalive() to tcp sockets (Eric Dumazet) [Orabug: 20224099] {CVE-2012-6657} - isofs: Fix unbounded recursion when processing relocated directories (Jan Kara) [Orabug: 20224061] {CVE-2014-5471} {CVE-2014-5472} - x86_64, traps: Stop using IST for #SS (Andy Lutomirski) [Orabug: 20224029] {CVE-2014-9090} {CVE-2014-9322} | ||||
| Applies to: kernel-uek |
Created: 2014-12-22 |
Updated: 2015-03-16 |
||
| ID: MITRE:28492 |
Title: ELSA-2014-3107 -- Unbreakable Enterprise kernel security update |
Type: Software |
Bulletins:
MITRE:28492 |
Severity: Low |
| Description: [2.6.39-400.215.15] - isofs: Fix unbounded recursion when processing relocated directories (Jan Kara) [Orabug: 20224060] {CVE-2014-5471} {CVE-2014-5472} - x86_64, traps: Stop using IST for #SS (Andy Lutomirski) [Orabug: 20224028] {CVE-2014-9090} {CVE-2014-9322} | ||||
| Applies to: kernel-uek |
Created: 2014-12-22 |
Updated: 2015-02-23 |
||
| ID: MITRE:27915 |
Title: ELSA-2014-3106 -- Unbreakable Enterprise kernel security update |
Type: Software |
Bulletins:
MITRE:27915 |
Severity: Low |
| Description: kernel-uek [3.8.13-55.1.2.el6uek] - isofs: Fix unbounded recursion when processing relocated directories (Jan Kara) [Orabug: 20224059] {CVE-2014-5471} {CVE-2014-5472} - x86_64, traps: Stop using IST for #SS (Andy Lutomirski) [Orabug: 20224027] {CVE-2014-9090} {CVE-2014-9322} | ||||
| Applies to: kernel-uek |
Created: 2014-12-22 |
Updated: 2015-03-16 |
||
| ID: MITRE:27668 |
Title: ELSA-2014-3105 -- Unbreakable Enterprise kernel security update |
Type: Software |
Bulletins:
MITRE:27668 |
Severity: Low |
| Description: kernel-uek [2.6.32-400.36.12] - HID: fix a couple of off-by-ones (Jiri Kosina) [Orabug: 19849320] {CVE-2014-3184} - ALSA: control: Protect user controls against concurrent access (Lars-Peter Clausen) [Orabug: 20192545] {CVE-2014-4652} - udf: Avoid infinite loop when processing indirect ICBs (Jan Kara) [Orabug: 20192451] {CVE-2014-6410} - ALSA: control: Make sure that id->index does not overflow (Lars-Peter Clausen) [Orabug: 20192420] {CVE-2014-4656} - ALSA: control: Handle numid overflow (Lars-Peter Clausen) [Orabug: 20192379] {CVE-2014-4656} - net: sctp: fix remote memory pressure from excessive queueing (Daniel Borkmann) [Orabug: 20192060] {CVE-2014-3688} | ||||
| Applies to: kernel-uek |
Created: 2014-12-22 |
Updated: 2015-03-16 |
||
| ID: MITRE:28482 |
Title: ELSA-2014-3104 -- Unbreakable Enterprise kernel security update |
Type: Software |
Bulletins:
MITRE:28482 |
Severity: Low |
| Description: [2.6.39-400.215.14] - HID: magicmouse: sanity check report size in raw_event() callback (Jiri Kosina) [Orabug: 19849355] {CVE-2014-3181} - ALSA: control: Protect user controls against concurrent access (Lars-Peter Clausen) [Orabug: 20192542] {CVE-2014-4652} - target/rd: Refactor rd_build_device_space + rd_release_device_space (Nicholas Bellinger) [Orabug: 20192517] {CVE-2014-4027} - media-device: fix infoleak in ioctl media_enum_entities() (Salva Peiro) [Orabug: 20192501] {CVE-2014-1739} {CVE-2014-1739} - udf: Avoid infinite loop when processing indirect ICBs (Jan Kara) [Orabug: 20192449] {CVE-2014-6410} - ALSA: control: Make sure that id->index does not overflow (Lars-Peter Clausen) [Orabug: 20192418] {CVE-2014-4656} - ALSA: control: Handle numid overflow (Lars-Peter Clausen) [Orabug: 20192376] {CVE-2014-465} - HID: picolcd: sanity check report size in raw_event() callback (Jiri Kosina) [Orabug: 20192205] {CVE-2014-3186} - net: sctp: fix remote memory pressure from excessive queueing (Daniel Borkmann) [Orabug: 20192059] {CVE-2014-3688} | ||||
| Applies to: kernel-uek |
Created: 2014-12-22 |
Updated: 2015-02-23 |
||
| ID: MITRE:28305 |
Title: ELSA-2014-3103 -- Unbreakable Enterprise kernel security update |
Type: Software |
Bulletins:
MITRE:28305 |
Severity: Low |
| Description: kernel-uek [3.8.13-55.1.1] - ALSA: control: Protect user controls against concurrent access (Lars-Peter Clausen) [Orabug: 20192540] {CVE-2014-4652} - target/rd: Refactor rd_build_device_space + rd_release_device_space (Nicholas Bellinger) [Orabug: 20192516] {CVE-2014-4027} - HID: logitech: perform bounds checking on device_id early enough (Jiri Kosina) [Orabug: 20192477] {CVE-2014-3182} - udf: Avoid infinite loop when processing indirect ICBs (Jan Kara) [Orabug: 20192448] {CVE-2014-6410} - ALSA: control: Make sure that id->index does not overflow (Lars-Peter Clausen) [Orabug: 20192416] {CVE-2014-4656} - ALSA: control: Handle numid overflow (Lars-Peter Clausen) [Orabug: 20192367] {CVE-2014-4656} - HID: picolcd: sanity check report size in raw_event() callback (Jiri Kosina) [Orabug: 20192208] {CVE-2014-3186} - net: sctp: fix remote memory pressure from excessive queueing (Daniel Borkmann) [Orabug: 20192058] {CVE-2014-3688} | ||||
| Applies to: kernel-uek |
Created: 2014-12-22 |
Updated: 2015-03-16 |
||
| ID: MITRE:28192 |
Title: ELSA-2014-2025 -- ntp security update |
Type: Miscellaneous |
Bulletins:
MITRE:28192 |
Severity: Low |
| Description: [4.2.2p1-18.el5] - don't generate weak control key for resolver (CVE-2014-9293) - don't generate weak MD5 keys in ntp-keygen (CVE-2014-9294) - fix buffer overflows via specially-crafted packets (CVE-2014-9295) | ||||
| Applies to: ntp |
Created: 2014-12-22 |
Updated: 2015-02-23 |
||
| ID: MITRE:28304 |
Title: ELSA-2014-2024 -- ntp security update |
Type: Miscellaneous |
Bulletins:
MITRE:28304 |
Severity: Low |
| Description: [4.2.6p5-2] - don't generate weak control key for resolver (CVE-2014-9293) - don't generate weak MD5 keys in ntp-keygen (CVE-2014-9294) - fix buffer overflows via specially-crafted packets (CVE-2014-9295) - don't mobilize passive association when authentication fails (CVE-2014-9296) | ||||
| Applies to: ntp |
Created: 2014-12-22 |
Updated: 2015-02-23 |
||
| ID: MITRE:28088 |
Title: ELSA-2014-2023 -- glibc security and bug fix update |
Type: Miscellaneous |
Bulletins:
MITRE:28088 |
Severity: Low |
| Description: [2.17-55.0.4.el7_0.3] - Remove strstr and strcasestr implementations using sse4.2 instructions. - Upstream commits 584b18eb4df61ccd447db2dfe8c8a7901f8c8598 and 1818483b15d22016b0eae41d37ee91cc87b37510 backported. (Jose E. Marchesi) [2.17-55.3] - Fix wordexp() to honour WRDE_NOCMD (CVE-2014-7817, #1170118) [2.17-55.2] - ftell: seek to end only when there are unflushed bytes (#1170187). [2.17-55.1] - Remove gconv transliteration loadable modules support (CVE-2014-5119, - _nl_find_locale: Improve handling of crafted locale names (CVE-2014-0475, | ||||
| Applies to: glibc |
Created: 2014-12-22 |
Updated: 2015-02-23 |
||
| ID: MITRE:28420 |
Title: ELSA-2014-2021 -- jasper security update |
Type: Miscellaneous |
Bulletins:
MITRE:28420 |
Severity: Low |
| Description: [1.900.1-16.2] - CVE-2014-8137 - double-free in in jas_iccattrval_destroy (#1173566) - CVE-2014-8138 - heap overflow in jp2_decode (#1173566) [1.900.1-16.1] - CVE-2014-9029 - incorrect component number check in COC, RGN and QCC marker segment decoders (#1171208) [1.900.1-16] - CERT VU#887409: heap buffer overflow flaws lead to arbitrary code execution (#749150) | ||||
| Applies to: jasper |
Created: 2014-12-22 |
Updated: 2015-02-23 |
||
| ID: MITRE:28310 |
Title: ELSA-2014-2010 -- kernel security update |
Type: Software |
Bulletins:
MITRE:28310 |
Severity: Low |
| Description: [3.10.0-123.13.2] - Oracle Linux certificates (Alexey Petrenko) [3.10.0-123.13.2] - [x86] traps: stop using IST for #SS (Petr Matousek) [1172812 1172813] {CVE-2014-9322} | ||||
| Applies to: kernel |
Created: 2014-12-22 |
Updated: 2015-02-23 |
||
| ID: MITRE:28616 |
Title: ELSA-2014-2008-1 -- kernel security update |
Type: Software |
Bulletins:
MITRE:28616 |
Severity: Low |
| Description: kernel [2.6.18-400.1.1.0.1] - [net] fix tcp_trim_head() (James Li) [orabug 14512145, 19219078] - ocfs2: dlm: fix recovery hung (Junxiao Bi) [orabug 13956772] - i386: fix MTRR code (Zhenzhong Duan) [orabug 15862649] - [oprofile] x86, mm: Add __get_user_pages_fast() [orabug 14277030] - [oprofile] export __get_user_pages_fast() function [orabug 14277030] - [oprofile] oprofile, x86: Fix nmi-unsafe callgraph support [orabug 14277030] - [oprofile] oprofile: use KM_NMI slot for kmap_atomic [orabug 14277030] - [oprofile] oprofile: i386 add get_user_pages_fast support [orabug 14277030] - [kernel] Initialize the local uninitialized variable stats. [orabug 14051367] - [fs] JBD:make jbd support 512B blocks correctly for ocfs2. [orabug 13477763] - [x86 ] fix fpu context corrupt when preempt in signal context [orabug 14038272] - [mm] fix hugetlb page leak (Dave McCracken) [orabug 12375075] - fix ia64 build error due to add-support-above-32-vcpus.patch(Zhenzhong Duan) - [x86] use dynamic vcpu_info remap to support more than 32 vcpus (Zhenzhong Duan) - [x86] Fix lvt0 reset when hvm boot up with noapic param - [scsi] remove printk's when doing I/O to a dead device (John Sobecki, Chris Mason) [orabug 12342275] - [char] ipmi: Fix IPMI errors due to timing problems (Joe Jin) [orabug 12561346] - [scsi] Fix race when removing SCSI devices (Joe Jin) [orabug 12404566] - [net] net: Redo the broken redhat netconsole over bonding (Tina Yang) [orabug 12740042] - [fs] nfs: Fix __put_nfs_open_context() NULL pointer panic (Joe Jin) [orabug 12687646] - fix filp_close() race (Joe Jin) [orabug 10335998] - make xenkbd.abs_pointer=1 by default [orabug 67188919] - [xen] check to see if hypervisor supports memory reservation change (Chuck Anderson) [orabug 7556514] - [net] Enable entropy for bnx2,bnx2x,e1000e,igb,ixgb,ixgbe,ixgbevf (John Sobecki) [orabug 10315433] - [NET] Add xen pv netconsole support (Tina Yang) [orabug 6993043] [bz 7258] - [mm] Patch shrink_zone to yield during severe mempressure events, avoiding hangs and evictions (John Sobecki,Chris Mason) [orabug 6086839] - [mm] Enhance shrink_zone patch allow full swap utilization, and also be NUMA-aware (John Sobecki,Chris Mason,Herbert van den Bergh) [orabug 9245919] - fix aacraid not to reset during kexec (Joe Jin) [orabug 8516042] - [xen] PVHVM guest with PoD crashes under memory pressure (Chuck Anderson) [orabug 9107465] - [xen] PV guest with FC HBA hangs during shutdown (Chuck Anderson) [orabug 9764220] - Support 256GB+ memory for pv guest (Mukesh Rathor) [orabug 9450615] - fix overcommit memory to use percpu_counter for (KOSAKI Motohiro, Guru Anbalagane) [orabug 6124033] - [ipmi] make configurable timeouts for kcs of ipmi [orabug 9752208] - [ib] fix memory corruption (Andy Grover) [orabug 9972346] - [usb] USB: fix __must_check warnings in drivers/usb/core/ (Junxiao Bi) [orabug 14795203] - [usb] usbcore: fix refcount bug in endpoint removal (Junxiao Bi) [orabug 14795203] | ||||
| Applies to: kernel |
Created: 2014-12-22 |
Updated: 2015-03-16 |
||
| ID: MITRE:28387 |
Title: ELSA-2014-2008 -- kernel security update |
Type: Software |
Bulletins:
MITRE:28387 |
Severity: Low |
| Description: kernel [2.6.18-400.1.1] - [x86] traps: stop using IST for #SS (Petr Matousek) [1172809] {CVE-2014-9322} | ||||
| Applies to: kernel |
Created: 2014-12-22 |
Updated: 2015-03-16 |
||
| ID: MITRE:28324 |
Title: ELSA-2014-1999 -- mailx security update |
Type: Software |
Bulletins:
MITRE:28324 |
Severity: Low |
| Description: [12.4-8] - CVE-2004-2771 mailx: command execution flaw resolves: #1171175 | ||||
| Applies to: mailx |
Created: 2014-12-22 |
Updated: 2015-02-23 |
||
| ID: MITRE:28612 |
Title: ELSA-2014-1997 -- kernel security and bug fix update |
Type: Software |
Bulletins:
MITRE:28612 |
Severity: Low |
| Description: [2.6.32-504.3.3] - [x86] traps: stop using IST for #SS (Petr Matousek) [1172810 1172811] {CVE-2014-9322} [2.6.32-504.3.2] - [md] dm-thin: fix pool_io_hints to avoid looking at max_hw_sectors (Mike Snitzer) [1161420 1161421 1142773 1145230] [2.6.32-504.3.1] - [s390] zcrypt: toleration of new crypto adapter hardware (Hendrik Brueckner) [1158311 1134984] - [s390] zcrypt: support for extended number of ap domains (Hendrik Brueckner) [1158311 1134984] - [md] dm-thin: fix potential for infinite loop in pool_io_hints (Mike Snitzer) [1161420 1161421 1142773 1145230] [2.6.32-504.2.1] - [fs] udf: Avoid infinite loop when processing indirect ICBs (Jacob Tanenbaum) [1142319 1142320] {CVE-2014-6410} - [fs] isofs: unbound recursion when processing relocated directories (Jacob Tanenbaum) [1142268 1142269] {CVE-2014-5472 CVE-2014-5471} - [net] ipv6: delete expired route in ip6_pmtu_deliver (Hannes Frederic Sowa) [1161418 1156137] - [net] sctp: fix remote memory pressure from excessive queueing (Daniel Borkmann) [1155746 1154676] {CVE-2014-3688} - [net] sctp: fix panic on duplicate ASCONF chunks (Daniel Borkmann) [1155733 1154676] {CVE-2014-3687} - [net] sctp: fix skb_over_panic when receiving malformed ASCONF chunks (Daniel Borkmann) [1147857 1154676] {CVE-2014-3673} - [net] sctp: handle association restarts when the socket is closed (Daniel Borkmann) [1147857 1154676] - [md] dm-thin: refactor requeue_io to eliminate spinlock bouncing (Mike Snitzer) [1161420 1161421 1142773 1145230] - [md] dm-thin: optimize retry_bios_on_resume (Mike Snitzer) [1161420 1161421 1142773 1145230] - [md] dm-thin: sort the deferred cells (Mike Snitzer) [1161420 1161421 1142773 1145230] - [md] dm-thin: direct dispatch when breaking sharing (Mike Snitzer) [1161420 1161421 1142773 1145230] - [md] dm-thin: remap the bios in a cell immediately (Mike Snitzer) [1161420 1161421 1142773 1145230] - [md] dm-thin: defer whole cells rather than individual bios (Mike Snitzer) [1161420 1161421 1142773 1145230] - [md] dm-thin: factor out remap_and_issue_overwrite (Mike Snitzer) [1161420 1161421 1142773 1145230] - [md] dm-thin: performance improvement to discard processing (Mike Snitzer) [1161420 1161421 1142773 1145230] - [md] dm-thin: grab a virtual cell before looking up the mapping (Mike Snitzer) [1161420 1161421 1142773 1145230] - [md] dm-thin: implement thin_merge (Mike Snitzer) [1161420 1161421 1142773 1145230] - [md] dm: improve documentation and code clarity in dm_merge_bvec (Mike Snitzer) [1161420 1161421 1142773 1145230] - [md] dm-thin: adjust max_sectors_kb based on thinp blocksize (Mike Snitzer) [1161420 1161421 1142773 1145230] - [md] block: fix alignment_offset math that assumes io_min is a power-of-2 (Mike Snitzer) [1161420 1161421 1142773 1145230] - [md] dm-thin: throttle incoming IO (Mike Snitzer) [1161420 1161421 1142773 1145230] - [md] dm-thin: prefetch missing metadata pages (Mike Snitzer) [1161420 1161421 1142773 1145230] - [md] dm-transaction-manager: add support for prefetching blocks of metadata (Mike Snitzer) [1161420 1161421 1142773 1145230] - [md] dm-thin-metadata: change dm_thin_find_block to allow blocking, but not issuing, IO (Mike Snitzer) [1161420 1161421 1142773 1145230] - [md] dm-bio-prison: switch to using a red black tree (Mike Snitzer) [1161420 1161421 1142773 1145230] - [md] dm-bufio: evict buffers that are past the max age but retain some buffers (Mike Snitzer) [1161420 1161421 1142773 1145230] - [md] dm-bufio: switch from a huge hash table to an rbtree (Mike Snitzer) [1161420 1161421 1142773 1145230] - [md] dm-bufio: update last_accessed when relinking a buffer (Mike Snitzer) [1161420 1161421 1142773 1145230] - [md] dm-bufio: use kzalloc when allocating dm_bufio_client (Mike Snitzer) [1161420 1161421 1142773 1145230] - [md] dm-thin-metadata: do not allow the data block size to change (Mike Snitzer) [1161420 1161421 1142773 1145230] - [md] dm-thin: cleanup noflush_work to use a proper completion (Mike Snitzer) [1161420 1161421 1142773 1145230] - [md] dm-thin: fix DMERR typo in pool_status error path (Mike Snitzer) [1161420 1161421 1142773 1145230] - [fs] xfs: xlog_cil_force_lsn doesn't always wait correctly (Eric Sandeen) [1158325 1133304] - [netdrv] ixgbe: allow TXDCTL.WRTHRESH to be 1 will small ITR values (John Greene) [1158326 1132267] - [netdrv] ixgbe: Intel Change to allow itr changes without CONFIG_BQL support (John Greene) [1158326 1132267] - [video] offb: Fix setting of the pseudo-palette for >8bpp (Gerd Hoffmann) [1158328 1142450] - [video] offb: Add palette hack for qemu 'standard vga' framebuffer (Gerd Hoffmann) [1158328 1142450] - [video] offb: Fix bug in calculating requested vram size (Gerd Hoffmann) [1158328 1142450] - [net] sock_queue_err_skb() dont mess with sk_forward_alloc (Jiri Benc) [1155427 1148257] - [net] guard tcp_set_keepalive() to tcp sockets (Florian Westphal) [1141744 1141746] {CVE-2012-6657} - Revert: [net] revert 'bridge: Set vlan_features to allow offloads on vlans' (Vlad Yasevich) [1144442 1121991] - [x86] kvm: fix PIT timer race condition (mguzik) [1149592 1149593] {CVE-2014-3611} - [x86] kvm: vmx: handle invept and invvpid vm exits gracefull (mguzik) [1144826 1144837 1144827 1144838] {CVE-2014-3646 CVE-2014-3645} | ||||
| Applies to: kernel |
Created: 2014-12-22 |
Updated: 2015-02-23 |
||
| ID: MITRE:28079 |
Title: ELSA-2014-1985 -- bind97 security update |
Type: Software |
Bulletins:
MITRE:28079 |
Severity: Low |
| Description: [32:9.7.0-21.P2.1] - Fix CVE-2014-8500 (#1171972) | ||||
| Applies to: bind97 |
Created: 2014-12-22 |
Updated: 2015-02-23 |
||
| ID: MITRE:28485 |
Title: ELSA-2014-1984 -- bind security update |
Type: Software |
Bulletins:
MITRE:28485 |
Severity: Low |
| Description: [32:9.9.4-14.0.1.el7_0.1] - Rebuild to fix libmysqlclient dependency [32:9.9.4-14.1] - Fix CVE-2014-8500 (#1171975) | ||||
| Applies to: bind |
Created: 2014-12-22 |
Updated: 2015-02-23 |
||
| ID: MITRE:28543 |
Title: ELSA-2014-1983 -- xorg-x11-server security update |
Type: Software |
Bulletins:
MITRE:28543 |
Severity: Low |
| Description: [1.15.0-7.0.1.el7_0.3] - Invalid BUG_RETURN_VAL fix, upstream patch (orabug 18896390) [1.15.0-7.3] - CVE fixes for: CVE-2014-8099, CVE-2014-8098, CVE-2014-8097, CVE-2014-8096, CVE-2014-8095, CVE-2014-8094, CVE-2014-8093, CVE-2014-8092, CVE-2014-8091, CVE-2014-8101, CVE-2014-8100, CVE-2014-8103, CVE-2014-8102 | ||||
| Applies to: xorg-x11-server |
Created: 2014-12-22 |
Updated: 2015-02-23 |
||
| ID: MITRE:28577 |
Title: ELSA-2014-1982 -- xorg-x11-server security update |
Type: Software |
Bulletins:
MITRE:28577 |
Severity: Low |
| Description: [1.1.1-48.107.0.1.el5_11] - Added oracle-enterprise-detect.patch - Replaced 'Red Hat' in spec file [1.1.1-48.107] - CVE-2014-8091 denial of service due to unchecked malloc in client authentication (#1168680) - CVE-2014-8092 integer overflow in X11 core protocol requests when calculating memory needs for requests (#1168684) - CVE-2014-8097 out of bounds access due to not validating length or offset values in DBE extension (#1168705) - CVE-2014-8095 out of bounds access due to not validating length or offset values in XInput extension (#1168694) - CVE-2014-8096 out of bounds access due to not validating length or offset values in XC-MISC extension(#1168700) - CVE-2014-8099 out of bounds access due to not validating length or offset values in XVideo extension (#1168710) - CVE-2014-8100 out of bounds access due to not validating length or offset values in Render extension (#1168711) - CVE-2014-8102 out of bounds access due to not validating length or offset values in XFixes extension (#1168714) - CVE-2014-8101 out of bounds access due to not validating length or offset values in RandR extension (#1168713) - CVE-2014-8093 xorg-x11-server: integer overflow in GLX extension requests when calculating memory needs for requests (#1168688) - CVE-2014-8098 xorg-x11-server: out of bounds access due to not validating length or offset values in GLX extension (#1168707) [1.1.1-48.104] - xserver-1.1.1-randr-config-timestamps.patch: Backport timestamp comparison fix from upstream RANDR code (#1006076) [1.1.1-48.103] - CVE-2013-6424: Fix OOB in trapezoid rasterization | ||||
| Applies to: xorg-x11-server |
Created: 2014-12-22 |
Updated: 2015-02-23 |
||
| ID: MITRE:28615 |
Title: ELSA-2014-1976 -- rpm security update |
Type: Software |
Bulletins:
MITRE:28615 |
Severity: Low |
| Description: [4.11.1-18] - Add check against malicious CPIO file name size (#1163060) - Fixes CVE-2014-8118 [4.11.1-17] - Fix race condidition where unchecked data is exposed in the file system (#1163060) - Fixes CVE-2013-6435 | ||||
| Applies to: rpm |
Created: 2014-12-22 |
Updated: 2015-02-23 |
||
| ID: MITRE:28261 |
Title: ELSA-2014-1974 -- rpm security update |
Type: Software |
Bulletins:
MITRE:28261 |
Severity: Low |
| Description: [4.4.2.3-36.0.1] - Add missing files in /usr/share/doc/ [4.8.0-36] - Fix warning when applying the patch for #1163057 [4.8.0-35] - Fix race condidition where unchecked data is exposed in the file system (CVE-2013-6435)(#1163057) | ||||
| Applies to: rpm |
Created: 2014-12-22 |
Updated: 2015-02-23 |
||
| ID: MITRE:28418 |
Title: ELSA-2014-1971 -- kernel security and bug fix update |
Type: Software |
Bulletins:
MITRE:28418 |
Severity: Low |
| Description: [3.10.0-123.13.1] - Oracle Linux certificates (Alexey Petrenko) [3.10.0-123.13.1] - [powerpc] mm: Make sure a local_irq_disable prevent a parallel THP split (Don Zickus) [1151057 1083296] - [powerpc] Implement __get_user_pages_fast() (Don Zickus) [1151057 1083296] - [scsi] vmw_pvscsi: Some improvements in pvscsi driver (Ewan Milne) [1144016 1075090] - [scsi] vmw_pvscsi: Add support for I/O requests coalescing (Ewan Milne) [1144016 1075090] - [scsi] vmw_pvscsi: Fix pvscsi_abort() function (Ewan Milne) [1144016 1075090] [3.10.0-123.12.1] - [alsa] control: Make sure that id->index does not overflow (Jaroslav Kysela) [1117313 1117314] {CVE-2014-4656} - [alsa] control: Handle numid overflow (Jaroslav Kysela) [1117313 1117314] {CVE-2014-4656} - [alsa] control: Protect user controls against concurrent access (Jaroslav Kysela) [1117338 1117339] {CVE-2014-4652} - [alsa] control: Fix replacing user controls (Jaroslav Kysela) [1117323 1117324] {CVE-2014-4654 CVE-2014-4655} - [net] sctp: fix remote memory pressure from excessive queueing (Daniel Borkmann) [1155750 1152755] {CVE-2014-3688} - [net] sctp: fix panic on duplicate ASCONF chunks (Daniel Borkmann) [1155737 1152755] {CVE-2014-3687} - [net] sctp: fix skb_over_panic when receiving malformed ASCONF chunks (Daniel Borkmann) [1147856 1152755] {CVE-2014-3673} - [net] sctp: handle association restarts when the socket is closed (Daniel Borkmann) [1147856 1152755] [1155737 1152755] [1155750 1152755] - [pci] Add ACS quirk for Intel 10G NICs (Alex Williamson) [1156447 1141399] - [pci] Add ACS quirk for Solarflare SFC9120 & SFC9140 (Alex Williamson) [1158316 1131552] - [lib] assoc_array: Fix termination condition in assoc array garbage collection (David Howells) [1155136 1139431] {CVE-2014-3631} - [block] cfq-iosched: Add comments on update timing of weight (Vivek Goyal) [1152874 1116126] - [block] cfq-iosched: Fix wrong children_weight calculation (Vivek Goyal) [1152874 1116126] - [powerpc] mm: Check paca psize is up to date for huge mappings (Gustavo Duarte) [1151927 1107337] - [x86] perf/intel: ignore CondChgd bit to avoid false NMI handling (Don Zickus) [1146819 1110264] - [x86] smpboot: initialize secondary CPU only if master CPU will wait for it (Phillip Lougher) [1144295 968147] - [x86] smpboot: Log error on secondary CPU wakeup failure at ERR level (Igor Mammedov) [1144295 968147] - [x86] smpboot: Fix list/memory corruption on CPU hotplug (Igor Mammedov) [1144295 968147] - [acpi] processor: do not mark present at boot but not onlined CPU as onlined (Igor Mammedov) [1144295 968147] - [fs] udf: Avoid infinite loop when processing indirect ICBs (Jacob Tanenbaum) [1142321 1142322] {CVE-2014-6410} - [hid] picolcd: fix memory corruption via OOB write (Jacob Tanenbaum) [1141408 1141409] {CVE-2014-3186} - [usb] serial/whiteheat: fix memory corruption flaw (Jacob Tanenbaum) [1141403 1141404] {CVE-2014-3185} - [hid] fix off by one error in various _report_fixup routines (Jacob Tanenbaum) [1141393 1141394] {CVE-2014-3184} - [hid] logitech-dj: fix OOB array access (Jacob Tanenbaum) [1141211 1141212] {CVE-2014-3182} - [hid] fix OOB write in magicmouse driver (Jacob Tanenbaum) [1141176 1141177] {CVE-2014-3181} - [acpi] Fix bug when ACPI reset register is implemented in system memory (Nigel Croxon) [1136525 1109971] - [fs] vfs: fix ref count leak in path_mountpoint() (Ian Kent) [1122481 1122376] {CVE-2014-5045} - [kernel] ptrace: get_dumpable() incorrect tests (Jacob Tanenbaum) [1111605 1111606] {CVE-2013-2929} - [media] media-device: fix an information leakage (Jacob Tanenbaum) [1109776 1109777] {CVE-2014-1739} - [target] rd: Refactor rd_build_device_space + rd_release_device_space (Denys Vlasenko) [1108754 1108755] {CVE-2014-4027} - [block] blkcg: fix use-after-free in __blkg_release_rcu() by making blkcg_gq refcnt an atomic_t (Vivek Goyal) [1158313 1118436] - [virt] kvm: fix PIT timer race condition (Petr Matousek) [1144879 1144880] {CVE-2014-3611} - [virt] kvm/vmx: handle invept and invvpid vm exits gracefully (Petr Matousek) [1145449 1116936] [1144828 1144829] {CVE-2014-3645 CVE-2014-3646} [3.10.0-123.11.1] - [net] fix UDP tunnel GSO of frag_list GRO packets (Phillip Lougher) [1149661 1119392] [3.10.0-123.10.1] - [pci] hotplug: Prevent NULL dereference during pciehp probe (Myron Stowe) [1142393 1133107] - [kernel] workqueue: apply __WQ_ORDERED to create_singlethread_workqueue() (Tomas Henzl) [1151314 1131563] | ||||
| Applies to: kernel |
Created: 2014-12-22 |
Updated: 2015-02-23 |
||
| ID: CVE-2014-8014 |
Title: Cisco IOS XR allows remote attackers to cause a denial of service (RSVP process reload) via a malformed RSVP packet, aka Bug ID CSCub63710. |
Type: Hardware |
Bulletins:
CVE-2014-8014 |
Severity: Medium |
| Description: Cisco IOS XR allows remote attackers to cause a denial of service (RSVP process reload) via a malformed RSVP packet, aka Bug ID CSCub63710. | ||||
| Applies to: |
Created: 2014-12-18 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-9322 |
Title: arch/x86/kernel/entry_64.S in the Linux kernel before 3.17.5 does not properly handle faults associated with the Stack Segment (SS) segment register, which allows local users to gain privileges by triggering an IRET instruction that... |
Type: Mobile Devices |
Bulletins:
CVE-2014-9322 |
Severity: High |
| Description: arch/x86/kernel/entry_64.S in the Linux kernel before 3.17.5 does not properly handle faults associated with the Stack Segment (SS) segment register, which allows local users to gain privileges by triggering an IRET instruction that leads to access to a GS Base address from the wrong space. | ||||
| Applies to: |
Created: 2014-12-17 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-8609 |
Title: The addAccount method in src/com/android/settings/accounts/AddAccountSettings.java in the Settings application in Android before 5.0.0 does not properly create a PendingIntent, which allows attackers to use the SYSTEM uid for... |
Type: Mobile Devices |
Bulletins:
CVE-2014-8609 |
Severity: High |
| Description: The addAccount method in src/com/android/settings/accounts/AddAccountSettings.java in the Settings application in Android before 5.0.0 does not properly create a PendingIntent, which allows attackers to use the SYSTEM uid for broadcasting an intent with arbitrary component, action, or category information via a third-party authenticator in a crafted application, aka Bug 17356824. | ||||
| Applies to: |
Created: 2014-12-15 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-8507 |
Title: Multiple SQL injection vulnerabilities in the queryLastApp method in packages/WAPPushManager/src/com/android/smspush/WapPushManager.java in the WAPPushManager module in Android before 5.0.0 allow remote attackers to execute arbitrary... |
Type: Mobile Devices |
Bulletins:
CVE-2014-8507 SFBID71310 |
Severity: High |
| Description: Multiple SQL injection vulnerabilities in the queryLastApp method in packages/WAPPushManager/src/com/android/smspush/WapPushManager.java in the WAPPushManager module in Android before 5.0.0 allow remote attackers to execute arbitrary SQL commands, and consequently launch an activity or service, via the (1) wapAppId or (2) contentType field of a PDU for a malformed WAPPush message, aka Bug 17969135. | ||||
| Applies to: |
Created: 2014-12-15 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-7911 |
Title: luni/src/main/java/java/io/ObjectInputStream.java in the java.io.ObjectInputStream implementation in Android before 5.0.0 does not verify that deserialization will result in an object that met the requirements for serialization,... |
Type: Mobile Devices |
Bulletins:
CVE-2014-7911 |
Severity: High |
| Description: luni/src/main/java/java/io/ObjectInputStream.java in the java.io.ObjectInputStream implementation in Android before 5.0.0 does not verify that deserialization will result in an object that met the requirements for serialization, which allows attackers to execute arbitrary code via a crafted finalize method for a serialized object in an ArrayMap Parcel within an intent sent to system_service, as demonstrated by the finalize method of android.os.BinderProxy, aka Bug 15874291. | ||||
| Applies to: |
Created: 2014-12-15 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-8610 |
Title: AndroidManifest.xml in Android before 5.0.0 does not require the SEND_SMS permission for the SmsReceiver receiver, which allows attackers to send stored SMS messages, and consequently transmit arbitrary new draft SMS messages or... |
Type: Mobile Devices |
Bulletins:
CVE-2014-8610 |
Severity: Low |
| Description: AndroidManifest.xml in Android before 5.0.0 does not require the SEND_SMS permission for the SmsReceiver receiver, which allows attackers to send stored SMS messages, and consequently transmit arbitrary new draft SMS messages or trigger additional per-message charges from a network operator for old messages, via a crafted application that broadcasts an intent with the com.android.mms.transaction.MESSAGE_SENT action, aka Bug 17671795. | ||||
| Applies to: |
Created: 2014-12-15 |
Updated: 2024-01-17 |
||
| ID: MITRE:28472 |
Title: SUSE-SU-2014:1544-1 -- Security update for LibreOffice |
Type: Software |
Bulletins:
MITRE:28472 |
Severity: Low |
| Description: LibreOffice was updated to fix two security issues. These security issues have been fixed: * "Document as E-mail" vulnerability (bnc#900218). * Impress remote control use-after-free vulnerability (CVE-2014-3693). Security Issues: * CVE-2014-3693 | ||||
| Applies to: LibreOffice |
Created: 2014-12-08 |
Updated: 2015-01-26 |
||
| ID: MITRE:27600 |
Title: SUSE-SU-2014:1458-3 -- Security update for MozillaFirefox |
Type: Software |
Bulletins:
MITRE:27600 |
Severity: Low |
| Description: This version update of Mozilla Firefox to 31.2.0ESR brings improvements, stability fixes and also security fixes for the following CVEs: CVE-2014-1574, CVE-2014-1575, CVE-2014-1576 ,CVE-2014-1577, CVE-2014-1578, CVE-2014-1581, CVE-2014-1583, CVE-2014-1585, CVE-2014-1586 It also disables SSLv3 by default to mitigate the protocol downgrade attack known as POODLE. Security Issues: * CVE-2014-1574 | ||||
| Applies to: MozillaFirefox |
Created: 2014-12-08 |
Updated: 2015-01-26 |
||
| ID: MITRE:28194 |
Title: SUSE-SU-2014:1442-1 -- Security update for flash-player |
Type: Software |
Bulletins:
MITRE:28194 |
Severity: Low |
| Description: flash-player was updated to version 11.2.202.418 to fix 18 security issues: * Memory corruption vulnerabilities that could lead to code execution (CVE-2014-0576, CVE-2014-0581, CVE-2014-8440, CVE-2014-8441). * Use-after-free vulnerabilities that could lead to code execution (CVE-2014-0573, CVE-2014-0588, CVE-2014-8438). * A double free vulnerability that could lead to code execution (CVE-2014-0574). * Type confusion vulnerabilities that could lead to code execution (CVE-2014-0577, CVE-2014-0584, CVE-2014-0585, CVE-2014-0586, CVE-2014-0590). * Heap buffer overflow vulnerabilities that could lead to code execution (CVE-2014-0582, CVE-2014-0589). * An information disclosure vulnerability that could be exploited to disclose session tokens (CVE-2014-8437). * A heap buffer overflow vulnerability that could be exploited to perform privilege escalation from low to medium integrity level (CVE-2014-0583). * A permission issue that could be exploited to perform privilege escalation from low to medium integrity level (CVE-2014-8442). Further information can be found at http://helpx.adobe.com/security/products/flash-player/apsb14-24.html | ||||
| Applies to: flash-player |
Created: 2014-12-08 |
Updated: 2015-01-26 |
||
| ID: MITRE:28507 |
Title: SUSE-SU-2014:1408-1 -- Security update for wget |
Type: Software |
Bulletins:
MITRE:28507 |
Severity: Low |
| Description: wget was updated to fix one security issue: * FTP symbolic link arbitrary filesystem access (CVE-2014-4877). Security Issues: * CVE-2014-4877 | ||||
| Applies to: wget |
Created: 2014-12-08 |
Updated: 2015-01-26 |
||
| ID: MITRE:28277 |
Title: SUSE-SU-2014:1392-1 -- Security update for Java OpenJDK |
Type: Software |
Bulletins:
MITRE:28277 |
Severity: Low |
| Description: Oracle Critical Patch Update Advisory - October 2014 Description: A Critical Patch Update (CPU) is a collection of patches for multiple security vulnerabilities. Find more information here: http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | ||||
| Applies to: Java OpenJDK |
Created: 2014-12-08 |
Updated: 2015-01-26 |
||
| ID: MITRE:28457 |
Title: SUSE-SU-2014:1387-1 -- Security update for OpenSSL |
Type: Services |
Bulletins:
MITRE:28457 |
Severity: Low |
| Description: This OpenSSL update fixes the following issues: * Session Ticket Memory Leak (CVE-2014-3567) * Build option no-ssl3 is incomplete ((CVE-2014-3568) * Add support for TLS_FALLBACK_SCSV to mitigate CVE-2014-3566 (POODLE) Security Issues: * CVE-2014-3567 | ||||
| Applies to: OpenSSL |
Created: 2014-12-08 |
Updated: 2015-01-26 |
||
| ID: MITRE:27526 |
Title: SUSE-SU-2014:1360-1 -- Security update for flash-player |
Type: Software |
Bulletins:
MITRE:27526 |
Severity: Low |
| Description: This update fixes multiple code execution vulnerabilities in flash-player (APSB14-22). CVE-2014-0564, CVE-2014-0558 and CVE-2014-0569 have been assigned to this issue. Security Issues: * CVE-2014-0569 | ||||
| Applies to: flash-player |
Created: 2014-12-08 |
Updated: 2015-01-26 |
||
| ID: MITRE:28295 |
Title: RHSA-2014:1959 -- kernel security and bug fix update |
Type: Software |
Bulletins:
MITRE:28295 |
Severity: Low |
| Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. * It was found that the permission checks performed by the Linux kernel when a netlink message was received were not sufficient. A local, unprivileged user could potentially bypass these restrictions by passing a netlink socket as stdout or stderr to a more privileged process and altering the output of this process. (CVE-2014-0181, Moderate) Red Hat would like to thank Andy Lutomirski for reporting this issue. This update also fixes the following bugs: * Previously, the kernel did not successfully deliver multicast packets when the multicast querier was disabled. Consequently, the corosync utility terminated unexpectedly and the affected storage node did not join its intended cluster. With this update, multicast packets are delivered properly when the multicast querier is disabled, and corosync handles the node as expected. (BZ#902454) * Previously, the kernel wrote the metadata contained in all system information blocks on a single page of the /proc/sysinfo file. However, when the machine configuration was very extensive and the data did not fit on a single page, the system overwrote random memory regions, which in turn caused data corruption when reading the /proc/sysconf file. With this update, /proc/sysinfo automatically allocates a larger buffer if the data output does not fit the current buffer, which prevents the data corruption. (BZ#1131283) * Prior to this update, the it_real_fn() function did not, in certain cases, successfully acquire the SIGLOCK signal when the do_setitimer() function used the ITIMER_REAL timer. As a consequence, the current process entered an endless loop and became unresponsive. This update fixes the bug and it_real_fn() no longer causes the kernel to become unresponsive. (BZ#1134654) All kernel users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect. | ||||
| Applies to: kernel |
Created: 2014-12-08 |
Updated: 2015-01-26 |
||
| ID: MITRE:27507 |
Title: RHSA-2014:1956 -- wpa_supplicant security update |
Type: Software |
Bulletins:
MITRE:27507 |
Severity: Low |
| Description: The wpa_supplicant package contains an 802.1X Supplicant with support for WEP, WPA, WPA2 (IEEE 802.11i / RSN), and various EAP authentication methods. It implements key negotiation with a WPA Authenticator for client stations and controls the roaming and IEEE 802.11 authentication and association of the WLAN driver. A command injection flaw was found in the way the wpa_cli utility executed action scripts. If wpa_cli was run in daemon mode to execute an action script (specified using the -a command line option), and wpa_supplicant was configured to connect to a P2P group, malicious P2P group parameters could cause wpa_cli to execute arbitrary code. (CVE-2014-3686) Red Hat would like to thank Jouni Malinen for reporting this issue. All wpa_supplicant users are advised to upgrade to this updated package, which contains a backported patch to correct this issue. | ||||
| Applies to: wpa_supplicant |
Created: 2014-12-08 |
Updated: 2015-02-23 |
||
| ID: MITRE:28139 |
Title: RHSA-2014:1948 -- nss, nss-util, and nss-softokn security, bug fix, and enhancement update |
Type: Miscellaneous |
Bulletins:
MITRE:28139 |
Severity: Low |
| Description: Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime (NSPR) provides platform independence for non-GUI operating system facilities. This update adds support for the TLS Fallback Signaling Cipher Suite Value (TLS_FALLBACK_SCSV), which can be used to prevent protocol downgrade attacks against applications which re-connect using a lower SSL/TLS protocol version when the initial connection indicating the highest supported protocol version fails. This can prevent a forceful downgrade of the communication to SSL 3.0. The SSL 3.0 protocol was found to be vulnerable to the padding oracle attack when using block cipher suites in cipher block chaining (CBC) mode. This issue is identified as CVE-2014-3566, and also known under the alias POODLE. This SSL 3.0 protocol flaw will not be addressed in a future update; it is recommended that users configure their applications to require at least TLS protocol version 1.0 for secure communication. | ||||
| Applies to: nss |
Created: 2014-12-08 |
Updated: 2015-01-26 |
||
| ID: MITRE:28459 |
Title: RHSA-2014:1924 -- thunderbird security update |
Type: Software |
Bulletins:
MITRE:28459 |
Severity: Low |
| Description: Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2014-1587, CVE-2014-1590, CVE-2014-1592, CVE-2014-1593) A flaw was found in the Alarm API, which could allow applications to schedule actions to be run in the future. A malicious web application could use this flaw to bypass the same-origin policy. (CVE-2014-1594) Note: All of the above issues cannot be exploited by a specially crafted HTML mail message as JavaScript is disabled by default for mail messages. They could be exploited another way in Thunderbird, for example, when viewing the full remote content of an RSS feed. This update disables SSL 3.0 support by default in Thunderbird. Details on how to re-enable SSL 3.0 support are available at: https://access.redhat.com/articles/1284233 Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Gary Kwong, Randell Jesup, Nils Ohlmeier, Jesse Ruderman, Max Jonas Werner, Joe Vennix, Berend-Jan Wever, Abhishek Arya, and Boris Zbarsky as the original reporters of these issues. For technical details regarding these flaws, refer to the Mozilla security advisories for Thunderbird 31.3.0. You can find a link to the Mozilla advisories in the References section of this erratum. All Thunderbird users should upgrade to this updated package, which contains Thunderbird version 31.3.0, which corrects these issues. After installing the update, Thunderbird must be restarted for the changes to take effect. | ||||
| Applies to: thunderbird |
Created: 2014-12-08 |
Updated: 2015-01-26 |
||
| ID: MITRE:27983 |
Title: RHSA-2014:1919 -- firefox security update |
Type: Software |
Bulletins:
MITRE:27983 |
Severity: Low |
| Description: Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2014-1587, CVE-2014-1590, CVE-2014-1592, CVE-2014-1593) A flaw was found in the Alarm API, which could allow applications to schedule actions to be run in the future. A malicious web application could use this flaw to bypass the same-origin policy. (CVE-2014-1594) This update disables SSL 3.0 support by default in Firefox. Details on how to re-enable SSL 3.0 support are available at: https://access.redhat.com/articles/1283153 Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Gary Kwong, Randell Jesup, Nils Ohlmeier, Jesse Ruderman, Max Jonas Werner, Joe Vennix, Berend-Jan Wever, Abhishek Arya, and Boris Zbarsky as the original reporters of these issues. For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 31.3.0 ESR. You can find a link to the Mozilla advisories in the References section of this erratum. All Firefox users should upgrade to these updated packages, which contain Firefox version 31.3.0 ESR, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect. | ||||
| Applies to: firefox |
Created: 2014-12-08 |
Updated: 2015-01-26 |
||
| ID: MITRE:27935 |
Title: RHSA-2014:1912 -- ruby security update |
Type: Software |
Bulletins:
MITRE:27935 |
Severity: Low |
| Description: Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Multiple denial of service flaws were found in the way the Ruby REXML XML parser performed expansion of parameter entities. A specially crafted XML document could cause REXML to use an excessive amount of CPU and memory. (CVE-2014-8080, CVE-2014-8090) A stack-based buffer overflow was found in the implementation of the Ruby Array pack() method. When performing base64 encoding, a single byte could be written past the end of the buffer, possibly causing Ruby to crash. (CVE-2014-4975) The CVE-2014-8090 issue was discovered by Red Hat Product Security. All ruby users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. All running instances of Ruby need to be restarted for this update to take effect. | ||||
| Applies to: ruby |
Created: 2014-12-08 |
Updated: 2015-01-26 |
||
| ID: MITRE:28142 |
Title: RHSA-2014:1911 -- ruby security update |
Type: Software |
Bulletins:
MITRE:28142 |
Severity: Low |
| Description: Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Multiple denial of service flaws were found in the way the Ruby REXML XML parser performed expansion of parameter entities. A specially crafted XML document could cause REXML to use an excessive amount of CPU and memory. (CVE-2014-8080, CVE-2014-8090) The CVE-2014-8090 issue was discovered by Red Hat Product Security. All ruby users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. All running instances of Ruby need to be restarted for this update to take effect. | ||||
| Applies to: ruby |
Created: 2014-12-08 |
Updated: 2015-01-26 |
||
| ID: MITRE:27716 |
Title: RHSA-2014:1893 -- libXfont security update |
Type: Software |
Bulletins:
MITRE:27716 |
Severity: Low |
| Description: The libXfont packages provide the X.Org libXfont runtime library. X.Org is an open source implementation of the X Window System. A use-after-free flaw was found in the way libXfont processed certain font files when attempting to add a new directory to the font path. A malicious, local user could exploit this issue to potentially execute arbitrary code with the privileges of the X.Org server. (CVE-2014-0209) Multiple out-of-bounds write flaws were found in the way libXfont parsed replies received from an X.org font server. A malicious X.org server could cause an X client to crash or, possibly, execute arbitrary code with the privileges of the X.Org server. (CVE-2014-0210, CVE-2014-0211) Red Hat would like to thank the X.org project for reporting these issues. Upstream acknowledges Ilja van Sprundel as the original reporter. Users of libXfont should upgrade to these updated packages, which contain a backported patch to resolve this issue. All running X.Org server instances must be restarted for the update to take effect. | ||||
| Applies to: libXfont |
Created: 2014-12-08 |
Updated: 2015-01-26 |
||
| ID: MITRE:27707 |
Title: RHSA-2014:1885 -- libxml2 security update |
Type: Miscellaneous |
Bulletins:
MITRE:27707 |
Severity: Low |
| Description: The libxml2 library is a development toolbox providing the implementation of various XML standards. A denial of service flaw was found in libxml2, a library providing support to read, modify and write XML and HTML files. A remote attacker could provide a specially crafted XML file that, when processed by an application using libxml2, would lead to excessive CPU consumption (denial of service) based on excessive entity substitutions, even if entity substitution was disabled, which is the parser default behavior. (CVE-2014-3660) All libxml2 users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. The desktop must be restarted (log out, then log back in) for this update to take effect. | ||||
| Applies to: libxml2 |
Created: 2014-12-08 |
Updated: 2015-01-26 |
||
| ID: MITRE:28313 |
Title: RHSA-2014:1873 -- libvirt security and bug fix update |
Type: Software |
Bulletins:
MITRE:28313 |
Severity: Low |
| Description: The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. An out-of-bounds read flaw was found in the way libvirt's qemuDomainGetBlockIoTune() function looked up the disk index in a non-persistent (live) disk configuration while a persistent disk configuration was being indexed. A remote attacker able to establish a read-only connection to libvirtd could use this flaw to crash libvirtd or, potentially, leak memory from the libvirtd process. (CVE-2014-3633) A denial of service flaw was found in the way libvirt's virConnectListAllDomains() function computed the number of used domains. A remote attacker able to establish a read-only connection to libvirtd could use this flaw to make any domain operations within libvirt unresponsive. (CVE-2014-3657) It was found that when the VIR_DOMAIN_XML_MIGRATABLE flag was used, the QEMU driver implementation of the virDomainGetXMLDesc() function could bypass the restrictions of the VIR_DOMAIN_XML_SECURE flag. A remote attacker able to establish a read-only connection to libvirtd could use this flaw to leak certain limited information from the domain XML data. (CVE-2014-7823) The CVE-2014-3633 issue was discovered by Luyao Huang of Red Hat. This update also fixes the following bug: When dumping migratable XML configuration of a domain, libvirt removes some automatically added devices for compatibility with older libvirt releases. If such XML is passed to libvirt as a domain XML that should be used during migration, libvirt checks this XML for compatibility with the internally stored configuration of the domain. However, prior to this update, these checks failed because of devices that were missing (the same devices libvirt removed). As a consequence, migration with user-supplied migratable XML failed. Since this feature is used by OpenStack, migrating QEMU/KVM domains with OpenStack always failed. With this update, before checking domain configurations for compatibility, libvirt transforms both user-supplied and internal configuration into a migratable form (automatically added devices are removed) and checks those instead. Thus, no matter whether the user-supplied configuration was generated as migratable or not, libvirt does not err about missing devices, and migration succeeds as expected. (BZ#1155564) All libvirt users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, libvirtd will be restarted automatically. | ||||
| Applies to: libvirt |
Created: 2014-12-08 |
Updated: 2015-01-26 |
||
| ID: MITRE:28435 |
Title: RHSA-2014:1870 -- libXfont security update |
Type: Software |
Bulletins:
MITRE:28435 |
Severity: Low |
| Description: The libXfont packages provide the X.Org libXfont runtime library. X.Org is an open source implementation of the X Window System. A use-after-free flaw was found in the way libXfont processed certain font files when attempting to add a new directory to the font path. A malicious, local user could exploit this issue to potentially execute arbitrary code with the privileges of the X.Org server. (CVE-2014-0209) Multiple out-of-bounds write flaws were found in the way libXfont parsed replies received from an X.org font server. A malicious X.org server could cause an X client to crash or, possibly, execute arbitrary code with the privileges of the X.Org server. (CVE-2014-0210, CVE-2014-0211) Red Hat would like to thank the X.org project for reporting these issues. Upstream acknowledges Ilja van Sprundel as the original reporter. Users of libXfont should upgrade to these updated packages, which contain a backported patch to resolve this issue. All running X.Org server instances must be restarted for the update to take effect. | ||||
| Applies to: libXfont |
Created: 2014-12-08 |
Updated: 2015-01-26 |
||
| ID: MITRE:27610 |
Title: RHSA-2014:1861 -- mariadb security update |
Type: Software |
Bulletins:
MITRE:27610 |
Severity: Low |
| Description: MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. This update fixes several vulnerabilities in the MariaDB database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section. (CVE-2014-2494, CVE-2014-4207, CVE-2014-4243, CVE-2014-4258, CVE-2014-4260, CVE-2014-4287, CVE-2014-4274, CVE-2014-6463, CVE-2014-6464, CVE-2014-6469, CVE-2014-6484, CVE-2014-6505, CVE-2014-6507, CVE-2014-6520, CVE-2014-6530, CVE-2014-6551, CVE-2014-6555, CVE-2014-6559) These updated packages upgrade MariaDB to version 5.5.40. Refer to the MariaDB Release Notes listed in the References section for a complete list of changes. All MariaDB users should upgrade to these updated packages, which correct these issues. After installing this update, the MariaDB server daemon (mysqld) will be restarted automatically. | ||||
| Applies to: mariadb |
Created: 2014-12-08 |
Updated: 2015-02-23 |
||
| ID: MITRE:28389 |
Title: RHSA-2014:1859 -- mysql55-mysql security update |
Type: Software |
Bulletins:
MITRE:28389 |
Severity: Low |
| Description: MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries. This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section. (CVE-2014-2494, CVE-2014-4207, CVE-2014-4243, CVE-2014-4258, CVE-2014-4260, CVE-2014-4287, CVE-2014-4274, CVE-2014-6463, CVE-2014-6464, CVE-2014-6469, CVE-2014-6484, CVE-2014-6505, CVE-2014-6507, CVE-2014-6520, CVE-2014-6530, CVE-2014-6551, CVE-2014-6555, CVE-2014-6559) These updated packages upgrade MySQL to version 5.5.40. Refer to the MySQL Release Notes listed in the References section for a complete list of changes. All MySQL users should upgrade to these updated packages, which correct these issues. After installing this update, the MySQL server daemon (mysqld) will be restarted automatically. | ||||
| Applies to: mysql55-mysql |
Created: 2014-12-08 |
Updated: 2015-01-26 |
||
| ID: MITRE:27895 |
Title: RHSA-2014:1846 -- gnutls security update |
Type: Software |
Bulletins:
MITRE:27895 |
Severity: Low |
| Description: The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security (TLS). The gnutls packages also include the libtasn1 library, which provides Abstract Syntax Notation One (ASN.1) parsing and structures management, and Distinguished Encoding Rules (DER) encoding and decoding functions. An out-of-bounds memory write flaw was found in the way GnuTLS parsed certain ECC (Elliptic Curve Cryptography) certificates or certificate signing requests (CSR). A malicious user could create a specially crafted ECC certificate or a certificate signing request that, when processed by an application compiled against GnuTLS (for example, certtool), could cause that application to crash or execute arbitrary code with the permissions of the user running the application. (CVE-2014-8564) Red Hat would like to thank GnuTLS upstream for reporting this issue. Upstream acknowledges Sean Burford as the original reporter. All gnutls users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. For the update to take effect, all applications linked to the GnuTLS or libtasn1 library must be restarted. | ||||
| Applies to: gnutls |
Created: 2014-12-08 |
Updated: 2015-01-26 |
||
| ID: MITRE:27992 |
Title: RHSA-2014:1843 -- kernel security and bug fix update |
Type: Software |
Bulletins:
MITRE:27992 |
Severity: Low |
| Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. * A race condition flaw was found in the way the Linux kernel's KVM subsystem handled PIT (Programmable Interval Timer) emulation. A guest user who has access to the PIT I/O ports could use this flaw to crash the host. (CVE-2014-3611, Important) * A memory corruption flaw was found in the way the USB ConnectTech WhiteHEAT serial driver processed completion commands sent via USB Request Blocks buffers. An attacker with physical access to the system could use this flaw to crash the system or, potentially, escalate their privileges on the system. (CVE-2014-3185, Moderate) * It was found that the Linux kernel's KVM subsystem did not handle the VM exits gracefully for the invept (Invalidate Translations Derived from EPT) and invvpid (Invalidate Translations Based on VPID) instructions. On hosts with an Intel processor and invept/invppid VM exit support, an unprivileged guest user could use these instructions to crash the guest. (CVE-2014-3645, CVE-2014-3646, Moderate) Red Hat would like to thank Lars Bull of Google for reporting CVE-2014-3611, and the Advanced Threat Research team at Intel Security for reporting CVE-2014-3645 and CVE-2014-3646. This update also fixes the following bugs: * This update fixes several race conditions between PCI error recovery callbacks and potential calls of the ifup and ifdown commands in the tg3 driver. When triggered, these race conditions could cause a kernel crash. (BZ#1142570) * Previously, GFS2 failed to unmount a sub-mounted GFS2 file system if its parent was also a GFS2 file system. This problem has been fixed by adding the appropriate d_op->d_hash() routine call for the last component of the mount point path in the path name lookup mechanism code (namei). (BZ#1145193) * Due to previous changes in the virtio-net driver, a Red Hat Enterprise Linux 6.6 guest was unable to boot with the "mgr_rxbuf=off" option specified. This was caused by providing the page_to_skb() function with an incorrect packet length in the driver's Rx path. This problem has been fixed and the guest in the described scenario can now boot successfully. (BZ#1148693) * When using one of the newer IPSec Authentication Header (AH) algorithms with Openswan, a kernel panic could occur. This happened because the maximum truncated ICV length was too small. To fix this problem, the MAX_AH_AUTH_LEN parameter has been set to 64. (BZ#1149083) * A bug in the IPMI driver caused the kernel to panic when an IPMI interface was removed using the hotmod script. The IPMI driver has been fixed to properly clean the relevant data when removing an IPMI interface. (BZ#1149578) * Due to a bug in the IPMI driver, the kernel could panic when adding an IPMI interface that was previously removed using the hotmod script. This update fixes this bug by ensuring that the relevant shadow structure is initialized at the right time. (BZ#1149580) All kernel users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect. | ||||
| Applies to: kernel |
Created: 2014-12-08 |
Updated: 2015-01-26 |
||
| ID: MITRE:28039 |
Title: RHSA-2014:1827 -- kdenetwork security update |
Type: Software |
Bulletins:
MITRE:28039 |
Severity: Low |
| Description: The kdenetwork packages contain networking applications for the K Desktop Environment (KDE). Krfb Desktop Sharing, which is a part of the kdenetwork package, is a server application that allows session sharing between users. Krfb uses the LibVNCServer library. A NULL pointer dereference flaw was found in the way LibVNCServer handled certain ClientCutText message. A remote attacker could use this flaw to crash the VNC server by sending a specially crafted ClientCutText message from a VNC client. (CVE-2014-6053) A divide-by-zero flaw was found in the way LibVNCServer handled the scaling factor when it was set to "0". A remote attacker could use this flaw to crash the VNC server using a malicious VNC client. (CVE-2014-6054) Two stack-based buffer overflow flaws were found in the way LibVNCServer handled file transfers. A remote attacker could use this flaw to crash the VNC server using a malicious VNC client. (CVE-2014-6055) Red Hat would like to thank oCERT for reporting these issues. oCERT acknowledges Nicolas Ruff as the original reporter. Note: Prior to this update, the kdenetwork packages used an embedded copy of the LibVNCServer library. With this update, the kdenetwork packages have been modified to use the system LibVNCServer packages. Therefore, the update provided by RHSA-2014:1826 must be installed to fully address the issues in krfb described above. All kdenetwork users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. All running instances of the krfb server must be restarted for this update to take effect. | ||||
| Applies to: kdenetwork |
Created: 2014-12-08 |
Updated: 2015-02-23 |
||
| ID: MITRE:28208 |
Title: RHSA-2014:1826 -- libvncserver security update |
Type: Software |
Bulletins:
MITRE:28208 |
Severity: Low |
| Description: LibVNCServer is a library that allows for easy creation of VNC server or client functionality. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way screen sizes were handled by LibVNCServer. A malicious VNC server could use this flaw to cause a client to crash or, potentially, execute arbitrary code in the client. (CVE-2014-6051) A NULL pointer dereference flaw was found in LibVNCServer's framebuffer setup. A malicious VNC server could use this flaw to cause a VNC client to crash. (CVE-2014-6052) A NULL pointer dereference flaw was found in the way LibVNCServer handled certain ClientCutText message. A remote attacker could use this flaw to crash the VNC server by sending a specially crafted ClientCutText message from a VNC client. (CVE-2014-6053) A divide-by-zero flaw was found in the way LibVNCServer handled the scaling factor when it was set to "0". A remote attacker could use this flaw to crash the VNC server using a malicious VNC client. (CVE-2014-6054) Two stack-based buffer overflow flaws were found in the way LibVNCServer handled file transfers. A remote attacker could use this flaw to crash the VNC server using a malicious VNC client. (CVE-2014-6055) Red Hat would like to thank oCERT for reporting these issues. oCERT acknowledges Nicolas Ruff as the original reporter. All libvncserver users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. All running applications linked against libvncserver must be restarted for this update to take effect. | ||||
| Applies to: libvncserver |
Created: 2014-12-08 |
Updated: 2015-01-26 |
||
| ID: MITRE:28186 |
Title: RHSA-2014:1824 -- php security update |
Type: Web |
Bulletins:
MITRE:28186 |
Severity: Low |
| Description: PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A buffer overflow flaw was found in the Exif extension. A specially crafted JPEG or TIFF file could cause a PHP application using the exif_thumbnail() function to crash or, possibly, execute arbitrary code with the privileges of the user running that PHP application. (CVE-2014-3670) A stack-based buffer overflow flaw was found in the way the xmlrpc extension parsed dates in the ISO 8601 format. A specially crafted XML-RPC request or response could possibly cause a PHP application to crash. (CVE-2014-8626) An integer overflow flaw was found in the way custom objects were unserialized. Specially crafted input processed by the unserialize() function could cause a PHP application to crash. (CVE-2014-3669) All php users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd daemon must be restarted for the update to take effect. | ||||
| Applies to: php |
Created: 2014-12-08 |
Updated: 2015-01-26 |
||
| ID: MITRE:28374 |
Title: RHSA-2014:1803 -- mod_auth_mellon security update |
Type: Software |
Bulletins:
MITRE:28374 |
Severity: Low |
| Description: mod_auth_mellon provides a SAML 2.0 authentication module for the Apache HTTP Server. An information disclosure flaw was found in mod_auth_mellon's session handling that could lead to sessions overlapping in memory. A remote attacker could potentially use this flaw to obtain data from another user's session. (CVE-2014-8566) It was found that uninitialized data could be read when processing a user's logout request. By attempting to log out, a user could possibly cause the Apache HTTP Server to crash. (CVE-2014-8567) Red Hat would like to thank the mod_auth_mellon team for reporting these issues. Upstream acknowledges Matthew Slowe as the original reporter of CVE-2014-8566. All users of mod_auth_mellon are advised to upgrade to this updated package, which contains a backported patch to correct these issues. | ||||
| Applies to: mod_auth_mellon |
Created: 2014-12-08 |
Updated: 2015-01-26 |
||
| ID: MITRE:27612 |
Title: RHSA-2014:1801 -- shim security update |
Type: Software |
Bulletins:
MITRE:27612 |
Severity: Low |
| Description: Shim is the initial UEFI bootloader that handles chaining to a trusted full bootloader under secure boot environments. A heap-based buffer overflow flaw was found the way shim parsed certain IPv6 addresses. If IPv6 network booting was enabled, a malicious server could supply a crafted IPv6 address that would cause shim to crash or, potentially, execute arbitrary code. (CVE-2014-3676) An out-of-bounds memory write flaw was found in the way shim processed certain Machine Owner Keys (MOKs). A local attacker could potentially use this flaw to execute arbitrary code on the system. (CVE-2014-3677) An out-of-bounds memory read flaw was found in the way shim parsed certain IPv6 packets. A specially crafted DHCPv6 packet could possibly cause shim to crash, preventing the system from booting if IPv6 booting was enabled. (CVE-2014-3675) Red Hat would like to thank the SUSE Security Team for reporting these issues. All shim users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect. | ||||
| Applies to: shim shim-signed |
Created: 2014-12-08 |
Updated: 2015-01-26 |
||
| ID: MITRE:28375 |
Title: RHSA-2014:1795 -- cups-filters security update |
Type: Software |
Bulletins:
MITRE:28375 |
Severity: Low |
| Description: The cups-filters package contains backends, filters, and other software that was once part of the core CUPS distribution but is now maintained independently. An out-of-bounds read flaw was found in the way the process_browse_data() function of cups-browsed handled certain browse packets. A remote attacker could send a specially crafted browse packet that, when processed by cups-browsed, would crash the cups-browsed daemon. (CVE-2014-4337) A flaw was found in the way the cups-browsed daemon interpreted the "BrowseAllow" directive in the cups-browsed.conf file. An attacker able to add a malformed "BrowseAllow" directive to the cups-browsed.conf file could use this flaw to bypass intended access restrictions. (CVE-2014-4338) All cups-filters users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing this update, the cups-browsed daemon will be restarted automatically. | ||||
| Applies to: cups-filters |
Created: 2014-12-08 |
Updated: 2015-01-26 |
||
| ID: MITRE:28326 |
Title: RHSA-2014:1768 -- php53 security update |
