Red Hat Security Advisory 2016-2077-01 - MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. Galera is a synchronous multi-master cluster for MariaDB. Security Fix: It was discovered that the MySQL logging functionality allowed writing to MySQL configuration files. An administrative database user, or a database user with FILE privileges, could possibly use this flaw to run arbitrary commands with root privileges on the system running the database server.
25f8677b3989794bfdab9e885b200c14f5958cc947734d677fdac0faf0bac785Red Hat Security Advisory 2016-2076-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: A flaw was found in the Linux kernel's keyring handling code, where in key_reject_and_link() an uninitialized variable would eventually lead to arbitrary free address which could allow attacker to use a use-after-free style attack. This issue was discovered by David Howells.
6bae7f24e59ae8d9804491e44f28a64f6dba1d6ca0ae8933e059b905c9c951b8Debian Linux Security Advisory 3694-1 - It has been discovered that Tor treats the contents of some buffer chunks as if they were a NUL-terminated string. This issue could enable a remote attacker to crash a Tor client, hidden service, relay, or authority.
bfd62c5b4a901803c2c5020c4a8936285e28f0df694cd5833649f7079667e5baRed Hat Security Advisory 2016-2074-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: A flaw was found in the Linux kernel's keyring handling code, where in key_reject_and_link() an uninitialized variable would eventually lead to arbitrary free address which could allow attacker to use a use-after-free style attack. This issue was discovered by David Howells.
211ff6324147cd5d6e78cc99ed7c543902711980e783ba11bb9ddb0f06682e31Red Hat Security Advisory 2016-2073-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Security Fix: A flaw was found in the way OpenSSL encoded certain ASN.1 data structures. An attacker could use this flaw to create a specially crafted certificate which, when verified or re-encoded by OpenSSL, could cause it to crash, or execute arbitrary code using the permissions of the user running an application compiled against the OpenSSL library.
016924697aba2b3c0ed2a4b898dbf325da5ec9106c04351d7f374f3485979f2cRed Hat Security Advisory 2016-2071-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. This release of Red Hat JBoss Enterprise Application Platform 6.4.11 serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.10, and includes bug fixes and enhancements. Documentation for these changes will be available shortly from the Red Hat JBoss Enterprise Application Platform 6.4.11 Release Notes, linked to in the References. Multiple security issues have been addressed.
ad36eab6d193625512bd94f6df20f23a60607c199ab728e8152362ed9051ff72Red Hat Security Advisory 2016-2069-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. This release serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.10. It includes bug fixes and enhancements. Documentation for these changes will be available shortly from the Red Hat JBoss Enterprise Application Platform 6.4.11 Release Notes, linked to in the References. All users of Red Hat JBoss Enterprise Application Platform 6.4 on Red Hat Enterprise Linux 7 are advised to upgrade to these updated packages. The JBoss server process must be restarted for the update to take effect.
90a74be5a92d9f26804f928cecbdaf1f32cc050c7b7188829e6168b51a751d5cRed Hat Security Advisory 2016-2072-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java EE applications. It is based on JBoss Application Server 7 and incorporates multiple open-source projects to provide a complete Java EE platform solution. Security Fix: A denial of service vulnerability was identified in Commons FileUpload that occurred when the length of the multipart boundary was just below the size of the buffer used to read the uploaded file if the boundary was the typical tens of bytes long.
9ed1b834fb53a506fd1eb1dd9f86980b8ae375e674b25aafe7ab41754eb1c606Red Hat Security Advisory 2016-2068-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. This release serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.10. It includes bug fixes and enhancements. Documentation for these changes will be available shortly from the Red Hat JBoss Enterprise Application Platform 6.4.11 Release Notes, linked to in the References. All users of Red Hat JBoss Enterprise Application Platform 6.4 on Red Hat Enterprise Linux 6 are advised to upgrade to these updated packages. The JBoss server process must be restarted for the update to take effect.
9fe5a5fdc0cc4a999a818f305cc5969f3b738a130e4405151c33a7b739fd8923Red Hat Security Advisory 2016-2070-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. This release serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.10. It includes bug fixes and enhancements. All users of Red Hat JBoss Enterprise Application Platform 6.4 on Red Hat Enterprise Linux 5 are advised to upgrade to these updated packages. The JBoss server process must be restarted for the update to take effect. Multiple security issues have been addressed.
d7ec988f0ff5ab1d3e9e885d06936c7833554bee0db9963a3e999d0f16bd646eRed Hat Security Advisory 2016-2064-01 - Red Hat OpenShift Container Platform is the company's cloud computing Platform-as-a-Service solution designed for on-premise or private cloud deployments. Security Fix: It was found that Kubernetes did not correctly validate X.509 client intermediate certificate host name fields. An attacker could use this flaw to bypass authentication requirements by using a specially crafted X.509 certificate.
7ac790d0bd5fd3aa218353b24721f042b3a1d148e74215514320782738a96160Debian Linux Security Advisory 3693-1 - Multiple vulnerabilities have been discovered in the GD Graphics Library, which may result in denial of service or potentially the execution of arbitrary code if a malformed file is processed.
43a92cb5d9f6e62cc4a4da52fe265bff5e1b879505ae69e8fe593cf9645b422aRed Hat Security Advisory 2016-2067-01 - Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 54.0.2840.59. Security Fix: Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information when visited by the victim.
b4c042ea70dafe96dddda09fc88b41fb0206273af3adff880b986298dbdcec91Gentoo Linux Security Advisory 201610-8 - Multiple vulnerabilities have been found in Oracle's JRE and JDK software suites allowing remote attackers to remotely execute arbitrary code, obtain information, and cause Denial of Service. Versions less than 1.8.0.102 are affected.
956eaa5520a023dd7135bdf93948e2b66b793db7c1efdc8bc6279d7f28ce2078HP Security Bulletin HPSBNS03661 1 - A security vulnerability in OpenSSL was addressed by NonStop Backbox. The vulnerability could be exploited resulting in remote disclosure of information. Revision 1 of this advisory.
e6b9efcb6842563922d9c550659a03379aa4f8ab06c9d690e53c5d735aace4b3Ubuntu Security Notice 3097-2 - Marco Grassi discovered a use-after-free condition could occur in the TCP retransmit queue handling code in the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Pengfei Wang discovered a race condition in the audit subsystem in the Linux kernel. A local attacker could use this to corrupt audit logs or disrupt system-call auditing. Various other issues were also addressed.
3a46c2fc2da8ed1ac2863686a1c6be2d3b9f7849b29b270bb7aefedc213fe0b0Red Hat Security Advisory 2016-2062-01 - MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. Galera is a synchronous multi-master cluster for MariaDB. Security Fix: A permissions flaw was discovered in the MySQL logging functionality, which allowed writing to MySQL configuration files. An administrative database user, or a database user with FILE privileges, could possibly exploit this flaw to run arbitrary commands with root privileges on the system running the database server.
3095fdcfee55e0072883a94d54e2575ee2543875dabfd381bb2b3398cc100bf4Red Hat Security Advisory 2016-2061-01 - MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. Galera is a synchronous multi-master cluster for MariaDB. Security Fix: It was discovered that the MySQL logging functionality allowed writing to MySQL configuration files. An administrative database user, or a database user with FILE privileges, could possibly use this flaw to run arbitrary commands with root privileges on the system running the database server.
2dff5fb12bfebf2c5ec3c79a89927f4c020fd5ef33e2cd3efbdd1b05eed4f386Red Hat Security Advisory 2016-2060-01 - MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. Galera is a synchronous multi-master cluster for MariaDB. Security Fix: It was discovered that the MySQL logging functionality allowed writing to MySQL configuration files. An administrative database user, or a database user with FILE privileges, could possibly use this flaw to run arbitrary commands with root privileges on the system running the database server.
fb3556e126894312a0618b086aab05da286bbb1b6bfe7bfe16220442b55022a5Red Hat Security Advisory 2016-2059-01 - MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. Galera is a synchronous multi-master cluster for MariaDB. Security Fix: It was discovered that the MySQL logging functionality allowed writing to MySQL configuration files. An administrative database user, or a database user with FILE privileges, could possibly use this flaw to run arbitrary commands with root privileges on the system running the database server.
53897a017d1189a15fff00405a0de1d19dc5c0b95eb99adc4b587c3314885bebRed Hat Security Advisory 2016-2058-01 - MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. Galera is a synchronous multi-master cluster for MariaDB. Security Fix: It was discovered that the MySQL logging functionality allowed writing to MySQL configuration files. An administrative database user, or a database user with FILE privileges, could possibly use this flaw to run arbitrary commands with root privileges on the system running the database server.
a9d0a0e174ed7b0675f21a44852635fd255be05d2bc7c4a369387e75914d9a69Ubuntu Security Notice 3103-1 - It was discovered that DBD::mysql incorrectly handled certain memory operations. A remote attacker could use this issue to cause DBD::mysql to crash, resulting in a denial of service, or possibly execute arbitrary code. Hanno Boeck discovered that DBD::mysql incorrectly handled certain memory operations. A remote attacker could use this issue to cause DBD::mysql to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.
da5e68e57b7fabe8ed110134570d5b604edd24d7d2aea42f4cda4995b2d7cf88Ubuntu Security Notice 3102-1 - It was discovered that Quagga incorrectly handled dumping data. A remote attacker could possibly use a large BGP packet to cause Quagga to crash, resulting in a denial of service. It was discovered that the Quagga package incorrectly set permissions on the configuration directory. A local user could use this issue to possibly obtain sensitive information.
791bc0d8fd5a75d438e274cb9cd9cbde77f7f714f6d26ae6110b82c92af7c080Red Hat Security Advisory 2016-2057-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update upgrades Flash Player to version 11.2.202.637. Security Fix: This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities, detailed in the Adobe Security Bulletin listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to crash, execute arbitrary code, or disclose sensitive information when the victim loaded a page containing the malicious SWF content.
12469bcff97b6c83ca93daad2f69a96c7e0ba231e43adc638d741d134f9c4ee5Cisco Security Advisory - A vulnerability in the Extensible Messaging and Presence Protocol (XMPP) service of the Cisco Meeting Server (CMS) could allow an unauthenticated, remote attacker to masquerade as a legitimate user. This vulnerability is due to the XMPP service incorrectly processing a deprecated authentication scheme. A successful exploit could allow an attacker to access the system as another user. Cisco has released software updates that address this vulnerability. Workarounds that address this vulnerability in some environments are available.
94d4d98592bf68b04c291f2f419a084d227bb9e58eb9e47958f9e47f8ba0436b
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed