Red Hat Security Advisory 2016-1433-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. This release of Red Hat JBoss Enterprise Application Platform 6.4.9 serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.8, and includes bug fixes and enhancements, which are documented in the Release Notes documented linked to in the References. Security Fix: It was found that JGroups did not require necessary headers for encrypt and auth protocols from new nodes joining the cluster. An attacker could use this flaw to bypass security restrictions, and use this vulnerability to send and receive messages within the cluster, leading to information disclosure, message spoofing, or further possible attacks.
35bd8a4148689c1a27929208cf6843e664a746e2a01785a0dec3a04ff5e0c5f2Red Hat Security Advisory 2016-1432-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. The jboss-ec2-eap packages provide scripts for Red Hat JBoss Enterprise Application Platform running on the Amazon Web Services Elastic Compute Cloud. With this update, the packages have been updated to ensure compatibility with Red Hat JBoss Enterprise Application Platform 6.4.9. Multiple security issues have been addressed.
6f3886566e926a59135b67d8dd635deae1b47778fd8b00f54cfa44a2c8520776Red Hat Security Advisory 2016-1420-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix: It was discovered that httpd used the value of the Proxy header from HTTP requests to initialize the HTTP_PROXY environment variable for CGI scripts, which in turn was incorrectly used by certain HTTP client implementations to configure the proxy for outgoing HTTP requests. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a CGI script to an attacker-controlled proxy via a malicious HTTP request.
7cede861a05dabf8a87aa3760a62b71b991e7fc3605adcc358f10a01192a48e5Ubuntu Security Notice 3023-1 - It was discovered that NSPR incorrectly handled memory allocation. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. Christian Holler, Gary Kwong, Jesse Ruderman, Tyson Smith, Timothy Nikkel, Sylvestre Ledru, Julian Seward, Olli Pettay, and Karl Tomlinson, discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code. Various other issues were also addressed.
3fe98ccb366eec5429c1c3e2cb265917ff74bc9ce1c34996d652c69f97e7db00Ubuntu Security Notice 3038-1 - It was discovered that the Apache HTTP Server would set the HTTP_PROXY environment variable based on the contents of the Proxy header from HTTP requests. A remote attacker could possibly use this issue in combination with CGI scripts that honour the HTTP_PROXY variable to redirect outgoing HTTP requests.
74e95b5addef4fc8153088ab09870ab4f82e6df17b22f4b1bc874aa554309f32Red Hat Security Advisory 2016-1421-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix: It was discovered that httpd used the value of the Proxy header from HTTP requests to initialize the HTTP_PROXY environment variable for CGI scripts, which in turn was incorrectly used by certain HTTP client implementations to configure the proxy for outgoing HTTP requests. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a CGI script to an attacker-controlled proxy via a malicious HTTP request.
436fc4e839cc2887a759542674a0dc2989aec34c7b74fe6ed4b9921e48d2096dRed Hat Security Advisory 2016-1422-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix: It was discovered that httpd used the value of the Proxy header from HTTP requests to initialize the HTTP_PROXY environment variable for CGI scripts, which in turn was incorrectly used by certain HTTP client implementations to configure the proxy for outgoing HTTP requests. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a CGI script to an attacker-controlled proxy via a malicious HTTP request.
87acaf1ab290cbcda124e1031ca7e28dc94b6eaedf153777e3ce2d06a749ae8bDebian Linux Security Advisory 3621-1 - A vulnerability was discovered in mysql-connector-java, a Java database (JDBC) driver for MySQL, which may result in unauthorized update, insert or delete access to some MySQL Connectors accessible data as well as read access to a subset of MySQL Connectors accessible data. The vulnerability was addressed by upgrading mysql-connector-java to the new upstream version 5.1.39, which includes additional changes, such as bug fixes, new features, and possibly incompatible changes.
50e10d38c3a83eef01688935a8575bd4219f7fbd2d682f2937b749a2ed5fba3eRed Hat Security Advisory 2016-1430-01 - IBM Java SE version 7 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 7 to versions 7 SR9-FP40 and 7R1 SR3-FP40. Security Fix: This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.
2e0dead1b133f8a72d51a82a75b7622573a3e29ce6a7ae5ab0f9a63e34cd23a3Debian Linux Security Advisory 3620-1 - Yves Younan of Cisco Talos discovered several vulnerabilities in the MXit protocol support in pidgin, a multi-protocol instant messaging client. A remote attacker can take advantage of these flaws to cause a denial of service (application crash), overwrite files, information disclosure, or potentially to execute arbitrary code.
d90effb448b50288f53be7ccd3c3b9c1a05aba6fa608eaa71df88a26c8d7a457Debian Linux Security Advisory 3619-1 - Several vulnerabilities were discovered in libgd2, a library for programmatic graphics creation and manipulation. A remote attacker can take advantage of these flaws to cause a denial-of-service against an application using the libgd2 library (application crash), or potentially to execute arbitrary code with the privileges of the user running the application.
3ab1c0b1ddecf980dd4d33f7d66025e28859df01864ca2ce789d9500ed6dfbaeHP Security Bulletin HPSBMU03562 3 - A vulnerability in Apache Commons Collections for handling Java object deserialization was addressed by HPE Service Manager. The vulnerability could be exploited remotely to allow remote code execution. Revision 3 of this advisory.
eed9f65b9705737625677d7e690f7560a269ccc0e480bfd90248f7ddbb67a48fThe installer for VeraCrypt version 1.17 suffers from a dll hijacking vulnerability.
da2330e7ad3228c7507f3b754b72ba7cabcaa6c3591eeffcfa8f7886bc98e2c5Ubuntu Security Notice 3036-1 - Jan Stancek discovered that the Linux kernel's memory manager did not properly handle moving pages mapped by the asynchronous I/O ring buffer to the other nodes. A local attacker could use this to cause a denial of service.
987996d50111f1e90bef56cc6f3703917698982046b4a83a277036387364969cUbuntu Security Notice 3035-3 - USN-3035-1 fixed vulnerabilities in the Linux kernel for Ubuntu 15.10. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 15.10 for Ubuntu 14.04 LTS. Jan Stancek discovered that the Linux kernel's memory manager did not properly handle moving pages mapped by the asynchronous I/O ring buffer to the other nodes. A local attacker could use this to cause a denial of service. Various other issues were also addressed.
57ff40590238737da5362d1fd140c81b6c1c9da6c9f9af9d9ebfeade0ca8912bUbuntu Security Notice 3037-1 - Jan Stancek discovered that the Linux kernel's memory manager did not properly handle moving pages mapped by the asynchronous I/O ring buffer to the other nodes. A local attacker could use this to cause a denial of service.
2f144f5fd44112cdd1b33be4564375962d2c7c6a893e9bc5a5acab0ea53995f6Ubuntu Security Notice 3032-1 - It was discovered that eCryptfs incorrectly configured the encrypted swap partition for certain drive types. An attacker could use this issue to discover sensitive information.
d619162dce696606c763e842f11ce33693d90609c7c5bf28b3a9d9a0ef63cb68Red Hat Security Advisory 2016-1428-01 - Red Hat JBoss BRMS is a business rules management system for the management, storage, creation, modification, and deployment of JBoss Rules. Security Fix: A security flaw was found in the way Dashbuilder performed SQL datasets lookup requests in the Data Set Authoring UI or the Displayer editor UI. A remote attacker could use this flaw to conduct SQL injection attacks via specially-crafted string filter parameter. This issue was discovered by David Gutierrez .
0b5091211c52d0dbb196bcf103d460df18ea13e04290b1645a58a1735494e94cRed Hat Security Advisory 2016-1429-01 - Red Hat JBoss BPM Suite is a business rules and processes management system for the management, storage, creation, modification, and deployment of JBoss rules and BPMN2-compliant business processes. Security Fix: A security flaw was found in the way Dashbuilder performed SQL datasets lookup requests in the Data Set Authoring UI or the Displayer editor UI. A remote attacker could use this flaw to conduct SQL injection attacks via specially-crafted string filter parameter.
0f36afb3eaec29b351e9e6b93d7fb5e04e0a246c5030d2eb0677558718a4c80bRed Hat Security Advisory 2016-1427-01 - OpenShift Enterprise by Red Hat is the company's cloud computing Platform-as-a-Service solution designed for on-premise or private cloud deployments. Security Fix: The Kubernetes API server contains a watch cache that speeds up performance. Due to an input validation error OpenShift Enterprise may return data for other users and projects when queried by a user. An attacker with knowledge of other project names could use this vulnerability to view their information.
609259b677d2d1290bf92ab59f9f7e371ac8218db4e593ac576bbfc0cd33fafdUbuntu Security Notice 3033-1 - Hanno Boeck discovered that libarchive contained multiple security issues when processing certain malformed archive files. A remote attacker could use this issue to cause libarchive to crash, resulting in a denial of service, or possibly execute arbitrary code. Marcin "Icewall" Noga discovered that libarchive contained multiple security issues when processing certain malformed archive files. A remote attacker could use this issue to cause libarchive to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.
20397b68c196f08762e206ddfee872c463277203d02a0239edab2890f6948681Red Hat Security Advisory 2016-1425-01 - Nginx is a web and proxy server with a focus on high concurrency, performance, and low memory usage. The following packages have been upgraded to a newer upstream version: rh-nginx18-nginx. Security Fix: A NULL pointer dereference flaw was found in the nginx code responsible for saving client request body to a temporary file. A remote attacker could send a specially crafted request that would cause nginx worker process to crash.
9fcd8d112d10abaef25aeda680eb55de09f14a8ddc7a322ba0951f7a1c8d2fc6SAP NetWeaver Enqueue Server version 7.4 suffers from a denial of service vulnerability.
99a16a30bd31df9bdc036bd0035a07a2d7a2e3eb036b6050b71e1fd2acb89ff1Ubuntu Security Notice 3035-2 - Jan Stancek discovered that the Linux kernel's memory manager did not properly handle moving pages mapped by the asynchronous I/O ring buffer to the other nodes. A local attacker could use this to cause a denial of service.
f7652dd208ef24f0a219052437c7c7b07779332917aa7e9a440e0ef65a787d42Ubuntu Security Notice 3035-1 - Jan Stancek discovered that the Linux kernel's memory manager did not properly handle moving pages mapped by the asynchronous I/O ring buffer to the other nodes. A local attacker could use this to cause a denial of service.
65ab0ff000143d02fb5fc13e75b5b9e3d9e743eb36f2c7bbe90911535c33e824
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed