RHBA-2015:2653-1: nodejs010 bug fix update
Red Hat Enterprise Linux: Updated nodejs010 packages that fix one bug are now available for Red Hat Software Collections. Source: rhn-errata
[월:] 2015년 12월
RHSA-2015:2620-1: Moderate: CFME 5.4.4 bug fixes, and enhancement update
Red Hat Enterprise Linux: Updated cfme packages that fix a security issue, several bugs, and add various enhancements are now available for Red Hat CloudForms 3.2. Red Hat Product Security has rated this update as having Moderate Security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. CVE-2015-7502 Source: rhn-errata
New Joomla Exploit CVE-2015-8562
There is a new zero day exploit in Joomla. Details are described in CVE-2015-8562. It is recommended that you update Joomla immediately, but if you cannot do that or cannot change the files on your backend servers, you can apply a fix in NGINX or NGINX Plus on the frontend. Note: We strongly advise to update your Joomla installations as soon as possible, even if you patch your site today with this NGINX config. You can read about the exploit and the patch at the Joomla site, the Sucuri blog, or Ars Technica, among others. Identifying the Attack The original attacks came from these IP addresses: On 12 December 2015 – 74.3.170.33 On 13 December 2015 – 146.0.72.83 and 194.28.174.106 The attack is usually performed by modifying the User-Agent header and can be identified by these values inside the header: JDatabaseDriverMysqli and O: (capital [ more… ]
USN-2837-1: Bind vulnerability
Ubuntu Security Notice USN-2837-1 15th December, 2015 bind9 vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.10 Ubuntu 15.04 Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary Bind could be made to crash if it received specially crafted network traffic. Software description bind9 – Internet Domain Name Server Details It was discovered that Bind incorrectly handled responses with malformedclass attributes. A remote attacker could use this issue to cause Bind tocrash, resulting in a denial of service. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 15.10: bind9 1:9.9.5.dfsg-11ubuntu1.1 Ubuntu 15.04: bind9 1:9.9.5.dfsg-9ubuntu0.4 Ubuntu 14.04 LTS: bind9 1:9.9.5.dfsg-3ubuntu0.6 Ubuntu 12.04 LTS: bind9 1:9.8.1.dfsg.P1-4ubuntu0.14 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2015-8000 Source: ubuntu-usn
USN-2833-1: Firefox vulnerabilities
Ubuntu Security Notice USN-2833-1 15th December, 2015 firefox vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.10 Ubuntu 15.04 Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary Firefox could be made to crash or run programs as your login if it opened a malicious website. Software description firefox – Mozilla Open Source web browser Details Andrei Vaida, Jesse Ruderman, Bob Clary, Christian Holler, Jesse Ruderman,Eric Rahm, Robert Kaiser, Harald Kirschner, and Michael Henrettydiscovered multiple memory safety issues in Firefox. If a user weretricked in to opening a specially crafted website, an attacker couldpotentially exploit these to cause a denial of service via applicationcrash, or execute arbitrary code with the privileges of the user invokingFirefox. (CVE-2015-7201, CVE-2015-7202) Ronald Crane discovered three buffer overflows through code inspection.If a user were tricked in to opening a specially crafted website, [ more… ]