Red Hat Security Advisory 2016-1649-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector, JBoss HTTP Connector, Hibernate, and the Tomcat Native library. This release serves as a replacement for Red Hat JBoss Web Server 2.1.0, and includes several bug fixes.
6f912c3eac60b24e5fcc49c83f0bc9b2f7d63a1d9a3b172fda35193e1fba6f6f
Red Hat Security Advisory 2016-1648-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector, JBoss HTTP Connector, Hibernate, and the Tomcat Native library. This release serves as a replacement for Red Hat JBoss Web Server 2.1.0, and includes several bug fixes.
0fbbe7de26ce0f8882caf38888994f49325573c52f60f9e0cd5197f1f5fc4906
HP Security Bulletin HPSBNS03635 1 - Multiple potential remote and local vulnerabilities impacting Perl and PHP have been addressed by HPE NonStop Servers OSS Script Languages. The vulnerabilities include Perl's opportunistic loading of optional modules which might allow local users to gain elevation of privilege via a Trojan horse library under the current working directory. Revision 1 of this advisory.
d61092f8531c4cfe3e647e6a78dff740f1529c96097e41b94e0050770ca40436
SAP HANA SPS09 version 1.00.091.00.1418659308 suffers from an information disclosure vulnerability in EXPORT.
4a5f8342b24325e43b5343b266af9c9b8acc91107d4a6b28357e158112cec19f
Red Hat Security Advisory 2016-1635-01 - This release of Red Hat JBoss Web Server 3.0.3 Service Pack 1 serves as a update for Red Hat JBoss Web Server 3.0.3 httpd and tomcat. Security Fix: It was discovered that httpd used the value of the Proxy header from HTTP requests to initialize the HTTP_PROXY environment variable for CGI scripts, which in turn was incorrectly used by certain HTTP client implementations to configure the proxy for outgoing HTTP requests. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a CGI script to an attacker-controlled proxy via a malicious HTTP request.
963cfb244690288486e0e38ba4462baa8b1b20489ef0ee36f41737f89c6345c3
Red Hat Security Advisory 2016-1626-01 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix: It was discovered that the Python CGIHandler class did not properly protect against the HTTP_PROXY variable name clash in a CGI context. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a Python CGI script to an attacker-controlled proxy via a malicious HTTP request.
59832f0ef5b0e7d25cc0e42ed1a2d602b10675fafff5582e3d4d82acaa1630db
Ubuntu Security Notice 3064-1 - Felix Doerre and Vladimir Klebanov discovered that GnuPG incorrectly handled mixing functions in the random number generator. An attacker able to obtain 4640 bits from the RNG can trivially predict the next 160 bits of output.
32f0380e387cc522e4861cb3c5789969e6795c00bc238ae1cf1d227ac0f155b5
Ubuntu Security Notice 3065-1 - Felix Doerre and Vladimir Klebanov discovered that Libgcrypt incorrectly handled mixing functions in the random number generator. An attacker able to obtain 4640 bits from the RNG can trivially predict the next 160 bits of output.
c98949d4841a7c0c1b1da172bfff40d4fc7c110ecdd4cc157730bdce69120e13
Red Hat Security Advisory 2016-1640-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: A flaw was found in the way certain interfaces of the Linux kernel's Infiniband subsystem used write() as bi-directional ioctl() replacement, which could lead to insufficient memory security checks when being invoked using the splice() system call. A local unprivileged user on a system with either Infiniband hardware present or RDMA Userspace Connection Manager Access module explicitly loaded, could use this flaw to escalate their privileges on the system.
1de719cd6fc587e6d063f3975069f4d5b2166065f3c36d2fef48656b4bd3d57e
Ubuntu Security Notice 3066-1 - Heikki Linnakangas discovered that PostgreSQL incorrectly handled certain nested CASE/WHEN expressions. A remote attacker could possibly use this issue to cause PostgreSQL to crash, resulting in a denial of service. Nathan Bossart discovered that PostgreSQL incorrectly handled special characters in database and role names. A remote attacker could possibly use this issue to escalate privileges. Various other issues were also addressed.
631180ab4ac8959cbc1fc2b1f193d4d9ef8f6361d6b3551a0853508b741abaf4
Red Hat Security Advisory 2016-1629-01 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix: It was discovered that the Python CGIHandler class did not properly protect against the HTTP_PROXY variable name clash in a CGI context. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a Python CGI script to an attacker-controlled proxy via a malicious HTTP request.
42f63709cdc426d53ba678546864ccd0150aed8af3e1125ccf6b7b6fe02f8fed
Red Hat Security Advisory 2016-1628-01 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix: It was discovered that the Python CGIHandler class did not properly protect against the HTTP_PROXY variable name clash in a CGI context. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a Python CGI script to an attacker-controlled proxy via a malicious HTTP request.
cc1af3585f2ebb1a417bdba63309cbf5ceed1cb49451a3582f4fbef80523f824
Red Hat Security Advisory 2016-1631-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. It was found that the RFC 5961 challenge ACK rate limiting as implemented in the Linux kernel's networking subsystem allowed an off-path attacker to leak certain information about a given connection by creating congestion on the global challenge ACK rate limit counter and then measuring the changes by probing packets. An off-path attacker could use this flaw to either terminate TCP connection and/or inject payload into non-secured TCP connection between two endpoints on the network.
a869fc76b055e377510ce13c31d628e026b50c3ca981408ba82ff4baa52d68d9
Red Hat Security Advisory 2016-1637-01 - MariaDB is a multi-user, multi-threaded SQL database server. For all practical purposes, MariaDB is binary-compatible with MySQL. The following packages have been upgraded to a newer upstream version: rh-mariadb101-mariadb. Security Fix: This update fixes several vulnerabilities in the MariaDB database server.
6231f8598cda355bee883fd946449c0949ff35855581854c79ecf3983f4ce3c0
Red Hat Security Advisory 2016-1630-01 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix: It was discovered that the Python CGIHandler class did not properly protect against the HTTP_PROXY variable name clash in a CGI context. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a Python CGI script to an attacker-controlled proxy via a malicious HTTP request.
5a98207961643a1b29d4f993a812641d0ee696c8fb2b61b6d942c9ba6e9c483e
Red Hat Security Advisory 2016-1627-01 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix: It was discovered that the Python CGIHandler class did not properly protect against the HTTP_PROXY variable name clash in a CGI context. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a Python CGI script to an attacker-controlled proxy via a malicious HTTP request.
2e962602fc5dad5bbc07f5853debe1e82ec5ec1551dff8becbfbd419f0bbad66
Red Hat Security Advisory 2016-1634-02 - Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller framework for web application development. Action Pack implements the controller and the view components. Security Fix: It was found that the CloudForms web UI did not properly filter input in certain fields. A remote, authenticated attacker could use this flaw to execute arbitrary code on the system running CloudForms.
a0e74ea03e42d3d47a5568a6b9ce34190bfaefa720af6afb68b1c088099fa287
Red Hat Security Advisory 2016-1633-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. It was found that the RFC 5961 challenge ACK rate limiting as implemented in the Linux kernel's networking subsystem allowed an off-path attacker to leak certain information about a given connection by creating congestion on the global challenge ACK rate limit counter and then measuring the changes by probing packets. An off-path attacker could use this flaw to either terminate TCP connection and/or inject payload into non-secured TCP connection between two endpoints on the network.
76e8269f2ffea4406d6a46faca836f6cf6a3366b59719c43dab6771962c84226
Red Hat Security Advisory 2016-1636-01 - This release of Red Hat JBoss Web Server 3.0.3 Service Pack 1 serves as a update for Red Hat JBoss Web Server 3.0.3 httpd and tomcat. Security Fix: It was discovered that httpd used the value of the Proxy header from HTTP requests to initialize the HTTP_PROXY environment variable for CGI scripts, which in turn was incorrectly used by certain HTTP client implementations to configure the proxy for outgoing HTTP requests. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a CGI script to an attacker-controlled proxy via a malicious HTTP request.
d6555b0c5e1cb5b88fa68681422fe8721a8b25b9cd13f4884507fe2d4101c095
Red Hat Security Advisory 2016-1632-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. It was found that the RFC 5961 challenge ACK rate limiting as implemented in the Linux kernel's networking subsystem allowed an off-path attacker to leak certain information about a given connection by creating congestion on the global challenge ACK rate limit counter and then measuring the changes by probing packets. An off-path attacker could use this flaw to either terminate TCP connection and/or inject payload into non-secured TCP connection between two endpoints on the network.
53ce3406a7c473638621aaebd562708e9cad26efd134e6eae0d57abd91ca5b7b
An error in the implementation results in no authentication/encryption being done for tenants services in "high isolation" mode on SAP HANA DB.
c6551122b9fa4cbc6499321204eb298ebec9e485d4e308ec1c7723979c014023
Under certain conditions a remote authenticated attacker with IMPORT system privileges could potentially execute arbitrary code on SAP HANA DB version 1.00.73.00.389160.
837a43738fa05ae4c66c0884d724e8afff46e553af7b6eed1b6a5848bf68571e
SAP TREX version 7.10 revision 63 suffers from a remote command execution vulnerability.
0819be6c462080645727510772e93d336c75a8827da0a93033522577a8a61c8c
SAP TREX version 7.10 revision 63 suffers from a TNS information disclosure vulnerability in NameServer.
7b9adee861d5e668126c4a179eb39eaad2ab92fa481b23b056ff2cb62d5297a1
SAP HANA DB version 1.00.091.00.1418659308 suffers from a user information disclosure vulnerability.
bdc9caa13cd84ad00e89d70d09818e47227a940de378774fee051e8ed6f20745