Debian Linux Security Advisory 3490-1 - Jakub Palaczynski discovered that websvn, a web viewer for Subversion repositories, does not correctly sanitize user-supplied input, which allows a remote user to run reflected cross-site scripting attacks.
53a4c90ad8a733d951c85c8ee6e8ca7778459df6598921af5feb70eb94121a26Ubuntu Security Notice 2913-3 - USN-2913-1 removed 1024-bit RSA CA certificates from the ca-certificates package. This update adds support for alternate certificate chains to the OpenSSL package to properly handle the removal. The ca-certificates package contained outdated CA certificates. This update refreshes the included certificates to those contained in the 20160104 package, including the removal of the SPI CA and CA certificates with 1024-bit RSA keys. Various other issues were also addressed.
c198e28b8b59a884388a1eb27d838210f90932ae75ee1fec0af1b5491d053ce9Ubuntu Security Notice 2913-2 - USN-2913-1 removed 1024-bit RSA CA certificates from the ca-certificates package. This update adds support for alternate certificate chains to the glib-networking package to properly handle the removal. The ca-certificates package contained outdated CA certificates. This update refreshes the included certificates to those contained in the 20160104 package, including the removal of the SPI CA and CA certificates with 1024-bit RSA keys. Various other issues were also addressed.
ab7659c100784f51078d656f5d345f4d76baef12693db5a63459b0ecdd936ce0Ubuntu Security Notice 2913-1 - The ca-certificates package contained outdated CA certificates. This update refreshes the included certificates to those contained in the 20160104 package, including the removal of the SPI CA and CA certificates with 1024-bit RSA keys.
e999003563be7de56a36e34886410351bc8b531a564823c40bcc8d3ad252c3e4Ubuntu Security Notice 2913-4 - USN-2913-1 removed 1024-bit RSA CA certificates from the ca-certificates package. This update adds support for alternate certificate chains to the GnuTLS package to properly handle the removal. The ca-certificates package contained outdated CA certificates. This update refreshes the included certificates to those contained in the 20160104 package, including the removal of the SPI CA and CA certificates with 1024-bit RSA keys. Various other issues were also addressed.
c162bdcdced611e7f10d60d6e0fdfecbf8f5e319ae04425626daf30a3d3d9073Slackware Security Advisory - New ntp packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues.
37713e13555f43d3a710763934080ccf84cfd0f0cb9b3f3824fd084a85878b2cSlackware Security Advisory - New libgcrypt packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues.
73a3deca2a05e8acdc01fcb8f5f2055eb21d39018b48ffb888c23cb70541b822Ubuntu Security Notice 2905-1 - A security issue was discovered in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass same-origin restrictions or a sandbox protection mechanism.
1010082f4b4515fb23965355c4cddcf093a1901472ec01c0a096ad3afd55fc5fSlackware Security Advisory - New glibc packages are available for Slackware 14.1 and -current to fix security issues.
8d4c291abde8bba7e5f00f2280fc0bcd15d6a57a664e9d206fc17566399f7d6fSlackware Security Advisory - New bind packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues.
42e86b23c5c42c1c2293aece44ea736ce80e7fbbf55df298c230be1f1a6bc079Red Hat Security Advisory 2016-0296-01 - The rh-ror41 collection provides Ruby on Rails version 4.1. Ruby on Rails is a model-view-controller framework for web application development. The following issue was corrected in rubygem-actionpack and rubygem-actionview: A directory traversal flaw was found in the way the Action View component searched for templates for rendering. If an application passed untrusted input to the 'render' method, a remote, unauthenticated attacker could use this to render unexpected files and, possibly, execute arbitrary code.
33f627a2cd93446b36a77bf2e2d80c8c0986036c808f4d516649262a418ec657Debian Linux Security Advisory 3489-1 - lighttpd, a small webserver, is vulnerable to the POODLE attack via the use of SSLv3. This protocol is now disabled by default.
fc88a1fa23601fb407ecf1db601bf7b18c39dabde737a91f30afd206181614f7Debian Linux Security Advisory 3488-1 - Aris Adamantiadis discovered that libssh, a tiny C SSH library, incorrectly generated a short ephemeral secret for the diffie-hellman-group1 and diffie-hellman-group14 key exchange methods. The resulting secret is 128 bits long, instead of the recommended sizes of 1024 and 2048 bits respectively. This flaw could allow an eavesdropper with enough resources to decrypt or intercept SSH sessions.
1988252901382621351e20121b78565f55bdb2d2c34f27c3e8ac0bfba280bda2Adobe Experience Manager version 6.1.0 suffers from a cross site scripting vulnerability.
a54484ffafb491780a175c9a4691a07ca789395aac5a086de2cb09dd76ae94c9The servicemanager, keystore and drmserver all use getpidcon function to get the security context of the caller from a binder. When combined with a one way binder transaction this results in getting the security context of the current process which might allow a selinux mac bypass.
2490431986cf0e3ac461ee3404bc3e4c47f1124ec963ad8e900b6344954fe156Red Hat Security Advisory 2016-0286-01 - Chromium is an open-source web browser, powered by WebKit. Two flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information when visited by the victim. All Chromium users should upgrade to these updated packages, which contain Chromium version 48.0.2564.116, which corrects these issues. After installing the update, Chromium must be restarted for the changes to take effect.
4cf4e22431bdf03448a4e3f512c5d26c9e0068809e598361c11a60b7f1028dfeResourceLinkFactory.setGlobalContext() is a public method and was accessible by web applications running under a security manager without any checks. This allowed a malicious web application to inject a malicious global context that could in turn be used to disrupt other web applications and/or read and write data owned by other web applications. Apache Tomcat versions 7.0.0 through 7.0.67, 8.0.0.RC1 through 8.0.30, and 9.0.0.M1 through 9.0.0.M2 are affected.
ac830c66f4618379f15b9c52065d4800a58e4532b36aa5e987cfc5a7dea7eb16When accessing a directory protected by a security constraint with a URL that did not end in a slash, Tomcat would redirect to the URL with the trailing slash thereby confirming the presence of the directory before processing the security constraint. It was therefore possible for a user to determine if a directory existed or not, even if the user was not permitted to view the directory. The issue also occurred at the root of a web application in which case the presence of the web application was confirmed, even if a user did not have access. Apache Tomcat versions 6.0.0 through 6.0.44, 7.0.0 through 7.0.65, and 8.0.0.RC1 through 8.0.29.
f43d6dbb774b4dfc48b17b117d3cde0c12a7d82fc18efc497696311d683c01f8Debian Linux Security Advisory 3486-1 - Several vulnerabilities have been discovered in the chromium web browser.
6412bc588604122925aaa48d9159949366b995488084328d43e304f5bfee3719HP Security Bulletin HPSBHF03544 1 - Potential security vulnerabilities in cURL and libcurl have been addressed with HPE iMC PLAT and other HP and H3C products using Comware 7. The vulnerabilities could be exploited remotely resulting in unauthorized access. Revision 1 of this advisory.
85b2d81dc1b3f872228664d35268d8bbb970c56095b755f549519a9b80b7f991Debian Linux Security Advisory 3485-1 - Alexander Izmailov discovered that didiwiki, a wiki implementation, failed to correctly validate user-supplied input, thus allowing a malicious user to access any part of the filesystem.
de7c36e76f0e614ecfa9779f41047f243f70850b23536a99e00de9a848956e1eUbuntu Security Notice 2911-1 - It was discovered that the Linux kernel keyring subsystem contained a race between read and revoke operations. A local attacker could use this to cause a denial of service (system crash).
c1d1a96c7e89baed2b724784ee9c7e56babd900204217955717b0dd16b55c9f3Ubuntu Security Notice 2911-2 - It was discovered that the Linux kernel keyring subsystem contained a race between read and revoke operations. A local attacker could use this to cause a denial of service (system crash).
c9ed535541ec0c4f4515317d0d00db4bc2935771d6ef87c35aa8526850ee5943Ubuntu Security Notice 2909-1 - halfdog discovered that OverlayFS, when mounting on top of a FUSE mount, incorrectly propagated file attributes, including setuid. A local unprivileged attacker could use this to gain privileges. halfdog discovered that OverlayFS in the Linux kernel incorrectly propagated security sensitive extended attributes, such as POSIX ACLs. A local unprivileged attacker could use this to gain privileges. Various other issues were also addressed.
47eca111b5e14e6a83d4d3e3e108c3c0f4bb558525426c43eb0ea1c7acf76544Ubuntu Security Notice 2910-1 - halfdog discovered that OverlayFS, when mounting on top of a FUSE mount, incorrectly propagated file attributes, including setuid. A local unprivileged attacker could use this to gain privileges. halfdog discovered that OverlayFS in the Linux kernel incorrectly propagated security sensitive extended attributes, such as POSIX ACLs. A local unprivileged attacker could use this to gain privileges. Various other issues were also addressed.
d315767d6b74fc5875e1959ee3b8350c03d865880496c94d9e5829712fcd69a4
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed