Secunia Security Advisory - Red Hat has issued an update for Red Hat Enterprise MRG. This fixes two vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions and cause a DoS (Denial of Service).
5f972373e7767837a612cc10479569ad166935923684b9591298ddfaf6d98bfbSecunia Security Advisory - Red Hat has issued an update for kernel-rt. This fixes a vulnerability, which can be exploited by malicious, local users to cause a DoS (Denial of Service).
7315c976a37e396ababf59b64f0cdea015cc012332c28a22f239812956bea51aSecunia Security Advisory - A vulnerability has been reported in the Spambot module for Drupal, which can be exploited by malicious people to conduct script insertion attacks.
c0780b97845537dc2ccfac30b4bdb6eaceaa275471e69413998d1d007f1c5a1bUbuntu Security Notice 1575-1 - Ben Hutchings reported a flaw in the Linux kernel with some network drivers that support TSO (TCP segment offload). A local or peer user could exploit this flaw to to cause a denial of service. Jay Fenlason and Doug Ledford discovered a bug in the Linux kernel implementation of RDS sockets. A local unprivileged user could potentially use this flaw to read privileged information from the kernel. Various other issues were also addressed.
f1a4cb0f14b7e468ca8f31cc765e2754a30a436f936006e9bee22e0a33e0f1c1Ubuntu Security Notice 1574-1 - A flaw was found in how the Linux kernel passed the replacement session keyring to a child process. An unprivileged local user could exploit this flaw to cause a denial of service (panic). Ben Hutchings reported a flaw in the Linux kernel with some network drivers that support TSO (TCP segment offload). A local or peer user could exploit this flaw to to cause a denial of service. Jay Fenlason and Doug Ledford discovered a bug in the Linux kernel implementation of RDS sockets. A local unprivileged user could potentially use this flaw to read privileged information from the kernel. Various other issues were also addressed.
36e2cfb03bcfcfdfde68b1b5d6be895b43dbaadb1492d17096697dd233bd3610Red Hat Security Advisory 2012-1295-01 - JBoss Enterprise SOA Platform is the next-generation ESB and business process automation infrastructure. JBoss Enterprise SOA Platform allows IT to leverage existing, modern, and future integration methodologies to dramatically improve business process execution speed and quality. The Java Naming and Directory Interface Java API allows Java software clients to locate objects or services in an application server. It was found that the JBoss JNDI service allowed unauthenticated, remote write access by default. The JNDI and HA-JNDI services, and the HAJNDIFactory invoker servlet were all affected. A remote attacker able to access the JNDI service, HA-JNDI service, or the HAJNDIFactory invoker servlet on a JBoss server could use this flaw to add, delete, and modify items in the JNDI tree. This could have various, application-specific impacts.
fa9f0b5bd3772db56ad56822e0eada34a616d7bd3b5e11febf9bc5d13b923bf8Red Hat Security Advisory 2012-1282-01 - The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issue: It was found that a deadlock could occur in the Out of Memory killer. A process could trigger this deadlock by consuming a large amount of memory, and then causing request_module() to be called. A local, unprivileged user could use this flaw to cause a denial of service.
839d5afadf25d3eb111bf42adacbb33dc5c2c70530a84ebfb41f2a6d3fd044e4Red Hat Security Advisory 2012-1281-01 - Red Hat Enterprise MRG is a next-generation IT infrastructure for enterprise computing. MRG offers increased performance, reliability, interoperability, and faster computing for enterprise customers. A number of unprotected resources were found in Cumin. An unauthenticated user could bypass intended access restrictions, resulting in information disclosure. Cumin could generate weak session keys, potentially allowing remote attackers to predict session keys and obtain unauthorized access to Cumin.
987bbb62cc50d95e381cfb928977ec9fd63538c51d08d4ad1de2f990bf1b1ad0Red Hat Security Advisory 2012-1277-01 - Red Hat Enterprise MRG is a next-generation IT infrastructure for enterprise computing. MRG offers increased performance, reliability, interoperability, and faster computing for enterprise customers. MRG Messaging is a high-speed reliable messaging distribution for Linux based on AMQP, an open protocol standard for enterprise messaging that is designed to make mission critical messaging widely available as a standard service, and to make enterprise messaging interoperable across platforms, programming languages, and vendors. MRG Messaging includes an AMQP 0-10 messaging broker; AMQP 0-10 client libraries for C++, Java JMS, and Python; as well as persistence libraries and management tools.
261294db8d707e18d3b3d444d07e2c6a0c5d1fb5d516cbcd77cd65a2339bc088Red Hat Security Advisory 2012-1278-01 - Red Hat Enterprise MRG is a next-generation IT infrastructure for enterprise computing. MRG offers increased performance, reliability, interoperability, and faster computing for enterprise customers. A number of unprotected resources were found in Cumin. An unauthenticated user could bypass intended access restrictions, resulting in information disclosure. Cumin could generate weak session keys, potentially allowing remote attackers to predict session keys and obtain unauthorized access to Cumin.
8509fabf01c02fbf64b00b42713adef51fb9820c47569834e091014d0c522fc7Red Hat Security Advisory 2012-1269-01 - Apache Qpid is a reliable, cross-platform, asynchronous messaging system that supports the Advanced Message Queuing Protocol in several common programming languages. It was discovered that the Qpid daemon did not allow the number of connections from clients to be restricted. A malicious client could use this flaw to open an excessive amount of connections, preventing other legitimate clients from establishing a connection to qpidd. To address CVE-2012-2145, new qpidd configuration options were introduced: max-negotiate-time defines the time during which initial protocol negotiation must succeed, connection-limit-per-user and connection-limit-per-ip can be used to limit the number of connections per user and client host IP.
0e80be9c9dbf532779c2a52a84aa80ea19959c308e92669dce94fc8e8f74531dRed Hat Security Advisory 2012-1279-01 - Red Hat Enterprise MRG is a next-generation IT infrastructure for enterprise computing. MRG offers increased performance, reliability, interoperability, and faster computing for enterprise customers. MRG Messaging is a high-speed reliable messaging distribution for Linux based on AMQP, an open protocol standard for enterprise messaging that is designed to make mission critical messaging widely available as a standard service, and to make enterprise messaging interoperable across platforms, programming languages, and vendors. MRG Messaging includes an AMQP 0-10 messaging broker; AMQP 0-10 client libraries for C++, Java JMS, and Python; as well as persistence libraries and management tools.
cc4119f70cf21b63cac65be3bfac3b7cba11851efd05d2f15771355c78fe4e89
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed