DEBIAN-CVE-2016-0753

Active Model in Ruby on Rails 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 supports the use of instance-level writers for class accessors, which allows remote attackers to bypass intended validation steps via crafted parameters...

[SECURITY] [DSA 3431-2] ganeti regression update

------------------------------------------------------------------------- Debian Security Advisory DSA-3431-2 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso January 14, 2016 https://www.debian.org/security/faq -...

CVE-2015-7548

OpenStack Compute Nova before 2015.1.3 kilo and 12.0.x before 12.0.1 liberty, when using libvirt to spawn instances and usecowimages is set to false, allow remote authenticated users to read arbitrary files by overwriting an instance disk with a crafted image and requesting a snapshot...

Stack overflow

OpenStack Compute Nova before 2015.1.3 kilo and 12.0.x before 12.0.1 liberty, when using libvirt to spawn instances and usecowimages is set to false, allow remote authenticated users to read arbitrary files by overwriting an instance disk with a crafted image and requesting a snapshot...

CVE-2015-7548

CVE-2015-7548 affects OpenStack Nova (Kilo/liberty branch) and allows a local authenticated user to read host files by overwriting an instance disk with a crafted image and requesting a snapshot. The root cause is in the instance snapshot flow when using libvirt/early Nova code paths, enabling ar...

CVE-2015-7548

OpenStack Compute Nova before 2015.1.3 kilo and 12.0.x before 12.0.1 liberty, when using libvirt to spawn instances and usecowimages is set to false, allow remote authenticated users to read arbitrary files by overwriting an instance disk with a crafted image and requesting a snapshot...

Groups to Synchronise membership filter in Crowd/JIRA authentication not effective in some circumstances

Users existing in remote Crowd/JIRA authentication source may get access to FishEye/Crucible instance even if they are not members of specified "Groups to Synchronise"...

Stronger algorithm used to digest instance admin password

Let's use PKCS5S2...

SUSE-SU-2016:0042-1 Security update for rubygem-passenger

This update fixes the following security issues: - CVE-2015-7519: Passenger is not filtering environment like apache is doing bnc956281 - CVE-2013-4136: Fixed security issue Passenger would reuse existing server instance directories temporary directories which could cause Passenger to remove or...

FreeBSD : qemu and xen-tools -- denial of service vulnerabilities in AMD PC-Net II NIC support (405446f4-b1b3-11e5-9728-002590263bf5)

Prasad J Pandit, Red Hat Product Security Team, reports : Qemu emulator built with the AMD PC-Net II Ethernet Controller support is vulnerable to a heap buffer overflow flaw. While receiving packets in the loopback mode, it appends CRC code to the receive buffer. If the data size given is same as...

SUSE-SU-2015:2220-1 Security update for openstack-nova and openstack-neutron

This update for openstack-nova and openstack-neutron provides various fixes and improvements. openstack-nova: - Fix instance filtering. bsc927625 - Remove error messages from multipath command output before parsing. bsc949529 - Fix live-migration usage of the wrong connector information. - Added...

SUSE-SU-2015:2219-1 Security update for openstack-nova

This update for openstack-nova provides various fixes and improvements: - Fix regression where launched instances in tenants not visible for other users. bsc927625 - Remove error messages from multipath command output before parsing. bsc949529 - Fix live-migration usage of the wrong connector...

grub2 security update

CentOS Errata and Security Advisory CESA-2015:2401 Updated grub2 packages that fix one security issue, several bugs, and add one enhancement are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Low security impact. A Common Vulnerability Scori...

[SECURITY] Fedora 21 Update: cyrus-imapd-2.4.18-1.fc21

The cyrus-imapd package contains the core of the Cyrus IMAP server. It is a scaleable enterprise mail system designed for use from small to large enterprise environments using standards-based internet mail technologies. A full Cyrus IMAP implementation allows a seamless mail and bulletin board...

CVE-2015-6855

hw/ide/core.c in QEMU does not properly restrict the commands accepted by an ATAPI device, which allows guest users to cause a denial of service or possibly have unspecified other impact via certain IDE commands, as demonstrated by a WINREADNATIVEMAX command to an empty drive, which triggers a...

CVE-2015-5955

ownCloud iOS app before 3.4.4 does not properly switch state between multiple instances, which might allow remote instance administrators to obtain sensitive credential and cookie information by reading authentication headers...

Authentication flaw

ownCloud iOS app before 3.4.4 does not properly switch state between multiple instances, which might allow remote instance administrators to obtain sensitive credential and cookie information by reading authentication headers...

CVE-2015-7713

OpenStack Compute Nova before 2014.2.4 juno and 2015.1.x before 2015.1.2 kilo do not properly apply security group changes, which allows remote attackers to bypass intended restriction by leveraging an instance that was running when the change was made...

CVE-2015-7713

OpenStack Compute Nova before 2014.2.4 juno and 2015.1.x before 2015.1.2 kilo do not properly apply security group changes, which allows remote attackers to bypass intended restriction by leveraging an instance that was running when the change was made...

UBUNTU-CVE-2015-7713

OpenStack Compute Nova before 2014.2.4 juno and 2015.1.x before 2015.1.2 kilo do not properly apply security group changes, which allows remote attackers to bypass intended restriction by leveraging an instance that was running when the change was made...