Ubuntu Security Notice 3034-2 - USN-3034-1 fixed a vulnerability in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 LTS. Jan Stancek discovered that the Linux kernel's memory manager did not properly handle moving pages mapped by the asynchronous I/O ring buffer to the other nodes. A local attacker could use this to cause a denial of service. Various other issues were also addressed.
628f50c8daf08a5c72f1e31d1cb5432246b54c7d2a0d1d13acb505d93aced5f3
Ubuntu Security Notice 3034-1 - Jan Stancek discovered that the Linux kernel's memory manager did not properly handle moving pages mapped by the asynchronous I/O ring buffer to the other nodes. A local attacker could use this to cause a denial of service.
f938a923e862875550071342ec8eb3ba012f2edcdcbff37230b39fbe17df7068
Red Hat Security Advisory 2016-1423-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update upgrades Flash Player to version 11.2.202.632. Security Fix: This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities, detailed in the Adobe Security Bulletin listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to crash, execute arbitrary code, or disclose sensitive information when the victim loaded a page containing the malicious SWF content.
9f4c4559dcc06b30ea7338671d732f696623ebe9e897337ee5a38a3ddeba841d
Gentoo Linux Security Advisory 201607-3 - Multiple vulnerabilities have been found in Adobe Flash Player, the worst of which allows remote attackers to execute arbitrary code. Versions less than 11.2.202.632 are affected.
0ced70ce46c6bc69a8de361251892d7f727488e726c52bdd9e961f23649e5d8c
Red Hat Security Advisory 2016-1424-01 - Red Hat JBoss Fuse, based on Apache ServiceMix, provides a small-footprint, flexible, open source enterprise service bus and integration platform. Red Hat JBoss A-MQ, based on Apache ActiveMQ, is a standards compliant messaging system that is tailored for use in mission critical applications. This patch is an update to Red Hat JBoss Fuse 6.2.1 and Red Hat JBoss A-MQ 6.2.1. It includes several bug fixes, which are documented in the readme.txt file included with the patch files. It was reported that the web based administration console does not set the X-Frame-Options header in HTTP responses. This allows the console to be embedded in a frame or iframe which could then be used to cause a user to perform an unintended action in the console. It was found that Apache Active MQ administration web console did not validate input correctly when creating a queue. An authenticated attacker could exploit this flaw via cross-site scripting and use it to access sensitive information or further attacks.
1f8ef5e671baaab7e8547e070bffdc69105dac1529159adb5f0b5131fa269819
Cisco Security Advisory - A vulnerability in the management of system timer resources in Cisco IOS XR for Cisco Network Convergence System 6000 (NCS 6000) Series Routers could allow an unauthenticated, remote attacker to cause a leak of system timer resources, leading to a nonoperational state and an eventual reload of the Route Processor (RP) on the affected platform. The vulnerability is due to improper management of system timer resources. An attacker could exploit this vulnerability by sending a number of Secure Shell (SSH), Secure Copy Protocol (SCP), and Secure FTP (SFTP) management connections to an affected device. An exploit could allow the attacker to cause a leak of system timer resources, leading to a nonoperational state and an eventual reload of the RP on the affected platform. Cisco has released software updates that address this vulnerability. There are no workarounds that mitigate this vulnerability.
d2a2fb27fa8069e1f32a27a53e552ca35bbb07276c635891d08f5591239efdb9
RootExplorer is a rooted Android App aimed to ultimately control file operations on an Android device. Unfortunately, RootExplorer tries to download an external busybox from plain a HTTP website, which might cause rooted remote code execution.
198bffa368d070bf6edcd0638d73b7f559980f3f73607c0265ebe726b5beffb2
The executable installers of Adobe Flash Player released on 2016-06-15 fixed CVE-2016-1014 in the second attempt, but another vulnerability remained allowing for fpb.tmp to be executed with elevated privileges.
7fce869dc5cc72a56c6ca8e37ed36104181ea7438b19857348e8d22068b38b07
Red Hat Security Advisory 2016-1406-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: A flaw was found in the way certain interfaces of the Linux kernel's Infiniband subsystem used write() as bi-directional ioctl() replacement, which could lead to insufficient memory security checks when being invoked using the the splice() system call. A local unprivileged user on a system with either Infiniband hardware present or RDMA Userspace Connection Manager Access module explicitly loaded, could use this flaw to escalate their privileges on the system.
057f7af5bbf54d587d8e3a6be782dd96558535d3a764714edd25ccecbe607197
This bulletin summary lists eleven released Microsoft security bulletins for July, 2016.
f750a936dc3bcaba88af328808557515c3a38de1a59a36d5267752863be94f38
Ubuntu Security Notice 3031-1 - Yves Younan discovered that Pidgin contained multiple issues in the MXit protocol support. A remote attacker could use this issue to cause Pidgin to crash, resulting in a denial of service, or possibly execute arbitrary code.
f3417c57f20dcf30f4fa9223c6a8778e3db397f99457e4d89acee5fceeea9e5c
Red Hat Security Advisory 2016-1395-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security fix: A flaw was discovered in the way the Linux kernel's TTY subsystem handled the tty shutdown phase. A local, unprivileged user could use this flaw to cause denial of service on the system by holding a reference to the ldisc lock during tty shutdown, causing a deadlock.
cc677eb8da4ca58135bb72972f0515d5256d313ad0931650e96b454e928c2332
HP Security Bulletin HPSBHF03608 1 - A vulnerability in Apache Commons Collections (ACC) for handling Java object deserialization was addressed by HPE iMC PLAT and other network products. The vulnerability could be exploited remotely to allow execution of arbitrary code. Revision 1 of this advisory.
a4f731c6afd9d8b0d771afec7e5598fde89d382f0e5d637587497d7a2efe4e3f
Ubuntu Security Notice 3029-1 - Tyson Smith and Jed Davis discovered that NSS incorrectly handled memory. A remote attacker could use this issue to cause NSS to crash, resulting in a denial of service, or possibly execute arbitrary code. This update refreshes the NSS package to version 3.23 which includes the latest CA certificate bundle. As a security improvement, this update also modifies NSS behaviour to reject DH key sizes below 1024 bits, preventing a possible downgrade attack. Various other issues were also addressed.
6e601ccd1ee83f0d499b744c4b1829d9d494088ab8da32987ec0617887d2186f
Ubuntu Security Notice 3030-1 - It was discovered that the GD library incorrectly handled memory when using gdImageScaleTwoPass(). A remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS. It was discovered that the GD library incorrectly handled certain malformed XBM images. If a user or automated system were tricked into processing a specially crafted XBM image, an attacker could cause a denial of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu 15.10 and Ubuntu 16.04 LTS. Various other issues were also addressed.
adc630ed03e8562917c9a2cb01fe5bb9be41e5ce50a6e10a8fe9950508867dec
Ubuntu Security Notice 3028-1 - It was discovered that NSPR incorrectly handled memory allocation. A remote attacker could use this issue to cause NSPR to crash, resulting in a denial of service, or possibly execute arbitrary code.
5756a57228bcb3184a06152b3f6d61b0bfe18c1751779fae6f150510dbf8fd57
Red Hat Security Advisory 2016-1392-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 45.2.0. Security Fix: Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird.
591efa83c0955a542504cbb702a0469fa8d8cf263b41605c6b0c60794508780d
Gentoo Linux Security Advisory 201607-2 - Multiple vulnerabilities have been found in libpcre, the worst of which could lead to arbitrary code execution, or cause a Denial of Service condition. Versions less than 8.38-r1 are affected.
610bc68fe418743a268ef53de8330b101b2d1f80475dba23ecbd24b775cb2ca7
Gentoo Linux Security Advisory 201607-1 - Multiple vulnerabilities have been found in Squid, the worst of which could lead to arbitrary code execution, or cause a Denial of Service condition. Versions less than 3.5.19 are affected.
f3ed5792a89c6aee3d29169c951a32dfbcc2492998847681a69bf92922eb71d4
HP Security Bulletin HPSBGN03628 1 - Security vulnerabilities in the libXML2 library could potentially impact HPE IceWall Federation Agent resulting in Remote Denial of Service (DoS), or unauthorized modification, or unauthorized disclosure of information. Revision 1 of this advisory.
bf4f6cf115d8b52476b924e17a4fd8b3cb9956dc7a8071d968df7ab5ed4d6413
Slackware Security Advisory - New samba packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.
a4a3a70ca1a42d644725180603d6190f620e2f0a99df1f407422a09ba95ae5b8
Red Hat Security Advisory 2016-1389-01 - Red Hat JBoss Fuse Service Works is the next-generation ESB and business process automation infrastructure. Security Fix: It was found that JGroups did not require necessary headers for encrypt and auth protocols from new nodes joining the cluster. An attacker could use this flaw to bypass security restrictions, and use this vulnerability to send and receive messages within the cluster, leading to information disclosure, message spoofing, or further possible attacks.
f05ec9ea3d4dc3e3055033295c344bb9d2dc552b43e24e35e46ae6f202af6589
Debian Linux Security Advisory 3617-1 - Two cross-site scripting vulnerabilities have been found in Horizon, a web application to control an OpenStack cloud.
ff5d05de30969f8247dff1dd319c8e30c8f2713213ce4eb2822bf55525cb0d50
Ubuntu Security Notice 3027-1 - It was discovered that the Tomcat Fileupload library incorrectly handled certain upload requests. A remote attacker could possibly use this issue to cause a denial of service.
98eaa175de2c312c0bf47773278a5a08d83e1d05406d0b4248018d81adb54786
EMC Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) have released a fix for a vulnerability that may potentially lead to denial of service and data disclosure. When restoring backups of Linux Avamar clients using the web restore interface, a malicious Avamar Client user may read and/or delete critical directories on the Avamar Server. This may lead to a denial-of-service attack on the Avamar Server, or unauthorized access to Avamar Server data by the malicious Avamar Client user. All supported versions prior to 7.3.0 of EMC Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) are affected.
572a5c2a703d7f692f7e1966646f0725a31f3596c40aa8ddb112bc055aaa002c