Slackware Security Advisory - New libpng packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix a security issue.
463a099c97a10c82afc5272db79e75f365c7be110e4bba31d43d7cfcc2e05c11
Debian Linux Security Advisory 3426-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service, information leak or data loss.
eefa8528c8f76d273a5ac0c5e68a8ee3b0c177db643785311de84b9e1b210774
Ubuntu Security Notice 2845-1 - Dolev Farhi discovered an information disclosure issue in SoS. If the /etc/fstab file contained passwords, the passwords were included in the SoS report. This issue only affected Ubuntu 14.04 LTS. Mateusz Guzik discovered that SoS incorrectly handled temporary files. A local attacker could possibly use this issue to overwrite arbitrary files or gain access to temporary file contents containing sensitive system information. Various other issues were also addressed.
35969627a5eb4d0bc47c9ea660f4346a68543a1d58dbd5d4042313fd0105be85
Samsung's SoftAP WPA2-PSK password generation is weak and can be cracked in a few hours.
d07302b705ff9d90ee5c3f1bd5da6e5f61c13558040cb8ca8a031f9fbc137494
EMC Isilon OneFS contains a privilege escalation vulnerability when SmartLock compliance mode is in use. In SmartLock compliance mode, the system is designed to prevent root-level user logins to the system. However, this security vulnerability allows OneFS users with administrative privileges to create root-level users and log in to the system.
f4f6d1a7ab19143caa64aabd4726e3e092c57198ac322964a7c8b8aafcb47f52
Apache Camel's Jetty/Servlet usage is vulnerable to a Java object de-serialization vulnerability.
2dc9dd223b8636940a69a92a2c8ec700896baacff115824e13e45e41f355a595
Gentoo Linux Security Advisory 201512-2 - A vulnerability in IPython could result in execution of arbitrary JavaScript. Versions less than 3.2.1-r1 are affected.
602eab51ddd4b20b9c24db1a3a698f76e84e569b728c2455b0f878be507ba348
Red Hat Security Advisory 2015-2665-01 - Chromium is an open-source web browser, powered by WebKit. Two flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information when visited by the victim. All Chromium users should upgrade to these updated packages, which contain Chromium version 47.0.2526.106, which corrects these issues. After installing the update, Chromium must be restarted for the changes to take effect.
038818a7be890b246a3237c4c06352a87f9d25899dca0c4f09b790698f9f76c6
Gentoo Linux Security Advisory 201512-1 - A vulnerability in Dnsmasq can lead to a Denial of Service condition. Versions less than 2.72-r2 are affected.
30a91cd4814a5a2c048a34695fee5c59ce22a6bd5ce21ccec15e04dba9849a93
Ubuntu Security Notice 2840-2 - Dmitry Vyukov discovered that the Linux kernel's keyring handler attempted to garbage collect incompletely instantiated keys. A local unprivileged attacker could use this to cause a denial of service (system crash).
24c157bc5fb11507b05110e988d7bc8ac2a3a57436e0dee3534be4d8df1784a6
Ubuntu Security Notice 2843-3 - =E9=83=AD=E6=B0=B8=E5=88=9A discovered that the ppp implementation in the Linux kernel did not ensure that certain slot numbers are valid. A local attacker with the privilege to call ioctl() on /dev/ppp could cause a denial of service (system crash). Dmitry Vyukov discovered that the Linux kernel's keyring handler attempted to garbage collect incompletely instantiated keys. A local unprivileged attacker could use this to cause a denial of service (system crash). Various other issues were also addressed.
49334a6b730ea953bb24db7899076e4caa9a090dbe9937e4c72b50efb8cce3a4
Ubuntu Security Notice 2843-2 - Jan Beulich discovered that the KVM svm hypervisor implementation in the Linux kernel did not properly catch Debug exceptions on AMD processors. An attacker in a guest virtual machine could use this to cause a denial of service (system crash) in the host OS. It was discovered that the ppp implementation in the Linux kernel did not ensure that certain slot numbers are valid. A local attacker with the privilege to call ioctl() on /dev/ppp could cause a denial of service (system crash). Various other issues were also addressed.
c5e55d2c73f862fc096ea1440ff05f9e135387c9eb19edd0e68e6a85dc021481
Red Hat Security Advisory 2015-2666-01 - OpenShift Enterprise by Red Hat is the company's cloud computing Platform-as-a-Service solution designed for on-premise or private cloud deployments. The following security issue is addressed with this release: An implementation error related to the memory management of request and responses was found within HAProxy's buffer_slow_realign() function. An unauthenticated remote attacker could use this flaw to leak certain memory buffer contents from a past request or session.
c4327e8c7d421a0cbc4ff37663cdff357f709ac3ab9cbc77ba10759b1555132d
On the 8th December 2015, Microsoft released Security Bulletin MS15-130 to fix a vulnerability in Unicode Scripts Processor component found by Secunia Research. The vector for a successful exploitation is a specially crafted "True Type Font" (TTF) file, which typically can be embedded in e.g. Microsoft Office documents or even in emails and web-based content depending on the font type. Successful exploitation could result in arbitrary code execution.
ae0792efc0a69b310511509667b6228f00070e222be6e495c2a81037abe590ff
Multiple DLL side loading vulnerabilities were found in the OLE DB Provider for Oracle. These issues can be exploited by loading various OLE components as an embedded OLE object. When instantiating the object Windows will try to load the DLLs oci.dll, and ociw32.dll from the current working directory. If an attacker convinces the user to open a specially crafted (Office) document from a directory also containing the attacker's DLL file, it is possible to execute arbitrary code with the privileges of the target user. This can potentially result in the attacker taking complete control of the affected system.
780d7323edb86b5d1ef9bec50bd1ae3f33562db71bf215b552d8c2ebc37b7cc4
A DLL side loading vulnerability was found in the Flash version that ships with Windows. This issue can be exploited by loading the Shockwave Flash object as an embedded OLE object. When instantiating the object Windows will try to load the DLL spframe.dll from the current working directory. If an attacker convinces the user to open a specially crafted (Office) document from a directory also containing the attacker's DLL file, it is possible to execute arbitrary code with the privileges of the target user. This can potentially result in the attacker taking complete control of the affected system.
05acd97f15be7119fb1100ff641cd7b269e04fe167eaf70a9f77c55c83191102
A DLL side loading vulnerability was found in the Shutdown UX DLL. This issue can be exploited by loading the Authentication UI Shutdown Choices object as an embedded OLE object. When instantiating the object Windows will try to load the DLL wuaext.dll from the current working directory. If an attacker convinces the user to open a specially crafted (Office) document from a directory also containing the attacker's DLL file, it is possible to execute arbitrary code with the privileges of the target user. This can potentially result in the attacker taking complete control of the affected system.
b96ff440d177a2b1c8d194a3eeb5ba6a3405ca91223f3d328cdc4c4755b3ac20
PyAMF suffers from insufficient AMF input payload sanitization which results in the XML parser not preventing the processing of XML external entities (XXE). A specially crafted AMF payload, containing malicious references to XML external entities, can be used to trigger denial of service (DoS) conditions or arbitrarily return the contents of files that are accessible with the running application privileges. Versions 0.7.2 and below are affected.
939e9f52f635c72d8bc7877b8213d3c23d28d84296a37c4314ff4368f14040f1
Libnsbmp version 0.1.2 suffers from heap overflow and out-of-bounds read vulnerabilities.
c0939b0e25b9fa643a0b63b47d68e7bdfab3e7978f4d2f6956a53d8dd28806ec
Libnsgif version 0.1.2 suffers from stack overflow and out-of-bounds read vulnerabilities.
d53a9d5fac2511420bc71e8fceb0367db6d018335d2f3c8a2c530b88f9f9e266
Debian Linux Security Advisory 3425-1 - Cedric Krier discovered a vulnerability in the server-side of Tryton, an application framework written in Python. An authenticated malicious user can write arbitrary values in record fields due missed checks of access permissions when multiple records are written.
514f808f0d9e7117f9207a8b5ef1610e417dcbc3ef385ae1b78d2ea6da00647f
Ubuntu Security Notice 2844-1 - Jan Beulich discovered that the KVM svm hypervisor implementation in the Linux kernel did not properly catch Debug exceptions on AMD processors. An attacker in a guest virtual machine could use this to cause a denial of service (system crash) in the host OS. It was discovered that the ppp implementation in the Linux kernel did not ensure that certain slot numbers are valid. A local attacker with the privilege to call ioctl() on /dev/ppp could cause a denial of service (system crash). Various other issues were also addressed.
b4cd0bc253990e55a6ecc2c204566cda6ed9cd5f6cf7e24e01d7c2684add877f
Ubuntu Security Notice 2843-1 - Jan Beulich discovered that the KVM svm hypervisor implementation in the Linux kernel did not properly catch Debug exceptions on AMD processors. An attacker in a guest virtual machine could use this to cause a denial of service (system crash) in the host OS. It was discovered that the ppp implementation in the Linux kernel did not ensure that certain slot numbers are valid. A local attacker with the privilege to call ioctl() on /dev/ppp could cause a denial of service (system crash). Various other issues were also addressed.
f479df664dd8312e1d62280d98193f75f0d711e3ff7b1a9290dd88a9b27a19bc
Ubuntu Security Notice 2842-2 - Jan Beulich discovered that the KVM svm hypervisor implementation in the Linux kernel did not properly catch Debug exceptions on AMD processors. An attacker in a guest virtual machine could use this to cause a denial of service (system crash) in the host OS. It was discovered that the ppp implementation in the Linux kernel did not ensure that certain slot numbers are valid. A local attacker with the privilege to call ioctl() on /dev/ppp could cause a denial of service (system crash). Various other issues were also addressed.
a5afc6600211fee4092359c7676a6587ef99dbb6b0927cfbf42276bdf656c3e8
Ubuntu Security Notice 2842-1 - Jan Beulich discovered that the KVM svm hypervisor implementation in the Linux kernel did not properly catch Debug exceptions on AMD processors. An attacker in a guest virtual machine could use this to cause a denial of service (system crash) in the host OS. It was discovered that the ppp implementation in the Linux kernel did not ensure that certain slot numbers are valid. A local attacker with the privilege to call ioctl() on /dev/ppp could cause a denial of service (system crash). Various other issues were also addressed.
f15c2f33f4786bc4f7ee04869838e57eaef6dac30e29cec3994dd7170aca39f8