Type: Software |
Bulletins:
MITRE:28326 |
Severity: Low |
| Description: PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A buffer overflow flaw was found in the Exif extension. A specially crafted JPEG or TIFF file could cause a PHP application using the exif_thumbnail() function to crash or, possibly, execute arbitrary code with the privileges of the user running that PHP application. (CVE-2014-3670) An integer overflow flaw was found in the way custom objects were unserialized. Specially crafted input processed by the unserialize() function could cause a PHP application to crash. (CVE-2014-3669) An out-of-bounds read flaw was found in the way the File Information (fileinfo) extension parsed Executable and Linkable Format (ELF) files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted ELF file. (CVE-2014-3710) An out of bounds read flaw was found in the way the xmlrpc extension parsed dates in the ISO 8601 format. A specially crafted XML-RPC request or response could possibly cause a PHP application to crash. (CVE-2014-3668) The CVE-2014-3710 issue was discovered by Francisco Alonso of Red Hat Product Security. All php53 users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd daemon must be restarted for the update to take effect. | ||||
| Applies to: php53 |
Created: 2014-12-08 |
Updated: 2015-01-26 |
||
| ID: MITRE:28030 |
Title: RHSA-2014:1767 -- php security update |
Type: Web |
Bulletins:
MITRE:28030 |
Severity: Low |
| Description: PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A buffer overflow flaw was found in the Exif extension. A specially crafted JPEG or TIFF file could cause a PHP application using the exif_thumbnail() function to crash or, possibly, execute arbitrary code with the privileges of the user running that PHP application. (CVE-2014-3670) An integer overflow flaw was found in the way custom objects were unserialized. Specially crafted input processed by the unserialize() function could cause a PHP application to crash. (CVE-2014-3669) An out-of-bounds read flaw was found in the way the File Information (fileinfo) extension parsed Executable and Linkable Format (ELF) files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted ELF file. (CVE-2014-3710) An out of bounds read flaw was found in the way the xmlrpc extension parsed dates in the ISO 8601 format. A specially crafted XML-RPC request or response could possibly cause a PHP application to crash. (CVE-2014-3668) The CVE-2014-3710 issue was discovered by Francisco Alonso of Red Hat Product Security. All php users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd daemon must be restarted for the update to take effect. | ||||
| Applies to: php |
Created: 2014-12-08 |
Updated: 2015-01-26 |
||
| ID: MITRE:28354 |
Title: RHSA-2014:1764 -- wget security update |
Type: Software |
Bulletins:
MITRE:28354 |
Severity: Low |
| Description: The wget package provides the GNU Wget file retrieval utility for HTTP, HTTPS, and FTP protocols. A flaw was found in the way Wget handled symbolic links. A malicious FTP server could allow Wget running in the mirror mode (using the '-m' command line option) to write an arbitrary file to a location writable to by the user running Wget, possibly leading to code execution. (CVE-2014-4877) Note: This update changes the default value of the --retr-symlinks option. The file symbolic links are now traversed by default and pointed-to files are retrieved rather than creating a symbolic link locally. Red Hat would like to thank the GNU Wget project for reporting this issue. Upstream acknowledges HD Moore of Rapid7, Inc as the original reporter. All users of wget are advised to upgrade to this updated package, which contains a backported patch to correct this issue. | ||||
| Applies to: wget |
Created: 2014-12-08 |
Updated: 2015-01-26 |
||
| ID: MITRE:28090 |
Title: RHSA-2014:1724 -- kernel security and bug fix update |
Type: Software |
Bulletins:
MITRE:28090 |
Severity: Low |
| Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. Security fixes: * A race condition flaw was found in the way the Linux kernel's KVM subsystem handled PIT (Programmable Interval Timer) emulation. A guest user who has access to the PIT I/O ports could use this flaw to crash the host. (CVE-2014-3611, Important) * A NULL pointer dereference flaw was found in the way the Linux kernel's Stream Control Transmission Protocol (SCTP) implementation handled simultaneous connections between the same hosts. A remote attacker could use this flaw to crash the system. (CVE-2014-5077, Important) * It was found that the Linux kernel's KVM subsystem did not handle the VM exits gracefully for the invept (Invalidate Translations Derived from EPT) and invvpid (Invalidate Translations Based on VPID) instructions. On hosts with an Intel processor and invept/invppid VM exit support, an unprivileged guest user could use these instructions to crash the guest. (CVE-2014-3645, CVE-2014-3646, Moderate) * A use-after-free flaw was found in the way the Linux kernel's Advanced Linux Sound Architecture (ALSA) implementation handled user controls. A local, privileged user could use this flaw to crash the system. (CVE-2014-4653, Moderate) Red Hat would like to thank Lars Bull of Google for reporting CVE-2014-3611, and the Advanced Threat Research team at Intel Security for reporting CVE-2014-3645 and CVE-2014-3646. Bug fixes: * A known issue that could prevent Chelsio adapters using the cxgb4 driver from being initialized on IBM POWER8 systems has been fixed. These adapters can now be used on IBM POWER8 systems as expected. (BZ#1130548) * When bringing a hot-added CPU online, the kernel did not initialize a CPU mask properly, which could result in a kernel panic. This update corrects the bug by ensuring that the CPU mask is properly initialized and the correct NUMA node selected. (BZ#1134715) * The kernel could fail to bring a CPU online if the hardware supported both, the acpi-cpufreq and intel_pstate modules. This update ensures that the acpi-cpufreq module is not loaded in the intel_pstate module is loaded. (BZ#1134716) * Due to a bug in the time accounting of the kernel scheduler, a divide error could occur when hot adding a CPU. To fix this problem, the kernel scheduler time accounting has been reworked. (BZ#1134717) * The kernel did not handle exceptions caused by an invalid floating point control (FPC) register, resulting in a kernel oops. This problem has been fixed by placing the label to handle these exceptions to the correct place in the code. (BZ#1138733) * A previous change to the kernel for the PowerPC architecture changed implementation of the compat_sys_sendfile() function. Consequently, the 64-bit sendfile() system call stopped working for files larger than 2 GB on PowerPC. This update restores previous behavior of sendfile() on PowerPC, and it again process files bigger than 2 GB as expected. (BZ#1139126) * Previously, the kernel scheduler could schedule a CPU topology update even though the topology did not change. This could negatively affect the CPU load balancing, cause degradation of the system performance, and eventually result in a kernel oops. This problem has been fixed by skipping the CPU topology update if the topology has not actually changed. (BZ#1140300) * Previously, recovery of a double-degraded RAID6 array could, under certain circumstances, result in data corruption. This could happen because the md driver was using an optimization that is safe to use only for single-degraded arrays. This update ensures that this optimization is skipped during the recovery of double-degraded RAID6 arrays. (BZ#1143850) All kernel users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect. | ||||
| Applies to: kernel |
Created: 2014-12-08 |
Updated: 2015-01-26 |
||
| ID: MITRE:28373 |
Title: ELSA-2014-3096 -- Unbreakable Enterprise kernel security update |
Type: Software |
Bulletins:
MITRE:28373 |
Severity: Low |
| Description: Unbreakable Enterprise kernel security update | ||||
| Applies to: kernel-uek |
Created: 2014-12-08 |
Updated: 2015-03-16 |
||
| ID: MITRE:27549 |
Title: ELSA-2014-3095 -- docker security and bug fix update |
Type: Software |
Bulletins:
MITRE:27549 |
Severity: Low |
| Description: [1.3.2-1.0.1] - Rename requirement of docker-io-pkg-devel in %package devel as docker-pkg-devel - Restore SysV init scripts for Oracle Linux 6 - Require Oracle Unbreakable Enterprise Kernel Release 3 or higher - Rename as docker. - Re-enable btrfs graphdriver support [1.3.2-1] - Update source to 1.3.2 from https://github.com/docker/docker/releases/tag/v1.3.2 Prevent host privilege escalation from an image extraction vulnerability (CVE-2014-6407). Prevent container escalation from malicious security options applied to images (CVE-2014-6408). The '--insecure-registry' flag of the 'docker run' command has undergone several refinements and additions. You can now specify a sub-net in order to set a range of registries which the Docker daemon will consider insecure. By default, Docker now defines 'localhost' as an insecure registry. Registries can now be referenced using the Classless Inter-Domain Routing (CIDR) format. When mirroring is enabled, the experimental registry v2 API is skipped. [1.3.1-2] - Remove pandoc from build reqs [1.3.1-1] - update to v1.3.1 [1.3.0-1] - Resolves: rhbz#1153936 - update to v1.3.0 - iptables=false => ip-masq=false [1.2.0-3] - Resolves: rhbz#1139415 - correct path for bash completion /usr/share/bash-completion/completions - sysvinit script update as per upstream commit 640d2ef6f54d96ac4fc3f0f745cb1e6a35148607 - dont own dirs for vim highlighting, bash completion and udev [1.2.0-2] - Resolves: rhbz#1145660 - support /etc/sysconfig/docker-storage From: Colin Walters | ||||
| Applies to: docker |
Created: 2014-12-08 |
Updated: 2015-01-26 |
||
| ID: MITRE:28263 |
Title: ELSA-2014-3094 -- bash security update |
Type: Software |
Bulletins:
MITRE:28263 |
Severity: Low |
| Description: [3.2-33.4.0.1] - Fix segfaults from CVE-2014-6277 and CVE-2014-6278 completely. [orabug 19905421] | ||||
| Applies to: bash |
Created: 2014-12-08 |
Updated: 2015-01-26 |
||
| ID: MITRE:27461 |
Title: ELSA-2014-3093 -- bash security update |
Type: Software |
Bulletins:
MITRE:27461 |
Severity: Low |
| Description: [4.1.2-29.0.1] - Fix segfaults from CVE-2014-6277 and CVE-2014-6278 completely. [orabug 19905294] | ||||
| Applies to: bash |
Created: 2014-12-08 |
Updated: 2015-01-26 |
||
| ID: MITRE:28237 |
Title: ELSA-2014-3092 -- bash security update |
Type: Software |
Bulletins:
MITRE:28237 |
Severity: Low |
| Description: [4.2.45-5.4.0.1] - Fix segfaults from CVE-2014-6277 and CVE-2014-6278 completely. [orabug 19905256] | ||||
| Applies to: bash |
Created: 2014-12-08 |
Updated: 2015-01-26 |
||
| ID: MITRE:27775 |
Title: ELSA-2014-1959-1 -- kernel security and bug fix update |
Type: Software |
Bulletins:
MITRE:27775 |
Severity: Low |
| Description: kernel [2.6.18-400.0.0.0.1] - [net] fix tcp_trim_head() (James Li) [orabug 14512145, 19219078] - ocfs2: dlm: fix recovery hung (Junxiao Bi) [orabug 13956772] - i386: fix MTRR code (Zhenzhong Duan) [orabug 15862649] - [oprofile] x86, mm: Add __get_user_pages_fast() [orabug 14277030] - [oprofile] export __get_user_pages_fast() function [orabug 14277030] - [oprofile] oprofile, x86: Fix nmi-unsafe callgraph support [orabug 14277030] - [oprofile] oprofile: use KM_NMI slot for kmap_atomic [orabug 14277030] - [oprofile] oprofile: i386 add get_user_pages_fast support [orabug 14277030] - [kernel] Initialize the local uninitialized variable stats. [orabug 14051367] - [fs] JBD:make jbd support 512B blocks correctly for ocfs2. [orabug 13477763] - [x86 ] fix fpu context corrupt when preempt in signal context [orabug 14038272] - [mm] fix hugetlb page leak (Dave McCracken) [orabug 12375075] - fix ia64 build error due to add-support-above-32-vcpus.patch(Zhenzhong Duan) - [x86] use dynamic vcpu_info remap to support more than 32 vcpus (Zhenzhong Duan) - [x86] Fix lvt0 reset when hvm boot up with noapic param - [scsi] remove printk's when doing I/O to a dead device (John Sobecki, Chris Mason) [orabug 12342275] - [char] ipmi: Fix IPMI errors due to timing problems (Joe Jin) [orabug 12561346] - [scsi] Fix race when removing SCSI devices (Joe Jin) [orabug 12404566] - [net] net: Redo the broken redhat netconsole over bonding (Tina Yang) [orabug 12740042] - [fs] nfs: Fix __put_nfs_open_context() NULL pointer panic (Joe Jin) [orabug 12687646] - fix filp_close() race (Joe Jin) [orabug 10335998] - make xenkbd.abs_pointer=1 by default [orabug 67188919] - [xen] check to see if hypervisor supports memory reservation change (Chuck Anderson) [orabug 7556514] - [net] Enable entropy for bnx2,bnx2x,e1000e,igb,ixgb,ixgbe,ixgbevf (John Sobecki) [orabug 10315433] - [NET] Add xen pv netconsole support (Tina Yang) [orabug 6993043] [bz 7258] - [mm] Patch shrink_zone to yield during severe mempressure events, avoiding hangs and evictions (John Sobecki,Chris Mason) [orabug 6086839] - [mm] Enhance shrink_zone patch allow full swap utilization, and also be NUMA-aware (John Sobecki,Chris Mason,Herbert van den Bergh) [orabug 9245919] - fix aacraid not to reset during kexec (Joe Jin) [orabug 8516042] - [xen] PVHVM guest with PoD crashes under memory pressure (Chuck Anderson) [orabug 9107465] - [xen] PV guest with FC HBA hangs during shutdown (Chuck Anderson) [orabug 9764220] - Support 256GB+ memory for pv guest (Mukesh Rathor) [orabug 9450615] - fix overcommit memory to use percpu_counter for (KOSAKI Motohiro, Guru Anbalagane) [orabug 6124033] - [ipmi] make configurable timeouts for kcs of ipmi [orabug 9752208] - [ib] fix memory corruption (Andy Grover) [orabug 9972346] - [usb] USB: fix __must_check warnings in drivers/usb/core/ (Junxiao Bi) [orabug 14795203] - [usb] usbcore: fix refcount bug in endpoint removal (Junxiao Bi) [orabug 14795203] | ||||
| Applies to: kernel |
Created: 2014-12-08 |
Updated: 2015-03-16 |
||
| ID: MITRE:27990 |
Title: ELSA-2014-1959 -- kernel security and bug fix update |
Type: Software |
Bulletins:
MITRE:27990 |
Severity: Low |
| Description: kernel [2.6.18-400] - [net] bridge: disable snooping if there is no querier (Frantisek Hrbata) [902454] - [s390] kernel: sysinfo: convert /proc/sysinfo to seqfile (Alexander Gordeev) [1131283] - [net] netlink: verify permisions of socket creator (Jiri Benc) [1094266] {CVE-2014-0181} - [net] netlink: store effective caps at socket() time (Jiri Benc) [1094266] {CVE-2014-0181} - [net] netlink: Rename netlink_capable netlink_allowed (Jiri Benc) [1094266] {CVE-2014-0181} - [net] netlink: Fix permission check in netlink_connect() (Jiri Benc) [1094266] {CVE-2014-0181} - [net] netlink: fix possible spoofing from non-root processes (Jiri Benc) [1094266] {CVE-2014-0181} - [net] netlink: Make NETLINK_USERSOCK work again (Jiri Benc) [1094266] {CVE-2014-0181} - [net] netlink: fix for too early rmmod (Jiri Benc) [1094266] {CVE-2014-0181} [2.6.18-399] - [kernel] do_setitimer: cancel real_timer if try_to_cancel fails (Oleg Nesterov) [1134654] | ||||
| Applies to: kernel |
Created: 2014-12-08 |
Updated: 2015-03-16 |
||
| ID: MITRE:28391 |
Title: ELSA-2014-1956 -- wpa_supplicant security update |
Type: Software |
Bulletins:
MITRE:28391 |
Severity: Low |
| Description: [1:2.0-13] - Use os_exec() for action script execution (CVE-2014-3686) | ||||
| Applies to: wpa_supplicant |
Created: 2014-12-08 |
Updated: 2015-02-23 |
||
| ID: MITRE:27738 |
Title: ELSA-2014-1948 -- nss, nss-util, and nss-softokn security, bug fix, and enhancement update |
Type: Miscellaneous |
Bulletins:
MITRE:27738 |
Severity: Low |
| Description: [3.16.2.3-2.0.1.el7_0] - Added nss-vendor.patch to change vendor [3.16.2.3-2] - Restore patch for certutil man page - supply missing options descriptions - Resolves: Bug 1165525 - Upgrade to NSS 3.16.2.3 for Firefox 31.3 | ||||
| Applies to: nss |
Created: 2014-12-08 |
Updated: 2015-01-26 |
||
| ID: MITRE:28254 |
Title: ELSA-2014-1924 -- thunderbird security update |
Type: Software |
Bulletins:
MITRE:28254 |
Severity: Low |
| Description: [31.3.0-1.0.1.el6_6] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [31.3.0-1] - Update to 31.3.0 | ||||
| Applies to: thunderbird |
Created: 2014-12-08 |
Updated: 2015-01-26 |
||
| ID: MITRE:28112 |
Title: ELSA-2014-1919 -- firefox security update |
Type: Software |
Bulletins:
MITRE:28112 |
Severity: Low |
| Description: [31.3.0-4.0.1] - Add firefox-oracle-default-prefs.js and firefox-oracle-default-bookmarks.html and remove the corresponding Red Hat ones [31.3.0-4] - Update to 31.3.0 ESR Build 2 - Fix for geolocation API (rhbz#1063739) [31.2.0-5] - splice workaround (rhbz#1150082) [31.2.0-4] - ppc build fix (rhbz#1151959) | ||||
| Applies to: firefox |
Created: 2014-12-08 |
Updated: 2015-01-26 |
||
| ID: MITRE:28303 |
Title: ELSA-2014-1912 -- ruby security update |
Type: Software |
Bulletins:
MITRE:28303 |
Severity: Low |
| Description: [2.0.0.353-22] - Fix REXML billion laughs attack via parameter entity expansion (CVE-2014-8080). Resolves: rhbz#1163998 - REXML incomplete fix for CVE-2014-8080 (CVE-2014-8090). Resolves: rhbz#1163998 [2.0.0.353-21] - Fix off-by-one stack-based buffer overflow in the encodes() function (CVE-2014-4975) Resolves: rhbz#1163998 [2.0.0.353-21] - Fix FTBFS with new tzdata Related: rhbz#1163998 | ||||
| Applies to: ruby |
Created: 2014-12-08 |
Updated: 2015-01-26 |
||
| ID: MITRE:28027 |
Title: ELSA-2014-1911 -- ruby security update |
Type: Software |
Bulletins:
MITRE:28027 |
Severity: Low |
| Description: [1.8.7.374-3] - Fix REXML billion laughs attack via parameter entity expansion (CVE-2014-8080). Resolves: rhbz#1163993 - REXML incomplete fix for CVE-2014-8080 (CVE-2014-8090). Resolves: rhbz#1163993 | ||||
| Applies to: ruby |
Created: 2014-12-08 |
Updated: 2015-01-26 |
||
| ID: MITRE:28414 |
Title: ELSA-2014-1893 -- libXfont security update |
Type: Software |
Bulletins:
MITRE:28414 |
Severity: Low |
| Description: [1.2.2-1.0.6] - CVE-2014-0209: integer overflow of allocations in font metadata file parsing (bug 1163602, bug 1163601) - CVE-2014-0210: unvalidated length fields when parsing xfs protocol replies (bug 1163602, bug 1163601) - CVE-2014-0211: integer overflows calculating memory needs for xfs replies (bug 1163602, bug 1163601) | ||||
| Applies to: libXfont |
Created: 2014-12-08 |
Updated: 2015-01-26 |
||
| ID: MITRE:28050 |
Title: ELSA-2014-1885 -- libxml2 security update |
Type: Miscellaneous |
Bulletins:
MITRE:28050 |
Severity: Low |
| Description: [2.6.26-2.1.25.0.1.el5_11] - Add libxml2-enterprise.patch - Replaced doc/redhat.gif in tarball with updated image [2.6.26-2.1.25.el5] - CVE-2014-3660 denial of service via recursive entity expansion (rhbz#1161841) [2.6.26-2.1.24.el5] - fixed one regexp bug and added a (rhbz#922450) - Another small change on the algorithm for the elimination of epsilon (rhbz#922450) [2.6.26-2.1.23.el5] - detect and stop excessive entities expansion upon replacement (rhbz#912573) [2.6.26-2.1.22.el5] - fix validation issues with some XSD (rhbz#877348) - xmlDOMWrapCloneNode discards namespace of the node parameter (rhbz#884707) | ||||
| Applies to: libxml2 |
Created: 2014-12-08 |
Updated: 2015-01-26 |
||
| ID: MITRE:28378 |
Title: ELSA-2014-1873 -- libvirt security and bug fix update |
Type: Software |
Bulletins:
MITRE:28378 |
Severity: Low |
| Description: [0.10.2-46.0.1.el6_6.2] - Replace docs/et.png in tarball with blank image [0.10.2-46.el6_6.2] - qemu: allow restore with non-migratable XML input (rhbz#1155564) - qemu: Introduce qemuDomainDefCheckABIStability (rhbz#1155564) - Make ABI stability issue easier to debug (rhbz#1155564) - CVE-2014-3633: qemu: blkiotune: Use correct definition when looking up disk (CVE-2014-3633) - domain_conf: fix domain deadlock (CVE-2014-3657) - CVE-2014-7823: dumpxml: security hole with migratable flag (CVE-2014-7823) | ||||
| Applies to: libvirt |
Created: 2014-12-08 |
Updated: 2015-01-26 |
||
| ID: MITRE:28393 |
Title: ELSA-2014-1870 -- libXfont security update |
Type: Software |
Bulletins:
MITRE:28393 |
Severity: Low |
| Description: [1.4.5-4] - CVE-2014-0209: integer overflow of allocations in font metadata file parsing (bug 1163602, bug 1163601) - CVE-2014-0210: unvalidated length fields when parsing xfs protocol replies (bug 1163602, bug 1163601) - CVE-2014-0211: integer overflows calculating memory needs for xfs replies (bug 1163602, bug 1163601) | ||||
| Applies to: libXfont |
Created: 2014-12-08 |
Updated: 2015-01-26 |
||
| ID: MITRE:27477 |
Title: ELSA-2014-1861 -- mariadb security update |
Type: Software |
Bulletins:
MITRE:27477 |
Severity: Low |
| Description: [1:5.5.40-1] - Rebase to 5.5.40 Also fixes: CVE-2014-4274 CVE-2014-4287 CVE-2014-6463 CVE-2014-6464 CVE-2014-6469 CVE-2014-6484 CVE-2014-6505 CVE-2014-6507 CVE-2014-6520 CVE-2014-6530 CVE-2014-6551 CVE-2014-6555 CVE-2014-6559 CVE-2014-6564 Resolves: #1160548 [1:5.5.37-1] - Rebase to 5.5.37 https://kb.askmonty.org/en/mariadb-5537-changelog/ Also fixes: CVE-2014-2440 CVE-2014-0384 CVE-2014-2432 CVE-2014-2431 CVE-2014-2430 CVE-2014-2436 CVE-2014-2438 CVE-2014-2419 Resolves: #1101062 | ||||
| Applies to: mariadb |
Created: 2014-12-08 |
Updated: 2015-02-23 |
||
| ID: MITRE:28369 |
Title: ELSA-2014-1859 -- mysql55-mysql security update |
Type: Software |
Bulletins:
MITRE:28369 |
Severity: Low |
| Description: [5.5.40-2] filter perl(GD) from Requires (perl-gd is not available for RHEL5) Resolves: #1160514 [5.5.40-1] - Rebase to 5.5.40 Also fixes: CVE-2014-4274 CVE-2014-4287 CVE-2014-6463 CVE-2014-6464 CVE-2014-6469 CVE-2014-6484 CVE-2014-6505 CVE-2014-6507 CVE-2014-6520 CVE-2014-6530 CVE-2014-6551 CVE-2014-6555 CVE-2014-6559 CVE-2014-6564 Resolves: #1160514 | ||||
| Applies to: mysql55-mysql |
Created: 2014-12-08 |
Updated: 2015-01-26 |
||
| ID: CVE-2014-8005 |
Title: Race condition in the lighttpd module in Cisco IOS XR 5.1 and earlier on Network Convergence System 6000 devices allows remote attackers to cause a denial of service (process reload) by establishing many TCP sessions, aka Bug ID CSCuq45239. |
Type: Hardware |
Bulletins:
CVE-2014-8005 SFBID71287 |
Severity: Medium |
| Description: Race condition in the lighttpd module in Cisco IOS XR 5.1 and earlier on Network Convergence System 6000 devices allows remote attackers to cause a denial of service (process reload) by establishing many TCP sessions, aka Bug ID CSCuq45239. | ||||
| Applies to: |
Created: 2014-11-25 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-8004 |
Title: Cisco IOS XR allows remote attackers to cause a denial of service (LISP process reload) by establishing many LISP TCP sessions, aka Bug ID CSCuq90378. |
Type: Hardware |
Bulletins:
CVE-2014-8004 |
Severity: Medium |
| Description: Cisco IOS XR allows remote attackers to cause a denial of service (LISP process reload) by establishing many LISP TCP sessions, aka Bug ID CSCuq90378. | ||||
| Applies to: |
Created: 2014-11-25 |
Updated: 2024-01-17 |
||
| ID: MITRE:26757 |
Title: .NET Framework remote code execution vulnerability |
Type: Software |
Bulletins:
MITRE:26757 CVE-2014-4121 |
Severity: High |
| Description: Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 does not properly parse internationalized resource identifiers, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted request to a .NET web application, aka ".NET Framework Remote Code Execution Vulnerability." | ||||
| Applies to: Microsoft .NET Framework 2.0 Microsoft .NET Framework 3.5.1 Microsoft .NET Framework 4.0 Microsoft .NET Framework 4.5 Microsoft .NET Framework 4.5.1 Microsoft .NET Framework 4.5.2 |
Created: 2014-11-24 |
Updated: 2024-01-17 |
||
| ID: MITRE:26601 |
Title: .NET framework denial of service vulnerability |
Type: Software |
Bulletins:
MITRE:26601 CVE-2014-4072 |
Severity: Medium |
| Description: Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 does not properly use a hash table for request data, which allows remote attackers to cause a denial of service (resource consumption and ASP.NET performance degradation) via crafted requests, aka ".NET Framework Denial of Service Vulnerability." | ||||
| Applies to: Microsoft .NET Framework 1.1 Microsoft .NET Framework 2.0 Microsoft .NET Framework 3.0 Microsoft .NET Framework 3.5.1 Microsoft .NET Framework 4.0 Microsoft .NET Framework 4.5 Microsoft .NET Framework 4.5.1 Microsoft .NET Framework 4.5.2 |
Created: 2014-11-24 |
Updated: 2024-01-17 |
||
| ID: MITRE:26910 |
Title: .NET ClickOnce elevation of privilege vulnerability |
Type: Software |
Bulletins:
MITRE:26910 CVE-2014-4073 |
Severity: High |
| Description: Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 processes unverified data during interaction with the ClickOnce installer, which allows remote attackers to gain privileges via vectors involving Internet Explorer, aka ".NET ClickOnce Elevation of Privilege Vulnerability." | ||||
| Applies to: Microsoft .NET Framework 2.0 Microsoft .NET Framework 3.5.1 Microsoft .NET Framework 4.0 Microsoft .NET Framework 4.5 Microsoft .NET Framework 4.5.1 Microsoft .NET Framework 4.5.2 |
Created: 2014-11-24 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-4457 |
Title: The Sandbox Profiles subsystem in Apple iOS before 8.1.1 does not properly implement the debugserver sandbox, which allows attackers to bypass intended binary-execution restrictions via a crafted application that is run during a time... |
Type: Mobile Devices |
Bulletins:
CVE-2014-4457 SFBID71143 |
Severity: High |
| Description: The Sandbox Profiles subsystem in Apple iOS before 8.1.1 does not properly implement the debugserver sandbox, which allows attackers to bypass intended binary-execution restrictions via a crafted application that is run during a time period when debugging is not enabled. | ||||
| Applies to: |
Created: 2014-11-18 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-4460 |
Title: CFNetwork in Apple iOS before 8.1.1 and OS X before 10.10.1 does not properly clear the browsing cache upon a transition out of private-browsing mode, which makes it easier for physically proximate attackers to obtain sensitive... |
Type: Mobile Devices |
Bulletins:
CVE-2014-4460 SFBID71135 |
Severity: Low |
| Description: CFNetwork in Apple iOS before 8.1.1 and OS X before 10.10.1 does not properly clear the browsing cache upon a transition out of private-browsing mode, which makes it easier for physically proximate attackers to obtain sensitive information by reading cache files. | ||||
| Applies to: |
Created: 2014-11-18 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-4451 |
Title: Apple iOS before 8.1.1 does not properly enforce the failed-passcode limit, which makes it easier for physically proximate attackers to bypass the lock-screen protection mechanism via a series of guesses. |
Type: Mobile Devices |
Bulletins:
CVE-2014-4451 SFBID71138 |
Severity: High |
| Description: Apple iOS before 8.1.1 does not properly enforce the failed-passcode limit, which makes it easier for physically proximate attackers to bypass the lock-screen protection mechanism via a series of guesses. | ||||
| Applies to: |
Created: 2014-11-18 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-4453 |
Title: Apple iOS before 8.1.1 and OS X before 10.10.1 include location data during establishment of a Spotlight Suggestions server connection by Spotlight or Safari, which might allow remote attackers to obtain sensitive information via... |
Type: Mobile Devices |
Bulletins:
CVE-2014-4453 SFBID71135 |
Severity: Medium |
| Description: Apple iOS before 8.1.1 and OS X before 10.10.1 include location data during establishment of a Spotlight Suggestions server connection by Spotlight or Safari, which might allow remote attackers to obtain sensitive information via unspecified vectors. | ||||
| Applies to: |
Created: 2014-11-18 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-4463 |
Title: Apple iOS before 8.1.1 allows physically proximate attackers to bypass the lock-screen protection mechanism, and view or transmit a Photo Library photo, via the FaceTime "Leave a Message" feature. |
Type: Mobile Devices |
Bulletins:
CVE-2014-4463 SFBID71141 |
Severity: Low |
| Description: Apple iOS before 8.1.1 allows physically proximate attackers to bypass the lock-screen protection mechanism, and view or transmit a Photo Library photo, via the FaceTime "Leave a Message" feature. | ||||
| Applies to: |
Created: 2014-11-18 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-7992 |
Title: The DLSw implementation in Cisco IOS does not initialize packet buffers, which allows remote attackers to obtain sensitive credential information from process memory via a session on TCP port 2067, aka Bug ID CSCur14014. |
Type: Hardware |
Bulletins:
CVE-2014-7992 SFBID71145 |
Severity: Medium |
| Description: The DLSw implementation in Cisco IOS does not initialize packet buffers, which allows remote attackers to obtain sensitive credential information from process memory via a session on TCP port 2067, aka Bug ID CSCur14014. | ||||
| Applies to: |
Created: 2014-11-17 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-7997 |
Title: The DHCP implementation in Cisco IOS on Aironet access points does not properly handle error conditions with short leases and unsuccessful lease-renewal attempts, which allows remote attackers to cause a denial of service (device restart) by... |
Type: Hardware |
Bulletins:
CVE-2014-7997 |
Severity: Medium |
| Description: The DHCP implementation in Cisco IOS on Aironet access points does not properly handle error conditions with short leases and unsuccessful lease-renewal attempts, which allows remote attackers to cause a denial of service (device restart) by triggering a transition into a recovery state that was intended to involve a network-interface restart but actually involves a full device restart, aka Bug ID CSCtn16281. | ||||
| Applies to: |
Created: 2014-11-14 |
Updated: 2024-01-17 |
||
| ID: MITRE:27974 |
Title: ELSA-2014-3089 -- Unbreakable Enterprise kernel security update |
Type: Software |
Bulletins:
MITRE:27974 |
Severity: Low |
| Description: kernel-uek [2.6.32-400.36.11uek] - net: sctp: fix panic on duplicate ASCONF chunks (Daniel Borkmann) [Orabug: 20010592] {CVE-2014-3687} - net: sctp: fix skb_over_panic when receiving malformed ASCONF chunks (Daniel Borkmann) [Orabug: 20010579] {CVE-2014-3673} | ||||
| Applies to: kernel-uek |
Created: 2014-11-14 |
Updated: 2015-03-16 |
||
| ID: MITRE:28227 |
Title: ELSA-2014-3087 -- Unbreakable Enterprise kernel security update |
Type: Software |
Bulletins:
MITRE:28227 |
Severity: Low |
| Description: kernel-uek [3.8.13-44.1.5.el6uek] - net: sctp: fix panic on duplicate ASCONF chunks (Daniel Borkmann) [Orabug: 20010590] {CVE-2014-3687} - net: sctp: fix skb_over_panic when receiving malformed ASCONF chunks (Daniel Borkmann) [Orabug: 20010577] {CVE-2014-3673} | ||||
| Applies to: kernel-uek |
Created: 2014-11-14 |
Updated: 2015-03-16 |
||
| ID: MITRE:28219 |
Title: ELSA-2014-1827 -- kdenetwork security update |
Type: Software |
Bulletins:
MITRE:28219 |
Severity: Low |
| Description: [7:4.10.5-8] - Resolves: CVE-2014-6055 | ||||
| Applies to: kdenetwork |
Created: 2014-11-14 |
Updated: 2015-02-23 |
||
| ID: CVE-2014-7998 |
Title: Cisco IOS on Aironet access points, when "dot11 aaa authenticator" debugging is enabled, allows remote attackers to cause a denial of service via a malformed EAP packet, aka Bug ID CSCul15509. |
Type: Hardware |
Bulletins:
CVE-2014-7998 |
Severity: High |
| Description: Cisco IOS on Aironet access points, when "dot11 aaa authenticator" debugging is enabled, allows remote attackers to cause a denial of service via a malformed EAP packet, aka Bug ID CSCul15509. | ||||
| Applies to: |
Created: 2014-11-14 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-7991 |
Title: The Remote Mobile Access Subsystem in Cisco Unified Communications Manager (CM) 10.0(1) and earlier does not properly validate the Subject Alternative Name (SAN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof VCS... |
Type: Hardware |
Bulletins:
CVE-2014-7991 SFBID71013 |
Severity: Medium |
| Description: The Remote Mobile Access Subsystem in Cisco Unified Communications Manager (CM) 10.0(1) and earlier does not properly validate the Subject Alternative Name (SAN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof VCS core devices via a crafted certificate issued by a legitimate Certification Authority, aka Bug ID CSCuq86376. | ||||
| Applies to: Unified Communications Manager |
Created: 2014-11-13 |
Updated: 2024-01-17 |
||
| ID: MITRE:26620 |
Title: ELSA-2014-3086 -- Unbreakable Enterprise kernel security update |
Type: Software |
Bulletins:
MITRE:26620 |
Severity: Low |
| Description: kernel-uek [2.6.32-400.36.10uek] - USB: whiteheat: Added bounds checking for bulk command response (James Forshaw) [Orabug: 19849336] {CVE-2014-3185} - HID: fix a couple of off-by-ones (Jiri Kosina) [Orabug: 19849320] {CVE-2014-3181} logging macros to functions (Joe Perches) [Orabug: 19847630] {CVE-2014-3535} logging macros to functions (Joe Perches) [Orabug: 19847630] - vsprintf: Recursive vsnprintf: Add '%pV', struct va_format (Joe Perches) [Orabug: 19847630] - KVM: x86: Improve thread safety in pit (Andy Honig) [Orabug: 19905688] {CVE-2014-3611} | ||||
| Applies to: kernel-uek kernel-uek-debug kernel-uek-debug-devel kernel-uek-devel kernel-uek-doc kernel-uek-firmware kernel-uek-headers mlnx_en ofa |
Created: 2014-11-05 |
Updated: 2015-03-16 |
||
| ID: MITRE:27236 |
Title: ELSA-2014-3084 -- Unbreakable Enterprise kernel Security update |
Type: Software |
Bulletins:
MITRE:27236 |
Severity: Low |
| Description: kernel-uek [3.8.13-44.1.4.el7uek] - USB: whiteheat: Added bounds checking for bulk command response (James Forshaw) [Orabug: 19849334] {CVE-2014-3185} - HID: fix a couple of off-by-ones (Jiri Kosina) [Orabug: 19849317] {CVE-2014-3181} - kvm: vmx: handle invvpid vm exit gracefully (Petr Matousek) [Orabug: 19906300] {CVE-2014-3646} - nEPT: Nested INVEPT (Nadav Har'El) [Orabug: 19906267] {CVE-2014-3645} - KVM: x86: Improve thread safety in pit (Andy Honig) [Orabug: 19905686] {CVE-2014-3611} | ||||
| Applies to: dtrace-modules kernel-uek kernel-uek-debug kernel-uek-debug-devel kernel-uek-devel kernel-uek-doc kernel-uek-firmware |
Created: 2014-11-05 |
Updated: 2015-03-16 |
||
| ID: MITRE:27227 |
Title: ELSA-2014-3083 -- Unbreakable Enterprise kernel Security update |
Type: Software |
Bulletins:
MITRE:27227 |
Severity: Low |
| Description: kernel-uek [2.6.32-400.36.9uek] - ALSA: control: Don't access controls outside of protected regions (Lars-Peter Clausen) [Orabug: 19817787] {CVE-2014-4653} {CVE-2014-4654} {CVE-2014-4655} - ALSA: control: Fix replacing user controls (Lars-Peter Clausen) [Orabug: 19817749] {CVE-2014-4653} {CVE-2014-4654} {CVE-2014-4655} - mm: try_to_unmap_cluster() should lock_page() before mlocking (Vlastimil Babka) [Orabug: 19817324] {CVE-2014-3122} - vm: convert fb_mmap to vm_iomap_memory() helper (Linus Torvalds) [Orabug: 19816564] {CVE-2013-2596} - vm: add vm_iomap_memory() helper function (Linus Torvalds) [Orabug: 19816564] {CVE-2013-2596} - net: sctp: inherit auth_capable on INIT collisions (Daniel Borkmann) [Orabug: 19816069] {CVE-2014-5077} | ||||
| Applies to: kernel-uek kernel-uek-debug kernel-uek-debug-devel kernel-uek-devel kernel-uek-doc kernel-uek-firmware kernel-uek-headers mlnx_en ofa |
Created: 2014-11-05 |
Updated: 2015-03-16 |
||
| ID: MITRE:26519 |
Title: ELSA-2014-3081 -- Unbreakable Enterprise kernel security update |
Type: Software |
Bulletins:
MITRE:26519 |
Severity: Low |
| Description: kernel-uek [3.8.13-44.1.3.el7uek] - ALSA: control: Don't access controls outside of protected regions (Lars-Peter Clausen) [Orabug: 19817785] {CVE-2014-4653} {CVE-2014-4654} {CVE-2014-4655} - ALSA: control: Fix replacing user controls (Lars-Peter Clausen) [Orabug: 19817747] {CVE-2014-4653} {CVE-2014-4654} {CVE-2014-4655} - kvm: iommu: fix the third parameter of kvm_iommu_put_pages (CVE-2014-3601) (Michael S. Tsirkin) [Orabug: 19817646] {CVE-2014-3601} - net: sctp: inherit auth_capable on INIT collisions (Daniel Borkmann) [Orabug: 19816067] {CVE-2014-5077} | ||||
| Applies to: dtrace-modules kernel-uek kernel-uek-debug kernel-uek-debug-devel kernel-uek-devel kernel-uek-doc kernel-uek-firmware |
Created: 2014-11-05 |
Updated: 2015-03-16 |
||
| ID: MITRE:27266 |
Title: ELSA-2014-3070 -- Unbreakable Enterprise kernel security and bug fix update |
Type: Software |
Bulletins:
MITRE:27266 |
Severity: Low |
| Description: kernel-uek [3.8.13-44] - net: Use netlink_ns_capable to verify the permisions of netlink messages (Eric W. Biederman) [Orabug: 19404229] {CVE-2014-0181} - net: Add variants of capable for use on netlink messages (Eric W. Biederman) [Orabug: 19404229] - net: Add variants of capable for use on on sockets (Eric W. Biederman) [Orabug: 19404229] - netlink: Rename netlink_capable netlink_allowed (Eric W. Biederman) [Orabug: 19404229] - sctp: Fix sk_ack_backlog wrap-around problem (Xufeng Zhang) [Orabug: 19404238] {CVE-2014-4667} - Revert 'xen/fb: allow xenfb initialization for hvm guests' (Vaughan Cao) [Orabug: 19320529] | ||||
| Applies to: dtrace-modules kernel-uek kernel-uek-debug kernel-uek-debug-devel kernel-uek-devel kernel-uek-doc kernel-uek-firmware |
Created: 2014-11-05 |
Updated: 2015-03-16 |
||
| ID: MITRE:27215 |
Title: ELSA-2014-3069 -- unbreakable enterprise kernel security update |
Type: Software |
Bulletins:
MITRE:27215 |
Severity: Low |
| Description: kernel-uek [2.6.32-400.36.7uek] - sctp: Fix sk_ack_backlog wrap-around problem (Xufeng Zhang) [Orabug: 19404246] {CVE-2014-4667} | ||||
| Applies to: kernel-uek kernel-uek-debug kernel-uek-debug-devel kernel-uek-devel kernel-uek-doc kernel-uek-firmware kernel-uek-headers mlnx_en ofa |
Created: 2014-11-05 |
Updated: 2015-03-16 |
||
| ID: MITRE:26951 |
Title: ELSA-2014-3067 -- unbreakable enterprise kernel security update |
Type: Software |
Bulletins:
MITRE:26951 |
Severity: Low |
| Description: kernel-uek [3.8.13-35.3.5.el7uek] - net: Use netlink_ns_capable to verify the permisions of netlink messages (Eric W. Biederman) [Orabug: 19404231] {CVE-2014-0181} - net: Add variants of capable for use on netlink messages (Eric W. Biederman) [Orabug: 19404231] - net: Add variants of capable for use on on sockets (Eric W. Biederman) [Orabug: 19404231] - netlink: Rename netlink_capable netlink_allowed (Eric W. Biederman) [Orabug: 19404231] - sctp: Fix sk_ack_backlog wrap-around problem (Xufeng Zhang) [Orabug: 19404244] {CVE-2014-4667} | ||||
| Applies to: dtrace-modules kernel-uek kernel-uek-debug kernel-uek-debug-devel kernel-uek-devel kernel-uek-doc kernel-uek-firmware |
Created: 2014-11-05 |
Updated: 2015-03-16 |
||
| ID: MITRE:27158 |
Title: ELSA-2014-3054 -- unbreakable enterprise kernel security update |
Type: Software |
Bulletins:
MITRE:27158 |
Severity: Low |
| Description: kernel-uek [2.6.32-400.36.6uek] - filter: prevent nla extensions to peek beyond the end of the message (Mathias Krause) [Orabug: 19315783] {CVE-2014-3144} {CVE-2014-3145} - futex: Forbid uaddr == uaddr2 in futex_wait_requeue_pi() (Darren Hart) [Orabug: 19315318] {CVE-2012-6647} [2.6.32-400.36.5uek] - n_tty: Fix n_tty_write crash when echoing in raw mode (Peter Hurley) [Orabug: 18756450] {CVE-2014-0196} {CVE-2014-0196} | ||||
| Applies to: kernel-uek kernel-uek-debug kernel-uek-debug-devel kernel-uek-devel kernel-uek-doc kernel-uek-firmware kernel-uek-headers mlnx_en ofa |
Created: 2014-11-05 |
Updated: 2015-03-16 |
||
| ID: MITRE:26359 |
Title: ELSA-2014-3052 -- unbreakable enterprise kernel security update |
Type: Software |
Bulletins:
MITRE:26359 |
Severity: Low |
| Description: kernel-uek [3.8.13-35.3.3.el7uek] - filter: prevent nla extensions to peek beyond the end of the message (Mathias Krause) [Orabug: 19315781] {CVE-2014-3144} {CVE-2014-3145} - mac80211: fix AP powersave TX vs. wakeup race (Emmanuel Grumbach) [Orabug: 19316457] {CVE-2014-2706} | ||||
| Applies to: dtrace-modules kernel-uek kernel-uek-debug kernel-uek-debug-devel kernel-uek-devel kernel-uek-doc kernel-uek-firmware |
Created: 2014-11-05 |
Updated: 2015-03-16 |
||
| ID: MITRE:26514 |
Title: ELSA-2014-3049 -- unbreakable enterprise kernel security update |
Type: Software |
Bulletins:
MITRE:26514 |
Severity: Low |
| Description: kernel-uek [3.8.13-35.3.2.el7uek] - l2tp: fix an unprivileged user to kernel privilege escalation (Sasha Levin) [Orabug: 19229497] {CVE-2014-4943} {CVE-2014-4943} - ptrace,x86: force IRET path after a ptrace_stop() (Tejun Heo) [Orabug: 19230689] {CVE-2014-4699} - net: flow_dissector: fail on evil iph->ihl (Jason Wang) [Orabug: 19231234] {CVE-2013-4348} | ||||
| Applies to: dtrace-modules kernel-uek kernel-uek-debug kernel-uek-debug-devel kernel-uek-devel kernel-uek-doc kernel-uek-firmware |
Created: 2014-11-05 |
Updated: 2015-03-16 |
||
| ID: MITRE:27341 |
Title: ELSA-2014-3048 -- unbreakable enterprise kernel security update |
Type: Software |
Bulletins:
MITRE:27341 |
Severity: Low |
| Description: kernel-uek [2.6.32-400.36.4uek] - l2tp: fix an unprivileged user to kernel privilege escalation (Sasha Levin) [Orabug: 19229529] {CVE-2014-4943} {CVE-2014-4943} - ptrace,x86: force IRET path after a ptrace_stop() (Tejun Heo) [Orabug: 19230692] {CVE-2014-4699} | ||||
| Applies to: kernel-uek kernel-uek-debug kernel-uek-debug-devel kernel-uek-devel kernel-uek-doc kernel-uek-firmware kernel-uek-headers mlnx_en ofa |
Created: 2014-11-05 |
Updated: 2015-03-16 |
||
| ID: MITRE:27200 |
Title: ELSA-2014-3046 -- unbreakable enterprise kernel security update |
Type: Software |
Bulletins:
MITRE:27200 |
Severity: Low |
| Description: kernel-uek [3.8.13-35.1.3.el6uek] - l2tp: fix an unprivileged user to kernel privilege escalation (Sasha Levin) [Orabug: 19229497] {CVE-2014-4943} {CVE-2014-4943} - ptrace,x86: force IRET path after a ptrace_stop() (Tejun Heo) [Orabug: 19230689] {CVE-2014-4699} - net: flow_dissector: fail on evil iph->ihl (Jason Wang) [Orabug: 19231234] {CVE-2013-4348} | ||||
| Applies to: dtrace-modules kernel-uek kernel-uek-debug kernel-uek-debug-devel kernel-uek-devel kernel-uek-doc kernel-uek-firmware |
Created: 2014-11-05 |
Updated: 2015-03-16 |
||
| ID: MITRE:27250 |
Title: ELSA-2014-3043 -- unbreakable enterprise kernel security update |
Type: Software |
Bulletins:
MITRE:27250 |
Severity: Low |
| Description: kernel-uek [2.6.32-400.36.3uek] - fix autofs/afs/etc. magic mountpoint breakage (Al Viro) [Orabug: 19028505] {CVE-2014-0203} - SELinux: Fix kernel BUG on empty security contexts. (Stephen Smalley) [Orabug: 19028381] {CVE-2014-1874} - floppy: don't write kernel-only members to FDRAWCMD ioctl output (Matthew Daley) [Orabug: 19028446] {CVE-2014-1738} - floppy: ignore kernel-only members in FDRAWCMD ioctl input (Matthew Daley) [Orabug: 19028439] {CVE-2014-1737} - libertas: potential oops in debugfs (Dan Carpenter) [Orabug: 19028417] {CVE-2013-6378} | ||||
| Applies to: kernel-uek kernel-uek-debug kernel-uek-debug-devel kernel-uek-devel kernel-uek-doc kernel-uek-firmware kernel-uek-headers mlnx_en ofa |
Created: 2014-11-05 |
Updated: 2015-03-16 |
||
| ID: MITRE:27352 |
Title: ELSA-2014-3041 -- unbreakable enterprise kernel security update |
Type: Software |
Bulletins:
MITRE:27352 |
Severity: Low |
| Description: kernel-uek [3.8.13-35.1.2.el6uek] - floppy: don't write kernel-only members to FDRAWCMD ioctl output (Matthew Daley) [Orabug: 19028443] {CVE-2014-1738} - floppy: ignore kernel-only members in FDRAWCMD ioctl input (Matthew Daley) [Orabug: 19028436] {CVE-2014-1737} | ||||
| Applies to: dtrace-modules kernel-uek kernel-uek-debug kernel-uek-debug-devel kernel-uek-devel kernel-uek-doc kernel-uek-firmware |
Created: 2014-11-05 |
Updated: 2015-03-16 |
||
| ID: MITRE:27093 |
Title: ELSA-2014-3039 -- Unbreakable Enterprise kernel security update |
Type: Software |
Bulletins:
MITRE:27093 |
Severity: Low |
| Description: kernel-uek [2.6.32-400.36.2uek] - futex: Make lookup_pi_state more robust (Thomas Gleixner) [Orabug: 18918736] {CVE-2014-3153} - futex: Always cleanup owner tid in unlock_pi (Thomas Gleixner) [Orabug: 18918736] {CVE-2014-3153} - futex: Validate atomic acquisition in futex_lock_pi_atomic() (Thomas Gleixner) [Orabug: 18918736] {CVE-2014-3153} - futex: Forbid uaddr1 == uaddr2 in futex_requeue(..., requeue_pi=1) (Thomas Gleixner) [Orabug: 18918736] {CVE-2014-3153} {CVE-2014-3153} | ||||
| Applies to: kernel-uek kernel-uek-debug kernel-uek-debug-devel kernel-uek-devel kernel-uek-doc kernel-uek-firmware kernel-uek-headers mlnx_en ofa |
Created: 2014-11-05 |
Updated: 2015-03-16 |
||
| ID: MITRE:27316 |
Title: ELSA-2014-3037 -- Unbreakable Enterprise kernel security update |
Type: Software |
Bulletins:
MITRE:27316 |
Severity: Low |
| Description: kernel-uek [3.8.13-35.1.1.el6uek] - futex: Make lookup_pi_state more robust (Thomas Gleixner) [Orabug: 18918552] {CVE-2014-3153} - futex: Always cleanup owner tid in unlock_pi (Thomas Gleixner) [Orabug: 18918552] {CVE-2014-3153} - futex: Validate atomic acquisition in futex_lock_pi_atomic() (Thomas Gleixner) [Orabug: 18918552] {CVE-2014-3153} - futex: Forbid uaddr == uaddr2 in futex_requeue(..., requeue_pi=1) (Thomas Gleixner) [Orabug: 18918552] {CVE-2014-3153} {CVE-2014-3153} | ||||
| Applies to: dtrace-modules dtrace-modules-headers dtrace-modules-provider-headers kernel-uek kernel-uek-debug kernel-uek-debug-devel kernel-uek-devel kernel-uek-doc kernel-uek-firmware |
Created: 2014-11-05 |
Updated: 2015-03-16 |
||
| ID: MITRE:26365 |
Title: ELSA-2014-3034 -- Unbreakable Enterprise kernel security update |
Type: Software |
Bulletins:
MITRE:26365 |
Severity: Low |
| Description: kernel-uek [3.8.13-35.el6uek] - n_tty: Fix n_tty_write crash when echoing in raw mode (Peter Hurley) [Orabug: 18754908] {CVE-2014-0196} {CVE-2014-0196} | ||||
| Applies to: dtrace-modules dtrace-modules-headers dtrace-modules-provider-headers kernel-uek kernel-uek-debug kernel-uek-debug-devel kernel-uek-devel kernel-uek-doc kernel-uek-firmware |
Created: 2014-11-05 |
Updated: 2015-03-16 |
||
| ID: MITRE:27092 |
Title: ELSA-2014-3023 -- Unbreakable Enterprise kernel security update |
Type: Software |
Bulletins:
MITRE:27092 |
Severity: Low |
| Description: kernel-uek [2.6.32-400.34.5uek] - aacraid: missing capable() check in compat ioctl (Dan Carpenter) [Orabug: 18723276] {CVE-2013-6383} | ||||
| Applies to: kernel-uek kernel-uek-debug kernel-uek-debug-devel kernel-uek-devel kernel-uek-doc kernel-uek-firmware kernel-uek-headers mlnx_en ofa |
Created: 2014-11-05 |
Updated: 2015-03-16 |
||
| ID: MITRE:27318 |
Title: ELSA-2014-3021 -- Unbreakable Enterprise kernel security update |
Type: Software |
Bulletins:
MITRE:27318 |
Severity: Low |
| Description: [3.8.13-26.2.4.el6uek] - aacraid: missing capable() check in compat ioctl (Dan Carpenter) [Orabug: 18721961] {CVE-2013-6383} - vhost: fix total length when packets are too short (Michael S. Tsirkin) [Orabug: 18721976] {CVE-2014-0077} | ||||
| Applies to: dtrace-modules kernel-uek kernel-uek-debug kernel-uek-debug-devel kernel-uek-devel kernel-uek-doc kernel-uek-firmware kernel-uek-headers |
Created: 2014-11-05 |
Updated: 2015-03-16 |
||
| ID: MITRE:27347 |
Title: ELSA-2014-3016 -- Unbreakable Enterprise kernel security update |
Type: Software |
Bulletins:
MITRE:27347 |
Severity: Low |
| Description: kernel-uek [2.6.32-400.34.4uek] - netfilter: nf_conntrack_dccp: fix skb_header_pointer API usages (Daniel Borkmann) [Orabug: 18462076] {CVE-2014-2523} - net: sctp: fix sctp_sf_do_5_1D_ce to verify if we/peer is AUTH capable (Daniel Borkmann) [Orabug: 18461091] {CVE-2014-0101} | ||||
| Applies to: kernel-uek kernel-uek-debug kernel-uek-debug-devel kernel-uek-devel kernel-uek-doc kernel-uek-firmware kernel-uek-headers mlnx_en ofa |
Created: 2014-11-05 |
Updated: 2015-03-16 |
||
| ID: MITRE:26883 |
Title: ELSA-2014-3014 -- unbreakable enterprise kernel security update |
Type: Software |
Bulletins:
MITRE:26883 |
Severity: Low |
| Description: kernel-uek [3.8.13-26.2.2.el6uek] - netfilter: nf_conntrack_dccp: fix skb_header_pointer API usages (Daniel Borkmann) [Orabug: 18421673] {CVE-2014-2523} - cifs: ensure that uncached writes handle unmapped areas correctly (Jeff Layton) [Orabug: 18461067] {CVE-2014-0069} {CVE-2014-0069} - net: sctp: fix sctp_sf_do_5_1D_ce to verify if we/peer is AUTH capable (Daniel Borkmann) [Orabug: 18461065] {CVE-2014-0101} - vhost-net: insufficient handling of error conditions in get_rx_bufs() (Guangyu Sun) [Orabug: 18461050] {CVE-2014-0055} | ||||
| Applies to: dtrace-modules kernel-uek kernel-uek-debug kernel-uek-debug-devel kernel-uek-devel kernel-uek-doc kernel-uek-firmware kernel-uek-headers |
Created: 2014-11-05 |
Updated: 2015-03-16 |
||
| ID: MITRE:27278 |
Title: ELSA-2014-3011 -- Unbreakable Enterprise kernel security update |
Type: Software |
Bulletins:
MITRE:27278 |
Severity: Low |
| Description: [3.8.13-26.1.1.el6uek] - inet: fix addr_len/msg->msg_namelen assignment in recv_error and rxpmtu functions (Hannes Frederic Sowa) [18247287] {CVE-2013-7263} {CVE-2013-7265} - inet: prevent leakage of uninitialized memory to user in recv syscalls (Hannes Frederic Sowa) [18238377] {CVE-2013-7263} {CVE-2013-7265} - exec/ptrace: fix get_dumpable() incorrect tests (Kees Cook) [18238348] {CVE-2013-2929} | ||||
| Applies to: dtrace-modules kernel-uek kernel-uek-debug kernel-uek-debug-devel kernel-uek-devel kernel-uek-doc kernel-uek-firmware kernel-uek-headers |
Created: 2014-11-05 |
Updated: 2015-03-16 |
||
| ID: MITRE:27242 |
Title: ELSA-2014-3010 -- Unbreakable Enterprise kernel security update |
Type: Software |
Bulletins:
MITRE:27242 |
Severity: Low |
| Description: [2.6.32-400.34.3] - inet: fix addr_len/msg->msg_namelen assignment in recv_error and rxpmtu functions (Hannes Frederic Sowa) [18247290] {CVE-2013-7263} {CVE-2013-7265} [2.6.32-400.34.2] - exec/ptrace: fix get_dumpable() incorrect tests (Kees Cook) [18239033] {CVE-2013-2929} {CVE-2013-2929} - inet: prevent leakage of uninitialized memory to user in recv syscalls (Hannes Frederic Sowa) [18239036] {CVE-2013-7263} {CVE-2013-7265} | ||||
| Applies to: kernel-uek kernel-uek-debug kernel-uek-debug-devel kernel-uek-devel kernel-uek-doc kernel-uek-firmware kernel-uek-headers mlnx_en ofa |
Created: 2014-11-05 |
Updated: 2015-03-16 |
||
| ID: MITRE:26522 |
Title: ELSA-2014-3002 -- Unbreakable Enterprise kernel security and bug fix update |
Type: Software |
Bulletins:
MITRE:26522 |
Severity: Low |
| Description: [3.8.13-26.el6uek] - spec: Don't remove crashkernel=auto setting (Jerry Snitselaar) [Orabug: 18137993] dtrace-modules-3.8.13-26.el6uek [0.4.2-3] - Obsolete the old provider headers package. [Orabug: 18061595] | ||||
| Applies to: dtrace-modules dtrace-modules-headers dtrace-modules-provider-headers kernel-uek kernel-uek-debug kernel-uek-debug-devel kernel-uek-devel kernel-uek-doc kernel-uek-firmware kernel-uek-headers |
Created: 2014-11-05 |
Updated: 2015-03-16 |
||
| ID: MITRE:27016 |
Title: ELSA-2014-1669 -- qemu-kvm security and bug fix update |
Type: Software |
Bulletins:
MITRE:27016 |
Severity: Low |
| Description: [1.5.3-60.el7_0.10] - kvm-block-add-helper-function-to-determine-if-a-BDS-is-i.patch [bz#1122925] - kvm-block-extend-block-commit-to-accept-a-string-for-the.patch [bz#1122925] - kvm-block-add-backing-file-option-to-block-stream.patch [bz#1122925] - kvm-block-add-__com.redhat_change-backing-file-qmp-comma.patch [bz#1122925] - Resolves: bz#1122925 (Maintain relative path to backing file image during live merge (block-commit)) | ||||
| Applies to: qemu-kvm |
Created: 2014-11-05 |
Updated: 2015-02-23 |
||
| ID: MITRE:26880 |
Title: ELSA-2014-1075 -- qemu-kvm security and bug fix update |
Type: Software |
Bulletins:
MITRE:26880 |
Severity: Low |
| Description: [0.12.1.2-2.415.el6_5.14] - The commit for zrelease .13 was incomplete; the changes to qemu-kvm.spec did not include the '%patchNNNN -p1' lines for patches 4647 through 4655; so although the patch files themselves were committed, the srpm build did not pick them up. In addition, the commit log did not describe the patches. This commit corrects these problems and bumps the zrelease to .14. | ||||
| Applies to: qemu-kvm |
Created: 2014-11-05 |
Updated: 2015-02-23 |
||
| ID: MITRE:27233 |
Title: ELSA-2014-1052 -- openssl security update |
Type: Web |
Bulletins:
MITRE:27233 |
Severity: Low |
| Description: [1.0.1e-34.4] - fix CVE-2014-3505 - doublefree in DTLS packet processing - fix CVE-2014-3506 - avoid memory exhaustion in DTLS - fix CVE-2014-3507 - avoid memory leak in DTLS - fix CVE-2014-3508 - fix OID handling to avoid information leak - fix CVE-2014-3509 - fix race condition when parsing server hello - fix CVE-2014-3510 - fix DoS in anonymous (EC)DH handling in DTLS - fix CVE-2014-3511 - disallow protocol downgrade via fragmentation | ||||
| Applies to: openssl |
Created: 2014-11-05 |
Updated: 2015-02-23 |
||
| ID: MITRE:26804 |
Title: ELSA-2014-1004 -- yum-updatesd security update |
Type: Software |
Bulletins:
MITRE:26804 |
Severity: Low |
| Description: [1:0.9-6] - updatesd: prevent installing unsigned packages. - Resolves: rhbz#1125185 | ||||
| Applies to: yum-updatesd |
Created: 2014-11-05 |
Updated: 2015-02-23 |
||
| ID: MITRE:27160 |
Title: ELSA-2014-0927 -- qemu-kvm security and bug fix update |
Type: Software |
Bulletins:
MITRE:27160 |
Severity: Low |
| Description: [1.5.3-60.el7_0.5] - kvm-Allow-mismatched-virtio-config-len.patch [bz#1095782] - Resolves: bz#1095782 (CVE-2014-0182 qemu-kvm: qemu: virtio: out-of-bounds buffer write on state load with invalid config_len [rhel-7.0.z]) | ||||
| Applies to: qemu-kvm |
Created: 2014-11-05 |
Updated: 2015-02-23 |
||
| ID: MITRE:26595 |
Title: ELSA-2014-0926-1 -- kernel security and bug fix update |
Type: Software |
Bulletins:
MITRE:26595 |
Severity: Low |
| Description: kernel [2.6.18-371.11.1.0.1] - ocfs2: dlm: fix recovery hung (Junxiao Bi) [orabug 13956772] - i386: fix MTRR code (Zhenzhong Duan) [orabug 15862649] - [oprofile] x86, mm: Add __get_user_pages_fast() [orabug 14277030] - [oprofile] export __get_user_pages_fast() function [orabug 14277030] - [oprofile] oprofile, x86: Fix nmi-unsafe callgraph support [orabug 14277030] - [oprofile] oprofile: use KM_NMI slot for kmap_atomic [orabug 14277030] - [oprofile] oprofile: i386 add get_user_pages_fast support [orabug 14277030] - [kernel] Initialize the local uninitialized variable stats. [orabug 14051367] - [fs] JBD:make jbd support 512B blocks correctly for ocfs2. [orabug 13477763] - [x86 ] fix fpu context corrupt when preempt in signal context [orabug 14038272] - [mm] fix hugetlb page leak (Dave McCracken) [orabug 12375075] - fix ia64 build error due to add-support-above-32-vcpus.patch(Zhenzhong Duan) - [x86] use dynamic vcpu_info remap to support more than 32 vcpus (Zhenzhong Duan) - [x86] Fix lvt0 reset when hvm boot up with noapic param - [scsi] remove printk's when doing I/O to a dead device (John Sobecki, Chris Mason) [orabug 12342275] - [char] ipmi: Fix IPMI errors due to timing problems (Joe Jin) [orabug 12561346] - [scsi] Fix race when removing SCSI devices (Joe Jin) [orabug 12404566] - [net] net: Redo the broken redhat netconsole over bonding (Tina Yang) [orabug 12740042] - [fs] nfs: Fix __put_nfs_open_context() NULL pointer panic (Joe Jin) [orabug 12687646] - fix filp_close() race (Joe Jin) [orabug 10335998] - make xenkbd.abs_pointer=1 by default [orabug 67188919] - [xen] check to see if hypervisor supports memory reservation change (Chuck Anderson) [orabug 7556514] - [net] Enable entropy for bnx2,bnx2x,e1000e,igb,ixgb,ixgbe,ixgbevf (John Sobecki) [orabug 10315433] - [NET] Add xen pv netconsole support (Tina Yang) [orabug 6993043] [bz 7258] - [mm] Patch shrink_zone to yield during severe mempressure events, avoiding hangs and evictions (John Sobecki,Chris Mason) [orabug 6086839] - [mm] Enhance shrink_zone patch allow full swap utilization, and also be NUMA-aware (John Sobecki,Chris Mason,Herbert van den Bergh) [orabug 9245919] - fix aacraid not to reset during kexec (Joe Jin) [orabug 8516042] - [xen] PVHVM guest with PoD crashes under memory pressure (Chuck Anderson) [orabug 9107465] - [xen] PV guest with FC HBA hangs during shutdown (Chuck Anderson) [orabug 9764220] - Support 256GB+ memory for pv guest (Mukesh Rathor) [orabug 9450615] - fix overcommit memory to use percpu_counter for (KOSAKI Motohiro, Guru Anbalagane) [orabug 6124033] - [ipmi] make configurable timeouts for kcs of ipmi [orabug 9752208] - [ib] fix memory corruption (Andy Grover) [orabug 9972346] - [usb] USB: fix __must_check warnings in drivers/usb/core/ (Junxiao Bi) [orabug 14795203] - [usb] usbcore: fix endpoint device creation (Junxiao Bi) [orabug 14795203] - [usb] usbcore: fix refcount bug in endpoint removal (Junxiao Bi) [orabug 14795203] | ||||
| Applies to: kernel kernel-PAE kernel-PAE-devel kernel-debug kernel-debug-devel kernel-devel kernel-doc kernel-headers kernel-xen kernel-xen-devel ocfs2 oracleasm |
Created: 2014-11-05 |
Updated: 2015-03-16 |
||
| ID: MITRE:26940 |
Title: ELSA-2014-0926 -- kernel security and bug fix update |
Type: Software |
Bulletins:
MITRE:26940 |
Severity: Low |
| Description: kernel [2.6.18-371.11.1] - [fs] dcache: fix cleanup on warning in d_splice_alias (Denys Vlasenko) [1109720 1080606] - [net] neigh: Make neigh_add_timer symmetrical to neigh_del_timer (Marcelo Ricardo Leitner) [1111195 1109888] - [net] neigh: set NUD_INCOMPLETE when probing router reachability (Marcelo Ricardo Leitner) [1106354 1090806] - [net] ipv6: router reachability probing (Marcelo Ricardo Leitner) [1106354 1090806] - [net] ipv6: probe routes asynchronous in rt6_probe (Marcelo Ricardo Leitner) [1106354 1090806] - [net] ndisc: Update neigh->updated with write lock (Marcelo Ricardo Leitner) [1106354 1090806] - [net] ipv6: remove the unnecessary statement in find_match() (Marcelo Ricardo Leitner) [1106354 1090806] - [net] ipv6: fix route selection if CONFIG_IPV6_ROUTER_PREF unset (Marcelo Ricardo Leitner) [1106354 1090806] - [net] ipv6: Fix def route failover when CONFIG_IPV6_ROUTER_PREF=n (Marcelo Ricardo Leitner) [1106354 1090806] - [net] ipv6: Prefer reachable nexthop only if the caller requests (Marcelo Ricardo Leitner) [1106354 1090806] - [fs] ext4/jbd2: don't wait forever stale tid caused by wraparound (Eric Sandeen) [1097528 980268] - [fs] ext4: Initialize fsync transaction ids in ext4_new_inode() (Eric Sandeen) [1097528 980268] - [fs] jbd2: don't wake kjournald unnecessarily (Eric Sandeen) [1097528 980268] - [fs] jbd2: fix fsync() tid wraparound bug (Eric Sandeen) [1097528 980268] - [infiniband] rds: do not deref NULL dev in rds_iw_laddr_check() (Jacob Tanenbaum) [1093311 1093312] {CVE-2014-2678} - [fs] nfs4: Add recovery for individual stateids - partial backport. (Dave Wysochanski) [1113468 867570] - [fs] nfs4: Don't start state recovery in nfs4_close_done - clean backport. (Dave Wysochanski) [1113468 867570] - [xen] page-alloc: scrub anonymous domain heap pages upon freeing (Vitaly Kuznetsov) [1103648 1103649] {CVE-2014-4021} | ||||
| Applies to: kernel |
Created: 2014-11-05 |
Updated: 2015-03-16 |
||
| ID: MITRE:27351 |
Title: ELSA-2014-0921 -- httpd security update |
Type: Web |
Bulletins:
MITRE:27351 |
Severity: Low |
| Description: [2.4.6-18.0.1.el7_0] - replace index.html with Oracle's index page oracle_index.html [2.4.6-18] - mod_cgid: add security fix for CVE-2014-0231 (#1120607) - mod_proxy: add security fix for CVE-2014-0117 (#1120607) - mod_deflate: add security fix for CVE-2014-0118 (#1120607) - mod_status: add security fix for CVE-2014-0226 (#1120607) - mod_cache: add secutiry fix for CVE-2013-4352 (#1120607) | ||||
| Applies to: httpd |
Created: 2014-11-05 |
Updated: 2015-08-10 |
||
| ID: MITRE:27060 |
Title: ELSA-2014-0920 -- httpd security update |
Type: Web |
Bulletins:
MITRE:27060 |
Severity: Low |
| Description: [2.2.15-31.0.1.el6_5] - replace index.html with Oracle's index page oracle_index.html - update vstring in specfile [2.2.15-31] - mod_cgid: add security fix for CVE-2014-0231 - mod_deflate: add security fix for CVE-2014-0118 - mod_status: add security fix for CVE-2014-0226 | ||||
| Applies to: httpd |
Created: 2014-11-05 |
Updated: 2015-08-10 |
||
| ID: MITRE:27342 |
Title: ELSA-2014-0907 -- java-1.6.0-openjdk security and bug fix update |
Type: Software |
Bulletins:
MITRE:27342 |
Severity: Low |
| Description: [1:1.6.0.1-6.1.13.4] - moved to icedteaver 1.13.4 - moved to openjdkver b32 and openjdkdate 15_jul_2014 - added upstreamed patch patch9 rh1115580-unsyncHashMap.patch - Resolves: rhbz#1115580 - Resolves: rhbz#1115867 | ||||
| Applies to: java-1.6.0-openjdk |
Created: 2014-11-05 |
Updated: 2015-08-10 |
||
| ID: MITRE:26995 |
Title: ELSA-2014-0890 -- java-1.7.0-openjdk security update |
Type: Software |
Bulletins:
MITRE:26995 |
Severity: Low |
| Description: [1.7.0.65-2.5.1.2.0.1.el5_10] - Add oracle-enterprise.patch - Fix DISTRO_NAME to 'Enterprise Linux' [1.7.0.65-2.5.1.2] - added and applied fix for samrtcard io patch405, pr1864_smartcardIO.patch - Resolves: rhbz#1115872 [1.7.0.65-2.5.1.1.el5] - updated to security patched icedtea7-forest 2.5.1 - Resolves: rhbz#1115872 [1.7.0.60-2.5.0.1.el5] - update to icedtea7-forest 2.5.0 (rh1114937) - Resolves: rhbz#1115872 | ||||
| Applies to: java-1.7.0-openjdk |
Created: 2014-11-05 |
Updated: 2015-08-10 |
||
| ID: MITRE:27141 |
Title: ELSA-2014-0889 -- java-1.7.0-openjdk security update |
Type: Software |
Bulletins:
MITRE:27141 |
Severity: Low |
| Description: [1.7.0.65-2.5.1.2.0.1.el6_5] - Update DISTRO_NAME in specfile [1.7.0.65-2.5.1.2] - added and applied fix for samrtcard io patch405, pr1864_smartcardIO.patch - Resolves: rhbz#1115874 [1.7.0.65-2.5.1.1.el6] - updated to security patched icedtea7-forest 2.5.1 - Resolves: rhbz#1115874 [1.7.0.60-2.5.0.1.el6] - update to icedtea7-forest 2.5.0 - Resolves: rhbz#1115874 | ||||
| Applies to: java-1.7.0-openjdk |
Created: 2014-11-05 |
Updated: 2015-08-10 |
||
| ID: MITRE:26531 |
Title: ELSA-2014-0790 -- dovecot security update |
Type: |
Bulletins:
MITRE:26531 |
Severity: Low |
| Description: [1:2.0.9-7.1] - fix CVE-2014-3430: denial of service through maxxing out SSL connections (#1108001) | ||||
| Applies to: dovecot |
Created: 2014-11-05 |
Updated: 2015-02-23 |
||
| ID: MITRE:27323 |
Title: ELSA-2014-0740-1 -- kernel security and bug fix update |
Type: Software |
Bulletins:
MITRE:27323 |
Severity: Low |
| Description: kernel [2.6.18-371.9.1.0.1] - i386: fix MTRR code (Zhenzhong Duan) [orabug 15862649] - [oprofile] x86, mm: Add __get_user_pages_fast() [orabug 14277030] - [oprofile] export __get_user_pages_fast() function [orabug 14277030] - [oprofile] oprofile, x86: Fix nmi-unsafe callgraph support [orabug 14277030] - [oprofile] oprofile: use KM_NMI slot for kmap_atomic [orabug 14277030] - [oprofile] oprofile: i386 add get_user_pages_fast support [orabug 14277030] - [kernel] Initialize the local uninitialized variable stats. [orabug 14051367] - [fs] JBD:make jbd support 512B blocks correctly for ocfs2. [orabug 13477763] - [x86 ] fix fpu context corrupt when preempt in signal context [orabug 14038272] - [mm] fix hugetlb page leak (Dave McCracken) [orabug 12375075] - fix ia64 build error due to add-support-above-32-vcpus.patch(Zhenzhong Duan) - [x86] use dynamic vcpu_info remap to support more than 32 vcpus (Zhenzhong Duan) - [x86] Fix lvt0 reset when hvm boot up with noapic param - [scsi] remove printk's when doing I/O to a dead device (John Sobecki, Chris Mason) [orabug 12342275] - [char] ipmi: Fix IPMI errors due to timing problems (Joe Jin) [orabug 12561346] - [scsi] Fix race when removing SCSI devices (Joe Jin) [orabug 12404566] - [net] net: Redo the broken redhat netconsole over bonding (Tina Yang) [orabug 12740042] - [fs] nfs: Fix __put_nfs_open_context() NULL pointer panic (Joe Jin) [orabug 12687646] - fix filp_close() race (Joe Jin) [orabug 10335998] - make xenkbd.abs_pointer=1 by default [orabug 67188919] - [xen] check to see if hypervisor supports memory reservation change (Chuck Anderson) [orabug 7556514] - [net] Enable entropy for bnx2,bnx2x,e1000e,igb,ixgb,ixgbe,ixgbevf (John Sobecki) [orabug 10315433] - [NET] Add xen pv netconsole support (Tina Yang) [orabug 6993043] [bz 7258] - [mm] Patch shrink_zone to yield during severe mempressure events, avoiding hangs and evictions (John Sobecki,Chris Mason) [orabug 6086839] - [mm] Enhance shrink_zone patch allow full swap utilization, and also be NUMA-aware (John Sobecki,Chris Mason,Herbert van den Bergh) [orabug 9245919] - fix aacraid not to reset during kexec (Joe Jin) [orabug 8516042] - [xen] PVHVM guest with PoD crashes under memory pressure (Chuck Anderson) [orabug 9107465] - [xen] PV guest with FC HBA hangs during shutdown (Chuck Anderson) [orabug 9764220] - Support 256GB+ memory for pv guest (Mukesh Rathor) [orabug 9450615] - fix overcommit memory to use percpu_counter for (KOSAKI Motohiro, Guru Anbalagane) [orabug 6124033] - [ipmi] make configurable timeouts for kcs of ipmi [orabug 9752208] - [ib] fix memory corruption (Andy Grover) [orabug 9972346] - [usb] USB: fix __must_check warnings in drivers/usb/core/ (Junxiao Bi) [orabug 14795203] - [usb] usbcore: fix endpoint device creation (Junxiao Bi) [orabug 14795203] - [usb] usbcore: fix refcount bug in endpoint removal (Junxiao Bi) [orabug 14795203] | ||||
| Applies to: kernel kernel-PAE kernel-PAE-devel kernel-debug kernel-debug-devel kernel-devel kernel-doc kernel-headers kernel-xen kernel-xen-devel ocfs2 oracleasm |
Created: 2014-11-05 |
Updated: 2015-03-16 |
||
| ID: MITRE:27247 |
Title: ELSA-2014-0704 -- qemu-kvm security and bug fix update |
Type: Software |
Bulletins:
MITRE:27247 |
Severity: Low |
| Description: [1.5.3-60.el7_0.2] - kvm-pc-add-hot_add_cpu-callback-to-all-machine-types.patch [bz#1094820] - Resolves: bz#1094820 (Hot plug CPU not working with RHEL6 machine types running on RHEL7 host.) [1.5.3-60.el7_0.1] - kvm-iscsi-fix-indentation.patch [bz#1090978] - kvm-iscsi-correctly-propagate-errors-in-iscsi_open.patch [bz#1090978] - kvm-block-iscsi-query-for-supported-VPD-pages.patch [bz#1090978] - kvm-block-iscsi-fix-segfault-if-writesame-fails.patch [bz#1090978] - kvm-iscsi-recognize-invalid-field-ASCQ-from-WRITE-SAME-c.patch [bz#1090978] - kvm-iscsi-ignore-flushes-on-scsi-generic-devices.patch [bz#1090978] - kvm-iscsi-always-query-max-WRITE-SAME-length.patch [bz#1090978] - kvm-iscsi-Don-t-set-error-if-already-set-in-iscsi_do_inq.patch [bz#1090978] - kvm-iscsi-Remember-to-set-ret-for-iscsi_open-in-error-ca.patch [bz#1090978] - kvm-qemu_loadvm_state-shadow-SeaBIOS-for-VM-incoming-fro.patch [1091322] - kvm-uhci-UNfix-irq-routing-for-RHEL-6-machtypes-RHEL-onl.patch [bz#1090981] - kvm-ide-Correct-improper-smart-self-test-counter-reset-i.patch [bz#1093612] - Resolves: bz#1091322 (fail to reboot guest after migration from RHEL6.5 host to RHEL7.0 host) - Resolves: bz#1090981 (Guest hits call trace migrate from RHEL6.5 to RHEL7.0 host with -M 6.1 & balloon & uhci device) - Resolves: bz#1090978 (qemu-kvm: iSCSI: Failure. SENSE KEY:ILLEGAL_REQUEST(5) ASCQ:INVALID_FIELD_IN_CDB(0x2400)) - Resolves: bz#1093612 (CVE-2014-2894 qemu-kvm: QEMU: out of bounds buffer accesses, guest triggerable via IDE SMART [rhel-7.0.z]) | ||||
| Applies to: qemu-kvm |
Created: 2014-11-05 |
Updated: 2015-02-23 |
||
| ID: MITRE:27337 |
Title: ELSA-2014-0702 -- mariadb security update |
Type: Software |
Bulletins:
MITRE:27337 |
Severity: Low |
| Description: [1:5.5.37-1] - Rebase to 5.5.37 https://kb.askmonty.org/en/mariadb-5537-changelog/ Also fixes: CVE-2014-2440 CVE-2014-0384 CVE-2014-2432 CVE-2014-2431 CVE-2014-2430 CVE-2014-2436 CVE-2014-2438 CVE-2014-2419 Resolves: #1101062 | ||||
| Applies to: mariadb |
Created: 2014-11-05 |
Updated: 2015-02-23 |
||
| ID: MITRE:27029 |
Title: ELSA-2014-0685 -- java-1.6.0-openjdk security update |
Type: Software |
Bulletins:
MITRE:27029 |
Severity: Low |
| Description: [1:1.6.0.1-6.1.13.3] - updated to icedtea 1.13.3 - updated to openjdk-6-src-b31-15_apr_2014 - renmoved upstreamed patch7, 1.13_fixes.patch - renmoved upstreamed patch9, 1051245.patch - Resolves: rhbz#1099563 | ||||
| Applies to: java-1.6.0-openjdk |
Created: 2014-11-05 |
Updated: 2015-02-23 |
||
| ID: MITRE:27123 |
Title: ELSA-2014-0679 -- openssl security update |
Type: Web |
Bulletins:
MITRE:27123 |
Severity: Low |
| Description: [1.0.1e-34.3] - fix CVE-2010-5298 - possible use of memory after free - fix CVE-2014-0195 - buffer overflow via invalid DTLS fragment - fix CVE-2014-0198 - possible NULL pointer dereference - fix CVE-2014-0221 - DoS from invalid DTLS handshake packet - fix CVE-2014-0224 - SSL/TLS MITM vulnerability - fix CVE-2014-3470 - client-side DoS when using anonymous ECDH | ||||
| Applies to: openssl |
Created: 2014-11-05 |
Updated: 2015-02-23 |
||
| ID: MITRE:27331 |
Title: ELSA-2014-0675 -- java-1.7.0-openjdk security update |
Type: Software |
Bulletins:
MITRE:27331 |
Severity: Low |
| Description: [1.7.0.55-2.4.7.2.0.1.el7_0] - Update DISTRO_NAME in specfile [1.7.0.55-2.4.7.2] - Remove NSS patches. Issues with PKCS11 provider mean it shouldn't be enabled. - Always setup nss.cfg and depend on nss-devel at build-time to do so. - This allows users who wish to use PKCS11+NSS to just add it to java.security. - Patches to PKCS11 provider will be included upstream in 2.4.8 (ETA July 2014) - Resolves: rhbz#1099565 [1.7.0.55-2.4.7.0.el7] - bumped to future icedtea-forest 2.4.7 - updatever set to 55, buildver se to 13, release reset to 0 - removed upstreamed patch402 gstackbounds.patch - removed Requires: rhino, BuildRequires is enough - ppc64 repalced by power64 macro - patch111 applied as dry-run (6.6 forward port) - nss enabled, but notused as default (6.6 forward port) - Resolves: rhbz#1099565 | ||||
| Applies to: java-1.7.0-openjdk |
Created: 2014-11-05 |
Updated: 2015-08-10 |
||
| ID: MITRE:27296 |
Title: ELSA-2014-0433-1 -- kernel security, bug fix, and enhancement update |
Type: Software |
Bulletins:
MITRE:27296 |
Severity: Low |
| Description: kernel [2.6.18-371.8.1.0.1] - i386: fix MTRR code (Zhenzhong Duan) [orabug 15862649] - [oprofile] x86, mm: Add __get_user_pages_fast() [orabug 14277030] - [oprofile] export __get_user_pages_fast() function [orabug 14277030] - [oprofile] oprofile, x86: Fix nmi-unsafe callgraph support [orabug 14277030] - [oprofile] oprofile: use KM_NMI slot for kmap_atomic [orabug 14277030] - [oprofile] oprofile: i386 add get_user_pages_fast support [orabug 14277030] - [kernel] Initialize the local uninitialized variable stats. [orabug 14051367] - [fs] JBD:make jbd support 512B blocks correctly for ocfs2. [orabug 13477763] - [x86 ] fix fpu context corrupt when preempt in signal context [orabug 14038272] - [mm] fix hugetlb page leak (Dave McCracken) [orabug 12375075] - fix ia64 build error due to add-support-above-32-vcpus.patch(Zhenzhong Duan) - [x86] use dynamic vcpu_info remap to support more than 32 vcpus (Zhenzhong Duan) - [x86] Fix lvt0 reset when hvm boot up with noapic param - [scsi] remove printk's when doing I/O to a dead device (John Sobecki, Chris Mason) [orabug 12342275] - [char] ipmi: Fix IPMI errors due to timing problems (Joe Jin) [orabug 12561346] - [scsi] Fix race when removing SCSI devices (Joe Jin) [orabug 12404566] - [net] net: Redo the broken redhat netconsole over bonding (Tina Yang) [orabug 12740042] - [fs] nfs: Fix __put_nfs_open_context() NULL pointer panic (Joe Jin) [orabug 12687646] - fix filp_close() race (Joe Jin) [orabug 10335998] - make xenkbd.abs_pointer=1 by default [orabug 67188919] - [xen] check to see if hypervisor supports memory reservation change (Chuck Anderson) [orabug 7556514] - [net] Enable entropy for bnx2,bnx2x,e1000e,igb,ixgb,ixgbe,ixgbevf (John Sobecki) [orabug 10315433] - [NET] Add xen pv netconsole support (Tina Yang) [orabug 6993043] [bz 7258] - [mm] Patch shrink_zone to yield during severe mempressure events, avoiding hangs and evictions (John Sobecki,Chris Mason) [orabug 6086839] - [mm] Enhance shrink_zone patch allow full swap utilization, and also be NUMA-aware (John Sobecki,Chris Mason,Herbert van den Bergh) [orabug 9245919] - fix aacraid not to reset during kexec (Joe Jin) [orabug 8516042] - [xen] PVHVM guest with PoD crashes under memory pressure (Chuck Anderson) [orabug 9107465] - [xen] PV guest with FC HBA hangs during shutdown (Chuck Anderson) [orabug 9764220] - Support 256GB+ memory for pv guest (Mukesh Rathor) [orabug 9450615] - fix overcommit memory to use percpu_counter for (KOSAKI Motohiro, Guru Anbalagane) [orabug 6124033] - [ipmi] make configurable timeouts for kcs of ipmi [orabug 9752208] - [ib] fix memory corruption (Andy Grover) [orabug 9972346] - [usb] USB: fix __must_check warnings in drivers/usb/core/ (Junxiao Bi) [orabug 14795203] - [usb] usbcore: fix endpoint device creation (Junxiao Bi) [orabug 14795203] - [usb] usbcore: fix refcount bug in endpoint removal (Junxiao Bi) [orabug 14795203] | ||||
| Applies to: kernel kernel-PAE kernel-PAE-devel kernel-debug kernel-debug-devel kernel-devel kernel-doc kernel-headers kernel-xen kernel-xen-devel ocfs2 oracleasm |
Created: 2014-11-05 |
Updated: 2015-03-16 |
||
| ID: MITRE:27275 |
Title: ELSA-2014-0285-1 -- kernel security, bug fix, and enhancement update |
Type: Software |
Bulletins:
MITRE:27275 |
Severity: Low |
| Description: kernel [2.6.18-371.6.1.0.1] - i386: fix MTRR code (Zhenzhong Duan) [orabug 15862649] - [oprofile] x86, mm: Add __get_user_pages_fast() [orabug 14277030] - [oprofile] export __get_user_pages_fast() function [orabug 14277030] - [oprofile] oprofile, x86: Fix nmi-unsafe callgraph support [orabug 14277030] - [oprofile] oprofile: use KM_NMI slot for kmap_atomic [orabug 14277030] - [oprofile] oprofile: i386 add get_user_pages_fast support [orabug 14277030] - [kernel] Initialize the local uninitialized variable stats. [orabug 14051367] - [fs] JBD:make jbd support 512B blocks correctly for ocfs2. [orabug 13477763] - [x86 ] fix fpu context corrupt when preempt in signal context [orabug 14038272] - [mm] fix hugetlb page leak (Dave McCracken) [orabug 12375075] - fix ia64 build error due to add-support-above-32-vcpus.patch(Zhenzhong Duan) - [x86] use dynamic vcpu_info remap to support more than 32 vcpus (Zhenzhong Duan) - [x86] Fix lvt0 reset when hvm boot up with noapic param - [scsi] remove printk's when doing I/O to a dead device (John Sobecki, Chris Mason) [orabug 12342275] - [char] ipmi: Fix IPMI errors due to timing problems (Joe Jin) [orabug 12561346] - [scsi] Fix race when removing SCSI devices (Joe Jin) [orabug 12404566] - [net] net: Redo the broken redhat netconsole over bonding (Tina Yang) [orabug 12740042] - [fs] nfs: Fix __put_nfs_open_context() NULL pointer panic (Joe Jin) [orabug 12687646] - fix filp_close() race (Joe Jin) [orabug 10335998] - make xenkbd.abs_pointer=1 by default [orabug 67188919] - [xen] check to see if hypervisor supports memory reservation change (Chuck Anderson) [orabug 7556514] - [net] Enable entropy for bnx2,bnx2x,e1000e,igb,ixgb,ixgbe,ixgbevf (John Sobecki) [orabug 10315433] - [NET] Add xen pv netconsole support (Tina Yang) [orabug 6993043] [bz 7258] - [mm] Patch shrink_zone to yield during severe mempressure events, avoiding hangs and evictions (John Sobecki,Chris Mason) [orabug 6086839] - [mm] Enhance shrink_zone patch allow full swap utilization, and also be NUMA-aware (John Sobecki,Chris Mason,Herbert van den Bergh) [orabug 9245919] - fix aacraid not to reset during kexec (Joe Jin) [orabug 8516042] - [xen] PVHVM guest with PoD crashes under memory pressure (Chuck Anderson) [orabug 9107465] - [xen] PV guest with FC HBA hangs during shutdown (Chuck Anderson) [orabug 9764220] - Support 256GB+ memory for pv guest (Mukesh Rathor) [orabug 9450615] - fix overcommit memory to use percpu_counter for (KOSAKI Motohiro, Guru Anbalagane) [orabug 6124033] - [ipmi] make configurable timeouts for kcs of ipmi [orabug 9752208] - [ib] fix memory corruption (Andy Grover) [orabug 9972346] - [usb] USB: fix __must_check warnings in drivers/usb/core/ (Junxiao Bi) [orabug 14795203] - [usb] usbcore: fix endpoint device creation (Junxiao Bi) [orabug 14795203] - [usb] usbcore: fix refcount bug in endpoint removal (Junxiao Bi) [orabug 14795203] | ||||
| Applies to: kernel kernel-PAE kernel-PAE-devel kernel-debug kernel-debug-devel kernel-devel kernel-doc kernel-headers kernel-xen kernel-xen-devel ocfs2 oracleasm |
Created: 2014-11-05 |
Updated: 2015-03-16 |
||
| ID: MITRE:27232 |
Title: ELSA-2014-0108-1 -- kernel security and bug fix update |
Type: Software |
Bulletins:
MITRE:27232 |
Severity: Low |
| Description: kernel [2.6.18-371.4.1.0.1] - i386: fix MTRR code (Zhenzhong Duan) [orabug 15862649] - [oprofile] x86, mm: Add __get_user_pages_fast() [orabug 14277030] - [oprofile] export __get_user_pages_fast() function [orabug 14277030] - [oprofile] oprofile, x86: Fix nmi-unsafe callgraph support [orabug 14277030] - [oprofile] oprofile: use KM_NMI slot for kmap_atomic [orabug 14277030] - [oprofile] oprofile: i386 add get_user_pages_fast support [orabug 14277030] - [kernel] Initialize the local uninitialized variable stats. [orabug 14051367] - [fs] JBD:make jbd support 512B blocks correctly for ocfs2. [orabug 13477763] - [x86 ] fix fpu context corrupt when preempt in signal context [orabug 14038272] - [mm] fix hugetlb page leak (Dave McCracken) [orabug 12375075] - fix ia64 build error due to add-support-above-32-vcpus.patch(Zhenzhong Duan) - [x86] use dynamic vcpu_info remap to support more than 32 vcpus (Zhenzhong Duan) - [x86] Fix lvt0 reset when hvm boot up with noapic param - [scsi] remove printk's when doing I/O to a dead device (John Sobecki, Chris Mason) [orabug 12342275] - [char] ipmi: Fix IPMI errors due to timing problems (Joe Jin) [orabug 12561346] - [scsi] Fix race when removing SCSI devices (Joe Jin) [orabug 12404566] - [net] net: Redo the broken redhat netconsole over bonding (Tina Yang) [orabug 12740042] - [fs] nfs: Fix __put_nfs_open_context() NULL pointer panic (Joe Jin) [orabug 12687646] - fix filp_close() race (Joe Jin) [orabug 10335998] - make xenkbd.abs_pointer=1 by default [orabug 67188919] - [xen] check to see if hypervisor supports memory reservation change (Chuck Anderson) [orabug 7556514] - [net] Enable entropy for bnx2,bnx2x,e1000e,igb,ixgb,ixgbe,ixgbevf (John Sobecki) [orabug 10315433] - [NET] Add xen pv netconsole support (Tina Yang) [orabug 6993043] [bz 7258] - [mm] Patch shrink_zone to yield during severe mempressure events, avoiding hangs and evictions (John Sobecki,Chris Mason) [orabug 6086839] - [mm] Enhance shrink_zone patch allow full swap utilization, and also be NUMA-aware (John Sobecki,Chris Mason,Herbert van den Bergh) [orabug 9245919] - fix aacraid not to reset during kexec (Joe Jin) [orabug 8516042] - [xen] PVHVM guest with PoD crashes under memory pressure (Chuck Anderson) [orabug 9107465] - [xen] PV guest with FC HBA hangs during shutdown (Chuck Anderson) [orabug 9764220] - Support 256GB+ memory for pv guest (Mukesh Rathor) [orabug 9450615] - fix overcommit memory to use percpu_counter for (KOSAKI Motohiro, Guru Anbalagane) [orabug 6124033] - [ipmi] make configurable timeouts for kcs of ipmi [orabug 9752208] - [ib] fix memory corruption (Andy Grover) [orabug 9972346] - [usb] USB: fix __must_check warnings in drivers/usb/core/ (Junxiao Bi) [orabug 14795203] - [usb] usbcore: fix endpoint device creation (Junxiao Bi) [orabug 14795203] - [usb] usbcore: fix refcount bug in endpoint removal (Junxiao Bi) [orabug 14795203] | ||||
| Applies to: kernel kernel-PAE kernel-PAE-devel kernel-debug kernel-debug-devel kernel-devel kernel-doc kernel-headers kernel-xen kernel-xen-devel ocfs2 oracleasm |
Created: 2014-11-05 |
Updated: 2015-03-16 |
||
| ID: MITRE:27343 |
Title: ELSA-2013-2589 -- unbreakable enterprise kernel security update |
Type: Software |
Bulletins:
MITRE:27343 |
Severity: Low |
| Description: kernel-uek [2.6.32-400.33.4uek] - kernel/signal.c: stop info leak via the tkill and the tgkill syscalls (Emese Revfy) [Orabug: 17951083] {CVE-2013-2141} - ip_output: do skb ufo init for peeked non ufo skb as well (Jiri Pirko) [Orabug: 17951078] {CVE-2013-4470} - KVM: x86: Fix potential divide by 0 in lapic (CVE-2013-6367) (Andy Honig) [Orabug: 17951073] {CVE-2013-6367} | ||||
| Applies to: kernel-uek kernel-uek-debug kernel-uek-debug-devel kernel-uek-devel kernel-uek-doc kernel-uek-firmware kernel-uek-headers mlnx_en ofa |
Created: 2014-11-05 |
Updated: 2015-03-16 |
||
| ID: MITRE:27388 |
Title: ELSA-2013-2587 -- unbreakable enterprise kernel security update |
Type: Software |
Bulletins:
MITRE:27388 |
Severity: Low |
| Description: kernel-uek [3.8.13-16.2.3.el6uek] - ip_output: do skb ufo init for peeked non ufo skb as well (Jiri Pirko) [Orabug: 17951078] {CVE-2013-4470} - ip6_output: do skb ufo init for peeked non ufo skb as well (Jiri Pirko) [Orabug: 17951080] {CVE-2013-4470} - KVM: x86: fix guest-initiated crash with x2apic (CVE-2013-6376) (Gleb Natapov) [Orabug: 17951067] {CVE-2013-6376} - KVM: x86: Convert vapic synchronization to _cached functions (CVE-2013-6368) (Andy Honig) [Orabug: 17951071] {CVE-2013-6368} - KVM: x86: Fix potential divide by 0 in lapic (CVE-2013-6367) (Andy Honig) [Orabug: 17951073] {CVE-2013-6367} | ||||
| Applies to: dtrace-modules dtrace-modules-3.8.13-16.2.3.el6uek-provider-headers kernel-uek kernel-uek-debug kernel-uek-debug-devel kernel-uek-devel kernel-uek-doc kernel-uek-firmware kernel-uek-headers |
Created: 2014-11-05 |
Updated: 2015-03-16 |
||
| ID: MITRE:27358 |
Title: ELSA-2013-2585 -- Unbreakable Enterprise Kernel security update |
Type: Software |
Bulletins:
MITRE:27358 |
Severity: Low |
| Description: kernel-uek [2.6.32-400.33.3uek] - af_key: fix info leaks in notify messages (Mathias Krause) [Orabug: 17837974] {CVE-2013-2234} - drivers/cdrom/cdrom.c: use kzalloc() for failing hardware (Jonathan Salwan) [Orabug: 17837971] {CVE-2013-2164} - fs/compat_ioctl.c: VIDEO_SET_SPU_PALETTE missing error check (Kees Cook) [Orabug: 17837966] {CVE-2013-1928} - Bluetooth: RFCOMM - Fix info leak in ioctl(RFCOMMGETDEVLIST) (Mathias Krause) [Orabug: 17837959] {CVE-2012-6545} - Bluetooth: RFCOMM - Fix info leak via getsockname() (Mathias Krause) [Orabug: 17838023] {CVE-2012-6545} - llc: Fix missing msg_namelen update in llc_ui_recvmsg() (Mathias Krause) [Orabug: 17837945] {CVE-2013-3231} - HID: pantherlord: validate output report details (Kees Cook) [Orabug: 17837942] {CVE-2013-2892} - HID: zeroplus: validate output report details (Kees Cook) [Orabug: 17837936] {CVE-2013-2889} - HID: provide a helper for validating hid reports (Kees Cook) [Orabug: 17837936] - NFSv4: Check for buffer length in __nfs4_get_acl_uncached (Sven Wegener) [Orabug: 17837931] {CVE-2013-4591} - ansi_cprng: Fix off by one error in non-block size request (Neil Horman) [Orabug: 17837999] {CVE-2013-4345} - HID: validate HID report id size (Kees Cook) [Orabug: 17837925] {CVE-2013-2888} - ipv6: remove max_addresses check from ipv6_create_tempaddr (Hannes Frederic Sowa) [Orabug: 17837923] {CVE-2013-0343} | ||||
| Applies to: kernel-uek kernel-uek-debug kernel-uek-debug-devel kernel-uek-devel kernel-uek-doc kernel-uek-firmware kernel-uek-headers mlnx_en ofa |
Created: 2014-11-05 |
Updated: 2015-03-16 |
||
| ID: MITRE:27338 |
Title: ELSA-2013-2583 -- Unbreakable Enterprise Kernel security update |
Type: Software |
Bulletins:
MITRE:27338 |
Severity: Low |
| Description: [3.8.13-16.2.2.el6uek] - HID: pantherlord: validate output report details (Kees Cook) [Orabug: 17841973] {CVE-2013-2892} - HID: zeroplus: validate output report details (Kees Cook) [Orabug: 17841968] {CVE-2013-2889} - HID: provide a helper for validating hid reports (Kees Cook) [Orabug: 17841968] {CVE-2013-2889} - KVM: Fix iommu map/unmap to handle memory slot moves (Alex Williamson) [Orabug: 17841960] {CVE-2013-4592} - ansi_cprng: Fix off by one error in non-block size request (Jerry Snitselaar) [Orabug: 17837997] {CVE-2013-4345} - HID: validate HID report id size (Kees Cook) [Orabug: 17841940] {CVE-2013-2888} - ipv6: remove max_addresses check from ipv6_create_tempaddr (Hannes Frederic Sowa) [Orabug: 17841911] {CVE-2013-0343} - ipv6: udp packets following an UFO enqueued packet need also be handled by UFO (Hannes Frederic Sowa) [Orabug: 17841928] {CVE-2013-4387} | ||||
| Applies to: dtrace-modules dtrace-modules-3.8.13-16.2.2.el6uek-provider-headers kernel-uek kernel-uek-debug kernel-uek-debug-devel kernel-uek-devel kernel-uek-doc kernel-uek-firmware kernel-uek-headers |
Created: 2014-11-05 |
Updated: 2015-03-16 |
||
| ID: MITRE:27502 |
Title: ELSA-2013-2577 -- unbreakable enterprise kernel security update |
Type: Software |
Bulletins:
MITRE:27502 |
Severity: Low |
| Description: kernel-uek [3.8.13-16.1.1.el6uek] - dm snapshot: fix data corruption (Mikulas Patocka) [Orabug: 17617582] {CVE-2013-4299} | ||||
| Applies to: dtrace-modules dtrace-modules-3.8.13-16.1.1.el6uek-provider-headers kernel-uek kernel-uek-debug kernel-uek-debug-devel kernel-uek-devel kernel-uek-doc kernel-uek-firmware kernel-uek-headers |
Created: 2014-11-05 |
Updated: 2015-03-16 |
||
| ID: MITRE:27378 |
Title: ELSA-2013-2575 -- unbreakable enterprise kernel security update |
Type: Software |
Bulletins:
MITRE:27378 |
Severity: Low |
| Description: kernel-uek [2.6.32-400.33.2] - dm snapshot: fix data corruption (Mikulas Patocka) [Orabug: 17618900] {CVE-2013-4299} - ipv6: call udp_push_pending_frames when uncorking a socket with AF_INET pending data (Hannes Frederic Sowa) [Orabug: 17618897] {CVE-2013-4162} | ||||
| Applies to: kernel-uek kernel-uek-debug kernel-uek-debug-devel kernel-uek-devel kernel-uek-doc kernel-uek-firmware kernel-uek-headers mlnx_en ofa |
Created: 2014-11-05 |
Updated: 2015-03-16 |
||
| ID: MITRE:26512 |
Title: ELSA-2013-2542 -- unbreakable enterprise kernel security update |
Type: Software |
Bulletins:
MITRE:26512 |
Severity: Low |
| Description: kernel-uek [2.6.32-400.29.3uek] - block: do not pass disk names as format strings (Jerry Snitselaar) [Orabug: 17230124] {CVE-2013-2851} - af_key: initialize satype in key_notify_policy_flush() (Nicolas Dichtel) [Orabug: 17370765] {CVE-2013-2237} - Bluetooth: L2CAP - Fix info leak via getsockname() (Mathias Krause) [Orabug: 17371054] {CVE-2012-6544} - Bluetooth: HCI - Fix info leak in getsockopt(HCI_FILTER) (Mathias Krause) [Orabug: 17371072] {CVE-2012-6544} - ipv6: ip6_sk_dst_check() must not assume ipv6 dst (Eric Dumazet) [Orabug: 17371079] {CVE-2013-2232} - sctp: Use correct sideffect command in duplicate cookie handling (Vlad Yasevich) [Orabug: 17371121] {CVE-2013-2206} - sctp: deal with multiple COOKIE_ECHO chunks (Max Matveev) [Orabug: 17372129] {CVE-2013-2206} | ||||
| Applies to: kernel-uek kernel-uek-debug kernel-uek-debug-devel kernel-uek-devel kernel-uek-doc kernel-uek-firmware kernel-uek-headers mlnx_en ofa |
Created: 2014-11-05 |
Updated: 2015-03-16 |
||
| ID: MITRE:27433 |
Title: ELSA-2013-2537 -- unbreakable enterprise kernel security update |
Type: Software |
Bulletins:
MITRE:27433 |
Severity: Low |
| Description: kernel-uek [2.6.32-400.29.2uek] - Bluetooth: RFCOMM - Fix missing msg_namelen update in rfcomm_sock_recvmsg() (Mathias Krause) [Orabug: 17173824] {CVE-2013-3225} - Bluetooth: fix possible info leak in bt_sock_recvmsg() (Mathias Krause) [Orabug: 17173824] {CVE-2013-3224} - atm: update msg_namelen in vcc_recvmsg() (Mathias Krause) [Orabug: 17173824] {CVE-2013-3222} - dcbnl: fix various netlink info leaks (Mathias Krause) [Orabug: 17173824] {CVE-2013-2634} - udf: avoid info leak on export (Mathias Krause) [Orabug: 17173824] {CVE-2012-6548} - b43: stop format string leaking into error msgs (Kees Cook) [Orabug: 17173824] {CVE-2013-2852} - signal: always clear sa_restorer on execve (Kees Cook) [Orabug: 17173824] {CVE-2013-0914} | ||||
| Applies to: kernel-uek kernel-uek-debug kernel-uek-debug-devel kernel-uek-devel kernel-uek-doc kernel-uek-firmware kernel-uek-headers mlnx_en ofa |
Created: 2014-11-05 |
Updated: 2015-03-16 |
||
| ID: MITRE:27466 |
Title: ELSA-2013-2534 -- Unbreakable Enterprise kernel Security update |
Type: Software |
Bulletins:
MITRE:27466 |
Severity: Low |
| Description: [2.6.32-400.29.1] - KVM: add missing void __user COPYING CREDITS Documentation Kbuild MAINTAINERS Makefile README REPORTING-BUGS arch block crypto drivers firmware fs include init ipc kernel lib mm net samples scripts security sound tools uek-rpm usr virt cast to access_ok() call (Heiko Carstens) [Orabug: 16941620] {CVE-2013-1943} - KVM: Validate userspace_addr of memslot when registered (Takuya Yoshikawa) [Orabug: 16941620] {CVE-2013-1943} | ||||
| Applies to: kernel-uek kernel-uek-debug kernel-uek-debug-devel kernel-uek-devel kernel-uek-doc kernel-uek-firmware kernel-uek-headers mlnx_en ofa |
Created: 2014-11-05 |
Updated: 2015-03-16 |
||
| ID: MITRE:27622 |
Title: ELSA-2013-2520 -- Unbreakable Enterprise kernel security update |
Type: Software |
Bulletins:
MITRE:27622 |
Severity: Low |
| Description: [2.6.32-400.26.2] - mm/hotplug: correctly add new zone to all other nodes' zone lists (Jiang Liu) [Orabug: 16603569] {CVE-2012-5517} - ptrace: ptrace_resume() shouldn't wake up !TASK_TRACED thread (Oleg Nesterov) [Orabug: 16405868] {CVE-2013-0871} - ptrace: ensure arch_ptrace/ptrace_request can never race with SIGKILL (Oleg Nesterov) [Orabug: 16405868] {CVE-2013-0871} - ptrace: introduce signal_wake_up_state() and ptrace_signal_wake_up() (Oleg Nesterov) [Orabug: 16405868] {CVE-2013-0871} - Bluetooth: Fix incorrect strncpy() in hidp_setup_hid() (Anderson Lizardo) [Orabug: 16711062] {CVE-2013-0349} - dccp: check ccid before dereferencing (Mathias Krause) [Orabug: 16711040] {CVE-2013-1827} - USB: io_ti: Fix NULL dereference in chase_port() (Wolfgang Frisch) [Orabug: 16425435] {CVE-2013-1774} - keys: fix race with concurrent install_user_keyrings() (David Howells) [Orabug: 16493369] {CVE-2013-1792} - KVM: Fix bounds checking in ioapic indirect register reads (CVE-2013-1798) (Andy Honig) [Orabug: 16710937] {CVE-2013-1798} - KVM: x86: fix for buffer overflow in handling of MSR_KVM_SYSTEM_TIME (CVE-2013-1796) (Jerry Snitselaar) [Orabug: 16710794] {CVE-2013-1796} - net/tun: fix ioctl() based info leaks (Mathias Krause) [Orabug: 16675501] {CVE-2012-6547} - atm: fix info leak via getsockname() (Mathias Krause) [Orabug: 16675501] {CVE-2012-6546} - atm: fix info leak in getsockopt(SO_ATMPVC) (Mathias Krause) [Orabug: 16675501] {CVE-2012-6546} - xfrm_user: fix info leak in copy_to_user_tmpl() (Mathias Krause) [Orabug: 16675501] {CVE-2012-6537} - xfrm_user: fix info leak in copy_to_user_policy() (Mathias Krause) [Orabug: 16675501] {CVE-2012-6537} - xfrm_user: fix info leak in copy_to_user_state() (Mathias Krause) [Orabug: 16675501] {CVE-2013-6537} - xfrm_user: return error pointer instead of NULL #2 (Mathias Krause) [Orabug: 16675501] {CVE-2013-1826} - xfrm_user: return error pointer instead of NULL (Mathias Krause) [Orabug: 16675501] {CVE-2013-1826} | ||||
| Applies to: kernel-uek kernel-uek-debug kernel-uek-debug-devel kernel-uek-devel kernel-uek-doc kernel-uek-firmware kernel-uek-headers mlnx_en ofa |
Created: 2014-11-05 |
Updated: 2015-03-16 |
||
| ID: MITRE:27047 |
Title: ELSA-2013-2512 -- Unbreakable Enterprise kernel Security update |
Type: Software |
Bulletins:
MITRE:27047 |
Severity: Low |
| Description: kernel-uek [2.6.32-300.39.5uek] - x86/msr: Add capabilities check (Alan Cox) [Orabug: 16481233] {CVE-2013-0268} ofa-2.6.32-300.39.5.el6uek mlnx_en-2.6.32-300.39.5.el6uek * Mon Dec 12 2011 Guru Anbalagane | ||||
| Applies to: kernel-uek kernel-uek-debug kernel-uek-debug-devel kernel-uek-devel kernel-uek-doc kernel-uek-firmware kernel-uek-headers mlnx_en ofa |
Created: 2014-11-05 |
Updated: 2015-03-16 |
||
| ID: MITRE:27657 |
Title: ELSA-2013-2504 -- Unbreakable Enterprise kernel security update |
Type: Software |
Bulletins:
MITRE:27657 |
Severity: Low |
| Description: [2.6.32-300.39.4] - exec: do not leave bprm->interp on stack (Kees Cook) [Orabug: 16286741] {CVE-2012-4530} - exec: use -ELOOP for max recursion depth (Kees Cook) [Orabug: 16286741] {CVE-2012-4530} [2.6.32-300.39.3] - Xen: Fix stack corruption in xen_failsafe_callback for 32bit PVOPS guests. (Frediano Ziglio) [Orabug: 16274192] {CVE-2013-0190} | ||||
| Applies to: kernel-uek kernel-uek-debug kernel-uek-debug-devel kernel-uek-devel kernel-uek-doc kernel-uek-firmware kernel-uek-headers mlnx_en ofa |
Created: 2014-11-05 |
Updated: 2015-03-16 |
||
| ID: MITRE:26673 |
Title: ELSA-2013-1790-1 -- kernel security and bug fix update |
Type: Software |
Bulletins:
MITRE:26673 |
Severity: Low |
| Description: kernel [2.6.18-371.3.1.0.1] - i386: fix MTRR code (Zhenzhong Duan) [orabug 15862649] - [oprofile] x86, mm: Add __get_user_pages_fast() [orabug 14277030] - [oprofile] export __get_user_pages_fast() function [orabug 14277030] - [oprofile] oprofile, x86: Fix nmi-unsafe callgraph support [orabug 14277030] - [oprofile] oprofile: use KM_NMI slot for kmap_atomic [orabug 14277030] - [oprofile] oprofile: i386 add get_user_pages_fast support [orabug 14277030] - [kernel] Initialize the local uninitialized variable stats. [orabug 14051367] - [fs] JBD:make jbd support 512B blocks correctly for ocfs2. [orabug 13477763] - [x86 ] fix fpu context corrupt when preempt in signal context [orabug 14038272] - [mm] fix hugetlb page leak (Dave McCracken) [orabug 12375075] - fix ia64 build error due to add-support-above-32-vcpus.patch(Zhenzhong Duan) - [x86] use dynamic vcpu_info remap to support more than 32 vcpus (Zhenzhong Duan) - [x86] Fix lvt0 reset when hvm boot up with noapic param - [scsi] remove printk's when doing I/O to a dead device (John Sobecki, Chris Mason) [orabug 12342275] - [char] ipmi: Fix IPMI errors due to timing problems (Joe Jin) [orabug 12561346] - [scsi] Fix race when removing SCSI devices (Joe Jin) [orabug 12404566] - [net] net: Redo the broken redhat netconsole over bonding (Tina Yang) [orabug 12740042] - [fs] nfs: Fix __put_nfs_open_context() NULL pointer panic (Joe Jin) [orabug 12687646] - fix filp_close() race (Joe Jin) [orabug 10335998] - make xenkbd.abs_pointer=1 by default [orabug 67188919] - [xen] check to see if hypervisor supports memory reservation change (Chuck Anderson) [orabug 7556514] - [net] Enable entropy for bnx2,bnx2x,e1000e,igb,ixgb,ixgbe,ixgbevf (John Sobecki) [orabug 10315433] - [NET] Add xen pv netconsole support (Tina Yang) [orabug 6993043] [bz 7258] - [mm] Patch shrink_zone to yield during severe mempressure events, avoiding hangs and evictions (John Sobecki,Chris Mason) [orabug 6086839] - [mm] Enhance shrink_zone patch allow full swap utilization, and also be NUMA-aware (John Sobecki,Chris Mason,Herbert van den Bergh) [orabug 9245919] - fix aacraid not to reset during kexec (Joe Jin) [orabug 8516042] - [xen] PVHVM guest with PoD crashes under memory pressure (Chuck Anderson) [orabug 9107465] - [xen] PV guest with FC HBA hangs during shutdown (Chuck Anderson) [orabug 9764220] - Support 256GB+ memory for pv guest (Mukesh Rathor) [orabug 9450615] - fix overcommit memory to use percpu_counter for (KOSAKI Motohiro, Guru Anbalagane) [orabug 6124033] - [ipmi] make configurable timeouts for kcs of ipmi [orabug 9752208] - [ib] fix memory corruption (Andy Grover) [orabug 9972346] - [usb] USB: fix __must_check warnings in drivers/usb/core/ (Junxiao Bi) [orabug 14795203] - [usb] usbcore: fix endpoint device creation (Junxiao Bi) [orabug 14795203] - [usb] usbcore: fix refcount bug in endpoint removal (Junxiao Bi) [orabug 14795203] | ||||
| Applies to: kernel kernel-PAE kernel-PAE-devel kernel-debug kernel-debug-devel kernel-devel kernel-doc kernel-headers kernel-xen kernel-xen-devel ocfs2 oracleasm |
Created: 2014-11-05 |
Updated: 2015-03-16 |
||
| ID: MITRE:27381 |
Title: ELSA-2013-1449-1 -- kernel security and bug fix update |
Type: Software |
Bulletins:
MITRE:27381 |
Severity: Low |
| Description: kernel [2.6.18-371.1.2.0.1] - i386: fix MTRR code (Zhenzhong Duan) [orabug 15862649] - [oprofile] x86, mm: Add __get_user_pages_fast() [orabug 14277030] - [oprofile] export __get_user_pages_fast() function [orabug 14277030] - [oprofile] oprofile, x86: Fix nmi-unsafe callgraph support [orabug 14277030] - [oprofile] oprofile: use KM_NMI slot for kmap_atomic [orabug 14277030] - [oprofile] oprofile: i386 add get_user_pages_fast support [orabug 14277030] - [kernel] Initialize the local uninitialized variable stats. [orabug 14051367] - [fs] JBD:make jbd support 512B blocks correctly for ocfs2. [orabug 13477763] - [x86 ] fix fpu context corrupt when preempt in signal context [orabug 14038272] - [mm] fix hugetlb page leak (Dave McCracken) [orabug 12375075] - fix ia64 build error due to add-support-above-32-vcpus.patch(Zhenzhong Duan) - [x86] use dynamic vcpu_info remap to support more than 32 vcpus (Zhenzhong Duan) - [x86] Fix lvt0 reset when hvm boot up with noapic param - [scsi] remove printk's when doing I/O to a dead device (John Sobecki, Chris Mason) [orabug 12342275] - [char] ipmi: Fix IPMI errors due to timing problems (Joe Jin) [orabug 12561346] - [scsi] Fix race when removing SCSI devices (Joe Jin) [orabug 12404566] - [net] net: Redo the broken redhat netconsole over bonding (Tina Yang) [orabug 12740042] - [fs] nfs: Fix __put_nfs_open_context() NULL pointer panic (Joe Jin) [orabug 12687646] - fix filp_close() race (Joe Jin) [orabug 10335998] - make xenkbd.abs_pointer=1 by default [orabug 67188919] - [xen] check to see if hypervisor supports memory reservation change (Chuck Anderson) [orabug 7556514] - [net] Enable entropy for bnx2,bnx2x,e1000e,igb,ixgb,ixgbe,ixgbevf (John Sobecki) [orabug 10315433] - [NET] Add xen pv netconsole support (Tina Yang) [orabug 6993043] [bz 7258] - [mm] Patch shrink_zone to yield during severe mempressure events, avoiding hangs and evictions (John Sobecki,Chris Mason) [orabug 6086839] - [mm] Enhance shrink_zone patch allow full swap utilization, and also be NUMA-aware (John Sobecki,Chris Mason,Herbert van den Bergh) [orabug 9245919] - fix aacraid not to reset during kexec (Joe Jin) [orabug 8516042] - [xen] PVHVM guest with PoD crashes under memory pressure (Chuck Anderson) [orabug 9107465] - [xen] PV guest with FC HBA hangs during shutdown (Chuck Anderson) [orabug 9764220] - Support 256GB+ memory for pv guest (Mukesh Rathor) [orabug 9450615] - fix overcommit memory to use percpu_counter for (KOSAKI Motohiro, Guru Anbalagane) [orabug 6124033] - [ipmi] make configurable timeouts for kcs of ipmi [orabug 9752208] - [ib] fix memory corruption (Andy Grover) [orabug 9972346] - [usb] USB: fix __must_check warnings in drivers/usb/core/ (Junxiao Bi) [orabug 14795203] - [usb] usbcore: fix endpoint device creation (Junxiao Bi) [orabug 14795203] - [usb] usbcore: fix refcount bug in endpoint removal (Junxiao Bi) [orabug 14795203] | ||||
| Applies to: kernel kernel-PAE kernel-PAE-devel kernel-debug kernel-debug-devel kernel-devel kernel-doc kernel-headers kernel-xen kernel-xen-devel ocfs2 oracleasm |
Created: 2014-11-05 |
Updated: 2015-03-16 |
||
| ID: MITRE:27281 |
Title: ELSA-2013-1348-1 -- Oracle Linux 5 kernel update |
Type: Software |
Bulletins:
MITRE:27281 |
Severity: Low |
| Description: kernel [2.6.18-371.0.0.0.1] - i386: fix MTRR code (Zhenzhong Duan) [orabug 15862649] - [oprofile] x86, mm: Add __get_user_pages_fast() [orabug 14277030] - [oprofile] export __get_user_pages_fast() function [orabug 14277030] - [oprofile] oprofile, x86: Fix nmi-unsafe callgraph support [orabug 14277030] - [oprofile] oprofile: use KM_NMI slot for kmap_atomic [orabug 14277030] - [oprofile] oprofile: i386 add get_user_pages_fast support [orabug 14277030] - [kernel] Initialize the local uninitialized variable stats. [orabug 14051367] - [fs] JBD:make jbd support 512B blocks correctly for ocfs2. [orabug 13477763] - [x86 ] fix fpu context corrupt when preempt in signal context [orabug 14038272] - [mm] fix hugetlb page leak (Dave McCracken) [orabug 12375075] - fix ia64 build error due to add-support-above-32-vcpus.patch(Zhenzhong Duan) - [x86] use dynamic vcpu_info remap to support more than 32 vcpus (Zhenzhong Duan) - [x86] Fix lvt0 reset when hvm boot up with noapic param - [scsi] remove printk's when doing I/O to a dead device (John Sobecki, Chris Mason) [orabug 12342275] - [char] ipmi: Fix IPMI errors due to timing problems (Joe Jin) [orabug 12561346] - [scsi] Fix race when removing SCSI devices (Joe Jin) [orabug 12404566] - [net] net: Redo the broken redhat netconsole over bonding (Tina Yang) [orabug 12740042] - [fs] nfs: Fix __put_nfs_open_context() NULL pointer panic (Joe Jin) [orabug 12687646] - fix filp_close() race (Joe Jin) [orabug 10335998] - make xenkbd.abs_pointer=1 by default [orabug 67188919] - [xen] check to see if hypervisor supports memory reservation change (Chuck Anderson) [orabug 7556514] - [net] Enable entropy for bnx2,bnx2x,e1000e,igb,ixgb,ixgbe,ixgbevf (John Sobecki) [orabug 10315433] - [NET] Add xen pv netconsole support (Tina Yang) [orabug 6993043] [bz 7258] - [mm] Patch shrink_zone to yield during severe mempressure events, avoiding hangs and evictions (John Sobecki,Chris Mason) [orabug 6086839] - [mm] Enhance shrink_zone patch allow full swap utilization, and also be NUMA-aware (John Sobecki,Chris Mason,Herbert van den Bergh) [orabug 9245919] - fix aacraid not to reset during kexec (Joe Jin) [orabug 8516042] - [xen] PVHVM guest with PoD crashes under memory pressure (Chuck Anderson) [orabug 9107465] - [xen] PV guest with FC HBA hangs during shutdown (Chuck Anderson) [orabug 9764220] - Support 256GB+ memory for pv guest (Mukesh Rathor) [orabug 9450615] - fix overcommit memory to use percpu_counter for (KOSAKI Motohiro, Guru Anbalagane) [orabug 6124033] - [ipmi] make configurable timeouts for kcs of ipmi [orabug 9752208] - [ib] fix memory corruption (Andy Grover) [orabug 9972346] - [usb] USB: fix __must_check warnings in drivers/usb/core/ (Junxiao Bi) [orabug 14795203] - [usb] usbcore: fix endpoint device creation (Junxiao Bi) [orabug 14795203] - [usb] usbcore: fix refcount bug in endpoint removal (Junxiao Bi) [orabug 14795203] | ||||
| Applies to: kernel kernel-PAE kernel-PAE-devel kernel-debug kernel-debug-devel kernel-devel kernel-doc kernel-headers kernel-xen kernel-xen-devel ocfs2 oracleasm |
Created: 2014-11-05 |
Updated: 2015-03-16 |
||
| ID: MITRE:27255 |
Title: ELSA-2013-1348 -- Oracle linux 5 kernel update |
Type: Software |
Bulletins:
MITRE:27255 |
Severity: Low |
| Description: kernel [2.6.18-371] - [net] be2net: enable polling prior enabling interrupts globally (Ivan Vecera) [987539] | ||||
| Applies to: kernel |
Created: 2014-11-05 |
Updated: 2015-03-16 |
||
| ID: MITRE:27491 |
Title: ELSA-2013-1292-1 -- kernel security and bug fix update |
Type: Software |
Bulletins:
MITRE:27491 |
Severity: Low |
| Description: This update fixes the following security issues: * A use-after-free flaw was found in the madvise() system call implementation in the Linux kernel. A local, unprivileged user could use this flaw to cause a denial of service or, potentially, escalate their privileges. (CVE-2012-3511, Moderate) * A flaw was found in the way the Linux kernel's TCP/IP protocol suite implementation handled IPv6 sockets that used the UDP_CORK option. A local, unprivileged user could use this flaw to cause a denial of service. (CVE-2013-4162, Moderate) * An information leak flaw in the Linux kernel could allow a local, unprivileged user to leak kernel memory to user-space. | ||||
| Applies to: kernel kernel-PAE kernel-PAE-devel kernel-debug kernel-debug-devel kernel-devel kernel-doc kernel-headers kernel-xen kernel-xen-devel ocfs2 oracleasm |
Created: 2014-11-05 |
Updated: 2015-03-16 |
||
| ID: MITRE:27425 |
Title: ELSA-2013-1166-1 -- kernel security and bug fix update |
Type: Software |
Bulletins:
MITRE:27425 |
Severity: Low |
| Description: kernel [2.6.18-348.16.1.0.1] - [oprofile] x86, mm: Add __get_user_pages_fast() [orabug 14277030] - [oprofile] export __get_user_pages_fast() function [orabug 14277030] - [oprofile] oprofile, x86: Fix nmi-unsafe callgraph support [orabug 14277030] - [oprofile] oprofile: use KM_NMI slot for kmap_atomic [orabug 14277030] - [oprofile] oprofile: i386 add get_user_pages_fast support [orabug 14277030] - [kernel] Initialize the local uninitialized variable stats. [orabug 14051367] - [fs] JBD:make jbd support 512B blocks correctly for ocfs2. [orabug 13477763] - [x86 ] fix fpu context corrupt when preempt in signal context [orabug 14038272] - [mm] fix hugetlb page leak (Dave McCracken) [orabug 12375075] - fix ia64 build error due to add-support-above-32-vcpus.patch(Zhenzhong Duan) - [x86] use dynamic vcpu_info remap to support more than 32 vcpus (Zhenzhong Duan) - [x86] Fix lvt0 reset when hvm boot up with noapic param - [scsi] remove printk's when doing I/O to a dead device (John Sobecki, Chris Mason) [orabug 12342275] - [char] ipmi: Fix IPMI errors due to timing problems (Joe Jin) [orabug 12561346] - [scsi] Fix race when removing SCSI devices (Joe Jin) [orabug 12404566] - [net] net: Redo the broken redhat netconsole over bonding (Tina Yang) [orabug 12740042] - [fs] nfs: Fix __put_nfs_open_context() NULL pointer panic (Joe Jin) [orabug 12687646] - fix filp_close() race (Joe Jin) [orabug 10335998] - make xenkbd.abs_pointer=1 by default [orabug 67188919] - [xen] check to see if hypervisor supports memory reservation change (Chuck Anderson) [orabug 7556514] - [net] Enable entropy for bnx2,bnx2x,e1000e,igb,ixgb,ixgbe,ixgbevf (John Sobecki) [orabug 10315433] - [NET] Add xen pv netconsole support (Tina Yang) [orabug 6993043] [bz 7258] - [mm] Patch shrink_zone to yield during severe mempressure events, avoiding hangs and evictions (John Sobecki,Chris Mason) [orabug 6086839] - [mm] Enhance shrink_zone patch allow full swap utilization, and also be NUMA-aware (John Sobecki,Chris Mason,Herbert van den Bergh) [orabug 9245919] - fix aacraid not to reset during kexec (Joe Jin) [orabug 8516042] - [xen] PVHVM guest with PoD crashes under memory pressure (Chuck Anderson) [orabug 9107465] - [xen] PV guest with FC HBA hangs during shutdown (Chuck Anderson) [orabug 9764220] - Support 256GB+ memory for pv guest (Mukesh Rathor) [orabug 9450615] - fix overcommit memory to use percpu_counter for (KOSAKI Motohiro, Guru Anbalagane) [orabug 6124033] - [ipmi] make configurable timeouts for kcs of ipmi [orabug 9752208] - [ib] fix memory corruption (Andy Grover) [orabug 9972346] - [usb] USB: fix __must_check warnings in drivers/usb/core/ (Junxiao Bi) [orabug 14795203] - [usb] usbcore: fix endpoint device creation (Junxiao Bi) [orabug 14795203] - [usb] usbcore: fix refcount bug in endpoint removal (Junxiao Bi) [orabug 14795203] | ||||
| Applies to: kernel kernel-PAE kernel-PAE-devel kernel-debug kernel-debug-devel kernel-devel kernel-doc kernel-headers kernel-xen kernel-xen-devel ocfs2 oracleasm |
Created: 2014-11-05 |
Updated: 2015-03-16 |
||
| ID: MITRE:26661 |
Title: ELSA-2013-1034-1 -- kernel security and bug fix update |
Type: Software |
Bulletins:
MITRE:26661 |
Severity: Low |
| Description: kernel [2.6.18-348.12.1.0.1] - [oprofile] x86, mm: Add __get_user_pages_fast() [orabug 14277030] - [oprofile] export __get_user_pages_fast() function [orabug 14277030] - [oprofile] oprofile, x86: Fix nmi-unsafe callgraph support [orabug 14277030] - [oprofile] oprofile: use KM_NMI slot for kmap_atomic [orabug 14277030] - [oprofile] oprofile: i386 add get_user_pages_fast support [orabug 14277030] - [kernel] Initialize the local uninitialized variable stats. [orabug 14051367] - [fs] JBD:make jbd support 512B blocks correctly for ocfs2. [orabug 13477763] - [x86 ] fix fpu context corrupt when preempt in signal context [orabug 14038272] - [mm] fix hugetlb page leak (Dave McCracken) [orabug 12375075] - fix ia64 build error due to add-support-above-32-vcpus.patch(Zhenzhong Duan) - [x86] use dynamic vcpu_info remap to support more than 32 vcpus (Zhenzhong Duan) - [x86] Fix lvt0 reset when hvm boot up with noapic param - [scsi] remove printks when doing I/O to a dead device (John Sobecki, Chris Mason) [orabug 12342275] - [char] ipmi: Fix IPMI errors due to timing problems (Joe Jin) [orabug 12561346] - [scsi] Fix race when removing SCSI devices (Joe Jin) [orabug 12404566] - [net] net: Redo the broken redhat netconsole over bonding (Tina Yang) [orabug 12740042] - [fs] nfs: Fix __put_nfs_open_context() NULL pointer panic (Joe Jin) [orabug 12687646] - fix filp_close() race (Joe Jin) [orabug 10335998] - make xenkbd.abs_pointer=1 by default [orabug 67188919] - [xen] check to see if hypervisor supports memory reservation change (Chuck Anderson) [orabug 7556514] - [net] Enable entropy for bnx2,bnx2x,e1000e,igb,ixgb,ixgbe,ixgbevf (John Sobecki) [orabug 10315433] - [NET] Add xen pv netconsole support (Tina Yang) [orabug 6993043] [bz 7258] - [mm] Patch shrink_zone to yield during severe mempressure events, avoiding hangs and evictions (John Sobecki,Chris Mason) [orabug 6086839] - [mm] Enhance shrink_zone patch allow full swap utilization, and also be NUMA-aware (John Sobecki,Chris Mason,Herbert van den Bergh) [orabug 9245919] - fix aacraid not to reset during kexec (Joe Jin) [orabug 8516042] - [xen] PVHVM guest with PoD crashes under memory pressure (Chuck Anderson) [orabug 9107465] - [xen] PV guest with FC HBA hangs during shutdown (Chuck Anderson) [orabug 9764220] - Support 256GB+ memory for pv guest (Mukesh Rathor) [orabug 9450615] - fix overcommit memory to use percpu_counter for (KOSAKI Motohiro, Guru Anbalagane) [orabug 6124033] - [ipmi] make configurable timeouts for kcs of ipmi [orabug 9752208] - [ib] fix memory corruption (Andy Grover) [orabug 9972346] - [usb] USB: fix __must_check warnings in drivers/usb/core/ (Junxiao Bi) [orabug 14795203] - [usb] usbcore: fix endpoint device creation (Junxiao Bi) [orabug 14795203] - [usb] usbcore: fix refcount bug in endpoint removal (Junxiao Bi) [orabug 14795203] | ||||
| Applies to: kernel kernel-PAE kernel-PAE-devel kernel-debug kernel-debug-devel kernel-devel kernel-doc kernel-headers kernel-xen kernel-xen-devel ocfs2 oracleasm |
Created: 2014-11-05 |
Updated: 2015-03-16 |
||
| ID: MITRE:27334 |
Title: ELSA-2013-0847-1 -- kernel security and bug fix update |
Type: Software |
Bulletins:
MITRE:27334 |
Severity: Low |
| Description: kernel [2.6.18-348.6.1.0.1] - [oprofile] x86, mm: Add __get_user_pages_fast() [orabug 14277030] - [oprofile] export __get_user_pages_fast() function [orabug 14277030] - [oprofile] oprofile, x86: Fix nmi-unsafe callgraph support [orabug 14277030] - [oprofile] oprofile: use KM_NMI slot for kmap_atomic [orabug 14277030] - [oprofile] oprofile: i386 add get_user_pages_fast support [orabug 14277030] - [kernel] Initialize the local uninitialized variable stats. [orabug 14051367] - [fs] JBD:make jbd support 512B blocks correctly for ocfs2. [orabug 13477763] - [x86 ] fix fpu context corrupt when preempt in signal context [orabug 14038272] - [mm] fix hugetlb page leak (Dave McCracken) [orabug 12375075] - fix ia64 build error due to add-support-above-32-vcpus.patch(Zhenzhong Duan) - [x86] use dynamic vcpu_info remap to support more than 32 vcpus (Zhenzhong Duan) - [x86] Fix lvt0 reset when hvm boot up with noapic param - [scsi] remove printk's when doing I/O to a dead device (John Sobecki, Chris Mason) [orabug 12342275] - [char] ipmi: Fix IPMI errors due to timing problems (Joe Jin) [orabug 12561346] - [scsi] Fix race when removing SCSI devices (Joe Jin) [orabug 12404566] - [net] net: Redo the broken redhat netconsole over bonding (Tina Yang) [orabug 12740042] - [fs] nfs: Fix __put_nfs_open_context() NULL pointer panic (Joe Jin) [orabug 12687646] - fix filp_close() race (Joe Jin) [orabug 10335998] - make xenkbd.abs_pointer=1 by default [orabug 67188919] - [xen] check to see if hypervisor supports memory reservation change (Chuck Anderson) [orabug 7556514] - [net] Enable entropy for bnx2,bnx2x,e1000e,igb,ixgb,ixgbe,ixgbevf (John Sobecki) [orabug 10315433] - [NET] Add xen pv netconsole support (Tina Yang) [orabug 6993043] [bz 7258] - [mm] Patch shrink_zone to yield during severe mempressure events, avoiding hangs and evictions (John Sobecki,Chris Mason) [orabug 6086839] - [mm] Enhance shrink_zone patch allow full swap utilization, and also be NUMA-aware (John Sobecki,Chris Mason,Herbert van den Bergh) [orabug 9245919] - fix aacraid not to reset during kexec (Joe Jin) [orabug 8516042] - [xen] PVHVM guest with PoD crashes under memory pressure (Chuck Anderson) [orabug 9107465] - [xen] PV guest with FC HBA hangs during shutdown (Chuck Anderson) [orabug 9764220] - Support 256GB+ memory for pv guest (Mukesh Rathor) [orabug 9450615] - fix overcommit memory to use percpu_counter for (KOSAKI Motohiro, Guru Anbalagane) [orabug 6124033] - [ipmi] make configurable timeouts for kcs of ipmi [orabug 9752208] - [ib] fix memory corruption (Andy Grover) [orabug 9972346] - [usb] USB: fix __must_check warnings in drivers/usb/core/ (Junxiao Bi) [orabug 14795203] - [usb] usbcore: fix endpoint device creation (Junxiao Bi) [orabug 14795203] - [usb] usbcore: fix refcount bug in endpoint removal (Junxiao Bi) [orabug 14795203] | ||||
| Applies to: kernel kernel-PAE kernel-PAE-devel kernel-debug kernel-debug-devel kernel-devel kernel-doc kernel-headers kernel-xen kernel-xen-devel ocfs2 oracleasm |
Created: 2014-11-05 |
Updated: 2015-03-16 |
||
| ID: MITRE:26901 |
Title: ELSA-2013-0747-1 -- kernel security and bug fix update |
Type: Software |
Bulletins:
MITRE:26901 |
Severity: Low |
| Description: kernel [2.6.18-348.4.1.0.1] - [oprofile] x86, mm: Add __get_user_pages_fast() [orabug 14277030] - [oprofile] export __get_user_pages_fast() function [orabug 14277030] - [oprofile] oprofile, x86: Fix nmi-unsafe callgraph support [orabug 14277030] - [oprofile] oprofile: use KM_NMI slot for kmap_atomic [orabug 14277030] - [oprofile] oprofile: i386 add get_user_pages_fast support [orabug 14277030] - [kernel] Initialize the local uninitialized variable stats. [orabug 14051367] - [fs] JBD:make jbd support 512B blocks correctly for ocfs2. [orabug 13477763] - [x86 ] fix fpu context corrupt when preempt in signal context [orabug 14038272] - [mm] fix hugetlb page leak (Dave McCracken) [orabug 12375075] - fix ia64 build error due to add-support-above-32-vcpus.patch(Zhenzhong Duan) - [x86] use dynamic vcpu_info remap to support more than 32 vcpus (Zhenzhong Duan) - [x86] Fix lvt0 reset when hvm boot up with noapic param - [scsi] remove printk's when doing I/O to a dead device (John Sobecki, Chris Mason) [orabug 12342275] - [char] ipmi: Fix IPMI errors due to timing problems (Joe Jin) [orabug 12561346] - [scsi] Fix race when removing SCSI devices (Joe Jin) [orabug 12404566] - [net] net: Redo the broken redhat netconsole over bonding (Tina Yang) [orabug 12740042] - [fs] nfs: Fix __put_nfs_open_context() NULL pointer panic (Joe Jin) [orabug 12687646] - fix filp_close() race (Joe Jin) [orabug 10335998] - make xenkbd.abs_pointer=1 by default [orabug 67188919] - [xen] check to see if hypervisor supports memory reservation change (Chuck Anderson) [orabug 7556514] - [net] Enable entropy for bnx2,bnx2x,e1000e,igb,ixgb,ixgbe,ixgbevf (John Sobecki) [orabug 10315433] - [NET] Add xen pv netconsole support (Tina Yang) [orabug 6993043] [bz 7258] - [mm] Patch shrink_zone to yield during severe mempressure events, avoiding hangs and evictions (John Sobecki,Chris Mason) [orabug 6086839] - [mm] Enhance shrink_zone patch allow full swap utilization, and also be NUMA-aware (John Sobecki,Chris Mason,Herbert van den Bergh) [orabug 9245919] - fix aacraid not to reset during kexec (Joe Jin) [orabug 8516042] - [xen] PVHVM guest with PoD crashes under memory pressure (Chuck Anderson) [orabug 9107465] - [xen] PV guest with FC HBA hangs during shutdown (Chuck Anderson) [orabug 9764220] - Support 256GB+ memory for pv guest (Mukesh Rathor) [orabug 9450615] - fix overcommit memory to use percpu_counter for (KOSAKI Motohiro, Guru Anbalagane) [orabug 6124033] - [ipmi] make configurable timeouts for kcs of ipmi [orabug 9752208] - [ib] fix memory corruption (Andy Grover) [orabug 9972346] - [usb] USB: fix __must_check warnings in drivers/usb/core/ (Junxiao Bi) [orabug 14795203] - [usb] usbcore: fix endpoint device creation (Junxiao Bi) [orabug 14795203] - [usb] usbcore: fix refcount bug in endpoint removal (Junxiao Bi) [orabug 14795203] | ||||
| Applies to: kernel kernel-PAE kernel-PAE-devel kernel-debug kernel-debug-devel kernel-devel kernel-doc kernel-headers kernel-xen kernel-xen-devel ocfs2 oracleasm |
Created: 2014-11-05 |
Updated: 2015-03-16 |
||
| ID: MITRE:26800 |
Title: ELSA-2013-0621-1 -- kernel security update |
Type: Software |
Bulletins:
MITRE:26800 |
Severity: Low |
| Description: kernel [2.6.18-348.3.1.0.1] - [oprofile] x86, mm: Add __get_user_pages_fast() [orabug 14277030] - [oprofile] export __get_user_pages_fast() function [orabug 14277030] - [oprofile] oprofile, x86: Fix nmi-unsafe callgraph support [orabug 14277030] - [oprofile] oprofile: use KM_NMI slot for kmap_atomic [orabug 14277030] - [oprofile] oprofile: i386 add get_user_pages_fast support [orabug 14277030] - [kernel] Initialize the local uninitialized variable stats. [orabug 14051367] - [fs] JBD:make jbd support 512B blocks correctly for ocfs2. [orabug 13477763] - [x86 ] fix fpu context corrupt when preempt in signal context [orabug 14038272] - [mm] fix hugetlb page leak (Dave McCracken) [orabug 12375075] - fix ia64 build error due to add-support-above-32-vcpus.patch(Zhenzhong Duan) - [x86] use dynamic vcpu_info remap to support more than 32 vcpus (Zhenzhong Duan) - [x86] Fix lvt0 reset when hvm boot up with noapic param - [scsi] remove printk's when doing I/O to a dead device (John Sobecki, Chris Mason) [orabug 12342275] - [char] ipmi: Fix IPMI errors due to timing problems (Joe Jin) [orabug 12561346] - [scsi] Fix race when removing SCSI devices (Joe Jin) [orabug 12404566] - [net] net: Redo the broken redhat netconsole over bonding (Tina Yang) [orabug 12740042] - [fs] nfs: Fix __put_nfs_open_context() NULL pointer panic (Joe Jin) [orabug 12687646] - fix filp_close() race (Joe Jin) [orabug 10335998] - make xenkbd.abs_pointer=1 by default [orabug 67188919] - [xen] check to see if hypervisor supports memory reservation change (Chuck Anderson) [orabug 7556514] - [net] Enable entropy for bnx2,bnx2x,e1000e,igb,ixgb,ixgbe,ixgbevf (John Sobecki) [orabug 10315433] - [NET] Add xen pv netconsole support (Tina Yang) [orabug 6993043] [bz 7258] - [mm] Patch shrink_zone to yield during severe mempressure events, avoiding hangs and evictions (John Sobecki,Chris Mason) [orabug 6086839] - [mm] Enhance shrink_zone patch allow full swap utilization, and also be NUMA-aware (John Sobecki,Chris Mason,Herbert van den Bergh) [orabug 9245919] - fix aacraid not to reset during kexec (Joe Jin) [orabug 8516042] - [xen] PVHVM guest with PoD crashes under memory pressure (Chuck Anderson) [orabug 9107465] - [xen] PV guest with FC HBA hangs during shutdown (Chuck Anderson) [orabug 9764220] - Support 256GB+ memory for pv guest (Mukesh Rathor) [orabug 9450615] - fix overcommit memory to use percpu_counter for (KOSAKI Motohiro, Guru Anbalagane) [orabug 6124033] - [ipmi] make configurable timeouts for kcs of ipmi [orabug 9752208] - [ib] fix memory corruption (Andy Grover) [orabug 9972346] - [usb] USB: fix __must_check warnings in drivers/usb/core/ (Junxiao Bi) [orabug 14795203] - [usb] usbcore: fix endpoint device creation (Junxiao Bi) [orabug 14795203] - [usb] usbcore: fix refcount bug in endpoint removal (Junxiao Bi) [orabug 14795203 | ||||
| Applies to: kernel kernel-PAE kernel-PAE-devel kernel-debug kernel-debug-devel kernel-devel kernel-doc kernel-headers kernel-xen kernel-xen-devel ocfs2 oracleasm |
Created: 2014-11-05 |
Updated: 2015-03-16 |
||
| ID: MITRE:27623 |
Title: ELSA-2013-0594-1 -- kernel security and bug fix update |
Type: Software |
Bulletins:
MITRE:27623 |
Severity: Low |
| Description: kernel [2.6.18-348.2.1.0.1] - [oprofile] x86, mm: Add __get_user_pages_fast() [orabug 14277030] - [oprofile] export __get_user_pages_fast() function [orabug 14277030] - [oprofile] oprofile, x86: Fix nmi-unsafe callgraph support [orabug 14277030] - [oprofile] oprofile: use KM_NMI slot for kmap_atomic [orabug 14277030] - [oprofile] oprofile: i386 add get_user_pages_fast support [orabug 14277030] - [kernel] Initialize the local uninitialized variable stats. [orabug 14051367] - [fs] JBD:make jbd support 512B blocks correctly for ocfs2. [orabug 13477763] - [x86 ] fix fpu context corrupt when preempt in signal context [orabug 14038272] - [mm] fix hugetlb page leak (Dave McCracken) [orabug 12375075] - fix ia64 build error due to add-support-above-32-vcpus.patch(Zhenzhong Duan) - [x86] use dynamic vcpu_info remap to support more than 32 vcpus (Zhenzhong Duan) - [x86] Fix lvt0 reset when hvm boot up with noapic param - [scsi] remove printk's when doing I/O to a dead device (John Sobecki, Chris Mason) [orabug 12342275] - [char] ipmi: Fix IPMI errors due to timing problems (Joe Jin) [orabug 12561346] - [scsi] Fix race when removing SCSI devices (Joe Jin) [orabug 12404566] - [net] net: Redo the broken redhat netconsole over bonding (Tina Yang) [orabug 12740042] - [fs] nfs: Fix __put_nfs_open_context() NULL pointer panic (Joe Jin) [orabug 12687646] - fix filp_close() race (Joe Jin) [orabug 10335998] - make xenkbd.abs_pointer=1 by default [orabug 67188919] - [xen] check to see if hypervisor supports memory reservation change (Chuck Anderson) [orabug 7556514] - [net] Enable entropy for bnx2,bnx2x,e1000e,igb,ixgb,ixgbe,ixgbevf (John Sobecki) [orabug 10315433] - [NET] Add xen pv netconsole support (Tina Yang) [orabug 6993043] [bz 7258] - [mm] Patch shrink_zone to yield during severe mempressure events, avoiding hangs and evictions (John Sobecki,Chris Mason) [orabug 6086839] - [mm] Enhance shrink_zone patch allow full swap utilization, and also be NUMA-aware (John Sobecki,Chris Mason,Herbert van den Bergh) [orabug 9245919] - fix aacraid not to reset during kexec (Joe Jin) [orabug 8516042] - [xen] PVHVM guest with PoD crashes under memory pressure (Chuck Anderson) [orabug 9107465] - [xen] PV guest with FC HBA hangs during shutdown (Chuck Anderson) [orabug 9764220] - Support 256GB+ memory for pv guest (Mukesh Rathor) [orabug 9450615] - fix overcommit memory to use percpu_counter for (KOSAKI Motohiro, Guru Anbalagane) [orabug 6124033] - [ipmi] make configurable timeouts for kcs of ipmi [orabug 9752208] - [ib] fix memory corruption (Andy Grover) [orabug 9972346] - [usb] USB: fix __must_check warnings in drivers/usb/core/ (Junxiao Bi) [orabug 14795203] - [usb] usbcore: fix endpoint device creation (Junxiao Bi) [orabug 14795203] - [usb] usbcore: fix refcount bug in endpoint removal (Junxiao Bi) [orabug 14795203] | ||||
| Applies to: kernel kernel-PAE kernel-PAE-devel kernel-debug kernel-debug-devel kernel-devel kernel-doc kernel-headers kernel-xen kernel-xen-devel ocfs2 oracleasm |
Created: 2014-11-05 |
Updated: 2015-03-16 |
||
| ID: MITRE:27051 |
Title: ELSA-2013-0168-1 -- kernel security and bug fix update |
Type: Software |
Bulletins:
MITRE:27051 |
Severity: Low |
| Description: kernel [2.6.18-348.1.1.0.1] - [oprofile] x86, mm: Add __get_user_pages_fast() [orabug 14277030] - [oprofile] export __get_user_pages_fast() function [orabug 14277030] - [oprofile] oprofile, x86: Fix nmi-unsafe callgraph support [orabug 14277030] - [oprofile] oprofile: use KM_NMI slot for kmap_atomic [orabug 14277030] - [oprofile] oprofile: i386 add get_user_pages_fast support [orabug 14277030] - [kernel] Initialize the local uninitialized variable stats. [orabug 14051367] - [fs] JBD:make jbd support 512B blocks correctly for ocfs2. [orabug 13477763] - [x86 ] fix fpu context corrupt when preempt in signal context [orabug 14038272] - [mm] fix hugetlb page leak (Dave McCracken) [orabug 12375075] - fix ia64 build error due to add-support-above-32-vcpus.patch(Zhenzhong Duan) - [x86] use dynamic vcpu_info remap to support more than 32 vcpus (Zhenzhong Duan) - [x86] Fix lvt0 reset when hvm boot up with noapic param - [scsi] remove printk's when doing I/O to a dead device (John Sobecki, Chris Mason) [orabug 12342275] - [char] ipmi: Fix IPMI errors due to timing problems (Joe Jin) [orabug 12561346] - [scsi] Fix race when removing SCSI devices (Joe Jin) [orabug 12404566] - [net] net: Redo the broken redhat netconsole over bonding (Tina Yang) [orabug 12740042] - [fs] nfs: Fix __put_nfs_open_context() NULL pointer panic (Joe Jin) [orabug 12687646] - fix filp_close() race (Joe Jin) [orabug 10335998] - make xenkbd.abs_pointer=1 by default [orabug 67188919] - [xen] check to see if hypervisor supports memory reservation change (Chuck Anderson) [orabug 7556514] - [net] Enable entropy for bnx2,bnx2x,e1000e,igb,ixgb,ixgbe,ixgbevf (John Sobecki) [orabug 10315433] - [NET] Add xen pv netconsole support (Tina Yang) [orabug 6993043] [bz 7258] - [mm] Patch shrink_zone to yield during severe mempressure events, avoiding hangs and evictions (John Sobecki,Chris Mason) [orabug 6086839] - [mm] Enhance shrink_zone patch allow full swap utilization, and also be NUMA-aware (John Sobecki,Chris Mason,Herbert van den Bergh) [orabug 9245919] - fix aacraid not to reset during kexec (Joe Jin) [orabug 8516042] - [xen] PVHVM guest with PoD crashes under memory pressure (Chuck Anderson) [orabug 9107465] - [xen] PV guest with FC HBA hangs during shutdown (Chuck Anderson) [orabug 9764220] - Support 256GB+ memory for pv guest (Mukesh Rathor) [orabug 9450615] - fix overcommit memory to use percpu_counter for (KOSAKI Motohiro, Guru Anbalagane) [orabug 6124033] - [ipmi] make configurable timeouts for kcs of ipmi [orabug 9752208] - [ib] fix memory corruption (Andy Grover) [orabug 9972346] | ||||
| Applies to: kernel kernel-PAE kernel-PAE-devel kernel-debug kernel-debug-devel kernel-devel kernel-doc kernel-headers kernel-xen kernel-xen-devel ocfs2 oracleasm |
Created: 2014-11-05 |
Updated: 2015-03-16 |
||
| ID: MITRE:27629 |
Title: ELSA-2012-2048 -- Unbreakable Enterprise kernel security update |
Type: Software |
Bulletins:
MITRE:27629 |
Severity: Low |
| Description: [2.6.32-300.39.2] - ext4: fix undefined behavior in ext4_fill_flex_info() (Xi Wang) [orabug 16020245] {CVE-2012-2100} - Divide by zero in TCP congestion control Algorithm (Jesper Dangaard Brouer) [orabug 16020447] {CVE-2012-4565} - ipv6: discard overlapping fragment (Luis Henriques) [orabug 16021354] {CVE-2012-4444} | ||||
| Applies to: kernel-uek kernel-uek-debug kernel-uek-debug-devel kernel-uek-devel kernel-uek-doc kernel-uek-firmware kernel-uek-headers mlnx_en ofa |
Created: 2014-11-05 |
Updated: 2015-03-16 |
||
| ID: MITRE:26983 |
Title: ELSA-2012-2044 -- Unbreakable Enterprise kernel security update |
Type: Software |
Bulletins:
MITRE:26983 |
Severity: Low |
| Description: [2.6.32-300.39.1] - hugepages: fix use after free bug in 'quota' handling [15842385] {CVE-2012-2133} - mm: Hold a file reference in madvise_remove [15842884] {CVE-2012-3511} - udf: Fortify loading of sparing table [15843730] {CVE-2012-3400} - udf: Avoid run away loop when partition table length is corrupt [15843730] {CVE-2012-3400} | ||||
| Applies to: kernel-uek kernel-uek-debug kernel-uek-debug-devel kernel-uek-devel kernel-uek-doc kernel-uek-firmware kernel-uek-headers mlnx_en ofa |
Created: 2014-11-05 |
Updated: 2015-03-16 |
||
| ID: MITRE:27071 |
Title: ELSA-2012-2041 -- Unbreakable Enterprise kernel Security update |
Type: Software |
Bulletins:
MITRE:27071 |
Severity: Low |
| Description: [2.6.32-300.38.1] - [net/sfc] limit number of segments per skb on tx (Maxim Uvarov) [Orabug: 14769994] {CVE-2012-3412} | ||||
| Applies to: kernel-uek kernel-uek-debug kernel-uek-debug-devel kernel-uek-devel kernel-uek-doc kernel-uek-firmware kernel-uek-headers mlnx_en ofa |
Created: 2014-11-05 |
Updated: 2015-03-16 |
||
| ID: MITRE:27596 |
Title: ELSA-2012-2038 -- Unbreakable Enterprise kernel security and bug fix update |
Type: Software |
Bulletins:
MITRE:27596 |
Severity: Low |
| Description: [2.6.32-300.37.1.] - sfc: Replace some literal constants with EFX_PAGE_SIZE/EFX_BUF_SIZE (Ben Hutchings) [Orabug: 14769994] - CVE-2012-3412 sfc: Fix maximum number of TSO segments and minimum TX queue size (Ben Hutchings) [Orabug: 14769994] {CVE-2012-3412} | ||||
| Applies to: kernel-uek kernel-uek-debug kernel-uek-debug-devel kernel-uek-devel kernel-uek-doc kernel-uek-firmware kernel-uek-headers mlnx_en ofa |
Created: 2014-11-05 |
Updated: 2015-03-16 |
||
| ID: MITRE:27648 |
Title: ELSA-2012-2035 -- Unbreakable Enterprise kernel security update |
Type: Software |
Bulletins:
MITRE:27648 |
Severity: Low |
| Description: [2.6.32-300.32.3] - dl2k: Clean up rio_ioctl (Stephan Mueller) [Orabug: 14675306] {CVE-2012-2313} - hugetlb: fix resv_map leak in error path (Christoph Lameter) [Orabug: 14676403] {CVE-2012-2390} - rds: set correct msg_namelen (Jay Fenlason) [Orabug: 14676504] {CVE-2012-3430} | ||||
| Applies to: kernel-uek kernel-uek-debug kernel-uek-debug-devel kernel-uek-devel kernel-uek-doc kernel-uek-firmware kernel-uek-headers mlnx_en ofa |
Created: 2014-11-05 |
Updated: 2015-03-16 |
||
| ID: MITRE:27735 |
Title: ELSA-2012-2026 -- Unbreakable Enterprise kernel Security update |
Type: Software |
Bulletins:
MITRE:27735 |
Severity: Low |
| Description: [2.6.32-300.29.2] - epoll: epoll_wait() should not use timespec_add_ns() (Eric Dumazet) - epoll: clear the tfile_check_list on -ELOOP (Joe Jin) {CVE-2012-3375} - Don't limit non-nested epoll paths (Jason Baron) - epoll: kabi fixups for epoll limit wakeup paths (Joe Jin) {CVE-2011-1083} - epoll: limit paths (Jason Baron) {CVE-2011-1083} - eventpoll: fix comment typo 'evenpoll' (Paul Bolle) - epoll: fix compiler warning and optimize the non-blocking path (Shawn Bohrer) - epoll: move ready event check into proper inline (Davide Libenzi) - epoll: make epoll_wait() use the hrtimer range feature (Shawn Bohrer) - select: rename estimate_accuracy() to select_estimate_accuracy() (Andrew Morton) - cred: copy_process() should clear child->replacement_session_keyring (Oleg Nesterov) {CVE-2012-2745} | ||||
| Applies to: kernel-uek kernel-uek-debug kernel-uek-debug-devel kernel-uek-devel kernel-uek-doc kernel-uek-firmware kernel-uek-headers mlnx_en ofa |
Created: 2014-11-05 |
Updated: 2015-03-16 |
||
| ID: MITRE:27550 |
Title: ELSA-2012-2020 -- Unbreakable Enterprise kernel security and bugfix update |
Type: Software |
Bulletins:
MITRE:27550 |
Severity: Low |
| Description: kernel-uek: [2.6.32-300.27.1.el6uek] - net: sock: validate data_len before allocating skb (Jason Wang) [Bugdb: 13966]{CVE-2012-2136} - fcaps: clear the same personality flags as suid when fcaps are used (Eric Paris) [Bugdb: 13966] {CVE-2012-2123} - Revert 'nfs: when attempting to open a directory, fall back on normal lookup (Todd Vierling) [Orabug 14141154] [2.6.32-300.26.1.el6uek] - mptsas: do not call __mptsas_probe in kthread (Maxim Uvarov) [Orabug: 14175509] - mm: check if any page in a pageblock is reserved before marking it MIGRATE_RESERVE (Maxim Uvarov) [Orabug: 14073214] - mm: reduce the amount of work done when updating min_free_kbytes (Mel Gorman) [Orabug: 14073214] - vmxnet3: Updated to el6-u2 (Guangyu Sun) [Orabug: 14027961] - xen: expose host uuid via sysfs. (Zhigang Wang) - sched: Fix cgroup movement of waking process (Daisuke Nishimura) [Orabug: 13946210] - sched: Fix cgroup movement of newly created process (Daisuke Nishimura) [Orabug: 13946210] - sched: Fix cgroup movement of forking process (Daisuke Nishimura) [Orabug: 13946210] - x86, boot: Wait for boot cpu to show up if nr_cpus limit is about to hit (Zhenzhong Duan) [Orabug: 13629087] - smp: Use nr_cpus= to set nr_cpu_ids early (Zhenzhong Duan) [Orabug: 13629087] - net: ipv4: relax AF_INET check in bind() (Maxim Uvarov) [Orabug: 14054411] ofa-2.6.32-300.27.1.el6uek: [1.5.1-4.0.58] - Add Patch 158-169 | ||||
| Applies to: kernel-uek kernel-uek-debug kernel-uek-debug-devel kernel-uek-devel kernel-uek-doc kernel-uek-firmware kernel-uek-headers mlnx_en ofa |
Created: 2014-11-05 |
Updated: 2015-03-16 |
||
| ID: MITRE:27698 |
Title: ELSA-2012-2014 -- Unbreakable Enterprise kernel security update |
Type: Software |
Bulletins:
MITRE:27698 |
Severity: Low |
| Description: kernel-uek: [2.6.32-300.25.1.el6uek] - jbd2: clear BH_Delay & BH_Unwritten in journal_unmap_buffer (Eric Sandeen) [Bugdb: 13871] {CVE-2011-4086} | ||||
| Applies to: kernel-uek kernel-uek-debug kernel-uek-debug-devel kernel-uek-devel kernel-uek-doc kernel-uek-firmware kernel-uek-headers mlnx_en ofa |
Created: 2014-11-05 |
Updated: 2015-03-16 |
||
| ID: MITRE:27249 |
Title: ELSA-2012-2007 -- Unbreakable Enterprise kernel security and bug fix update |
Type: Software |
Bulletins:
MITRE:27249 |
Severity: Low |
| Description: [2.6.32-300.21.1.el6uek] - regset: Return -EFAULT, not -EIO, on host-side memory fault (H. Peter Anvin) CVE-2012-1097 - regset: Prevent null pointer reference on readonly regsets (H. Peter Anvin) CVE-2012-1097 - cifs: fix dentry refcount leak when opening a FIFO on lookup (Jeff Layton) CVE-2012-1090 - block: Fix io_context leak after failure of clone with CLONE_IO (Louis Rilling) CVE-2012-0879 | ||||
| Applies to: kernel-uek kernel-uek-debug kernel-uek-debug-devel kernel-uek-devel kernel-uek-doc kernel-uek-firmware kernel-uek-headers mlnx_en ofa |
Created: 2014-11-05 |
Updated: 2015-03-16 |
||
| ID: MITRE:27914 |
Title: ELSA-2012-2003 -- Unbreakable Enterprise kernel security and bug fix update |
Type: Software |
Bulletins:
MITRE:27914 |
Severity: Low |
| Description: [2.6.32-300.11.1.el6uek] - [fs] xfs: Fix possible memory corruption in xfs_readlink (Carlos Maiolino) {CVE-2011-4077} - [scsi] increase qla2xxx firmware ready time-out (Joe Jin) - [scsi] qla2xxx: Module parameter to control use of async or sync port login (Joe Jin) - [net] tg3: Fix single-vector MSI-X code (Joe Jin) - [net] qlge: fix size of external list for TX address descriptors (Joe Jin) - [net] e1000e: Avoid wrong check on TX hang (Joe Jin) - crypto: ghash - Avoid null pointer dereference if no key is set (Nick Bowler) {CVE-2011-4081} - jbd/jbd2: validate sb->s_first in journal_get_superblock() (Eryu Guan) {CVE-2011-4132} - KVM: Device assignment permission checks (Joe Jin) {CVE-2011-4347} - KVM: x86: Prevent starting PIT timers in the absence of irqchip support (Jan Kiszka) {CVE-2011-4622} - xfs: validate acl count (Joe Jin) {CVE-2012-0038} - KVM: x86: fix missing checks in syscall emulation (Joe Jin) {CVE-2012-0045} - KVM: x86: extend 'struct x86_emulate_ops' with 'get_cpuid' (Joe Jin) {CVE-2012-0045} - igmp: Avoid zero delay when receiving odd mixture of IGMP queries (Ben Hutchings) {CVE-2012-0207} - ipv4: correct IGMP behavior on v3 query during v2-compatibility mode (David Stevens) - fuse: fix fuse request unique id (Srinivas Eeda) [orabug 13816349] | ||||
| Applies to: kernel-uek kernel-uek-debug kernel-uek-debug-devel kernel-uek-devel kernel-uek-doc kernel-uek-firmware kernel-uek-headers mlnx_en ofa |
Created: 2014-11-05 |
Updated: 2015-03-16 |
||
| ID: MITRE:27842 |
Title: ELSA-2012-2001 -- Unbreakable Enterprise kernel security and bug fix update |
Type: Software |
Bulletins:
MITRE:27842 |
Severity: Low |
| Description: [2.6.32-300.7.1.el6uek] - Revert "proc: enable writing to /proc/pid/mem" [orabug 13619701] {CVE-2012-0056} - [PATCH] x86, tsc: Skip TSC synchronization checks for tsc=reliable (Suresh Siddha) [2.6.32-300.6.1.el6uek] - tracing: Fix null pointer deref with SEND_SIG_FORCED (Oleg Nesterov) [orabug 13611655] [2.6.32-300.5.1.el6uek] - sched, x86: Avoid unnecessary overflow in sched_clock (Salman Qazi) [orabug 13604567] - [x86]: Don't resume/restore cpu if not of the expected cpu (Joe Jin) [orabug 13492670] - drm/i915: Rephrase pwrite bounds checking to avoid any potential overflow (Chris Wilson) [CVE-2010-296] - x2apic: Enable the bios request for x2apic optout (Suresh Siddha) [orabug 13565303] - fuse: split queues to scale I/O throughput (Srinivas Eeda) [orabug 10004611] - fuse: break fc spinlock (Srinivas Eeda) [orabug 10004611] | ||||
| Applies to: kernel-uek kernel-uek-debug kernel-uek-debug-devel kernel-uek-devel kernel-uek-doc kernel-uek-firmware kernel-uek-headers mlnx_en ofa |
Created: 2014-11-05 |
Updated: 2015-03-16 |
||
| ID: MITRE:27375 |
Title: ELSA-2012-1540-1 -- kernel security, bug fix, and enhancement update |
Type: Software |
Bulletins:
MITRE:27375 |
Severity: Low |
| Description: kernel [2.6.18-308.24.1.0.1.el5] - [kernel] Initialize the local uninitialized variable stats. [orabug 14051367] - [fs] JBD:make jbd support 512B blocks correctly for ocfs2. [orabug 13477763] - [x86 ] fix fpu context corrupt when preempt in signal context [orabug 14038272] - [mm] fix hugetlb page leak (Dave McCracken) [orabug 12375075] - fix ia64 build error due to add-support-above-32-vcpus.patch(Zhenzhong Duan) - [x86] use dynamic vcpu_info remap to support more than 32 vcpus (Zhenzhong Duan) - [x86] Fix lvt0 reset when hvm boot up with noapic param - [scsi] remove printks when doing I/O to a dead device (John Sobecki, Chris Mason) [orabug 12342275] - [char] ipmi: Fix IPMI errors due to timing problems (Joe Jin) [orabug 12561346] - [scsi] Fix race when removing SCSI devices (Joe Jin) [orabug 12404566] - [net] net: Redo the broken redhat netconsole over bonding (Tina Yang) [orabug 12740042] - [fs] nfs: Fix __put_nfs_open_context() NULL pointer panic (Joe Jin) [orabug 12687646] - [scsi] fix scsi hotplug and rescan race [orabug 10260172] - fix filp_close() race (Joe Jin) [orabug 10335998] - make xenkbd.abs_pointer=1 by default [orabug 67188919] - [xen] check to see if hypervisor supports memory reservation change (Chuck Anderson) [orabug 7556514] - [net] Enable entropy for bnx2,bnx2x,e1000e,igb,ixgb,ixgbe,ixgbevf (John Sobecki) [orabug 10315433] - [NET] Add xen pv netconsole support (Tina Yang) [orabug 6993043] [bz 7258] - [mm] Patch shrink_zone to yield during severe mempressure events, avoiding hangs and evictions (John Sobecki,Chris Mason) [orabug 6086839] - [mm] Enhance shrink_zone patch allow full swap utilization, and also be NUMA-aware (John Sobecki,Chris Mason,Herbert van den Bergh) [orabug 9245919] - fix aacraid not to reset during kexec (Joe Jin) [orabug 8516042] - [rds] Patch rds to 1.4.2-20 (Andy Grover) [orabug 9471572, 9344105] RDS: Fix BUG_ONs to not fire when in a tasklet ipoib: Fix lockup of the tx queue RDS: Do not call set_page_dirty() with irqs off (Sherman Pun) RDS: Properly unmap when getting a remote access error (Tina Yang) RDS: Fix locking in rds_send_drop_to() - [xen] PVHVM guest with PoD crashes under memory pressure (Chuck Anderson) [orabug 9107465] - [xen] PV guest with FC HBA hangs during shutdown (Chuck Anderson) [orabug 9764220] - Support 256GB+ memory for pv guest (Mukesh Rathor) [orabug 9450615] - fix overcommit memory to use percpu_counter for el5 (KOSAKI Motohiro, Guru Anbalagane) [orabug 6124033] - [ipmi] make configurable timeouts for kcs of ipmi [orabug 9752208] - [ib] fix memory corruption (Andy Grover) [orabug 9972346] | ||||
| Applies to: kernel kernel-PAE kernel-PAE-devel kernel-debug kernel-debug-devel kernel-devel kernel-doc kernel-headers kernel-xen kernel-xen-devel ocfs2 oracleasm |
Created: 2014-11-05 |
Updated: 2015-03-16 |
||
| ID: MITRE:27812 |
Title: ELSA-2012-1445-1 -- kernel security and bug fix update |
Type: Software |
Bulletins:
MITRE:27812 |
Severity: Low |
| Description: [2.6.18-308.20.1.0.1.el5] - [kernel] Initialize the local uninitialized variable stats. [orabug 14051367] - [fs] JBD:make jbd support 512B blocks correctly for ocfs2. [orabug 13477763] - [x86 ] fix fpu context corrupt when preempt in signal context [orabug 14038272] - [net] bonding: fix carrier detect when bond is down [orabug 12377284] - [mm] fix hugetlb page leak (Dave McCracken) [orabug 12375075] - fix ia64 build error due to add-support-above-32-vcpus.patch(Zhenzhong Duan) - [x86] use dynamic vcpu_info remap to support more than 32 vcpus (Zhenzhong Duan) - [x86] Fix lvt0 reset when hvm boot up with noapic param - [scsi] remove printks when doing I/O to a dead device (John Sobecki, Chris Mason) [orabug 12342275] - [char] ipmi: Fix IPMI errors due to timing problems (Joe Jin) [orabug 12561346] - [scsi] Fix race when removing SCSI devices (Joe Jin) [orabug 12404566] - [net] net: Redo the broken redhat netconsole over bonding (Tina Yang) [orabug 12740042] - [fs] nfs: Fix __put_nfs_open_context() NULL pointer panic (Joe Jin) [orabug 12687646] - [scsi] fix scsi hotplug and rescan race [orabug 10260172] - fix filp_close() race (Joe Jin) [orabug 10335998] - make xenkbd.abs_pointer=1 by default [orabug 67188919] - [xen] check to see if hypervisor supports memory reservation change (Chuck Anderson) [orabug 7556514] - [net] Enable entropy for bnx2,bnx2x,e1000e,igb,ixgb,ixgbe,ixgbevf (John Sobecki) [orabug 10315433] - [NET] Add xen pv netconsole support (Tina Yang) [orabug 6993043] [bz 7258] - [mm] Patch shrink_zone to yield during severe mempressure events, avoiding hangs and evictions (John Sobecki,Chris Mason) [orabug 6086839] - [mm] Enhance shrink_zone patch allow full swap utilization, and also be NUMA-aware (John Sobecki,Chris Mason,Herbert van den Bergh) [orabug 9245919] - fix aacraid not to reset during kexec (Joe Jin) [orabug 8516042] - [rds] Patch rds to 1.4.2-20 (Andy Grover) [orabug 9471572, 9344105] RDS: Fix BUG_ONs to not fire when in a tasklet ipoib: Fix lockup of the tx queue RDS: Do not call set_page_dirty() with irqs off (Sherman Pun) RDS: Properly unmap when getting a remote access error (Tina Yang) RDS: Fix locking in rds_send_drop_to() - [xen] PVHVM guest with PoD crashes under memory pressure (Chuck Anderson) [orabug 9107465] - [xen] PV guest with FC HBA hangs during shutdown (Chuck Anderson) [orabug 9764220] - Support 256GB+ memory for pv guest (Mukesh Rathor) [orabug 9450615] - fix overcommit memory to use percpu_counter for el5 (KOSAKI Motohiro, Guru Anbalagane) [orabug 6124033] - [ipmi] make configurable timeouts for kcs of ipmi [orabug 9752208] - [ib] fix memory corruption (Andy Grover) [orabug 9972346] | ||||
| Applies to: kernel kernel-PAE kernel-PAE-devel kernel-debug kernel-debug-devel kernel-devel kernel-doc kernel-headers kernel-xen kernel-xen-devel ocfs2 oracleasm |
Created: 2014-11-05 |
Updated: 2015-03-16 |
||
| ID: MITRE:27688 |
Title: ELSA-2012-1323-1 -- kernel security and bug fix update |
Type: Software |
Bulletins:
MITRE:27688 |
Severity: Low |
| Description: kernel [2.6.18-308.16.1.0.1.el5] - [kernel] Initialize the local uninitialized variable stats. [orabug 14051367] - [fs] JBD:make jbd support 512B blocks correctly for ocfs2. [orabug 13477763] - [x86 ] fix fpu context corrupt when preempt in signal context [orabug 14038272] - [net] bonding: fix carrier detect when bond is down [orabug 12377284] - [mm] fix hugetlb page leak (Dave McCracken) [orabug 12375075] - fix ia64 build error due to add-support-above-32-vcpus.patch(Zhenzhong Duan) - [x86] use dynamic vcpu_info remap to support more than 32 vcpus (Zhenzhong Duan) - [x86] Fix lvt0 reset when hvm boot up with noapic param - [scsi] remove printks when doing I/O to a dead device (John Sobecki, Chris Mason) [orabug 12342275] - [char] ipmi: Fix IPMI errors due to timing problems (Joe Jin) [orabug 12561346] - [scsi] Fix race when removing SCSI devices (Joe Jin) [orabug 12404566] - [net] net: Redo the broken redhat netconsole over bonding (Tina Yang) [orabug 12740042] - [fs] nfs: Fix __put_nfs_open_context() NULL pointer panic (Joe Jin) [orabug 12687646] - [scsi] fix scsi hotplug and rescan race [orabug 10260172] - fix filp_close() race (Joe Jin) [orabug 10335998] - make xenkbd.abs_pointer=1 by default [orabug 67188919] - [xen] check to see if hypervisor supports memory reservation change (Chuck Anderson) [orabug 7556514] - [net] Enable entropy for bnx2,bnx2x,e1000e,igb,ixgb,ixgbe,ixgbevf (John Sobecki) [orabug 10315433] - [NET] Add xen pv netconsole support (Tina Yang) [orabug 6993043] [bz 7258] - [mm] shrink_zone patch (John Sobecki,Chris Mason) [orabug 6086839] - fix aacraid not to reset during kexec (Joe Jin) [orabug 8516042] - [rds] Patch rds to 1.4.2-20 (Andy Grover) [orabug 9471572, 9344105] RDS: Fix BUG_ONs to not fire when in a tasklet ipoib: Fix lockup of the tx queue RDS: Do not call set_page_dirty() with irqs off (Sherman Pun) RDS: Properly unmap when getting a remote access error (Tina Yang) RDS: Fix locking in rds_send_drop_to() - [xen] PVHVM guest with PoD crashes under memory pressure (Chuck Anderson) [orabug 9107465] - [xen] PV guest with FC HBA hangs during shutdown (Chuck Anderson) [orabug 9764220] - Support 256GB+ memory for pv guest (Mukesh Rathor) [orabug 9450615] - fix overcommit memory to use percpu_counter for el5 (KOSAKI Motohiro, Guru Anbalagane) [orabug 6124033] - [ipmi] make configurable timeouts for kcs of ipmi [orabug 9752208] - [ib] fix memory corruption (Andy Grover) [orabug 9972346] | ||||
| Applies to: kernel kernel-PAE kernel-PAE-devel kernel-debug kernel-debug-devel kernel-devel kernel-doc kernel-headers kernel-xen kernel-xen-devel ocfs2 oracleasm |
Created: 2014-11-05 |
Updated: 2015-03-16 |
||
| ID: MITRE:27535 |
Title: ELSA-2012-1174-1 -- kernel security and bug fix update |
Type: Software |
Bulletins:
MITRE:27535 |
Severity: Low |
| Description: kernel [2.6.18-308.13.1.0.1.el5] - [kernel] Initialize the local uninitialized variable stats. [orabug 14051367] - [fs] JBD:make jbd support 512B blocks correctly for ocfs2. [orabug 13477763] - [x86 ] fix fpu context corrupt when preempt in signal context [orabug 14038272] - [net] bonding: fix carrier detect when bond is down [orabug 12377284] - [mm] fix hugetlb page leak (Dave McCracken) [orabug 12375075] - fix ia64 build error due to add-support-above-32-vcpus.patch(Zhenzhong Duan) - [x86] use dynamic vcpu_info remap to support more than 32 vcpus (Zhenzhong Duan) - [x86] Fix lvt0 reset when hvm boot up with noapic param - [scsi] remove printk's when doing I/O to a dead device (John Sobecki, Chris Mason) [orabug 12342275] - [char] ipmi: Fix IPMI errors due to timing problems (Joe Jin) [orabug 12561346] - [scsi] Fix race when removing SCSI devices (Joe Jin) [orabug 12404566] - [net] net: Redo the broken redhat netconsole over bonding (Tina Yang) [orabug 12740042] - [fs] nfs: Fix __put_nfs_open_context() NULL pointer panic (Joe Jin) [orabug 12687646] - [scsi] fix scsi hotplug and rescan race [orabug 10260172] - fix filp_close() race (Joe Jin) [orabug 10335998] - make xenkbd.abs_pointer=1 by default [orabug 67188919] - [xen] check to see if hypervisor supports memory reservation change (Chuck Anderson) [orabug 7556514] - [net] Enable entropy for bnx2,bnx2x,e1000e,igb,ixgb,ixgbe,ixgbevf (John Sobecki) [orabug 10315433] - [NET] Add xen pv netconsole support (Tina Yang) [orabug 6993043] [bz 7258] - [mm] shrink_zone patch (John Sobecki,Chris Mason) [orabug 6086839] - fix aacraid not to reset during kexec (Joe Jin) [orabug 8516042] - [rds] Patch rds to 1.4.2-20 (Andy Grover) [orabug 9471572, 9344105] RDS: Fix BUG_ONs to not fire when in a tasklet ipoib: Fix lockup of the tx queue RDS: Do not call set_page_dirty() with irqs off (Sherman Pun) RDS: Properly unmap when getting a remote access error (Tina Yang) RDS: Fix locking in rds_send_drop_to() - [xen] PVHVM guest with PoD crashes under memory pressure (Chuck Anderson) [orabug 9107465] - [xen] PV guest with FC HBA hangs during shutdown (Chuck Anderson) [orabug 9764220] - Support 256GB+ memory for pv guest (Mukesh Rathor) [orabug 9450615] - fix overcommit memory to use percpu_counter for el5 (KOSAKI Motohiro, Guru Anbalagane) [orabug 6124033] - [ipmi] make configurable timeouts for kcs of ipmi [orabug 9752208] - [ib] fix memory corruption (Andy Grover) [orabug 9972346] [2.6.18-308.13.1.el5] - [net] e1000e: Cleanup logic in e1000_check_for_serdes_link_82571 (Dean Nelson) [841370 771366] - [net] e1000e: Correct link check logic for 82571 serdes (Dean Nelson) [841370 771366] - [mm] NULL pointer dereference in __vm_enough_memory (Jerome Marchand) [840077 836244] - [fs] dlm: fix slow rsb search in dir recovery (David Teigland) [838140 753244] - [fs] autofs: propogate LOOKUP_DIRECTORY flag only for last comp (Ian Kent) [830264 814418] - [fs] ext4: properly dirty split extent nodes (Eric Sandeen) [840946 839770] - [scsi] don't offline devices with a reservation conflict (David Jeffery) [839196 835660] - [fs] ext4: Fix overflow caused by missing cast in ext4_fallocate (Lukas Czerner) [837226 830351] - [net] dl2k: Clean up rio_ioctl (Weiping Pan) [818822 818823] {CVE-2012-2313} - [x86] sched: Avoid unnecessary overflow in sched_clock (Prarit Bhargava) [835450 834562] - [net] tg3: Fix TSO handling (John Feeney) [833182 795672] - [input] evdev: use after free from open/disconnect race (David Jeffery) [832448 822166] [2.6.18-308.12.1.el5] - [fs] nfs: Don't allow multiple mounts on same mntpnt with -o noac (Sachin Prabhu) [839806 839753] | ||||
| Applies to: kernel kernel-PAE kernel-PAE-devel kernel-debug kernel-debug-devel kernel-devel kernel-doc kernel-headers kernel-xen kernel-xen-devel ocfs2 oracleasm |
Created: 2014-11-05 |
Updated: 2015-03-16 |
||
| ID: MITRE:27194 |
Title: ELSA-2012-1061-1 -- kernel security and bug fix update |
Type: Software |
Bulletins:
MITRE:27194 |
Severity: Low |
| Description: [2.6.18-308.11.1.0.1.el5] - [net] bonding: fix carrier detect when bond is down [orabug 12377284] - [mm] fix hugetlb page leak (Dave McCracken) [orabug 12375075] - fix ia64 build error due to add-support-above-32-vcpus.patch(Zhenzhong Duan) - [x86] use dynamic vcpu_info remap to support more than 32 vcpus (Zhenzhong Duan) - [x86] Fix lvt0 reset when hvm boot up with noapic param - [scsi] remove printk's when doing I/O to a dead device (John Sobecki, Chris Mason) [orabug 12342275] - [char] ipmi: Fix IPMI errors due to timing problems (Joe Jin) [orabug 12561346] - [scsi] Fix race when removing SCSI devices (Joe Jin) [orabug 12404566] - [net] net: Redo the broken redhat netconsole over bonding (Tina Yang) [orabug 12740042] - [fs] nfs: Fix __put_nfs_open_context() NULL pointer panic (Joe Jin) [orabug 12687646] - [scsi] fix scsi hotplug and rescan race [orabug 10260172] - fix filp_close() race (Joe Jin) [orabug 10335998] - make xenkbd.abs_pointer=1 by default [orabug 67188919] - [xen] check to see if hypervisor supports memory reservation change (Chuck Anderson) [orabug 7556514] - [net] Enable entropy for bnx2,bnx2x,e1000e,igb,ixgb,ixgbe,ixgbevf (John Sobecki) [orabug 10315433] - [NET] Add xen pv netconsole support (Tina Yang) [orabug 6993043] [bz 7258] - [mm] shrink_zone patch (John Sobecki,Chris Mason) [orabug 6086839] - fix aacraid not to reset during kexec (Joe Jin) [orabug 8516042] - [rds] Patch rds to 1.4.2-20 (Andy Grover) [orabug 9471572, 9344105] RDS: Fix BUG_ONs to not fire when in a tasklet ipoib: Fix lockup of the tx queue RDS: Do not call set_page_dirty() with irqs off (Sherman Pun) RDS: Properly unmap when getting a remote access error (Tina Yang) RDS: Fix locking in rds_send_drop_to() - [xen] PVHVM guest with PoD crashes under memory pressure (Chuck Anderson) [orabug 9107465] +- [xen] PV guest with FC HBA hangs during shutdown (Chuck Anderson) [orabug 9764220] - Support 256GB+ memory for pv guest (Mukesh Rathor) [orabug 9450615] - fix overcommit memory to use percpu_counter for el5 (KOSAKI Motohiro, Guru Anbalagane) [orabug 6124033] - [ipmi] make configurable timeouts for kcs of ipmi [orabug 9752208] - [ib] fix memory corruption (Andy Grover) [orabug 9972346] | ||||
| Applies to: kernel kernel-PAE kernel-PAE-devel kernel-debug kernel-debug-devel kernel-devel kernel-doc kernel-headers kernel-xen kernel-xen-devel ocfs2 oracleasm |
Created: 2014-11-05 |
Updated: 2015-03-16 |
||
| ID: MITRE:27635 |
Title: ELSA-2012-0721-1 -- kernel security update |
Type: Software |
Bulletins:
MITRE:27635 |
Severity: Low |
| Description: kernel: [2.6.18-308.8.2.0.1.el5] - [net] bonding: fix carrier detect when bond is down [orabug 12377284] - [mm] fix hugetlb page leak (Dave McCracken) [orabug 12375075] - fix ia64 build error due to add-support-above-32-vcpus.patch(Zhenzhong Duan) - [x86] use dynamic vcpu_info remap to support more than 32 vcpus (Zhenzhong Duan) - [x86] Fix lvt0 reset when hvm boot up with noapic param - [scsi] remove printk's when doing I/O to a dead device (John Sobecki, Chris Mason) [orabug 12342275] - [char] ipmi: Fix IPMI errors due to timing problems (Joe Jin) [orabug 12561346] - [scsi] Fix race when removing SCSI devices (Joe Jin) [orabug 12404566] - [net] net: Redo the broken redhat netconsole over bonding (Tina Yang) [orabug 12740042] - [fs] nfs: Fix __put_nfs_open_context() NULL pointer panic (Joe Jin) [orabug 12687646] - [scsi] fix scsi hotplug and rescan race [orabug 10260172] - fix filp_close() race (Joe Jin) [orabug 10335998] - make xenkbd.abs_pointer=1 by default [orabug 67188919] - [xen] check to see if hypervisor supports memory reservation change (Chuck Anderson) [orabug 7556514] - [net] Enable entropy for bnx2,bnx2x,e1000e,igb,ixgb,ixgbe,ixgbevf (John Sobecki) [orabug 10315433] - [NET] Add xen pv netconsole support (Tina Yang) [orabug 6993043] [bz 7258] - [mm] shrink_zone patch (John Sobecki,Chris Mason) [orabug 6086839] - fix aacraid not to reset during kexec (Joe Jin) [orabug 8516042] - [rds] Patch rds to 1.4.2-20 (Andy Grover) [orabug 9471572, 9344105] RDS: Fix BUG_ONs to not fire when in a tasklet ipoib: Fix lockup of the tx queue RDS: Do not call set_page_dirty() with irqs off (Sherman Pun) RDS: Properly unmap when getting a remote access error (Tina Yang) RDS: Fix locking in rds_send_drop_to() - [xen] PVHVM guest with PoD crashes under memory pressure (Chuck Anderson) [orabug 9107465] +- [xen] PV guest with FC HBA hangs during shutdown (Chuck Anderson) [orabug 9764220] - Support 256GB+ memory for pv guest (Mukesh Rathor) [orabug 9450615] - fix overcommit memory to use percpu_counter for el5 (KOSAKI Motohiro, Guru Anbalagane) [orabug 6124033] - [ipmi] make configurable timeouts for kcs of ipmi [orabug 9752208] - [ib] fix memory corruption (Andy Grover) [orabug 9972346] [2.6.18-308.8.2.el5] - [xen] x86_64: check address on trap handlers or guest callbacks (Paolo Bonzini) [813430 813431] {CVE-2012-0217} - [xen] x86_64: Do not execute sysret with a non-canonical return address (Paolo Bonzini) [813430 813431] {CVE-2012-0217} - [xen] x86: prevent hv boot on AMD CPUs with Erratum 121 (Laszlo Ersek) [824969 824970] | ||||
| Applies to: kernel kernel-PAE kernel-PAE-devel kernel-debug kernel-debug-devel kernel-devel kernel-doc kernel-headers kernel-xen kernel-xen-devel ocfs2 oracleasm |
Created: 2014-11-05 |
Updated: 2015-03-16 |
||
| ID: MITRE:27818 |
Title: ELSA-2012-0690-1 -- kernel security and bug fix update |
Type: Software |
Bulletins:
MITRE:27818 |
Severity: Low |
| Description: [2.6.18-308.8.1.0.1.el5] - [net] bonding: fix carrier detect when bond is down [orabug 12377284] - [mm] fix hugetlb page leak (Dave McCracken) [orabug 12375075] - fix ia64 build error due to add-support-above-32-vcpus.patch(Zhenzhong Duan) - [x86] use dynamic vcpu_info remap to support more than 32 vcpus (Zhenzhong Duan) - [x86] Fix lvt0 reset when hvm boot up with noapic param - [scsi] remove printk's when doing I/O to a dead device (John Sobecki, Chris Mason) [orabug 12342275] - [char] ipmi: Fix IPMI errors due to timing problems (Joe Jin) [orabug 12561346] - [scsi] Fix race when removing SCSI devices (Joe Jin) [orabug 12404566] - [net] net: Redo the broken redhat netconsole over bonding (Tina Yang) [orabug 12740042] - [fs] nfs: Fix __put_nfs_open_context() NULL pointer panic (Joe Jin) [orabug 12687646] - [scsi] fix scsi hotplug and rescan race [orabug 10260172] - fix filp_close() race (Joe Jin) [orabug 10335998] - make xenkbd.abs_pointer=1 by default [orabug 67188919] - [xen] check to see if hypervisor supports memory reservation change (Chuck Anderson) [orabug 7556514] - [net] Enable entropy for bnx2,bnx2x,e1000e,igb,ixgb,ixgbe,ixgbevf (John Sobecki) [orabug 10315433] - [NET] Add xen pv netconsole support (Tina Yang) [orabug 6993043] [bz 7258] - [mm] shrink_zone patch (John Sobecki,Chris Mason) [orabug 6086839] - fix aacraid not to reset during kexec (Joe Jin) [orabug 8516042] - [rds] Patch rds to 1.4.2-20 (Andy Grover) [orabug 9471572, 9344105] RDS: Fix BUG_ONs to not fire when in a tasklet ipoib: Fix lockup of the tx queue RDS: Do not call set_page_dirty() with irqs off (Sherman Pun) RDS: Properly unmap when getting a remote access error (Tina Yang) RDS: Fix locking in rds_send_drop_to() - [xen] PVHVM guest with PoD crashes under memory pressure (Chuck Anderson) [orabug 9107465] - [xen] PV guest with FC HBA hangs during shutdown (Chuck Anderson) [orabug 9764220] - Support 256GB+ memory for pv guest (Mukesh Rathor) [orabug 9450615] - fix overcommit memory to use percpu_counter for el5 (KOSAKI Motohiro, Guru Anbalagane) [orabug 6124033] - [ipmi] make configurable timeouts for kcs of ipmi [orabug 9752208] - [ib] fix memory corruption (Andy Grover) [orabug 9972346] | ||||
| Applies to: kernel kernel-PAE kernel-PAE-devel kernel-debug kernel-debug-devel kernel-devel kernel-doc kernel-headers kernel-xen kernel-xen-devel ocfs2 oracleasm |
Created: 2014-11-05 |
Updated: 2015-03-16 |
||
| ID: MITRE:27823 |
Title: ELSA-2012-0480-1 -- kernel security, bug fix, and enhancement update |
Type: Software |
Bulletins:
MITRE:27823 |
Severity: Low |
| Description: [2.6.18-308.4.1.0.1.el5] - [net] bonding: fix carrier detect when bond is down [orabug 12377284] - [mm] fix hugetlb page leak (Dave McCracken) [orabug 12375075] - fix ia64 build error due to add-support-above-32-vcpus.patch(Zhenzhong Duan) - [x86] use dynamic vcpu_info remap to support more than 32 vcpus (Zhenzhong Duan) - [x86] Fix lvt0 reset when hvm boot up with noapic param - [scsi] remove printk's when doing I/O to a dead device (John Sobecki, Chris Mason) [orabug 12342275] - [char] ipmi: Fix IPMI errors due to timing problems (Joe Jin) [orabug 12561346] - [scsi] Fix race when removing SCSI devices (Joe Jin) [orabug 12404566] - [net] net: Redo the broken redhat netconsole over bonding (Tina Yang) [orabug 12740042] - [fs] nfs: Fix __put_nfs_open_context() NULL pointer panic (Joe Jin) [orabug 12687646] - [scsi] fix scsi hotplug and rescan race [orabug 10260172] - fix filp_close() race (Joe Jin) [orabug 10335998] - make xenkbd.abs_pointer=1 by default [orabug 67188919] - [xen] check to see if hypervisor supports memory reservation change (Chuck Anderson) [orabug 7556514] - [net] Enable entropy for bnx2,bnx2x,e1000e,igb,ixgb,ixgbe,ixgbevf (John Sobecki) [orabug 10315433] - [NET] Add xen pv netconsole support (Tina Yang) [orabug 6993043] [bz 7258] - [mm] shrink_zone patch (John Sobecki,Chris Mason) [orabug 6086839] - fix aacraid not to reset during kexec (Joe Jin) [orabug 8516042] - [rds] Patch rds to 1.4.2-20 (Andy Grover) [orabug 9471572, 9344105] RDS: Fix BUG_ONs to not fire when in a tasklet ipoib: Fix lockup of the tx queue RDS: Do not call set_page_dirty() with irqs off (Sherman Pun) RDS: Properly unmap when getting a remote access error (Tina Yang) RDS: Fix locking in rds_send_drop_to() - [xen] PVHVM guest with PoD crashes under memory pressure (Chuck Anderson) [orabug 9107465] - [xen] PV guest with FC HBA hangs during shutdown (Chuck Anderson) [orabug 9764220] - Support 256GB+ memory for pv guest (Mukesh Rathor) [orabug 9450615] - fix overcommit memory to use percpu_counter for el5 (KOSAKI Motohiro, Guru Anbalagane) [orabug 6124033] - [ipmi] make configurable timeouts for kcs of ipmi [orabug 9752208] - [ib] fix memory corruption (Andy Grover) [orabug 9972346] | ||||
| Applies to: kernel kernel-PAE kernel-PAE-devel kernel-debug kernel-debug-devel kernel-devel kernel-doc kernel-headers kernel-xen kernel-xen-devel ocfs2 oracleasm |
Created: 2014-11-05 |
Updated: 2015-03-16 |
||
| ID: MITRE:27877 |
Title: ELSA-2012-0150-1 -- Oracle Linux 5.8 kernel security and bug update |
Type: Software |
Bulletins:
MITRE:27877 |
Severity: Low |
| Description: A flaw was found in the way the Linux kernel's Event Poll (epoll) subsystem handled large, nested epoll structures. A local, unprivileged user could use this flaw to cause a denial of service. | ||||
| Applies to: kernel kernel-PAE kernel-PAE-devel kernel-debug kernel-debug-devel kernel-devel kernel-doc kernel-headers kernel-xen kernel-xen-devel ocfs2 oracleasm |
Created: 2014-11-05 |
Updated: 2015-03-16 |
||
| ID: MITRE:27955 |
Title: ELSA-2011-2038 -- Unbreakable Enterprise kernel security update |
Type: Software |
Bulletins:
MITRE:27955 |
Severity: Low |
| Description: kernel-uek [2.6.32-300.4.1.el6uek] - [pci] intel-iommu: Default to non-coherent for domains unattached to iommus (Joe Jin) - [dm] do not forward ioctls from logical volumes to the underlying device (Joe Jin) {CVE-2011-4127} - [block] fail SCSI passthrough ioctls on partition devices (Joe Jin) {CVE-2011-4127} - [block] add and use scsi_blk_cmd_ioctl (Joe Jin) {CVE-2011-4127} - [net] gro: reset vlan_tci on reuse (Dan Carpenter) {CVE-2011-1576} - [net] rose: Add length checks to CALL_REQUEST parsing (Ben Hutchings) {CVE-2011-1493} - [net] rose_loopback_timer sets VC number <= ROSE_DEFAULT_MAXVC (Bernard Pidoux F6BVP) {CVE-2011-1493} | ||||
| Applies to: kernel-uek kernel-uek-debug kernel-uek-debug-devel kernel-uek-devel kernel-uek-doc kernel-uek-firmware kernel-uek-headers mlnx_en ofa |
Created: 2014-11-05 |
Updated: 2015-03-16 |
||
| ID: MITRE:27916 |
Title: ELSA-2011-2037 -- Unbreakable Enterprise kernel security and bug fix update |
Type: Software |
Bulletins:
MITRE:27916 |
Severity: Low |
| Description: [2.6.32-300.3.1.el6uek] - proc: fix oops on invalid /proc/ | ||||
| Applies to: kernel-uek kernel-uek-debug kernel-uek-debug-devel kernel-uek-devel kernel-uek-doc kernel-uek-firmware kernel-uek-headers ofa |
Created: 2014-11-05 |
Updated: 2015-03-16 |
||
| ID: MITRE:28092 |
Title: ELSA-2011-2033 -- Unbreakable Enterprise kernel security update |
Type: Software |
Bulletins:
MITRE:28092 |
Severity: Low |
| Description: [2.6.32-200.23.1.el6uek] - net: Remove atmclip.h to prevent break kabi check. - KConfig: add CONFIG_UEK5=n to ol6/config-generic [2.6.32-200.22.1.el6uek] - ipv6: make fragment identifications less predictable (Joe Jin) {CVE-2011-2699} - vlan: fix panic when handling priority tagged frames (Joe Jin) {CVE-2011-3593} - ipv6: udp: fix the wrong headroom check (Maxim Uvarov) {CVE-2011-4326} - b43: allocate receive buffers big enough for max frame len + offset (Maxim Uvarov) {CVE-2011-3359} - fuse: check size of FUSE_NOTIFY_INVAL_ENTRY message (Maxim Uvarov) {CVE-2011-3353} - cifs: fix possible memory corruption in CIFSFindNext (Maxim Uvarov) {CVE-2011-3191} - crypto: md5 - Add export support (Maxim Uvarov) {CVE-2011-2699} - fs/partitions/efi.c: corrupted GUID partition tables can cause kernel oops (Maxim Uvarov) {CVE-2011-1577} - block: use struct parsed_partitions *state universally in partition check code (Maxim Uvarov) - net: Compute protocol sequence numbers and fragment IDs using MD5. (Maxim Uvarov) {CVE-2011-3188} - crypto: Move md5_transform to lib/md5.c (Maxim Uvarov) {CVE-2011-3188} - perf tools: do not look at ./config for configuration (Maxim Uvarov) {CVE-2011-2905} - Make TASKSTATS require root access (Maxim Uvarov) {CVE-2011-2494} - TPM: Zero buffer after copying to userspace (Maxim Uvarov) {CVE-2011-1162} - TPM: Call tpm_transmit with correct size (Maxim Uvarov){CVE-2011-1161} - fnic: fix panic while booting in fnic(Xiaowei Hu) - Revert 'PCI hotplug: acpiphp: set current_state to D0 in register_slot' (Guru Anbalagane) - xen: drop xen_sched_clock in favour of using plain wallclock time (Jeremy Fitzhardinge) [2.6.32-200.21.1.el6uek] - PCI: Set device power state to PCI_D0 for device without native PM support (Ajaykumar Hotchandani) [orabug 13033435] | ||||
| Applies to: kernel-uek kernel-uek-debug kernel-uek-debug-devel kernel-uek-devel kernel-uek-doc kernel-uek-firmware kernel-uek-headers ofa |
Created: 2014-11-05 |
Updated: 2015-03-16 |
||
| ID: MITRE:28158 |
Title: ELSA-2011-2029 -- Unbreakable Enterprise kernel security update |
Type: Software |
Bulletins:
MITRE:28158 |
Severity: Low |
| Description: [2.6.32-200.20.1.el6uek] - af_packet: prevent information leak {CVE-2011-2898} - gro: Only reset frag0 when skb can be pulled {CVE-2011-2723} - vm: fix vm_pgoff wrap in stack expansion {CVE-2011-2496} - vm: fix vm_pgoff wrap in upward expansion {CVE-2011-2496} - taskstats: don't allow duplicate entries in listener mode {CVE-2011-2484} - Ecryptfs: Add mount option to check uid of device being mounted {CVE-2011-1833} | ||||
| Applies to: kernel-uek kernel-uek-debug kernel-uek-debug-devel kernel-uek-devel kernel-uek-doc kernel-uek-firmware kernel-uek-headers ofa |
Created: 2014-11-05 |
Updated: 2015-03-16 |
||
| ID: MITRE:28157 |
Title: ELSA-2011-2025 -- Unbreakable Enterprise kernel security and bug fix update |
Type: Software |
Bulletins:
MITRE:28157 |
Severity: Low |
| Description: [2.6.32-200.19.1.el6uek] - Apply new fix for CVE-2011-1576. [2.6.32-200.18.1.el6uek] - Revert 'proc: fix a race in do_io_accounting' [2.6.32-200.17.1.el6uek] - net: Fix memory leak/corruption on VLAN GRO_DROP {CVE-2011-1576} - iommu-api: Extension to check for interrupt remapping {CVE-2011-1898} - KVM: IOMMU: Disable device assignment without interrupt remapping {CVE-2011-1898} - ext4: Fix max file size and logical block counting of extent format file {CVE-2011-2695} - nl80211: fix overflow in ssid_len {CVE-2011-2517} - Bluetooth: Prevent buffer overflow in l2cap config request {CVE-2011-2497} - proc: fix a race in do_io_accounting() {CVE-2011-2495} - proc: restrict access to /proc/PID/io {CVE-2011-2495} - Bluetooth: l2cap and rfcomm: fix 1 byte infoleak to userspace {CVE-2011-2492} - NLM: Don't hang forever on NLM unlock requests {CVE-2011-2491} - ksm: fix NULL pointer dereference in scan_get_next_rmap_item() {CVE-2011-2183} | ||||
| Applies to: kernel-uek kernel-uek-debug kernel-uek-debug-devel kernel-uek-devel kernel-uek-doc kernel-uek-firmware kernel-uek-headers ofa |
Created: 2014-11-05 |
Updated: 2015-03-16 |
||
| ID: MITRE:28038 |
Title: ELSA-2011-2024 -- Oracle Linux 6 Unbreakable Enterprise kernel security and bug fix update |
Type: Software |
Bulletins:
MITRE:28038 |
Severity: Low |
| Description: [2.6.32-200.16.1.el6uek] - Revert change to restore DEFAULTKERNEL | ||||
| Applies to: kernel-uek kernel-uek-debug kernel-uek-debug-devel kernel-uek-devel kernel-uek-doc kernel-uek-firmware kernel-uek-headers ofa |
Created: 2014-11-05 |
Updated: 2015-03-16 |
||
| ID: MITRE:27903 |
Title: ELSA-2011-2021 -- Oracle Linux 6 Unbreakable Enterprise kernel security fix update |
Type: Software |
Bulletins:
MITRE:27903 |
Severity: Low |
| Description: [2.6.32-100.37.1.el6uek] - [net] gre: fix netns vs proto registration ordering {CVE-2011-1767} - [net] tunnels: fix netns vs proto registration ordering {CVE-2011-1768} | ||||
| Applies to: kernel-uek kernel-uek-debug kernel-uek-debug-devel kernel-uek-devel kernel-uek-doc kernel-uek-firmware kernel-uek-headers ofa |
Created: 2014-11-05 |
Updated: 2015-03-16 |
||
| ID: MITRE:27518 |
Title: ELSA-2011-2019 -- Oracle Linux 6 Unbreakable Enterprise kernel security fix update |
Type: Software |
Bulletins:
MITRE:27518 |
Severity: Low |
| Description: [2.6.32-100.35.1.el6uek] - [net] dccp: handle invalid feature options length {CVE-2011-1770} - [net] can: add missing socket check in can/raw release {CVE-2011-1748} - [net] can: Add missing socket check in can/bcm release {CVE-2011-1598} | ||||
| Applies to: kernel-uek kernel-uek-debug kernel-uek-debug-devel kernel-uek-devel kernel-uek-doc kernel-uek-firmware kernel-uek-headers ofa |
Created: 2014-11-05 |
Updated: 2015-03-16 |
||
| ID: MITRE:27793 |
Title: ELSA-2011-2016 -- Unbreakable Enterprise kernel security fix update |
Type: Software |
Bulletins:
MITRE:27793 |
Severity: Low |
| Description: A [2.6.32-100.28.17.el6] - [net] Extend prot->slab size when add sock extend fields. [2.6.32-100.28.16.el6] - kernel: Fix unlimited socket backlog DoS {CVE-2010-4251} - RDS: Fix congestion issues for loopback - rds: prevent BUG_ON triggering on congestion map updates {CVE-2011-1023} - epoll: prevent creating circular epoll structures {CVE-2011-1082} - fs: fix corrupted OSF partition table parsing {CVE-2011-1163} - fs: Increase OSF partition limit from 8 to 18 {CVE-2011-1163} - netfilter: arp_tables: fix infoleak to userspace {CVE-2011-1170} - netfilter: ip_tables: fix infoleak to userspace {CVE-2011-1171} - ipv6: netfilter: ip6_tables: fix infoleak to userspace {CVE-2011-1172} - [SCSI] mpt2sas: prevent heap overflows and unchecked reads {CVE-2011-1494, CVE-2011-1495} | ||||
| Applies to: kernel-uek kernel-uek-debug kernel-uek-debug-devel kernel-uek-devel kernel-uek-doc kernel-uek-firmware kernel-uek-headers ofa |
Created: 2014-11-05 |
Updated: 2015-03-16 |
||
| ID: MITRE:28004 |
Title: ELSA-2011-2015 -- Oracle Linux 6 Unbreakable Enterprise kernel security fix update |
Type: Software |
Bulletins:
MITRE:28004 |
Severity: Low |
| Description: [2.6.32-100.28.15.el6] - sctp: fix to calc the INIT/INIT-ACK chunk length correctly is set {CVE-2011-1573} - dccp: fix oops on Reset after close {CVE-2011-1093} - bridge: netfilter: fix information leak {CVE-2011-1080} - Bluetooth: bnep: fix buffer overflow {CVE-2011-1079} - net: don't allow CAP_NET_ADMIN to load non-netdev kernel modules {CVE-2011-1019} - ipip: add module alias for tunl0 tunnel device - gre: add module alias for gre0 tunnel device - drm/radeon/kms: check AA resolve registers on r300 {CVE-2011-1016} - drm/radeon: fix regression with AA resolve checking {CVE-2011-1016} - drm: fix unsigned vs signed comparison issue in modeset ctl ioctl {CVE-2011-1013} - proc: protect mm start_code/end_code in /proc/pid/stat {CVE-2011-0726} - ALSA: caiaq - Fix possible string-buffer overflow {CVE-2011-0712} - xfs: zero proper structure size for geometry calls {CVE-2011-0711} - xfs: prevent leaking uninitialized stack memory in FSGEOMETRY_V1 {CVE-2011-0711} - ima: fix add LSM rule bug {CVE-2011-0006} - IB/uverbs: Handle large number of entries in poll CQ {CVE-2010-4649, CVE-2011-1044} - CAN: Use inode instead of kernel address for /proc file {CVE-2010-4565} [2.6.32-100.28.14.el6] - IB/qib: fix qib compile warning. - IB/core: Allow device-specific per-port sysfs files. - dm crypt: add plain64 iv. - firmware: add firmware for qib. - Infiniband: Add QLogic PCIe QLE InfiniBand host channel adapters support. | ||||
| Applies to: kernel-uek kernel-uek-debug kernel-uek-debug-devel kernel-uek-devel kernel-uek-doc kernel-uek-firmware kernel-uek-headers ofa |
Created: 2014-11-05 |
Updated: 2015-03-16 |
||
| ID: MITRE:28005 |
Title: ELSA-2011-2014 -- Oracle Linux 6 Unbreakable Enterprise kernel security fix update |
Type: Software |
Bulletins:
MITRE:28005 |
Severity: Low |
| Description: [2.6.32-100.28.11.el6] - fs/partitions: Validate map_count in Mac partition tables {CVE-2011-1010} - nfs4: Ensure that ACL pages sent over NFS were not allocated from the slab (v3) {CVE-2011-1090} [2.6.32-100.28.10.el6] - Use cciss for some Smart Array controller for OL5 [orabug 11899706] - CVEs from RHSA-2011-0421 - install_special_mapping skips security_file_mmap check {CVE-2010-4346} - orinoco: fix TKIP countermeasure behaviour {CVE-2010-4648} - net: clear heap allocation for ethtool_get_regs() {CVE-2010-4655} - usb: iowarrior: don't trust report_size for buffer size {CVE-2010-4656} - [media] [v3,media] av7110: check for negative array offset {CVE-2011-0521} - RDMA/cma: Fix crash in request handlers {CVE-2011-0695} - IB/cm: Bump reference count on cm_id before invoking callback {CVE-2011-0695} - gro: reset skb_iif on reuse {CVE-2011-1478} | ||||
| Applies to: kernel-uek kernel-uek-debug kernel-uek-debug-devel kernel-uek-devel kernel-uek-doc kernel-uek-firmware kernel-uek-headers ofa |
Created: 2014-11-05 |
Updated: 2015-03-16 |
||
| ID: MITRE:27959 |
Title: ELSA-2011-2010 -- Oracle Linux 6 Unbreakable Enterprise kernel security fix update |
Type: Software |
Bulletins:
MITRE:27959 |
Severity: Low |
| Description: [2.6.32-100.28.9.el6] - sync up the version [2.6.32-100.28.8.el6] - [block] check for proper length of iov entries earlier in blk_rq_map_user_iov (Xiaotian Feng) {CVE-2010-4668} - scm: lower SCM_MAX_FD (Eric Dumazet) {CVE-2010-4249} - perf_events: Fix perf_counter_mmap() hook in mprotect() (Pekka Enberg) {CVE-2010-4169} - tcp: Increase TCP_MAXSEG socket option minimum (David S. Miller) {CVE-2010-4165} - Enable module force load option [orabug 11782146] - Enable vmw balloon and pvscsi (Guru Anbalagane) [orabug 11697522] [2.6.32-100.28.7.el6] - build from git [2.6.32-100.28.6.el6] - Remove crashkernel option if it is present [bug 11714928] | ||||
| Applies to: kernel-uek kernel-uek-debug kernel-uek-debug-devel kernel-uek-devel kernel-uek-doc kernel-uek-firmware kernel-uek-headers ofa |
Created: 2014-11-05 |
Updated: 2015-03-16 |
||
| ID: MITRE:27702 |
Title: ELSA-2010-2011 -- Unbreakable enterprise kernel security and bug fix update |
Type: Software |
Bulletins:
MITRE:27702 |
Severity: Low |
| Description: Following Security fixes are included in this unbreakable enterprise kernel errata: CVE-2010-3432 The sctp_packet_config function in net/sctp/output.c in the Linux kernel before 2.6.35.6 performs extraneous initializations of packet data structures, which allows remote attackers to cause a denial of service (panic) via a certain sequence of SCTP traffic. CVE-2010-2962 drivers/gpu/drm/i915/i915_gem.c in the Graphics Execution Manager (GEM) in the Intel i915 driver in the Direct Rendering Manager (DRM) subsystem in the Linux kernel before 2.6.36 does not properly validate pointers to blocks of memory, which allows local users to write to arbitrary kernel memory locations, and consequently gain privileges, via crafted use of the ioctl interface, related to (1) pwrite and (2) pread operations. CVE-2010-2955 The cfg80211_wext_giwessid function in net/wireless/wext-compat.c in the Linux kernel before 2.6.36-rc3-next-20100831 does not properly initialize certain structure members, which allows local users to leverage an off-by-one error in the ioctl_standard_iw_point function in net/wireless/wext-core.c, and obtain potentially sensitive information from kernel heap memory, via vectors involving an SIOCGIWESSID ioctl call that specifies a large buffer size. CVE-2010-3705 The sctp_auth_asoc_get_hmac function in net/sctp/auth.c in the Linux kernel before 2.6.36 does not properly validate the hmac_ids array of an SCTP peer, which allows remote attackers to cause a denial of service (memory corruption and panic) via a crafted value in the last element of this array. CVE-2010-3084 Buffer overflow in the niu_get_ethtool_tcam_all function in drivers/net/niu.c in the Linux kernel before 2.6.36-rc4 allows local users to cause a denial of service or possibly have unspecified other impact via the ETHTOOL_GRXCLSRLALL ethtool command. CVE-2010-3437 Integer signedness error in the pkt_find_dev_from_minor function in drivers/block/pktcdvd.c in the Linux kernel before 2.6.36-rc6 allows local users to obtain sensitive information from kernel memory or cause a denial of service (invalid pointer dereference and system crash) via a crafted index value in a PKT_CTRL_CMD_STATUS ioctl call. CVE-2010-3079 kernel/trace/ftrace.c in the Linux kernel before 2.6.35.5, when debugfs is enabled, does not properly handle interaction between mutex possession and llseek operations, which allows local users to cause a denial of service (NULL pointer dereference and outage of all function tracing files) via an lseek call on a file descriptor associated with the set_ftrace_filter file. CVE-2010-3698 The KVM implementation in the Linux kernel before 2.6.36 does not properly reload the FS and GS segment registers, which allows host OS users to cause a denial of service (host OS crash) via a KVM_RUN ioctl call in conjunction with a modified Local Descriptor Table (LDT). CVE-2010-3442 Multiple integer overflows in the snd_ctl_new function in sound/core/control.c in the Linux kernel before 2.6.36-rc5-next-20100929 allow local users to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a crafted (1) SNDRV_CTL_IOCTL_ELEM_ADD or (2) SNDRV_CTL_IOCTL_ELEM_REPLACE ioctl call. | ||||
| Applies to: kernel kernel-debug kernel-debug-devel kernel-devel kernel-doc kernel-firmware kernel-headers ofa |
Created: 2014-11-05 |
Updated: 2015-03-16 |
||
| ID: MITRE:28028 |
Title: ELSA-2010-2010 -- kernel security update |
Type: Software |
Bulletins:
MITRE:28028 |
Severity: Low |
| Description: [2.6.18-194.17.1.0.2.el5] - [rds] fix access issue with rds (Chris Mason) {CVE-2010-3904} [orabug 10226701] | ||||
| Applies to: kernel kernel-PAE kernel-PAE-devel kernel-debug kernel-debug-devel kernel-devel kernel-doc kernel-headers kernel-xen kernel-xen-devel ocfs2 oracleasm |
Created: 2014-11-05 |
Updated: 2015-03-16 |
||
| ID: MITRE:27240 |
Title: ELSA-2010-2009 -- Oracle Linux 5 Unbreakable Enterprise kernel security fix update |
Type: Software |
Bulletins:
MITRE:27240 |
Severity: Low |
| Description: Following security bugs are fixed in this errata CVE-2010-3904 When copying data to userspace, the RDS protocol failed to verify that the user-provided address was a valid userspace address. A local unprivileged user could issue specially crafted socket calls to write arbitrary values into kernel memory and potentially escalate privileges to root. CVE-2010-3067 Integer overflow in the do_io_submit function in fs/aio.c in the Linux kernel before 2.6.36-rc4-next-20100915 allows local users to cause a denial of service or possibly have unspecified other impact via crafted use of the io_submit system call. CVE-2010-3477 The tcf_act_police_dump function in net/sched/act_police.c in the actions implementation in the network queueing functionality in the Linux kernel before 2.6.36-rc4 does not properly initialize certain structure members, which allows local users to obtain potentially sensitive information from kernel memory via vectors involving a dump operation. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-2942. kernel: [2.6.32-100.21.1.el5] - [rds] fix access issue with rds (Chris Mason) {CVE-2010-3904} - [fuse] linux-2.6.32-fuse-return-EGAIN-if-not-connected-bug-10154489.patch - [net] linux-2.6.32-net-sched-fix-kernel-leak-in-act_police.patch - [aio] linux-2.6.32-aio-check-for-multiplication-overflow-in-do_io_subm.patch ofa: [1.5.1-4.0.23] - Fix rds permissions checks during copies [1.5.1-4.0.21] - Update to BXOFED 1.5.1-1.3.6-5 | ||||
| Applies to: kernel kernel-debug kernel-debug-devel kernel-devel kernel-doc kernel-firmware kernel-headers ofa |
Created: 2014-11-05 |
Updated: 2015-03-16 |
||
| ID: MITRE:27587 |
Title: ELSA-2010-2008 -- Unbreakable enterprise kernel security update |
Type: Software |
Bulletins:
MITRE:27587 |
Severity: Low |
| Description: [2.6.32-100.20.1.el5] - [fs] xfs: return inode fork offset in bulkstat for fsr (Dave Chinner) - [fs] xfs: always use iget in bulkstat (Dave Chinner) {CVE-2010-2943} - [fs] xfs: validate untrusted inode numbers during lookup (Dave Chinner) {CVE-2 010-2943} - [fs] xfs: rename XFS_IGET_BULKSTAT to XFS_IGET_UNTRUSTED (Dave Chinner) {CVE-2 010-2943} - [net] net sched: fix some kernel memory leaks (Eric Dumazet) {CVE-2010-2942} - [fs] ocfs2: Don't walk off the end of fast symlinks (Joel Becker) | ||||
| Applies to: kernel kernel-debug kernel-debug-devel kernel-devel kernel-doc kernel-firmware kernel-headers ofa |
Created: 2014-11-05 |
Updated: 2015-03-16 |
||
| ID: CVE-2014-3366 |
Title: SQL injection vulnerability in the administrative web interface in Cisco Unified Communications Manager allows remote authenticated users to execute arbitrary SQL commands via a crafted response, aka Bug ID CSCup88089. |
Type: Hardware |
Bulletins:
CVE-2014-3366 SFBID70855 |
Severity: Medium |
| Description: SQL injection vulnerability in the administrative web interface in Cisco Unified Communications Manager allows remote authenticated users to execute arbitrary SQL commands via a crafted response, aka Bug ID CSCup88089. | ||||
| Applies to: Unified Communications Manager |
Created: 2014-10-31 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-3375 |
Title: Multiple cross-site scripting (XSS) vulnerabilities in the CCM Service interface in the Server in Cisco Unified Communications Manager allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuq90597. |
Type: Hardware |
Bulletins:
CVE-2014-3375 SFBID70850 |
Severity: Medium |
| Description: Multiple cross-site scripting (XSS) vulnerabilities in the CCM Service interface in the Server in Cisco Unified Communications Manager allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuq90597. | ||||
| Applies to: Unified Communications Manager |
Created: 2014-10-31 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-3372 |
Title: Multiple cross-site scripting (XSS) vulnerabilities in the CCM reports interface in the Server in Cisco Unified Communications Manager allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuq90589. |
Type: Hardware |
Bulletins:
CVE-2014-3372 SFBID70846 |
Severity: Medium |
| Description: Multiple cross-site scripting (XSS) vulnerabilities in the CCM reports interface in the Server in Cisco Unified Communications Manager allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuq90589. | ||||
| Applies to: Unified Communications Manager |
Created: 2014-10-31 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-3373 |
Title: Multiple cross-site scripting (XSS) vulnerabilities in the CCM Dialed Number Analyzer interface in the Server in Cisco Unified Communications Manager allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug... |
Type: Hardware |
Bulletins:
CVE-2014-3373 SFBID70848 |
Severity: Medium |
| Description: Multiple cross-site scripting (XSS) vulnerabilities in the CCM Dialed Number Analyzer interface in the Server in Cisco Unified Communications Manager allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCup92550. | ||||
| Applies to: Unified Communications Manager |
Created: 2014-10-31 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-3374 |
Title: Multiple cross-site scripting (XSS) vulnerabilities in the CCM admin interface in the Server in Cisco Unified Communications Manager allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuq90582. |
Type: Hardware |
Bulletins:
CVE-2014-3374 SFBID70849 |
Severity: Medium |
| Description: Multiple cross-site scripting (XSS) vulnerabilities in the CCM admin interface in the Server in Cisco Unified Communications Manager allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuq90582. | ||||
| Applies to: Unified Communications Manager |
Created: 2014-10-31 |
Updated: 2024-01-17 |
||
| ID: MITRE:27022 |
Title: RHSA-2014:1669 -- qemu-kvm security and bug fix update |
Type: Software |
Bulletins:
MITRE:27022 |
Severity: Low |
| Description: KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the user-space component for running virtual machines using KVM. An information leak flaw was found in the way QEMU's VGA emulator accessed frame buffer memory for high resolution displays. A privileged guest user could use this flaw to leak memory contents of the host to the guest by setting the display to use a high resolution in the guest. (CVE-2014-3615) This issue was discovered by Laszlo Ersek of Red Hat. This update also fixes the following bug: * This update fixes a regression in the scsi_block_new_request() function, which caused all read requests to through SG_IO if the host cache was not used. (BZ#1141189) All qemu-kvm users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect. | ||||
| Applies to: qemu-kvm |
Created: 2014-10-28 |
Updated: 2015-02-23 |
||
| ID: MITRE:27220 |
Title: RHSA-2013:1353 -- sudo security and bug fix update |
Type: Software |
Bulletins:
MITRE:27220 |
Severity: Low |
| Description: The sudo (superuser do) utility allows system administrators to give certain users the ability to run commands as root. A flaw was found in the way sudo handled time stamp files. An attacker able to run code as a local user and with the ability to control the system clock could possibly gain additional privileges by running commands that the victim user was allowed to run via sudo, without knowing the victim's password. (CVE-2013-1775) It was found that sudo did not properly validate the controlling terminal device when the tty_tickets option was enabled in the /etc/sudoers file. An attacker able to run code as a local user could possibly gain additional privileges by running commands that the victim user was allowed to run via sudo, without knowing the victim's password. (CVE-2013-1776, CVE-2013-2776) This update also fixes the following bugs: * Due to a bug in the cycle detection algorithm of the visudo utility, visudo incorrectly evaluated certain alias definitions in the /etc/sudoers file as cycles. Consequently, a warning message about undefined aliases appeared. This bug has been fixed, /etc/sudoers is now parsed correctly by visudo and the warning message no longer appears. (BZ#849679) * Previously, the 'sudo -l' command did not parse the /etc/sudoers file correctly if it contained an Active Directory (AD) group. The file was parsed only up to the first AD group information and then the parsing failed with the following message: sudo: unable to cache group ADDOM\admingroup, already exists With this update, the underlying code has been modified and 'sudo -l' now parses /etc/sudoers containing AD groups correctly. (BZ#855836) * Previously, the sudo utility did not escape the backslash characters contained in user names properly. Consequently, if a system used sudo integrated with LDAP or Active Directory (AD) as the primary authentication mechanism, users were not able to authenticate on that system. With this update, sudo has been modified to process LDAP and AD names correctly and the authentication process now works as expected. (BZ#869287) * Prior to this update, the 'visudo -s (strict)' command incorrectly parsed certain alias definitions. Consequently, an error message was issued. The bug has been fixed, and parsing errors no longer occur when using 'visudo -s'. (BZ#905624) All sudo users are advised to upgrade to this updated package, which contains backported patches to correct these issues. | ||||
| Applies to: sudo |
Created: 2014-10-28 |
Updated: 2015-02-23 |
||
| ID: MITRE:27070 |
Title: RHSA-2013:0519 -- openssh security, bug fix and enhancement update |
Type: Services |
Bulletins:
MITRE:27070 |
Severity: Low |
| Description: OpenSSH is OpenBSD's Secure Shell (SSH) protocol implementation. These packages include the core files necessary for the OpenSSH client and server. Due to the way the pam_ssh_agent_auth PAM module was built in Red Hat Enterprise Linux 6, the glibc's error() function was called rather than the intended error() function in pam_ssh_agent_auth to report errors. As these two functions expect different arguments, it was possible for an attacker to cause an application using pam_ssh_agent_auth to crash, disclose portions of its memory or, potentially, execute arbitrary code. (CVE-2012-5536) Note that the pam_ssh_agent_auth module is not used in Red Hat Enterprise Linux 6 by default. This update also fixes the following bugs: * All possible options for the new RequiredAuthentications directive were not documented in the sshd_config man page. This update improves the man page to document all the possible options. (BZ#821641) * When stopping one instance of the SSH daemon (sshd), the sshd init script (/etc/rc.d/init.d/sshd) stopped all sshd processes regardless of the PID of the processes. This update improves the init script so that it only kills processes with the relevant PID. As a result, the init script now works more reliably in a multi-instance environment. (BZ#826720) * Due to a regression, the ssh-copy-id command returned an exit status code of zero even if there was an error in copying the key to a remote host. With this update, a patch has been applied and ssh-copy-id now returns a non-zero exit code if there is an error in copying the SSH certificate to a remote host. (BZ#836650) * When SELinux was disabled on the system, no on-disk policy was installed, a user account was used for a connection, and no "~/.ssh" configuration was present in that user's home directory, the SSH client terminated unexpectedly with a segmentation fault when attempting to connect to another system. A patch has been provided to address this issue and the crashes no longer occur in the described scenario. (BZ#836655) * The "HOWTO" document /usr/share/doc/openssh-ldap-5.3p1/HOWTO.ldap-keys incorrectly documented the use of the AuthorizedKeysCommand directive. This update corrects the document. (BZ#857760) This update also adds the following enhancements: * When attempting to enable SSH for use with a Common Access Card (CAC), the ssh-agent utility read all the certificates in the card even though only the ID certificate was needed. Consequently, if a user entered their PIN incorrectly, then the CAC was locked, as a match for the PIN was attempted against all three certificates. With this update, ssh-add does not try the same PIN for every certificate if the PIN fails for the first one. As a result, the CAC will not be disabled if a user enters their PIN incorrectly. (BZ#782912) * This update adds a "netcat mode" to SSH. The "ssh -W host:port ..." command connects standard input and output (stdio) on a client to a single port on a server. As a result, SSH can be used to route connections via intermediate servers. (BZ#860809) * Due to a bug, arguments for the RequiredAuthentications2 directive were not stored in a Match block. Consequently, parsing of the config file was not in accordance with the man sshd_config documentation. This update fixes the bug and users can now use the required authentication feature to specify a list of authentication methods as expected according to the man page. (BZ#869903) All users of openssh are advised to upgrade to these updated packages, which fix these issues and add these enhancements. After installing this update, the OpenSSH server daemon (sshd) will be restarted automatically. | ||||
| Applies to: openssh |
Created: 2014-10-28 |
Updated: 2015-02-23 |
||
| ID: CVE-2014-3409 |
Title: The Ethernet Connectivity Fault Management (CFM) handling feature in Cisco IOS 12.2(33)SRE9a and earlier and IOS XE 3.13S and earlier allows remote attackers to cause a denial of service (device reload) via malformed CFM packets, aka Bug ID CSCuq93406. |
Type: Hardware |
Bulletins:
CVE-2014-3409 SFBID70715 |
Severity: Medium |
| Description: The Ethernet Connectivity Fault Management (CFM) handling feature in Cisco IOS 12.2(33)SRE9a and earlier and IOS XE 3.13S and earlier allows remote attackers to cause a denial of service (device reload) via malformed CFM packets, aka Bug ID CSCuq93406. | ||||
| Applies to: |
Created: 2014-10-25 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-4450 |
Title: The QuickType feature in the Keyboards subsystem in Apple iOS before 8.1 collects typing-prediction data from fields with an off autocomplete attribute, which makes it easier for attackers to discover credentials by reading... |
Type: Mobile Devices |
Bulletins:
CVE-2014-4450 SFBID70660 |
Severity: Low |
| Description: The QuickType feature in the Keyboards subsystem in Apple iOS before 8.1 collects typing-prediction data from fields with an off autocomplete attribute, which makes it easier for attackers to discover credentials by reading credential values within unintended DOM input elements. | ||||
| Applies to: |
Created: 2014-10-22 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-4449 |
Title: iCloud Data Access in Apple iOS before 8.1 does not verify X.509 certificates from TLS servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. |
Type: Mobile Devices |
Bulletins:
CVE-2014-4449 SFBID70659 |
Severity: Medium |
| Description: iCloud Data Access in Apple iOS before 8.1 does not verify X.509 certificates from TLS servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
| Applies to: |
Created: 2014-10-22 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-4448 |
Title: House Arrest in Apple iOS before 8.1 relies on the hardware UID for its encryption key, which makes it easier for physically proximate attackers to obtain sensitive information from a Documents directory by obtaining this UID. |
Type: Mobile Devices |
Bulletins:
CVE-2014-4448 SFBID70661 |
Severity: Low |
| Description: House Arrest in Apple iOS before 8.1 relies on the hardware UID for its encryption key, which makes it easier for physically proximate attackers to obtain sensitive information from a Documents directory by obtaining this UID. | ||||
| Applies to: |
Created: 2014-10-22 |
Updated: 2024-01-17 |
||
| ID: MITRE:26378 |
Title: Unspecified vulnerability allows remote attackers to bypass Protected Mode |
Type: Web |
Bulletins:
MITRE:26378 CVE-2011-1347 |
Severity: High |
| Description: Unspecified vulnerability in Microsoft Internet Explorer 8 on Windows 7 allows remote attackers to bypass Protected Mode and create arbitrary files by leveraging access to a Low integrity process, as demonstrated by Stephen Fewer as the third of three chained vulnerabilities during a Pwn2Own competition at CanSecWest 2011. | ||||
| Applies to: Microsoft Internet Explorer 8 |
Created: 2014-10-20 |
Updated: 2024-01-17 |
||
| ID: MITRE:26532 |
Title: Heap-based buffer overflow in KMPlayer 3.0.0.1441 |
Type: Software |
Bulletins:
MITRE:26532 CVE-2011-2594 |
Severity: High |
| Description: Heap-based buffer overflow in KMPlayer 3.0.0.1441, and possibly other versions, allows remote attackers to execute arbitrary code via a playlist (.KPL) file with a long Title field. | ||||
| Applies to: KMPlayer |
Created: 2014-10-20 |
Updated: 2024-01-17 |
||
| ID: MITRE:25633 |
Title: Arbitrary code executing via unknown vectors. |
Type: Web |
Bulletins:
MITRE:25633 CVE-2011-1346 |
Severity: High |
| Description: Unspecified vulnerability in Microsoft Internet Explorer 8 on Windows 7 allows remote attackers to execute arbitrary code via unknown vectors, as demonstrated by Stephen Fewer as the second of three chained vulnerabilities during a Pwn2Own competition at CanSecWest 2011. | ||||
| Applies to: Microsoft Internet Explorer 8 |
Created: 2014-10-20 |
Updated: 2024-01-17 |
||
| ID: MITRE:26362 |
Title: Apache Subversion vulnerability Apache Subversion 1.0.0 through 1.7.x before 1.7.17 and 1.8.x before 1.8.10 uses an MD5 hash of the URL and authentication realm to store cached credentials |
Type: Software |
Bulletins:
MITRE:26362 CVE-2014-3528 |
Severity: Medium |
| Description: Apache Subversion 1.0.0 through 1.7.x before 1.7.17 and 1.8.x before 1.8.10 uses an MD5 hash of the URL and authentication realm to store cached credentials, which makes it easier for remote servers to obtain the credentials via a crafted authentication realm. | ||||
| Applies to: VisualSVN Server |
Created: 2014-10-20 |
Updated: 2024-01-17 |
||
| ID: MITRE:25808 |
Title: Apache Subversion vulnerability 1.4.0 through 1.7.x before 1.7.18 and 1.8.x before 1.8.10 does not properly handle wildcards in the Common Name (CN) or subjectAltName field of the X.509 certificate |
Type: Software |
Bulletins:
MITRE:25808 CVE-2014-3522 |
Severity: Medium |
| Description: The Serf RA layer in Apache Subversion 1.4.0 through 1.7.x before 1.7.18 and 1.8.x before 1.8.10 does not properly handle wildcards in the Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof servers via a crafted certificate. | ||||
| Applies to: VisualSVN Server |
Created: 2014-10-20 |
Updated: 2024-01-17 |
||
| ID: MITRE:27068 |
Title: RHSA-2014:1658: java-1.6.0-sun security update |
Type: Software |
Bulletins:
MITRE:27068 |
Severity: Low |
| Description: Oracle Java SE version 6 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section. (CVE-2014-4288, CVE-2014-6457, CVE-2014-6458, CVE-2014-6492, CVE-2014-6493, CVE-2014-6502, CVE-2014-6503, CVE-2014-6504, CVE-2014-6506, CVE-2014-6511, CVE-2014-6512, CVE-2014-6515, CVE-2014-6517, CVE-2014-6531, CVE-2014-6532, CVE-2014-6558) The CVE-2014-6512 issue was discovered by Florian Weimer of Red Hat Product Security. All users of java-1.6.0-sun are advised to upgrade to these updated packages, which provide Oracle Java 6 Update 85 and resolve these issues. All running instances of Oracle Java must be restarted for the update to take effect. | ||||
| Applies to: java-1.6.0-sun |
Created: 2014-10-17 |
Updated: 2015-08-03 |
||
| ID: MITRE:26915 |
Title: RHSA-2014:1657: java-1.7.0-oracle security update |
Type: Software |
Bulletins:
MITRE:26915 |
Severity: Low |
| Description: Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section. (CVE-2014-4288, CVE-2014-6456, CVE-2014-6457, CVE-2014-6458, CVE-2014-6476, CVE-2014-6492, CVE-2014-6493, CVE-2014-6502, CVE-2014-6503, CVE-2014-6504, CVE-2014-6506, CVE-2014-6511, CVE-2014-6512, CVE-2014-6515, CVE-2014-6517, CVE-2014-6519, CVE-2014-6527, CVE-2014-6531, CVE-2014-6532, CVE-2014-6558) The CVE-2014-6512 issue was discovered by Florian Weimer of Red Hat Product Security. All users of java-1.7.0-oracle are advised to upgrade to these updated packages, which provide Oracle Java 7 Update 72 and resolve these issues. All running instances of Oracle Java must be restarted for the update to take effect. | ||||
| Applies to: java-1.7.0-oracle |
Created: 2014-10-17 |
Updated: 2015-08-03 |
||
| ID: MITRE:27149 |
Title: RHSA-2014:1655: libxml2 security update |
Type: Miscellaneous |
Bulletins:
MITRE:27149 |
Severity: Low |
| Description: The libxml2 library is a development toolbox providing the implementation of various XML standards. A denial of service flaw was found in libxml2, a library providing support to read, modify and write XML and HTML files. A remote attacker could provide a specially crafted XML file that, when processed by an application using libxml2, would lead to excessive CPU consumption (denial of service) based on excessive entity substitutions, even if entity substitution was disabled, which is the parser default behavior. (CVE-2014-3660) All libxml2 users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. The desktop must be restarted (log out, then log back in) for this update to take effect. | ||||
| Applies to: libxml2 |
Created: 2014-10-17 |
Updated: 2015-04-13 |
||
| ID: MITRE:26767 |
Title: RHSA-2014:1654: rsyslog7 security update |
Type: Software |
Bulletins:
MITRE:26767 |
Severity: Low |
| Description: The rsyslog7 packages provide an enhanced, multi-threaded syslog daemon that supports writing to relational databases, syslog/TCP, RFC 3195, permitted sender lists, filtering on any message part, and fine grained output format control. A flaw was found in the way rsyslog handled invalid log message priority values. In certain configurations, a local attacker, or a remote attacker able to connect to the rsyslog port, could use this flaw to crash the rsyslog daemon or, potentially, execute arbitrary code as the user running the rsyslog daemon. (CVE-2014-3634) Red Hat would like to thank Rainer Gerhards of rsyslog upstream for reporting this issue. All rsyslog7 users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the update, the rsyslog service will be restarted automatically. | ||||
| Applies to: rsyslog7 |
Created: 2014-10-17 |
Updated: 2015-04-13 |
||
| ID: MITRE:26947 |
Title: RHSA-2014:1636: java-1.8.0-openjdk security update |
Type: Software |
Bulletins:
MITRE:26947 |
Severity: Low |
| Description: The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. It was discovered that the Libraries component in OpenJDK failed to properly handle ZIP archives that contain entries with a NUL byte used in the file names. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions. (CVE-2014-6562) Multiple flaws were discovered in the Libraries, 2D, and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2014-6506, CVE-2014-6531, CVE-2014-6502, CVE-2014-6511, CVE-2014-6504, CVE-2014-6519) It was discovered that the StAX XML parser in the JAXP component in OpenJDK performed expansion of external parameter entities even when external entity substitution was disabled. A remote attacker could use this flaw to perform XML eXternal Entity (XXE) attack against applications using the StAX parser to parse untrusted XML documents. (CVE-2014-6517) It was discovered that the Hotspot component in OpenJDK failed to properly handle malformed Shared Archive files. A local attacker able to modify a Shared Archive file used by a virtual machine of a different user could possibly use this flaw to escalate their privileges. (CVE-2014-6468) It was discovered that the DatagramSocket implementation in OpenJDK failed to perform source address checks for packets received on a connected socket. A remote attacker could use this flaw to have their packets processed as if they were received from the expected source. (CVE-2014-6512) It was discovered that the TLS/SSL implementation in the JSSE component in OpenJDK failed to properly verify the server identity during the renegotiation following session resumption, making it possible for malicious TLS/SSL servers to perform a Triple Handshake attack against clients using JSSE and client certificate authentication. (CVE-2014-6457) It was discovered that the CipherInputStream class implementation in OpenJDK did not properly handle certain exceptions. This could possibly allow an attacker to affect the integrity of an encrypted stream handled by this class. (CVE-2014-6558) The CVE-2014-6512 was discovered by Florian Weimer of Red Hat Product Security. All users of java-1.8.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. | ||||
| Applies to: java-1.8.0-openjdk |
Created: 2014-10-17 |
Updated: 2015-04-13 |
||
| ID: MITRE:27101 |
Title: RHSA-2014:1606: file security and bug fix update |
Type: Software |
Bulletins:
MITRE:27101 |
Severity: Low |
| Description: The "file" command is used to identify a particular file according to the type of data contained in the file. The command can identify various file types, including ELF binaries, system libraries, RPM packages, and different graphics formats. Multiple denial of service flaws were found in the way file parsed certain Composite Document Format (CDF) files. A remote attacker could use either of these flaws to crash file, or an application using file, via a specially crafted CDF file. (CVE-2014-0237, CVE-2014-0238, CVE-2014-3479, CVE-2014-3480, CVE-2012-1571) Two denial of service flaws were found in the way file handled indirect and search rules. A remote attacker could use either of these flaws to cause file, or an application using file, to crash or consume an excessive amount of CPU. (CVE-2014-1943, CVE-2014-2270) This update also fixes the following bugs: * Previously, the output of the "file" command contained redundant white spaces. With this update, the new STRING_TRIM flag has been introduced to remove the unnecessary white spaces. (BZ#664513) * Due to a bug, the "file" command could incorrectly identify an XML document as a LaTex document. The underlying source code has been modified to fix this bug and the command now works as expected. (BZ#849621) * Previously, the "file" command could not recognize .JPG files and incorrectly labeled them as "Minix filesystem". This bug has been fixed and the command now properly detects .JPG files. (BZ#873997) * Under certain circumstances, the "file" command incorrectly detected NETpbm files as "x86 boot sector". This update applies a patch to fix this bug and the command now detects NETpbm files as expected. (BZ#884396) * Previously, the "file" command incorrectly identified ASCII text files as a .PIC image file. With this update, a patch has been provided to address this bug and the command now correctly recognizes ASCII text files. (BZ#980941) * On 32-bit PowerPC systems, the "from" field was missing from the output of the "file" command. The underlying source code has been modified to fix this bug and "file" output now contains the "from" field as expected. (BZ#1037279) * The "file" command incorrectly detected text files as "RRDTool DB version ool - Round Robin Database Tool". This update applies a patch to fix this bug and the command now correctly detects text files. (BZ#1064463) * Previously, the "file" command supported only version 1 and 2 of the QCOW format. As a consequence, file was unable to detect a "qcow2 compat=1.1" file created on Red Hat Enterprise Linux 7. With this update, support for QCOW version 3 has been added so that the command now detects such files as expected. (BZ#1067771) All file users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. | ||||
| Applies to: file |
Created: 2014-10-17 |
Updated: 2015-04-13 |
||
| ID: MITRE:26805 |
Title: RHSA-2014:1552: openssh security, bug fix, and enhancement update |
Type: Services |
Bulletins:
MITRE:26805 |
Severity: Low |
| Description: OpenSSH is OpenBSD's SSH (Secure Shell) protocol implementation. These packages include the core files necessary for both the OpenSSH client and server. It was discovered that OpenSSH clients did not correctly verify DNS SSHFP records. A malicious server could use this flaw to force a connecting client to skip the DNS SSHFP record check and require the user to perform manual host verification of the DNS SSHFP record. (CVE-2014-2653) It was found that OpenSSH did not properly handle certain AcceptEnv parameter values with wildcard characters. A remote attacker could use this flaw to bypass intended environment variable restrictions. (CVE-2014-2532) This update also fixes the following bugs: * Based on the SP800-131A information security standard, the generation of a digital signature using the Digital Signature Algorithm (DSA) with the key size of 1024 bits and RSA with the key size of less than 2048 bits is disallowed after the year 2013. After this update, ssh-keygen no longer generates keys with less than 2048 bits in FIPS mode. However, the sshd service accepts keys of size 1024 bits as well as larger keys for compatibility reasons. (BZ#993580) * Previously, the openssh utility incorrectly set the oom_adj value to -17 for all of its children processes. This behavior was incorrect because the children processes were supposed to have this value set to 0. This update applies a patch to fix this bug and oom_adj is now properly set to 0 for all children processes as expected. (BZ#1010429) * Previously, if the sshd service failed to verify the checksum of an installed FIPS module using the fipscheck library, the information about this failure was only provided at the standard error output of sshd. As a consequence, the user could not notice this message and be uninformed when a system had not been properly configured for FIPS mode. To fix this bug, this behavior has been changed and sshd now sends such messages via the syslog service. (BZ#1020803) * When keys provided by the pkcs11 library were removed from the ssh agent using the "ssh-add -e" command, the user was prompted to enter a PIN. With this update, a patch has been applied to allow the user to remove the keys provided by pkcs11 without the PIN. (BZ#1042519) In addition, this update adds the following enhancements: * With this update, ControlPersist has been added to OpenSSH. The option in conjunction with the ControlMaster configuration directive specifies that the master connection remains open in the background after the initial client connection has been closed. (BZ#953088) * When the sshd daemon is configured to force the internal SFTP session, and the user attempts to use a connection other than SFTP, the appropriate message is logged to the /var/log/secure file. (BZ#997377) * Support for Elliptic Curve Cryptography modes for key exchange (ECDH) and host user keys (ECDSA) as specified by RFC5656 has been added to the openssh packages. However, they are not enabled by default and the user has to enable them manually. For more information on how to configure ECDSA and ECDH with OpenSSH, see: https://access.redhat.com/solutions/711953 (BZ#1028335) All openssh users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add these enhancements. | ||||
| Applies to: openssh |
Created: 2014-10-17 |
Updated: 2015-04-13 |
||
| ID: MITRE:26927 |
Title: RHSA-2014:1507: trousers security, bug fix, and enhancement update |
Type: Software |
Bulletins:
MITRE:26927 |
Severity: Low |
| Description: TrouSerS is an implementation of the Trusted Computing Group's Software Stack (TSS) specification. You can use TrouSerS to write applications that make use of your TPM hardware. TPM hardware can create, store and use RSA keys securely (without ever being exposed in memory), verify a platform's software state using cryptographic hashes and more. A flaw was found in the way tcsd, the daemon that manages Trusted Computing resources, processed incoming TCP packets. A remote attacker could send a specially crafted TCP packet that, when processed by tcsd, could cause the daemon to crash. Note that by default tcsd accepts requests on localhost only. (CVE-2012-0698) Red Hat would like to thank Andrew Lutomirski for reporting this issue. The trousers package has been upgraded to upstream version 0.3.13, which provides a number of bug fixes and enhancements over the previous version, including corrected internal symbol names to avoid collisions with other applications, fixed memory leaks, added IPv6 support, fixed buffer handling in tcsd, as well as changed the license to BSD. (BZ#633584, BZ#1074634) All trousers users are advised to upgrade to these updated packages, which correct these issues and add these enhancements. | ||||
| Applies to: trousers |
Created: 2014-10-17 |
Updated: 2015-04-13 |
||
| ID: MITRE:26759 |
Title: RHSA-2014:1436: X11 client libraries security, bug fix, and enhancement update |
Type: Software |
Bulletins:
MITRE:26759 |
Severity: Low |
| Description: The X11 (Xorg) libraries provide library routines that are used within all X Window applications. Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in the way various X11 client libraries handled certain protocol data. An attacker able to submit invalid protocol data to an X11 server via a malicious X11 client could use either of these flaws to potentially escalate their privileges on the system. (CVE-2013-1981, CVE-2013-1982, CVE-2013-1983, CVE-2013-1984, CVE-2013-1985, CVE-2013-1986, CVE-2013-1987, CVE-2013-1988, CVE-2013-1989, CVE-2013-1990, CVE-2013-1991, CVE-2013-2003, CVE-2013-2062, CVE-2013-2064) Multiple array index errors, leading to heap-based buffer out-of-bounds write flaws, were found in the way various X11 client libraries handled data returned from an X11 server. A malicious X11 server could possibly use this flaw to execute arbitrary code with the privileges of the user running an X11 client. (CVE-2013-1997, CVE-2013-1998, CVE-2013-1999, CVE-2013-2000, CVE-2013-2001, CVE-2013-2002, CVE-2013-2066) A buffer overflow flaw was found in the way the XListInputDevices() function of X.Org X11's libXi runtime library handled signed numbers. A malicious X11 server could possibly use this flaw to execute arbitrary code with the privileges of the user running an X11 client. (CVE-2013-1995) A flaw was found in the way the X.Org X11 libXt runtime library used uninitialized pointers. A malicious X11 server could possibly use this flaw to execute arbitrary code with the privileges of the user running an X11 client. (CVE-2013-2005) Two stack-based buffer overflow flaws were found in the way libX11, the Core X11 protocol client library, processed certain user-specified files. A malicious X11 server could possibly use this flaw to crash an X11 client via a specially crafted file. (CVE-2013-2004) The xkeyboard-config package has been upgraded to upstream version 2.11, which provides a number of bug fixes and enhancements over the previous version. (BZ#1077471) This update also fixes the following bugs: * Previously, updating the mesa-libGL package did not update the libX11 package, although it was listed as a dependency of mesa-libGL. This bug has been fixed and updating mesa-libGL now updates all dependent packages as expected. (BZ#1054614) * Previously, closing a customer application could occasionally cause the X Server to terminate unexpectedly. After this update, the X Server no longer hangs when a user closes a customer application. (BZ#971626) All X11 client libraries users are advised to upgrade to these updated packages, which correct these issues and add these enhancements. | ||||
| Applies to: libX11 libXcursor libXext libXfixes libXi libXinerama libXp libXrandr libXrender libXres libXt libXtst libXv libXvMC libXxf86dga libXxf86vm libdmx libxcb xcb-proto xkeyboard-config xorg-x11-proto-devel xorg-x11-xtrans-devel |
Created: 2014-10-17 |
Updated: 2015-04-13 |
||
| ID: MITRE:27086 |
Title: RHSA-2014:1392: kernel security, bug fix, and enhancement update |
Type: Software |
Bulletins:
MITRE:27086 |
Severity: Low |
| Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. * A NULL pointer dereference flaw was found in the way the Linux kernel's Stream Control Transmission Protocol (SCTP) implementation handled simultaneous connections between the same hosts. A remote attacker could use this flaw to crash the system. (CVE-2014-5077, Important) * An integer overflow flaw was found in the way the Linux kernel's Frame Buffer device implementation mapped kernel memory to user space via the mmap syscall. A local user able to access a frame buffer device file (/dev/fb*) could possibly use this flaw to escalate their privileges on the system. (CVE-2013-2596, Important) * A flaw was found in the way the ipc_rcu_putref() function in the Linux kernel's IPC implementation handled reference counter decrementing. A local, unprivileged user could use this flaw to trigger an Out of Memory (OOM) condition and, potentially, crash the system. (CVE-2013-4483, Moderate) * It was found that the permission checks performed by the Linux kernel when a netlink message was received were not sufficient. A local, unprivileged user could potentially bypass these restrictions by passing a netlink socket as stdout or stderr to a more privileged process and altering the output of this process. (CVE-2014-0181, Moderate) * It was found that the try_to_unmap_cluster() function in the Linux kernel's Memory Managment subsystem did not properly handle page locking in certain cases, which could potentially trigger the BUG_ON() macro in the mlock_vma_page() function. A local, unprivileged user could use this flaw to crash the system. (CVE-2014-3122, Moderate) * A flaw was found in the way the Linux kernel's kvm_iommu_map_pages() function handled IOMMU mapping failures. A privileged user in a guest with an assigned host device could use this flaw to crash the host. (CVE-2014-3601, Moderate) * Multiple use-after-free flaws were found in the way the Linux kernel's Advanced Linux Sound Architecture (ALSA) implementation handled user controls. A local, privileged user could use either of these flaws to crash the system. (CVE-2014-4653, CVE-2014-4654, CVE-2014-4655, Moderate) * A flaw was found in the way the Linux kernel's VFS subsystem handled reference counting when performing unmount operations on symbolic links. A local, unprivileged user could use this flaw to exhaust all available memory on the system or, potentially, trigger a use-after-free error, resulting in a system crash or privilege escalation. (CVE-2014-5045, Moderate) * An integer overflow flaw was found in the way the lzo1x_decompress_safe() function of the Linux kernel's LZO implementation processed Literal Runs. A local attacker could, in extremely rare cases, use this flaw to crash the system or, potentially, escalate their privileges on the system. (CVE-2014-4608, Low) Red Hat would like to thank Vladimir Davydov of Parallels for reporting CVE-2013-4483, Jack Morgenstein of Mellanox for reporting CVE-2014-3601, Vasily Averin of Parallels for reporting CVE-2014-5045, and Don A. Bailey from Lab Mouse Security for reporting CVE-2014-4608. The security impact of the CVE-2014-3601 issue was discovered by Michael Tsirkin of Red Hat. This update also fixes several hundred bugs and adds numerous enhancements. Refer to the Red Hat Enterprise Linux 6.6 Release Notes for information on the most significant of these changes, and the Technical Notes for further information, both linked to in the References. All Red Hat Enterprise Linux 6 users are advised to install these updated packages, which correct these issues, and fix the bugs and add the enhancements noted in the Red Hat Enterprise Linux 6.6 Release Notes and Technical Notes. The system must be rebooted for this update to take effect. | ||||
| Applies to: kernel |
Created: 2014-10-17 |
Updated: 2015-04-13 |
||
| ID: MITRE:26605 |
Title: RHSA-2014:1391: glibc security, bug fix, and enhancement update |
Type: Miscellaneous |
Bulletins:
MITRE:26605 |
Severity: Low |
| Description: The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the Name Server Caching Daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. An out-of-bounds write flaw was found in the way the glibc's readdir_r() function handled file system entries longer than the NAME_MAX character constant. A remote attacker could provide a specially crafted NTFS or CIFS file system that, when processed by an application using readdir_r(), would cause that application to crash or, potentially, allow the attacker to execute arbitrary code with the privileges of the user running the application. (CVE-2013-4237) It was found that getaddrinfo() did not limit the amount of stack memory used during name resolution. An attacker able to make an application resolve an attacker-controlled hostname or IP address could possibly cause the application to exhaust all stack memory and crash. (CVE-2013-4458) These updated glibc packages also include several bug fixes and two enhancements. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Enterprise Linux 6.6 Technical Notes, linked to in the References section, for information on the most significant of these changes. All glibc users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add these enhancements. | ||||
| Applies to: glibc |
Created: 2014-10-17 |
Updated: 2015-04-13 |
||
| ID: MITRE:26390 |
Title: RHSA-2014:1390: luci security, bug fix, and enhancement update |
Type: Software |
Bulletins:
MITRE:26390 |
Severity: Low |
| Description: Luci is a web-based high availability administration application. It was discovered that luci used eval() on inputs containing strings from the cluster configuration file when generating its web pages. An attacker with privileges to create or edit the cluster configuration could use this flaw to execute arbitrary code as the luci user on a host running luci. (CVE-2014-3593) This issue was discovered by Jan Pokorný of Red Hat. These updated luci packages also include several bug fixes and multiple enhancements. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Enterprise Linux 6.6 Technical Notes, linked to in the References section, for information on the most significant of these changes. All luci users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add these enhancements. | ||||
| Applies to: luci |
Created: 2014-10-17 |
Updated: 2015-04-13 |
||
| ID: MITRE:26917 |
Title: RHSA-2014:1389: krb5 security and bug fix update |
Type: Services |
Bulletins:
MITRE:26917 |
Severity: Low |
| Description: Kerberos is a networked authentication system which allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos KDC. It was found that if a KDC served multiple realms, certain requests could cause the setup_server_realm() function to dereference a NULL pointer. A remote, unauthenticated attacker could use this flaw to crash the KDC using a specially crafted request. (CVE-2013-1418, CVE-2013-6800) A NULL pointer dereference flaw was found in the MIT Kerberos SPNEGO acceptor for continuation tokens. A remote, unauthenticated attacker could use this flaw to crash a GSSAPI-enabled server application. (CVE-2014-4344) A buffer overflow was found in the KADM5 administration server (kadmind) when it was used with an LDAP back end for the KDC database. A remote, authenticated attacker could potentially use this flaw to execute arbitrary code on the system running kadmind. (CVE-2014-4345) Two buffer over-read flaws were found in the way MIT Kerberos handled certain requests. A remote, unauthenticated attacker who is able to inject packets into a client or server application's GSSAPI session could use either of these flaws to crash the application. (CVE-2014-4341, CVE-2014-4342) A double-free flaw was found in the MIT Kerberos SPNEGO initiators. An attacker able to spoof packets to appear as though they are from an GSSAPI acceptor could use this flaw to crash a client application that uses MIT Kerberos. (CVE-2014-4343) These updated krb5 packages also include several bug fixes. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Enterprise Linux 6.6 Technical Notes, linked to in the References section, for information on the most significant of these changes. All krb5 users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. | ||||
| Applies to: krb5 |
Created: 2014-10-17 |
Updated: 2015-04-13 |
||
| ID: MITRE:27056 |
Title: RHSA-2014:1388: cups security and bug fix update |
Type: Services |
Bulletins:
MITRE:27056 |
Severity: Low |
| Description: CUPS provides a portable printing layer for Linux, UNIX, and similar operating systems. A cross-site scripting (XSS) flaw was found in the CUPS web interface. An attacker could use this flaw to perform a cross-site scripting attack against users of the CUPS web interface. (CVE-2014-2856) It was discovered that CUPS allowed certain users to create symbolic links in certain directories under /var/cache/cups/. A local user with the 'lp' group privileges could use this flaw to read the contents of arbitrary files on the system or, potentially, escalate their privileges on the system. (CVE-2014-3537, CVE-2014-5029, CVE-2014-5030, CVE-2014-5031) The CVE-2014-3537 issue was discovered by Francisco Alonso of Red Hat Product Security. These updated cups packages also include several bug fixes. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Enterprise Linux 6.6 Technical Notes, linked to in the References section, for information on the most significant of these changes. All cups users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing this update, the cupsd daemon will be restarted automatically. | ||||
| Applies to: cups |
Created: 2014-10-17 |
Updated: 2015-04-13 |
||
| ID: MITRE:27084 |
Title: ELSA-2014-1652 -- openssl security update |
Type: Web |
Bulletins:
MITRE:27084 |
Severity: Low |
| Description: [1.0.1e-30.2] - fix CVE-2014-3567 - memory leak when handling session tickets - fix CVE-2014-3513 - memory leak in srtp support - add support for fallback SCSV to partially mitigate CVE-2014-3566 (padding attack on SSL3) [1.0.1e-30] - add ECC TLS extensions to DTLS (#1119800) [1.0.1e-29] - fix CVE-2014-3505 - doublefree in DTLS packet processing - fix CVE-2014-3506 - avoid memory exhaustion in DTLS - fix CVE-2014-3507 - avoid memory leak in DTLS - fix CVE-2014-3508 - fix OID handling to avoid information leak - fix CVE-2014-3509 - fix race condition when parsing server hello - fix CVE-2014-3510 - fix DoS in anonymous (EC)DH handling in DTLS - fix CVE-2014-3511 - disallow protocol downgrade via fragmentation [1.0.1e-28] - fix CVE-2014-0224 fix that broke EAP-FAST session resumption support [1.0.1e-26] - drop EXPORT, RC2, and DES from the default cipher list (#1057520) - print ephemeral key size negotiated in TLS handshake (#1057715) - do not include ECC ciphersuites in SSLv2 client hello (#1090952) - properly detect encryption failure in BIO (#1100819) - fail on hmac integrity check if the .hmac file is empty (#1105567) - FIPS mode: make the limitations on DSA, DH, and RSA keygen length enforced only if OPENSSL_ENFORCE_MODULUS_BITS environment variable is set [1.0.1e-25] - fix CVE-2010-5298 - possible use of memory after free - fix CVE-2014-0195 - buffer overflow via invalid DTLS fragment - fix CVE-2014-0198 - possible NULL pointer dereference - fix CVE-2014-0221 - DoS from invalid DTLS handshake packet - fix CVE-2014-0224 - SSL/TLS MITM vulnerability - fix CVE-2014-3470 - client-side DoS when using anonymous ECDH [1.0.1e-24] - add back support for secp521r1 EC curve [1.0.1e-23] - fix CVE-2014-0160 - information disclosure in TLS heartbeat extension [1.0.1e-22] - use 2048 bit RSA key in FIPS selftests [1.0.1e-21] - add DH_compute_key_padded needed for FIPS CAVS testing - make 3des strength to be 128 bits instead of 168 (#1056616) - FIPS mode: do not generate DSA keys and DH parameters < 2048 bits - FIPS mode: use approved RSA keygen (allows only 2048 and 3072 bit keys) - FIPS mode: add DH selftest - FIPS mode: reseed DRBG properly on RAND_add() - FIPS mode: add RSA encrypt/decrypt selftest - FIPS mode: add hard limit for 2^32 GCM block encryptions with the same key - use the key length from configuration file if req -newkey rsa is invoked [1.0.1e-20] - fix CVE-2013-4353 - Invalid TLS handshake crash [1.0.1e-19] - fix CVE-2013-6450 - possible MiTM attack on DTLS1 [1.0.1e-18] - fix CVE-2013-6449 - crash when version in SSL structure is incorrect [1.0.1e-17] - add back some no-op symbols that were inadvertently dropped | ||||
| Applies to: openssl openssl-devel openssl-libs openssl-perl openssl-static |
Created: 2014-10-17 |
Updated: 2015-02-23 |
||
| ID: MITRE:26179 |
Title: ELSA-2014-1634 -- java-1.6.0-openjdk security and bug fix update |
Type: Software |
Bulletins:
MITRE:26179 |
Severity: Low |
| Description: [1:1.6.0.33-1.13.5.0] - Update to IcedTea 1.13.5 - Remove upstreamed patches. - Regenerate add-final-location-rpaths patch against new release. - Change versioning to match java-1.7.0-openjdk so revisions work. - Use xz for tarballs to reduce file size. - No need to explicitly disable system LCMS any more (bug fixed upstream). - Add icedteasnapshot to setup lines so they work with pre-release tarballs. - Resolves: rhbz#1148901 | ||||
| Applies to: java-1.6.0-openjdk |
Created: 2014-10-17 |
Updated: 2015-08-10 |
||
| ID: MITRE:26796 |
Title: ELSA-2014-1633 -- java-1.7.0-openjdk security and bug fix update |
Type: Software |
Bulletins:
MITRE:26796 |
Severity: Low |
| Description: [1:1.7.0.71-2.5.3.1.0.1.el5_11] - Add oracle-enterprise.patch - Fix DISTRO_NAME to 'Enterprise Linux' [1:1.7.0.71-2.5.3.1] - Bump to 2.5.3 with security updates. - Remove obsolete patches which are now included upstream. - Disable LCMS via environment variables rather than maintaining a patch. - Resolves: rhbz#1148890 | ||||
| Applies to: java-1.7.0-openjdk |
Created: 2014-10-17 |
Updated: 2015-08-10 |
||
| ID: MITRE:26716 |
Title: ELSA-2014-1620 -- java-1.7.0-openjdk security and bug fix update |
Type: Software |
Bulletins:
MITRE:26716 |
Severity: Low |
| Description: [1:1.7.0.65-2.5.3.1.0.1.el7_0] - Update DISTRO_NAME in specfile [1:1.7.0.65-2.5.3.1] - Bump to 2.5.3 for latest security fixes. - Remove obsolete patches. - Add hsbootstrap option to pre-build HotSpot when required. - Resolves: rhbz#1148893 | ||||
| Applies to: java-1.7.0-openjdk |
Created: 2014-10-17 |
Updated: 2015-08-10 |
||
| ID: MITRE:27085 |
Title: ELSA-2014-1552 -- openssh security, bug fix, and enhancement update |
Type: Services |
Bulletins:
MITRE:27085 |
Severity: Low |
| Description: [5.3p1-104] - ignore SIGXFSZ in postauth monitor child (#1133906) [5.3p1-103] - don't try to generate DSA keys in the init script in FIPS mode (#1118735) [5.3p1-102] - ignore SIGPIPE in ssh-keyscan (#1108836) [5.3p1-101] - ssh-add: fix fatal exit when removing card (#1042519) [5.3p1-100] - fix race in backported ControlPersist patch (#953088) [5.3p1-99.2] - skip requesting smartcard PIN when removing keys from agent (#1042519) [5.3p1-98] - add possibility to autocreate only RSA key into initscript (#1111568) - fix several issues reported by coverity [5.3p1-97] - x11 forwarding - be less restrictive when can't bind to one of available addresses (#1027197) - better fork error detection in audit patch (#1028643) - fix openssh-5.3p1-x11.patch for non-linux platforms (#1100913) [5.3p1-96] - prevent a server from skipping SSHFP lookup (#1081338) CVE-2014-2653 - ignore environment variables with embedded '=' or '\0' characters CVE-2014-2532 - backport ControlPersist option (#953088) - log when a client requests an interactive session and only sftp is allowed (#997377) - don't try to load RSA1 host key in FIPS mode (#1009959) - restore Linux oom_adj setting when handling SIGHUP to maintain behaviour over restart (#1010429) - ssh-keygen -V - relative-specified certificate expiry time should be relative to current time (#1022459) [5.3p1-95] - adjust the key echange DH groups and ssh-keygen according to SP800-131A (#993580) - log failed integrity test if /etc/system-fips exists (#1020803) - backport ECDSA and ECDH support (#1028335) | ||||
| Applies to: openssh |
Created: 2014-10-17 |
Updated: 2015-02-23 |
||
| ID: MITRE:26570 |
Title: ELSA-2014-1388 -- cups security and bug fix update |
Type: Services |
Bulletins:
MITRE:26570 |
Severity: Low |
| Description: [1:1.4.2-67] - Revert change to whitelist /rss/ resources, as this was not used upstream. [1:1.4.2-66] - More STR #4461 fixes from upstream: make rss feeds world-readable, but cachedir private. - Fix icon display in web interface during server restart (STR #4475). [1:1.4.2-65] - Fixes for upstream patch for STR #4461: allow /rss/ requests for files we created. [1:1.4.2-64] - Use upstream patch for STR #4461. [1:1.4.2-63] - Applied upstream patch to fix CVE-2014-5029 (bug #1122600), CVE-2014-5030 (bug #1128764), CVE-2014-5031 (bug #1128767). - Fix conf/log file reading for authenticated users (STR #4461). [1:1.4.2-62] - Fix CGI handling (STR #4454, bug #1120419). [1:1.4.2-61] - fix patch for CVE-2014-3537 (bug #1117794) [1:1.4.2-60] - CVE-2014-2856: cross-site scripting flaw (bug #1117798) - CVE-2014-3537: insufficient checking leads to privilege escalation (bug #1117794) [1:1.4.2-59] - Removed package description changes. [1:1.4.2-58] - Applied patch to fix 'Bad request' errors as a result of adding in httpSetTimeout (STR #4440, also part of svn revision 9967). [1:1.4.2-57] - Fixed timeout issue with cupsd reading when there is no data ready (bug #1110045). [1:1.4.2-56] - Fixed synconclose patch to avoid 'too many arguments for format' warning. - Fixed settimeout patch to include math.h for fmod declaration. [1:1.4.2-55] - Fixed typo preventing web interface from changing driver (bug #1104483, STR #3601). - Fixed SyncOnClose patch (bug #984883). [1:1.4.2-54] - Use upstream patch to avoid replaying GSS credentials (bug #1040293). [1:1.4.2-53] - Prevent BrowsePoll problems across suspend/resume (bug #769292): - Eliminate indefinite wait for response (svn revision 9688). - Backported httpSetTimeout API function from CUPS 1.5 and use it in the ipp backend so that we wait indefinitely until the printer responds, we get a hard error, or the job is cancelled. - cups-polld: reconnect on error. - Added new SyncOnClose directive to use fsync() after altering configuration files: defaults to 'Yes'. Adjust in cupsd.conf (bug #984883). - Fix cupsctl man page typo (bug #1011076). - Use more portable rpm specfile syntax for conditional php building (bug #988598). - Fix SetEnv directive in cupsd.conf (bug #986495). - Fix 'collection' attribute sending (bug #978387). - Prevent format_log segfault (bug #971079). - Prevent stringpool corruption (bug #884851). - Don't crash when job queued for printer that times out (bug #855431). - Upstream patch for broken multipart handling (bug #852846). - Install /etc/cron.daily/cups with correct permissions (bug #1012482). | ||||
| Applies to: cups cups-devel cups-libs cups-lpd cups-php |
Created: 2014-10-17 |
Updated: 2015-02-23 |
||
| ID: CVE-2014-3566 |
Title: POODLE: SSLv3 vulnerability |
Type: Web |
Bulletins:
CVE-2014-3566 |
Severity: Medium |
| Description: The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue. | ||||
| Applies to: |
Created: 2014-10-16 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-3825 |
Title: The Juniper SRX Series devices with Junos 11.4 before 11.4R12-S4, 12.1X44 before 12.1X44-D40, 12.1X45 before 12.1X45-D30, 12.1X46 before 12.1X46-D25, and 12.1X47 before 12.1X47-D10, when an Application Layer Gateway (ALG) is enabled, allows remote... |
Type: Hardware |
Bulletins:
CVE-2014-3825 |
Severity: Medium |
| Description: The Juniper SRX Series devices with Junos 11.4 before 11.4R12-S4, 12.1X44 before 12.1X44-D40, 12.1X45 before 12.1X45-D30, 12.1X46 before 12.1X46-D25, and 12.1X47 before 12.1X47-D10, when an Application Layer Gateway (ALG) is enabled, allows remote attackers to cause a denial of service (flowd crash) via a crafted packet. | ||||
| Applies to: Juniper SRX100 Juniper SRX110 Juniper SRX1400 Juniper SRX210 Juniper SRX220 Juniper SRX240 Juniper SRX3400 Juniper SRX3600 Juniper SRX550 Juniper SRX5600 Juniper SRX5800 Juniper SRX650 |
Created: 2014-10-14 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-3818 |
Title: Juniper Junos OS 9.1 through 11.4 before 11.4R11, 12.1 before R10, 12.1X44 before D40, 12.1X46 before D30, 12.1X47 before D11 and 12.147-D15, 12.1X48 before D41 and D62, 12.2 before R8, 12.2X50 before D70, 12.3 before R6, 13.1 before R4-S2, 13.1X49... |
Type: Hardware |
Bulletins:
CVE-2014-3818 |
Severity: High |
| Description: Juniper Junos OS 9.1 through 11.4 before 11.4R11, 12.1 before R10, 12.1X44 before D40, 12.1X46 before D30, 12.1X47 before D11 and 12.147-D15, 12.1X48 before D41 and D62, 12.2 before R8, 12.2X50 before D70, 12.3 before R6, 13.1 before R4-S2, 13.1X49 before D49, 13.1X50 before 30, 13.2 before R4, 13.2X50 before D20, 13.2X51 before D25, 13.2X52 before D15, 13.3 before R2, and 14.1 before R1, when supporting 4-byte AS numbers and a BGP peer does not, allows remote attackers to cause a denial of service (memory corruption and RDP routing process crash and restart) via crafted transitive attributes in a BGP UPDATE. | ||||
| Applies to: |
Created: 2014-10-14 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-6378 |
Title: Juniper Junos 11.4 before R12-S4, 12.1X44 before D35, 12.1X45 before D30, 12.1X46 before D25, 12.1X47 before D10, 12.2 before R9, 12.2X50 before D70, 12.3 before R7, 13.1 before R4 before S3, 13.1X49 before D55, 13.1X50 before D30, 13.2 before R5,... |
Type: Hardware |
Bulletins:
CVE-2014-6378 SFBID70363 |
Severity: High |
| Description: Juniper Junos 11.4 before R12-S4, 12.1X44 before D35, 12.1X45 before D30, 12.1X46 before D25, 12.1X47 before D10, 12.2 before R9, 12.2X50 before D70, 12.3 before R7, 13.1 before R4 before S3, 13.1X49 before D55, 13.1X50 before D30, 13.2 before R5, 13.2X50 before D20, 13.2X51 before D26 and D30, 13.2X52 before D15, 13.3 before R3, and 14.1 before R1 allows remote attackers to cause a denial of service (router protocol daemon crash) via a crafted RSVP PATH message. | ||||
| Applies to: |
Created: 2014-10-14 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-6379 |
Title: Juniper Junos 11.4 before R12, 12.1 before R10, 12.1X44 before D35, 12.1X45 before D25, 12.1X46 before D20, 12.1X47 before D10, 12.2 before R8, 12.2X50 before D70, 12.3 before R6, 13.1 before R4-S3, 13.1X49 before D55, 13.1X50 before D30, 13.2... |
Type: Hardware |
Bulletins:
CVE-2014-6379 SFBID70365 |
Severity: High |
| Description: Juniper Junos 11.4 before R12, 12.1 before R10, 12.1X44 before D35, 12.1X45 before D25, 12.1X46 before D20, 12.1X47 before D10, 12.2 before R8, 12.2X50 before D70, 12.3 before R6, 13.1 before R4-S3, 13.1X49 before D55, 13.1X50 before D30, 13.2 before R4, 13.2X50 before D20, 13.2X51 before D26 and D30, 13.2X52 before D15, 13.3 before R2, and 14.1 before R1, when a RADIUS accounting server is configured as [system accounting destination radius], creates an entry in /var/etc/pam_radius.conf, which might allow remote attackers to bypass authentication via unspecified vectors. | ||||
| Applies to: |
Created: 2014-10-14 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-6380 |
Title: Juniper Junos 11.4 before R11, 12.1 before R9, 12.1X44 before D30, 12.1X45 before D20, 12.1X46 before D15, 12.1X47 before D10, 12.2 before R8, 12.2X50 before D70, 12.3 before R6, 13.1 before R4, 13.1X49 before D55, 13.1X50 before D30, 13.2 before... |
Type: Hardware |
Bulletins:
CVE-2014-6380 SFBID70369 |
Severity: High |
| Description: Juniper Junos 11.4 before R11, 12.1 before R9, 12.1X44 before D30, 12.1X45 before D20, 12.1X46 before D15, 12.1X47 before D10, 12.2 before R8, 12.2X50 before D70, 12.3 before R6, 13.1 before R4, 13.1X49 before D55, 13.1X50 before D30, 13.2 before R4, 13.2X50 before D20, 13.2X51 before D15, 13.2X52 before D15, 13.3 before R1, when using an em interface to connect to a certain internal network, allows remote attackers to cause a denial of service (em driver bock and FPC reset or "go offline") via a series of crafted (1) CLNP fragmented packets, when clns-routing or ESIS is configured, or (2) IPv4 or (3) IPv6 fragmented packets. | ||||
| Applies to: |
Created: 2014-10-14 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-3404 |
Title: The Autonomic Networking Infrastructure (ANI) component in Cisco IOS XE does not properly validate certificates, which allows remote attackers to trigger acceptance of an invalid message via crafted messages, aka Bug ID CSCuq22677. |
Type: Hardware |
Bulletins:
CVE-2014-3404 |
Severity: Medium |
| Description: The Autonomic Networking Infrastructure (ANI) component in Cisco IOS XE does not properly validate certificates, which allows remote attackers to trigger acceptance of an invalid message via crafted messages, aka Bug ID CSCuq22677. | ||||
| Applies to: |
Created: 2014-10-09 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-3403 |
Title: The Autonomic Networking Infrastructure (ANI) component in Cisco IOS XE does not properly validate certificates, which allows remote attackers to spoof devices via crafted messages, aka Bug ID CSCuq22647. |
Type: Hardware |
Bulletins:
CVE-2014-3403 |
Severity: Medium |
| Description: The Autonomic Networking Infrastructure (ANI) component in Cisco IOS XE does not properly validate certificates, which allows remote attackers to spoof devices via crafted messages, aka Bug ID CSCuq22647. | ||||
| Applies to: |
Created: 2014-10-09 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-3405 |
Title: Cisco IOS XE enables the IPv6 Routing Protocol for Low-Power and Lossy Networks (aka RPL) on both the Autonomic Control Plane (ACP) and external Autonomic Networking Infrastructure (ANI) interfaces, which allows remote attackers to conduct... |
Type: Hardware |
Bulletins:
CVE-2014-3405 |
Severity: Medium |
| Description: Cisco IOS XE enables the IPv6 Routing Protocol for Low-Power and Lossy Networks (aka RPL) on both the Autonomic Control Plane (ACP) and external Autonomic Networking Infrastructure (ANI) interfaces, which allows remote attackers to conduct route-injection attacks via crafted RPL advertisements on an ANI interface, aka Bug ID CSCuq22673. | ||||
| Applies to: |
Created: 2014-10-09 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-3187 |
Title: Google Chrome before 37.0.2062.60 and 38.x before 38.0.2125.59 on iOS does not properly restrict processing of (1) facetime:// and (2) facetime-audio:// URLs, which allows remote attackers to obtain video and audio data from a device... |
Type: Mobile Devices |
Bulletins:
CVE-2014-3187 |
Severity: Medium |
| Description: Google Chrome before 37.0.2062.60 and 38.x before 38.0.2125.59 on iOS does not properly restrict processing of (1) facetime:// and (2) facetime-audio:// URLs, which allows remote attackers to obtain video and audio data from a device via a crafted web site. | ||||
| Applies to: |
Created: 2014-10-08 |
Updated: 2024-01-17 |
||
| ID: MITRE:26275 |
Title: CSyncBasePlayer use after free vulnerability |
Type: Software |
Bulletins:
MITRE:26275 CVE-2014-4060 |
Severity: Medium |
| Description: Use-after-free vulnerability in MCPlayer.dll in Microsoft Windows Media Center TV Pack for Windows Vista, Windows 7 SP1, and Windows Media Center for Windows 8 and 8.1 allows remote attackers to execute arbitrary code via a crafted Office document that triggers deletion of a CSyncBasePlayer object, aka "CSyncBasePlayer Use After Free Vulnerability." | ||||
| Applies to: Microsoft Windows Media Center |
Created: 2014-10-06 |
Updated: 2024-01-17 |
||
| ID: MITRE:26189 |
Title: ELSA-2014-3073 -- Unbreakable Enterprise kernel security update |
Type: Software |
Bulletins:
MITRE:26189 |
Severity: Low |
| Description: kernel-uek [2.6.32-400.36.8.el6uek] - auditsc: audit_krule mask accesses need bounds checking (Andy Lutomirski) [Orabug: 19590638] {CVE-2014-3917} - futex: Fix errors in nested key ref-counting (Darren Hart) [Orabug: 19590443] {CVE-2014-0205} | ||||
| Applies to: kernel-uek |
Created: 2014-10-01 |
Updated: 2015-03-16 |
||
| ID: MITRE:26806 |
Title: ELSA-2014-3072 -- Unbreakable Enterprise kernel security update |
Type: Software |
Bulletins:
MITRE:26806 |
Severity: Low |
| Description: kernel-uek [3.8.13-44.1.1.el7uek] - auditsc: audit_krule mask accesses need bounds checking (Andy Lutomirski) [Orabug: 19590596] {CVE-2014-3917} | ||||
| Applies to: kernel-uek |
Created: 2014-10-01 |
Updated: 2015-03-16 |
||
| ID: MITRE:26970 |
Title: ELSA-2014-1244 -- bind97 security and bug fix update |
Type: Software |
Bulletins:
MITRE:26970 |
Severity: Low |
| Description: The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. It contains a DNS server (named), a resolver library with routines for applications to use when interfacing with DNS, and tools for verifying that the DNS server is operating correctly. These packages contain version 9.7 of the BIND suite. A denial of service flaw was found in the way BIND handled queries for NSEC3-signed zones. A remote attacker could use this flaw against an authoritative name server that served NCES3-signed zones by sending a specially crafted query, which, when processed, would cause named to crash. (CVE-2014-0591) Note: The CVE-2014-0591 issue does not directly affect the version of bind97 shipped in Red Hat Enterprise Linux 5. This issue is being addressed however to assure it is not introduced in future builds of bind97 (possibly built with a different compiler or C library optimization). This update also fixes the following bug: * Previously, the bind97 initscript did not check for the existence of the ROOTDIR variable when shutting down the named daemon. As a consequence, some parts of the file system that are mounted when using bind97 in a chroot environment were unmounted on daemon shut down, even if bind97 was not running in a chroot environment. With this update, the initscript has been fixed to check for the existence of the ROOTDIR variable when unmounting some parts of the file system on named daemon shut down. Now, when shutting down bind97 that is not running in a chroot environment, no parts of the file system are unmounted. (BZ#1059118) All bind97 users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the update, the BIND daemon (named) will be restarted automatically. | ||||
| Applies to: bind97 |
Created: 2014-10-01 |
Updated: 2015-02-23 |
||
| ID: MITRE:27050 |
Title: ELSA-2014-1166 -- jakarta-commons-httpclient security update |
Type: Software |
Bulletins:
MITRE:27050 |
Severity: Low |
| Description: Jakarta Commons HTTPClient implements the client side of HTTP standards. It was discovered that the HTTPClient incorrectly extracted host name from an X.509 certificate subject's Common Name (CN) field. A man-in-the-middle attacker could use this flaw to spoof an SSL server using a specially crafted X.509 certificate. (CVE-2014-3577) For additional information on this flaw, refer to the Knowledgebase article in the References section. All jakarta-commons-httpclient users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. | ||||
| Applies to: jakarta-commons-httpclient |
Created: 2014-10-01 |
Updated: 2015-02-23 |
||
| ID: MITRE:26892 |
Title: ELSA-2014-1148 -- squid security update |
Type: Web |
Bulletins:
MITRE:26892 |
Severity: Low |
| Description: Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. A flaw was found in the way Squid handled malformed HTTP Range headers. A remote attacker able to send HTTP requests to the Squid proxy could use this flaw to crash Squid. (CVE-2014-3609) A buffer overflow flaw was found in Squid's DNS lookup module. A remote attacker able to send HTTP requests to the Squid proxy could use this flaw to crash Squid. (CVE-2013-4115) Red Hat would like to thank the Squid project for reporting the CVE-2014-3609 issue. Upstream acknowledges Matthew Daley as the original reporter. All Squid users are advised to upgrade to this updated package, which contains backported patches to correct these issues. After installing this update, the squid service will be restarted automatically. | ||||
| Applies to: squid |
Created: 2014-10-01 |
Updated: 2015-08-10 |
||
| ID: MITRE:26644 |
Title: ELSA-2014-1147 -- squid security update |
Type: Web |
Bulletins:
MITRE:26644 |
Severity: Low |
| Description: Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. A flaw was found in the way Squid handled malformed HTTP Range headers. A remote attacker able to send HTTP requests to the Squid proxy could use this flaw to crash Squid. (CVE-2014-3609) Red Hat would like to thank the Squid project for reporting this issue. Upstream acknowledges Matthew Daley as the original reporter. All Squid users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, the squid service will be restarted automatically. | ||||
| Applies to: squid |
Created: 2014-10-01 |
Updated: 2015-02-23 |
||
| ID: MITRE:26919 |
Title: ELSA-2014-3018 -- Unbreakable Enterprise kernel security update |
Type: Software |
Bulletins:
MITRE:26919 |
Severity: Low |
| Description: [3.8.13-26.2.3.el6uek] - net: ipv4: current group_info should be put after using. (Wang, Xiaoming) [Orabug: 18603523] {CVE-2014-2851} | ||||
| Applies to: kernel-uek |
Created: 2014-09-29 |
Updated: 2015-03-16 |
||
| ID: MITRE:26718 |
Title: RHSA-2014:1255: krb5 security update |
Type: Services |
Bulletins:
MITRE:26718 |
Severity: Low |
| Description: Kerberos is an authentication system which allows clients and services to authenticate to each other with the help of a trusted third party, a Kerberos Key Distribution Center (KDC). A buffer overflow was found in the KADM5 administration server (kadmind) when it was used with an LDAP back end for the KDC database. A remote, authenticated attacker could potentially use this flaw to execute arbitrary code on the system running kadmind. (CVE-2014-4345) All krb5 users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the updated packages, the krb5kdc and kadmind daemons will be restarted automatically. | ||||
| Applies to: krb5 |
Created: 2014-09-26 |
Updated: 2015-04-13 |
||
| ID: MITRE:26451 |
Title: RHSA-2014:1246: nss and nspr security, bug fix, and enhancement update |
Type: Miscellaneous |
Bulletins:
MITRE:26451 |
Severity: Low |
| Description: Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. A flaw was found in the way TLS False Start was implemented in NSS. An attacker could use this flaw to potentially return unencrypted information from the server. (CVE-2013-1740) A race condition was found in the way NSS implemented session ticket handling as specified by RFC 5077. An attacker could use this flaw to crash an application using NSS or, in rare cases, execute arbitrary code with the privileges of the user running that application. (CVE-2014-1490) It was found that NSS accepted weak Diffie-Hellman Key exchange (DHKE) parameters. This could possibly lead to weak encryption being used in communication between the client and the server. (CVE-2014-1491) An out-of-bounds write flaw was found in NSPR. A remote attacker could potentially use this flaw to crash an application using NSPR or, possibly, execute arbitrary code with the privileges of the user running that application. This NSPR flaw was not exposed to web content in any shipped version of Firefox. (CVE-2014-1545) It was found that the implementation of Internationalizing Domain Names in Applications (IDNA) hostname matching in NSS did not follow the RFC 6125 recommendations. This could lead to certain invalid certificates with international characters to be accepted as valid. (CVE-2014-1492) Red Hat would like to thank the Mozilla project for reporting the CVE-2014-1490, CVE-2014-1491, and CVE-2014-1545 issues. Upstream acknowledges Brian Smith as the original reporter of CVE-2014-1490, Antoine Delignat-Lavaud and Karthikeyan Bhargavan as the original reporters of CVE-2014-1491, and Abhishek Arya as the original reporter of CVE-2014-1545. The nss and nspr packages have been upgraded to upstream version 3.16.1 and 4.10.6 respectively, which provide a number of bug fixes and enhancements over the previous versions. (BZ#1110857, BZ#1110860) This update also fixes the following bugs: * Previously, when the output.log file was not present on the system, the shell in the Network Security Services (NSS) specification handled test failures incorrectly as false positive test results. Consequently, certain utilities, such as "grep", could not handle failures properly. This update improves error detection in the specification file, and "grep" and other utilities now handle missing files or crashes as intended. (BZ#1035281) * Prior to this update, a subordinate Certificate Authority (CA) of the ANSSI agency incorrectly issued an intermediate certificate installed on a network monitoring device. As a consequence, the monitoring device was enabled to act as an MITM (Man in the Middle) proxy performing traffic management of domain names or IP addresses that the certificate holder did not own or control. The trust in the intermediate certificate to issue the certificate for an MITM device has been revoked, and such a device can no longer be used for MITM attacks. (BZ#1042684) * Due to a regression, MD5 certificates were rejected by default because Network Security Services (NSS) did not trust MD5 certificates. With this update, MD5 certificates are supported in Red Hat Enterprise Linux 5. (BZ#11015864) Users of nss and nspr are advised to upgrade to these updated packages, which correct these issues and add these enhancements. | ||||
| Applies to: nss |
Created: 2014-09-26 |
Updated: 2015-04-13 |
||
| ID: MITRE:26777 |
Title: RHSA-2014:1245: krb5 security and bug fix update |
Type: Services |
Bulletins:
MITRE:26777 |
Severity: Low |
| Description: Kerberos is an authentication system which allows clients and services to authenticate to each other with the help of a trusted third party, a Kerberos Key Distribution Center (KDC). It was found that if a KDC served multiple realms, certain requests could cause the setup_server_realm() function to dereference a NULL pointer. A remote, unauthenticated attacker could use this flaw to crash the KDC using a specially crafted request. (CVE-2013-1418, CVE-2013-6800) A NULL pointer dereference flaw was found in the MIT Kerberos SPNEGO acceptor for continuation tokens. A remote, unauthenticated attacker could use this flaw to crash a GSSAPI-enabled server application. (CVE-2014-4344) A buffer over-read flaw was found in the way MIT Kerberos handled certain requests. A man-in-the-middle attacker with a valid Kerberos ticket who is able to inject packets into a client or server application's GSSAPI session could use this flaw to crash the application. (CVE-2014-4341) This update also fixes the following bugs: * Prior to this update, the libkrb5 library occasionally attempted to free already freed memory when encrypting credentials. As a consequence, the calling process terminated unexpectedly with a segmentation fault. With this update, libkrb5 frees memory correctly, which allows the credentials to be encrypted appropriately and thus prevents the mentioned crash. (BZ#1004632) * Previously, when the krb5 client library was waiting for a response from a server, the timeout variable in certain cases became a negative number. Consequently, the client could enter a loop while checking for responses. With this update, the client logic has been modified and the described error no longer occurs. (BZ#1089732) All krb5 users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the krb5kdc daemon will be restarted automatically. | ||||
| Applies to: krb5 |
Created: 2014-09-26 |
Updated: 2015-04-13 |
||
| ID: MITRE:26030 |
Title: RHSA-2014:1244: bind97 security and bug fix update |
Type: Software |
Bulletins:
MITRE:26030 |
Severity: Low |
| Description: The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. It contains a DNS server (named), a resolver library with routines for applications to use when interfacing with DNS, and tools for verifying that the DNS server is operating correctly. These packages contain version 9.7 of the BIND suite. A denial of service flaw was found in the way BIND handled queries for NSEC3-signed zones. A remote attacker could use this flaw against an authoritative name server that served NCES3-signed zones by sending a specially crafted query, which, when processed, would cause named to crash. (CVE-2014-0591) Note: The CVE-2014-0591 issue does not directly affect the version of bind97 shipped in Red Hat Enterprise Linux 5. This issue is being addressed however to assure it is not introduced in future builds of bind97 (possibly built with a different compiler or C library optimization). | ||||
| Applies to: bind97 |
Created: 2014-09-26 |
Updated: 2015-04-13 |
||
| ID: MITRE:26641 |
Title: RHSA-2014:1243: automake security update |
Type: Software |
Bulletins:
MITRE:26641 |
Severity: Low |
| Description: Automake is a tool for automatically generating Makefile.in files compliant with the GNU Coding Standards. It was found that the distcheck rule in Automake-generated Makefiles made a directory world-writable when preparing source archives. If a malicious, local user could access this directory, they could execute arbitrary code with the privileges of the user running "make distcheck". (CVE-2012-3386) Red Hat would like to thank Jim Meyering for reporting this issue. Upstream acknowledges Stefano Lattarini as the original reporter. All automake users are advised to upgrade to this updated package, which contains a backported patch to correct this issue. | ||||
| Applies to: automake |
Created: 2014-09-26 |
Updated: 2015-04-13 |
||
| ID: MITRE:26851 |
Title: RHSA-2014:1194: conga security and bug fix update |
Type: Software |
Bulletins:
MITRE:26851 |
Severity: Low |
| Description: The Conga project is a management system for remote workstations. It consists of luci, which is a secure web-based front end, and ricci, which is a secure daemon that dispatches incoming messages to underlying management modules. It was discovered that Plone, included as a part of luci, did not properly protect the administrator interface (control panel). A remote attacker could use this flaw to inject a specially crafted Python statement or script into Plone's restricted Python sandbox that, when the administrator interface was accessed, would be executed with the privileges of that administrator user. (CVE-2012-5485) It was discovered that Plone, included as a part of luci, did not properly sanitize HTTP headers provided within certain URL requests. A remote attacker could use a specially crafted URL that, when processed, would cause the injected HTTP headers to be returned as a part of the Plone HTTP response, potentially allowing the attacker to perform other more advanced attacks. (CVE-2012-5486) Multiple information leak flaws were found in the way conga processed luci site extension-related URL requests. A remote, unauthenticated attacker could issue a specially crafted HTTP request that, when processed, would result in unauthorized information disclosure. (CVE-2013-6496) It was discovered that various components in the luci site extension-related URLs were not properly restricted to administrative users. A remote, authenticated attacker could escalate their privileges to perform certain actions that should be restricted to administrative users, such as adding users and systems, and viewing log data. (CVE-2014-3521) It was discovered that Plone, included as a part of luci, did not properly protect the privilege of running RestrictedPython scripts. A remote attacker could use a specially crafted URL that, when processed, would allow the attacker to submit and perform expensive computations or, in conjunction with other attacks, be able to access or alter privileged information. (CVE-2012-5488) It was discovered that Plone, included as a part of luci, did not properly enforce permissions checks on the membership database. A remote attacker could use a specially crafted URL that, when processed, could allow the attacker to enumerate user account names. (CVE-2012-5497) It was discovered that Plone, included as a part of luci, did not properly handle the processing of requests for certain collections. A remote attacker could use a specially crafted URL that, when processed, would lead to excessive I/O and/or cache resource consumption. (CVE-2012-5498) It was discovered that Plone, included as a part of luci, did not properly handle the processing of very large values passed to an internal utility function. A remote attacker could use a specially crafted URL that, when processed, would lead to excessive memory consumption. (CVE-2012-5499) It was discovered that Plone, included as a part of luci, allowed a remote anonymous user to change titles of content items due to improper permissions checks. (CVE-2012-5500) The CVE-2014-3521 issue was discovered by Radek Steiger of Red Hat, and the CVE-2013-6496 issue was discovered by Jan Pokorny of Red Hat. In addition, these updated conga packages include several bug fixes. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Enterprise Linux 5.11 Technical Notes, linked to in the References section, for information on the most significant of these changes All conga users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing this update, the luci and ricci services will be restarted automatically. | ||||
| Applies to: conga |
Created: 2014-09-26 |
Updated: 2015-04-13 |
||
| ID: CVE-2014-3355 |
Title: The metadata flow feature in Cisco IOS 15.1 through 15.3 and IOS XE 3.3.xXO before 3.3.1XO, 3.6.xS and 3.7.xS before 3.7.6S, and 3.8.xS, 3.9.xS, and 3.10.xS before 3.10.1S allows remote attackers to cause a denial of service (device reload) via... |
Type: Hardware |
Bulletins:
CVE-2014-3355 SFBID70130 |
Severity: High |
| Description: The metadata flow feature in Cisco IOS 15.1 through 15.3 and IOS XE 3.3.xXO before 3.3.1XO, 3.6.xS and 3.7.xS before 3.7.6S, and 3.8.xS, 3.9.xS, and 3.10.xS before 3.10.1S allows remote attackers to cause a denial of service (device reload) via malformed RSVP packets, aka Bug ID CSCug75942. | ||||
| Applies to: |
Created: 2014-09-25 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-3356 |
Title: The metadata flow feature in Cisco IOS 15.1 through 15.3 and IOS XE 3.3.xXO before 3.3.1XO, 3.6.xS and 3.7.xS before 3.7.6S, and 3.8.xS, 3.9.xS, and 3.10.xS before 3.10.1S allows remote attackers to cause a denial of service (device reload) via... |
Type: Hardware |
Bulletins:
CVE-2014-3356 SFBID70135 |
Severity: High |
| Description: The metadata flow feature in Cisco IOS 15.1 through 15.3 and IOS XE 3.3.xXO before 3.3.1XO, 3.6.xS and 3.7.xS before 3.7.6S, and 3.8.xS, 3.9.xS, and 3.10.xS before 3.10.1S allows remote attackers to cause a denial of service (device reload) via malformed RSVP packets, aka Bug ID CSCue22753. | ||||
| Applies to: |
Created: 2014-09-25 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-3361 |
Title: The ALG module in Cisco IOS 15.0 through 15.4 does not properly implement SIP over NAT, which allows remote attackers to cause a denial of service (device reload) via multipart SDP IPv4 traffic, aka Bug ID CSCun54071. |
Type: Hardware |
Bulletins:
CVE-2014-3361 SFBID70129 |
Severity: High |
| Description: The ALG module in Cisco IOS 15.0 through 15.4 does not properly implement SIP over NAT, which allows remote attackers to cause a denial of service (device reload) via multipart SDP IPv4 traffic, aka Bug ID CSCun54071. | ||||
| Applies to: |
Created: 2014-09-25 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-3359 |
Title: Memory leak in Cisco IOS 15.1 through 15.4 and IOS XE 3.4.xS, 3.5.xS, 3.6.xS, and 3.7.xS before 3.7.6S; 3.8.xS, 3.9.xS, and 3.10.xS before 3.10.1S; and 3.11.xS before 3.12S allows remote attackers to cause a denial of service (memory consumption or... |
Type: Hardware |
Bulletins:
CVE-2014-3359 SFBID70140 |
Severity: High |
| Description: Memory leak in Cisco IOS 15.1 through 15.4 and IOS XE 3.4.xS, 3.5.xS, 3.6.xS, and 3.7.xS before 3.7.6S; 3.8.xS, 3.9.xS, and 3.10.xS before 3.10.1S; and 3.11.xS before 3.12S allows remote attackers to cause a denial of service (memory consumption or device reload) via malformed DHCPv6 packets, aka Bug ID CSCum90081. | ||||
| Applies to: |
Created: 2014-09-25 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-3358 |
Title: Memory leak in Cisco IOS 15.0, 15.1, 15.2, and 15.4 and IOS XE 3.3.xSE before 3.3.2SE, 3.3.xXO before 3.3.1XO, 3.5.xE before 3.5.2E, and 3.11.xS before 3.11.1S allows remote attackers to cause a denial of service (memory consumption, and interface... |
Type: Hardware |
Bulletins:
CVE-2014-3358 SFBID70139 |
Severity: High |
| Description: Memory leak in Cisco IOS 15.0, 15.1, 15.2, and 15.4 and IOS XE 3.3.xSE before 3.3.2SE, 3.3.xXO before 3.3.1XO, 3.5.xE before 3.5.2E, and 3.11.xS before 3.11.1S allows remote attackers to cause a denial of service (memory consumption, and interface queue wedge or device reload) via malformed mDNS packets, aka Bug ID CSCuj58950. | ||||
| Applies to: |
Created: 2014-09-25 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-3357 |
Title: Cisco IOS 15.0, 15.1, 15.2, and 15.4 and IOS XE 3.3.xSE before 3.3.2SE, 3.3.xXO before 3.3.1XO, 3.5.xE before 3.5.2E, and 3.11.xS before 3.11.1S allow remote attackers to cause a denial of service (device reload) via malformed mDNS packets, aka Bug... |
Type: Hardware |
Bulletins:
CVE-2014-3357 SFBID70132 |
Severity: High |
| Description: Cisco IOS 15.0, 15.1, 15.2, and 15.4 and IOS XE 3.3.xSE before 3.3.2SE, 3.3.xXO before 3.3.1XO, 3.5.xE before 3.5.2E, and 3.11.xS before 3.11.1S allow remote attackers to cause a denial of service (device reload) via malformed mDNS packets, aka Bug ID CSCul90866. | ||||
| Applies to: |
Created: 2014-09-25 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-3360 |
Title: Cisco IOS 12.4 and 15.0 through 15.4 and IOS XE 3.1.xS, 3.2.xS, 3.3.xS, 3.4.xS, 3.5.xS, 3.6.xS, and 3.7.xS before 3.7.6S; 3.8.xS, 3.9.xS, and 3.10.xS before 3.10.1S; and 3.11.xS before 3.12S allow remote attackers to cause a denial of service... |
Type: Hardware |
Bulletins:
CVE-2014-3360 SFBID70141 |
Severity: High |
| Description: Cisco IOS 12.4 and 15.0 through 15.4 and IOS XE 3.1.xS, 3.2.xS, 3.3.xS, 3.4.xS, 3.5.xS, 3.6.xS, and 3.7.xS before 3.7.6S; 3.8.xS, 3.9.xS, and 3.10.xS before 3.10.1S; and 3.11.xS before 3.12S allow remote attackers to cause a denial of service (device reload) via a crafted SIP message, aka Bug ID CSCul46586. | ||||
| Applies to: |
Created: 2014-09-25 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-3354 |
Title: Cisco IOS 12.0, 12.2, 12.4, 15.0, 15.1, 15.2, and 15.3 and IOS XE 2.x and 3.x before 3.7.4S; 3.2.xSE and 3.3.xSE before 3.3.2SE; 3.3.xSG and 3.4.xSG before 3.4.4SG; and 3.8.xS, 3.9.xS, and 3.10.xS before 3.10.1S allow remote attackers to cause a... |
Type: Hardware |
Bulletins:
CVE-2014-3354 SFBID70131 |
Severity: High |
| Description: Cisco IOS 12.0, 12.2, 12.4, 15.0, 15.1, 15.2, and 15.3 and IOS XE 2.x and 3.x before 3.7.4S; 3.2.xSE and 3.3.xSE before 3.3.2SE; 3.3.xSG and 3.4.xSG before 3.4.4SG; and 3.8.xS, 3.9.xS, and 3.10.xS before 3.10.1S allow remote attackers to cause a denial of service (device reload) via malformed RSVP packets, aka Bug ID CSCui11547. | ||||
| Applies to: |
Created: 2014-09-25 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-6271 |
Title: Bash environment variables code injection |
Type: Miscellaneous |
Bulletins:
CVE-2014-6271 |
Severity: High |
| Description: GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. | ||||
| Applies to: GNU Bash |
Created: 2014-09-25 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-7169 |
Title: Bash environment variables code injection |
Type: Miscellaneous |
Bulletins:
CVE-2014-7169 |
Severity: High |
| Description: GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271. | ||||
| Applies to: GNU Bash |
Created: 2014-09-25 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-3378 |
Title: tacacsd in Cisco IOS XR 5.1 and earlier allows remote attackers to cause a denial of service (process reload) via a malformed TACACS+ packet, aka Bug ID CSCum00468. |
Type: Hardware |
Bulletins:
CVE-2014-3378 SFBID69957 |
Severity: Medium |
| Description: tacacsd in Cisco IOS XR 5.1 and earlier allows remote attackers to cause a denial of service (process reload) via a malformed TACACS+ packet, aka Bug ID CSCum00468. | ||||
| Applies to: |
Created: 2014-09-20 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-3377 |
Title: snmpd in Cisco IOS XR 5.1 and earlier allows remote authenticated users to cause a denial of service (process reload) via a malformed SNMPv2 packet, aka Bug ID CSCun67791. |
Type: Hardware |
Bulletins:
CVE-2014-3377 SFBID69959 |
Severity: Medium |
| Description: snmpd in Cisco IOS XR 5.1 and earlier allows remote authenticated users to cause a denial of service (process reload) via a malformed SNMPv2 packet, aka Bug ID CSCun67791. | ||||
| Applies to: |
Created: 2014-09-20 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-3376 |
Title: Cisco IOS XR 5.1 and earlier allows remote attackers to cause a denial of service (process reload) via a malformed RSVP packet, aka Bug ID CSCuq12031. |
Type: Hardware |
Bulletins:
CVE-2014-3376 SFBID69956 |
Severity: Medium |
| Description: Cisco IOS XR 5.1 and earlier allows remote attackers to cause a denial of service (process reload) via a malformed RSVP packet, aka Bug ID CSCuq12031. | ||||
| Applies to: |
Created: 2014-09-20 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-4409 |
Title: WebKit in Apple iOS before 8 makes it easier for remote attackers to track users during private browsing via a crafted web site that reads HTML5 application-cache data that had been stored during normal browsing. |
Type: Mobile Devices |
Bulletins:
CVE-2014-4409 SFBID69882 |
Severity: Medium |
| Description: WebKit in Apple iOS before 8 makes it easier for remote attackers to track users during private browsing via a crafted web site that reads HTML5 application-cache data that had been stored during normal browsing. | ||||
| Applies to: |
Created: 2014-09-18 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-4362 |
Title: The Sandbox Profiles implementation in Apple iOS before 8 does not properly restrict the third-party app sandbox profile, which allows attackers to obtain sensitive Apple ID information via a crafted app. |
Type: Mobile Devices |
Bulletins:
CVE-2014-4362 SFBID69882 |
Severity: Medium |
| Description: The Sandbox Profiles implementation in Apple iOS before 8 does not properly restrict the third-party app sandbox profile, which allows attackers to obtain sensitive Apple ID information via a crafted app. | ||||
| Applies to: |
Created: 2014-09-18 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-4361 |
Title: The Home & Lock Screen subsystem in Apple iOS before 8 does not properly restrict the private API for app prominence, which allows attackers to determine the frontmost app by leveraging access to a crafted background app. |
Type: Mobile Devices |
Bulletins:
CVE-2014-4361 SFBID69882 |
Severity: Medium |
| Description: The Home & Lock Screen subsystem in Apple iOS before 8 does not properly restrict the private API for app prominence, which allows attackers to determine the frontmost app by leveraging access to a crafted background app. | ||||
| Applies to: |
Created: 2014-09-18 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-4423 |
Title: The Accounts subsystem in Apple iOS before 8 allows attackers to bypass a sandbox protection mechanism and obtain an active iCloud account's Apple ID and metadata via a crafted application. |
Type: Mobile Devices |
Bulletins:
CVE-2014-4423 SFBID69882 |
Severity: Medium |
| Description: The Accounts subsystem in Apple iOS before 8 allows attackers to bypass a sandbox protection mechanism and obtain an active iCloud account's Apple ID and metadata via a crafted application. | ||||
| Applies to: |
Created: 2014-09-18 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-4368 |
Title: The Accessibility subsystem in Apple iOS before 8 allows attackers to interfere with screen locking via vectors related to AssistiveTouch events. |
Type: Mobile Devices |
Bulletins:
CVE-2014-4368 SFBID69882 |
Severity: Medium |
| Description: The Accessibility subsystem in Apple iOS before 8 allows attackers to interfere with screen locking via vectors related to AssistiveTouch events. | ||||
| Applies to: |
Created: 2014-09-18 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-4363 |
Title: Safari in Apple iOS before 8 does not properly restrict the autofilling of passwords in forms, which allows remote attackers to obtain sensitive information via (1) an http web site, (2) an https web site with an unacceptable X.509... |
Type: Mobile Devices |
Bulletins:
CVE-2014-4363 SFBID69882 |
Severity: Medium |
| Description: Safari in Apple iOS before 8 does not properly restrict the autofilling of passwords in forms, which allows remote attackers to obtain sensitive information via (1) an http web site, (2) an https web site with an unacceptable X.509 certificate, or (3) an IFRAME element. | ||||
| Applies to: |
Created: 2014-09-18 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-4386 |
Title: Race condition in the App Installation feature in Apple iOS before 8 allows local users to gain privileges and install unverified apps by leveraging /tmp write access. |
Type: Mobile Devices |
Bulletins:
CVE-2014-4386 SFBID69882 |
Severity: Low |
| Description: Race condition in the App Installation feature in Apple iOS before 8 allows local users to gain privileges and install unverified apps by leveraging /tmp write access. | ||||
| Applies to: |
Created: 2014-09-18 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-4353 |
Title: Race condition in iMessage in Apple iOS before 8 allows attackers to obtain sensitive information by leveraging the presence of an attachment after the deletion of its parent (1) iMessage or (2) MMS. |
Type: Mobile Devices |
Bulletins:
CVE-2014-4353 SFBID69882 |
Severity: Medium |
| Description: Race condition in iMessage in Apple iOS before 8 allows attackers to obtain sensitive information by leveraging the presence of an attachment after the deletion of its parent (1) iMessage or (2) MMS. | ||||
| Applies to: |
Created: 2014-09-18 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-4374 |
Title: NSXMLParser in Foundation in Apple iOS before 8 allows attackers to read arbitrary files via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. |
Type: Mobile Devices |
Bulletins:
CVE-2014-4374 SFBID69882 |
Severity: Medium |
| Description: NSXMLParser in Foundation in Apple iOS before 8 allows attackers to read arbitrary files via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | ||||
| Applies to: |
Created: 2014-09-18 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-4366 |
Title: Mail in Apple iOS before 8 does not prevent sending a LOGIN command to a LOGINDISABLED IMAP server, which allows remote attackers to obtain sensitive cleartext information by sniffing the network. |
Type: Mobile Devices |
Bulletins:
CVE-2014-4366 SFBID69882 |
Severity: Medium |
| Description: Mail in Apple iOS before 8 does not prevent sending a LOGIN command to a LOGINDISABLED IMAP server, which allows remote attackers to obtain sensitive cleartext information by sniffing the network. | ||||
| Applies to: |
Created: 2014-09-18 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-4384 |
Title: Directory traversal vulnerability in the App Installation feature in Apple iOS before 8 allows local users to install unverified apps by triggering code-signature validation of an unintended bundle. |
Type: Mobile Devices |
Bulletins:
CVE-2014-4384 SFBID69882 |
Severity: Low |
| Description: Directory traversal vulnerability in the App Installation feature in Apple iOS before 8 allows local users to install unverified apps by triggering code-signature validation of an unintended bundle. | ||||
| Applies to: |
Created: 2014-09-18 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-4367 |
Title: Apple iOS before 8 enables Voice Dial during all upgrade actions, which makes it easier for physically proximate attackers to launch unintended calls by speaking a telephone number. |
Type: Mobile Devices |
Bulletins:
CVE-2014-4367 SFBID69882 |
Severity: Low |
| Description: Apple iOS before 8 enables Voice Dial during all upgrade actions, which makes it easier for physically proximate attackers to launch unintended calls by speaking a telephone number. | ||||
| Applies to: |
Created: 2014-09-18 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-4354 |
Title: Apple iOS before 8 enables Bluetooth during all upgrade actions, which makes it easier for remote attackers to bypass intended access restrictions via a Bluetooth session. |
Type: Mobile Devices |
Bulletins:
CVE-2014-4354 SFBID69882 |
Severity: Medium |
| Description: Apple iOS before 8 enables Bluetooth during all upgrade actions, which makes it easier for remote attackers to bypass intended access restrictions via a Bluetooth session. | ||||
| Applies to: |
Created: 2014-09-18 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-4356 |
Title: Apple iOS before 8 does not follow the intended configuration setting for text-message preview on the lock screen, which allows physically proximate attackers to obtain sensitive information by reading this screen. |
Type: Mobile Devices |
Bulletins:
CVE-2014-4356 SFBID69882 |
Severity: Low |
| Description: Apple iOS before 8 does not follow the intended configuration setting for text-message preview on the lock screen, which allows physically proximate attackers to obtain sensitive information by reading this screen. | ||||
| Applies to: |
Created: 2014-09-18 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-4352 |
Title: Address Book in Apple iOS before 8 relies on the hardware UID for its encryption key, which makes it easier for physically proximate attackers to obtain sensitive information by obtaining this UID. |
Type: Mobile Devices |
Bulletins:
CVE-2014-4352 SFBID69882 |
Severity: Low |
| Description: Address Book in Apple iOS before 8 relies on the hardware UID for its encryption key, which makes it easier for physically proximate attackers to obtain sensitive information by obtaining this UID. | ||||
| Applies to: |
Created: 2014-09-18 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-3342 |
Title: The CLI in Cisco IOS XR allows remote authenticated users to obtain sensitive information via unspecified commands, aka Bug IDs CSCuq42336, CSCuq76853, CSCuq76873, and CSCuq45383. |
Type: Hardware |
Bulletins:
CVE-2014-3342 SFBID69735 |
Severity: Medium |
| Description: The CLI in Cisco IOS XR allows remote authenticated users to obtain sensitive information via unspecified commands, aka Bug IDs CSCuq42336, CSCuq76853, CSCuq76873, and CSCuq45383. | ||||
| Applies to: |
Created: 2014-09-11 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-3363 |
Title: Cross-site scripting (XSS) vulnerability in the web framework in Cisco Unified Communications Manager (UCM) 9.1(2.10000.28) allows remote authenticated users to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCuq68443. |
Type: Hardware |
Bulletins:
CVE-2014-3363 SFBID69739 |
Severity: Low |
| Description: Cross-site scripting (XSS) vulnerability in the web framework in Cisco Unified Communications Manager (UCM) 9.1(2.10000.28) allows remote authenticated users to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCuq68443. | ||||
| Applies to: Unified Communications Manager |
Created: 2014-09-11 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-3343 |
Title: Cisco IOS XR 5.1 allows remote attackers to cause a denial of service (DHCPv6 daemon crash) via a malformed DHCPv6 packet, aka Bug ID CSCuo59052. |
Type: Hardware |
Bulletins:
CVE-2014-3343 SFBID69667 |
Severity: Medium |
| Description: Cisco IOS XR 5.1 allows remote attackers to cause a denial of service (DHCPv6 daemon crash) via a malformed DHCPv6 packet, aka Bug ID CSCuo59052. | ||||
| Applies to: |
Created: 2014-09-10 |
Updated: 2024-01-17 |
||
| ID: MITRE:25066 |
Title: Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5, and JRockit R27.8.2 and R28.3.2, allows remote attackers to affect confidentiality and integrity |
Type: Software |
Bulletins:
MITRE:25066 CVE-2014-4263 |
Severity: Medium |
| Description: Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5, and JRockit R27.8.2 and R28.3.2, allows remote attackers to affect confidentiality and integrity via unknown vectors related to "Diffie-Hellman key agreement." | ||||
| Applies to: Java Development Kit Java Runtime Environment |
Created: 2014-09-08 |
Updated: 2024-01-17 |
||
| ID: MITRE:25224 |
Title: Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5, and JRockit R27.8.2 and JRockit R28.3.2, allows remote attackers to affect confidentiality and integrity |
Type: Software |
Bulletins:
MITRE:25224 CVE-2014-4244 |
Severity: Medium |
| Description: Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5, and JRockit R27.8.2 and JRockit R28.3.2, allows remote attackers to affect confidentiality and integrity via unknown vectors related to Security. | ||||
| Applies to: Java Development Kit Java Runtime Environment |
Created: 2014-09-08 |
Updated: 2024-01-17 |
||
| ID: MITRE:24828 |
Title: Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect integrity |
Type: Software |
Bulletins:
MITRE:24828 CVE-2014-4218 |
Severity: Medium |
| Description: Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect integrity via unknown vectors related to Libraries. | ||||
| Applies to: Java Development Kit Java Runtime Environment |
Created: 2014-09-08 |
Updated: 2024-01-17 |
||
| ID: MITRE:25160 |
Title: Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality, integrity, and availability |
Type: Software |
Bulletins:
MITRE:25160 CVE-2014-4216 |
Severity: High |
| Description: Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot. | ||||
| Applies to: Java Development Kit Java Runtime Environment |
Created: 2014-09-08 |
Updated: 2024-01-17 |
||
| ID: MITRE:24806 |
Title: Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality, integrity, and availability |
Type: Software |
Bulletins:
MITRE:24806 CVE-2014-4262 |
Severity: High |
| Description: Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. | ||||
| Applies to: Java Development Kit Java Runtime Environment |
Created: 2014-09-08 |
Updated: 2024-01-17 |
||
| ID: MITRE:25136 |
Title: Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality and integrity |
Type: Software |
Bulletins:
MITRE:25136 CVE-2014-4209 |
Severity: Medium |
| Description: Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality and integrity via vectors related to JMX. | ||||
| Applies to: Java Development Kit Java Runtime Environment |
Created: 2014-09-08 |
Updated: 2024-01-17 |
||
| ID: MITRE:25273 |
Title: Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality |
Type: Software |
Bulletins:
MITRE:25273 CVE-2014-4252 |
Severity: Medium |
| Description: Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality via unknown vectors related to Security. | ||||
| Applies to: Java Development Kit Java Runtime Environment |
Created: 2014-09-08 |
Updated: 2024-01-17 |
||
| ID: MITRE:24827 |
Title: Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality |
Type: Software |
Bulletins:
MITRE:24827 CVE-2014-4268 |
Severity: Medium |
| Description: Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality via unknown vectors related to Swing. | ||||
| Applies to: Java Development Kit Java Runtime Environment |
Created: 2014-09-08 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-3353 |
Title: Cisco IOS XR 4.3(.2) and earlier, as used in Cisco Carrier Routing System (CRS), allows remote attackers to cause a denial of service (CPU consumption and IPv6 packet drops) via a malformed IPv6 packet, aka Bug ID CSCuo95165. |
Type: Hardware |
Bulletins:
CVE-2014-3353 SFBID69506 |
Severity: High |
| Description: Cisco IOS XR 4.3(.2) and earlier, as used in Cisco Carrier Routing System (CRS), allows remote attackers to cause a denial of service (CPU consumption and IPv6 packet drops) via a malformed IPv6 packet, aka Bug ID CSCuo95165. | ||||
| Applies to: |
Created: 2014-09-04 |
Updated: 2024-01-17 |
||
| ID: MITRE:24871 |
Title: Windows journal remote code execution vulnerability |
Type: Software |
Bulletins:
MITRE:24871 CVE-2014-1824 |
Severity: High |
| Description: Windows Journal in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via a crafted Journal (aka .JNT) file, aka "Windows Journal Remote Code Execution Vulnerability." | ||||
| Applies to: |
Created: 2014-08-18 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-3338 |
Title: The CTIManager module in Cisco Unified Communications Manager (CM) 10.0(1), when single sign-on is enabled, does not properly validate Kerberos SSO tokens, which allows remote authenticated users to gain privileges and execute arbitrary commands via... |
Type: Hardware |
Bulletins:
CVE-2014-3338 SFBID69176 |
Severity: High |
| Description: The CTIManager module in Cisco Unified Communications Manager (CM) 10.0(1), when single sign-on is enabled, does not properly validate Kerberos SSO tokens, which allows remote authenticated users to gain privileges and execute arbitrary commands via crafted token data, aka Bug ID CSCum95491. | ||||
| Applies to: Unified Communications Manager |
Created: 2014-08-12 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-3327 |
Title: The EnergyWise module in Cisco IOS 12.2, 15.0, 15.1, 15.2, and 15.4 and IOS XE 3.2.xXO, 3.3.xSG, 3.4.xSG, and 3.5.xE before 3.5.3E allows remote attackers to cause a denial of service (device reload) via a crafted IPv4 packet, aka Bug ID CSCup52101. |
Type: Hardware |
Bulletins:
CVE-2014-3327 SFBID69066 |
Severity: High |
| Description: The EnergyWise module in Cisco IOS 12.2, 15.0, 15.1, 15.2, and 15.4 and IOS XE 3.2.xXO, 3.3.xSG, 3.4.xSG, and 3.5.xE before 3.5.3E allows remote attackers to cause a denial of service (device reload) via a crafted IPv4 packet, aka Bug ID CSCup52101. | ||||
| Applies to: |
Created: 2014-08-11 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-3332 |
Title: Cisco Unified Communications Manager (CM) 8.6(.2) and earlier has an incorrect CLI restrictions setting, which allows remote authenticated users to establish undetected concurrent logins via unspecified vectors, aka Bug ID CSCup98029. |
Type: Hardware |
Bulletins:
CVE-2014-3332 SFBID69068 |
Severity: Medium |
| Description: Cisco Unified Communications Manager (CM) 8.6(.2) and earlier has an incorrect CLI restrictions setting, which allows remote authenticated users to establish undetected concurrent logins via unspecified vectors, aka Bug ID CSCup98029. | ||||
| Applies to: Unified Communications Manager |
Created: 2014-08-11 |
Updated: 2024-01-17 |
||
| ID: MITRE:26284 |
Title: SUSE-SU-2014:0905-1 -- Security update for Mozilla Firefox |
Type: Web |
Bulletins:
MITRE:26284 |
Severity: Low |
| Description: Mozilla Firefox has been updated to 24.6.0 to fix the security issues. | ||||
| Applies to: Mozilla Firefox |
Created: 2014-08-06 |
Updated: 2015-03-16 |
||
| ID: MITRE:26186 |
Title: RHSA-2014:1004: yum-updatesd security update |
Type: Software |
Bulletins:
MITRE:26186 |
Severity: Low |
| Description: The yum-updatesd package provides a daemon which checks for available updates and can notify you when they are available via email, syslog, or dbus. It was discovered that yum-updatesd did not properly perform RPM package signature checks. When yum-updatesd was configured to automatically install updates, a remote attacker could use this flaw to install a malicious update on the target system using an unsigned RPM or an RPM signed with an untrusted key. (CVE-2014-0022) All yum-updatesd users are advised to upgrade to this updated package, which contains a backported patch to correct this issue. After installing this update, the yum-updatesd service will be restarted automatically. | ||||
| Applies to: yum-updatesd |
Created: 2014-08-05 |
Updated: 2015-04-13 |
||
| ID: MITRE:26244 |
Title: RHSA-2013-1605: glibc security, bug fix, and enhancement update |
Type: Miscellaneous |
Bulletins:
MITRE:26244 |
Severity: Low |
| Description: Updated glibc packages that fix three security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. | ||||
| Applies to: glibc |
Created: 2014-08-05 |
Updated: 2015-03-09 |
||
| ID: MITRE:26218 |
Title: RHSA-2012:0884: openssh security, bug fix, and enhancement update |
Type: Services |
Bulletins:
MITRE:26218 |
Severity: Low |
| Description: The ssh_gssapi_parse_ename function in gss-serv.c in OpenSSH 5.8 and earlier, when gssapi-with-mic authentication is enabled, allows remote authenticated users to cause a denial of service (memory consumption) via a large value in a certain length field. NOTE: there may be limited scenarios in which this issue is relevant. | ||||
| Applies to: openssh |
Created: 2014-08-05 |
Updated: 2015-03-09 |
||
| ID: MITRE:25091 |
Title: RHSA-2014:0927: qemu-kvm security and bug fix update |
Type: Software |
Bulletins:
MITRE:25091 |
Severity: Low |
| Description: KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the user-space component for running virtual machines using KVM. Two integer overflow flaws were found in the QEMU block driver for QCOW version 1 disk images. A user able to alter the QEMU disk image files loaded by a guest could use either of these flaws to corrupt QEMU process memory on the host, which could potentially result in arbitrary code execution on the host with the privileges of the QEMU process. (CVE-2014-0222, CVE-2014-0223) Multiple buffer overflow, input validation, and out-of-bounds write flaws were found in the way virtio, virtio-net, virtio-scsi, usb, and hpet drivers of QEMU handled state loading after migration. A user able to alter the savevm data (either on the disk or over the wire during migration) could use either of these flaws to corrupt QEMU process memory on the (destination) host, which could potentially result in arbitrary code execution on the host with the privileges of the QEMU process. (CVE-2013-4148, CVE-2013-4149, CVE-2013-4150, CVE-2013-4151, CVE-2013-4527, CVE-2013-4529, CVE-2013-4535, CVE-2013-4536, CVE-2013-4541, CVE-2013-4542, CVE-2013-6399, CVE-2014-0182, CVE-2014-3461) These issues were discovered by Michael S. Tsirkin, Anthony Liguori and Michael Roth of Red Hat: CVE-2013-4148, CVE-2013-4149, CVE-2013-4150, CVE-2013-4151, CVE-2013-4527, CVE-2013-4529, CVE-2013-4535, CVE-2013-4536, CVE-2013-4541, CVE-2013-4542, CVE-2013-6399, CVE-2014-0182, and CVE-2014-3461. | ||||
| Applies to: qemu-kvm |
Created: 2014-07-28 |
Updated: 2015-04-13 |
||
| ID: MITRE:24567 |
Title: SharePoint Page Content Vulnerabilities () - MS14-022 |
Type: Software |
Bulletins:
MITRE:24567 CVE-2014-0251 |
Severity: High |
| Description: Microsoft Windows SharePoint Services 3.0 SP3; SharePoint Server 2007 SP3, 2010 SP1 and SP2, and 2013 Gold and SP1; SharePoint Foundation 2010 SP1 and SP2 and 2013 Gold and SP1; Project Server 2010 SP1 and SP2 and 2013 Gold and SP1; Web Applications 2010 SP1 and SP2; Office Web Apps Server 2013 Gold and SP1; SharePoint Server 2013 Client Components SDK; and SharePoint Designer 2007 SP3, 2010 SP1 and SP2, and 2013 Gold and SP1 allow remote authenticated users to execute arbitrary code via crafted page content, aka "SharePoint Page Content Vulnerability." | ||||
| Applies to: Microsoft Office Web Apps 2010 Microsoft SharePoint Foundation 2010 Microsoft SharePoint Foundation 2013 Microsoft SharePoint Server 2007 Microsoft SharePoint Server 2010 Microsoft SharePoint Server 2013 Microsoft SharePoint Services 3.0 |
Created: 2014-07-21 |
Updated: 2024-01-17 |
||
| ID: MITRE:25349 |
Title: SUSE-SU-2014:0727-1 -- Security update for Mozilla Firefox |
Type: Web |
Bulletins:
MITRE:25349 |
Severity: Low |
| Description: This Mozilla Firefox update provides several security and non-security fixes. MozillaFirefox has been updated to 24.5.0esr, which fixes the following issues: * MFSA 2014-34/CVE-2014-1518 Miscellaneous memory safety hazards * MFSA 2014-37/CVE-2014-1523 Out of bounds read while decoding JPG images * MFSA 2014-38/CVE-2014-1524 Buffer overflow when using non-XBL object as XBL * MFSA 2014-42/CVE-2014-1529 Privilege escalation through Web Notification API * MFSA 2014-43/CVE-2014-1530 Cross-site scripting (XSS) using history navigations * MFSA 2014-44/CVE-2014-1531 Use-after-free in imgLoader while resizing images * MFSA 2014-46/CVE-2014-1532 Use-after-free in nsHostResolver Mozilla NSS has been updated to 3.16 * required for Firefox 29 * CVE-2014-1492_ In a wildcard certificate, the wildcard character should not be embedded within the U-label of an internationalized domain name. See the last bullet point in RFC 6125, Section 7.2. * Update of root certificates. | ||||
| Applies to: Mozilla Firefox |
Created: 2014-07-15 |
Updated: 2015-03-16 |
||
| ID: MITRE:25341 |
Title: SUSE-SU-2014:0665-2 -- Security update for Mozilla Firefox |
Type: Web |
Bulletins:
MITRE:25341 |
Severity: Low |
| Description: This Mozilla Firefox update provides several security and non-security fixes. Mozilla Firefox has been updated to the 24.5.0esr version, which fixes the following issues: * MFSA 2014-34/CVE-2014-1518 Miscellaneous memory safety hazards * MFSA 2014-37/CVE-2014-1523 Out of bounds read while decoding JPG images * MFSA 2014-38/CVE-2014-1524 Buffer overflow when using non-XBL object as XBL * MFSA 2014-42/CVE-2014-1529 Privilege escalation through Web Notification API * MFSA 2014-43/CVE-2014-1530 Cross-site scripting (XSS) using history navigations * MFSA 2014-44/CVE-2014-1531 Use-after-free in imgLoader while resizing images * MFSA 2014-46/CVE-2014-1532 Use-after-free in nsHostResolver Mozilla NSS has been updated to version 3.16 * required for Firefox 29 * CVE-2014-1492_ In a wildcard certificate, the wildcard character should not be embedded within the U-label of an internationalized domain name. See the last bullet point in RFC 6125, Section 7.2. * Update of root certificates. | ||||
| Applies to: Mozilla Firefox |
Created: 2014-07-15 |
Updated: 2015-03-16 |
||
| ID: MITRE:25916 |
Title: SUSE-SU-2013:1183-1 -- Security update for xorg-x11 |
Type: Software |
Bulletins:
MITRE:25916 |
Severity: Low |
| Description: This update of xorg-x11 fixes several security vulnerabilities. * Bug 815451- X.Org Security Advisory: May 23, 2013 * Bug 821664 - libX11 * Bug 821671 - libXv * Bug 821670 - libXt * Bug 821669 - libXrender * Bug 821668 - libXp * Bug 821667 - libXfixes * Bug 821665 - libXext * Bug 821663 - libFS, libXcursor, libXi, libXinerama, libXRes, libXtst, libXvMC, libXxf86dga, libXxf86vm, libdmx | ||||
| Applies to: xorg-x11 |
Created: 2014-07-15 |
Updated: 2015-03-16 |
||
| ID: MITRE:26212 |
Title: SUSE-SU-2013:0471-1 -- Security update for Mozilla Firefox |
Type: Web |
Bulletins:
MITRE:26212 |
Severity: Low |
| Description: MozillaFirefox has been updated to the 17.0.4ESR release. Besides the major version update from the 10ESR stable release line to the 17ESR stable release line, this update brings critical security and bugfixes. | ||||
| Applies to: Mozilla Firefox |
Created: 2014-07-15 |
Updated: 2015-03-16 |
||
| ID: MITRE:25815 |
Title: SUSE-SU-2013:0306-1 -- Security update for Mozilla Firefox |
Type: Web |
Bulletins:
MITRE:25815 |
Severity: Low |
| Description: Mozilla Firefox is updated to the 10.0.12ESR version. This is a roll-up update for LTSS. It fixes a lot of security issues and bugs. | ||||
| Applies to: Mozilla Firefox |
Created: 2014-07-15 |
Updated: 2015-03-16 |
||
| ID: MITRE:25898 |
Title: SUSE-RU-2013:0703-2 -- Recommended update for ksh |
Type: Software |
Bulletins:
MITRE:25898 |
Severity: Low |
| Description: This update to Korn Shell 93u+ provides fixes for many issues, including: * Fix segmentation fault on typeset on ENV variable. (bnc#803613) * Do not free data which is used later on in the hash tree of reloaded shell functions. (bnc#795324) * Make sure that tty is closed even if an interrupt arrived during close. (bnc#790315) * Fix truncation of variables when TMOUT is used. (bnc#808956) * Fix syntax error on command substitution in here-document. (bnc#804998) * Make Shift_JIS patch more reliable as requested by upstream. For a comprehensive list of fixes please refer to the package's change log. | ||||
| Applies to: ksh |
Created: 2014-07-15 |
Updated: 2015-03-16 |
||
| ID: MITRE:25231 |
Title: SUSE-RU-2013:0634-1 -- Recommended update for Xorg |
Type: Software |
Bulletins:
MITRE:25231 |
Severity: Low |
| Description: This update for xorg-x11 provides fixes for the following issues: * 743810: Xnest to remote machine displays black screen * 805590: Xvnc server crashes while launching Java Swing application. | ||||
| Applies to: Xorg |
Created: 2014-07-15 |
Updated: 2015-03-16 |
||
| ID: CVE-2014-3319 |
Title: Directory traversal vulnerability in the Real-Time Monitoring Tool (RTMT) in Cisco Unified Communications Manager (CM) 10.0(1) allows remote authenticated users to read arbitrary files via a crafted URL, aka Bug ID CSCup57676. |
Type: Hardware |
Bulletins:
CVE-2014-3319 |
Severity: Medium |
| Description: Directory traversal vulnerability in the Real-Time Monitoring Tool (RTMT) in Cisco Unified Communications Manager (CM) 10.0(1) allows remote authenticated users to read arbitrary files via a crafted URL, aka Bug ID CSCup57676. | ||||
| Applies to: Unified Communications Manager |
Created: 2014-07-14 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-3317 |
Title: Directory traversal vulnerability in the Multiple Analyzer in the Dialed Number Analyzer (DNA) component in Cisco Unified Communications Manager 10.0(1) allows remote authenticated users to delete arbitrary files via a crafted URL, aka Bug ID CSCup76314. |
Type: Hardware |
Bulletins:
CVE-2014-3317 SFBID68481 |
Severity: Medium |
| Description: Directory traversal vulnerability in the Multiple Analyzer in the Dialed Number Analyzer (DNA) component in Cisco Unified Communications Manager 10.0(1) allows remote authenticated users to delete arbitrary files via a crafted URL, aka Bug ID CSCup76314. | ||||
| Applies to: Unified Communications Manager |
Created: 2014-07-14 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-3815 |
Title: Juniper Junos 12.1X46 before 12.1X46-D20 and 12.1X47 before 12.1X47-D10 on SRX Series devices allows remote attackers to cause a denial of service (flowd crash) via a crafted SIP packet. |
Type: Hardware |
Bulletins:
CVE-2014-3815 SFBID68551 |
Severity: High |
| Description: Juniper Junos 12.1X46 before 12.1X46-D20 and 12.1X47 before 12.1X47-D10 on SRX Series devices allows remote attackers to cause a denial of service (flowd crash) via a crafted SIP packet. | ||||
| Applies to: Juniper SRX100 Juniper SRX110 Juniper SRX1400 Juniper SRX210 Juniper SRX220 Juniper SRX240 Juniper SRX3400 Juniper SRX3600 Juniper SRX550 Juniper SRX5600 Juniper SRX5800 Juniper SRX650 |
Created: 2014-07-11 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-3822 |
Title: Juniper Junos 11.4 before 11.4R8, 12.1 before 12.1R5, 12.1X44 before 12.1X44-D20, 12.1X45 before 12.1X45-D15, 12.1X46 before 12.1X46-D10, and 12.1X47 before 12.1X47-D10 on SRX Series devices, allows remote attackers to cause a denial of service... |
Type: Hardware |
Bulletins:
CVE-2014-3822 |
Severity: Medium |
| Description: Juniper Junos 11.4 before 11.4R8, 12.1 before 12.1R5, 12.1X44 before 12.1X44-D20, 12.1X45 before 12.1X45-D15, 12.1X46 before 12.1X46-D10, and 12.1X47 before 12.1X47-D10 on SRX Series devices, allows remote attackers to cause a denial of service (flowd crash) via a malformed packet, related to translating IPv6 to IPv4. | ||||
| Applies to: Juniper SRX100 Juniper SRX110 Juniper SRX1400 Juniper SRX210 Juniper SRX220 Juniper SRX240 Juniper SRX3400 Juniper SRX3600 Juniper SRX550 Juniper SRX5600 Juniper SRX5800 Juniper SRX650 |
Created: 2014-07-11 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-3817 |
Title: Juniper Junos 11.4 before 11.4R12, 12.1X44 before 12.1X44-D32, 12.1X45 before 12.1X45-D25, 12.1X46 before 12.1X46-D20, and 12.1X47 before 12.1X47-D10 on SRX Series devices, when NAT protocol translation from IPv4 to IPv6 is enabled, allows remote... |
Type: Hardware |
Bulletins:
CVE-2014-3817 SFBID68545 |
Severity: High |
| Description: Juniper Junos 11.4 before 11.4R12, 12.1X44 before 12.1X44-D32, 12.1X45 before 12.1X45-D25, 12.1X46 before 12.1X46-D20, and 12.1X47 before 12.1X47-D10 on SRX Series devices, when NAT protocol translation from IPv4 to IPv6 is enabled, allows remote attackers to cause a denial of service (flowd hang or crash) via a crafted packet. | ||||
| Applies to: Juniper SRX100 Juniper SRX110 Juniper SRX1400 Juniper SRX210 Juniper SRX220 Juniper SRX240 Juniper SRX3400 Juniper SRX3600 Juniper SRX550 Juniper SRX5600 Juniper SRX5800 Juniper SRX650 |
Created: 2014-07-11 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-3816 |
Title: Juniper Junos 11.4 before 11.4R12, 12.1 before 12.1R11, 12.1X44 before 12.1X44-D35, 12.1X45 before 12.1X45-D30, 12.1X46 before 12.1X46-D20, 12.1X47 before 12.1X47-D10, 12.2 before 12.2R8-S2, 12.3 before 12.3R7, 13.1 before 13.1R4-S2, 13.2 before... |
Type: Hardware |
Bulletins:
CVE-2014-3816 |
Severity: High |
| Description: Juniper Junos 11.4 before 11.4R12, 12.1 before 12.1R11, 12.1X44 before 12.1X44-D35, 12.1X45 before 12.1X45-D30, 12.1X46 before 12.1X46-D20, 12.1X47 before 12.1X47-D10, 12.2 before 12.2R8-S2, 12.3 before 12.3R7, 13.1 before 13.1R4-S2, 13.2 before 13.2R5, 13.3 before 13.3R2-S2, and 14.1 before 14.1R1 allows remote authenticated users to gain privileges via unspecified combinations of CLI commands and arguments. | ||||
| Applies to: |
Created: 2014-07-11 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-3819 |
Title: Juniper Junos 11.4 before 11.4R12, 12.1 before 12.1R10, 12.1X44 before 12.1X44-D35, 12.1X45 before 12.1X45-D25, 12.1X46 before 12.1X46-D20, 12.1X47 before 12.1X47-D10, 12.2 before 12.2R8, 12.3 before 12.3R7, 13.1 before 13.1R4, 13.2 before 13.2R4,... |
Type: Hardware |
Bulletins:
CVE-2014-3819 SFBID68539 |
Severity: High |
| Description: Juniper Junos 11.4 before 11.4R12, 12.1 before 12.1R10, 12.1X44 before 12.1X44-D35, 12.1X45 before 12.1X45-D25, 12.1X46 before 12.1X46-D20, 12.1X47 before 12.1X47-D10, 12.2 before 12.2R8, 12.3 before 12.3R7, 13.1 before 13.1R4, 13.2 before 13.2R4, 13.3 before 13.3R2, and 14.1 before 14.1R1, when Auto-RP is enabled, allows remote attackers to cause a denial of service (RDP routing process crash and restart) via a malformed PIM packet. | ||||
| Applies to: |
Created: 2014-07-11 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-3821 |
Title: Cross-site scripting (XSS) vulnerability in SRX Web Authentication (webauth) in Juniper Junos 11.4 before 11.4R11, 12.1X44 before 12.1X44-D34, 12.1X45 before 12.1X45-D25, 12.1X46 before 12.1X46-D20, and 12.1X47 before 12.1X47-D10 allows remote... |
Type: Hardware |
Bulletins:
CVE-2014-3821 SFBID68548 |
Severity: Medium |
| Description: Cross-site scripting (XSS) vulnerability in SRX Web Authentication (webauth) in Juniper Junos 11.4 before 11.4R11, 12.1X44 before 12.1X44-D34, 12.1X45 before 12.1X45-D25, 12.1X46 before 12.1X46-D20, and 12.1X47 before 12.1X47-D10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| Applies to: |
Created: 2014-07-11 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-3316 |
Title: The Multiple Analyzer in the Dialed Number Analyzer (DNA) component in Cisco Unified Communications Manager allows remote authenticated users to bypass intended upload restrictions via a crafted parameter, aka Bug ID CSCup76297. |
Type: Hardware |
Bulletins:
CVE-2014-3316 SFBID68479 |
Severity: Medium |
| Description: The Multiple Analyzer in the Dialed Number Analyzer (DNA) component in Cisco Unified Communications Manager allows remote authenticated users to bypass intended upload restrictions via a crafted parameter, aka Bug ID CSCup76297. | ||||
| Applies to: Unified Communications Manager |
Created: 2014-07-10 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-3318 |
Title: Directory traversal vulnerability in dna/viewfilecontents.do in the Dialed Number Analyzer (DNA) component in Cisco Unified Communications Manager allows remote authenticated users to read arbitrary files via a crafted URL, aka Bug ID CSCup76318. |
Type: Hardware |
Bulletins:
CVE-2014-3318 SFBID68482 |
Severity: Medium |
| Description: Directory traversal vulnerability in dna/viewfilecontents.do in the Dialed Number Analyzer (DNA) component in Cisco Unified Communications Manager allows remote authenticated users to read arbitrary files via a crafted URL, aka Bug ID CSCup76318. | ||||
| Applies to: Unified Communications Manager |
Created: 2014-07-10 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-3315 |
Title: Cross-site scripting (XSS) vulnerability in viewfilecontents.do in the Dialed Number Analyzer (DNA) component in Cisco Unified Communications Manager allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka... |
Type: Hardware |
Bulletins:
CVE-2014-3315 SFBID68477 |
Severity: Medium |
| Description: Cross-site scripting (XSS) vulnerability in viewfilecontents.do in the Dialed Number Analyzer (DNA) component in Cisco Unified Communications Manager allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCup76308. | ||||
| Applies to: Unified Communications Manager |
Created: 2014-07-10 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-3309 |
Title: The NTP implementation in Cisco IOS and IOS XE does not properly support use of the access-group command for a "deny all" configuration, which allows remote attackers to bypass intended restrictions on time synchronization via a standard query, aka... |
Type: Hardware |
Bulletins:
CVE-2014-3309 SFBID68463 |
Severity: Medium |
| Description: The NTP implementation in Cisco IOS and IOS XE does not properly support use of the access-group command for a "deny all" configuration, which allows remote attackers to bypass intended restrictions on time synchronization via a standard query, aka Bug ID CSCuj66318. | ||||
| Applies to: |
Created: 2014-07-09 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-3100 |
Title: Stack-based buffer overflow in the encode_key function in /system/bin/keystore in the KeyStore service in Android 4.3 allows attackers to execute arbitrary code, and consequently obtain sensitive key information or bypass intended... |
Type: Mobile Devices |
Bulletins:
CVE-2014-3100 SFBID68152 |
Severity: Medium |
| Description: Stack-based buffer overflow in the encode_key function in /system/bin/keystore in the KeyStore service in Android 4.3 allows attackers to execute arbitrary code, and consequently obtain sensitive key information or bypass intended restrictions on cryptographic operations, via a long key name. | ||||
| Applies to: |
Created: 2014-07-02 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-1345 |
Title: WebKit in Apple iOS before 7.1.2 and Apple Safari before 6.1.5 and 7.x before 7.0.5 does not properly encode domain names in URLs, which allows remote attackers to spoof the address bar via a crafted web site. |
Type: Mobile Devices |
Bulletins:
CVE-2014-1345 SFBID68276 |
Severity: Medium |
| Description: WebKit in Apple iOS before 7.1.2 and Apple Safari before 6.1.5 and 7.x before 7.0.5 does not properly encode domain names in URLs, which allows remote attackers to spoof the address bar via a crafted web site. | ||||
| Applies to: |
Created: 2014-07-01 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-1349 |
Title: Use-after-free vulnerability in Safari in Apple iOS before 7.1.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an invalid URL. |
Type: Mobile Devices |
Bulletins:
CVE-2014-1349 SFBID68276 |
Severity: Medium |
| Description: Use-after-free vulnerability in Safari in Apple iOS before 7.1.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an invalid URL. | ||||
| Applies to: |
Created: 2014-07-01 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-1351 |
Title: Siri in Apple iOS before 7.1.2 allows physically proximate attackers to bypass an intended lock-screen passcode requirement, and read a contact list, via a Siri request that refers to a contact ambiguously. |
Type: Mobile Devices |
Bulletins:
CVE-2014-1351 SFBID68276 |
Severity: Low |
| Description: Siri in Apple iOS before 7.1.2 allows physically proximate attackers to bypass an intended lock-screen passcode requirement, and read a contact list, via a Siri request that refers to a contact ambiguously. | ||||
| Applies to: |
Created: 2014-07-01 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-1350 |
Title: Settings in Apple iOS before 7.1.2 allows physically proximate attackers to bypass an intended iCloud password requirement, and turn off the Find My iPhone service, by leveraging incorrect state management. |
Type: Mobile Devices |
Bulletins:
CVE-2014-1350 SFBID68276 |
Severity: Medium |
| Description: Settings in Apple iOS before 7.1.2 allows physically proximate attackers to bypass an intended iCloud password requirement, and turn off the Find My iPhone service, by leveraging incorrect state management. | ||||
| Applies to: |
Created: 2014-07-01 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-1348 |
Title: Mail in Apple iOS before 7.1.2 advertises the availability of data protection for attachments but stores cleartext attachments under mobile/Library/Mail/, which makes it easier for physically proximate attackers to obtain sensitive... |
Type: Mobile Devices |
Bulletins:
CVE-2014-1348 SFBID67263 |
Severity: Low |
| Description: Mail in Apple iOS before 7.1.2 advertises the availability of data protection for attachments but stores cleartext attachments under mobile/Library/Mail/, which makes it easier for physically proximate attackers to obtain sensitive information by mounting the data partition. | ||||
| Applies to: |
Created: 2014-07-01 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-1360 |
Title: Lockdown in Apple iOS before 7.1.2 does not properly verify data from activation servers, which makes it easier for physically proximate attackers to bypass the Activation Lock protection mechanism via unspecified vectors. |
Type: Mobile Devices |
Bulletins:
CVE-2014-1360 SFBID68276 |
Severity: Low |
| Description: Lockdown in Apple iOS before 7.1.2 does not properly verify data from activation servers, which makes it easier for physically proximate attackers to bypass the Activation Lock protection mechanism via unspecified vectors. | ||||
| Applies to: |
Created: 2014-07-01 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-1353 |
Title: Lock Screen in Apple iOS before 7.1.2 does not properly manage the telephony state in Airplane Mode, which allows physically proximate attackers to bypass the lock protection mechanism, and access a certain foreground application,... |
Type: Mobile Devices |
Bulletins:
CVE-2014-1353 SFBID68276 |
Severity: Low |
| Description: Lock Screen in Apple iOS before 7.1.2 does not properly manage the telephony state in Airplane Mode, which allows physically proximate attackers to bypass the lock protection mechanism, and access a certain foreground application, via unspecified vectors. | ||||
| Applies to: |
Created: 2014-07-01 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-1352 |
Title: Lock Screen in Apple iOS before 7.1.2 does not properly enforce the limit on failed passcode attempts, which makes it easier for physically proximate attackers to conduct brute-force passcode-guessing attacks via unspecified vectors. |
Type: Mobile Devices |
Bulletins:
CVE-2014-1352 SFBID68276 |
Severity: Low |
| Description: Lock Screen in Apple iOS before 7.1.2 does not properly enforce the limit on failed passcode attempts, which makes it easier for physically proximate attackers to conduct brute-force passcode-guessing attacks via unspecified vectors. | ||||
| Applies to: |
Created: 2014-07-01 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-1354 |
Title: CoreGraphics in Apple iOS before 7.1.2 does not properly restrict allocation of stack memory for processing of XBM images, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via... |
Type: Mobile Devices |
Bulletins:
CVE-2014-1354 SFBID68276 |
Severity: Medium |
| Description: CoreGraphics in Apple iOS before 7.1.2 does not properly restrict allocation of stack memory for processing of XBM images, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted image data. | ||||
| Applies to: |
Created: 2014-07-01 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-3299 |
Title: Cisco IOS allows remote authenticated users to cause a denial of service (device reload) via malformed IPsec packets, aka Bug ID CSCui79745. |
Type: Hardware |
Bulletins:
CVE-2014-3299 SFBID68177 |
Severity: Medium |
| Description: Cisco IOS allows remote authenticated users to cause a denial of service (device reload) via malformed IPsec packets, aka Bug ID CSCui79745. | ||||
| Applies to: |
Created: 2014-06-25 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-3290 |
Title: The mDNS implementation in Cisco IOS XE 3.12S does not properly interact with autonomic networking, which allows remote attackers to obtain sensitive networking-services information by sniffing the network or overwrite networking-services data via a... |
Type: Hardware |
Bulletins:
CVE-2014-3290 SFBID68021 |
Severity: Medium |
| Description: The mDNS implementation in Cisco IOS XE 3.12S does not properly interact with autonomic networking, which allows remote attackers to obtain sensitive networking-services information by sniffing the network or overwrite networking-services data via a crafted mDNS response, aka Bug ID CSCun64867. | ||||
| Applies to: |
Created: 2014-06-14 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-3295 |
Title: The HSRP implementation in Cisco NX-OS 6.2(2a) and earlier allows remote attackers to bypass authentication and cause a denial of service (group-member state modification and traffic blackholing) via malformed HSRP packets, aka Bug ID CSCup11309. |
Type: Hardware |
Bulletins:
CVE-2014-3295 SFBID67983 |
Severity: Medium |
| Description: The HSRP implementation in Cisco NX-OS 6.2(2a) and earlier allows remote attackers to bypass authentication and cause a denial of service (group-member state modification and traffic blackholing) via malformed HSRP packets, aka Bug ID CSCup11309. | ||||
| Applies to: |
Created: 2014-06-14 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-3813 |
Title: Unspecified vulnerability in the Juniper Networks NetScreen Firewall products with ScreenOS before 6.3r17, when configured to use the internal DNS lookup client, allows remote attackers to cause a denial of service (crash and reboot) via vectors... |
Type: Hardware |
Bulletins:
CVE-2014-3813 |
Severity: High |
| Description: Unspecified vulnerability in the Juniper Networks NetScreen Firewall products with ScreenOS before 6.3r17, when configured to use the internal DNS lookup client, allows remote attackers to cause a denial of service (crash and reboot) via vectors related to a DNS lookup. | ||||
| Applies to: |
Created: 2014-06-13 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-3814 |
Title: The Juniper Networks NetScreen Firewall devices with ScreenOS before 6.3r17, when configured to use the internal DNS lookup client, allows remote attackers to cause a denial of service (crash and reboot) via a sequence of malformed packets to the... |
Type: Hardware |
Bulletins:
CVE-2014-3814 |
Severity: High |
| Description: The Juniper Networks NetScreen Firewall devices with ScreenOS before 6.3r17, when configured to use the internal DNS lookup client, allows remote attackers to cause a denial of service (crash and reboot) via a sequence of malformed packets to the device IP. | ||||
| Applies to: |
Created: 2014-06-13 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-3292 |
Title: The Real Time Monitoring Tool (RTMT) implementation in Cisco Unified Communications Manager (Unified CM) allows remote authenticated users to (1) read or (2) delete arbitrary files via a crafted URL, aka Bug IDs CSCuo17302 and CSCuo17199. |
Type: Hardware |
Bulletins:
CVE-2014-3292 |
Severity: Medium |
| Description: The Real Time Monitoring Tool (RTMT) implementation in Cisco Unified Communications Manager (Unified CM) allows remote authenticated users to (1) read or (2) delete arbitrary files via a crafted URL, aka Bug IDs CSCuo17302 and CSCuo17199. | ||||
| Applies to: Unified Communications Manager |
Created: 2014-06-10 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-3287 |
Title: SQL injection vulnerability in BulkViewFileContentsAction.java in the Java interface in Cisco Unified Communications Manager (Unified CM) allows remote authenticated users to execute arbitrary SQL commands via crafted filename parameters in a URL,... |
Type: Hardware |
Bulletins:
CVE-2014-3287 SFBID68000 |
Severity: Medium |
| Description: SQL injection vulnerability in BulkViewFileContentsAction.java in the Java interface in Cisco Unified Communications Manager (Unified CM) allows remote authenticated users to execute arbitrary SQL commands via crafted filename parameters in a URL, aka Bug ID CSCuo17337. | ||||
| Applies to: Unified Communications Manager |
Created: 2014-06-10 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-3291 |
Title: Cisco Wireless LAN Controller (WLC) devices allow remote attackers to cause a denial of service (NULL pointer dereference and device restart) via a zero value in Cisco Discovery Protocol packet data that is not properly handled during SNMP polling,... |
Type: Hardware |
Bulletins:
CVE-2014-3291 SFBID67926 |
Severity: Medium |
| Description: Cisco Wireless LAN Controller (WLC) devices allow remote attackers to cause a denial of service (NULL pointer dereference and device restart) via a zero value in Cisco Discovery Protocol packet data that is not properly handled during SNMP polling, aka Bug ID CSCuo12321. | ||||
| Applies to: |
Created: 2014-06-08 |
Updated: 2024-01-17 |
||
| ID: MITRE:24712 |
Title: Vulnerability in Java SE 5.0u61, Java SE 6u71, Java SE 7u51, Java SE 8 allows successful unauthenticated network attacks via multiple protocols |
Type: Software |
Bulletins:
MITRE:24712 CVE-2013-6629 |
Severity: Medium |
| Description: The get_sos function in jdmarker.c in (1) libjpeg 6b and (2) libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48, Ghostscript, and other products, does not check for certain duplications of component data during the reading of segments that follow Start Of Scan (SOS) JPEG markers, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted JPEG image. | ||||
| Applies to: Java Runtime Environment |
Created: 2014-06-02 |
Updated: 2024-01-17 |
||
| ID: MITRE:24520 |
Title: Unspecified vulnerability in Oracle Java SE 5.0u61, SE 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries |
Type: Software |
Bulletins:
MITRE:24520 CVE-2014-0457 |
Severity: High |
| Description: Unspecified vulnerability in Oracle Java SE 5.0u61, SE 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. | ||||
| Applies to: JRockit Java Runtime Environment |
Created: 2014-06-02 |
Updated: 2024-01-17 |
||
| ID: MITRE:24523 |
Title: Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, SE 7u51, and 8 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT |
Type: Software |
Bulletins:
MITRE:24523 CVE-2014-2412 |
Severity: High |
| Description: Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, SE 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT, a different vulnerability than CVE-2014-0451. | ||||
| Applies to: Java Runtime Environment |
Created: 2014-06-02 |
Updated: 2024-01-17 |
||
| ID: MITRE:24709 |
Title: Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; allows remote attackers to affect confidentiality and integrity via vectors related to JNDI |
Type: Software |
Bulletins:
MITRE:24709 CVE-2014-0460 |
Severity: Medium |
| Description: Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality and integrity via vectors related to JNDI. | ||||
| Applies to: JRockit Java Runtime Environment |
Created: 2014-06-02 |
Updated: 2024-01-17 |
||
| ID: MITRE:24672 |
Title: Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D |
Type: Software |
Bulletins:
MITRE:24672 CVE-2014-0429 |
Severity: High |
| Description: Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. | ||||
| Applies to: JRockit Java Runtime Environment |
Created: 2014-06-02 |
Updated: 2024-01-17 |
||
| ID: MITRE:24441 |
Title: Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Security |
Type: Software |
Bulletins:
MITRE:24441 CVE-2014-0453 |
Severity: Medium |
| Description: Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Security. | ||||
| Applies to: JRockit Java Runtime Environment |
Created: 2014-06-02 |
Updated: 2024-01-17 |
||
| ID: MITRE:24676 |
Title: Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT |
Type: Software |
Bulletins:
MITRE:24676 CVE-2014-0451 |
Severity: High |
| Description: Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT, a different vulnerability than CVE-2014-2412. | ||||
| Applies to: Java Runtime Environment |
Created: 2014-06-02 |
Updated: 2024-01-17 |
||
| ID: MITRE:24510 |
Title: Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound |
Type: Software |
Bulletins:
MITRE:24510 CVE-2014-2427 |
Severity: High |
| Description: Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound. | ||||
