all things security
Showing 1 - 25 of 218 RSS Feed

Files

Kernel Live Patch Security Notice LSN-0013-1
Posted Nov 30, 2016
Authored by Luis Henriques

Ondrej Kozina discovered that the keyring interface in the Linux kernel contained a buffer overflow when displaying timeout events via the /proc/keys interface. A local attacker could use this to cause a denial of service (system crash). Dmitry Vyukov discovered a use-after-free vulnerability during error processing in the recvmmsg(2) implementation in the Linux kernel. A remote attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. Various other kernel vulnerabilities were also discovered and addressed.

tags | advisory, remote, denial of service, overflow, arbitrary, kernel, local, vulnerability
systems | linux
advisories | CVE-2016-7042, CVE-2016-7117, CVE-2016-7425, CVE-2016-8658
MD5 | 62cbf8e508bff43744108581efe5a4bb
Ubuntu Security Notice USN-3142-1
Posted Nov 30, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3142-1 - It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the program.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2016-7799, CVE-2016-7906, CVE-2016-8677, CVE-2016-8862, CVE-2016-9556
MD5 | 71e0dfeebb20d78d01a5de0e97b7da7e
Ubuntu Security Notice USN-3143-1
Posted Nov 30, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3143-1 - Gzob Qq discovered that c-ares incorrectly handled certain hostnames. A remote attacker could use this issue to cause applications using c-ares to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2016-5180
MD5 | 44682dac501779188190d5b4178f7806
HP Security Bulletin HPSBHF03682 1
Posted Nov 30, 2016
Authored by HP | Site hp.com

HP Security Bulletin HPSBHF03682 1 - A security vulnerability in the Linux kernel could potentially impact HPE Comware 7 network products. The vulnerability could be exploited locally to gain privileged access. Revision 1 of this advisory.

tags | advisory, kernel
systems | linux
advisories | CVE-2016-5195
MD5 | 7630d3a934b144d82cd08e94aa6ae34d
Red Hat Security Advisory 2016-2837-01
Posted Nov 30, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-2837-01 - In accordance with the Red Hat CloudForms Support Life Cycle Policy, support will end on February 28, 2017. Red Hat will not provide extended support for this product. Customers are requested to migrate to the newer Red Hat CloudForms product prior to the end of the life cycle for CloudForms 3.0. After February 28, 2017, technical support through Red Hatas Global Support Services will no longer be provided.

tags | advisory
systems | linux, redhat
MD5 | 15dc5bfb68ab8743a018ce74c95d4323
Ubuntu Security Notice USN-3147-1
Posted Nov 30, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3147-1 - Andreas Gruenbacher and Jan Kara discovered that the filesystem implementation in the Linux kernel did not clear the setgid bit during a setxattr call. A local attacker could use this to possibly elevate group privileges. Marco Grassi discovered that the driver for Areca RAID Controllers in the Linux kernel did not properly validate control messages. A local attacker could use this to cause a denial of service or possibly gain privileges. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2016-7097, CVE-2016-7425
MD5 | 559625083100d96654480164212d1075
Ubuntu Security Notice USN-3146-2
Posted Nov 30, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3146-2 - USN-3146-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. It was discovered that the __get_user_asm_ex implementation in the Linux kernel for x86/x86_64 contained extended asm statements that were incompatible with the exception table. A local attacker could use this to gain administrative privileges. Various other issues were also addressed.

tags | advisory, x86, kernel, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2016-7097, CVE-2016-7425, CVE-2016-8658, CVE-2016-9644
MD5 | 097cc04c8dec8f47a6f9e994ad83f1d2
Ubuntu Security Notice USN-3146-1
Posted Nov 30, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3146-1 - It was discovered that the __get_user_asm_ex implementation in the Linux kernel for x86/x86_64 contained extended asm statements that were incompatible with the exception table. A local attacker could use this to gain administrative privileges. Andreas Gruenbacher and Jan Kara discovered that the filesystem implementation in the Linux kernel did not clear the setgid bit during a setxattr call. A local attacker could use this to possibly elevate group privileges. Various other issues were also addressed.

tags | advisory, x86, kernel, local
systems | linux, ubuntu
advisories | CVE-2016-7097, CVE-2016-7425, CVE-2016-8658, CVE-2016-9644
MD5 | 5db8f822195c3e9c1e40863156b060b3
Ubuntu Security Notice USN-3145-2
Posted Nov 30, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3145-2 - USN-3145-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 LTS. Marco Grassi discovered that the driver for Areca RAID Controllers in the Linux kernel did not properly validate control messages. A local attacker could use this to cause a denial of service or possibly gain privileges. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2016-7425, CVE-2016-8658
MD5 | c8d6e919541e25d8401c273c4291136e
Ubuntu Security Notice USN-3145-1
Posted Nov 30, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3145-1 - Marco Grassi discovered that the driver for Areca RAID Controllers in the Linux kernel did not properly validate control messages. A local attacker could use this to cause a denial of service or possibly gain privileges. Daxing Guo discovered a stack-based buffer overflow in the Broadcom IEEE802.11n FullMAC driver in the Linux kernel. A local attacker could use this to cause a denial of service or possibly gain privileges. Various other issues were also addressed.

tags | advisory, denial of service, overflow, kernel, local
systems | linux, ubuntu
advisories | CVE-2016-7425, CVE-2016-8658
MD5 | 04869989c9266de37a76afc32ac8b6ba
Ubuntu Security Notice USN-3144-1
Posted Nov 30, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3144-1 - Marco Grassi discovered that the driver for Areca RAID Controllers in the Linux kernel did not properly validate control messages. A local attacker could use this to cause a denial of service or possibly gain privileges.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2016-7425
MD5 | f2505002de8fe09bf2791b6903e0593c
Ubuntu Security Notice USN-3144-2
Posted Nov 30, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3144-2 - Marco Grassi discovered that the driver for Areca RAID Controllers in the Linux kernel did not properly validate control messages. A local attacker could use this to cause a denial of service or possibly gain privileges.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2016-7425
MD5 | 64725aa7b2e9136958868710c45d9f6f
Red Hat Security Advisory 2016-2839-01
Posted Nov 30, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-2839-01 - Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller framework for web application development. Action Pack implements the controller and the view components. Security Fix: A code injection flaw was found in the way capacity and utilization imported control files are processed. A remote, authenticated attacker with access to the capacity and utilization feature could use this flaw to execute arbitrary code as the user CFME runs as.

tags | advisory, remote, web, arbitrary, ruby
systems | linux, redhat
advisories | CVE-2016-5402
MD5 | f4dd89e83fa0c97433d21bfaab95f095
HP Security Bulletin HPSBGN03677 1
Posted Nov 30, 2016
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03677 1 - Potential security vulnerabilities in RPCServlet and Java deserialization were addressed by HPE Network Automation. The vulnerabilities could be remotely exploited to allow code execution. Revision 1 of this advisory.

tags | advisory, java, vulnerability, code execution
advisories | CVE-2016-8511
MD5 | 5dad7dfabe65ab959f86195bb5632082
Zurb Foundation 5.5.3 / 5.5.1 Cross Site Scripting
Posted Nov 29, 2016
Authored by Winni Neessen

Zurb Foundation versions 5.5.1 and 5.5.3 suffer from a cross site scripting vulnerability.

tags | advisory, xss
MD5 | d76ca8deb88a2741d8e25843dfbaeef5
Red Hat Security Advisory 2016-2823-01
Posted Nov 29, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-2823-01 - This release of Red Hat JBoss BRMS 6.4.0 serves as a replacement for Red Hat JBoss BRMS 6.3.4, and includes bug fixes and enhancements, which are documented in the Release Notes of the patch linked to in the References section. Security Fix: It was found that several XML parsers used by XStream had default settings that would expand entity references. A remote, unauthenticated attacker could use this flaw to read files accessible to the user running the application server, and potentially perform other more advanced XXE attacks.

tags | advisory, remote
systems | linux, redhat
advisories | CVE-2016-3674, CVE-2016-7041, CVE-2016-8608
MD5 | 94227be66643a4ce9aa75b2772e98354
Red Hat Security Advisory 2016-2825-01
Posted Nov 29, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-2825-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 45.5.0. Security Fix: Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird.

tags | advisory, web, arbitrary
systems | linux, redhat
advisories | CVE-2016-5290
MD5 | b7a04efb82d5871e8b28dcd19229f9fa
Red Hat Security Advisory 2016-2822-01
Posted Nov 29, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-2822-01 - This release of Red Hat JBoss BPM Suite 6.4.0 serves as a replacement for Red Hat JBoss BPM Suite 6.3.4, and includes bug fixes and enhancements, which are documented in the Release Notes of the patch linked to in the References section. Security Fix: It was found that several XML parsers used by XStream had default settings that would expand entity references. A remote, unauthenticated attacker could use this flaw to read files accessible to the user running the application server, and potentially perform other more advanced XXE attacks.

tags | advisory, remote
systems | linux, redhat
advisories | CVE-2016-3674, CVE-2016-7041, CVE-2016-8608
MD5 | dee7c00f687aff53c5ce4a18baf8b732
Ubuntu Security Notice USN-3139-1
Posted Nov 29, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3139-1 - Florian Larysch discovered that the Vim text editor did not properly validate values for the 'filetype', 'syntax', and 'keymap' options. An attacker could trick a user into opening a file with specially crafted modelines and possibly execute arbitrary code with the user's privileges.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2016-1248
MD5 | 8c65c9036076b54e0594e3d6963c865a
Red Hat Security Advisory 2016-2824-01
Posted Nov 28, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-2824-01 - Expat is a C library for parsing XML documents. Security Fix: An out-of-bounds read flaw was found in the way Expat processed certain input. A remote attacker could send specially crafted XML that, when parsed by an application using the Expat library, would cause that application to crash or, possibly, execute arbitrary code with the permission of the user running the application.

tags | advisory, remote, arbitrary
systems | linux, redhat
advisories | CVE-2016-0718
MD5 | 754a9be94b6674126e6bd29781af1cba
Ubuntu Security Notice USN-3138-1
Posted Nov 28, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3138-1 - Markus Doering discovered that python-cryptography incorrectly handled certain HKDF lengths. This could result in python-cryptography returning an empty string instead of the expected derived key.

tags | advisory, python
systems | linux, ubuntu
advisories | CVE-2016-9243
MD5 | 7af8fd9033167a619d1f40c7d195fbcb
Ubuntu Security Notice USN-3135-2
Posted Nov 28, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3135-2 - USN-3135-1 fixed a vulnerability in GStreamer Good Plugins. The original security fix was incomplete. This update fixes the problem. Chris Evans discovered that GStreamer Good Plugins did not correctly handle malformed FLC movie files. If a user were tricked into opening a crafted FLC movie file with a GStreamer application, an attacker could cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking the program. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
MD5 | 8efb30ba821a826eea7c446f7a0ea77a
Debian Security Advisory 3725-1
Posted Nov 28, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3725-1 - Several vulnerabilities were discovered in the International Components for Unicode (ICU) library.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2014-9911, CVE-2015-2632, CVE-2015-4844, CVE-2016-0494, CVE-2016-6293, CVE-2016-7415
MD5 | 999ff3a6c8613cc49e208b4bf2335876
Apache OpenOffice 1.0 Windows Installer Trojan Execution
Posted Nov 26, 2016
Authored by Cyril Vallicari

The Apache OpenOffice installer for Windows contained a defective operation that could trigger execution of unwanted software installed by a Trojan Horse application. The installer defect is known as an unquoted Windows search path vulnerability. In the case of Apache OpenOffice installers for Windows, the PC must have previously been infected by a Trojan Horse application (or user) running with administrator privilege. Any installer with the unquoted search path vulnerability becomes a delayed trigger for the exploit. The exploit may already have operated on the user's PC.

tags | advisory, trojan
systems | windows
advisories | CVE-2016-6803
MD5 | 7705d5ab1a4089c1df13600a4048d119
Debian Security Advisory 3723-1
Posted Nov 24, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3723-1 - Chris Evans discovered that the GStreamer 1.0 plugin used to decode files in the FLIC format allowed execution of arbitrary code.

tags | advisory, arbitrary
systems | linux, debian
advisories | CVE-2016-9634, CVE-2016-9635, CVE-2016-9636
MD5 | 41b2db800799c9e0b3ed07575dd8bda8
Page 1 of 9
Back12345Next

Top Authors In Last 30 Days

Recent News

News RSS Feed
ATM Malware Available Online For Online $5,000
Posted Oct 18, 2017

tags | headline, malware, bank, cybercrime, fraud
Oracle Swats 252 Bugs In Patch Update
Posted Oct 18, 2017

tags | headline, flaw, patch, oracle
Child Safety Smartwatches Easy To Hack, Watchdog Says
Posted Oct 18, 2017

tags | headline, privacy, flaw
Domino's Pizza Delivers User Details To Spammers
Posted Oct 18, 2017

tags | headline, privacy, email, spam, fraud
Microsoft Never Disclosed 2013 Hack Of Secret Vulnerability Database
Posted Oct 18, 2017

tags | headline, hacker, microsoft, data loss, flaw
Adobe Patches Zero-Day Used To Plant Gov't Spying Software
Posted Oct 17, 2017

tags | headline, hacker, government, usa, flaw, cyberwar, adobe, zero day, nsa
UK TV Drama About North Korea Hit By Hackers
Posted Oct 17, 2017

tags | headline, hacker, government, britain, cyberwar, korea
Russia Tweaks Telegram With Tiny Fine For Decryption Denial
Posted Oct 17, 2017

tags | headline, government, privacy, russia, cryptography
Never Mind The WPA2 Drama... Details Emerge Of TPM Key Fail
Posted Oct 17, 2017

tags | headline, wireless, flaw, cryptography
Millions Of High Security Crypto Keys Crippled By Newly Discovered Flaw
Posted Oct 16, 2017

tags | headline, flaw, cryptography
View More News →
packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close