Important: Red Hat Bug Fix Advisory: nss, nss-softokn, nss-util, and nspr bug fix and enhancement update

Updated nss, nss-softokn, nss-util, and nspr packages that fix several bugs and add various enhancements are now available for Red Hat Enterprise Linux 7. Network Security Services NSS is a set of libraries designed to support cross-platform development of security-enabled client and server...

RHEL 7 : ipa (RHSA-2015:0442)

Updated ipa packages that fix two security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give...

CVE-2014-9644

The Crypto API in the Linux kernel before 3.18.5 allows local users to load arbitrary kernel modules via a bind system call for an AFALG socket with a parenthesized module template expression in the salgname field, as demonstrated by the vfataes expression, a different vulnerability than...

DEBIAN-CVE-2013-7421

The Crypto API in the Linux kernel before 3.18.5 allows local users to load arbitrary kernel modules via a bind system call for an AFALG socket with a module name in the salgname field, a different vulnerability than CVE-2014-9644...

CVE-2013-7421

The Crypto API in the Linux kernel before 3.18.5 allows local users to load arbitrary kernel modules via a bind system call for an AFALG socket with a module name in the salgname field, a different vulnerability than CVE-2014-9644...

CVE-2014-9644

The Crypto API in the Linux kernel before 3.18.5 allows local users to load arbitrary kernel modules via a bind system call for an AFALG socket with a parenthesized module template expression in the salgname field, as demonstrated by the vfataes expression, a different vulnerability than...

Debian DSA-3170-1 : linux - security update

Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, information leaks or privilege escalation. - CVE-2013-7421 / CVE-2014-9644 It was discovered that the Crypto API allowed unprivileged users to load arbitrary kernel modules. A local user can use...

Debian Security Advisory DSA 3170-1 (linux - security update)

Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, information leaks or privilege escalation. CVE-2013-7421 / CVE-2014-9644 It was discovered that the Crypto API allowed unprivileged users to load arbitrary kernel modules. A local user can use...

SuSE 11.3 Security Update : glibc (SAT Patch Number 10259)

glibc has been updated to fix security issues and bugs : - Fix crashes on invalid input in IBM gconv modules. CVE-2014-6040 / CVE-2012-6656, bsc894553, bsc894556, GLIBC BZ 17325, GLIBC BZ 14134 - Avoid infinite loop in nssdns getnetbyname. CVE-2014-9402 - Don't touch user-controlled stdio locks i...

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in administrator.php in Epignosis eFront Open Source Edition before 3.6.15.3 build 18022 allow remote attackers to hijack the authentication of administrators for requests that 1 delete modules via the deletemodule parameter, 2 deactivate...

CVE-2015-1559

Multiple cross-site request forgery CSRF vulnerabilities in administrator.php in Epignosis eFront Open Source Edition before 3.6.15.3 build 18022 allow remote attackers to hijack the authentication of administrators for requests that 1 delete modules via the deletemodule parameter, 2 deactivate...

eFront 3.6.15.2 Cross Site Request Forgery

Advisory: Multiple CSRF vulnerabilities in eFront v. 3.6.15.2 CE Advisory ID: SROEADV-2015-09 Author: Steffen Rösemann Affected Software: eFront v. 3.6.15.2 CE Release-date: 05-Dec-2014, build 18021 Vendor URL: http://www.efrontlearning.net Vendor Status: patched CVE-ID: - Tested with/on: -Browse...

Unbreakable Enterprise kernel security and bugfix update

2.6.39-400.246.2 - net: sctp: fix NULL pointer dereference in af-fromaddrparam on malformed packet Daniel Borkmann Orabug: 20425333 CVE-2014-7841 2.6.39-400.246.1 - sched: Fix possible divide by zero in avgatom calculation Mateusz Guzik Orabug: 20148169 - include/linux/math64.h: add div64ul Alex...

MGASA-2015-0041 Updated busybox packages fix CVE-2014-9645

Updated busybox packages fix security vulnerability: The modprobe command in busybox before 1.23.0 uses the basename of the module argument as the module to load, allowing arbitrary modules, even when some kernel subsystems try to prevent this CVE-2014-9645...

Juniper Junos MX Series Trio-based PFE Modules Security Bypass (JSA10666)

According to its self-reported version number, the remote Juniper Junos MX series device is affected by a security bypass vulnerability when processing stateless firewall filters on a device with Trio-based PFE modules with IPv4 filters. A remote attacker can exploit this issue to bypass stateles...

Juniper Networks Junos OS Firewall Bypass Vulnerability

Junos with the Trio-based PFE modules are affected from a security bybass vulnerability. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Regin Cyberespionage Malware Platform Modules Disclosed

The Regin malware platform used to steal secrets from government agencies, banks and GSM network operators caught the attention of security experts who called it one of the most advanced attack platforms that has been studied, surpassing Flame, Duqu, even Stuxnet. Researchers at Kaspersky Lab sai...

CVE-2014-3018

IBM BladeCenter SAS Connectivity Module aka NSSM and SAS RAID Module aka RSSM before 1.3.3.006 allow remote attackers to cause a denial of service reboot via a flood of IP packets...

Design/Logic Flaw

The stateless firewall in Juniper Junos 13.3R3, 14.1R1, and 14.1R2, when using Trio-based PFE modules, does not properly match ports, which might allow remote attackers to bypass firewall rule...

Oracle Linux 6 : glibc (ELSA-2015-0016)

The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2015-0016 advisory. - Fix crashes on invalid input in IBM gconv modules CVE-2014-6040, 1139571. Tenable has extracted the preceding description block directly from the...