Exim versions 4.84-3 and below suffer from a local privilege escalation vulnerability.
338e278d54bff0fcb3160902a0f4e6e04e509da47b831229d06ee56563a1ce5cThis bulletin summary lists thirteen released Microsoft security bulletins for March, 2016.
2b1aef83033281d72cc9463addeb39543650001eb067e9c7a75a4ad7e74b9fb0Red Hat Security Advisory 2016-0365-01 - OpenStack Compute launches and schedules large networks of virtual machines, creating a redundant and scalable cloud computing platform. Compute provides the software, control panels, and APIs required to orchestrate a cloud, including running virtual machine instances and controlling access through users and projects. An information-exposure flaw was found in the OpenStack Compute resize and migrate functionality. An authenticated user could write a malicious qcow header to an ephemeral or root disk, referencing a block device as a backing file. With a subsequent resize or migration, file system content on the specified device would be leaked to the user. Only setups using libvirt with raw storage and "use_cow_images = False" were affected.
2a608fa8fbe520f4d54fa3c7dbf910eb476d99ebb854e7f864548d4ad439ebd5Red Hat Security Advisory 2016-0364-01 - OpenStack Compute launches and schedules large networks of virtual machines, creating a redundant and scalable cloud computing platform. Compute provides the software, control panels, and APIs required to orchestrate a cloud, including running virtual machine instances and controlling access through users and projects. An information-exposure flaw was found in the OpenStack Compute resize and migrate functionality. An authenticated user could write a malicious qcow header to an ephemeral or root disk, referencing a block device as a backing file. With a subsequent resize or migration, file system content on the specified device would be leaked to the user. Only setups using libvirt with raw storage and "use_cow_images = False" were affected.
42f43c962db704a6e4d1ef4275f1c6ab1979f03bd2aba312893b8d69ff7c0c9bRed Hat Security Advisory 2016-0363-01 - OpenStack Compute launches and schedules large networks of virtual machines, creating a redundant and scalable cloud computing platform. Compute provides the software, control panels, and APIs required to orchestrate a cloud, including running virtual machine instances and controlling access through users and projects. An information-exposure flaw was found in the OpenStack Compute resize and migrate functionality. An authenticated user could write a malicious qcow header to an ephemeral or root disk, referencing a block device as a backing file. With a subsequent resize or migration, file system content on the specified device would be leaked to the user. Only setups using libvirt with raw storage and "use_cow_images = False" were affected.
807f9dc627917a3ab6155b29750bc8cca6f2081cb7fb9a13c0c8632a4b6fe6c6HP Security Bulletin HPSBHF03557 1 - A potential security vulnerability has been identified with HPE Networking products using Comware 7 (CW7) running NTP. The vulnerability could be remotely exploited resulting in Denial of Service (DoS). Revision 1 of this advisory.
6e2309bc06ad5e4c3030cade0da03d041a9be29ed81c5ddd587e172312d053e2Slackware Security Advisory - New samba packages are available for Slackware 14.1 and -current to fix security issues.
274d84c171279ccff7e3225ed2dbe4dbf2aa420514a84b8855d2dd0bc9b90adfSlackware Security Advisory - New mozilla-firefox packages are available for Slackware 14.1 and -current to fix security issues.
06b863c6e5e927853a166e8dc8437d41ed9961f61d4401db3925a6951a5c7bf8Ubuntu Security Notice 2923-1 - Alvaro Munoz and Christian Schneider discovered that BeanShell incorrectly handled deserialization. A remote attacker could possibly use this issue to execute arbitrary code.
3fd51cf31d3027308b2b62ccbdb0574abcbabf1d05ac42351d8f18a0cc8ad81fUbuntu Security Notice 2922-1 - Jeremy Allison discovered that Samba incorrectly handled ACLs on symlink paths. A remote attacker could use this issue to overwrite the ownership of ACLs using symlinks. Garming Sam and Douglas Bagnall discovered that the Samba internal DNS server incorrectly handled certain DNS TXT records. A remote attacker could use this issue to cause Samba to crash, resulting in a denial of service, or possibly obtain uninitialized memory contents. This issue only applied to Ubuntu 14.04 LTS and Ubuntu 15.10. Various other issues were also addressed.
d89321fe54aaae2fee8ac4126b5ed1dd4b4a026fe607daad51d94d265b82ac95Ubuntu Security Notice 2904-1 - Karthikeyan Bhargavan and Gaetan Leurent discovered that NSS incorrectly allowed MD5 to be used for TLS 1.2 connections. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to view sensitive information. Yves Younan discovered that graphite2 incorrectly handled certain malformed fonts. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. Various other issues were also addressed.
00e2112e476b8ee0ea01963d5d54a9bcdbba8012f5b17c74973a114b0b5d54cbRed Hat Security Advisory 2016-0360-01 - Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY principle. An information-exposure flaw was found in the Django date filter. If an application allowed users to provide non-validated date formats, a malicious end user could expose application-settings data by providing the relevant applications-settings key instead of a valid date format.
534dc85f19e1756823f50a36a48b1664523beae4b518b000419000601d8f26e6Red Hat Security Advisory 2016-0366-01 - OpenStack Compute launches and schedules large networks of virtual machines, creating a redundant and scalable cloud computing platform. Compute provides the software, control panels, and APIs required to orchestrate a cloud, including running virtual machine instances and controlling access through users and projects. An information-exposure flaw was found in the OpenStack Compute resize and migrate functionality. An authenticated user could write a malicious qcow header to an ephemeral or root disk, referencing a block device as a backing file. With a subsequent resize or migration, file system content on the specified device would be leaked to the user. Only setups using libvirt with raw storage and "use_cow_images = False" were affected.
214355ec6dde9651562bfb9588c0d193bdcafd9debc91171f1d1f43fee5d6fe1Slackware Security Advisory - New php packages are available for Slackware 14.0, 14.1, and -current to fix security issues.
e1c5763f859f2f3b80aa99bc29bc04e8ed56978fc7407ea89a55b9748ff45496A DLL side loading vulnerability was found in the Windows Mail Find People DLL.
ea917827aad00097e1d2145c6360443bad6934c6dc351135b29531a3c97f5dde
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed