Red Hat Security Advisory 2016-1475-01 - Oracle Java SE version 8 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update upgrades Oracle Java SE 8 to version 8 Update 101. Security Fix: This update fixes multiple vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit.
2caaef5ada15fdae664cddcfeac6be8732391bd3fbea43150c75cd29b759574b
Red Hat Security Advisory 2016-1476-01 - Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update upgrades Oracle Java SE 7 to version 7 Update 111. Security Fix: This update fixes multiple vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit.
7267b15575e357bac4c8ed3413791cbb860372c09b781ee3b7628288746767f7
Red Hat Security Advisory 2016-1474-01 - OpenStack Networking is a pluggable, scalable, and API-driven system that provisions networking services to virtual machines. Its main function is to manage connectivity to and from virtual machines. The following packages have been upgraded to a newer upstream version: openstack-neutron. Security Fix: Neutron functionality includes internal firewall management between networks. Due to the relaxed nature of particular rules, it is possible for machines on the same layer 2 networks to forge non-IP traffic, such as ARP and DHCP requests.
8745b604a58d383d3b6ff52bd09c04a84f130c3f31bfed451be6ebdb839daff9
Red Hat Security Advisory 2016-1473-01 - OpenStack Networking is a pluggable, scalable, and API-driven system that provisions networking services to virtual machines. Its main function is to manage connectivity to and from virtual machines. Security Fix: Neutron functionality includes internal firewall management between networks. Due to the relaxed nature of particular rules, it is possible for machines on the same layer 2 networks to forge non-IP traffic, such as ARP and DHCP requests.
7d30e603c4b7ad0d2283369dd4e57a3fc26438d64869e1203fc323cd21fe293a
Cisco Security Advisory - A vulnerability in the web framework of Cisco Unified Computing System (UCS) Performance Manager could allow an authenticated, remote attacker to execute arbitrary commands. The vulnerability is due to insufficient input validation performed on parameters that are passed via an HTTP GET request. An attacker could exploit this vulnerability by sending crafted HTTP GET requests to an affected system. An exploit could allow the attacker to execute arbitrary commands with the privileges of the root user. Cisco has released software updates that address this vulnerability. Workarounds that address this vulnerability are not available.
e801ea022a39f6340a7416d5f90277eb140d7b3a5f900b089ca87cc8d7ffee28
Gentoo Linux Security Advisory 201607-14 - A vulnerability in Ansible may allow local attackers to gain escalated privileges or write arbitrary files. Versions less than 1.9.6 are affected.
5abe34fb3432373e7e24b84ec2f041264edc4100c25d4e25c505f3aa830b83cf
Gentoo Linux Security Advisory 201607-13 - A buffer overflow in libbsd might allow remote attackers to execute arbitrary code. Versions less than 0.8.2 are affected.
f356293130cc41f6c5d8ce93ce7fc682a43dcb6604dc3e0f868c6dca3d2c0fc3
Gentoo Linux Security Advisory 201607-12 - A local attacker could execute arbitrary code by providing unsanitized data to a data source or escalate privileges. Versions less than 4.87 are affected.
22534b373f0d93237acf41108fb6a56ff906ad77fd8c5a9ae003dd2dc9682857
Gentoo Linux Security Advisory 201607-11 - Multiple vulnerabilities have been found in Bugzilla, the worst of which could lead to the escalation of privileges. Versions less than 5.0.3 are affected.
80a0902267c16233710208037b188bcd90eb15791d34baf0375c867b48579f49
Gentoo Linux Security Advisory 201607-10 - Improper input validation in Varnish allows remote attackers to conduct HTTP smuggling attacks, and possibly trigger a buffer overflow. Versions less than 3.0.7 are affected.
c34e7c2fcf5bec193bd0105cdbf6caa9e33b041e525c3094834b3e35b5bdb77a
Gentoo Linux Security Advisory 201607-9 - Apache Commons BeanUtils does not properly suppress the class property, which could lead to the remote execution of arbitrary code. Versions below 1.9.2 are affected.
e796b79d0cecceb30859bf6409dd12a908bf0b6687463fd62c86692038a1b122
Gentoo Linux Security Advisory 201607-8 - A vulnerability has been found in Dropbear, which allows remote authenticated users to bypass intended shell-command restrictions. Versions less than 2016.73 are affected.
37c6e42ccd2e3205e832bfa112c6fd71bfd4a0029363d1e168539226fbb72a83
Red Hat Security Advisory 2016-1439-01 - Red Hat Single Sign-On 7.0 is a standalone server, based on the Keycloak project, that provides authentication and standards-based SSO capabilities for web and mobile applications. This asynchronous patch is a security update for JGroups package in Red Hat Single Sign-On 7.0. Security Fix: It was found that JGroups did not require necessary headers for encrypt and auth protocols from new nodes joining the cluster. An attacker could use this flaw to bypass security restrictions, and use this vulnerability to send and receive messages within the cluster, leading to information disclosure, message spoofing, or further possible attacks.
317cf16ea3dbb6853842f5156d6f798a461a36ad069b855b978b49ca6e73153c
Debian Linux Security Advisory 3623-1 - Scott Geary of VendHQ discovered that the Apache HTTPD server used the value of the Proxy header from HTTP requests to initialize the HTTP_PROXY environment variable for CGI scripts, which in turn was incorrectly used by certain HTTP client implementations to configure the proxy for outgoing HTTP requests. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a CGI script to an attacker-controlled proxy via a malicious HTTP request.
3f0f077fa580f9c70a712a8e940ea126c15ee5ca79bb2cc5ae3afdb0dbc13ec9
Apple Security Advisory 2016-07-18-6 - iTunes 12.4.2 for Windows is now available and addresses multiple memory corruption vulnerabilities.
633c434706d646cb88f9b2500c243323908adca066d93650b3de1179c1021483
Apple Security Advisory 2016-07-18-5 - Safari 9.1.2 is now available and addresses information disclosure, spoofing, and various other vulnerabilities.
c9e88a9ceedaa41e7c53dede660e559e035f39a544a712c1ee2fa29d95684de7
Apple Security Advisory 2016-07-18-4 - tvOS 9.2.2 is now available and addresses code execution, denial of service, and various other vulnerabilities.
4a9bc32a7d4706ab17452ff64199e021359d694515d28902f836d1e4f0ed5d85
A heap memory corruption vulnerability exists in the ASN.1 parsing code generated by Objective Systems Inc. ASN1C compiler for C/C++.
7b43a417029a6660a52e541cea51ce69f3ace470ef73b37b87d6e6718bb3e958
Apple Security Advisory 2016-07-18-3 - watchOS 2.2.2 is now available and addresses code execution, denial of service, and various other vulnerabilities.
a5e03cf377eb22ba61d0ea650f262c33428093e57329215b0a10d4bd3248e047
Apple Security Advisory 2016-07-18-2 - iOS 9.3.3 is now available and addresses denial of service, code execution, and various other vulnerabilities.
c6de9fc2d249bae04651d8b2646e67da6b9b36ca615e81469850e66356b82bdd
Apple Security Advisory 2016-07-18-1 - OS X El Capitan v10.11.6 and Security Update 2016-004 is now available and addresses arbitrary code execution, information disclosure, and various other vulnerabilities.
a2d9354c4a7f6ea06efa521cdd6516fbf0a138a5ca0981e16938eab249ee9d7d
Ubuntu Security Notice 3039-1 - It was discovered that Django incorrectly handled the admin's add/change related popup. A remote attacker could possibly use this issue to perform a cross-site scripting attack.
d312deca62b6bc115c201ca36286e9a7ca576fd38cca9f1acd440341e420a96a
Debian Linux Security Advisory 3622-1 - It was discovered that Django, a high-level Python web development framework, is prone to a cross-site scripting vulnerability in the admin's add/change related popup.
9c58635ddf4b881bad27de51794b4f2b9546323a9f77575aa1be164dd5d0741b
Red Hat Security Advisory 2016-1435-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. This release of Red Hat JBoss Enterprise Application Platform 6.4.9 serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.8, and includes bug fixes and enhancements. Documentation for these changes will be available shortly from the Red Hat JBoss Enterprise Application Platform 6.4.9 Release Notes, linked to in the References. Multiple security issues have been addressed.
dec36409f1db8464a059ab01e8ba22bb42c5d3313fb7fb064859dda6b2cd0963
Red Hat Security Advisory 2016-1434-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. This release of Red Hat JBoss Enterprise Application Platform 6.4.9 serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.8, and includes bug fixes and enhancements, which are documented in the Release Notes documented linked to in the References. Security Fix: It was found that JGroups did not require necessary headers for encrypt and auth protocols from new nodes joining the cluster. An attacker could use this flaw to bypass security restrictions, and use this vulnerability to send and receive messages within the cluster, leading to information disclosure, message spoofing, or further possible attacks.
9a8e4409727b247a7ebae466821413f642efde07ee3e7723a5c7ce8f773ea250