Ubuntu Security Notice USN-2351-1

Ubuntu Security Notice 2351-1 – Antoine Delignat-Lavaud and Karthikeyan Bhargavan discovered that nginx incorrectly reused cached SSL sessions. An attacker could possibly use this issue in certain configurations to obtain access to information from a different virtual host.

Ubuntu Security Notice USN-2350-1

Ubuntu Security Notice 2350-1 – The NSS package contained outdated CA certificates. This update refreshes the NSS package to version 3.17 which includes the latest CA certificate bundle.

[ MDVA-2014:014 ] mediawiki

—–BEGIN PGP SIGNED MESSAGE—– Hash: SHA1 _______________________________________________________________________ Mandriva Linux Advisory MDVA-2014:014 http://www.mandriva.com/en/support/security/ _______________________________________________________________________ Package : mediawiki Date : September 22, 2014 Affected: Business Server 1.0 _______________________________________________________________________ Problem Description: This update provides MediaWiki 1.23.3, which fixes several bugs. _______________________________________________________________________ References: http://advisories.mageia.org/MGAA-2014-0170.html _______________________________________________________________________ Updated Packages: Mandriva Business Server 1/X86_64: a4c54a101474c76abb19b62aa49dc12d mbs1/x86_64/mediawiki-1.23.3-1.mbs1.noarch.rpm 876aa46509eca08888392ea248a669ef mbs1/x86_64/mediawiki-mysql-1.23.3-1.mbs1.noarch.rpm 2418d49bba28fe6dd1b57805e

[ MDVSA-2014:180 ] gnupg

—–BEGIN PGP SIGNED MESSAGE—– Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2014:180 http://www.mandriva.com/en/support/security/ _______________________________________________________________________ Package : gnupg Date : September 22, 2014 Affected: Business Server 1.0 _______________________________________________________________________ Problem Description: Updated gnupg packages fix security vulnerability: The gnupg program before version 1.4.16 is vulnerable to an ELGAMAL side-channel attack (CVE-2014-5270). _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5270 http://advisories.mageia.org/MGASA-2014-0381.html _______________________________________________________________________ Updated Packages: Mandriva Business Server 1/X86_64: …

HP Security Bulletin HPSBPI03107

HP Security Bulletin HPSBPI03107 – A potential security vulnerability has been identified with certain HP LaserJet Printers, MFPs and certain HP OfficeJet Enterprise Printers using OpenSSL. The vulnerability could be exploited remotely to allow remote unauthorized access. Note: This OpenSSL vulnerability was detected in specific OpenSSL versions. OpenSSL is a 3rd party product that is embedded with some HP printer …