Category: Security Bulletins
The Security Bulletins category provides quick and accurate information regarding IT security that may concern your server or account. We take security very seriously and work to ensure you are kept in the loop regarding these updates.We also maintain past security information should it be needed in the future.
Overview
A flaw in OpenSSH, discovered and reported by Qualys on Jan. 14, 2016, could potentially allow an information leak (CVE-2016-0777) or buffer overflow (CVE-2016-0778) via the OpenSSH client. Specifically, an undocumented feature called roaming, introduced in OpenSSH version 5.4, can be exploited to expose a client’s private SSH key.
Protecting Joomla Sites Against CVE-2015-8562
Overview
Joomla’s latest update addresses a critical remote command-execution vulnerability that has been actively exploited in the wild since at least Dec. 12, 2015.
Information on CVE-2015-5154
Overview
Information on CVE-2015-5154 was made public on July 27, 2015. The vulnerability is in QEMU, a generic and open source machine emulator and virtualizer that is utilized by Xen, KVM, and other modern hypervisors / virtualization platforms.
Reminder: Fedora 20 Now End-of-Life (EOL)
Three versions of the Fedora OS are always kept active, at any given time, by The Fedora Project. These would be: 1. the current release, 2. the release before the current release, and 3. a new release that is in development. Last month saw the launch of Fedora 22 and Fedora 23 is in development, thus the time of Fedora 20 is over.
Information on CVE-2015-3456 QEMU Vulnerability (VENOM)
VENOM, or Virtualized Environment Neglected Operations Manipulation, was made public on May 13, 2015. The vulnerability is in QEMU, a generic and open source machine emulator and virtualizer that is utilized by Xen, KVM, and other modern hypervisors / virtualization platforms.
How to Remove Cross-site Scripting Risk
The popular WordPress plugin WP Super Cache has been found to have a cross-site scripting (XSS) vulnerability in versions prior to 1.4.4. On sites with outdated versions, it is possible for an attacker to take complete control of the WordPress site. Please note: this vulnerability only affects users which have installed WP Super Cache. However, if you are unsure if you use the plugin or not you should still take precautions to protect your site.
A vulnerability found in the glibc library, specifically a flaw affecting the gethostbyname() and gethostbyname2() function calls, that allows a remote attacker to potentially execute arbitrary code. CentOS 5, CentOS 6, and CentOS 7 are potentially affected, thus we want to highlight the following information.
CVE-2014-9322 Vulnerability Info for Red Hat and CentOS
A vulnerability found in the Linux kernel, specifically a flaw in fault handling associated with the Stack Segment (SS), allows an unprivileged user to potentially gain privileges. CentOS 4, CentOS 5, CentOS 6, and CentOS 7 are potentially affected, thus we want to highlight the following information.
CVE-2014-6271 and CVE-2014-7169 Info – Bash Vulnerabilities
On September 24th, a vulnerability was reported in the GNU Bourne-Again-Shell (BASh, or Bash), specifically a flaw with how Bash processes values of environment variables, that allows remote code execution of varying types in many common configurations. The overall risk is severe due to bash being configured for use, by default, on most Linux servers.
OpenSSL is a common cryptographic library which provides encryption, specifically SSL/TLS, for popular applications such as Apache (web), MySQL (database), e-mail, virtual private networks (VPNs), and more.
Our Sales and Support teams are available 24 hours by phone or e-mail to assist.