HP Security Bulletin HPSBGN03536 1 - Security vulnerabilities in the OpenSSL library could potentially impact HPE IceWall products resulting in local or remote Denial of Service (DoS). Revision 1 of this advisory.
2b99681ebceb60a46689371fde54d86a3e769390a65f85b7ce1aa4c7cd8a15f5
Ubuntu Security Notice 2881-1 - Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.5.47 in Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. Ubuntu 15.04 and Ubuntu 15.10 have been updated to MySQL 5.6.28. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Various other issues were also addressed.
2bc88c19395de03b53cc27be86ee9d916d59636a332c27b8889e4275eb2bf8f0
Red Hat Security Advisory 2016-0068-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A use-after-free flaw was found in the way the Linux kernel's key management subsystem handled keyring object reference counting in certain error path of the join_session_keyring() function. A local, unprivileged user could use this flaw to escalate their privileges on the system.
a07b4108920a1a2338a16ff91d6e7e04a130bd0cf8a5cba9c45831962774c097
Red Hat Security Advisory 2016-0067-01 - The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. An out-of-bounds write flaw was found in the JPEG image format decoder in the AWT component in OpenJDK. A specially crafted JPEG image could cause a Java application to crash or, possibly execute arbitrary code. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions. An integer signedness issue was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause the Java Virtual Machine to execute arbitrary code, allowing an untrusted Java application or applet to bypass Java sandbox restrictions.
5a73dabf964f8b9c55826c2d74679c05094670f939d52ee34c592a2bc2ce38b9
Debian Linux Security Advisory 3453-1 - Several issues have been discovered in the MariaDB database server. The vulnerabilities are addressed by upgrading MariaDB to the new upstream version 10.0.23. Please see the MariaDB 10.0 Release Notes for further details.
2d156a19b4ccb3e66b5900f59b4af5acd70b43682b720523406cdeeccb8d242b
Apple Security Advisory 2016-01-25-1 - tvOS 9.1.1 is now available and addresses code execution vulnerabilities.
acd3e8a52eac75ad1c9e6428d66ac6c867dd3033b9ea268617af912620d66be5
Magento versions 1.9.x suffer from a man-in-the-middle vulnerability.
1a8ec89508ab76d3e1690d5c566a439a7120f88d7945d716564e509ba86b8747
Red Hat Security Advisory 2016-0066-01 - Red Hat JBoss Data Virtualization is a lean data integration solution that provides easy, real-time, and unified data access across disparate sources to multiple applications and users. JBoss Data Virtualization makes data spread across physically distinct systems such as multiple databases, XML files, and even Hadoop systems appear as a set of tables in a local database. This update serves as a cumulative upgrade for Red Hat JBoss Data Virtualization 6.2.0. It includes various bug fixes, which are listed in the README file included with the patch files.
5ae966565fa436e27ce6e9b583f52610d519b771d6a1c3bf01a621c2735bff28
Red Hat Security Advisory 2016-0065-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A use-after-free flaw was found in the way the Linux kernel's key management subsystem handled keyring object reference counting in certain error path of the join_session_keyring() function. A local, unprivileged user could use this flaw to escalate their privileges on the system.
e06a6f3cf7b7997f1003f2eab8522a00f4a3ea8980f9362438c772dbe0e2962b
Red Hat Security Advisory 2016-0064-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A use-after-free flaw was found in the way the Linux kernel's key management subsystem handled keyring object reference counting in certain error path of the join_session_keyring() function. A local, unprivileged user could use this flaw to escalate their privileges on the system.
55a4411f3400ee4bc51ac2c4135b411e4643233cf8671e676fb7682df32dd5fe
Debian Linux Security Advisory 3452-1 - "DrWhax" of the Tails project reported that Claws Mail is missing range checks in some text conversion functions. A remote attacker could exploit this to run arbitrary code under the account of a user that receives a message from them using Claws Mail.
4b2f8b41d47f1c4b90b9d0c58f508fe27783c81d2327177ec110aede13caa40c
Red Hat Security Advisory 2016-0063-01 - The Network Time Protocol is used to synchronize a computer's time with a referenced time source. It was discovered that ntpd as a client did not correctly check the originate timestamp in received packets. A remote attacker could use this flaw to send a crafted packet to an ntpd client that would effectively disable synchronization with the server, or push arbitrary offset/delay measurements to modify the time on the client. All ntp users are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue. After installing the update, the ntpd daemon will restart automatically.
f558df16fe9bae669369c39cdc3e8faffdb3fcb847f77abf444ba32192061693
PHP-FPM suffered from memory leak and buffer overflow vulnerabilities in the access logging feature. The fixed versions of PHP are 5.5.31, 5.6.17, and 7.0.2.
51daba0a03b7d26034ec17e1ea4ebf73742706c017813cd75bc99f3e30eb351b
In suEXEC_Daemon mode of the LiteSpeed web server spawns one PHP master process during startup. It is running as root and accepts LSAPI requests, which in turn specify what user under the script should run. The LSAPI request is authenticated with a MAC, which is based on pre-shared random key between the the PHP and the web server. The researchers found that the Litespeed PHP SAPI module did not clear this secret in its child processes so it was available in the PHP process memory space of the child processes. The fixed versions of PHP are 5.5.31, 5.6.17, and 7.0.2.
dcdfba0d864d56f1eab83f8a2d054770a95e1e8eb5d10e504881b19b952d0a78
HP LaserJet Fax Preview suffers from a DLL side loading vulnerability.
721ffa41099ce7463dac9923b9ade96397824e09316ea38a3387862a8741397d
HP ToComMsg suffers from a DLL side loading vulnerability.
5382193b94279fc564bde95457f5fc4b48d6610a617583cd1262ce644ed102a4
LEADTOOLS Active-X control suffers from multiple DLL side loading vulnerabilities.
5765a786f5fa25578ee0bc6a814af69b28abb785455fb61a51f48c7d3739e0e5
Debian Linux Security Advisory 3451-1 - Jann Horn discovered a vulnerability in the fuse (Filesystem in Userspace) package in Debian. The fuse package ships an udev rules adjusting permissions on the related /dev/cuse character device, making it world writable.
b5298124dcfd3904149157739b5e18b48f4a79c7e06d6eba050b3daaf9d6c277
Bamboo suffers from deserialization and missing authentication check vulnerabilities. This advisory discloses multiple critical severity security vulnerabilities of which the earliest vulnerability was introduced in version 2.3.1 of Bamboo. Versions of Bamboo starting with 2.3.1 before 5.9.9 (the fixed version for 5.9.x) are vulnerable.
27f3a84e5ff5328e43491d29c853f00c327b6ccf574c0b242b8a87e43667a2da
Ubuntu Security Notice 2879-1 - It was discovered that rsync incorrectly handled invalid filenames. A malicious server could use this issue to write files outside of the intended destination directory.
58f94c305f507b90b4409a90ad30385ea19698a55a6c912f46ee10c91c859e92
Ubuntu Security Notice 2878-1 - David Golden discovered that the canonpath function in the Perl File::Spec module did not properly preserve the taint attribute. An attacker could possibly use this issue to bypass the taint protection mechanism.
3db55d3bf074181b89629f8f752f3b60d2dc5f2b3f784857fbf7ab1ae0c7d086
Red Hat Security Advisory 2016-0062-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector, JBoss HTTP Connector, Hibernate, and the Tomcat Native library. Multiple flaws were found in the way httpd parsed HTTP requests and responses using chunked transfer encoding. A remote attacker could use these flaws to create a specially crafted request, which httpd would decode differently from an HTTP proxy software in front of it, possibly leading to HTTP request smuggling attacks.
1636a44af0501528e041cd74d9e0faab81917561cfbed4a1bef6268292d7e47c
Red Hat Security Advisory 2016-0061-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector, JBoss HTTP Connector, Hibernate, and the Tomcat Native library. Multiple flaws were found in the way httpd parsed HTTP requests and responses using chunked transfer encoding. A remote attacker could use these flaws to create a specially crafted request, which httpd would decode differently from an HTTP proxy software in front of it, possibly leading to HTTP request smuggling attacks.
24a856d50a46db75a2b42715c16401c84cab00721d784dc0aaf04982e3864f7b
Red Hat Security Advisory 2016-0054-01 - The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. An out-of-bounds write flaw was found in the JPEG image format decoder in the AWT component in OpenJDK. A specially crafted JPEG image could cause a Java application to crash or, possibly execute arbitrary code. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions. An integer signedness issue was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause the Java Virtual Machine to execute arbitrary code, allowing an untrusted Java application or applet to bypass Java sandbox restrictions.
9c563bb8b9e2eea5b08d1c62306cd76b8edf7b6fa4d698fa3811c45bf60324fc
Red Hat Security Advisory 2016-0056-01 - Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit.
63ba3e35e78846c54fbf5b6d993d7ce4b576d0f774abf220f2138ecdd96aca87