Cisco Security Advisory - A vulnerability in the data plane IP fragment handler of the Adaptive Security Appliance (ASA) CX Context-Aware Security module could allow an unauthenticated, remote attacker to cause the CX module to be unable to process further traffic, resulting in a denial of service (DoS) condition. The vulnerability is due to improper handling of IP fragments. An attacker could exploit this vulnerability by sending fragmented IP traffic across the CX module. An exploit could allow the attacker to exhaust free packet buffers in shared memory (SHM), causing the CX module to be unable to process further traffic, resulting in a DoS condition. Cisco has not released and will not release software updates that address this vulnerability. There are no workarounds that address this vulnerability.
360234b583a96365ec769e58bf559cda974f2537dd62ac3a8ca202d463fbc744
Red Hat Security Advisory 2017-0196-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: A use-after-free vulnerability was found in the kernel's socket recvmmsg subsystem. This may allow remote attackers to corrupt memory and may allow execution of arbitrary code. This corruption takes place during the error handling routines within __sys_recvmmsg() function.
a44d2b242c7a37d563d6dc8f852849a2a378aba0acb3a1df5113f7c57b6564fa
Red Hat Security Advisory 2017-0195-01 - Ansible is a radically simple model-driven configuration management, multi-node deployment, and remote task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically. The following packages have been upgraded to a newer upstream version: ansible. Multiple security issues have been addressed.
bac2055a8a470e01e78a097989076d4fa34d7e209af203d4a6ff20e24979a08e
Android suffers from an RKP related memory corruption vulnerability in rkp_mark_adbd.
649722c7f67880c4ce089b2ce89d2f853771bbc7a6392616688f551b5c4956c1
OpenSSL Security Advisory 20170126 - If an SSL/TLS server or client is running on a 32-bit host, and a specific cipher is being used, then a truncated packet can cause that server or client to perform an out-of-bounds read, usually resulting in a crash. Other issues were also addressed.
457838ec233230687d717bc896db28bd57340df047d0575d696435c9376532d2
WordPress InfiniteWP Client plugin versions 1.5.1.3 and 1.6.0 suffer from a PHP object injection vulnerability.
74ff5245b2d5c61d42d72ec48e5ef102ec8f33a14a671e780a71faac3de023c7
EMC Isilon OneFS is affected by a privilege escalation vulnerability that could potentially be exploited by attackers to compromise the affected system. Various versions of the 7.x.x.x releases are affected.
e90fe55e4ac1ce95d60fef53ca4d18d4e23e188f99c4a0a9d995592b077bef24
WordPress CMS Command Client plugin version 2.21 suffer from a PHP object injection vulnerability.
7625040df4e8cd693c4e1f946eb49f919e552143bf24eb14f8dfd937809d5dd3
WordPress Google Forms plugin versions 0.8 through 0.87 suffer from a PHP object injection vulnerability.
ae94630680f1e42c5eeb8f1edcd5f27fe6bcea14d0a2979fd4b00f7a0817a4a2
OpenCart version 2.3.0.2 suffers from a cross site request forgery vulnerability.
8e30f83b2ffe57959ff9f9854a4e605a27ee7efbc48ea1739cb3bedf09e55d23
Gentoo Linux Security Advisory 201701-65 - Multiple vulnerabilities have been found in Oracle's JRE and JDK software suites, the worst of which may allow execution of arbitrary code Versions less than 1.8.0.121 are affected.
1d411c67045468f66d9be8f87af444135bfe4edb5ff40c3d978dceeda485b1e7
Gentoo Linux Security Advisory 201701-64 - Multiple vulnerabilities have been found in X.Org X Server, the worst of which may allow authenticated attackers to read from or send information to arbitrary X11 clients. Versions less than 1.18.4 are affected.
73e2e4f1303187d367e8f18e99cdc9c6afef497aaa8fe6fed6db24b7ecf4f370
Red Hat Security Advisory 2017-0191-01 - After March 31, 2017, as per the life-cycle support policy for Red Hat Satellite, Red Hat will discontinue technical support services as well as software maintenance services for all Red Hat Satellite and Proxy versions 5.6 or older on Red Hat Enterprise Linux 5. The listed versions will exit the existing Limited Maintenance Release phase.
5ef45ba4c4459be94e2c6736d80d19748c391b48f908d25e7ec5b81775e18389
Red Hat Security Advisory 2017-0192-01 - After March 31, 2017, as per the life-cycle support policy for Red Hat Satellite, Red Hat will discontinue technical support services as well as software maintenance services for all Red Hat Satellite and Proxy versions 5.6 or older on Red Hat Enterprise Linux 5. The listed versions will exit the existing Limited Maintenance Release phase.
f5a4a7baea0c8d806ae99d96ea51b8054ba30cb5ed3ac794f4ae47c8baa364eb
Red Hat Security Advisory 2017-0190-01 - Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.7.0 ESR. Security Fix: Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox.
92a75711d8c764d53700932ba5fa362465c3ba99f2a33e3f058ccf0ea605a3de
HP Security Bulletin HPSBST03642 3 - Security vulnerabilities in OpenSSL and OpenSSH were addressed in HPE StoreVirtual products using LeftHand OS. These vulnerabilities include the SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" also known as "POODLE", which could be exploited remotely resulting in disclosure of information, additional OpenSSL and OpenSSH vulnerabilities which could be remotely exploited resulting in arbitrary code execution, unauthorized access, disclosure of information, or Denial of Service (DoS). Revision 3 of this advisory.
864bcff09d4a86c839035348112fa45614c1f5e5a95ea128a61d9122002eb2f1
HP Security Bulletin HPSBHF03695 1 - A security vulnerability with the Ethernet Non-Volatile Flash Memory (NVM) image in Intel Forteville-based adapters has been addressed by certain HPE Ethernet Adaptors. The vulnerability could be remotely exploited resulting in Denial of Service (DoS). Revision 1 of this advisory.
2ef48a83b40449f8fbb254829043b60e5e679b066dd69b0e0d85eb8600f804a4
Ubuntu Security Notice 3179-1 - Karthik Bhargavan and Gaetan Leurent discovered that the DES and Triple DES ciphers were vulnerable to birthday attacks. A remote attacker could possibly use this flaw to obtain clear text data from long encrypted sessions. This update moves those algorithms to the legacy algorithm set and causes them to be used only if no non-legacy algorithms can be negotiated. It was discovered that OpenJDK accepted ECSDA signatures using non-canonical DER encoding. An attacker could use this to modify or expose sensitive data. Various other issues were also addressed.
6bda3d62c1c8c78bd4f6b0e8698e7c3cd70f29a93396246928e224431ea0e83f
Red Hat Security Advisory 2017-0194-01 - This release adds the new Apache HTTP Server 2.4.23 packages that are part of the JBoss Core Services offering. This release serves as a replacement for Red Hat JBoss Core Services Pack Apache Server 2.4.6 and includes bug fixes and enhancements.
87174b8450d231a37911132f24e96b986faf624c7b0a9cba8fa385f524dd7b74
Red Hat Security Advisory 2017-0193-01 - This release adds the new Apache HTTP Server 2.4.23 packages that are part of the JBoss Core Services offering. This release serves as a replacement for Red Hat JBoss Core Services Pack Apache Server 2.4.6, and includes bug fixes and enhancements.
add426ec965f995c831f757bb8748e79a3bfb0db3b46802a9cf9ad5be73448c2
HP Security Bulletin HPSBHF03441 2 - Potential security vulnerabilities have been identified in HPE Integrated Lights Out 3, HPE Integrated Lights Out 4, and Integrated Lights Out 4 mRCA. The vulnerabilities are remotely exploitable. Revision 2 of this advisory.
725dda88fc75de2dd666620311ad115afdaf41691da1310e0ffe965f13f3659d
Apple Security Advisory 2017-01-23-7 - iTunes for Windows 12.5.5 is now available and addresses code execution vulnerabilities.
4c501fcce5004df66bab08bab466bc67e6321f8c5999863d097303011f483d4f
Ubuntu Security Notice 3178-1 - It was discovered that icoutils incorrectly handled memory when processing certain files. If a user or automated system were tricked into opening a specially crafted file, an attacker could cause icoutils to crash, resulting in a denial of service, or possibly execute arbitrary code.
dfdaeabc12516e648cfc5b4964c3b87c94ba53fb1824345a8d411cea8b469708
Cisco Security Advisory - A vulnerability in the Cisco WebEx browser extensions provided by Cisco WebEx Meetings Server and Cisco WebEx Meetings Center could allow an unauthenticated, remote attacker to execute arbitrary code on a targeted system. The vulnerability is due to the use of a crafted pattern by the affected software. An attacker could exploit this vulnerability by directing a user to a web page that contains the crafted pattern and starting a WebEx session. The WebEx session could allow the attacker to execute arbitrary code on the affected system, which could be used to conduct further attacks. Cisco has begun to release software updates that address this vulnerability. There are no workarounds that address this vulnerability.
b4dd5a562bd71f25e3fbb03491264124af0983e2e1def39c2ed41c5de59b19b2
Slackware Security Advisory - New mozilla-firefox packages are available for Slackware 14.1, 14.2, and -current to fix security issues.
dae763489bd106fdc5675989384a13d3d71c5191aef60e60ebcc4f85c82d667a