Red Hat Security Advisory 2016-1347-01 - Red Hat JBoss BPM Suite is a business rules and processes management system for the management, storage, creation, modification, and deployment of JBoss rules and BPMN2-compliant business processes. Security Fix: It was found that JGroups did not require necessary headers for encrypt and auth protocols from new nodes joining the cluster. An attacker could use this flaw to bypass security restrictions, and use this vulnerability to send and receive messages within the cluster, leading to information disclosure, message spoofing, or further possible attacks.
a0fd5df58421128c1a07f21c9a92276cf8767d845c7f9e6fc3c0aecc8f18306dRed Hat Security Advisory 2016-1346-01 - Red Hat JBoss Data Virtualization is a lean data integration solution that provides easy, real-time, and unified data access across disparate sources to multiple applications and users. JBoss Data Virtualization makes data spread across physically distinct systems - such as multiple databases, XML files, and even Hadoop systems - appear as a set of tables in a local database. Security Fix: It was found that JGroups did not require necessary headers for encrypt and auth protocols from new nodes joining the cluster. An attacker could use this flaw to bypass security restrictions, and use this vulnerability to send and receive messages within the cluster, leading to information disclosure, message spoofing, or further possible attacks.
10910d0024b75b8f8033a76719b206b712d0277d444d33e117eb8cfe6f89d1bcCraft CMS versions prior to build 2791 suffer from a server-side template injection vulnerability.
d6c07b9c38fb3cfe42f98d1ca5686bfe86383f8459ba8e4a28ecb5a9583adf0bUbuntu Security Notice 3017-1 - Jesse Hertz and Tim Newsham discovered that the Linux netfilter implementation did not correctly perform validation when handling 32 bit compatibility IPT_SO_SET_REPLACE events on 64 bit platforms. A local unprivileged attacker could use this to cause a denial of service (system crash) or execute arbitrary code with administrative privileges. Kangjie Lu discovered an information leak in the core USB implementation in the Linux kernel. A local attacker could use this to obtain potentially sensitive information from kernel memory. Various other issues were also addressed.
79f36f91ab71a9288eb4ac5bd94a84055fe207a3b8ffde26e2b998bac448de0bUbuntu Security Notice 3017-2 - Jesse Hertz and Tim Newsham discovered that the Linux netfilter implementation did not correctly perform validation when handling 32 bit compatibility IPT_SO_SET_REPLACE events on 64 bit platforms. A local unprivileged attacker could use this to cause a denial of service (system crash) or execute arbitrary code with administrative privileges. Kangjie Lu discovered an information leak in the core USB implementation in the Linux kernel. A local attacker could use this to obtain potentially sensitive information from kernel memory. Various other issues were also addressed.
9a2ae0d9a1ce7f3c114d1711ce02b4e07a2fdfe9dd0b82dad517fe7ff5247145Red Hat Security Advisory 2016-1341-01 - The kernel-rt package contain the Linux kernel, the core of any Linux operating system. This update provides a build of the kernel-rt package for Red Hat Enterprise MRG 2.5 that is layered on Red Hat Enterprise Linux 6, and provides a number of bug fixes.
d575326270c1ed2341561383bf71c876563587ce203f19a644eee79474e53727Ubuntu Security Notice 3016-3 - Jesse Hertz and Tim Newsham discovered that the Linux netfilter implementation did not correctly perform validation when handling 32 bit compatibility IPT_SO_SET_REPLACE events on 64 bit platforms. A local unprivileged attacker could use this to cause a denial of service (system crash) or execute arbitrary code with administrative privileges. Kangjie Lu discovered an information leak in the core USB implementation in the Linux kernel. A local attacker could use this to obtain potentially sensitive information from kernel memory. Various other issues were also addressed.
4a46c330fbc5d59fcecbb0755e870ff87b7bc2891a32e3f9e0bc14cf19ac7aa1Gentoo Linux Security Advisory 201606-17 - Multiple vulnerabilities have been found in hostapd and wpa_supplicant, allowing remote attackers to execute arbitrary code or cause Denial of Service. Versions less than 2.5 are affected.
5d7af6d69f7d7ea29cb1b7d706cf8f37dc0cd7148f64745c77580d11fd656ddeUbuntu Security Notice 3016-2 - Jesse Hertz and Tim Newsham discovered that the Linux netfilter implementation did not correctly perform validation when handling 32 bit compatibility IPT_SO_SET_REPLACE events on 64 bit platforms. A local unprivileged attacker could use this to cause a denial of service (system crash) or execute arbitrary code with administrative privileges. Kangjie Lu discovered an information leak in the core USB implementation in the Linux kernel. A local attacker could use this to obtain potentially sensitive information from kernel memory. Various other issues were also addressed.
3b960ba01dd7b794aef265df87941a0121a7b266f1c50456a9f279d9ccd0c927Ubuntu Security Notice 3016-1 - Jesse Hertz and Tim Newsham discovered that the Linux netfilter implementation did not correctly perform validation when handling 32 bit compatibility IPT_SO_SET_REPLACE events on 64 bit platforms. A local unprivileged attacker could use this to cause a denial of service (system crash) or execute arbitrary code with administrative privileges. Kangjie Lu discovered an information leak in the core USB implementation in the Linux kernel. A local attacker could use this to obtain potentially sensitive information from kernel memory. Various other issues were also addressed.
b7b6569c094d6e250336c05cb6c8a2054aae6090826ed99ebac47b7a65fba9bdMultiple Panda Security products are vulnerable to local privilege escalation. As the USERS group has write permissions over the folder where the PSEvents.exe process is located, it is possible to execute malicious code as Local System.
f2c3335b56476d81d249fe69f248bb45a5f8e46e582bf79a99ae8afe17b0dee0Gentoo Linux Security Advisory 201606-16 - A buffer overflow in PLIB might allow remote attackers to execute arbitrary code. Versions less than 1.8.5-r1 are affected.
1c00e066fb23540a9ad5a677e16190d40daf940bd0c13db2d78f895381422e5dGentoo Linux Security Advisory 201606-15 - Multiple vulnerabilities have been found in FreeXL, allowing remote attackers to executive arbitrary code or cause Denial of Service. Versions less than 1.0.1 are affected.
66447f4605cfc40f3673194b46cfdc8235c53aa2e27abc0a1bc15530254a1485Gentoo Linux Security Advisory 201606-14 - Multiple vulnerabilities have been found in ImageMagick including overflows and possible Denials of Service. Versions less than 6.9.0.3 are affected.
70b73520d788fbcf5fd3bcbbb0cfc03ecd29886963a4711f6ca6c91671edb703Gentoo Linux Security Advisory 201606-13 - sudo is vulnerable to an escalation of privileges via a symlink attack. Versions less than 1.8.15-r1 are affected.
ded337a5c37a4a4988b8a6954f7c27a1e14d6b846df65915b30d360b982181eeGentoo Linux Security Advisory 201606-12 - Multiple vulnerabilities have been found in libssh and libssh2, the worst of which allows remote attackers to cause Denial of Service. Versions less than 0.7.3 are affected.
a7682074939d8d39fdbac72c4a9138e844743c73c282548b5fb3e4eebea79c23Slackware Security Advisory - New php packages are available for Slackware 14.0, 14.1, and -current to fix security issues.
20b6bfa73054d012cdaf01c59877c6e8e69753ff9a59afe3f8573733bbc90549Gentoo Linux Security Advisory 201606-11 - Multiple vulnerabilities have been found in claws-mail, particularly in the default SSL implementation. Versions less than 3.13.2 are affected.
d93afbc054fbd44009f35488987607e4424bea092ae43b539bfd4399473f1d31Debian Linux Security Advisory 3606-1 - It was discovered that pdfbox, a PDF library for Java, was susceptible to XML External Entity attacks.
61d21573a2ded453c905fe50c7f9fd46873c6e0f09de588bcfd1a066e813e554SugarCRM versions 6.5.23 and below suffer from a PHP object injection vulnerability.
1a98da7144e660a3accb44aab022cd43453f7c51263930ef13a00ccd4a03cb51SugarCRM versions 6.5.18 CE and below suffer from a SAML authentication XML external entity vulnerability.
d8bf3667bba05f07cd81eeb7dfd0728907f68ad4f68d3142091238587292b06eRed Hat Security Advisory 2016-1301-01 - The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. The following packages have been upgraded to a newer upstream version: kernel-rt.
a823740bd10edd796c58b8994ad6daecb97f95cae7384700dd3afa603f8a79a3Red Hat Security Advisory 2016-1296-01 - OCaml is a high-level, strongly-typed, functional, and object-oriented programming language from the ML family of languages. The ocaml packages contain two batch compilers, an interactive top level system, parsing tools, a replay debugger, a documentation generator, and a comprehensive library. Security Fix: OCaml versions 4.02.3 and earlier have a runtime bug that, on 64-bit platforms, causes size arguments to internal memmove calls to be sign-extended from 32- to 64-bits before being passed to the memmove function. This leads to arguments between 2GiB and 4GiB being interpreted as larger than they are, causing a buffer overflow. Further, arguments between 4GiB and 6GiB are interpreted as 4GiB smaller than they should be, causing a possible information leak.
65a6a453296687f548fd82a2111f0e0bf5d24226b44b64a220454e43448dd1ccRed Hat Security Advisory 2016-1277-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. These updated kernel packages include several security issues and numerous bug fixes, some of which you can see below. Space precludes documenting all of these bug fixes in this advisory.
10fb51383d7fc7d48506cede67c2760a1099fe9515a561b75ec00b53e62af238Red Hat Security Advisory 2016-1333-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on Wildfly. This asynchronous patch is a security update for JGroups package in Red Hat JBoss Enterprise Application Platform 7.0. Security Fix: It was found that JGroups did not require necessary headers for encrypt and auth protocols from new nodes joining the cluster. An attacker could use this flaw to bypass security restrictions, and use this vulnerability to send and receive messages within the cluster, leading to information disclosure, message spoofing, or further possible attacks.
c09dd3666c7a73222ab648af437feab92c57336cf956ab1e4fce57b7330e47de
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed