Hackin9
 
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Oracle MySQL Server CVE-2014-4287 Remote Security Vulnerability
 
Oracle MySQL Server CVE-2014-6463 Remote Security Vulnerability
 
Oracle MySQL Server CVE-2014-6507 Remote Security Vulnerability
 
Oracle MySQL Server CVE-2014-6559 Remote Security Vulnerability
 
Oracle MySQL Server CVE-2014-6520 Remote Security Vulnerability
 
Check Point Security Gateway Multiple Denial of Service Vulnerabilities
 

Apple today released updates for iOS 8 and OS X 10.10 (Yosemite) . Here are some of the highlights from a security point of view:

OS 10.10.1

(approx. listed in order of severity)

CVE Impact ISC Rating Description
2014-4459 Remote Code Execution critical A vulnerability in Webkit could allow a malicious site to execute arbitrary code
2014-4453 Information Leakage important The index Spotlight creates on a removable drive may include content from other drives. This vulnerability was recently discussed publicly in a blog and the author discovered e-mail fragment in the Spotlight index created on a USB drive.
2014-4460 Information Leakage important Safari may not delete all cached files after leaving private browsing. If a user visits a site without private browsing after visiting the same site with private browsing enabled, then the site may be able to connect the two visits.
2014-4458 Information Leakage important The About this Mac feature includes unnecessary details that are reported back to Apple to determine the system model

iOS

CVE Impact Severity Description
CVE-2014-4452
CVE-2014-4462
remote code execution critical Webkit issues that will lead to arbitrary code execution when visting a malicious webpage
CVE-2014-4455 unsigned code exeuction important A local user may execute unsinged code
CVE-2014-4460 information leakage important Safari doesnt delete all cached files when leaving private mode
CVE-2014-4461 privilege escalation important A malicious application may execute arbitrary codes using System privileges.
CVE-2014-4451 security feature bypass important An attacker may be able to exceed the maximum passcode attempt limit to bypass the lockscreen.
CVE-2014-4463 information leakage important the leave message feature in Facetime may have allowed sending photos from the device.
CVE-2014-4457 code execution important the debug feature would allow applications to be spawned that were not being debugged.
CVE-2014-4453 informtion leakage important iOS would submit the devices location to Spotlight Suggestion servers before the user entered a query

Apple TV

CVE Impact Severity Description
CVE-2014-4462 Code Execution Critical A memory corruption in WebKit may be used to terminate applications or run arbitrary code.
CVE-2014-4455 Code Execution Important A local user may execute unsigned code
CVE-2014-4461 Privilege Elevation Important A malicious application may be able to execute arbitrary code with system privileges.

---
Johannes B. Ullrich, Ph.D.
STI|Twitter|LinkedIn

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Moodle CVE-2014-7833 Information Disclosure Vulnerability
 

Network World

The top infosec issues of 2014
Network World
There is still time for any list of the “top information security issues of 2014” to be rendered obsolete. The holiday shopping season is just getting into high gear, after all, and everybody knows it was from late November to mid-December last year ...

and more »
 
LinuxSecurity.com: Updated mariadb packages that fix several security issues are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security [More...]
 
LinuxSecurity.com: Updated mysql55-mysql packages that fix several security issues are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Important security [More...]
 
LinuxSecurity.com: Updated mariadb55-mariadb packages that fix several security issues are now available for Red Hat Software Collections 1. Red Hat Product Security has rated this update as having Important security [More...]
 
LinuxSecurity.com: Updated mysql55-mysql packages that fix several security issues are now available for Red Hat Software Collections 1. Red Hat Product Security has rated this update as having Important security [More...]
 
LinuxSecurity.com: New mozilla-thunderbird packages are available for Slackware 14.1 to fix security issues. [More Info...]
 
LinuxSecurity.com: Security Report Summary
 
LinuxSecurity.com: An absolute path traversal vulnerability could lead to arbitrary code execution.
 
[slackware-security] mozilla-thunderbird (SSA:2014-320-01)
 

CSO Online

The top infosec issues of 2014
CSO Online
There is still time for any list of the “top information security issues of 2014” to be rendered obsolete. The holiday shopping season is just getting into high gear, after all, and everybody knows it was from late November to mid-December last year ...

and more »
 
[SECURITY] [DSA 3073-1] libgcrypt11 security update
 
GnuTLS CVE-2014-8564 Multiple Heap Corruption Denial of Service Vulnerabilities
 
[security bulletin] HPSBGN03192 rev.1 - HP Remote Device Access: Instant Customer Access Server (iCAS) running OpenSSL, Remote Disclosure of Information
 
CVE-2014-8683 XSS in Gogs Markdown Renderer
 
CVE-2014-8682 Multiple Unauthenticated SQL Injections in Gogs
 
Internet Storm Center Infocon Status