| Applies to: Java Runtime Environment |
Created: 2014-06-02 |
Updated: 2024-01-17 |
||
| ID: MITRE:24502 |
Title: Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries |
Type: Software |
Bulletins:
MITRE:24502 CVE-2014-0446 |
Severity: High |
| Description: Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. | ||||
| Applies to: Java Runtime Environment |
Created: 2014-06-02 |
Updated: 2024-01-17 |
||
| ID: MITRE:23723 |
Title: The unpacker::redirect_stdio function in unpack.cpp in unpack200 in OpenJDK 6, 7, and 8; Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1 does not securely create temporary files when a log file cannot be opened,... |
Type: Software |
Bulletins:
MITRE:23723 CVE-2014-1876 |
Severity: Medium |
| Description: The unpacker::redirect_stdio function in unpack.cpp in unpack200 in OpenJDK 6, 7, and 8; Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 does not securely create temporary files when a log file cannot be opened, which allows local users to overwrite arbitrary files via a symlink attack on /tmp/unpack.log. | ||||
| Applies to: JRockit Java Runtime Environment |
Created: 2014-06-02 |
Updated: 2024-01-17 |
||
| ID: CVE-2013-1191 |
Title: Cisco NX-OS 6.1 before 6.1(5) on Nexus 7000 devices, when local authentication and multiple VDCs are enabled, allows remote authenticated users to gain privileges within an unintended VDC via crafted SSH key data in an SSH session to a management... |
Type: Hardware |
Bulletins:
CVE-2013-1191 |
Severity: High |
| Description: Cisco NX-OS 6.1 before 6.1(5) on Nexus 7000 devices, when local authentication and multiple VDCs are enabled, allows remote authenticated users to gain privileges within an unintended VDC via crafted SSH key data in an SSH session to a management interface, aka Bug ID CSCud88400. | ||||
| Applies to: Cisco Nexus 7000 Cisco Nexus 7000-9slot Cisco Nexus 7010 Cisco Nexus 7018 |
Created: 2014-05-25 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-2200 |
Title: Cisco NX-OS 5.0 before 5.0(5) on Nexus 7000 devices, when local authentication and multiple VDCs are enabled, allows remote authenticated users to gain privileges within an unintended VDC via an SSH session to a management interface, aka Bug ID... |
Type: Hardware |
Bulletins:
CVE-2014-2200 |
Severity: High |
| Description: Cisco NX-OS 5.0 before 5.0(5) on Nexus 7000 devices, when local authentication and multiple VDCs are enabled, allows remote authenticated users to gain privileges within an unintended VDC via an SSH session to a management interface, aka Bug ID CSCti11629. | ||||
| Applies to: |
Created: 2014-05-25 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-3284 |
Title: Cisco IOS XE on ASR1000 devices, when PPPoE termination is enabled, allows remote attackers to cause a denial of service (device reload) via a malformed PPPoE packet, aka Bug ID CSCuo55180. |
Type: Hardware |
Bulletins:
CVE-2014-3284 SFBID67603 |
Severity: Medium |
| Description: Cisco IOS XE on ASR1000 devices, when PPPoE termination is enabled, allows remote attackers to cause a denial of service (device reload) via a malformed PPPoE packet, aka Bug ID CSCuo55180. | ||||
| Applies to: |
Created: 2014-05-25 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-3269 |
Title: The SNMP module in Cisco IOS XE 3.5E allows remote authenticated users to cause a denial of service (device reload) by polling frequently, aka Bug ID CSCug65204. |
Type: Hardware |
Bulletins:
CVE-2014-3269 |
Severity: Medium |
| Description: The SNMP module in Cisco IOS XE 3.5E allows remote authenticated users to cause a denial of service (device reload) by polling frequently, aka Bug ID CSCug65204. | ||||
| Applies to: |
Created: 2014-05-20 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-3273 |
Title: The LLDP implementation in Cisco IOS allows remote attackers to cause a denial of service (device reload) via a malformed packet, aka Bug ID CSCum96282. |
Type: Hardware |
Bulletins:
CVE-2014-3273 |
Severity: Medium |
| Description: The LLDP implementation in Cisco IOS allows remote attackers to cause a denial of service (device reload) via a malformed packet, aka Bug ID CSCum96282. | ||||
| Applies to: |
Created: 2014-05-20 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-3270 |
Title: The DHCPv6 implementation in Cisco IOS XR allows remote attackers to cause a denial of service (process hang) via a malformed packet, aka Bug ID CSCul80924. |
Type: Hardware |
Bulletins:
CVE-2014-3270 |
Severity: Medium |
| Description: The DHCPv6 implementation in Cisco IOS XR allows remote attackers to cause a denial of service (process hang) via a malformed packet, aka Bug ID CSCul80924. | ||||
| Applies to: |
Created: 2014-05-20 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-3271 |
Title: The DHCPv6 implementation in Cisco IOS XR allows remote attackers to cause a denial of service (device crash) via a malformed packet, aka Bug IDs CSCum85558, CSCum20949, CSCul61849, and CSCul71149. |
Type: Hardware |
Bulletins:
CVE-2014-3271 |
Severity: Medium |
| Description: The DHCPv6 implementation in Cisco IOS XR allows remote attackers to cause a denial of service (device crash) via a malformed packet, aka Bug IDs CSCum85558, CSCum20949, CSCul61849, and CSCul71149. | ||||
| Applies to: |
Created: 2014-05-20 |
Updated: 2024-01-17 |
||
| ID: CVE-2013-6975 |
Title: Directory traversal vulnerability in the command-line interface in Cisco NX-OS 6.2(2a) and earlier allows local users to read arbitrary files via unspecified input, aka Bug ID CSCul05217. |
Type: Hardware |
Bulletins:
CVE-2013-6975 SFBID67426 |
Severity: Medium |
| Description: Directory traversal vulnerability in the command-line interface in Cisco NX-OS 6.2(2a) and earlier allows local users to read arbitrary files via unspecified input, aka Bug ID CSCul05217. | ||||
| Applies to: |
Created: 2014-05-20 |
Updated: 2024-01-17 |
||
| ID: MITRE:24283 |
Title: Apache HTTP vulnerability before 2.2.27 or before 2.4.8 in VisualSVN Server |
Type: Software |
Bulletins:
MITRE:24283 CVE-2013-6438 |
Severity: Medium |
| Description: The dav_xml_get_cdata function in main/util.c in the mod_dav module in the Apache HTTP Server before 2.4.8 does not properly remove whitespace characters from CDATA sections, which allows remote attackers to cause a denial of service (daemon crash) via a crafted DAV WRITE request. | ||||
| Applies to: VisualSVN Server |
Created: 2014-05-19 |
Updated: 2024-01-17 |
||
| ID: MITRE:24101 |
Title: Apache HTTP vulnerability before 2.2.27 or before 2.4.8 in VisualSVN Server |
Type: Software |
Bulletins:
MITRE:24101 CVE-2014-0098 |
Severity: Medium |
| Description: The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server before 2.4.8 allows remote attackers to cause a denial of service (segmentation fault and daemon crash) via a crafted cookie that is not properly handled during truncation. | ||||
| Applies to: VisualSVN Server |
Created: 2014-05-19 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-3263 |
Title: The ScanSafe module in Cisco IOS 15.3(3)M allows remote attackers to cause a denial of service (device reload) via HTTPS packets that require tower processing, aka Bug ID CSCum97038. |
Type: Hardware |
Bulletins:
CVE-2014-3263 |
Severity: Medium |
| Description: The ScanSafe module in Cisco IOS 15.3(3)M allows remote attackers to cause a denial of service (device reload) via HTTPS packets that require tower processing, aka Bug ID CSCum97038. | ||||
| Applies to: |
Created: 2014-05-16 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-3262 |
Title: The Locator/ID Separation Protocol (LISP) implementation in Cisco IOS 15.3(3)S and earlier and IOS XE does not properly validate parameters in ITR control messages, which allows remote attackers to cause a denial of service (CEF outage and packet... |
Type: Hardware |
Bulletins:
CVE-2014-3262 |
Severity: Medium |
| Description: The Locator/ID Separation Protocol (LISP) implementation in Cisco IOS 15.3(3)S and earlier and IOS XE does not properly validate parameters in ITR control messages, which allows remote attackers to cause a denial of service (CEF outage and packet drops) via malformed messages, aka Bug ID CSCun73782. | ||||
| Applies to: |
Created: 2014-05-16 |
Updated: 2024-01-17 |
||
| ID: CVE-2010-4832 |
Title: Android OS before 2.2 does not display the correct SSL certificate in certain cases, which might allow remote attackers to spoof trusted web sites via a web page containing references to external sources in which (1) the certificate... |
Type: Mobile Devices |
Bulletins:
CVE-2010-4832 |
Severity: Medium |
| Description: Android OS before 2.2 does not display the correct SSL certificate in certain cases, which might allow remote attackers to spoof trusted web sites via a web page containing references to external sources in which (1) the certificate of the last loaded resource is checked, instead of for the main page, or (2) later certificates are not checked when the HTTPS connection is reused. | ||||
| Applies to: |
Created: 2014-05-13 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-0684 |
Title: Cisco NX-OS 6.2(2) on Nexus 7000 switches allows local users to cause a denial of service via crafted sed input, aka Bug ID CSCui56136. |
Type: Hardware |
Bulletins:
CVE-2014-0684 |
Severity: Medium |
| Description: Cisco NX-OS 6.2(2) on Nexus 7000 switches allows local users to cause a denial of service via crafted sed input, aka Bug ID CSCui56136. | ||||
| Applies to: Cisco Nexus 7000 Cisco Nexus 7000-9slot Cisco Nexus 7010 Cisco Nexus 7018 |
Created: 2014-05-07 |
Updated: 2024-01-17 |
||
| ID: MITRE:24405 |
Title: Vulnerability in the TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products |
Type: Software |
Bulletins:
MITRE:24405 CVE-2013-0169 |
Severity: Low |
| Description: The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue. | ||||
| Applies to: Java Runtime Environment |
Created: 2014-05-05 |
Updated: 2024-01-17 |
||
| ID: MITRE:24141 |
Title: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 13 and earlier, 6 Update 39 and earlier, and 5.0 Update 39 and earlier allows remote attackers to affect confidentiality, integrity, and... |
Type: Software |
Bulletins:
MITRE:24141 CVE-2013-1486 |
Severity: High |
| Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 13 and earlier, 6 Update 39 and earlier, and 5.0 Update 39 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX. | ||||
| Applies to: Java Runtime Environment |
Created: 2014-05-05 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-2183 |
Title: The L2TP module in Cisco IOS XE 3.10S(.2) and earlier on ASR 1000 routers allows remote authenticated users to cause a denial of service (ESP card reload) via a malformed L2TP packet, aka Bug ID CSCun09973. |
Type: Hardware |
Bulletins:
CVE-2014-2183 |
Severity: Medium |
| Description: The L2TP module in Cisco IOS XE 3.10S(.2) and earlier on ASR 1000 routers allows remote authenticated users to cause a denial of service (ESP card reload) via a malformed L2TP packet, aka Bug ID CSCun09973. | ||||
| Applies to: |
Created: 2014-04-29 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-2184 |
Title: The IP Manager Assistant (IPMA) component in Cisco Unified Communications Manager (Unified CM) allows remote attackers to obtain sensitive information via a crafted URL, aka Bug ID CSCun74352. |
Type: Hardware |
Bulletins:
CVE-2014-2184 |
Severity: Medium |
| Description: The IP Manager Assistant (IPMA) component in Cisco Unified Communications Manager (Unified CM) allows remote attackers to obtain sensitive information via a crafted URL, aka Bug ID CSCun74352. | ||||
| Applies to: Unified Communications Manager |
Created: 2014-04-29 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-2185 |
Title: The Call Detail Records (CDR) Management component in Cisco Unified Communications Manager (Unified CM) allows remote authenticated users to obtain sensitive information by reading extraneous fields in an HTML document, aka Bug ID CSCun74374. |
Type: Hardware |
Bulletins:
CVE-2014-2185 |
Severity: Medium |
| Description: The Call Detail Records (CDR) Management component in Cisco Unified Communications Manager (Unified CM) allows remote authenticated users to obtain sensitive information by reading extraneous fields in an HTML document, aka Bug ID CSCun74374. | ||||
| Applies to: Unified Communications Manager |
Created: 2014-04-29 |
Updated: 2024-01-17 |
||
| ID: CVE-2013-7373 |
Title: Android before 4.4 does not properly arrange for seeding of the OpenSSL PRNG, which makes it easier for attackers to defeat cryptographic protection mechanisms by leveraging use of the PRNG within multiple applications. |
Type: Mobile Devices |
Bulletins:
CVE-2013-7373 |
Severity: High |
| Description: Android before 4.4 does not properly arrange for seeding of the OpenSSL PRNG, which makes it easier for attackers to defeat cryptographic protection mechanisms by leveraging use of the PRNG within multiple applications. | ||||
| Applies to: |
Created: 2014-04-29 |
Updated: 2024-01-17 |
||
| ID: MITRE:23940 |
Title: Apache Subversion vulnerability before 1.7.15 and 1.8.x before 1.8.6 in VisualSVN Server allows remote attackers to cause a denial of service |
Type: Software |
Bulletins:
MITRE:23940 CVE-2014-0032 |
Severity: Medium |
| Description: The get_resource function in repos.c in the mod_dav_svn module in Apache Subversion before 1.7.15 and 1.8.x before 1.8.6, when SVNListParentPath is enabled, allows remote attackers to cause a denial of service (crash) via vectors related to the server root and request methods other than GET, as demonstrated by the "svn ls http://svn.example.com" command. | ||||
| Applies to: VisualSVN Server |
Created: 2014-04-28 |
Updated: 2024-01-17 |
||
| ID: MITRE:23340 |
Title: Apache Subversion vulnerability 1.8.0 through 1.8.2 in VisualSVN Server |
Type: Software |
Bulletins:
MITRE:23340 CVE-2013-4262 |
Severity: Low |
| Description: svnwcsub.py in Subversion 1.8.0 before 1.8.3, when using the --pidfile option and running in foreground mode, allows local users to gain privileges via a symlink attack on the pid file. NOTE: this issue was SPLIT due to different affected versions (ADT3). The irkerbridge.py issue is covered by CVE-2013-7393. | ||||
| Applies to: VisualSVN Server |
Created: 2014-04-28 |
Updated: 2024-01-17 |
||
| ID: MITRE:24245 |
Title: Apache Subversion vulnerability 1.8.0 through 1.8.1 in VisualSVN Server allows to split "pack file" in the repository |
Type: Software |
Bulletins:
MITRE:24245 CVE-2013-4246 |
Severity: Medium |
| Description: ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. | ||||
| Applies to: VisualSVN Server |
Created: 2014-04-28 |
Updated: 2024-01-17 |
||
| ID: MITRE:24277 |
Title: Apache Subversion vulnerability 1.7.11 through 1.7.13 and 1.8.1 through 1.8.4 in VisualSVN Server allows remote attackers to cause a denial of service |
Type: Software |
Bulletins:
MITRE:24277 CVE-2013-4558 |
Severity: Low |
| Description: The get_parent_resource function in repos.c in mod_dav_svn Apache HTTPD server module in Subversion 1.7.11 through 1.7.13 and 1.8.1 through 1.8.4, when built with assertions enabled and SVNAutoversioning is enabled, allows remote attackers to cause a denial of service (assertion failure and Apache process abort) via a non-canonical URL in a request, as demonstrated using a trailing /. | ||||
| Applies to: VisualSVN Server |
Created: 2014-04-28 |
Updated: 2024-01-17 |
||
| ID: MITRE:24294 |
Title: Apache Subversion vulnerability 1.4.0 through 1.7.13 and 1.8.0 through 1.8.4 in VisualSVN Server allows remote attackers to bypass intended access restrictions and possibly cause a denial of service |
Type: Software |
Bulletins:
MITRE:24294 CVE-2013-4505 |
Severity: Low |
| Description: The is_this_legal function in mod_dontdothat for Apache Subversion 1.4.0 through 1.7.13 and 1.8.0 through 1.8.4 allows remote attackers to bypass intended access restrictions and possibly cause a denial of service (resource consumption) via a relative URL in a REPORT request. | ||||
| Applies to: VisualSVN Server |
Created: 2014-04-28 |
Updated: 2024-01-17 |
||
| ID: MITRE:23774 |
Title: Adobe Shockwave Player before 12.1.0.150 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. |
Type: Web |
Bulletins:
MITRE:23774 CVE-2014-0505 |
Severity: High |
| Description: Adobe Shockwave Player before 12.1.0.150 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. | ||||
| Applies to: Adobe Shockwave Player |
Created: 2014-04-28 |
Updated: 2024-01-17 |
||
| ID: CVE-2012-3946 |
Title: Cisco IOS before 15.3(2)S allows remote attackers to bypass interface ACL restrictions in opportunistic circumstances by sending IPv6 packets in an unspecified scenario in which expected packet drops do not occur for "a small percentage" of the... |
Type: Hardware |
Bulletins:
CVE-2012-3946 |
Severity: Medium |
| Description: Cisco IOS before 15.3(2)S allows remote attackers to bypass interface ACL restrictions in opportunistic circumstances by sending IPv6 packets in an unspecified scenario in which expected packet drops do not occur for "a small percentage" of the packets, aka Bug ID CSCty73682. | ||||
| Applies to: |
Created: 2014-04-24 |
Updated: 2024-01-17 |
||
| ID: CVE-2012-5723 |
Title: Cisco ASR 1000 devices with software before 3.8S, when BDI routing is enabled, allow remote attackers to cause a denial of service (device reload) via crafted (1) broadcast or (2) multicast ICMP packets with fragmentation, aka Bug ID CSCub55948. |
Type: Hardware |
Bulletins:
CVE-2012-5723 |
Severity: Medium |
| Description: Cisco ASR 1000 devices with software before 3.8S, when BDI routing is enabled, allow remote attackers to cause a denial of service (device reload) via crafted (1) broadcast or (2) multicast ICMP packets with fragmentation, aka Bug ID CSCub55948. | ||||
| Applies to: |
Created: 2014-04-24 |
Updated: 2024-01-17 |
||
| ID: CVE-2012-1317 |
Title: The multicast implementation in Cisco IOS before 15.1(1)SY allows remote attackers to cause a denial of service (Route Processor crash) by sending packets at a high rate, aka Bug ID CSCts37717. |
Type: Hardware |
Bulletins:
CVE-2012-1317 |
Severity: Medium |
| Description: The multicast implementation in Cisco IOS before 15.1(1)SY allows remote attackers to cause a denial of service (Route Processor crash) by sending packets at a high rate, aka Bug ID CSCts37717. | ||||
| Applies to: |
Created: 2014-04-23 |
Updated: 2024-01-17 |
||
| ID: CVE-2012-4658 |
Title: The ios-authproxy implementation in Cisco IOS before 15.1(1)SY3 allows remote attackers to cause a denial of service (webauth and HTTP service outage) via vectors that trigger incorrectly terminated HTTP sessions, aka Bug ID CSCtz99447. |
Type: Hardware |
Bulletins:
CVE-2012-4658 |
Severity: Medium |
| Description: The ios-authproxy implementation in Cisco IOS before 15.1(1)SY3 allows remote attackers to cause a denial of service (webauth and HTTP service outage) via vectors that trigger incorrectly terminated HTTP sessions, aka Bug ID CSCtz99447. | ||||
| Applies to: |
Created: 2014-04-23 |
Updated: 2024-01-17 |
||
| ID: CVE-2012-5032 |
Title: The Flex-VPN load-balancing feature in the ipsec-ikev2 implementation in Cisco IOS before 15.1(1)SY3 does not require authentication, which allows remote attackers to trigger the forwarding of VPN traffic to an attacker-controlled destination, or... |
Type: Hardware |
Bulletins:
CVE-2012-5032 |
Severity: Medium |
| Description: The Flex-VPN load-balancing feature in the ipsec-ikev2 implementation in Cisco IOS before 15.1(1)SY3 does not require authentication, which allows remote attackers to trigger the forwarding of VPN traffic to an attacker-controlled destination, or the discarding of this traffic, by arranging for an arbitrary device to become a cluster member, aka Bug ID CSCub93641. | ||||
| Applies to: |
Created: 2014-04-23 |
Updated: 2024-01-17 |
||
| ID: CVE-2012-5039 |
Title: The BGP Router process in Cisco IOS before 12.2(50)SY1 allows remote attackers to cause a denial of service (memory consumption) via vectors involving BGP path attributes, aka Bug ID CSCsw63003. |
Type: Hardware |
Bulletins:
CVE-2012-5039 |
Severity: Medium |
| Description: The BGP Router process in Cisco IOS before 12.2(50)SY1 allows remote attackers to cause a denial of service (memory consumption) via vectors involving BGP path attributes, aka Bug ID CSCsw63003. | ||||
| Applies to: |
Created: 2014-04-23 |
Updated: 2024-01-17 |
||
| ID: CVE-2012-5037 |
Title: The ACL implementation in Cisco IOS before 15.1(1)SY on Catalyst 6500 and 7600 devices allows local users to cause a denial of service (device reload) via a "no object-group" command followed by an object-group command, aka Bug ID CSCts16133. |
Type: Hardware |
Bulletins:
CVE-2012-5037 |
Severity: Medium |
| Description: The ACL implementation in Cisco IOS before 15.1(1)SY on Catalyst 6500 and 7600 devices allows local users to cause a denial of service (device reload) via a "no object-group" command followed by an object-group command, aka Bug ID CSCts16133. | ||||
| Applies to: Cisco Catalyst 6500 Series Switches Cisco Catalyst 7600 |
Created: 2014-04-23 |
Updated: 2024-01-17 |
||
| ID: CVE-2012-0360 |
Title: Memory leak in Cisco IOS before 15.1(1)SY, when IKEv2 debugging is enabled, allows remote attackers to cause a denial of service (memory consumption) via crafted packets, aka Bug ID CSCtn22376. |
Type: Hardware |
Bulletins:
CVE-2012-0360 |
Severity: Medium |
| Description: Memory leak in Cisco IOS before 15.1(1)SY, when IKEv2 debugging is enabled, allows remote attackers to cause a denial of service (memory consumption) via crafted packets, aka Bug ID CSCtn22376. | ||||
| Applies to: |
Created: 2014-04-23 |
Updated: 2024-01-17 |
||
| ID: CVE-2012-5427 |
Title: Cisco IOS Unified Border Element (CUBE) in Cisco IOS before 15.3(2)T allows remote authenticated users to cause a denial of service (input queue wedge) via a crafted series of RTCP packets, aka Bug ID CSCuc42518. |
Type: Hardware |
Bulletins:
CVE-2012-5427 |
Severity: Medium |
| Description: Cisco IOS Unified Border Element (CUBE) in Cisco IOS before 15.3(2)T allows remote authenticated users to cause a denial of service (input queue wedge) via a crafted series of RTCP packets, aka Bug ID CSCuc42518. | ||||
| Applies to: |
Created: 2014-04-23 |
Updated: 2024-01-17 |
||
| ID: CVE-2012-4651 |
Title: Cisco IOS before 15.3(2)T, when scansafe is enabled, allows remote attackers to cause a denial of service (latency) via SYN packets that are not accompanied by SYN-ACK packets from the Scan Safe Tower, aka Bug ID CSCub85451. |
Type: Hardware |
Bulletins:
CVE-2012-4651 |
Severity: Medium |
| Description: Cisco IOS before 15.3(2)T, when scansafe is enabled, allows remote attackers to cause a denial of service (latency) via SYN packets that are not accompanied by SYN-ACK packets from the Scan Safe Tower, aka Bug ID CSCub85451. | ||||
| Applies to: |
Created: 2014-04-23 |
Updated: 2024-01-17 |
||
| ID: CVE-2012-5044 |
Title: Cisco IOS before 15.3(1)T, when media flow-around is not used, allows remote attackers to cause a denial of service (media loops and stack memory corruption) via VoIP traffic, aka Bug ID CSCub45809. |
Type: Hardware |
Bulletins:
CVE-2012-5044 |
Severity: Medium |
| Description: Cisco IOS before 15.3(1)T, when media flow-around is not used, allows remote attackers to cause a denial of service (media loops and stack memory corruption) via VoIP traffic, aka Bug ID CSCub45809. | ||||
| Applies to: |
Created: 2014-04-23 |
Updated: 2024-01-17 |
||
| ID: CVE-2012-5014 |
Title: Cisco IOS before 15.1(2)SY allows remote authenticated users to cause a denial of service (device crash) by establishing an SSH session from a client and then placing this client into a (1) slow or (2) idle state, aka Bug ID CSCto87436. |
Type: Hardware |
Bulletins:
CVE-2012-5014 |
Severity: Medium |
| Description: Cisco IOS before 15.1(2)SY allows remote authenticated users to cause a denial of service (device crash) by establishing an SSH session from a client and then placing this client into a (1) slow or (2) idle state, aka Bug ID CSCto87436. | ||||
| Applies to: |
Created: 2014-04-23 |
Updated: 2024-01-17 |
||
| ID: CVE-2012-5017 |
Title: Cisco IOS before 15.1(1)SY1 allows remote authenticated users to cause a denial of service (device reload) by establishing a VPN session and then sending malformed IKEv2 packets, aka Bug ID CSCub39268. |
Type: Hardware |
Bulletins:
CVE-2012-5017 |
Severity: Medium |
| Description: Cisco IOS before 15.1(1)SY1 allows remote authenticated users to cause a denial of service (device reload) by establishing a VPN session and then sending malformed IKEv2 packets, aka Bug ID CSCub39268. | ||||
| Applies to: |
Created: 2014-04-23 |
Updated: 2024-01-17 |
||
| ID: CVE-2012-3062 |
Title: Cisco IOS before 15.1(1)SY, when Multicast Listener Discovery (MLD) snooping is enabled, allows remote attackers to cause a denial of service (CPU consumption or device crash) via MLD packets on a network that contains many IPv6 hosts, aka Bug ID... |
Type: Hardware |
Bulletins:
CVE-2012-3062 |
Severity: Medium |
| Description: Cisco IOS before 15.1(1)SY, when Multicast Listener Discovery (MLD) snooping is enabled, allows remote attackers to cause a denial of service (CPU consumption or device crash) via MLD packets on a network that contains many IPv6 hosts, aka Bug ID CSCtr88193. | ||||
| Applies to: |
Created: 2014-04-23 |
Updated: 2024-01-17 |
||
| ID: CVE-2012-1366 |
Title: Cisco IOS before 15.1(1)SY on ASR 1000 devices, when Multicast Listener Discovery (MLD) tracking is enabled for IPv6, allows remote attackers to cause a denial of service (device reload) via crafted MLD packets, aka Bug ID CSCtz28544. |
Type: Hardware |
Bulletins:
CVE-2012-1366 |
Severity: Medium |
| Description: Cisco IOS before 15.1(1)SY on ASR 1000 devices, when Multicast Listener Discovery (MLD) tracking is enabled for IPv6, allows remote attackers to cause a denial of service (device reload) via crafted MLD packets, aka Bug ID CSCtz28544. | ||||
| Applies to: |
Created: 2014-04-23 |
Updated: 2024-01-17 |
||
| ID: CVE-2012-4638 |
Title: Cisco IOS before 15.1(1)SY allows local users to cause a denial of service (device reload) by establishing an outbound SSH session, aka Bug ID CSCto00318. |
Type: Hardware |
Bulletins:
CVE-2012-4638 |
Severity: Medium |
| Description: Cisco IOS before 15.1(1)SY allows local users to cause a denial of service (device reload) by establishing an outbound SSH session, aka Bug ID CSCto00318. | ||||
| Applies to: |
Created: 2014-04-23 |
Updated: 2024-01-17 |
||
| ID: CVE-2012-5036 |
Title: Cisco IOS before 12.2(50)SY1 allows remote authenticated users to cause a denial of service (memory consumption) via a sequence of VTY management sessions (aka exec sessions), aka Bug ID CSCtn43662. |
Type: Hardware |
Bulletins:
CVE-2012-5036 |
Severity: Medium |
| Description: Cisco IOS before 12.2(50)SY1 allows remote authenticated users to cause a denial of service (memory consumption) via a sequence of VTY management sessions (aka exec sessions), aka Bug ID CSCtn43662. | ||||
| Applies to: |
Created: 2014-04-23 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-2842 |
Title: Juniper ScreenOS 6.3 and earlier allows remote attackers to cause a denial of service (crash and restart or failover) via a malformed SSL/TLS packet. |
Type: Hardware |
Bulletins:
CVE-2014-2842 SFBID66802 |
Severity: High |
| Description: Juniper ScreenOS 6.3 and earlier allows remote attackers to cause a denial of service (crash and restart or failover) via a malformed SSL/TLS packet. | ||||
| Applies to: |
Created: 2014-04-15 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-0612 |
Title: Unspecified vulnerability in Juniper Junos before 11.4R10-S1, before 11.4R11, 12.1X44 before 12.1X44-D26, 12.1X44 before 12.1X44-D30, 12.1X45 before 12.1X45-D20, and 12.1X46 before 12.1X46-D10, when Dynamic IPsec VPN is configured, allows remote... |
Type: Hardware |
Bulletins:
CVE-2014-0612 SFBID66759 |
Severity: Medium |
| Description: Unspecified vulnerability in Juniper Junos before 11.4R10-S1, before 11.4R11, 12.1X44 before 12.1X44-D26, 12.1X44 before 12.1X44-D30, 12.1X45 before 12.1X45-D20, and 12.1X46 before 12.1X46-D10, when Dynamic IPsec VPN is configured, allows remote attackers to cause a denial of service (new Dynamic VPN connection failures and CPU and disk consumption) via unknown vectors. | ||||
| Applies to: Juniper SRX100 Juniper SRX110 Juniper SRX210 Juniper SRX220 Juniper SRX240 Juniper SRX550 Juniper SRX650 |
Created: 2014-04-14 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-2714 |
Title: The Enhanced Web Filtering (EWF) in Juniper Junos before 10.4R15, 11.4 before 11.4R9, 12.1 before 12.1R7, 12.1X44 before 12.1X44-D20, 12.1X45 before 12.1X45-D10, and 12.1X46 before 12.1X46-D10, as used in the SRX Series services gateways, allows... |
Type: Hardware |
Bulletins:
CVE-2014-2714 SFBID66760 |
Severity: High |
| Description: The Enhanced Web Filtering (EWF) in Juniper Junos before 10.4R15, 11.4 before 11.4R9, 12.1 before 12.1R7, 12.1X44 before 12.1X44-D20, 12.1X45 before 12.1X45-D10, and 12.1X46 before 12.1X46-D10, as used in the SRX Series services gateways, allows remote attackers to cause a denial of service (flow daemon crash and restart) via a crafted URL. | ||||
| Applies to: |
Created: 2014-04-14 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-2713 |
Title: Juniper Junos before 11.4R11, 12.1 before 12.1R9, 12.2 before 12.2R7, 12.3R4 before 12.3R4-S3, 13.1 before 13.1R4, 13.2 before 13.2R2, and 13.3 before 13.3R1, as used in MX Series and T4000 routers, allows remote attackers to cause a denial of... |
Type: Hardware |
Bulletins:
CVE-2014-2713 SFBID66764 |
Severity: Medium |
| Description: Juniper Junos before 11.4R11, 12.1 before 12.1R9, 12.2 before 12.2R7, 12.3R4 before 12.3R4-S3, 13.1 before 13.1R4, 13.2 before 13.2R2, and 13.3 before 13.3R1, as used in MX Series and T4000 routers, allows remote attackers to cause a denial of service (PFE restart) via a crafted IP packet to certain (1) Trio or (2) Cassis-based Packet Forwarding Engine (PFE) modules. | ||||
| Applies to: |
Created: 2014-04-14 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-0614 |
Title: Juniper Junos 13.2 before 13.2R3 and 13.3 before 13.3R1, when PIM is enabled, allows remote attackers to cause a denial of service (kernel panic and crash) via a large number of crafted IGMP packets. |
Type: Hardware |
Bulletins:
CVE-2014-0614 SFBID66762 |
Severity: High |
| Description: Juniper Junos 13.2 before 13.2R3 and 13.3 before 13.3R1, when PIM is enabled, allows remote attackers to cause a denial of service (kernel panic and crash) via a large number of crafted IGMP packets. | ||||
| Applies to: |
Created: 2014-04-14 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-2711 |
Title: Cross-site scripting (XSS) vulnerability in J-Web in Juniper Junos before 11.4R11, 11.4X27 before 11.4X27.62 (BBE), 12.1 before 12.1R9, 12.1X44 before 12.1X44-D35, 12.1X45 before 12.1X45-D25, 12.1X46 before 12.1X46-D20, 12.2 before 12.2R7, 12.3... |
Type: Hardware |
Bulletins:
CVE-2014-2711 SFBID66770 |
Severity: Medium |
| Description: Cross-site scripting (XSS) vulnerability in J-Web in Juniper Junos before 11.4R11, 11.4X27 before 11.4X27.62 (BBE), 12.1 before 12.1R9, 12.1X44 before 12.1X44-D35, 12.1X45 before 12.1X45-D25, 12.1X46 before 12.1X46-D20, 12.2 before 12.2R7, 12.3 before 12.3R6, 13.1 before 13.1R4, 13.2 before 13.2R3, and 13.3 before 13.3R1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| Applies to: |
Created: 2014-04-14 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-2712 |
Title: Cross-site scripting (XSS) vulnerability in J-Web in Juniper Junos before 10.0S25, 10.4 before 10.4R10, 11.4 before 11.4R11, 12.1 before 12.1R9, 12.1X44 before 12.1X44-D30, 12.1X45 before 12.1X45-D20, 12.1X46 before 12.1X46-D10, and 12.2 before... |
Type: Hardware |
Bulletins:
CVE-2014-2712 SFBID66767 |
Severity: Medium |
| Description: Cross-site scripting (XSS) vulnerability in J-Web in Juniper Junos before 10.0S25, 10.4 before 10.4R10, 11.4 before 11.4R11, 12.1 before 12.1R9, 12.1X44 before 12.1X44-D30, 12.1X45 before 12.1X45-D20, 12.1X46 before 12.1X46-D10, and 12.2 before 12.2R1 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters to index.php. | ||||
| Applies to: |
Created: 2014-04-14 |
Updated: 2024-01-17 |
||
| ID: MITRE:24439 |
Title: RHSA-2014:0380: flash-plugin security update |
Type: Software |
Bulletins:
MITRE:24439 |
Severity: Low |
| Description: The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities are detailed in the Adobe Security Bulletin APSB14-09, listed in the References section. Two flaws were found in the way flash-plugin displayed certain SWF content. An attacker could use these flaws to create a specially crafted SWF file that would cause flash-plugin to crash or, potentially, execute arbitrary code when the victim loaded a page containing the malicious SWF content. (CVE-2014-0506, CVE-2014-0507) A flaw in flash-plugin could allow an attacker to obtain sensitive information if a victim were tricked into visiting a specially crafted web page. (CVE-2014-0508) A flaw in flash-plugin could allow an attacker to conduct cross-site scripting (XSS) attacks if a victim were tricked into visiting a specially crafted web page. (CVE-2014-0509) All users of Adobe Flash Player should install this updated package, which upgrades Flash Player to version 11.2.202.350. | ||||
| Applies to: flash-plugin |
Created: 2014-04-11 |
Updated: 2015-08-03 |
||
| ID: MITRE:24718 |
Title: RHSA-2014:0376: openssl security update |
Type: Web |
Bulletins:
MITRE:24718 |
Severity: Low |
| Description: OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. An information disclosure flaw was found in the way OpenSSL handled TLS and DTLS Heartbeat Extension packets. A malicious TLS or DTLS client or server could send a specially crafted TLS or DTLS Heartbeat packet to disclose a limited portion of memory per request from a connected client or server. Note that the disclosed portions of memory could potentially include sensitive information such as private keys. (CVE-2014-0160) Red Hat would like to thank the OpenSSL project for reporting this issue. Upstream acknowledges Neel Mehta of Google Security as the original reporter. All OpenSSL users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. For the update to take effect, all services linked to the OpenSSL library (such as httpd and other SSL-enabled services) must be restarted or the system rebooted. | ||||
| Applies to: openssl |
Created: 2014-04-11 |
Updated: 2015-04-13 |
||
| ID: REF000672 |
Title: openSSL Vulnerability: Heartbleed - unix |
Type: Services |
Bulletins: | Severity: High |
| Description: The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug. | ||||
| Applies to: |
Created: 2014-04-10 |
Updated: 2014-04-10 |
||
| ID: CVE-2014-0160 |
Title: openSSL Vulnerability: Heartbleed |
Type: Services |
Bulletins:
CVE-2014-0160 |
Severity: Medium |
| Description: The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug. | ||||
| Applies to: OpenSSL |
Created: 2014-04-10 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-2144 |
Title: Cisco IOS XR does not properly throttle ICMPv6 redirect packets, which allows remote attackers to cause a denial of service (IPv4 and IPv6 transit outage) via crafted redirect messages, aka Bug ID CSCum14266. |
Type: Hardware |
Bulletins:
CVE-2014-2144 |
Severity: Medium |
| Description: Cisco IOS XR does not properly throttle ICMPv6 redirect packets, which allows remote attackers to cause a denial of service (IPv4 and IPv6 transit outage) via crafted redirect messages, aka Bug ID CSCum14266. | ||||
| Applies to: |
Created: 2014-04-05 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-2143 |
Title: The IKE implementation in Cisco IOS 15.4(1)T and earlier and IOS XE allows remote attackers to cause a denial of service (security-association drop) via crafted Main Mode packets, aka Bug ID CSCun31021. |
Type: Hardware |
Bulletins:
CVE-2014-2143 |
Severity: Medium |
| Description: The IKE implementation in Cisco IOS 15.4(1)T and earlier and IOS XE allows remote attackers to cause a denial of service (security-association drop) via crafted Main Mode packets, aka Bug ID CSCun31021. | ||||
| Applies to: |
Created: 2014-04-04 |
Updated: 2024-01-17 |
||
| ID: MITRE:22065 |
Title: VBScript Memory Corruption Vulnerability () - MS14-010, MS14-011 |
Type: Miscellaneous |
Bulletins:
MITRE:22065 CVE-2014-0271 |
Severity: High |
| Description: The VBScript engine in Microsoft Internet Explorer 6 through 11, and VBScript 5.6 through 5.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "VBScript Memory Corruption Vulnerability." | ||||
| Applies to: Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 Microsoft Internet Explorer 6 Microsoft Internet Explorer 7 Microsoft Internet Explorer 8 Microsoft Internet Explorer 9 VBScript 5.6 VBScript 5.7 VBScript 5.8 |
Created: 2014-03-31 |
Updated: 2024-01-17 |
||
| ID: CVE-2013-6770 |
Title: The CyanogenMod/ClockWorkMod/Koush Superuser package 1.0.2.1 for Android 4.3 and 4.4 does not properly restrict the set of users who can execute /system/xbin/su with the --daemon option, which allows attackers to gain privileges by... |
Type: Mobile Devices |
Bulletins:
CVE-2013-6770 |
Severity: High |
| Description: The CyanogenMod/ClockWorkMod/Koush Superuser package 1.0.2.1 for Android 4.3 and 4.4 does not properly restrict the set of users who can execute /system/xbin/su with the --daemon option, which allows attackers to gain privileges by leveraging ADB shell access and a certain Linux UID, and then creating a Trojan horse script. | ||||
| Applies to: |
Created: 2014-03-31 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-2131 |
Title: The packet driver in Cisco IOS allows remote attackers to cause a denial of service (device reload) via a series of (1) Virtual Switching Systems (VSS) or (2) Bidirectional Forwarding Detection (BFD) packets, aka Bug IDs CSCug41049 and CSCue61890. |
Type: Hardware |
Bulletins:
CVE-2014-2131 |
Severity: Medium |
| Description: The packet driver in Cisco IOS allows remote attackers to cause a denial of service (device reload) via a series of (1) Virtual Switching Systems (VSS) or (2) Bidirectional Forwarding Detection (BFD) packets, aka Bug IDs CSCug41049 and CSCue61890. | ||||
| Applies to: |
Created: 2014-03-28 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-2109 |
Title: The TCP Input module in Cisco IOS 12.2 through 12.4 and 15.0 through 15.4, when NAT is used, allows remote attackers to cause a denial of service (memory consumption or device reload) via crafted TCP packets, aka Bug IDs CSCuh33843 and CSCuj41494. |
Type: Hardware |
Bulletins:
CVE-2014-2109 SFBID66470 |
Severity: High |
| Description: The TCP Input module in Cisco IOS 12.2 through 12.4 and 15.0 through 15.4, when NAT is used, allows remote attackers to cause a denial of service (memory consumption or device reload) via crafted TCP packets, aka Bug IDs CSCuh33843 and CSCuj41494. | ||||
| Applies to: |
Created: 2014-03-27 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-2112 |
Title: The SSL VPN (aka WebVPN) feature in Cisco IOS 15.1 through 15.4 allows remote attackers to cause a denial of service (memory consumption) via crafted HTTP requests, aka Bug ID CSCuf51357. |
Type: Hardware |
Bulletins:
CVE-2014-2112 SFBID66462 |
Severity: High |
| Description: The SSL VPN (aka WebVPN) feature in Cisco IOS 15.1 through 15.4 allows remote attackers to cause a denial of service (memory consumption) via crafted HTTP requests, aka Bug ID CSCuf51357. | ||||
| Applies to: |
Created: 2014-03-27 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-2111 |
Title: The Application Layer Gateway (ALG) module in Cisco IOS 12.2 through 12.4 and 15.0 through 15.4, when NAT is used, allows remote attackers to cause a denial of service (device reload) via crafted DNS packets, aka Bug ID CSCue00996. |
Type: Hardware |
Bulletins:
CVE-2014-2111 SFBID66470 |
Severity: High |
| Description: The Application Layer Gateway (ALG) module in Cisco IOS 12.2 through 12.4 and 15.0 through 15.4, when NAT is used, allows remote attackers to cause a denial of service (device reload) via crafted DNS packets, aka Bug ID CSCue00996. | ||||
| Applies to: |
Created: 2014-03-27 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-2106 |
Title: Cisco IOS 15.3M before 15.3(3)M2 and IOS XE 3.10.xS before 3.10.2S allow remote attackers to cause a denial of service (device reload) via crafted SIP messages, aka Bug ID CSCug45898. |
Type: Hardware |
Bulletins:
CVE-2014-2106 |
Severity: High |
| Description: Cisco IOS 15.3M before 15.3(3)M2 and IOS XE 3.10.xS before 3.10.2S allow remote attackers to cause a denial of service (device reload) via crafted SIP messages, aka Bug ID CSCug45898. | ||||
| Applies to: |
Created: 2014-03-27 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-2113 |
Title: Cisco IOS 15.1 through 15.3 and IOS XE 3.3 and 3.5 before 3.5.2E; 3.7 before 3.7.5S; and 3.8, 3.9, and 3.10 before 3.10.2S allow remote attackers to cause a denial of service (I/O memory consumption and device reload) via a malformed IPv6 packet,... |
Type: Hardware |
Bulletins:
CVE-2014-2113 SFBID66467 |
Severity: High |
| Description: Cisco IOS 15.1 through 15.3 and IOS XE 3.3 and 3.5 before 3.5.2E; 3.7 before 3.7.5S; and 3.8, 3.9, and 3.10 before 3.10.2S allow remote attackers to cause a denial of service (I/O memory consumption and device reload) via a malformed IPv6 packet, aka Bug ID CSCui59540. | ||||
| Applies to: |
Created: 2014-03-27 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-2107 |
Title: Cisco IOS 12.2 and 15.0 through 15.3, when used with the Kailash FPGA before 2.6 on RSP720-3C-10GE and RSP720-3CXL-10GE devices, allows remote attackers to cause a denial of service (route switch processor outage) via crafted IP packets, aka Bug ID... |
Type: Hardware |
Bulletins:
CVE-2014-2107 |
Severity: High |
| Description: Cisco IOS 12.2 and 15.0 through 15.3, when used with the Kailash FPGA before 2.6 on RSP720-3C-10GE and RSP720-3CXL-10GE devices, allows remote attackers to cause a denial of service (route switch processor outage) via crafted IP packets, aka Bug ID CSCug84789. | ||||
| Applies to: |
Created: 2014-03-27 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-2108 |
Title: Cisco IOS 12.2 and 15.0 through 15.3 and IOS XE 3.2 through 3.7 before 3.7.5S and 3.8 through 3.10 before 3.10.1S allow remote attackers to cause a denial of service (device reload) via a malformed IKEv2 packet, aka Bug ID CSCui88426. |
Type: Hardware |
Bulletins:
CVE-2014-2108 |
Severity: High |
| Description: Cisco IOS 12.2 and 15.0 through 15.3 and IOS XE 3.2 through 3.7 before 3.7.5S and 3.8 through 3.10 before 3.10.1S allow remote attackers to cause a denial of service (device reload) via a malformed IKEv2 packet, aka Bug ID CSCui88426. | ||||
| Applies to: |
Created: 2014-03-27 |
Updated: 2024-01-17 |
||
| ID: MITRE:23928 |
Title: RHSA-2014:0289: flash-plugin security update |
Type: Software |
Bulletins:
MITRE:23928 |
Severity: Low |
| Description: Adobe Flash Player before 11.7.700.272 and 11.8.x through 12.0.x before 12.0.0.77 on Windows and OS X, and before 11.2.202.346 on Linux, allows attackers to read the clipboard via unspecified vectors. | ||||
| Applies to: flash-plugin |
Created: 2014-03-24 |
Updated: 2015-08-03 |
||
| ID: CVE-2014-2124 |
Title: Cisco IOS 15.1(2)SY3 and earlier, when used with Supervisor Engine 2T (aka Sup2T) on Catalyst 6500 devices, allows remote attackers to cause a denial of service (device crash) via crafted multicast packets, aka Bug ID CSCuf60783. |
Type: Hardware |
Bulletins:
CVE-2014-2124 SFBID66301 |
Severity: High |
| Description: Cisco IOS 15.1(2)SY3 and earlier, when used with Supervisor Engine 2T (aka Sup2T) on Catalyst 6500 devices, allows remote attackers to cause a denial of service (device crash) via crafted multicast packets, aka Bug ID CSCuf60783. | ||||
| Applies to: Cisco Catalyst 6500 Series Switches |
Created: 2014-03-20 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-2292 |
Title: Unspecified vulnerability in the Linux Network Connect client in Juniper Junos Pulse Secure Access Service (aka SSL VPN) with IVE OS before 7.1r18, 7.3 before 7.3r10, 7.4 before 7.4r8, and 8.0 before 8.0r1 allows local users to gain privileges via... |
Type: Hardware |
Bulletins:
CVE-2014-2292 |
Severity: High |
| Description: Unspecified vulnerability in the Linux Network Connect client in Juniper Junos Pulse Secure Access Service (aka SSL VPN) with IVE OS before 7.1r18, 7.3 before 7.3r10, 7.4 before 7.4r8, and 8.0 before 8.0r1 allows local users to gain privileges via unspecified vectors. | ||||
| Applies to: |
Created: 2014-03-14 |
Updated: 2024-01-17 |
||
| ID: CVE-2013-6835 |
Title: TelephonyUI Framework in Apple iOS 7 before 7.1, when Safari is used, does not require user confirmation for FaceTime audio calls, which allows remote attackers to obtain telephone number or e-mail address information via a... |
Type: Mobile Devices |
Bulletins:
CVE-2013-6835 SFBID66108 |
Severity: Medium |
| Description: TelephonyUI Framework in Apple iOS 7 before 7.1, when Safari is used, does not require user confirmation for FaceTime audio calls, which allows remote attackers to obtain telephone number or e-mail address information via a facetime-audio: URL. | ||||
| Applies to: |
Created: 2014-03-14 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-1286 |
Title: SpringBoard Lock Screen in Apple iOS before 7.1 allows remote attackers to cause a denial of service (lock-screen hang) by leveraging a state-management error. |
Type: Mobile Devices |
Bulletins:
CVE-2014-1286 |
Severity: Medium |
| Description: SpringBoard Lock Screen in Apple iOS before 7.1 allows remote attackers to cause a denial of service (lock-screen hang) by leveraging a state-management error. | ||||
| Applies to: |
Created: 2014-03-14 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-1285 |
Title: Springboard in Apple iOS before 7.1 allows physically proximate attackers to bypass intended access restrictions and read the home screen by leveraging an application crash during activation of an unactivated device. |
Type: Mobile Devices |
Bulletins:
CVE-2014-1285 |
Severity: Medium |
| Description: Springboard in Apple iOS before 7.1 allows physically proximate attackers to bypass intended access restrictions and read the home screen by leveraging an application crash during activation of an unactivated device. | ||||
| Applies to: |
Created: 2014-03-14 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-1281 |
Title: Photos Backend in Apple iOS before 7.1 does not properly manage the asset-library cache during deletions, which allows physically proximate attackers to obtain sensitive photo data by launching the Photos app and looking under a... |
Type: Mobile Devices |
Bulletins:
CVE-2014-1281 |
Severity: Low |
| Description: Photos Backend in Apple iOS before 7.1 does not properly manage the asset-library cache during deletions, which allows physically proximate attackers to obtain sensitive photo data by launching the Photos app and looking under a transparent image. | ||||
| Applies to: |
Created: 2014-03-14 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-1276 |
Title: IOKit HID Event in Apple iOS before 7.1 allows attackers to conduct user-action monitoring attacks against arbitrary apps via a crafted app that accesses an IOKit framework interface. |
Type: Mobile Devices |
Bulletins:
CVE-2014-1276 |
Severity: Medium |
| Description: IOKit HID Event in Apple iOS before 7.1 allows attackers to conduct user-action monitoring attacks against arbitrary apps via a crafted app that accesses an IOKit framework interface. | ||||
| Applies to: |
Created: 2014-03-14 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-1274 |
Title: FaceTime in Apple iOS before 7.1 allows physically proximate attackers to obtain sensitive FaceTime contact information by using the lock screen for an invalid FaceTime call. |
Type: Mobile Devices |
Bulletins:
CVE-2014-1274 |
Severity: Low |
| Description: FaceTime in Apple iOS before 7.1 allows physically proximate attackers to obtain sensitive FaceTime contact information by using the lock screen for an invalid FaceTime call. | ||||
| Applies to: |
Created: 2014-03-14 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-2291 |
Title: Cross-site scripting (XSS) vulnerability in the Pulse Collaboration (Secure Meeting) user pages in Juniper Junos Pulse Secure Access Service (aka SSL VPN) with IVE OS before 7.1r18, 7.3 before 7.3r10, 7.4 before 7.4r8, and 8.0 before 8.0r1 allows... |
Type: Hardware |
Bulletins:
CVE-2014-2291 |
Severity: Low |
| Description: Cross-site scripting (XSS) vulnerability in the Pulse Collaboration (Secure Meeting) user pages in Juniper Junos Pulse Secure Access Service (aka SSL VPN) with IVE OS before 7.1r18, 7.3 before 7.3r10, 7.4 before 7.4r8, and 8.0 before 8.0r1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | ||||
| Applies to: |
Created: 2014-03-14 |
Updated: 2024-01-17 |
||
| ID: CVE-2013-5133 |
Title: Backup in Apple iOS before 7.1 does not properly restrict symlinks, which allows remote attackers to overwrite files during a restore operation via crafted backup data. |
Type: Mobile Devices |
Bulletins:
CVE-2013-5133 |
Severity: High |
| Description: Backup in Apple iOS before 7.1 does not properly restrict symlinks, which allows remote attackers to overwrite files during a restore operation via crafted backup data. | ||||
| Applies to: |
Created: 2014-03-14 |
Updated: 2024-01-17 |
||
| ID: MITRE:24162 |
Title: RHSA-2014:0196: flash-plugin security update |
Type: Software |
Bulletins:
MITRE:24162 |
Severity: Low |
| Description: Double free vulnerability in Adobe Flash Player before 11.7.700.269 and 11.8.x through 12.0.x before 12.0.0.70 on Windows and Mac OS X and before 11.2.202.341 on Linux, Adobe AIR before 4.0.0.1628 on Android, Adobe AIR SDK before 4.0.0.1628, and Adobe AIR SDK & Compiler before 4.0.0.1628 allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in February 2014. | ||||
| Applies to: flash-plugin |
Created: 2014-03-07 |
Updated: 2015-08-03 |
||
| ID: CVE-2014-0705 |
Title: The multicast listener discovery (MLD) service on Cisco Wireless LAN Controller (WLC) devices 7.2, 7.3, 7.4 before 7.4.121.0, and 7.5, when MLDv2 Snooping is enabled, allows remote attackers to cause a denial of service (device restart) via a... |
Type: Hardware |
Bulletins:
CVE-2014-0705 |
Severity: High |
| Description: The multicast listener discovery (MLD) service on Cisco Wireless LAN Controller (WLC) devices 7.2, 7.3, 7.4 before 7.4.121.0, and 7.5, when MLDv2 Snooping is enabled, allows remote attackers to cause a denial of service (device restart) via a malformed IPv6 MLDv2 packet, aka Bug ID CSCuh74233. | ||||
| Applies to: |
Created: 2014-03-06 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-0704 |
Title: The IGMP implementation on Cisco Wireless LAN Controller (WLC) devices 4.x, 5.x, 6.x, 7.0 before 7.0.250.0, 7.1, 7.2, and 7.3, when IGMPv3 Snooping is enabled, allows remote attackers to cause a denial of service (memory over-read and device... |
Type: Hardware |
Bulletins:
CVE-2014-0704 |
Severity: High |
| Description: The IGMP implementation on Cisco Wireless LAN Controller (WLC) devices 4.x, 5.x, 6.x, 7.0 before 7.0.250.0, 7.1, 7.2, and 7.3, when IGMPv3 Snooping is enabled, allows remote attackers to cause a denial of service (memory over-read and device restart) via a crafted field in an IGMPv3 message, aka Bug ID CSCuh33240. | ||||
| Applies to: |
Created: 2014-03-06 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-0703 |
Title: Cisco Wireless LAN Controller (WLC) devices 7.4 before 7.4.110.0 distribute Aironet IOS software with a race condition in the status of the administrative HTTP server, which allows remote attackers to bypass intended access restrictions by... |
Type: Hardware |
Bulletins:
CVE-2014-0703 |
Severity: High |
| Description: Cisco Wireless LAN Controller (WLC) devices 7.4 before 7.4.110.0 distribute Aironet IOS software with a race condition in the status of the administrative HTTP server, which allows remote attackers to bypass intended access restrictions by connecting to an Aironet access point on which this server had been disabled ineffectively, aka Bug ID CSCuf66202. | ||||
| Applies to: |
Created: 2014-03-06 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-0707 |
Title: Cisco Wireless LAN Controller (WLC) devices 7.2, 7.3, and 7.4 before 7.4.110.0 allow remote attackers to cause a denial of service (device restart) via a crafted 802.11 Ethernet frame, aka Bug ID CSCuf80681. |
Type: Hardware |
Bulletins:
CVE-2014-0707 |
Severity: High |
| Description: Cisco Wireless LAN Controller (WLC) devices 7.2, 7.3, and 7.4 before 7.4.110.0 allow remote attackers to cause a denial of service (device restart) via a crafted 802.11 Ethernet frame, aka Bug ID CSCuf80681. | ||||
| Applies to: |
Created: 2014-03-06 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-0706 |
Title: Cisco Wireless LAN Controller (WLC) devices 7.2 before 7.2.115.2, 7.3, and 7.4 before 7.4.110.0 allow remote attackers to cause a denial of service (device restart) via a crafted 802.11 Ethernet frame, aka Bug ID CSCue87929. |
Type: Hardware |
Bulletins:
CVE-2014-0706 |
Severity: High |
| Description: Cisco Wireless LAN Controller (WLC) devices 7.2 before 7.2.115.2, 7.3, and 7.4 before 7.4.110.0 allow remote attackers to cause a denial of service (device restart) via a crafted 802.11 Ethernet frame, aka Bug ID CSCue87929. | ||||
| Applies to: |
Created: 2014-03-06 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-0701 |
Title: Cisco Wireless LAN Controller (WLC) devices 7.0 before 7.0.250.0, 7.2, 7.3, and 7.4 before 7.4.110.0 do not properly deallocate memory, which allows remote attackers to cause a denial of service (reboot) by sending WebAuth login requests at a high... |
Type: Hardware |
Bulletins:
CVE-2014-0701 |
Severity: High |
| Description: Cisco Wireless LAN Controller (WLC) devices 7.0 before 7.0.250.0, 7.2, 7.3, and 7.4 before 7.4.110.0 do not properly deallocate memory, which allows remote attackers to cause a denial of service (reboot) by sending WebAuth login requests at a high rate, aka Bug ID CSCuf52361. | ||||
| Applies to: |
Created: 2014-03-06 |
Updated: 2024-01-17 |
||
| ID: MITRE:22096 |
Title: Vulnerability in Java SE 5.0u55, Java SE 6u65, Java SE 7u45, JRockit R27.7.7, JRockit R28.2.9 and Java SE Embedded 7u45 component of Oracle Java SE |
Type: Software |
Bulletins:
MITRE:22096 CVE-2014-0411 |
Severity: Medium |
| Description: Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; JRockit R27.7.7 and R28.2.9; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect confidentiality and integrity via vectors related to JSSE. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that this issue allows remote attackers to obtain sensitive information about encryption keys via a timing discrepancy during the TLS/SSL handshake. | ||||
| Applies to: JRockit Java Runtime Environment |
Created: 2014-03-03 |
Updated: 2024-01-17 |
||
| ID: MITRE:21979 |
Title: Vulnerability in Java SE 5.0u55, Java SE 6u65, Java SE 7u45, JRockit R27.7.7, JRockit R28.2.9 and Java SE Embedded 7u45 component of Oracle Java SE |
Type: Software |
Bulletins:
MITRE:21979 CVE-2014-0423 |
Severity: Medium |
| Description: Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; JRockit R27.7.7 and R28.2.9; Java SE Embedded 7u45; and OpenJDK 7 allows remote authenticated users to affect confidentiality and availability via unknown vectors related to Beans. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that this issue is an XML External Entity (XXE) vulnerability in DocumentHandler.java, related to Beans decoding. | ||||
| Applies to: JRockit Java Runtime Environment |
Created: 2014-03-03 |
Updated: 2024-01-17 |
||
| ID: MITRE:22170 |
Title: Vulnerability in Java SE 5.0u55, Java SE 6u65, Java SE 7u45, JRockit R27.7.7, Java SE Embedded 7u45 component of Oracle Java SE |
Type: Software |
Bulletins:
MITRE:22170 CVE-2013-5907 |
Severity: High |
| Description: Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; JRockit R27.7.7 and R28.2.9; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the issue is due to incorrect input validation in LookupProcessor.cpp in the ICU Layout Engine, which allows attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted font file. | ||||
| Applies to: JRockit Java Runtime Environment |
Created: 2014-03-03 |
Updated: 2024-01-17 |
||
| ID: MITRE:22233 |
Title: Vulnerability in Java SE 5.0u55, Java SE 6u65, Java SE 7u45, Java SE Embedded 7u45 component of Oracle Java SE |
Type: Software |
Bulletins:
MITRE:22233 CVE-2014-0428 |
Severity: High |
| Description: Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the issue is related to "insufficient security checks in IIOP streams," which allows attackers to escape the sandbox. | ||||
| Applies to: Java Runtime Environment |
Created: 2014-03-03 |
Updated: 2024-01-17 |
||
| ID: MITRE:22402 |
Title: Vulnerability in Java SE 5.0u55, Java SE 6u65, Java SE 7u45, Java SE Embedded 7u45 component of Oracle Java SE |
Type: Software |
Bulletins:
MITRE:22402 CVE-2014-0422 |
Severity: High |
| Description: Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JNDI. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the issue is related to missing package access checks in the Naming / JNDI component, which allows attackers to escape the sandbox. | ||||
| Applies to: Java Runtime Environment |
Created: 2014-03-03 |
Updated: 2024-01-17 |
||
| ID: MITRE:22214 |
Title: Vulnerability in Java SE 5.0u55, Java SE 6u65, Java SE 7u45 and Java SE Embedded 7u45 component of Oracle Java SE |
Type: Software |
Bulletins:
MITRE:22214 CVE-2014-0416 |
Severity: Medium |
| Description: Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect integrity via vectors related to JAAS. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the issue is related to how principals are set for the Subject class, which allows attackers to escape the sandbox using deserialization of a crafted Subject instance. | ||||
| Applies to: Java Runtime Environment |
Created: 2014-03-03 |
Updated: 2024-01-17 |
||
| ID: MITRE:22227 |
Title: Vulnerability in Java SE 5.0u55, Java SE 6u65, Java SE 7u45 and Java SE Embedded 7u45 component of Oracle Java SE |
Type: Software |
Bulletins:
MITRE:22227 CVE-2013-5884 |
Severity: Medium |
| Description: Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect confidentiality via vectors related to CORBA. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the issue is related to an incorrect check for code permissions by CORBA stub factories. | ||||
| Applies to: Java Runtime Environment |
Created: 2014-03-03 |
Updated: 2024-01-17 |
||
| ID: MITRE:22270 |
Title: Vulnerability in Java SE 5.0u55, Java SE 6u65, Java SE 7u45 and Java SE Embedded 7u45 component of Oracle Java SE |
Type: Software |
Bulletins:
MITRE:22270 CVE-2014-0376 |
Severity: Medium |
| Description: Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect integrity via vectors related to JAXP. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the issue is related to an improper check for "code permissions when creating document builder factories." | ||||
| Applies to: Java Runtime Environment |
Created: 2014-03-03 |
Updated: 2024-01-17 |
||
| ID: MITRE:22289 |
Title: Vulnerability in Java SE 5.0u55, Java SE 6u65, Java SE 7u45 and Java SE Embedded 7u45 component of Oracle Java SE |
Type: Software |
Bulletins:
MITRE:22289 CVE-2014-0368 |
Severity: Medium |
| Description: Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45, and Java SE Embedded 7u45, allows remote attackers to affect confidentiality via unknown vectors related to Networking. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the issue is related to incorrect permission checks when listening on a socket, which allows attackers to escape the sandbox. | ||||
| Applies to: Java Runtime Environment |
Created: 2014-03-03 |
Updated: 2024-01-17 |
||
| ID: MITRE:22372 |
Title: Vulnerability in Java SE 5.0u55, Java SE 6u65, Java SE 7u45 and Java SE Embedded 7u45 component of Oracle Java SE |
Type: Software |
Bulletins:
MITRE:22372 CVE-2013-5896 |
Severity: Medium |
| Description: Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect availability via vectors related to CORBA. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that com.sun.corba.se and its sub-packages are not included on the restricted package list. | ||||
| Applies to: Java Runtime Environment |
Created: 2014-03-03 |
Updated: 2024-01-17 |
||
| ID: MITRE:22200 |
Title: Vulnerability in Java SE 5.0u55, Java SE 6u65 and Java SE 7u45 component of Oracle Java SE |
Type: Software |
Bulletins:
MITRE:22200 CVE-2013-5906 |
Severity: Medium |
| Description: Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Install, a different vulnerability than CVE-2013-5905. | ||||
| Applies to: Java Runtime Environment |
Created: 2014-03-03 |
Updated: 2024-01-17 |
||
| ID: MITRE:22304 |
Title: Vulnerability in Java SE 5.0u55, Java SE 6u65 and Java SE 7u45 component of Oracle Java SE |
Type: Software |
Bulletins:
MITRE:22304 CVE-2014-0373 |
Severity: High |
| Description: Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Serviceability. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the issue is related to throwing of an incorrect exception when SnmpStatusException should have been used in the SNMP implementation, which allows attackers to escape the sandbox. | ||||
| Applies to: Java Runtime Environment |
Created: 2014-03-03 |
Updated: 2024-01-17 |
||
| ID: MITRE:21384 |
Title: Vulnerability in Java SE 5.0u55, Java SE 6u65 and Java SE 7u45 component of Oracle Java SE |
Type: Software |
Bulletins:
MITRE:21384 CVE-2013-5905 |
Severity: Medium |
| Description: Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Install, a different vulnerability than CVE-2013-5906. | ||||
| Applies to: Java Runtime Environment |
Created: 2014-03-03 |
Updated: 2024-01-17 |
||
| ID: CVE-2013-4710 |
Title: Android 3.0 through 4.1.x on Disney Mobile, eAccess, KDDI, NTT DOCOMO, SoftBank, and other devices does not properly implement the WebView class, which allows remote attackers to execute arbitrary methods of Java objects or cause a... |
Type: Mobile Devices |
Bulletins:
CVE-2013-4710 |
Severity: High |
| Description: Android 3.0 through 4.1.x on Disney Mobile, eAccess, KDDI, NTT DOCOMO, SoftBank, and other devices does not properly implement the WebView class, which allows remote attackers to execute arbitrary methods of Java objects or cause a denial of service (reboot) via a crafted web page, as demonstrated by use of the WebView.addJavascriptInterface method, a related issue to CVE-2012-6636. | ||||
| Applies to: |
Created: 2014-03-02 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-0741 |
Title: The certificate-import feature in the Certificate Authority Proxy Function (CAPF) CLI implementation in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows local users to read or modify arbitrary files via a crafted command,... |
Type: Hardware |
Bulletins:
CVE-2014-0741 |
Severity: Medium |
| Description: The certificate-import feature in the Certificate Authority Proxy Function (CAPF) CLI implementation in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows local users to read or modify arbitrary files via a crafted command, aka Bug ID CSCum95461. | ||||
