CVE-2014-3427 CRLF Injection and CVE-2014-3428 XSS Injection in Yealink VoIP Phones

I. ADVISORY CVE-2014-3427 CRLF Injection in Yealink VoIP Phones CVE-2014-3428 XSS vulnerabilities in Yealink VoIP Phones Date published: 06/12/2014 Vendor Contacted: 05/08/2014 II. BACKGROUND Yealink is a manufacturer of VoIP and Video products. To minimize noise read more at:

[slackware-security] mozilla-thunderbird (SSA:2014-163-01)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [slackware-security] mozilla-thunderbird (SSA:2014-163-01) New mozilla-thunderbird packages are available for Slackware 14.1 and -current to fix security issues. Here are the details from the Slackware 14.1 ChangeLog: +--+

[SECURITY] [DSA 2957-1] mediawiki security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - Debian Security Advisory DSA-2957-1 secur...@debian.org http://www.debian.org/security/ Thijs Kinkhorst June 12, 2014

[SECURITY] [DSA 2958-1] apt security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - Debian Security Advisory DSA-2958-1 secur...@debian.org http://www.debian.org/security/ Thijs Kinkhorst June 12, 2014

AST-2014-005: Remote Crash in PJSIP Channel Driver's Publish/Subscribe Framework

Asterisk Project Security Advisory - AST-2014-005 ProductAsterisk SummaryRemote Crash in PJSIP Channel Driver's Publish/Subscribe Framework

AST-2014-007: Exhaustion of Allowed Concurrent HTTP Connections

Asterisk Project Security Advisory - AST-2014-007 Product Asterisk Summary Exhaustion of Allowed Concurrent HTTP Connections Nature of Advisory Denial Of Service

AST-2014-008: Denial of Service in PJSIP Channel Driver Subscriptions

Asterisk Project Security Advisory - AST-2014-008 ProductAsterisk SummaryDenial of Service in PJSIP Channel Driver Subscriptions

[security bulletin] HPSBST03016 rev.4 - HP P2000 G3 MSA Array Systems, HP MSA 2040 Storage, and HP MSA 1040 Storage running OpenSSL, Remote Disclosure of Information

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04263038 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04263038 Version: 4 HPSBST03016

CVE-2014-0228: Apache Hive Authorization vulnerability

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 CVE-2014-0228: Apache Hive Authorization vulnerability Severity: Moderate Vendor: The Apache Software Foundation Versions affected: Apache Hive 0.13.0 Users affected: Users who have enabled SQL standards based authorization mode. Description:

AST-2014-006: Asterisk Manager User Unauthorized Shell Access

Asterisk Project Security Advisory - AST-2014-006 Product Asterisk Summary Asterisk Manager User Unauthorized Shell Access Nature of Advisory Permission Escalation

[security bulletin] HPSBUX03046 SSRT101590 rev.1 - HP-UX Running OpenSSL, Remote Denial of Service (DoS), Code Execution, Security Restriction Bypass, Disclosure of Information, or Unauthorized Access

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04336637 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04336637 Version: 1 HPSBUX03046

[SECURITY] CVE-2013-2251: Apache Continuum affected by Remote Command Execution

CVE-2013-2251: Apache Continuum affected by Remote Command Execution Severity: Important Vendor: The Apache Software Foundation Versions Affected: - Continuum 1.3.1 to Continuum 1.4.1 Description: Apache Continuum is affected by a vulnerability in the version of the Struts library being used,

[ MDVSA-2014:124 ] kernel

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2014:124 http://www.mandriva.com/en/support/security/