Red Hat Security Advisory 2016-2131-01 - MariaDB is a multi-user, multi-threaded SQL database server. For all practical purposes, MariaDB is binary-compatible with MySQL. The following packages have been upgraded to a newer upstream version: mariadb55-mariadb. Security Fix: It was discovered that the MariaDB logging functionality allowed writing to MariaDB configuration files. An administrative database user, or a database user with FILE privileges, could possibly use this flaw to run arbitrary commands with root privileges on the system running the database server.
e0d4017aacc635d92ac81e00a91de05fc52686499e7f45be1d6e5caccce336c2Red Hat Security Advisory 2016-2130-01 - MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon, mysqld, and many client programs. The following packages have been upgraded to a newer upstream version: mysql55-mysql. Security Fix: It was discovered that the MySQL logging functionality allowed writing to MySQL configuration files. An administrative database user, or a database user with FILE privileges, could possibly use this flaw to run arbitrary commands with root privileges on the system running the database server.
03b624cce91b1d69085d50e89a4e1be58cfa8a759a1b0832a830b379c914eadbRed Hat Security Advisory 2016-2128-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: A flaw was found in the Linux kernel's keyring handling code: the key_reject_and_link() function could be forced to free an arbitrary memory block. An attacker could use this flaw to trigger a use-after-free condition on the system, potentially allowing for privilege escalation.
064109d1f9097273e59a95ac536bdb2ed8465248b5e65eb33343f64e67309daaRed Hat Security Advisory 2016-2127-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write breakage of private read-only memory mappings. An unprivileged, local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system.
c0736d65532e494126ea50be535fdef4dfabaa7b03a6ca23838cc7f02d9865d4Red Hat Security Advisory 2016-2126-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write breakage of private read-only memory mappings. An unprivileged, local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system.
f09a78e152c6c812ade2dfbb919a30d1f96f9f106801e89893520c4241892d11This advisory discloses a critical severity security vulnerability which was introduced in version 1.4.1 of Crowd. Versions of Crowd starting with 1.4.1 before 2.8.8 (the fixed version for 2.8.x) and from 2.9.0 before 2.9.5 (the fixed version for 2.9.x) are affected by this vulnerability. The Crowd LDAP directory connector allowed an attacker to gain remote code execution in Crowd by injecting malicious attributes in LDAP entries.
00e91976667b938daa14e3aa6743fb0498e57d84e1eb456c7cb1f29f942fcf81Debian Linux Security Advisory 3691-2 - The update for ghostscript issued as DSA-3691-1 caused regressions for certain Postscript document viewers (evince, zathura). Updated packages are now available to address this problem.
bf9ecded2517b9f70685b5a6c8769f95d5d255e233f8c459042e69a9ec20904dGentoo Linux Security Advisory 201610-11 - Multiple vulnerabilities have been found in Wget, the worst of which could lead to the remote execution of arbitrary code. Versions less than 1.18 are affected.
fe8f321799648fd7117d0c42050293a7b7f3f611b64a3ef20bfd07261e897964Gentoo Linux Security Advisory 201610-10 - Multiple vulnerabilities have been found in Adobe Flash Player, the worst of which allows remote attackers to execute arbitrary code. Versions less than 23.0.0.205 are affected.
d39c84f97fa4297c5874418e8f05337a85e75281733dc564c0a9e2b478143b2aGentoo Linux Security Advisory 201610-9 - Multiple vulnerabilities have been found in the Chromium web browser, the worst of which allows remote attackers to execute arbitrary code. Versions less than 54.0.2840.59 are affected.
ad761228304f4fe9f8b6ce1842cf6603b66fd22ae641b2101ff84d93f1db9fcfA logic issue in launchd message requeuing allows arbitrary mach message control. Mac OS X version 10.11.6 is affected.
0c4a95bb9942e2aa50c7ff4c3ea1baae30e2d99475cd575f65c1e1f70c6285a5Debian Linux Security Advisory 3701-2 - The update for nginx issued as DSA-3701-1 to address CVE-2016-1247 introduced a packaging issue, which prevents nginx from being reinstalled or upgraded to a subsequent release. Updated packages are now available to address this problem.
c6f8c4c108e93298ad8357b758fb00ddea690c42be17e52b058750dde9d4d075Red Hat Security Advisory 2016-2124-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write breakage of private read-only memory mappings. An unprivileged, local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system.
583c9262cd833df9ea9a6338f42e103bcfcb9dc8eee2293a0d6668ad40f068a1Ubuntu Security Notice 3112-1 - Catalin Dumitru discovered that URLs of resources loaded after a navigation start could be leaked to the following page via the Resource Timing API. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit this to obtain sensitive information. Christoph Diehl, Andrew McCreight, Dan Minor, Byron Campen, Jon Coppeard, Steve Fink, Tyson Smith, and Carsten Book discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code. Various other issues were also addressed.
b8d665c1a846400e1f7e964a15a632b19104b1717e44ba9ec8f2ec975496481eApple Security Advisory 2016-10-27-3 - iTunes 12.5.2 for Windows is now available and addresses information disclosure and code execution vulnerabilities.
7837c6aba83c29572d902438c64faefb1b3d10d188308858e81f998ce2d4c8a1Apple Security Advisory 2016-10-27-2 - iCloud for Windows v6.0.1 is now available and addresses input validation and memory corruption vulnerabilities.
e6b2f11e487a13140de9459c76fdb0c2c16e535686e8418040177a9a2db898d1Apple Security Advisory 2016-10-27-1 - Xcode 8.1 is now available and addresses code execution vulnerabilities.
df4e9e18d07031af03162429c5cf5f429609a92fcbc73263b3a265198afd9ef3The bulletin summary for October 2016 has been updated to include an additional out-of-band bulletin, MS16-128.
0c3532bb83dda985a21572cb64d52961cc762b700e7fc383723f46b26c70262bRed Hat Security Advisory 2016-2120-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write breakage of private read-only memory mappings. An unprivileged, local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system.
21400fd9d46011e6214b97dde47b05d64f82b4980dfff20736f6091bc98770c2Red Hat Security Advisory 2016-2119-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update upgrades Flash Player to version 11.2.202.643. Security Fix: This update fixes one vulnerability in Adobe Flash Player. This vulnerability, detailed in the Adobe Security Bulletin listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to crash, execute arbitrary code, or disclose sensitive information when the victim loaded a page containing the malicious SWF content.
624a157feed85f8362a2172a09e51473198385362994b73ebaf3945b3e57e548Ubuntu Security Notice 3111-1 - A use-after-free was discovered in service workers. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via program crash, or execute arbitrary code. It was discovered that web content could access information in the HTTP cache in some circumstances. An attacker could potentially exploit this to obtain sensitive information. Various other issues were also addressed.
ffd6d84375daa74178a478c8635f4599291a1a43ae3643136d99af097aa90ab8Ubuntu Security Notice 3114-2 - USN-3114-1 fixed a vulnerability in nginx. A packaging issue prevented nginx from being reinstalled or upgraded to a subsequent release. This update fixes the problem. Dawid Golunski discovered that the nginx package incorrectly handled log file permissions. A remote attacker could possibly use this issue to obtain root privileges. Various other issues were also addressed.
9624f67fcd74df71566bea16362a1df2c8cb51b85d3fde2eb0af649b24c90594Red Hat Security Advisory 2016-2101-01 - Red Hat OpenShift Container Platform is the company's cloud computing Platform-as-a-Service solution designed for on-premise or private cloud deployments. Security Fix: A regular expression denial of service flaw was found in Tough-Cookie. An attacker able to make an application using Touch-Cookie to parse a sufficiently large HTTP request Cookie header could cause the application to consume an excessive amount of CPU.
0c1b4ed27f0d1db4f3edc634e7d5fccb7e419a267e21c9074481e69ff631e66bHP Security Bulletin HPSBMU03653 1 - Multiple potential security vulnerabilities have been identified in HPE System Management Homepage (SMH) on Windows and Linux. The vulnerabilities could be remotely exploited using man-in-the-middle (MITM) attacks resulting in cross-site scripting (XSS), arbitrary code execution, Denial of Service (DoS), and/or unauthorized disclosure of information. Revision 1 of this advisory.
8c670a2d763c2a2f7a69a05242741bdf9441d037d1584c704b9fdff983643e06HP Security Bulletin HPSBHF3549 1 - A security vulnerability identified with UEFI firmware, dubbed ThinkPwn, has been addressed in certain HP commercial notebook PCs and HP consumer notebook PCs. The vulnerability could be exploited to run arbitrary code in System Management Mode, resulting in elevation of privilege or denial of service. Revision HPSBHF3549 of this advisory.
d316acdb625a0fdff14d3ab3269e8a51e88303d7290a4dc73315c0ce0e70bd55
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed