Red Hat Security Advisory 2016-0702-01 - IBM Java SE version 7 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 7 to version 7 SR9-FP40. Security Fix: This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.
c98ad902d46fce046c111ef7a6a8995c219f2bff9d29e4119568637c4265d5caRed Hat Security Advisory 2016-0701-01 - IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 7 to version 7R1 SR3-FP40. Security Fix: This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.
884e110ff003a5ebe87b021cdb5a85ef8b34452464ed2bffbe01fa645b5ce7d2Ubuntu Security Notice 2956-1 - Zygmunt Krynicki discovered that ubuntu-core-launcher did not properly sanitize its input and contained a logic error when determining the mountpoint of bind mounts when using snaps on Ubuntu classic systems (eg, traditional desktop and server). If a user were tricked into installing a malicious snap with a crafted snap name, an attacker could perform a delayed attack to steal data or execute code within the security context of another snap. This issue did not affect Ubuntu Core systems.
632df5bd97671917840f2fe614b04f125db458c1c3da25f5a2f2f65fbeb95d7fDebian Linux Security Advisory 3561-1 - Several vulnerabilities were discovered in Subversion, a version control system.
a3ddda805ec7e1179854aceee79c5936746ae42436b7a540717028d63bfd07a6HPE Security Bulletin HPSBUX03583 SSRT110084 1 - Potential security vulnerabilities have been identified in the HP-UX BIND service running named. These vulnerabilities could be exploited remotely to create a Denial of Service (DoS). Revision 1 of this advisory.
a91427fd382a1816a0da8390e9635c1956206d8290d7b0c0dfd9a0ac6deecedfRed Hat Security Advisory 2016-0699-01 - In accordance with the Red Hat Enterprise Developer Toolset Life Cycle policy, the Red Hat Developer Toolset Version 3.x offering will be retired as of October 31, 2016, and support will no longer be provided. Accordingly, Red Hat will no longer provide updated packages, including Critical impact security patches or urgent priority bug fixes, for Developer Toolset Version 3.x after October 31, 2016.
a55ad15db53514823d1d1fcbc99e80f53ff3cc86246f228b316e78ef5ddaacadDebian Linux Security Advisory 3560-1 - Several vulnerabilities were found in PHP, a general-purpose scripting language commonly used for web application development.
0823460b2d4bc6ef5d63b5785ab262127bc73b4bf73dd3927aedf0f2de56e342Apache Cordova iOS versions 3.9.1 and below suffer from an access bypass vulnerability.
fae203a05fc5e593cedf2d62a055f9b7f81ada5058f60301bd2b9a2abe342180Apache Cordova iOS versions 3.9.1 and below allow for arbitrary plugin execution.
fefb824e808b4133ebdf4a6c2f3d50502a18ea0647eef7619d23119976a4004bUbuntu Security Notice 2936-1 - Christian Holler, Tyson Smith, Phil Ringalda, Gary Kwong, Jesse Ruderman, Mats Palmgren, Carsten Book, Boris Zbarsky, David Bolter, Randell Jesup, Andrew McCreight, and Steve Fink discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. Various other issues were also addressed.
72de8bd9f672f0da0f03941e20b339aa30efeab5c6302718862f00e934ebad4aUbuntu Security Notice 2934-1 - Bob Clary, Christoph Diehl, Christian Holler, Andrew McCreight, Daniel Holbert, Jesse Ruderman, and Randell Jesup discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. Various other issues were also addressed.
1b82ab9e46c4ac83735da4ebe80a00ac45d9d42790929bd0cfc5b0114e1a9c92Ubuntu Security Notice 2955-1 - A use-after-free was discovered when responding synchronously to permission requests. An attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking the program. An out-of-bounds read was discovered in V8. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer crash. Various other issues were also addressed.
98d91da3fa3807dd891052480ad6b5a8bd4ff5417450535aa999cbb614b528bfDebian Linux Security Advisory 3559-1 - Multiple security issues have been found in Iceweasel, Debian's version buffer overflows may lead to the execution of arbitrary code or denial of service.
86b8102c6b493627ceb712cc49a70e3ab9e3ccbe6b4eb4d0ab648cea41dbd21cUbuntu Security Notice 2952-2 - USN-2952-1 fixed vulnerabilities in PHP. One of the backported patches caused a regression in the PHP Soap client. This update fixes the problem. It was discovered that the PHP Zip extension incorrectly handled directories when processing certain zip files. A remote attacker could possibly use this issue to create arbitrary directories. It was discovered that the PHP Soap client incorrectly validated data types. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.
34256a7fbb2ead22a5a09a7ec0edeb11a8a3dd11aea8a9162bc767ed7eb68101Ubuntu Security Notice 2950-2 - USN-2950-1 fixed vulnerabilities in Samba. The updated Samba packages introduced a compatibility issue with NTLM authentication in libsoup. This update fixes the problem. Jouni Knuutinen discovered that Samba contained multiple flaws in the DCE/RPC implementation. A remote attacker could use this issue to perform a denial of service, downgrade secure connections by performing a man in the middle attack, or possibly execute arbitrary code. Various other issues were also addressed.
d00c71363fd9011b1911761bd598b570e7edef600cd48c0634d3cf0850df7357Slackware Security Advisory - New mozilla-firefox packages are available for Slackware 14.1 and -current to fix security issues.
0fb2a78a07300d6178cc2e68ad5715edb8d213245d8509245b45509940185e53Gentoo Linux Security Advisory 201604-5 - Multiple vulnerabilities have been found in Wireshark, allowing local attackers to escalate privileges and remote attackers to cause Denial of Service. Versions less than 2.0.2 are affected.
47c27f7b141d8adbd823f87858b411cdfffec11eca51c078a83801330b01f327Gentoo Linux Security Advisory 201604-4 - Multiple vulnerabilities have been found in libksba, allowing a possible Denial of Service and unspecified other vectors through integer overflows. Versions less than 1.3.3 are affected.
587f8290d7f59a6381f09f79c51e4030da53894406450164050f164167b8ec2aDebian Linux Security Advisory 3558-1 - Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in breakouts of the Java sandbox, denial of service or information disclosure.
3a563a5fef3ea78c6851cadc6b390e4903b99b2a6842fde118c05fd922d5b727Red Hat Security Advisory 2016-0695-01 - Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.1.0 ESR. Security Fix: Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox.
438add94dab646ed2426c1c033bfeaf4fdc37d12f17ae6c15284a7848e3231d7Debian Linux Security Advisory 3557-1 - Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to the new upstream version 5.5.49.
46eba16e731a5ce8cd707967340d95e67db7cdd513b9f1bb48a259a6ef3f14e5HP Security Bulletin HPSBGN03582 1 - HPE Helion CloudSystem addressed stack based buffer overflows in glibc's implementation of getaddrinfo(). These vulnerabilities could be remotely exploited to cause a Denial of Service (DoS) or allow execution of arbitrary code on the host with the permissions of a user running glibc library. Revision 1 of this advisory.
26439f2e50832858fd5b35b5b17ec68209e8fbe1597c3cfba78e2bd761d45067Ubuntu Security Notice 2954-1 - Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues.
05f40994744779c4bf1ed946ccd0cc1e06d25f601405ee6115dddf0e2db83a9fRed Hat Security Advisory 2016-0684-01 - Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. The following packages have been upgraded to a newer upstream version: nss 3.21.0, nspr 4.11.0. Security Fix: A use-after-free flaw was found in the way NSS handled DHE and ECDHE handshake messages. A remote attacker could send a specially crafted handshake message that, when parsed by an application linked against NSS, would cause that application to crash or, under certain special conditions, execute arbitrary code using the permissions of the user running the application.
5a2666975f30ed4ef9d32a6c94c6c7ee9af784cd8b1cb74c9e6c0bbd94cde00eDebian Linux Security Advisory 3556-1 - Hans Jerry Illikainen discovered that libgd2, a library for programmatic graphics creation and manipulation, suffers of a signedness vulnerability which may result in a heap overflow when processing specially crafted compressed gd2 data. A remote attacker can take advantage of this flaw to cause an application using the libgd2 library to crash, or potentially, to execute arbitrary code with the privileges of the user running the application.
4fb5df9dace3303fe13802ffbddb4d7d85114c9f5c087fdb4b2bd8891d489403
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed