Debian Linux Security Advisory 3601-1 - Multiple security issues have been found in Icedove, Debian's version of lead to the execution of arbitrary code or denial of service.
39fdbc8a5a09b53640b44f3f836d0d311d1fddc3d1cec3eaf4b2db7dc9bf2ab3
Red Hat Security Advisory 2016-1225-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: Two flaws were found in the way the Linux kernel's networking implementation handled UDP packets with incorrect checksum values. A remote attacker could potentially use these flaws to trigger an infinite loop in the kernel, resulting in a denial of service on the system, or cause a denial of service in applications using the edge triggered epoll functionality.
364610f04598d8202fdec3d76c56b7be088799140f67a757409f5a39d388d3a5
RSA Archer GRC Platform version 5.5.x suffers from a sensitive information disclosure vulnerability.
e9d9e9740fcc19e16903f5276534658fe27fa12046edd86511e33d352693f6e6
Red Hat Security Advisory 2016-1222-01 - Red Hat OpenStack Platform director provides the facilities for deploying and monitoring a private or public infrastructure-as-a-service cloud based on Red Hat OpenStack Platform. Security Fix: An issue was discovered in the image build process for the overcloud images, as used by director, resulting in all previous images to have a default root password of "rootpw". Remote root access via SSH is disabled by default.
57328f8210d5b295a596dfb0e1362d0f0ed92acbd9601df602b4091f2c01d259
Red Hat Security Advisory 2016-1224-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM in environments managed by Red Hat Enterprise Virtualization Manager. Security Fix: An out-of-bounds read/write access flaw was found in the way QEMU's VGA emulation with VESA BIOS Extensions support performed read/write operations using I/O port methods. A privileged guest user could use this flaw to execute arbitrary code on the host with the privileges of the host's QEMU process.
ad59149a8a4a31c1e49f2c7c04111870e3b67f13daa90a2517f45227802fe40b
Red Hat Security Advisory 2016-1223-01 - Red Hat OpenStack Platform director provides the facilities for deploying and monitoring a private or public infrastructure-as-a-service cloud based on Red Hat OpenStack Platform. Security Fix: An issue was discovered in the image build process for the overcloud images, as used by director, resulting in all previous images to have a default root password of "rootpw". Remote root access via SSH is disabled by default.
39baaf6211a66318f9c8905bb1b883a08b048793578a3794839e29e707c41851
EMC Data Domain suffers from an insecure NFS mount options vulnerability as well as an insecure password reset vulnerability. All versions of 5.4, 5.5, and 5.6 are affected. 5.7 versions 5.7.1.0 and below are affected.
81423187168577c98a7aa93a45f7f048d4175112b58c0dca5bb4ef1d554d1f5f
Ubuntu Security Notice 3008-1 - Jann Horn discovered that eCryptfs improperly attempted to use the mmap() handler of a lower filesystem that did not implement one, causing a recursive page fault to occur. A local unprivileged attacker could use to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges.
1c6a5a85c9169a533eb5de9769b10004e0fa62824b4452a84e050fd1ebab510b
Ubuntu Security Notice 3007-1 - Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the Linux kernel incorrectly enables scatter/gather I/O. A remote attacker could use this to obtain potentially sensitive information from kernel memory. Jann Horn discovered that eCryptfs improperly attempted to use the mmap() handler of a lower filesystem that did not implement one, causing a recursive page fault to occur. A local unprivileged attacker could use to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. Various other issues were also addressed.
21367d7bd0aa8b16e79856a1355feca42858b0c152a944585c55546c468c24e3
Ubuntu Security Notice 3006-1 - Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the Linux kernel incorrectly enables scatter/gather I/O. A remote attacker could use this to obtain potentially sensitive information from kernel memory. Jann Horn discovered that eCryptfs improperly attempted to use the mmap() handler of a lower filesystem that did not implement one, causing a recursive page fault to occur. A local unprivileged attacker could use to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. Various other issues were also addressed.
154dc735ba43dcb64102c43e5dbd9a972894457a1ab139daeb9843adf1a26a02
Ubuntu Security Notice 3005-1 - Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the Linux kernel incorrectly enables scatter/gather I/O. A remote attacker could use this to obtain potentially sensitive information from kernel memory. Jann Horn discovered that eCryptfs improperly attempted to use the mmap() handler of a lower filesystem that did not implement one, causing a recursive page fault to occur. A local unprivileged attacker could use to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. Various other issues were also addressed.
56a885e91d30fe754e8f21c81ed01cdf2281619674073d71894d6a45f8497137
Ubuntu Security Notice 3004-1 - Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the Linux kernel incorrectly enables scatter/gather I/O. A remote attacker could use this to obtain potentially sensitive information from kernel memory. Jann Horn discovered that eCryptfs improperly attempted to use the mmap() handler of a lower filesystem that did not implement one, causing a recursive page fault to occur. A local unprivileged attacker could use to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. Various other issues were also addressed.
15260f2bae937ffefd89474b5d45b197be79a2c3c629d596664ff46374144290
Ubuntu Security Notice 3003-1 - Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the Linux kernel incorrectly enables scatter/gather I/O. A remote attacker could use this to obtain potentially sensitive information from kernel memory. Jann Horn discovered that eCryptfs improperly attempted to use the mmap() handler of a lower filesystem that did not implement one, causing a recursive page fault to occur. A local unprivileged attacker could use to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. Various other issues were also addressed.
5fed2838234a44d1730852206ba9626415e7a2b237d203c9b8f4f0a0ae120b95
Ubuntu Security Notice 3002-1 - Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the Linux kernel incorrectly enables scatter/gather I/O. A remote attacker could use this to obtain potentially sensitive information from kernel memory. Jann Horn discovered that eCryptfs improperly attempted to use the mmap() handler of a lower filesystem that did not implement one, causing a recursive page fault to occur. A local unprivileged attacker could use to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. Various other issues were also addressed.
6a304214d70136724253b137a128ced305938a2bcf77b7f57cc2fd2056cb00d0
Ubuntu Security Notice 3001-1 - Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the Linux kernel incorrectly enables scatter/gather I/O. A remote attacker could use this to obtain potentially sensitive information from kernel memory. Jann Horn discovered that eCryptfs improperly attempted to use the mmap() handler of a lower filesystem that did not implement one, causing a recursive page fault to occur. A local unprivileged attacker could use to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. Various other issues were also addressed.
cbd8722998ecacafce7f0e191f217dc2e6164d45016680a92f8639cf152856bf
Ubuntu Security Notice 3000-1 - Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the Linux kernel incorrectly enables scatter/gather I/O. A remote attacker could use this to obtain potentially sensitive information from kernel memory. Jann Horn discovered that eCryptfs improperly attempted to use the mmap() handler of a lower filesystem that did not implement one, causing a recursive page fault to occur. A local unprivileged attacker could use to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. Various other issues were also addressed.
330259ee5fb5e92854cb2c2d2d644d62e3fa8b04b3260f39927986db6fab5b70
Ubuntu Security Notice 2999-1 - Jann Horn discovered that eCryptfs improperly attempted to use the mmap() handler of a lower filesystem that did not implement one, causing a recursive page fault to occur. A local unprivileged attacker could use to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges.
37b03730f372db742282c86032bdc5c6b39f7d29d325e1dc79983c933e38bccf
Ubuntu Security Notice 2998-1 - Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the Linux kernel incorrectly enables scatter/gather I/O. A remote attacker could use this to obtain potentially sensitive information from kernel memory. Jann Horn discovered that eCryptfs improperly attempted to use the mmap() handler of a lower filesystem that did not implement one, causing a recursive page fault to occur. A local unprivileged attacker could use to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. Various other issues were also addressed.
6ac8e40a1a58889071f681c070f97687fbc0499845baf46496f6035c2db81bc6
Ubuntu Security Notice 2997-1 - Jann Horn discovered that eCryptfs improperly attempted to use the mmap() handler of a lower filesystem that did not implement one, causing a recursive page fault to occur. A local unprivileged attacker could use to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. Ralf Spenneberg discovered that the USB sound subsystem in the Linux kernel did not properly validate USB device descriptors. An attacker with physical access could use this to cause a denial of service (system crash). Various other issues were also addressed.
df656efbeccd8134a69d49e30b421956bddc01476d613d8b026317f4a3e41d03
Ubuntu Security Notice 2996-1 - Jann Horn discovered that eCryptfs improperly attempted to use the mmap() handler of a lower filesystem that did not implement one, causing a recursive page fault to occur. A local unprivileged attacker could use to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. Ralf Spenneberg discovered that the USB sound subsystem in the Linux kernel did not properly validate USB device descriptors. An attacker with physical access could use this to cause a denial of service (system crash). Various other issues were also addressed.
06d71e9c2695629758cc867e221b01bf922a1b38f88de97259e83eb660611bfb
HP Security Bulletin HPSBGN03617 2 - Security vulnerabilities in the libXML2 library could potentially impact HPE IceWall Federation Agent and IceWall File Manager resulting in Remote Denial of Service (DoS). Revision 2 of this advisory.
6b708451afacf61935662aab3d512552a8fc3fc797ff8206e40a1f91d80efef0
Debian Linux Security Advisory 3600-1 - Multiple security issues have been found in the Mozilla Firefox web implementation errors may lead to the execution of arbitrary code or spoofing.
0e4c0f8470e42dc5a17607f4e227558df0bae6ae2b817ae8130fe783697bbfa0
Apache CloudStack contains an authentication module providing "single sign-on" functionality via the SAML data format. Under certain conditions, a user could manage to access the user interface without providing proper credentials. As the SAML plugin is disabled by default, this issue only affects installations that have enabled and use SAML-based authentication.
a4b1186aed8d05b27ac281e1250d62a1a3033e39f9bb7e46c69a4ba4a43d9dd7
Debian Linux Security Advisory 3598-1 - Patrick Coleman discovered that missing input sanitising in the ADPCM decoder of the VLC media player may result in the execution of arbitrary code if a malformed media file is opened.
ef6e9f7013612db842224145000258841e752a70d48a8576bf41b2598f2f91c5
HP Security Bulletin HPSBGN03623 1 - A potential security vulnerability has been identified in HPE Universal CMDB. The vulnerability could be exploited remotely to allow remote disclosure of sensitive information. Revision 1 of this advisory.
bf0b9e29255730ffd5c04f56dbaba7e2b31bc907e20a67ba4ff34cdfea4e81a2