Debian Linux Security Advisory 3673-1 - Several vulnerabilities were discovered in OpenSSL.
097e35417672fd244d49ec1b5ad7ea3269ba4b14b613ec4f5f3f90843c6baef7
Ubuntu Security Notice 3076-1 - Atte Kettunen discovered an out-of-bounds read when handling certain Content Security Policy directives in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash. Christoph Diehl, Christian Holler, Gary Kwong, Nathan Froyd, Honza Bambas, Seth Fowler, Michael Smith, Andrew McCreight, Dan Minor, Byron Campen, Jon Coppeard, Steve Fink, Tyson Smith, and Carsten Book discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code. Various other issues were also addressed.
a176f5668e49d8890e407bdb612c94f7ed9a0baff2d6296e635a3a8bdc5f753b
OpenSSL Security Advisory 20160922 - A malicious client can send an excessively large OCSP Status Request extension. If that client continually requests renegotiation, sending a large OCSP Status Request extension each time, then there will be unbounded memory growth on the server. This will eventually lead to a Denial Of Service attack through memory exhaustion. Servers with a default configuration are vulnerable even if they do not support OCSP. Builds using the "no-ocsp" build time option are not affected. Other issues were also addressed.
a53149075294f036c481adb55b177d02ac0016e0b66f800b8c0c0007205c8169
Red Hat Security Advisory 2016-1929-01 - The Red Hat Virtualization Manager is a centralized management platform that allows system administrators to view and manage virtual machines. The Manager provides a comprehensive range of features including search capabilities, resource management, live migrations, and virtual infrastructure provisioning. The Manager is a JBoss Application Server application that provides several interfaces through which the virtual environment can be accessed and interacted with, including an Administration Portal, a User Portal, and a Representational State Transfer Application Programming Interface.
3ee538c0aaa549ab5d18246c3c4622ad49709868320fe43f9a88a24749885c98
Ubuntu Security Notice 3086-1 - Gabriel Campana and Adrien Guinet discovered that the format parsing code in Irssi did not properly verify 24bit color codes. A remote attacker could use this to cause a denial of service. Gabriel Campana and Adrien Guinet discovered that a buffer overflow existed in the format parsing code in Irssi. A remote attacker could use this to cause a denial of service.
15c90ebd3e904029fba9881f6dbc8e9e6a410f30e6186de1df8a56ae608cbde0
Cisco Security Advisory - A vulnerability in the web interface of Cisco Cloud Services Platform (CSP) 2100 could allow an unauthenticated, remote attacker to execute arbitrary code on a targeted system. The vulnerability is due to insufficient sanitization of specific values received as part of a user-supplied HTTP request. An attacker could exploit this vulnerability by sending a malicious dnslookup request to the affected system. An exploit could allow the attacker to execute arbitrary code with the privileges of the user. Cisco has released software updates that address this vulnerability. Workarounds that address this vulnerability are not available.
8731cd1cbf84584d77f464395b046f1d584283f6f275720ace0f5a8b16adcab6
Cisco Security Advisory - A vulnerability in the web-based GUI of the Cisco Cloud Services Platform 2100 could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system with the privileges of the root user. The vulnerability is due to insufficient sanitization of user-supplied input. An attacker could exploit this vulnerability by authenticating to the affected system with administrative privileges and inserting arbitrary commands. An exploit could allow the attacker to execute arbitrary commands on the host operating system with the privileges of root. Cisco has released software updates that address this vulnerability. Workarounds that address this vulnerability are not available.
9343f1c17b903b45ca82ec6c8055e965ee0f731450cf9f75d4a416d56862d7da
Red Hat Security Advisory 2016-1912-01 - Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.4.0 ESR. Security Fix: Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox.
467f9f0c4185f7eeab096f04d27efb9531ee7b702be7fa9ed85b474eff19cb04
Debian Linux Security Advisory 3672-1 - Gabriel Campana and Adrien Guinet from Quarkslab discovered two remotely exploitable crash and heap corruption vulnerabilities in the format parsing code in Irssi, a terminal based IRC client.
97008b1a02dd2b486695cfe1a1215f3399c3acbc97833e9d306ee3feeff887b7
Slackware Security Advisory - New pidgin packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix security issues.
11a9518b5c9052a5c0386685348fd032806bb820a88ab46029ed0344e430a847
HP Security Bulletin HPSBGN03645 2 - Potential vulnerabilities have been identified in HPE Helion OpenStack Glance. The vulnerabilities can be remotely exploited to allow access restriction bypass and unauthorized access. A malicious tenant is able to reuse deleted Glance image IDs to share malicious images with other tenants in a manner that is undetectable to the victim tenant if the Helion OpenStack administrators have both: 1. Edited the policy.json file to allow non-admin tenants to share images with other tenants or edited policy.json to allow non-admin tenants to create public images. 2. Deleted image IDs from the Glance database, either manually or using the purge tool ("glance-manage db purge"). Revision 2 of this advisory.
93d9fa4e73c175cadb2970de87cb2c96d44f75b9068aac11b3f186bfbd90da53
HP Security Bulletin HPSBHF03646 1 - Potential security vulnerabilities in NTP have been addressed with HPE Comware 7 (CW7) network products. The vulnerabilities could be exploited remotely resulting in Denial of Service (DoS) or other impacts affecting integrity. Revision 1 of this advisory.
3e4a383f81b8f831a71fee10d049a8ec3ad082e9cef8cad751135dbe0d5d3940
Slackware Security Advisory - New irssi packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix security issues.
303b6bba1b501ca9e9e84c69a28b9a43e05ddfb990b6c0ec607fdf281c521f32
Ubuntu Security Notice 3085-1 - It was discovered that the GDK-PixBuf library did not properly handle specially crafted bmp images, leading to a heap-based buffer overflow. If a user or automated system were tricked into opening a specially crafted bmp file, a remote attacker could use this flaw to cause GDK-PixBuf to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. It was discovered that the GDK-PixBuf library contained an integer overflow when handling certain images. If a user or automated system were tricked into opening a crafted image file, a remote attacker could use this flaw to cause GDK-PixBuf to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. Various other issues were also addressed.
b035e6e2ba842dd98dff4d0e3bbbd7aa7e279b8f19c65c0078a8767cabf4b05d
Apple Security Advisory 2016-09-20-6 - The tvOS 10 advisory has been released to describe issues relating to memory corruption, code execution, and more.
ab45f96469bc940b0ae9cf0757fe1cbccc4121a9a24ef6478e6e25e9f26ebe40
Apple Security Advisory 2016-09-20-3 - The iOS 10 advisory has been updated to include additional findings. These relate to code execution and more.
d7c5222827e5b762f68b16f83c6d5772f01a5ec22554d1e95d15cfb70a475b92
Apple Security Advisory 2016-09-20-5 - The watchOS 3 advisory has been updated to include issues with memory corruption, code execution, and more.
b4178122754562f16bede517a37955bd8c45cf983af2709534a5d5f5758d03bf
Apple Security Advisory 2016-09-20-2 - Safari 10 is now available and addresses cross site scripting, code execution, and various other vulnerabilities.
daeb78f2f19a0b087c8b54b75d376b8784707893088600958c2bcbc09d2ff8eb
Apple Security Advisory 2016-09-20-4 - macOS Server 5.2 is now available and addresses traffic proxying and RC4 vulnerabilities.
5b04ba2e45a915fdfa8a0e25e23b4e659c8ab903236abadfa9c4091a50f306fd
RSA Adaptive Authentication (On-Premise) versions prior to 7.3 suffer from a cross site scripting vulnerability.
9b9d9ad7000e79356d1fdd0899298d667e8807d93cb41fbefad8f56aaa24e355
Joomla versions 3.6.2 and below stored the session ID of a user in clear text on the backend.
149890b803e4ae86c47470d868985f400af66af62a7635a270d544a80c655ca2
SMB implementations in EMC Celerra, VNX1, VNX2 and VNXe are affected by an NTLM authentication weak nonce vulnerability that could potentially be exploited by malicious users to compromise the affected system. EMC VNX2 File OE versions prior to 8.1.9.155, EMC VNX1 File OE versions prior to 7.1.80.3, and all supported versions of EMC VNXe and EMC Celerra are affected.
08ed8e4a761485bceed652d21bc81e6e6db8c003e56286859791cdecfbecddeb
Ubuntu Security Notice 3084-4 - Pengfei Wang discovered a race condition in the audit subsystem in the Linux kernel. A local attacker could use this to corrupt audit logs or disrupt system-call auditing. It was discovered that the powerpc and powerpc64 hypervisor-mode KVM implementation in the Linux kernel for did not properly maintain state about transactional memory. An unprivileged attacker in a guest could cause a denial of service in the host OS. Various other issues were also addressed.
3c2fbb7ec5c9ed6f368b4db7d0df2b27e18e1ee5e86cfdd96175561cf787c59c
Ubuntu Security Notice 3084-3 - Pengfei Wang discovered a race condition in the audit subsystem in the Linux kernel. A local attacker could use this to corrupt audit logs or disrupt system-call auditing. It was discovered that the powerpc and powerpc64 hypervisor-mode KVM implementation in the Linux kernel for did not properly maintain state about transactional memory. An unprivileged attacker in a guest could cause a denial of service in the host OS. Various other issues were also addressed.
b1527fd478908508ae69451d220c65cad25079f213acdfc0704d763143b2bf13
Ubuntu Security Notice 3084-2 - USN-3084-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. Pengfei Wang discovered a race condition in the audit subsystem in the Linux kernel. A local attacker could use this to corrupt audit logs or disrupt system-call auditing. Various other issues were also addressed.
d6dd8214eb90ce6f3ecb544516d1c2c9da3a9a47fcaecf9f470de1dad4cd6f92