VMware Security Advisory 2014-0012 - VMware vSphere product updates address a Cross Site Scripting issue, a certificate validation issue and security vulnerabilities in third-party libraries.
7ae55e0d099a866f9060eaf2dd855d5f0aec675081fb0bc4925cd992333a41a6Debian Linux Security Advisory 2880-1 - Multiple security issues were discovered in Python.
4bbbad989a87630a2521f420870888b954d2c25ff56fe58c1ddac728c24ed5cbRed Hat Security Advisory 2013-1582-02 - Python is an interpreted, interactive, object-oriented programming language. A flaw was found in the way the Python SSL module handled X.509 certificate fields that contain a NULL byte. An attacker could potentially exploit this flaw to conduct man-in-the-middle attacks to spoof SSL servers. Note that to exploit this issue, an attacker would need to obtain a carefully crafted certificate signed by an authority that the client trusts. These updated python packages include numerous bug fixes and one enhancement. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Enterprise Linux 6.5 Technical Notes, linked to in the References, for information on the most significant of these changes.
5318bfc58a04f6c630a98000db359d1fd38a86056966b53d50fec165f8a5e4e4Red Hat Security Advisory 2013-1527-01 - The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine hypervisor. It includes everything necessary to run and manage virtual machines: a subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions. Upgrade Note: If you upgrade the Red Hat Enterprise Virtualization Hypervisor through the 3.2 Manager administration portal, the Host may appear with the status of "Install Failed". If this happens, place the host into maintenance mode, then activate it again to get the host back to an "Up" state.
14c05f5415b232ba5013430dc6302052cda7f8421372edc37ce49c0008e3a968Ubuntu Security Notice 1985-1 - Florian Weimer discovered that Python incorrectly handled matching multiple wildcards in ssl certificate hostnames. An attacker could exploit this to cause Python to consume resources, resulting in a denial of service. Ryan Sleevi discovered that Python did not properly handle certificates with NULL characters in the Subject Alternative Name field. An attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications. Various other issues were also addressed.
0f366392969f20155d45311d551bc121f8cca2af29a02d07e5e1e546d84e407fUbuntu Security Notice 1983-1 - Florian Weimer discovered that Python incorrectly handled matching multiple wildcards in ssl certificate hostnames. An attacker could exploit this to cause Python to consume resources, resulting in a denial of service. This issue only affected Ubuntu 13.04. Ryan Sleevi discovered that Python did not properly handle certificates with NULL characters in the Subject Alternative Name field. An attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications. Various other issues were also addressed.
9ab7514520e21d4cb81b76c6be2121d9d8ecc991fae05d293e5e8061b9f84a2aUbuntu Security Notice 1984-1 - Florian Weimer discovered that Python incorrectly handled matching multiple wildcards in ssl certificate hostnames. An attacker could exploit this to cause Python to consume resources, resulting in a denial of service. Ryan Sleevi discovered that Python did not properly handle certificates with NULL characters in the Subject Alternative Name field. An attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications. Various other issues were also addressed.
c673c920639adac95e57596bc8aab64ff8ca0183257ddb8017aaad829ee17e9aUbuntu Security Notice 1982-1 - Ryan Sleevi discovered that Python did not properly handle certificates with NULL characters in the Subject Alternative Name field. An attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications.
bc6597611282dc3a251d61da8083bd226403c9d6532f0fcc3ca5d47ce5ee0b7e
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed