Ubuntu Security Notice 2896-1 - Daniel Genkin, Lev Pachmanov, Itamar Pipman and Eran Tromer discovered that Libgcrypt was susceptible to an attack via physical side channels. A local attacker could use this attack to possibly recover private keys.
675eb78b537992ffb286496ea0c991eedfce2ffb721ea85ad463ea0773973994
Ubuntu Security Notice 2898-2 - It was discovered that Eye of GNOME incorrectly handled certain large images. If a user were tricked into opening a specially-crafted image, a remote attacker could use this issue to cause Eye of GNOME to crash, resulting in a denial of service, or possibly execute arbitrary code.
d08205dc2ebc5b5d0acc98b9b396c64c4040b295948c048a0bcc6bfbda2d6eec
Ubuntu Security Notice 2897-1 - Hanno Boeck discovered that Nettle incorrectly handled carry propagation in the NIST P-256 elliptic curve. Hanno Boeck discovered that Nettle incorrectly handled carry propagation in the NIST P-384 elliptic curve. Niels Moeller discovered that Nettle incorrectly handled carry propagation in the NIST P-256 elliptic curve. Various other issues were also addressed.
df7a203efaf3488a14da93462980f6902abd64fb32d7d4bc26d5c1a3d30ca9c4
Ubuntu Security Notice 2898-1 - It was discovered that GTK+ incorrectly handled certain large images. A remote attacker could use this issue to cause GTK+ applications to crash, resulting in a denial of service, or possibly execute arbitrary code.
550c27a6896eb88baddf3477beb41c1a22bc5263d376fb87b73311b3751cd3b7
Red Hat Security Advisory 2016-0174-01 - Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity to provide public Internet access to their servers or other client systems. It performs provisioning and configuration management of predefined standard operating environments. A stored cross-site scripting flaw was found in the smart class parameters/variables field. By sending a specially crafted request to Satellite, a remote, authenticated attacker could embed HTML content into the stored data, allowing them to inject malicious content into the web page that is used to view that data.
bdaf1fecf6f3ad8cb6269b3d5e444878cea3b64aebc3ccb2a48bd29873d42192
Debian Linux Security Advisory 3476-1 - Several vulnerabilities have been found in PostgreSQL-9.4, a SQL database system.
e73ad2b93e7cda4e6c8fb29e8d30d337da00ecc73515256d73412e6cb68c8603
Debian Linux Security Advisory 3475-1 - Several vulnerabilities have been found in PostgreSQL-9.1, a SQL database system.
97224b1e0460c8281f126771bca871f95993eaf9c127de0f00c7d502dbf4b8e1
Debian Linux Security Advisory 3474-1 - Daniel Genkin, Lev Pachmanov, Itamar Pipman and Eran Tromer discovered that the ECDH secret decryption keys in applications using the libgcrypt20 library could be leaked via a side-channel attack.
4b3c6cec624729feb1385097c768b19210a88ed628f32462d7b492304d08587f
Debian Linux Security Advisory 3477-1 - Holger Fuhrmannek discovered that missing input sanitising in the Graphite font rendering engine could result in the execution of arbitrary code.
f8fcce3447a12964a1c43791e3575e4eace08da6d78d9e251dbdcc8024254b2b
Slackware Security Advisory - New mozilla-firefox packages are available for Slackware 14.1 and -current to fix security issues.
f9a76aa6ef57f1e076d850e62ac67a8367c6409921849513eadf562a3be55d45
Debian Linux Security Advisory 3473-1 - Several vulnerabilities were discovered in the resolver in nginx, a small, powerful, scalable web/proxy server, leading to denial of service or, potentially, to arbitrary code execution. These only affect nginx if the "resolver" directive is used in a configuration file.
5a0131255d426604bc49d6eab1f053482dc3f459ff36bca3874ae38d871d1625
Serena Business Manager versions prior to 10.01 suffer from cross site scripting vulnerability.
394d7bf2e882041e4de119be2410ca7279db090fb9198946562cbb3307543e78
Ubuntu Security Notice 2893-1 - Jason Pang discovered that service workers intercept responses to plugin network requests made through the browser. An attacker could potentially exploit this to bypass same origin restrictions using the Flash plugin.
5c0db8d8db3729fc04ee575a45709e0abce40974774e308d158845f87e3848fb
Ubuntu Security Notice 2894-1 - It was discovered that PostgreSQL incorrectly handled certain regular expressions. A remote attacker could possibly use this issue to cause PostgreSQL to crash, resulting in a denial of service. It was discovered that PostgreSQL incorrectly handled certain configuration settings (GUCS) for users of PL/Java. A remote attacker could possibly use this issue to escalate privileges.
ebe796e3c42c7667f7ab898d34253c32dad4b56546133ebbb41b370de36a0f3e
This bulletin summary lists two bulletins that have undergone a major revision increment for February, 2016.
5e62f02b24ab8e69b731fbbfb23373f01d52dfcc6c2bbd5543637a91bcf1aa91
Red Hat Security Advisory 2016-0166-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities, detailed in the Adobe Security Bulletin APSB16-04 listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to crash, execute arbitrary code, or disclose sensitive information when the victim loaded a page containing the malicious SWF content.
1816680b824050a758e4c30a63694622b5b24615d87e93c7e7e7ce02de19fcfc
Cisco Security Advisory - A vulnerability in the Internet Key Exchange (IKE) version 1 (v1) and IKE version 2 (v2) code of Cisco ASA Software could allow an unauthenticated, remote attacker to cause a reload of the affected system or to remotely execute code. The vulnerability is due to a buffer overflow in the affected code area. An attacker could exploit this vulnerability by sending crafted UDP packets to the affected system. An exploit could allow the attacker to execute arbitrary code and obtain full control of the system or to cause a reload of the affected system. Note: Only traffic directed to the affected system can be used to exploit this vulnerability. This vulnerability affects systems configured in routed firewall mode only and in single or multiple context mode. This vulnerability can be triggered by IPv4 and IPv6 traffic.
b39dc515a9918053d756c99939d54b8d713da1f97c251287ddcae2d2b507a879
EMC Documentum xCP contains fixes for multiple security vulnerabilities that could potentially be exploited by malicious users to compromise the affected system. Versions 2.1 and 2.2 are affected.
20de6bd9297ddd8a1fb42d72cb5fb400141a8b891a25ad8d400b3196582d67fb
ASUS wireless routers running ASUSWRT firmware have a design flaw in which the administrator web interface may be open to the public Internet even if you have specifically disabled web access from the WAN.
acefe4f7da5e0a9ebebc7265a613a32f86d3d8d789508910725b215e88ef92d7
A DLL side loading vulnerability was found in the MapsUpdateTask Task DLL that ships with Windows 10. This issue can be exploited by loading COM control as an embedded OLE object. When instantiating the object Windows will try to load the DLL phoneinfo.dll from the current working directory. If an attacker convinces the user to open a specially crafted (Office) document from a directory also containing the attacker's DLL file, it is possible to execute arbitrary code with the privileges of the target user. This can potentially result in the attacker taking complete control of the affected system.
2d60a51e6e82dbfc3d3f990fd98e9da3a6ed414a4dda68ab35f60ef08899c1e2
A DLL side loading vulnerability was found in the BDA MPEG2 Transport Information Filter that ships with Windows Vista. This issue can be exploited by loading the filter as an embedded OLE object. When instantiating the object Windows will try to load the DLL ehTrace.dll from the current working directory. If an attacker convinces the user to open a specially crafted (Office) document from a directory also containing the attacker's DLL file, it is possible to execute arbitrary code with the privileges of the target user. This can potentially result in the attacker taking complete control of the affected system.
46c78e46c86080f3c7dc443a900413e500d7f7d0f20d2fca23e1a30ed0482f7c
A DLL side loading vulnerability was found in the NPS Datastore server DLL that ships with Windows Vista. This issue can be exploited by loading the affected DLL as an embedded OLE object. When instantiating the object Windows will try to load the DLL iasdatastore2.dll from the current working directory. If an attacker convinces the user to open a specially crafted (Office) document from a directory also containing the attacker's DLL file, it is possible to execute arbitrary code with the privileges of the target user. This can potentially result in the attacker taking complete control of the affected system.
1b2dddead234857b365162684d8bbf28ae57f80f5af04c34105b408b35df5d6e
Slackware Security Advisory - New curl packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix a security issue.
ca2549f2bbe98b0173e2b937737135325fb0aeca5d53b29dd51a9d864253fceb
Slackware Security Advisory - New libsndfile packages are available for Slackware 13.37, 14.0, 14.1, and -current to fix security issues.
0613e48ef93ff91504e6909feac66241db72fe0400b308a7af0b739b8d6809e4
Debian Linux Security Advisory 3472-1 - Two vulnerabilities were discovered in wordpress, a web blogging tool.
735a5efc1730a43120e8b0b354ddf62a5478ce6c3ed1b1aba1601f8a38eb239c