This bulletin summary lists one bulletin that has undergone a major revision increment.
8936f937d0480cebc279d700bbabc01ca829aec407d814c762c85f98cdcd99b3HP Security Bulletin HPSBGN03676 1 - A potential security vulnerability has been identified with HPE Helion OpenStack Glance image service. This vulnerability could be exploited remotely to allow a Denial of Service (DoS). Revision 1 of this advisory.
34276ff714c214f8de2d088c12dd86926ca1164a7656e3c33d1bc698bbb39afbRed Hat Security Advisory 2016-2779-01 - Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. The nss-util packages provide utilities for use with the Network Security Services libraries. The following packages have been upgraded to a newer upstream version: nss, nss-util. Multiple security issues have been addressed.
df0b83d865da079f245658c46d7eff1eab3b336b9074b5a1419917a774b695c1VMware Security Advisory 2016-0020 - vRealize Operations REST API deserialization vulnerability vRealize Operations contains a deserialization vulnerability in its REST API implementation. This issue may result in a Denial of Service as it allows for writing of files with arbitrary content and moving existing files into certain folders. The name format of the destination files is predefined and their names cannot be chosen. Overwriting files is not feasible.
29c0a098ffb0c7b27ec0d4610115a63c7d8a7f0037d9c4fba88d83dcb2ddd668Red Hat Security Advisory 2016-2780-01 - Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.5.0 ESR. Security Fix: Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox.
1e6b22dca01d05d1b502a358a47e44384f7ef65d1eaf93c19aefa6b6b2e299d2Red Hat Security Advisory 2016-2766-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: It was found that stacking a file system over procfs in the Linux kernel could lead to a kernel stack overflow due to deep nesting, as demonstrated by mounting ecryptfs over procfs and creating a recursion by mapping /proc/environ. An unprivileged, local user could potentially use this flaw to escalate their privileges on the system.
cc91f5aae5acf096e58503cad4e4ced602a901542b2ae666e8d8ade12d687f24Red Hat Security Advisory 2016-2765-01 - 389 Directory Server is an LDAP version 3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. Security Fix: It was found that 389 Directory Server was vulnerable to a flaw in which the default ACI could be read by an anonymous user. This could lead to leakage of sensitive information. An information disclosure flaw was found in 389 Directory Server. A user with no access to objects in certain LDAP sub-tree could send LDAP ADD operations with a specific object name. The error message returned to the user was different based on whether the target object existed or not.
a23f2adc4f9c7000e2a14bf0039f624d18c36c133617746781bb9f35d92b15dcRed Hat Security Advisory 2016-2778-01 - Red Hat OpenShift Container Platform is the company's cloud computing Platform-as-a-Service solution designed for on-premise or private cloud deployments. Security Fix: Ansible fails to properly sanitize fact variables sent from the Ansible controller. An attacker with the ability to create special variables on the controller could execute arbitrary commands on Ansible clients as the user Ansible runs as.
c29aac5e4a84aa6b60fb8005bb7f3336c0ff6abc1ff541555ec67fe872574c88Red Hat Security Advisory 2016-2696-01 - Red Hat OpenShift Container Platform is the company's cloud computing Platform-as-a-Service solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform release 3.3.1.4. Multiple security issues have been addressed.
c10182559bc0cc2357527ebc02cd6fb0eca4428ed48a30c8201eaa78a1d10a0bHP Security Bulletin HPSBST03671 1 - A security vulnerability in PHP was addressed by the HPE StoreEver MSL6480 Tape Library firmware version 5.10. The vulnerability could be exploited remotely to allow Unauthorized Disclosure of Information. Revision 1 of this advisory.
a236eaf5199d818b254fc1971d748d5d36168d9a9c1c1304c367c3f4b563aefbA vulnerability in Cryptsetup, concretely in the scripts that unlock the system partition when the partition is ciphered using LUKS (Linux Unified Key Setup). This vulnerability allows to obtain a root initramfs shell on affected systems. The vulnerability is very reliable because it doesn't depend on specific systems or configurations. Attackers can copy, modify or destroy the hard disc as well as set up the network to data. In cloud environments it is also possible to remotely exploit this vulnerability without having "physical access". Cryptsetup versions 2:1.7.3-2 and below are affected.
a533475e588d0a35025183dd93ff60b65d867075cd009e955f89a1138f7cd7feMounting a crafted EXT4 image read-only leads to a memory corruption and SLAB out of bounds reads (according to KASAN). Since the mounting procedure is a privileged operation, an attacker is probably not able to trigger this vulnerability on the commandline. Instead the automatic mounting feature of the GUI via a crafted USB device is required.
76833a7057ed11a9603a2cca2127a14da53cfb98824820fa60de3d7cf3b821a6Gentoo Linux Security Advisory 201611-8 - Multiple vulnerabilities have been found in libpng, the worst of which may allow remote attackers to cause Denial of Service. Versions less than 1.6.21 are affected.
af56e343ff091a131c14cea1b83ea801e986ee721dab18820a2a08392abce80fGentoo Linux Security Advisory 201611-7 - polkit is vulnerable to local privilege escalation. Versions less than 0.113 are affected.
3c004982512d4668fabdd477a79b048c32dea21a9f1d8d4bb6c55235d81a54a2Gentoo Linux Security Advisory 201611-6 - A vulnerability in xinetd could lead to privilege escalation. Versions less than 2.3.15-r2 are affected.
1ceb98758118fd5375c5611a9f829b7b2c21d5c8315cf8449754f94ce9969b26Gentoo Linux Security Advisory 201611-5 - tnftp is vulnerable to remote code execution if output file is not specified. Versions less than 20141104 are affected.
3714fd619d496c5232b4708937dc2490c0a41fd3dea634635ec841f8cfbdceaeRed Hat Security Advisory 2016-2750-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The rh-php56 packages provide a recent stable release of PHP with PEAR 1.9.5 and enhanced language features including constant expressions, variadic functions, arguments unpacking, and the interactive debuger. The memcache, mongo, and XDebug extensions are also included. The rh-php56 Software Collection has been upgraded to version 5.6.25, which provides a number of bug fixes and enhancements over the previous version. Security Fixes in the rh-php56-php component have been added.
7a4b8b8d6b3eabdf404c0529d77c336afa623f07425290b0ef039e4d4015bb0bRed Hat Security Advisory 2016-2749-01 - MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon, mysqld, and many client programs. The following packages have been upgraded to a newer upstream version: rh-mysql56-mysql. Security Fix: It was discovered that the MySQL logging functionality allowed writing to MySQL configuration files. An administrative database user, or a database user with FILE privileges, could possibly use this flaw to run arbitrary commands with root privileges on the system running the database server.
2885c698b7f8dbeb61cdef79060e442a4d80a5dfbab9153600b85b4aee6e32caGentoo Linux Security Advisory 201611-9 - Multiple vulnerabilities have been found in Xen, the worst of which allows gaining of privileges on the host system. Versions less than 4.6.3-r3 are affected.
150b8fc9649193c656cb063bfd7db2df2856b9f70acd30052aa163a2c2782573The VHDMP driver does not correctly handle impersonation levels leading to the possibility of impersonating a privileged token when performing certain actions such as creating/modifying a VHD leading to elevation of privilege.
2dd3df095b5f804e247c897db2ccee0b7686f6aba635737c00ff269c7dd3eef9A specially crafted web-page can cause Microsoft Edge to free memory used for a CAttrArray object. The code continues to use the data in freed memory block immediately after freeing it. It does not appear that there is enough time between the free and reuse to exploit this issue.
7b085c40b0b5c32560e511980a285156cb74ab99f30b0b11136ee56130ebcd24Red Hat Security Advisory 2016-2718-01 - Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 54.0.2840.100. Security Fix: Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information when visited by the victim.
05b2ed146c3ff682639e67872348b4088b751bc112d944ed2b0afb65e94474cdRed Hat Security Advisory 2016-2706-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM in environments managed by Red Hat Enterprise Virtualization Manager. The following packages have been upgraded to a newer upstream version: qemu-kvm-rhev. Security Fix: An out-of-bounds flaw was found in the QEMU emulator built using 'address_space_translate' to map an address to a MemoryRegionSection. The flaw could occur while doing pci_dma_read/write calls, resulting in an out-of-bounds read-write access error. A privileged user inside a guest could use this flaw to crash the guest instance.
34ebf6833be3f8e06b1450c8d4b0768a9ee4ddf47d72a2dc7c01e2f31352f4a8HP Security Bulletin HPSBUX03665 2 - Potential security vulnerabilities have been identified in the HP-UX Tomcat-based Servlet Engine. These vulnerabilities could be exploited remotely to create a Denial of Service (DoS) and URL Redirection. Revision 2 of this advisory.
8a33a45462fb5af32efafe6f3107b91eb71ecf3236ac6ed9fb1332835889de91HP Security Bulletin HPSBGN03669 1 - Potential vulnerabilities have been identified in HPE SiteScope. The vulnerabilities could be exploited to allow local elevation of privilege and exploited remotely to allow denial of service, arbitrary code execution, cross-site request forgery. Revision 1 of this advisory.
ac957c536f14c0a27badb6f04185ed0c67d4cacfcf48129853672a6a8767ef2f
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed