[security bulletin] HPSBUX03320 SSRT101952 rev.1 - HP-UX CIFS Server (Samba), Remote Denial of Service (DoS), Execution of Arbitrary Code, Unauthorized Access

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04636672

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04636672
Version: 1

HPSBUX03320 SSRT101952 rev.1 - HP-UX CIFS Server (Samba), Remote Denial of
Service (DoS), Execution of Arbitrary Code, Unauthorized Access

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release Date: 2015-04-28
Last Updated: 2015-04-28

Potential Security Impact: Remote Denial of Service (DoS), execution of
arbitrary code, unauthorized access.

Source: Hewlett-Packard Company, HP Software Security Response Team

[security bulletin] HPSBMU03241 rev.1 - HP Network Automation running SSLv3, Remote Disclosure of Information

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04539690

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04539690
Version: 1

HPSBMU03241 rev.1 - HP Network Automation running SSLv3, Remote Disclosure of
Information

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release Date: 2015-04-28
Last Updated: 2015-04-28

Potential Security Impact: Remote disclosure of information

Source: Hewlett-Packard Company, HP Software Security Response Team

ESA-2015-078: RSA® Identity Management and Governance (IMG) Insecure Password Reset Vulnerability

ESA-2015-078: RSA? Identity Management and Governance (IMG) Insecure Password Reset Vulnerability

EMC Identifier: ESA-2015-078

CVE Identifier: CVE-2015-0532

Severity Rating: CVSSv2 Base Score: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)

Affected Products:  

     -  RSA Identity Management and Governance (IMG) 6.9
     -  RSA IMG 6.9.1

Unaffected Products: 
     -  RSA IMG versions prior to 6.9

Summary:  
RSA IMG contains fixes for an insecure password reset vulnerability that could potentially be exploited by malicious users to compromise the affected system
 

[SECURITY] [DSA 3240-1] curl security update

Debian Security Advisory DSA-3240-1                   security@debian.org
http://www.debian.org/security/                        Alessandro Ghedini
April 29, 2015                         http://www.debian.org/security/faq
- ------------------------------------------------------------
-------------

Package        : curl
CVE ID         : CVE-2015-3153
Debian Bug     :

It was discovered that cURL, an URL transfer library, if configured to
use a proxy server with the HTTPS protocol, by default could send to the
proxy the same HTTP headers it sends to the destination server, possibly
leaking sensitive information.

For the stable distribution (jessie), this problem has been fixed in
version 7.38.0-4+deb8u2.

For the testing distribution (stretch), this problem will be fixed in
version 7.42.1-1.

For the unstable distribution (sid), this problem has been fixed in
version 7.42.1-1.

We recommend that you upgrade your curl packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org

[SECURITY] [DSA 3239-1] icecast2 security update

- ------------------------------------------------------------
-------------
Debian Security Advisory DSA-3239-1                   security@debian.org
http://www.debian.org/security/                        Alessandro Ghedini
April 29, 2015                         http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : icecast2
CVE ID         : CVE-2015-3026
Debian Bug     : 782120

Juliane Holzt discovered that Icecast2, a streaming media server, could
dereference a NULL pointer when URL authentication is configured and the
stream_auth URL is trigged by a client without setting any credentials.
This could allow remote attackers to cause a denial of service (crash).

For the stable distribution (jessie), this problem has been fixed in
version 2.4.0-1.1+deb8u1.

For the testing distribution (stretch), this problem will be fixed in
version 2.4.2-1.

For the unstable distribution (sid), this problem has been fixed in
version 2.4.2-1.

We recommend that you upgrade your icecast2 packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org

[security bulletin] HPSBGN03323 rev.1 - HP Business Service Automation Essentials Core with JBOSS, Remote Disclosure of Information

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04649560

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04649560
Version: 1

HPSBGN03323 rev.1 - HP Business Service Automation Essentials Core with
JBOSS, Remote Disclosure of Information

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release Date: 2015-04-29
Last Updated: 2015-04-29

Potential Security Impact: Remote disclosure of information

Source: Hewlett-Packard Company, HP Software Security Response Team

VULNERABILITY SUMMARY
A potential security vulnerability has been identified with HP Business
Service Automation Essentials Core with JBOSS that could allow the remote
disclosure of information.