Ubuntu Security Notice 2356-1 - Jack Morgenstein reported a flaw in the page handling of the KVM (Kerenl Virtual Machine) subsystem in the Linux kernel. A guest OS user could exploit this flaw to cause a denial of service (host OS memory corruption) or possibly have other unspecified impact on the host OS. Chris Evans reported an flaw in the Linux kernel's handling of iso9660 (compact disk filesystem) images. An attacker who can mount a custom iso9660 image either via a CD/DVD drive or a loopback mount could cause a denial of service (system crash or reboot). Various other issues were also addressed.
ce2fd3f7419d213c47c8c6b1fbeea798fbd8c810f8df48d686af866f5ffb68dbRed Hat Security Advisory 2014-1288-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. It was discovered that the implementation of org.hibernate.validator.util.ReflectionHelper together with the permissions required to run Hibernate Validator under the Java Security Manager could allow a malicious application deployed in the same application container to execute several actions with escalated privileges, which might otherwise not be possible. This flaw could be used to perform various attacks, including but not restricted to, arbitrary code execution in systems that are otherwise secured by the Java Security Manager.
c991ced44fef7bb991203a4ead263b61c8c1f6f53e189e60feca71610ed39418Ubuntu Security Notice 2353-1 - It was discovered that APT incorrectly handled certain http URLs. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to cause APT to crash, resulting in a denial of service, or possibly execute arbitrary code. In addition, this update fixes regressions introduced by the USN-2348-1 security update: APT incorrectly handled file:/// sources on a different partition, incorrectly handled Dir::state::lists set to a relative path, and incorrectly handled cdrom: sources. Various other issues were also addressed.
f18a6d99273ccea43f4ff13505d8b7b64673270f54fc2a22c95b75f5502949bcThis bulletin summary notes that MS14-055 has undergone a major revision increment as of September 23, 2014.
7e49f4a65656a8c1d41f3f15917fef8811b7317a8253711433dd361375197b18Logwatch analyzes and reports on unix system logs. It is a customizable and pluggable log monitoring system which will go through the logs for a given period of time and make a customizable report. It should work right out of the package on most systems.
35ec31f9fe981aaa727b144ab3ff2eb655997d8ccabaf66586458f5dfc3a56eb
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed