Red Hat Security Advisory 2016-1166-01 - Python is an interpreted, interactive, object-oriented programming language that supports modules, classes, exceptions, high-level dynamic data types, and dynamic typing. The python27 packages provide a stable release of Python 2.7 with a number of additional utilities and database connectors for MySQL and PostgreSQL. Security Fix: The following fix was applied to the python component: The Python standard library HTTP client modules did not perform verification of TLS/SSL certificates when connecting to HTTPS servers. A man-in-the-middle attacker could use this flaw to hijack connections and eavesdrop or modify transferred data.
116aa091e5b51bb4e976b645fbaaff53c6753ebb9b4ca77c61747631d4c5f4c6Red Hat Security Advisory 2016-1141-01 - The Network Time Protocol is used to synchronize a computer's time with another referenced time source. These packages include the ntpd service which continuously adjusts system time and utilities used to query and configure the ntpd service. Security Fix: It was found that when NTP was configured in broadcast mode, a remote attacker could broadcast packets with bad authentication to all clients. The clients, upon receiving the malformed packets, would break the association with the broadcast server, causing them to become out of sync over a longer period of time.
257f45bddd3a482cefdb68cd619ab45fea0981268baa2dd55b47f82d7abb25a9Red Hat Security Advisory 2016-1140-01 - The "squid34" packages provide version 3.4 of Squid, a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Note that apart from "squid34", this version of Red Hat Enterprise Linux also includes the "squid" packages which provide Squid version 3.1. Security Fix: A buffer overflow flaw was found in the way the Squid cachemgr.cgi utility processed remotely relayed Squid input. When the CGI interface utility is used, a remote attacker could possibly use this flaw to execute arbitrary code.
4ddd25072f9b7bdc9d460f29a486fcdf22fc646b8001810de74d8404286f2dfbRed Hat Security Advisory 2016-1139-01 - Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Security Fix: A buffer overflow flaw was found in the way the Squid cachemgr.cgi utility processed remotely relayed Squid input. When the CGI interface utility is used, a remote attacker could possibly use this flaw to execute arbitrary code. Buffer overflow and input validation flaws were found in the way Squid processed ESI responses. If Squid was used as a reverse proxy, or for TLS/HTTPS interception, a remote attacker able to control ESI components on an HTTP server could use these flaws to crash Squid, disclose parts of the stack memory, or possibly execute arbitrary code as the user running Squid.
68a695fb82d9a9d930f969e15232aa6c79c5983c8c4aadcb320c3f086f496e89Red Hat Security Advisory 2016-1138-01 - Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Security Fix: A buffer overflow flaw was found in the way the Squid cachemgr.cgi utility processed remotely relayed Squid input. When the CGI interface utility is used, a remote attacker could possibly use this flaw to execute arbitrary code. Buffer overflow and input validation flaws were found in the way Squid processed ESI responses. If Squid was used as a reverse proxy, or for TLS/HTTPS interception, a remote attacker able to control ESI components on an HTTP server could use these flaws to crash Squid, disclose parts of the stack memory, or possibly execute arbitrary code as the user running Squid.
1b45107a7d5870831ac496e28e1912accc9d20214d4ac341cdeaae582ad76b51Red Hat Security Advisory 2016-1137-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Security Fix: A flaw was found in the way OpenSSL encoded certain ASN.1 data structures. An attacker could use this flaw to create a specially crafted certificate which, when verified or re-encoded by OpenSSL, could cause it to crash, or execute arbitrary code using the permissions of the user running an application compiled against the OpenSSL library.
ff57ec5fbd7dbdb0badb66c133418e32abb112493bd486514cf34e374e86e95cGentoo Linux Security Advisory 201605-6 - Multiple vulnerabilities have been found in Firefox, Thunderbird, Network Security Services (NSS), and NetScape Portable Runtime (NSPR) with the worst of which may allow remote execution of arbitrary code. Versions less than 4.12 are affected.
f6e136b96891d177bd1fed741b580437aa9ef8f98c5b4bd3d0964a4a18ce81f0Gentoo Linux Security Advisory 201605-5 - Multiple vulnerabilities have been found in Linux-PAM, allowing remote attackers to bypass the auth process and cause Denial of Service. Versions less than 1.2.1 are affected.
482bcba0404ed57991b17cb208b3a7c51e51bceb50c88c6d4c0e48004e8fde5cRed Hat Security Advisory 2016-1182-01 - In accordance with the Red Hat Storage Support Life Cycle policy, the Red Hat Ceph Storage 1.2 offering will be retired as of May 31, 2016, and support will no longer be provided. Accordingly, Red Hat will not provide extended support for this product, including Critical impact security patches or urgent priority bug fixes, after this date.
f902ff2dace43ee8c34d2ff6da2ea62403a8d2a92a8103d1d918b9865910029dWebKitGTK+ versions prior to 2.12.3 and 2.12.1 suffer from memory corruption, code execution, information disclosure, and denial of service vulnerabilities.
ed3b878265e2eac705c28e5a41e795719a9e61d8a59b0c6cf7447c33a10a314dThe Jetty path normalization mechanism suffers of an implementation issue when parsing the request URLs. The path normalization logic implemented in the PathResource class and introduced in Jetty versions 9.3.x can be defeated by requesting malicious URLs containing specific escaped characters. Leveraging on this weakness, a malicious user can gain access to protected resources (e.g. WEB-INF and META-INF folders and their contents) and defeat application filters or other security constraints implemented in the servlet configuration. Versions 9.3.0 through 9.3.8 are affected.
26929157b560ea70de00b08c35d3faa27d7dde2502ff66c5a5de0ac9128cc9bcDebian Linux Security Advisory 3588-1 - Two vulnerabilities were discovered in Symfony, a PHP framework.
7e8909d5da9e686e15ac23e7f229b103db8a093fa5d9eb609d1daa3f0dfab65cSlackware Security Advisory - New mozilla-thunderbird packages are available for Slackware 14.1 and -current to fix security issues.
36d7d930cce447857256736443653d9e62bbfd3c84ffae630bff2e25820515f2Slackware Security Advisory - New imagemagick packages are available for Slackware 14.0, 14.1, and -current to fix a security issue.
94e4c8893fef5dff9472b543506541a4ab4391cf95cf3158fb739ebd3e085faeGentoo Linux Security Advisory 201605-4 - Multiple vulnerabilities have been found in rsync, the worst of which could allow remote attackers to write arbitrary files. Versions less than 3.1.2 are affected.
077e09ac08fadd1cf9ba8bca376b61928812ed8dd5b022f6fd27617d0e2eb9c5Gentoo Linux Security Advisory 201605-3 - A double free vulnerability has been discovered in libfpx that allows remote attackers to cause a Denial of Service. Versions less than 1.3.1_p6 are affected.
5a8e0c57dbfedfa873ed9019451f951e8e7b84f3e07b5e5b15003e541e9ef446Debian Linux Security Advisory 3589-1 - Several vulnerabilities have been discovered in gdk-pixbuf, a toolkit for image loading and pixel buffer manipulation. A remote attacker can take advantage of these flaws to cause a denial-of-service against an application using gdk-pixbuf (application crash), or potentially, to execute arbitrary code with the privileges of the user running the application, if a malformed image is opened.
b82336321cadd731e75428bfc9c8ff1efa7b0f2be73badd09f6a8327c8316402Intex Wireless N150 router suffers from cross site request forgery, credential management, insecure transport, and various other vulnerabilities.
54463fdaffe2ba2992b54d5b15212374481650f7f1864b758809f46af87ad073Apache PDFBox versions 1.8.0 through 1.8.11 and 2.0.0 suffer from an XML external entity injection vulnerability.
f160d0f59531b7124fd63893410f4382449ef5be4212ce0538851d88587946e3Apache Qpid Java Broker versions 6.0.0, 6.0.1, and 6.0.2 suffer from a denial of service vulnerability.
3d81afb1173f32654873524b4636e3c6b1d5deed18d076fcaffba968ee1a79faApache Qpid Java Broker versions 6.0.2 and below suffer from an authentication bypass vulnerability.
594b68879b7de55bcdb5b81acc03145d655ca916b880773922cff137be76c5a5Slackware Security Advisory - New php packages are available for Slackware 14.0, 14.1, and -current to fix security issues.
ce9b11d04e18e69566df0de64e339ecc901c77ba929b4ac2d1fac7bc8920bf46Slackware Security Advisory - New libxslt packages are available for Slackware 14.0, 14.1, and -current to fix a security issue.
640e3e73be3ffe2c386f4c383d1ce10f3e47136935943c275815b90f8fcae037Slackware Security Advisory - New libxml2 packages are available for Slackware 14.0, 14.1, and -current to fix security issues.
897ec1b06118a1abb82b30b33d29eec72b0476ee15fe9ac75c98b6bc949cd736Debian Linux Security Advisory 3587-1 - Several vulnerabilities were discovered in libgd2, a library for programmatic graphics creation and manipulation. A remote attacker can take advantage of these flaws to cause a denial-of-service against an application using the libgd2 library.
f2f6c7f99cc86a7323da7dcfecc1fc94a9783d8e35c09aac160019baa2b5e88f
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed