Ubuntu Security Notice 2902-1 - Yves Younan discovered that graphite2 incorrectly handled certain malformed fonts. If a user or automated system were tricked into opening a specially- crafted font file, a remote attacker could use this issue to cause graphite2 to crash, resulting in a denial of service, or possibly execute arbitrary code.
4ecb16d84a83cc63b11ddbf287df3bdab9b45a54ffb4113420c9511004c21441Gentoo Linux Security Advisory 201602-2 - Multiple vulnerabilities have been found in the GNU C library, the worst allowing for remote execution of arbitrary code. Versions less than 2.21-r2 are affected.
7fb31d7914b4d8d365ed0e55052ae4ab9788d37ba1146e4a9261c90a46a215e4Ubuntu Security Notice 2903-1 - Hanno Boeck discovered that NSS incorrectly handled certain division functions, possibly leading to cryptographic weaknesses. This update also refreshes the NSS package to version 3.21 which includes the latest CA certificate bundle, and removes the SPI CA.
f6a190f2df63a4842e2f9cbe069394f800fdf9cecad2c50da789ce6f9e53ff99Red Hat Security Advisory 2016-0241-01 - Chromium is an open-source web browser, powered by WebKit. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information when visited by the victim. All Chromium users should upgrade to these updated packages, which contain Chromium version 48.0.2564.109, which corrects these issues. After installing the update, Chromium must be restarted for the changes to take effect.
e4b076f47623f3e1c351897422dd84ff8c54ecb8e8176489592e03e9a39a1761Ubuntu Security Notice 2900-1 - It was discovered that the GNU C Library incorrectly handled receiving responses while performing DNS resolution. A remote attacker could use this issue to cause the GNU C Library to crash, resulting in a denial of service, or possibly execute arbitrary code.
7800d1aab731dec1f2a66ce239ebdf2a26e863aea8e01e1b0c7b35c610ced26cDebian Linux Security Advisory 3481-1 - Several vulnerabilities have been fixed in the GNU C Library, glibc.
09303e0b9794ff8d9ff9ecaa8493c33cded5b569964be1e2f01553cc70ce74c4This bulletin summary lists two bulletins that have undergone a major revision increment for February, 2016.
89eb2daa8e73bb575d22a9e776da4ada0d66651dd364474ae688e1d3e67b3359Debian Linux Security Advisory 3480-1 - Several vulnerabilities have been fixed in the GNU C Library, eglibc.
f21bc37873b6d3f878293b24b50bceadf6e2f468ced587d39dcdaea3989a7fc3Ubuntu Security Notice 2899-1 - It was discovered that LibreOffice incorrectly handled LWP document files. If a user were tricked into opening a specially crafted LWP document, a remote attacker could cause LibreOffice to crash, and possibly execute arbitrary code.
f95a1af1cf1d97dc44ae03be978260260030bfa3db681c00ec0be3f68b0cef30Red Hat Security Advisory 2016-0225-01 - The glibc packages provide the standard C libraries, POSIX thread libraries, standard math libraries, and the Name Server Caching Daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. A stack-based buffer overflow was found in the way the libresolv library performed dual A/AAAA DNS queries. A remote attacker could create a specially crafted DNS response which could cause libresolv to crash or, potentially, execute code with the permissions of the user running the library. Note: this issue is only exposed when libresolv is called from the nss_dns NSS service module.
36bb67815bd7e37f3beda38548970f1dc500e60b18ee2344ee80be50c5f3fdc6Red Hat Security Advisory 2016-0176-01 - The glibc packages provide the standard C libraries, POSIX thread libraries, standard math libraries, and the name service cache daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. A stack-based buffer overflow was found in the way the libresolv library performed dual A/AAAA DNS queries. A remote attacker could create a specially crafted DNS response which could cause libresolv to crash or, potentially, execute code with the permissions of the user running the library. Note: this issue is only exposed when libresolv is called from the nss_dns NSS service module.
cb26d916df37d2282250c405f15e20226153e6df9e8e3e0b9d8911eda607768aRed Hat Security Advisory 2016-0175-01 - The glibc packages provide the standard C libraries, POSIX thread libraries, standard math libraries, and the Name Server Caching Daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. A stack-based buffer overflow was found in the way the libresolv library performed dual A/AAAA DNS queries. A remote attacker could create a specially crafted DNS response which could cause libresolv to crash or, potentially, execute code with the permissions of the user running the library. Note: this issue is only exposed when libresolv is called from the nss_dns NSS service module.
250da49162f89ae85605b47646659f001c5b45318d448d14ed1f4d5a1b608c74FireEye FX, AX, NX, and EX products suffer from an analysis bypass vulnerability.
449aafd21ac2669413a7bfe12b72b0a0409a12dace2cd2b57d2a5622aa29d505SAP PCo versions 2.2, 2.3, 15.0, and 15.1 suffer from a denial of service vulnerability.
39b8bca8d12d613256ed16b6471e91e8cda9378908f629e973648bcbe9a349beRed Hat Security Advisory 2016-0224-01 - The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. It was found that the Linux kernel's keys subsystem did not correctly garbage collect uninstantiated keyrings. A local attacker could use this flaw to crash the system or, potentially, escalate their privileges on the system. A flaw was found in the way the Linux kernel handled IRET faults during the processing of NMIs. An unprivileged, local user could use this flaw to crash the system or, potentially, escalate their privileges on the system.
00ab730508d67ce6b518ba890134a1d1d8898a4574f922bc1006d89b31f85489Ubuntu Security Notice 2855-2 - USN-2855-1 fixed vulnerabilities in Samba. The upstream fix for CVE-2015-5252 introduced a regression in certain specific environments. This update fixes the problem.
7086d756a9e42b4c4cfa8d6023f2eaf650513adb4854120cd3732d1c818288b0Red Hat Security Advisory 2016-0212-01 - The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. It was found that the Linux kernel's keys subsystem did not correctly garbage collect uninstantiated keyrings. A local attacker could use this flaw to crash the system or, potentially, escalate their privileges on the system. A flaw was found in the way the Linux kernel handled IRET faults during the processing of NMIs. An unprivileged, local user could use this flaw to crash the system or, potentially, escalate their privileges on the system.
b771c9eefb04a0bae6b27307e6c6f3a2e4d927b2ee673b81a19677837f66263cRed Hat Security Advisory 2016-0189-01 - PolicyKit is a toolkit for defining and handling authorizations. A denial of service flaw was found in how polkit handled authorization requests. A local, unprivileged user could send malicious requests to polkit, which could then cause the polkit daemon to corrupt its memory and crash. All polkit users should upgrade to these updated packages, which contain a backported patch to correct this issue. The system must be rebooted for this update to take effect.
efad810d366fa419c7f930f6ba0aa4269866952ebe52b208004b87c85c809f77Red Hat Security Advisory 2016-0188-01 - The sos package contains a set of utilities that gather information from system hardware, logs, and configuration files. The information can then be used for diagnostic purposes and debugging. An insecure temporary file use flaw was found in the way sos created certain sosreport files. A local attacker could possibly use this flaw to perform a symbolic link attack to reveal the contents of sosreport files, or in some cases modify arbitrary files and escalate their privileges on the system. This issue was discovered by Mateusz Guzik of Red Hat.
bc5198ce417bbf8b6ff4c2ab4d6b3b7fc3a15fa5477c2a6e22c83c8f617850c1Red Hat Security Advisory 2016-0185-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. It was found that the Linux kernel's keys subsystem did not correctly garbage collect uninstantiated keyrings. A local attacker could use this flaw to crash the system or, potentially, escalate their privileges on the system. A flaw was found in the way the Linux kernel handled IRET faults during the processing of NMIs. An unprivileged, local user could use this flaw to crash the system or, potentially, escalate their privileges on the system.
1a2e527298ad69b36cf3c97378fa9634fd9b0bc9ef66a9c4a6fdf6769fb4a7cfRed Hat Security Advisory 2016-0204-01 - The 389 Directory Server is an LDAP version 3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. An infinite-loop vulnerability was discovered in the 389 directory server, where the server failed to correctly handle unexpectedly closed client connections. A remote attacker able to connect to the server could use this flaw to make the directory server consume an excessive amount of CPU and stop accepting connections.
2a86633d21c9f33c3279907025113c7c3e7450a3cf982222fb1a853bf8300c23Debian Linux Security Advisory 3478-1 - Daniel Genkin, Lev Pachmanov, Itamar Pipman and Eran Tromer discovered that the ECDH secret decryption keys in applications using the libgcrypt11 library could be leaked via a side-channel attack.
261750c746fe589baf3fabde57e9825cb9d6cc220c4d09d214ff68a6bd5eda72Debian Linux Security Advisory 3479-1 - Multiple vulnerabilities have been found in the Graphite font rendering engine which might result in denial of service or the execution of arbitrary code if a malformed font file is processed.
d0e73d830bd0e10c507af71634a239a6ec899c968bbef3b77e0a766de4cc3467Red Hat Security Advisory 2016-0197-01 - Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Multiple security flaws were found in the graphite2 font library shipped with Firefox. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. All Firefox users should upgrade to these updated packages, which contain Firefox version 38.6.1 ESR, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect.
936e217edeec064168d70fd655575a6acf9b4b927ff160b116e6463eddbf5ad3SAP MII versions 12.2, 14.0, and 15.0 allow Base64 and DES as an encryption algorithm.
8d8406e9a99282c000153684f4edfedc8fa3af9e5227108e35ed09b9acca615e
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed