Red Hat Security Advisory 2015-1177-01 - Red Hat JBoss A-MQ, based on Apache ActiveMQ, is a standards-compliant messaging system that is tailored for use in mission critical applications. Red Hat JBoss A-MQ 6.2.0 is a minor product release that updates Red Hat JBoss A-MQ 6.1.0 and includes several bug fixes and enhancements.
c9adeea3a960e9023bf77969db57bb2de16626cb8200390698e69ed2fd214a63
Red Hat Security Advisory 2015-1176-01 - Red Hat JBoss Fuse, based on Apache ServiceMix, provides a small-footprint, flexible, open source enterprise service bus and integration platform. The following security fixes are addressed in this release: It was found that async-http-client would disable SSL/TLS certificate verification under certain conditions, for example if HTTPS communication also used client certificates. A man-in-the-middle attacker could use this flaw to spoof a valid certificate. It was found that async-http-client did not verify that the server hostname matched the domain name in the subject's Common Name or subjectAltName field in X.509 certificates. This could allow a man-in-the-middle attacker to spoof an SSL server if they had a certificate that was valid for any domain name.
5b62a88300e3d3a984e66c33f540e2c9e0a241d1cb41eb116da6198f4b034f4c
EMC Documentum Thumbnail Server contains a directory traversal vulnerability that could potentially be exploited by malicious users to compromise the affected system. Versions 6.7SP1, 6.7SP2, 7.0, 7.1, and 7.2 are affected.
65f6e0d65c42ddbdcb2a59562211a3441c788baafed82f99fdc4a58870a62e44
EMC Documentum D2 contains a cross site scripting vulnerability that could potentially be exploited by malicious users to compromise the affected system. Versious 4.1, 4.2, and 4.5 are affected.
d63acf8734b5f631519f1ea06e1d70f948774e546a0b8b1f4c8ad7f39896126a
The FreeRADIUS server relies on OpenSSL to perform certificate validation, including Certificate Revocation List (CRL) checks. The FreeRADIUS usage of OpenSSL, in CRL application, limits the checks to leaf certificates, therefore not detecting revocation of intermediate CA certificates. An unexpired client certificate, issued by an intermediate CA with a revoked certificate, is therefore accepted by FreeRADIUS. Versions equal to and below 2.2.7 and 3.0.8 are affected.
f44ceb4ece64f245dca32d4e44eaa21e29c75abd2daf06b1fa52ef60f318b7bc
HP Security Bulletin HPSBMU03356 1 - A potential security vulnerability has been identified with HP Business Service Automation Essentials (BSAE) running TLS. This is the TLS vulnerability using US export-grade 512-bit keys in Diffie-Hellman key exchange known as "Logjam" which could be exploited remotely resulting in disclosure of information. Revision 1 of this advisory.
0460cfc09f1d91b07bbdaac7eb563a04d8545a18f9bc8815fa251d6e639ca183
Red Hat Security Advisory 2015-1153-01 - Mailman is a program used to help manage email discussion lists. It was found that mailman did not sanitize the list name before passing it to certain MTAs. A local attacker could use this flaw to execute arbitrary code as the user running mailman. Previously, it was impossible to configure Mailman in a way that Domain-based Message Authentication, Reporting & Conformance would recognize Sender alignment for Domain Key Identified Mail signatures. Consequently, Mailman list subscribers that belonged to a mail server with a "reject" policy for DMARC, such as yahoo.com or AOL.com, were unable to receive Mailman forwarded messages from senders residing in any domain that provided DKIM signatures. With this update, domains with a "reject" DMARC policy are recognized correctly, and Mailman list administrators are able to configure the way these messages are handled. As a result, after a proper configuration, subscribers now correctly receive Mailman forwarded messages in this scenario.
3d985a75ad520e9d32dc40dc407d5272dec00095877d0f014e8d7835cae3ba1f
Red Hat Security Advisory 2015-1139-01 - The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. It was found that the Linux kernel's implementation of vectored pipe read and write functionality did not take into account the I/O vectors that were already processed when retrying after a failed atomic access operation, potentially resulting in memory corruption due to an I/O vector array overrun. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system.
edf6a2a888e1f12e7dc662266281129cfaba312336e0fc5b027d706bd9acab86
Red Hat Security Advisory 2015-1154-01 - Libreswan is an implementation of IPsec & IKE for Linux. IPsec is the Internet Protocol Security and uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks such as virtual private network. A flaw was discovered in the way Libreswan's IKE daemon processed certain IKEv1 payloads. A remote attacker could send specially crafted IKEv1 payloads that, when processed, would lead to a denial of service.
efabc6b1f6c23dfaa0f6f4ec4221f9503c2a4cab00e81c247567f72882a190ca
Red Hat Security Advisory 2015-1137-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. It was found that the Linux kernel's implementation of vectored pipe read and write functionality did not take into account the I/O vectors that were already processed when retrying after a failed atomic access operation, potentially resulting in memory corruption due to an I/O vector array overrun. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system.
b0d41a4e75261540327de9609c7f84e2f2c54a7eabc27611a2cfb4708a7cd5fd
Red Hat Security Advisory 2015-1138-01 - The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. It was found that the Linux kernel's implementation of vectored pipe read and write functionality did not take into account the I/O vectors that were already processed when retrying after a failed atomic access operation, potentially resulting in memory corruption due to an I/O vector array overrun. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system.
bc6b92e674b8c59bb4c70d6ba01e90053bbee07767a1b4dc571aa00572108c9e
Debian Linux Security Advisory 3293-1 - Tim McLean discovered that pyjwt, a Python implementation of JSON Web Token, would try to verify an HMAC signature using an RSA or ECDSA public key as secret. This could allow remote attackers to trick applications expecting tokens signed with asymmetric keys, into accepting arbitrary tokens.
c91b5da63a86d6e83b97542702b63969ec45eef3dc789546f1daf299a0a515b2
Red Hat Security Advisory 2015-1135-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A flaw was found in the way the PHP module for the Apache httpd web server handled pipelined requests. A remote attacker could use this flaw to trigger the execution of a PHP script in a deinitialized interpreter, causing it to crash or, possibly, execute arbitrary code. A flaw was found in the way PHP parsed multipart HTTP POST requests. A specially crafted request could cause PHP to use an excessive amount of CPU time.
cd29d265756a82b81294b5b57ef3c66093befd38401aca38c86228d6f38a5a66
Smalisca is a static code analysis tool for Smali files.
c01aa506d6ff25651d6879d25008ed2498b6c01d0127d349319f4332c039cbc7
WordPress NextEnd Connect plugin version 1.5.4 suffers from a cross site scripting vulnerability.
8967112d4e0b087a9c98f874a79f8d302c634061fdc5641c6b3e1c707037d480
WordPress Revslider plugin suffers from cross site scripting and remote shell upload vulnerabilities.
36a172246b28821efbbddd74fa15559539df7db7fe943afe36e9ba491cdc5324