| Applies to: Unified Communications Manager |
Created: 2014-02-26 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-0743 |
Title: The Certificate Authority Proxy Function (CAPF) component in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to bypass authentication and modify registered-device information via crafted data, aka Bug ID... |
Type: Hardware |
Bulletins:
CVE-2014-0743 |
Severity: Medium |
| Description: The Certificate Authority Proxy Function (CAPF) component in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to bypass authentication and modify registered-device information via crafted data, aka Bug ID CSCum95468. | ||||
| Applies to: Unified Communications Manager |
Created: 2014-02-26 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-0742 |
Title: The Certificate Authority Proxy Function (CAPF) CLI implementation in the CSR management feature in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows local users to read or modify arbitrary files via unspecified vectors,... |
Type: Hardware |
Bulletins:
CVE-2014-0742 |
Severity: Medium |
| Description: The Certificate Authority Proxy Function (CAPF) CLI implementation in the CSR management feature in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows local users to read or modify arbitrary files via unspecified vectors, aka Bug ID CSCum95464. | ||||
| Applies to: Unified Communications Manager |
Created: 2014-02-26 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-0747 |
Title: The Certificate Authority Proxy Function (CAPF) CLI implementation in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows local users to inject commands via unspecified CAPF programs, aka Bug ID CSCum95493. |
Type: Hardware |
Bulletins:
CVE-2014-0747 |
Severity: Medium |
| Description: The Certificate Authority Proxy Function (CAPF) CLI implementation in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows local users to inject commands via unspecified CAPF programs, aka Bug ID CSCum95493. | ||||
| Applies to: Unified Communications Manager |
Created: 2014-02-26 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-0740 |
Title: Cross-site request forgery (CSRF) vulnerability in the Call Detail Records Analysis and Reporting (CAR) interface in the OS Administration component in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to... |
Type: Hardware |
Bulletins:
CVE-2014-0740 |
Severity: Medium |
| Description: Cross-site request forgery (CSRF) vulnerability in the Call Detail Records Analysis and Reporting (CAR) interface in the OS Administration component in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to hijack the authentication of administrators for requests that make administrative changes, aka Bug ID CSCun00701. | ||||
| Applies to: Unified Communications Manager |
Created: 2014-02-26 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-0731 |
Title: The administration interface in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to bypass authentication and read Java class files via a direct request, aka Bug ID CSCum46497. |
Type: Hardware |
Bulletins:
CVE-2014-0731 |
Severity: Medium |
| Description: The administration interface in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to bypass authentication and read Java class files via a direct request, aka Bug ID CSCum46497. | ||||
| Applies to: Unified Communications Manager |
Created: 2014-02-22 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-0732 |
Title: The Real Time Monitoring Tool (RTMT) web application in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier does not properly enforce authentication requirements, which allows remote attackers to read application files via a direct... |
Type: Hardware |
Bulletins:
CVE-2014-0732 |
Severity: Medium |
| Description: The Real Time Monitoring Tool (RTMT) web application in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier does not properly enforce authentication requirements, which allows remote attackers to read application files via a direct request to a URL, aka Bug ID CSCum46495. | ||||
| Applies to: Unified Communications Manager |
Created: 2014-02-20 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-0733 |
Title: The Enterprise License Manager (ELM) component in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier does not properly enforce authentication requirements, which allows remote attackers to read ELM files via a direct request to a... |
Type: Hardware |
Bulletins:
CVE-2014-0733 |
Severity: Medium |
| Description: The Enterprise License Manager (ELM) component in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier does not properly enforce authentication requirements, which allows remote attackers to read ELM files via a direct request to a URL, aka Bug ID CSCum46494. | ||||
| Applies to: Unified Communications Manager |
Created: 2014-02-20 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-0734 |
Title: SQL injection vulnerability in the Certificate Authority Proxy Function (CAPF) implementation in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka... |
Type: Hardware |
Bulletins:
CVE-2014-0734 SFBID65645 |
Severity: High |
| Description: SQL injection vulnerability in the Certificate Authority Proxy Function (CAPF) implementation in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCum46483. | ||||
| Applies to: Unified Communications Manager |
Created: 2014-02-20 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-0735 |
Title: Cross-site scripting (XSS) vulnerability in the IP Manager Assistant (IPMA) interface in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug... |
Type: Hardware |
Bulletins:
CVE-2014-0735 SFBID65641 |
Severity: Medium |
| Description: Cross-site scripting (XSS) vulnerability in the IP Manager Assistant (IPMA) interface in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCum46470. | ||||
| Applies to: Unified Communications Manager |
Created: 2014-02-20 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-0736 |
Title: Cross-site request forgery (CSRF) vulnerability in the Call Detail Records Analysis and Reporting (CAR) page in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to hijack the authentication of arbitrary... |
Type: Hardware |
Bulletins:
CVE-2014-0736 |
Severity: Medium |
| Description: Cross-site request forgery (CSRF) vulnerability in the Call Detail Records Analysis and Reporting (CAR) page in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to hijack the authentication of arbitrary users for requests that make CAR modifications, aka Bug ID CSCum46468. | ||||
| Applies to: Unified Communications Manager |
Created: 2014-02-20 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-2019 |
Title: The iCloud subsystem in Apple iOS before 7.1 allows physically proximate attackers to bypass an intended password requirement, and turn off the Find My iPhone service or complete a Delete Account action and then associate this... |
Type: Mobile Devices |
Bulletins:
CVE-2014-2019 |
Severity: Medium |
| Description: The iCloud subsystem in Apple iOS before 7.1 allows physically proximate attackers to bypass an intended password requirement, and turn off the Find My iPhone service or complete a Delete Account action and then associate this service with a different Apple ID account, by entering an arbitrary iCloud Account Password value and a blank iCloud Account Description value. | ||||
| Applies to: |
Created: 2014-02-18 |
Updated: 2024-01-17 |
||
| ID: REF000670 |
Title: End of Windows XP support from Microsoft |
Type: Software |
Bulletins: | Severity: High |
| Description: Windows XP support from Microsoft is due on 8 April 2014. No new security patches, regular updates and bug fixes for Windows XP will provided after this date, thus making these systems vulnerable and very dangerous from a security point of view. It is recommended to inventory all Windows XP systems from the network and plan their phase out or upgrade to a newer operating system. More details are available here: http://windows.microsoft.com/en-US/windows/end-support-help | ||||
| Applies to: |
Created: 2014-02-15 |
Updated: 2014-02-15 |
||
| ID: MITRE:22390 |
Title: RHSA-2014:0137: flash-plugin security update |
Type: Software |
Bulletins:
MITRE:22390 |
Severity: Low |
| Description: Integer underflow in Adobe Flash Player before 11.7.700.261 and 11.8.x through 12.0.x before 12.0.0.44 on Windows and Mac OS X, and before 11.2.202.336 on Linux, allows remote attackers to execute arbitrary code via unspecified vectors. | ||||
| Applies to: flash-plugin |
Created: 2014-02-14 |
Updated: 2015-08-03 |
||
| ID: MITRE:22092 |
Title: RHSA-2014:0136: java-1.5.0-ibm security update |
Type: Software |
Bulletins:
MITRE:22092 |
Severity: Low |
| Description: Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the issue is related to "insufficient security checks in IIOP streams," which allows attackers to escape the sandbox. | ||||
| Applies to: java-1.5.0-ibm |
Created: 2014-02-14 |
Updated: 2015-08-03 |
||
| ID: MITRE:22560 |
Title: RHSA-2014:0135: java-1.6.0-ibm security update |
Type: Software |
Bulletins:
MITRE:22560 |
Severity: Low |
| Description: Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the issue is related to "insufficient security checks in IIOP streams," which allows attackers to escape the sandbox. | ||||
| Applies to: java-1.6.0-ibm |
Created: 2014-02-14 |
Updated: 2015-08-03 |
||
| ID: MITRE:22292 |
Title: RHSA-2014:0134: java-1.7.0-ibm security update |
Type: Software |
Bulletins:
MITRE:22292 |
Severity: Low |
| Description: Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the issue is related to "insufficient security checks in IIOP streams," which allows attackers to escape the sandbox. | ||||
| Applies to: java-1.7.0-ibm |
Created: 2014-02-14 |
Updated: 2015-08-03 |
||
| ID: CVE-2014-0722 |
Title: The log4jinit web application in Cisco Unified Communications Manager (UCM) does not properly validate authentication, which allows remote attackers to cause a denial of service (performance degradation) via unspecified use of this application, aka... |
Type: Hardware |
Bulletins:
CVE-2014-0722 |
Severity: Medium |
| Description: The log4jinit web application in Cisco Unified Communications Manager (UCM) does not properly validate authentication, which allows remote attackers to cause a denial of service (performance degradation) via unspecified use of this application, aka Bug ID CSCum05347. | ||||
| Applies to: Unified Communications Manager |
Created: 2014-02-13 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-0724 |
Title: The bulk administration interface in Cisco Unified Communications Manager (UCM) 10.0(1) and earlier allows remote attackers to bypass authentication and read arbitrary files by using an unspecified prompt, aka Bug ID CSCum05340. |
Type: Hardware |
Bulletins:
CVE-2014-0724 |
Severity: Medium |
| Description: The bulk administration interface in Cisco Unified Communications Manager (UCM) 10.0(1) and earlier allows remote attackers to bypass authentication and read arbitrary files by using an unspecified prompt, aka Bug ID CSCum05340. | ||||
| Applies to: Unified Communications Manager |
Created: 2014-02-13 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-0728 |
Title: SQL injection vulnerability in the Java database interface in Cisco Unified Communications Manager (UCM) 10.0(1) and earlier allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCum05313. |
Type: Hardware |
Bulletins:
CVE-2014-0728 SFBID65499 |
Severity: High |
| Description: SQL injection vulnerability in the Java database interface in Cisco Unified Communications Manager (UCM) 10.0(1) and earlier allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCum05313. | ||||
| Applies to: Unified Communications Manager |
Created: 2014-02-13 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-0726 |
Title: SQL injection vulnerability in the IP Manager Assistant (IPMA) interface in Cisco Unified Communications Manager (UCM) 10.0(1) and earlier allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCum05326. |
Type: Hardware |
Bulletins:
CVE-2014-0726 SFBID65514 |
Severity: High |
| Description: SQL injection vulnerability in the IP Manager Assistant (IPMA) interface in Cisco Unified Communications Manager (UCM) 10.0(1) and earlier allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCum05326. | ||||
| Applies to: Unified Communications Manager |
Created: 2014-02-13 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-0729 |
Title: SQL injection vulnerability in the Enterprise Mobility Application (EMApp) interface in Cisco Unified Communications Manager (UCM) allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCum05302. |
Type: Hardware |
Bulletins:
CVE-2014-0729 SFBID65501 |
Severity: High |
| Description: SQL injection vulnerability in the Enterprise Mobility Application (EMApp) interface in Cisco Unified Communications Manager (UCM) allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCum05302. | ||||
| Applies to: Unified Communications Manager |
Created: 2014-02-13 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-0727 |
Title: SQL injection vulnerability in the CallManager Interactive Voice Response (CMIVR) interface in Cisco Unified Communications Manager (UCM) allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCum05318. |
Type: Hardware |
Bulletins:
CVE-2014-0727 SFBID65516 |
Severity: High |
| Description: SQL injection vulnerability in the CallManager Interactive Voice Response (CMIVR) interface in Cisco Unified Communications Manager (UCM) allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCum05318. | ||||
| Applies to: Unified Communications Manager |
Created: 2014-02-13 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-0723 |
Title: Cross-site scripting (XSS) vulnerability in the IP Manager Assistant (IPMA) interface in Cisco Unified Communications Manager (UCM) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCum05343. |
Type: Hardware |
Bulletins:
CVE-2014-0723 SFBID65495 |
Severity: Medium |
| Description: Cross-site scripting (XSS) vulnerability in the IP Manager Assistant (IPMA) interface in Cisco Unified Communications Manager (UCM) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCum05343. | ||||
| Applies to: Unified Communications Manager |
Created: 2014-02-13 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-0725 |
Title: Cisco Unified Communications Manager (UCM) does not require authentication for reading WAR files, which allows remote attackers to obtain sensitive information via unspecified access to a "file storage location," aka Bug ID CSCum05337. |
Type: Hardware |
Bulletins:
CVE-2014-0725 |
Severity: Medium |
| Description: Cisco Unified Communications Manager (UCM) does not require authentication for reading WAR files, which allows remote attackers to obtain sensitive information via unspecified access to a "file storage location," aka Bug ID CSCum05337. | ||||
| Applies to: Unified Communications Manager |
Created: 2014-02-13 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-0686 |
Title: Cisco Unified Communications Manager (aka Unified CM) 9.1 (2.10000.28) and earlier allows local users to gain privileges by leveraging incorrect file permissions, aka Bug IDs CSCul24917 and CSCul24908. |
Type: Hardware |
Bulletins:
CVE-2014-0686 SFBID65281 |
Severity: Medium |
| Description: Cisco Unified Communications Manager (aka Unified CM) 9.1 (2.10000.28) and earlier allows local users to gain privileges by leveraging incorrect file permissions, aka Bug IDs CSCul24917 and CSCul24908. | ||||
| Applies to: Unified Communications Manager |
Created: 2014-02-04 |
Updated: 2024-01-17 |
||
| ID: MITRE:22499 |
Title: RHSA-2014:0028: flash-plugin security update |
Type: Software |
Bulletins:
MITRE:22499 |
Severity: Low |
| Description: Adobe Flash Player before 11.7.700.260 and 11.8.x and 11.9.x before 12.0.0.38 on Windows and Mac OS X and before 11.2.202.335 on Linux, Adobe AIR before 4.0.0.1390, Adobe AIR SDK before 4.0.0.1390, and Adobe AIR SDK & Compiler before 4.0.0.1390 allow attackers to defeat the ASLR protection mechanism by leveraging an "address leak." | ||||
| Applies to: flash-plugin |
Created: 2014-01-28 |
Updated: 2015-08-03 |
||
| ID: CVE-2013-7313 |
Title: The OSPF implementation in Juniper Junos through 13.x, JunosE, and ScreenOS through 6.3.x does not consider the possibility of duplicate Link State ID values in Link State Advertisement (LSA) packets before performing operations on the LSA database,... |
Type: Hardware |
Bulletins:
CVE-2013-7313 |
Severity: Medium |
| Description: The OSPF implementation in Juniper Junos through 13.x, JunosE, and ScreenOS through 6.3.x does not consider the possibility of duplicate Link State ID values in Link State Advertisement (LSA) packets before performing operations on the LSA database, which allows remote attackers to cause a denial of service (routing disruption) or obtain sensitive packet information via a crafted LSA packet, a related issue to CVE-2013-0149. | ||||
| Applies to: |
Created: 2014-01-23 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-0661 |
Title: The System Status Collection Daemon (SSCD) in Cisco TelePresence System 500-37, 1000, 1300-65, and 3xxx before 1.10.2(42), and 500-32, 1300-47, TX1310 65, and TX9xxx before 6.0.4(11), allows remote attackers to execute arbitrary commands or cause a... |
Type: Hardware |
Bulletins:
CVE-2014-0661 SFBID65071 |
Severity: High |
| Description: The System Status Collection Daemon (SSCD) in Cisco TelePresence System 500-37, 1000, 1300-65, and 3xxx before 1.10.2(42), and 500-32, 1300-47, TX1310 65, and TX9xxx before 6.0.4(11), allows remote attackers to execute arbitrary commands or cause a denial of service (stack memory corruption) via a crafted XML-RPC message, aka Bug ID CSCui32796. | ||||
| Applies to: Cisco TX 9000 Cisco TX 9200 Cisco TelePresence System 1000 Cisco TelePresence System 1100 Cisco TelePresence System 3000 Cisco TelePresence System 3010 Cisco TelePresence System 3200 Cisco TelePresence System 3210 |
Created: 2014-01-22 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-0677 |
Title: The Label Distribution Protocol (LDP) functionality in Cisco NX-OS allows remote attackers to cause a denial of service (temporary LDP session outage) via LDP discovery traffic containing malformed Hello messages, aka Bug ID CSCul88851. |
Type: Hardware |
Bulletins:
CVE-2014-0677 SFBID65074 |
Severity: Medium |
| Description: The Label Distribution Protocol (LDP) functionality in Cisco NX-OS allows remote attackers to cause a denial of service (temporary LDP session outage) via LDP discovery traffic containing malformed Hello messages, aka Bug ID CSCul88851. | ||||
| Applies to: |
Created: 2014-01-22 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-0676 |
Title: Cisco NX-OS allows local users to bypass intended TACACS+ command restrictions via a series of multiple commands, aka Bug ID CSCum47367. |
Type: Hardware |
Bulletins:
CVE-2014-0676 SFBID65083 |
Severity: Medium |
| Description: Cisco NX-OS allows local users to bypass intended TACACS+ command restrictions via a series of multiple commands, aka Bug ID CSCum47367. | ||||
| Applies to: |
Created: 2014-01-22 |
Updated: 2024-01-17 |
||
| ID: CVE-2013-3594 |
Title: The SSH service on Dell PowerConnect 3348 1.2.1.3, 3524p 2.0.0.48, and 5324 2.0.1.4 switches allows remote attackers to cause a denial of service (device reset) or possibly execute arbitrary code by sending many packets to TCP port 22. |
Type: Hardware |
Bulletins:
CVE-2013-3594 |
Severity: High |
| Description: The SSH service on Dell PowerConnect 3348 1.2.1.3, 3524p 2.0.0.48, and 5324 2.0.1.4 switches allows remote attackers to cause a denial of service (device reset) or possibly execute arbitrary code by sending many packets to TCP port 22. | ||||
| Applies to: PowerConnect 3048 PowerConnect 3524P PowerConnect 5324 |
Created: 2014-01-19 |
Updated: 2024-01-17 |
||
| ID: CVE-2013-3595 |
Title: The OpenManage web application 2.5 build 1.19 on Dell PowerConnect 3348 1.2.1.3, 3524p 2.0.0.48, and 5324 2.0.1.4 switches allows remote authenticated users to cause a denial of service (device reset) via a direct request to an unspecified OSPF URL. |
Type: Hardware |
Bulletins:
CVE-2013-3595 |
Severity: Medium |
| Description: The OpenManage web application 2.5 build 1.19 on Dell PowerConnect 3348 1.2.1.3, 3524p 2.0.0.48, and 5324 2.0.1.4 switches allows remote authenticated users to cause a denial of service (device reset) via a direct request to an unspecified OSPF URL. | ||||
| Applies to: PowerConnect 3048 PowerConnect 3524P PowerConnect 5324 |
Created: 2014-01-19 |
Updated: 2024-01-17 |
||
| ID: CVE-2013-3606 |
Title: The login page in the GoAhead web server on Dell PowerConnect 3348 1.2.1.3, 3524p 2.0.0.48, and 5324 2.0.1.4 switches allows remote attackers to cause a denial of service (device outage) via a long username. |
Type: Hardware |
Bulletins:
CVE-2013-3606 |
Severity: High |
| Description: The login page in the GoAhead web server on Dell PowerConnect 3348 1.2.1.3, 3524p 2.0.0.48, and 5324 2.0.1.4 switches allows remote attackers to cause a denial of service (device outage) via a long username. | ||||
| Applies to: PowerConnect 3048 PowerConnect 3524P PowerConnect 5324 |
Created: 2014-01-19 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-0613 |
Title: The XNM command processor in Juniper Junos 10.4 before 10.4R16, 11.4 before 11.4R10, 12.1R before 12.1R8-S2, 12.1X44 before 12.1X44-D30, 12.1X45 before 12.1X45-D20, 12.1X46 before 12.1X46-D10, 12.2 before 12.2R7, 12.3 before 12.3R5, 13.1 before... |
Type: Hardware |
Bulletins:
CVE-2014-0613 |
Severity: High |
| Description: The XNM command processor in Juniper Junos 10.4 before 10.4R16, 11.4 before 11.4R10, 12.1R before 12.1R8-S2, 12.1X44 before 12.1X44-D30, 12.1X45 before 12.1X45-D20, 12.1X46 before 12.1X46-D10, 12.2 before 12.2R7, 12.3 before 12.3R5, 13.1 before 13.1R3-S1, 13.2 before 13.2R2-S2, and 13.3 before 13.3R1, when xnm-ssl or xnm-clear-text is enabled, allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors. | ||||
| Applies to: |
Created: 2014-01-15 |
Updated: 2024-01-17 |
||
| ID: MITRE:22006 |
Title: RHSA-2011:0926: bind security update |
Type: Software |
Bulletins:
MITRE:22006 |
Severity: Low |
| Description: Unspecified vulnerability in ISC BIND 9 9.6.x before 9.6-ESV-R4-P3, 9.7.x before 9.7.3-P3, and 9.8.x before 9.8.0-P4 allows remote attackers to cause a denial of service (named daemon crash) via a crafted UPDATE request. | ||||
| Applies to: bind bind97 |
Created: 2014-01-15 |
Updated: 2015-03-09 |
||
| ID: MITRE:21913 |
Title: RHSA-2011:0918: curl security update |
Type: Web |
Bulletins:
MITRE:21913 |
Severity: Low |
| Description: The Curl_input_negotiate function in http_negotiate.c in libcurl 7.10.6 through 7.21.6, as used in curl and other products, always performs credential delegation during GSSAPI authentication, which allows remote servers to impersonate clients via GSSAPI requests. | ||||
| Applies to: curl |
Created: 2014-01-15 |
Updated: 2015-03-09 |
||
| ID: MITRE:21435 |
Title: RHSA-2011:0885: firefox security and bug fix update |
Type: Software |
Bulletins:
MITRE:21435 |
Severity: Low |
| Description: CRLF injection vulnerability in the nsCookieService::SetCookieStringInternal function in netwerk/cookie/nsCookieService.cpp in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, and Thunderbird before 3.1.11, allows remote attackers to bypass intended access restrictions via a string containing a \n (newline) character, which is not properly handled in a JavaScript "document.cookie =" expression, a different vulnerability than CVE-2011-2374. | ||||
| Applies to: firefox xulrunner |
Created: 2014-01-15 |
Updated: 2015-03-09 |
||
| ID: MITRE:21301 |
Title: RHSA-2011:0862: subversion security update |
Type: Services |
Bulletins:
MITRE:21301 |
Severity: Low |
| Description: The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is disabled, does not properly enforce permissions for files that had been publicly readable in the past, which allows remote attackers to obtain sensitive information via a replay REPORT operation. | ||||
| Applies to: subversion |
Created: 2014-01-15 |
Updated: 2015-03-09 |
||
| ID: MITRE:21616 |
Title: RHSA-2011:0859: cyrus-imapd security update |
Type: Software |
Bulletins:
MITRE:21616 |
Severity: Low |
| Description: The STARTTLS implementation in Cyrus IMAP Server before 2.4.7 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack, a similar issue to CVE-2011-0411. | ||||
| Applies to: cyrus-imapd |
Created: 2014-01-15 |
Updated: 2015-03-09 |
||
| ID: MITRE:21740 |
Title: RHSA-2011:0845: bind security update |
Type: Software |
Bulletins:
MITRE:21740 |
Severity: Low |
| Description: Off-by-one error in named in ISC BIND 9.x before 9.7.3-P1, 9.8.x before 9.8.0-P2, 9.4-ESV before 9.4-ESV-R4-P1, and 9.6-ESV before 9.6-ESV-R4-P1 allows remote DNS servers to cause a denial of service (assertion failure and daemon exit) via a negative response containing large RRSIG RRsets. | ||||
| Applies to: bind bind97 |
Created: 2014-01-15 |
Updated: 2015-03-09 |
||
| ID: MITRE:21899 |
Title: RHSA-2011:0843: postfix security update |
Type: |
Bulletins:
MITRE:21899 |
Severity: Low |
| Description: The SMTP server in Postfix before 2.5.13, 2.6.x before 2.6.10, 2.7.x before 2.7.4, and 2.8.x before 2.8.3, when certain Cyrus SASL authentication methods are enabled, does not create a new server handle after client authentication fails, which allows remote attackers to cause a denial of service (heap memory corruption and daemon crash) or possibly execute arbitrary code via an invalid AUTH command with one method followed by an AUTH command with a different method. | ||||
| Applies to: postfix |
Created: 2014-01-15 |
Updated: 2015-03-09 |
||
| ID: MITRE:21920 |
Title: RHSA-2011:0506: rdesktop security update |
Type: Miscellaneous |
Bulletins:
MITRE:21920 |
Severity: Low |
| Description: Directory traversal vulnerability in the disk_create function in disk.c in rdesktop before 1.7.0, when disk redirection is enabled, allows remote RDP servers to read or overwrite arbitrary files via a .. (dot dot) in a pathname. | ||||
| Applies to: rdesktop |
Created: 2014-01-15 |
Updated: 2015-03-09 |
||
| ID: MITRE:21684 |
Title: RHSA-2011:0472: nss security update |
Type: Miscellaneous |
Bulletins:
MITRE:21684 |
Severity: Low |
| Description: Network Security Services (NSS) is a set of libraries designed to support the development of security-enabled client and server applications. This erratum blacklists a small number of HTTPS certificates by adding them, flagged as untrusted, to the NSS Builtin Object Token (the libnssckbi.so library) certificate store. (BZ#689430) Note: This fix only applies to applications using the NSS Builtin Object Token. It does not blacklist the certificates for applications that use the NSS library, but do not use the NSS Builtin Object Token (such as curl). All NSS users should upgrade to these updated packages, which correct this issue. After installing the update, applications using NSS must be restarted for the changes to take effect. | ||||
| Applies to: nss nss-util |
Created: 2014-01-15 |
Updated: 2015-03-09 |
||
| ID: MITRE:21758 |
Title: RHSA-2011:0471: firefox security update |
Type: Software |
Bulletins:
MITRE:21758 |
Severity: Low |
| Description: The xsltGenerateIdFunction function in functions.c in libxslt 1.1.26 and earlier, as used in Google Chrome before 10.0.648.127 and other products, allows remote attackers to obtain potentially sensitive information about heap memory addresses via an XML document containing a call to the XSLT generate-id XPath function. | ||||
| Applies to: firefox xulrunner |
Created: 2014-01-15 |
Updated: 2015-03-09 |
||
| ID: MITRE:21165 |
Title: RHSA-2011:0433: xorg-x11-server-utils security update |
Type: Software |
Bulletins:
MITRE:21165 |
Severity: Low |
| Description: xrdb.c in xrdb before 1.0.9 in X.Org X11R7.6 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in a hostname obtained from a (1) DHCP or (2) XDMCP message. | ||||
| Applies to: xorg-x11-server-utils |
Created: 2014-01-15 |
Updated: 2015-03-09 |
||
| ID: MITRE:21712 |
Title: RHSA-2011:0428: dhcp security update |
Type: Software |
Bulletins:
MITRE:21712 |
Severity: Low |
| Description: dhclient in ISC DHCP 3.0.x through 4.2.x before 4.2.1-P1, 3.1-ESV before 3.1-ESV-R1, and 4.1-ESV before 4.1-ESV-R2 allows remote attackers to execute arbitrary commands via shell metacharacters in a hostname obtained from a DHCP message, as demonstrated by a hostname that is provided to dhclient-script. | ||||
| Applies to: dhcp |
Created: 2014-01-15 |
Updated: 2015-03-09 |
||
| ID: MITRE:21821 |
Title: RHSA-2011:0391: libvirt security update |
Type: Software |
Bulletins:
MITRE:21821 |
Severity: Low |
| Description: libvirt.c in the API in Red Hat libvirt 0.8.8 does not properly restrict operations in a read-only connection, which allows remote attackers to cause a denial of service (host OS crash) or possibly execute arbitrary code via a (1) virNodeDeviceDettach, (2) virNodeDeviceReset, (3) virDomainRevertToSnapshot, (4) virDomainSnapshotDelete, (5) virNodeDeviceReAttach, or (6) virConnectDomainXMLToNative call, a different vulnerability than CVE-2008-5086. | ||||
| Applies to: libvirt |
Created: 2014-01-15 |
Updated: 2015-03-09 |
||
| ID: MITRE:21426 |
Title: RHSA-2011:0373: firefox security update |
Type: Miscellaneous |
Bulletins:
MITRE:21426 |
Severity: Low |
| Description: Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. This erratum blacklists a small number of HTTPS certificates. (BZ#689430) All Firefox users should upgrade to these updated packages, which contain a backported patch. After installing the update, Firefox must be restarted for the changes to take effect. | ||||
| Applies to: xulrunner |
Created: 2014-01-15 |
Updated: 2015-03-09 |
||
| ID: MITRE:21856 |
Title: RHSA-2011:0337: vsftpd security update |
Type: FTP |
Bulletins:
MITRE:21856 |
Severity: Low |
| Description: The vsf_filename_passes_filter function in ls.c in vsftpd before 2.3.3 allows remote authenticated users to cause a denial of service (CPU consumption and process slot exhaustion) via crafted glob expressions in STAT commands in multiple FTP sessions, a different vulnerability than CVE-2010-2632. | ||||
| Applies to: vsftpd |
Created: 2014-01-15 |
Updated: 2015-03-09 |
||
| ID: MITRE:21847 |
Title: RHSA-2011:0332: scsi-target-utils security update |
Type: Software |
Bulletins:
MITRE:21847 |
Severity: Low |
| Description: Double free vulnerability in the iscsi_rx_handler function (usr/iscsi/iscsid.c) in the tgt daemon (tgtd) in Linux SCSI target framework (tgt) before 1.0.14, aka scsi-target-utils, allows remote attackers to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code via unknown vectors related to a buffer overflow during iscsi login. NOTE: some of these details are obtained from third party information. | ||||
| Applies to: scsi-target-utils |
Created: 2014-01-15 |
Updated: 2015-03-09 |
||
| ID: MITRE:21822 |
Title: RHSA-2011:0324: logwatch security update |
Type: Software |
Bulletins:
MITRE:21822 |
Severity: Low |
| Description: logwatch.pl in Logwatch 7.3.6 allows remote attackers to execute arbitrary commands via shell metacharacters in a log file name, as demonstrated via a crafted username to a Samba server. | ||||
| Applies to: logwatch |
Created: 2014-01-15 |
Updated: 2015-03-09 |
||
| ID: MITRE:21627 |
Title: RHSA-2011:0318: libtiff security update |
Type: Miscellaneous |
Bulletins:
MITRE:21627 |
Severity: Low |
| Description: Buffer overflow in Fax4Decode in LibTIFF 3.9.4 and possibly other versions, as used in ImageIO in Apple iTunes before 10.2 on Windows and other products, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF Internet Fax image file that has been compressed using CCITT Group 4 encoding, related to the EXPAND2D macro in libtiff/tif_fax3.h. NOTE: some of these details are obtained from third party information. | ||||
| Applies to: libtiff |
Created: 2014-01-15 |
Updated: 2015-03-09 |
||
| ID: MITRE:21214 |
Title: RHSA-2011:0310: firefox security and bug fix update |
Type: Software |
Bulletins:
MITRE:21214 |
Severity: Low |
| Description: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.6.x before 3.6.14 and Thunderbird 3.1.x before 3.1.8 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||||
| Applies to: firefox xulrunner |
Created: 2014-01-15 |
Updated: 2015-03-09 |
||
| ID: MITRE:21898 |
Title: RHSA-2011:0305: samba security update |
Type: Services |
Bulletins:
MITRE:21898 |
Severity: Low |
| Description: Samba 3.x before 3.3.15, 3.4.x before 3.4.12, and 3.5.x before 3.5.7 does not perform range checks for file descriptors before use of the FD_SET macro, which allows remote attackers to cause a denial of service (stack memory corruption, and infinite loop or daemon crash) by opening a large number of files, related to (1) Winbind or (2) smbd. | ||||
| Applies to: samba |
Created: 2014-01-15 |
Updated: 2015-03-09 |
||
| ID: MITRE:21931 |
Title: RHSA-2011:0281: java-1.6.0-openjdk security update |
Type: Software |
Bulletins:
MITRE:21931 |
Severity: Low |
| Description: Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier allows remote attackers to affect availability, related to XML Digital Signature and unspecified APIs. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue involves the replacement of the "XML DSig Transform or C14N algorithm implementations." | ||||
| Applies to: java-1.6.0-openjdk |
Created: 2014-01-15 |
Updated: 2015-03-09 |
||
| ID: MITRE:21713 |
Title: RHSA-2011:0214: java-1.6.0-openjdk security update |
Type: Software |
Bulletins:
MITRE:21713 |
Severity: Low |
| Description: The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308. | ||||
| Applies to: java-1.6.0-openjdk |
Created: 2014-01-15 |
Updated: 2015-03-09 |
||
| ID: MITRE:21857 |
Title: RHSA-2011:0206: flash-plugin security update |
Type: Software |
Bulletins:
MITRE:21857 |
Severity: Low |
| Description: Adobe Flash Player before 10.2.152.26 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0559, CVE-2011-0560, CVE-2011-0561, CVE-2011-0571, CVE-2011-0572, CVE-2011-0573, CVE-2011-0574, CVE-2011-0578, and CVE-2011-0607. | ||||
| Applies to: flash-plugin |
Created: 2014-01-15 |
Updated: 2015-03-09 |
||
| ID: MITRE:21138 |
Title: RHSA-2011:0197: postgresql security update |
Type: Services |
Bulletins:
MITRE:21138 |
Severity: Low |
| Description: Buffer overflow in the gettoken function in contrib/intarray/_int_bool.c in the intarray array module in PostgreSQL 9.0.x before 9.0.3, 8.4.x before 8.4.7, 8.3.x before 8.3.14, and 8.2.x before 8.2.20 allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via integers with a large number of digits to unspecified functions. | ||||
| Applies to: postgresql |
Created: 2014-01-15 |
Updated: 2015-03-09 |
||
| ID: MITRE:21479 |
Title: RHSA-2011:0180: pango security update |
Type: Software |
Bulletins:
MITRE:21479 |
Severity: Low |
| Description: Heap-based buffer overflow in the pango_ft2_font_render_box_glyph function in pango/pangoft2-render.c in libpango in Pango 1.28.3 and earlier, when the FreeType2 backend is enabled, allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file, related to the glyph box for an FT_Bitmap object. | ||||
| Applies to: evolution28-pango pango |
Created: 2014-01-15 |
Updated: 2015-03-09 |
||
| ID: MITRE:21813 |
Title: RHSA-2011:0154: hplip security update |
Type: Miscellaneous |
Bulletins:
MITRE:21813 |
Severity: Low |
| Description: Stack-based buffer overflow in the hpmud_get_pml function in io/hpmud/pml.c in Hewlett-Packard Linux Imaging and Printing (HPLIP) 1.6.7, 3.9.8, 3.10.9, and probably other versions allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted SNMP response with a large length value. | ||||
| Applies to: hplip hplip3 |
Created: 2014-01-15 |
Updated: 2015-03-09 |
||
| ID: CVE-2014-0617 |
Title: Juniper Junos 10.4S before 10.4S15, 10.4R before 10.4R16, 11.4 before 11.4R9, and 12.1R before 12.1R7 on SRX Series service gateways allows remote attackers to cause a denial of service (flowd crash) via a crafted IP packet. |
Type: Hardware |
Bulletins:
CVE-2014-0617 SFBID64764 |
Severity: High |
| Description: Juniper Junos 10.4S before 10.4S15, 10.4R before 10.4R16, 11.4 before 11.4R9, and 12.1R before 12.1R7 on SRX Series service gateways allows remote attackers to cause a denial of service (flowd crash) via a crafted IP packet. | ||||
| Applies to: Juniper SRX100 Juniper SRX110 Juniper SRX1400 Juniper SRX210 Juniper SRX220 Juniper SRX240 Juniper SRX3400 Juniper SRX3600 Juniper SRX550 Juniper SRX5600 Juniper SRX5800 Juniper SRX650 |
Created: 2014-01-15 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-0615 |
Title: Juniper Junos 10.4 before 10.4R16, 11.4 before 11.4R10, 12.1R before 12.1R8-S2, 12.1X44 before 12.1X44-D30, 12.1X45 before 12.1X45-D20, 12.1X46 before 12.1X46-D10, 12.2 before 12.2R7, 12.3 before 12.3R5, 13.1 before 13.1R3-S1, 13.2 before 13.2R2,... |
Type: Hardware |
Bulletins:
CVE-2014-0615 SFBID64762 |
Severity: High |
| Description: Juniper Junos 10.4 before 10.4R16, 11.4 before 11.4R10, 12.1R before 12.1R8-S2, 12.1X44 before 12.1X44-D30, 12.1X45 before 12.1X45-D20, 12.1X46 before 12.1X46-D10, 12.2 before 12.2R7, 12.3 before 12.3R5, 13.1 before 13.1R3-S1, 13.2 before 13.2R2, and 13.3 before 13.3R1 allows local users to gain privileges via vectors related to "certain combinations of Junos OS CLI commands and arguments." | ||||
| Applies to: |
Created: 2014-01-15 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-0616 |
Title: Juniper Junos 10.4 before 10.4R16, 11.4 before 11.4R10, 12.1R before 12.1R8-S2, 12.1X44 before 12.1X44-D30, 12.1X45 before 12.1X45-D20, 12.1X46 before 12.1X46-D10, 12.2 before 12.2R7, 12.3 before 12.3R4-S2, 13.1 before 13.1R3-S1, 13.2 before 13.2R2,... |
Type: Hardware |
Bulletins:
CVE-2014-0616 SFBID64766 |
Severity: High |
| Description: Juniper Junos 10.4 before 10.4R16, 11.4 before 11.4R10, 12.1R before 12.1R8-S2, 12.1X44 before 12.1X44-D30, 12.1X45 before 12.1X45-D20, 12.1X46 before 12.1X46-D10, 12.2 before 12.2R7, 12.3 before 12.3R4-S2, 13.1 before 13.1R3-S1, 13.2 before 13.2R2, and 13.3 before 13.3R1 allows remote attackers to cause a denial of service (rdp crash) via a large BGP UPDATE message which immediately triggers a withdraw message to be sent, as demonstrated by a long AS_PATH and a large number of BGP Communities. | ||||
| Applies to: |
Created: 2014-01-15 |
Updated: 2024-01-17 |
||
| ID: MITRE:21501 |
Title: RHSA-2012:1569: flash-plugin security update |
Type: Software |
Bulletins:
MITRE:21501 |
Severity: Low |
| Description: Adobe Flash Player before 10.3.183.48 and 11.x before 11.5.502.135 on Windows, before 10.3.183.48 and 11.x before 11.5.502.136 on Mac OS X, before 10.3.183.48 and 11.x before 11.2.202.258 on Linux, before 11.1.111.29 on Android 2.x and 3.x, and before 11.1.115.34 on Android 4.x; Adobe AIR before 3.5.0.880 on Windows and before 3.5.0.890 on Mac OS X; and Adobe AIR SDK before 3.5.0.880 on Windows and before 3.5.0.890 on Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. | ||||
| Applies to: flash-plugin |
Created: 2014-01-14 |
Updated: 2015-03-09 |
||
| ID: MITRE:21011 |
Title: RHSA-2012:1466: java-1.6.0-ibm security update |
Type: Software |
Bulletins:
MITRE:21011 |
Severity: Low |
| Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "IIOP type reuse management" in ObjectStreamClass.java. | ||||
| Applies to: java-1.6.0-ibm |
Created: 2014-01-14 |
Updated: 2015-03-09 |
||
| ID: MITRE:21614 |
Title: RHSA-2012:1465: java-1.5.0-ibm security update |
Type: Software |
Bulletins:
MITRE:21614 |
Severity: Low |
| Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "IIOP type reuse management" in ObjectStreamClass.java. | ||||
| Applies to: java-1.5.0-ibm |
Created: 2014-01-14 |
Updated: 2015-03-09 |
||
| ID: MITRE:21660 |
Title: RHSA-2012:1431: flash-plugin security update |
Type: Software |
Bulletins:
MITRE:21660 |
Severity: Low |
| Description: Buffer overflow in Adobe Flash Player before 10.3.183.43 and 11.x before 11.5.502.110 on Windows and Mac OS X, before 10.3.183.43 and 11.x before 11.2.202.251 on Linux, before 11.1.111.24 on Android 2.x and 3.x, and before 11.1.115.27 on Android 4.x; Adobe AIR before 3.5.0.600; and Adobe AIR SDK before 3.5.0.600 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2012-5274, CVE-2012-5275, CVE-2012-5276, and CVE-2012-5277. | ||||
| Applies to: flash-plugin |
Created: 2014-01-14 |
Updated: 2015-03-09 |
||
| ID: MITRE:21594 |
Title: RHSA-2012:1346: flash-plugin security update |
Type: Software |
Bulletins:
MITRE:21594 |
Severity: Low |
| Description: Unspecified vulnerability in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK before 3.4.0.2710 has unknown impact and attack vectors. | ||||
| Applies to: flash-plugin |
Created: 2014-01-14 |
Updated: 2015-03-09 |
||
| ID: MITRE:21334 |
Title: RHSA-2012:1245: java-1.5.0-ibm security update |
Type: Software |
Bulletins:
MITRE:21334 |
Severity: Low |
| Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, and 5 update 35 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot. | ||||
| Applies to: java-1.5.0-ibm |
Created: 2014-01-14 |
Updated: 2015-03-09 |
||
| ID: MITRE:21447 |
Title: RHSA-2012:1238: java-1.6.0-ibm security update |
Type: Software |
Bulletins:
MITRE:21447 |
Severity: Low |
| Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, and 5 update 35 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot. | ||||
| Applies to: java-1.6.0-ibm |
Created: 2014-01-14 |
Updated: 2015-03-09 |
||
| ID: MITRE:21376 |
Title: RHSA-2012:0722: flash-plugin security update |
Type: Software |
Bulletins:
MITRE:21376 |
Severity: Low |
| Description: Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows and Mac OS X; before 10.3.183.20 and 11.x before 11.2.202.236 on Linux; before 11.1.111.10 on Android 2.x and 3.x; and before 11.1.115.9 on Android 4.x, and Adobe AIR before 3.3.0.3610, allows attackers to execute arbitrary code or cause a denial of service (NULL pointer dereference) via unspecified vectors. | ||||
| Applies to: flash-plugin |
Created: 2014-01-14 |
Updated: 2015-03-09 |
||
| ID: MITRE:21162 |
Title: RHSA-2012:0688: flash-plugin security update |
Type: Software |
Bulletins:
MITRE:21162 |
Severity: Low |
| Description: Adobe Flash Player before 10.3.183.19 and 11.x before 11.2.202.235 on Windows, Mac OS X, and Linux; before 11.1.111.9 on Android 2.x and 3.x; and before 11.1.115.8 on Android 4.x allows remote attackers to execute arbitrary code via a crafted file, related to an "object confusion vulnerability," as exploited in the wild in May 2012. | ||||
| Applies to: flash-plugin |
Created: 2014-01-14 |
Updated: 2015-03-09 |
||
| ID: MITRE:21404 |
Title: RHSA-2012:0514: java-1.6.0-ibm security update |
Type: Software |
Bulletins:
MITRE:21404 |
Severity: Low |
| Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and 5.0 Update 33 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Concurrency. NOTE: the previous information was obtained from the February 2012 Oracle CPU. Oracle has not commented on claims from a downstream vendor and third party researchers that this issue occurs because the AtomicReferenceArray class implementation does not ensure that the array is of the Object[] type, which allows attackers to cause a denial of service (JVM crash) or bypass Java sandbox restrictions. NOTE: this issue was originally mapped to CVE-2011-3571, but that identifier was already assigned to a different issue. | ||||
| Applies to: java-1.6.0-ibm |
Created: 2014-01-14 |
Updated: 2015-03-09 |
||
| ID: MITRE:21398 |
Title: RHSA-2012:0508: java-1.5.0-ibm security update |
Type: Software |
Bulletins:
MITRE:21398 |
Severity: Low |
| Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and 5.0 Update 33 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Concurrency. NOTE: the previous information was obtained from the February 2012 Oracle CPU. Oracle has not commented on claims from a downstream vendor and third party researchers that this issue occurs because the AtomicReferenceArray class implementation does not ensure that the array is of the Object[] type, which allows attackers to cause a denial of service (JVM crash) or bypass Java sandbox restrictions. NOTE: this issue was originally mapped to CVE-2011-3571, but that identifier was already assigned to a different issue. | ||||
| Applies to: java-1.5.0-ibm |
Created: 2014-01-14 |
Updated: 2015-03-09 |
||
| ID: MITRE:20413 |
Title: RHSA-2012:0144: flash-plugin security update |
Type: Software |
Bulletins:
MITRE:20413 |
Severity: Low |
| Description: Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and 3.x; and before 11.1.115.6 on Android 4.x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Universal XSS (UXSS)," as exploited in the wild in February 2012. | ||||
| Applies to: flash-plugin |
Created: 2014-01-14 |
Updated: 2015-03-09 |
||
| ID: CVE-2014-0618 |
Title: Juniper Junos before 10.4 before 10.4R16, 11.4 before 11.4R8, 12.1R before 12.1R7, 12.1X44 before 12.1X44-D20, and 12.1X45 before 12.1X45-D10 on SRX Series service gateways, when used as a UAC enforcer and captive portal is enabled, allows remote... |
Type: Hardware |
Bulletins:
CVE-2014-0618 SFBID64769 |
Severity: High |
| Description: Juniper Junos before 10.4 before 10.4R16, 11.4 before 11.4R8, 12.1R before 12.1R7, 12.1X44 before 12.1X44-D20, and 12.1X45 before 12.1X45-D10 on SRX Series service gateways, when used as a UAC enforcer and captive portal is enabled, allows remote attackers to cause a denial of service (flowd crash) via a crafted HTTP message. | ||||
| Applies to: Juniper SRX100 Juniper SRX110 Juniper SRX1400 Juniper SRX210 Juniper SRX220 Juniper SRX240 Juniper SRX3400 Juniper SRX3600 Juniper SRX550 Juniper SRX5600 Juniper SRX5800 Juniper SRX650 |
Created: 2014-01-10 |
Updated: 2024-01-17 |
||
| ID: MITRE:21081 |
Title: RHSA-2013:1818: flash-plugin security update |
Type: Software |
Bulletins:
MITRE:21081 |
Severity: Low |
| Description: Adobe Flash Player before 11.7.700.257 and 11.8.x and 11.9.x before 11.9.900.170 on Windows and Mac OS X and before 11.2.202.332 on Linux, Adobe AIR before 3.9.0.1380, Adobe AIR SDK before 3.9.0.1380, and Adobe AIR SDK & Compiler before 3.9.0.1380 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. | ||||
| Applies to: flash-plugin |
Created: 2014-01-09 |
Updated: 2015-03-09 |
||
| ID: MITRE:20714 |
Title: RHSA-2013:1518: flash-plugin security update |
Type: Software |
Bulletins:
MITRE:20714 |
Severity: Low |
| Description: Adobe Flash Player before 11.7.700.252 and 11.8.x and 11.9.x before 11.9.900.152 on Windows and Mac OS X and before 11.2.202.327 on Linux, Adobe AIR before 3.9.0.1210, Adobe AIR SDK before 3.9.0.1210, and Adobe AIR SDK & Compiler before 3.9.0.1210 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-5329. | ||||
| Applies to: flash-plugin |
Created: 2014-01-09 |
Updated: 2015-03-09 |
||
| ID: MITRE:20642 |
Title: RHSA-2013:1509: java-1.5.0-ibm security update |
Type: Software |
Bulletins:
MITRE:20642 |
Severity: Low |
| Description: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality via vectors related to AWT. | ||||
| Applies to: java-1.5.0-ibm |
Created: 2014-01-09 |
Updated: 2015-03-09 |
||
| ID: MITRE:21240 |
Title: RHSA-2013:1508: java-1.6.0-ibm security update |
Type: Software |
Bulletins:
MITRE:21240 |
Severity: Low |
| Description: Unspecified vulnerability in Oracle Java SE 7u40 and earlier and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality via vectors related to JAXP. | ||||
| Applies to: java-1.6.0-ibm |
Created: 2014-01-09 |
Updated: 2015-03-09 |
||
| ID: MITRE:21151 |
Title: RHSA-2013:1507: java-1.7.0-ibm security update |
Type: Software |
Bulletins:
MITRE:21151 |
Severity: Low |
| Description: Unspecified vulnerability in Oracle Java SE 7u40 and earlier and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality via vectors related to JAXP. | ||||
| Applies to: java-1.7.0-ibm |
Created: 2014-01-09 |
Updated: 2015-03-09 |
||
| ID: MITRE:20796 |
Title: RHSA-2013:1402: Adobe Reader - notification of end of updates |
Type: Software |
Bulletins:
MITRE:20796 |
Severity: Low |
| Description: Adobe Reader allows users to view and print documents in Portable Document Format (PDF). Adobe Reader 9 reached the end of its support cycle on June 26, 2013, and will not receive any more security updates. Future versions of Adobe Acrobat Reader will not be available with Red Hat Enterprise Linux. The Adobe Reader packages in the Red Hat Network (RHN) channels will continue to be available. Red Hat will continue to provide these packages only as a courtesy to customers. Red Hat will not provide updates to the Adobe Reader packages. This update disables the Adobe Reader web browser plug-in, which is available via the acroread-plugin package, to prevent the exploitation of security issues without user interaction when a user visits a malicious web page. | ||||
| Applies to: acroread |
Created: 2014-01-09 |
Updated: 2015-03-09 |
||
| ID: MITRE:20919 |
Title: RHSA-2013:1256: flash-plugin security update |
Type: Software |
Bulletins:
MITRE:20919 |
Severity: Low |
| Description: Adobe Flash Player before 11.7.700.242 and 11.8.x before 11.8.800.168 on Windows and Mac OS X, before 11.2.202.310 on Linux, before 11.1.111.73 on Android 2.x and 3.x, and before 11.1.115.81 on Android 4.x; Adobe AIR before 3.8.0.1430; and Adobe AIR SDK & Compiler before 3.8.0.1430 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-3361, CVE-2013-3362, and CVE-2013-3363. | ||||
| Applies to: flash-plugin |
Created: 2014-01-09 |
Updated: 2015-03-09 |
||
| ID: MITRE:21196 |
Title: RHSA-2013:1081: java-1.5.0-ibm security update |
Type: Software |
Bulletins:
MITRE:21196 |
Severity: Low |
| Description: Unspecified vulnerability in the Java Runtime Environment (JRE) in IBM Java 5.0 before 5.0 SR16-FP3, 6 before 6 SR14, 6.0.1 before 6.0.1 SR6, and 7 before 7 SR5 allows remote attackers to affect availability via unknown vectors. | ||||
| Applies to: java-1.5.0-ibm |
Created: 2014-01-09 |
Updated: 2015-03-09 |
||
| ID: MITRE:21131 |
Title: RHSA-2013:1060: java-1.7.0-ibm security update |
Type: Software |
Bulletins:
MITRE:21131 |
Severity: Low |
| Description: Unspecified vulnerability in the Java Runtime Environment (JRE) in IBM Java 5.0 before 5.0 SR16-FP3, 6 before 6 SR14, 6.0.1 before 6.0.1 SR6, and 7 before 7 SR5 allows remote attackers to affect availability via unknown vectors. | ||||
| Applies to: java-1.7.0-ibm |
Created: 2014-01-09 |
Updated: 2015-03-09 |
||
| ID: MITRE:21219 |
Title: RHSA-2013:1059: java-1.6.0-ibm security update |
Type: Software |
Bulletins:
MITRE:21219 |
Severity: Low |
| Description: Unspecified vulnerability in the Java Runtime Environment (JRE) in IBM Java 5.0 before 5.0 SR16-FP3, 6 before 6 SR14, 6.0.1 before 6.0.1 SR6, and 7 before 7 SR5 allows remote attackers to affect availability via unknown vectors. | ||||
| Applies to: java-1.6.0-ibm |
Created: 2014-01-09 |
Updated: 2015-03-09 |
||
| ID: MITRE:20942 |
Title: RHSA-2013:1035: flash-plugin security update |
Type: Software |
Bulletins:
MITRE:20942 |
Severity: Low |
| Description: Integer overflow in Adobe Flash Player before 11.7.700.232 and 11.8.x before 11.8.800.94 on Windows and Mac OS X, before 11.2.202.297 on Linux, before 11.1.111.64 on Android 2.x and 3.x, and before 11.1.115.69 on Android 4.x allows attackers to execute arbitrary code via PCM data that is not properly handled during resampling. | ||||
| Applies to: flash-plugin |
Created: 2014-01-09 |
Updated: 2015-03-09 |
||
| ID: MITRE:20910 |
Title: RHSA-2013:0941: flash-plugin security update |
Type: Software |
Bulletins:
MITRE:20910 |
Severity: Low |
| Description: Adobe Flash Player before 10.3.183.90 and 11.x before 11.7.700.224 on Windows, before 10.3.183.90 and 11.x before 11.7.700.225 on Mac OS X, before 10.3.183.90 and 11.x before 11.2.202.291 on Linux, before 11.1.111.59 on Android 2.x and 3.x, and before 11.1.115.63 on Android 4.x; Adobe AIR before 3.7.0.2090 on Windows and Android and before 3.7.0.2100 on Mac OS X; and Adobe AIR SDK & Compiler before 3.7.0.2090 on Windows and before 3.7.0.2100 on Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. | ||||
| Applies to: flash-plugin |
Created: 2014-01-09 |
Updated: 2015-03-09 |
||
| ID: MITRE:21241 |
Title: RHSA-2013:0855: java-1.5.0-ibm security update |
Type: Software |
Bulletins:
MITRE:21241 |
Severity: Low |
| Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, 5.0 Update 41 and earlier, and JavaFX 2.2.7 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2013-2394 and CVE-2013-1491. | ||||
| Applies to: java-1.5.0-ibm |
Created: 2014-01-09 |
Updated: 2015-03-09 |
||
| ID: MITRE:20740 |
Title: RHSA-2013:0826: acroread security update |
Type: Software |
Bulletins:
MITRE:20740 |
Severity: Low |
| Description: Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2718, CVE-2013-2719, CVE-2013-2720, CVE-2013-2721, CVE-2013-2722, CVE-2013-2723, CVE-2013-2725, CVE-2013-2726, CVE-2013-2731, CVE-2013-2732, CVE-2013-2734, CVE-2013-2735, CVE-2013-2736, CVE-2013-3337, CVE-2013-3338, CVE-2013-3339, CVE-2013-3340, and CVE-2013-3341. | ||||
| Applies to: acroread |
Created: 2014-01-09 |
Updated: 2015-03-09 |
||
| ID: MITRE:21201 |
Title: RHSA-2013:0825: flash-plugin security update |
Type: Software |
Bulletins:
MITRE:21201 |
Severity: Low |
| Description: Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe AIR before 3.7.0.1860; and Adobe AIR SDK & Compiler before 3.7.0.1860 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2728, CVE-2013-3324, CVE-2013-3325, CVE-2013-3326, CVE-2013-3327, CVE-2013-3328, CVE-2013-3329, CVE-2013-3330, CVE-2013-3331, CVE-2013-3332, CVE-2013-3333, and CVE-2013-3334. | ||||
| Applies to: flash-plugin |
Created: 2014-01-09 |
Updated: 2015-03-09 |
||
| ID: MITRE:21111 |
Title: RHSA-2013:0823: java-1.6.0-ibm security update |
Type: Software |
Bulletins:
MITRE:21111 |
Severity: Low |
| Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and 6 Update 43 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2013-2435. | ||||
| Applies to: java-1.6.0-ibm |
Created: 2014-01-09 |
Updated: 2015-03-09 |
||
| ID: MITRE:20254 |
Title: RHSA-2013:0822: java-1.7.0-ibm security update |
Type: Software |
Bulletins:
MITRE:20254 |
Severity: Low |
| Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and 6 Update 43 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2013-2435. | ||||
| Applies to: java-1.7.0-ibm |
Created: 2014-01-09 |
Updated: 2015-03-09 |
||
| ID: MITRE:21078 |
Title: RHSA-2013:0730: flash-plugin security update |
Type: Software |
Bulletins:
MITRE:21078 |
Severity: Low |
| Description: Integer overflow in Adobe Flash Player before 10.3.183.75 and 11.x before 11.7.700.169 on Windows and Mac OS X, before 10.3.183.75 and 11.x before 11.2.202.280 on Linux, before 11.1.111.50 on Android 2.x and 3.x, and before 11.1.115.54 on Android 4.x; Adobe AIR before 3.7.0.1530; and Adobe AIR SDK & Compiler before 3.7.0.1530 allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2013. | ||||
| Applies to: flash-plugin |
Created: 2014-01-09 |
Updated: 2015-03-09 |
||
| ID: MITRE:20806 |
Title: RHSA-2013:0643: flash-plugin security update |
Type: Software |
Bulletins:
MITRE:20806 |
Severity: Low |
| Description: Heap-based buffer overflow in Adobe Flash Player before 10.3.183.68 and 11.x before 11.6.602.180 on Windows and Mac OS X, before 10.3.183.68 and 11.x before 11.2.202.275 on Linux, before 11.1.111.44 on Android 2.x and 3.x, and before 11.1.115.48 on Android 4.x; Adobe AIR before 3.6.0.6090; Adobe AIR SDK before 3.6.0.6090; and Adobe AIR SDK & Compiler before 3.6.0.6090 allows attackers to execute arbitrary code via unspecified vectors. | ||||
| Applies to: flash-plugin |
Created: 2014-01-09 |
Updated: 2015-03-09 |
||
| ID: MITRE:21040 |
Title: RHSA-2013:0626: java-1.7.0-ibm security update |
Type: Software |
Bulletins:
MITRE:21040 |
Severity: Low |
| Description: The color management (CMM) functionality in the 2D component in Oracle Java SE 7 Update 15 and earlier, 6 Update 41 and earlier, and 5.0 Update 40 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (crash) via an image with crafted raster parameters, which triggers (1) an out-of-bounds read or (2) memory corruption in the JVM, as exploited in the wild in February 2013. | ||||
| Applies to: java-1.7.0-ibm |
Created: 2014-01-09 |
Updated: 2015-03-09 |
||
| ID: MITRE:21077 |
Title: RHSA-2013:0625: java-1.6.0-ibm security update |
Type: Software |
Bulletins:
MITRE:21077 |
Severity: Low |
| Description: The color management (CMM) functionality in the 2D component in Oracle Java SE 7 Update 15 and earlier, 6 Update 41 and earlier, and 5.0 Update 40 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (crash) via an image with crafted raster parameters, which triggers (1) an out-of-bounds read or (2) memory corruption in the JVM, as exploited in the wild in February 2013. | ||||
| Applies to: java-1.6.0-ibm |
Created: 2014-01-09 |
Updated: 2015-03-09 |
||
| ID: MITRE:21109 |
Title: RHSA-2013:0624: java-1.5.0-ibm security update |
Type: Software |
Bulletins:
MITRE:21109 |
Severity: Low |
| Description: The color management (CMM) functionality in the 2D component in Oracle Java SE 7 Update 15 and earlier, 6 Update 41 and earlier, and 5.0 Update 40 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (crash) via an image with crafted raster parameters, which triggers (1) an out-of-bounds read or (2) memory corruption in the JVM, as exploited in the wild in February 2013. | ||||
| Applies to: java-1.5.0-ibm |
Created: 2014-01-09 |
Updated: 2015-03-09 |
||
| ID: MITRE:20438 |
Title: RHSA-2013:0574: flash-plugin security update |
Type: Software |
Bulletins:
MITRE:20438 |
Severity: Low |
| Description: Unspecified vulnerability in the ExternalInterface ActionScript functionality in Adobe Flash Player before 10.3.183.67 and 11.x before 11.6.602.171 on Windows and Mac OS X, and before 10.3.183.67 and 11.x before 11.2.202.273 on Linux, allows remote attackers to execute arbitrary code via crafted SWF content, as exploited in the wild in February 2013. | ||||
| Applies to: flash-plugin |
Created: 2014-01-09 |
Updated: 2015-03-09 |
||
| ID: MITRE:21027 |
Title: RHSA-2013:0551: acroread security update |
Type: Software |
Bulletins:
MITRE:21027 |
Severity: Low |
| Description: Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.4, 10.x before 10.1.6, and 11.x before 11.0.02 allows remote attackers to execute arbitrary code via a crafted PDF document, as exploited in the wild in February 2013. | ||||
| Applies to: acroread |
Created: 2014-01-09 |
Updated: 2015-03-09 |
||
| ID: MITRE:20801 |
Title: RHSA-2013:0254: flash-plugin security update |
Type: Software |
Bulletins:
MITRE:20801 |
Severity: Low |
| Description: Use-after-free vulnerability in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x; Adobe AIR before 3.6.0.597; and Adobe AIR SDK before 3.6.0.599 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0644 and CVE-2013-0649. | ||||
| Applies to: flash-plugin |
Created: 2014-01-09 |
Updated: 2015-03-09 |
||
| ID: MITRE:20926 |
Title: RHSA-2013:0243: flash-plugin security update |
Type: Software |
Bulletins:
MITRE:20926 |
Severity: Low |
| Description: Adobe Flash Player before 10.3.183.51 and 11.x before 11.5.502.149 on Windows and Mac OS X, before 10.3.183.51 and 11.x before 11.2.202.262 on Linux, before 11.1.111.32 on Android 2.x and 3.x, and before 11.1.115.37 on Android 4.x allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted SWF content, as exploited in the wild in February 2013. | ||||
| Applies to: flash-plugin |
Created: 2014-01-09 |
Updated: 2015-03-09 |
||
| ID: MITRE:20442 |
Title: RHSA-2013:0150: acroread security update |
Type: Software |
Bulletins:
MITRE:20442 |
Severity: Low |
| Description: Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0606, CVE-2013-0612, CVE-2013-0615, CVE-2013-0617, and CVE-2013-0621. | ||||
| Applies to: acroread |
Created: 2014-01-09 |
Updated: 2015-03-09 |
||
| ID: MITRE:21009 |
Title: RHSA-2013:0149: flash-plugin security update |
Type: Software |
Bulletins:
MITRE:21009 |
Severity: Low |
| Description: Buffer overflow in Adobe Flash Player before 10.3.183.50 and 11.x before 11.5.502.146 on Windows and Mac OS X, before 10.3.183.50 and 11.x before 11.2.202.261 on Linux, before 11.1.111.31 on Android 2.x and 3.x, and before 11.1.115.36 on Android 4.x; Adobe AIR before 3.5.0.1060; and Adobe AIR SDK before 3.5.0.1060 allows attackers to execute arbitrary code via unspecified vectors. | ||||
| Applies to: flash-plugin |
Created: 2014-01-09 |
Updated: 2015-03-09 |
||
| ID: CVE-2014-0653 |
Title: The Identity Firewall (IDFW) functionality in Cisco Adaptive Security Appliance (ASA) Software allows remote attackers to trigger authentication-state modifications via a crafted NetBIOS logout probe response, aka Bug ID CSCuj45340. |
Type: Hardware |
Bulletins:
CVE-2014-0653 SFBID64708 |
Severity: Medium |
| Description: The Identity Firewall (IDFW) functionality in Cisco Adaptive Security Appliance (ASA) Software allows remote attackers to trigger authentication-state modifications via a crafted NetBIOS logout probe response, aka Bug ID CSCuj45340. | ||||
| Applies to: |
Created: 2014-01-08 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-0655 |
Title: The Identity Firewall (IDFW) functionality in Cisco Adaptive Security Appliance (ASA) Software allows remote attackers to change the user-cache contents via a replay attack involving crafted RADIUS Change of Authorization (CoA) messages, aka Bug ID... |
Type: Hardware |
Bulletins:
CVE-2014-0655 SFBID64700 |
Severity: Medium |
| Description: The Identity Firewall (IDFW) functionality in Cisco Adaptive Security Appliance (ASA) Software allows remote attackers to change the user-cache contents via a replay attack involving crafted RADIUS Change of Authorization (CoA) messages, aka Bug ID CSCuj45332. | ||||
| Applies to: |
Created: 2014-01-08 |
Updated: 2024-01-17 |
||
| ID: CVE-2013-6982 |
Title: The BGP implementation in Cisco NX-OS 6.2(2a) and earlier does not properly handle the interaction of UPDATE messages with IPv6, VPNv4, and VPNv6 labeled unicast-address families, which allows remote attackers to cause a denial of service (peer... |
Type: Hardware |
Bulletins:
CVE-2013-6982 SFBID64670 |
Severity: Medium |
| Description: The BGP implementation in Cisco NX-OS 6.2(2a) and earlier does not properly handle the interaction of UPDATE messages with IPv6, VPNv4, and VPNv6 labeled unicast-address families, which allows remote attackers to cause a denial of service (peer reset) via a crafted message, aka Bug ID CSCuj03174. | ||||
| Applies to: |
Created: 2014-01-08 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-0657 |
Title: The administration portal in Cisco Unified Communications Manager (Unified CM) 9.1(1) and earlier does not properly handle role restrictions, which allows remote authenticated users to bypass role-based access control via multiple visits to a... |
Type: Hardware |
Bulletins:
CVE-2014-0657 SFBID64690 |
Severity: Medium |
| Description: The administration portal in Cisco Unified Communications Manager (Unified CM) 9.1(1) and earlier does not properly handle role restrictions, which allows remote authenticated users to bypass role-based access control via multiple visits to a forbidden portal URL, aka Bug ID CSCuj83540. | ||||
| Applies to: Unified Communications Manager |
Created: 2014-01-08 |
Updated: 2024-01-17 |
||
