Red Hat Security Advisory 2017-0324-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: A use-after-free flaw was found in the way the Linux kernel's Datagram Congestion Control Protocol implementation freed SKB resources for a DCCP_PKT_REQUEST packet when the IPV6_RECVPKTINFO option is set on the socket. A local, unprivileged user could use this flaw to alter the kernel memory, allowing them to escalate their privileges on the system.
f14e2b46c2b71cef1afb04a771220b5372f199e76244ba0af668358a52b9f888
Debian Linux Security Advisory 3792-1 - Ben Hayak discovered that objects embedded in Writer and Calc documents may result in information disclosure.
54bbcab9a611638d54637eac6c3d32a3d276c790c825d076deb406e2defa354f
tnef versions 1.4.12 and below suffer from multiple integer overflows, type confusions, and out of bounds read and write vulnerabilities.
5705b80ef5130f182eaa09743b3b19d2e17761e1bcc5443fc91394d3bdbe51e3
This bulletin summary lists one released Microsoft security bulletin for February, 2017.
c10fca7550173686a11a883eb6930a23f50785d3d78916bad5ddf4bdd62390bc
Apple Security Advisory 2017-02-21-2 - Logic Pro X 10.3.1 is now available and addresses a memory corruption vulnerability.
3eed75a7242320f6481a22179eaefd954c54322d7a2947a90ddbefa68b2f94a4
Apple Security Advisory 2017-02-21-1 - GarageBand 10.1.6 is now available and addresses a memory corruption issue.
1a5a8e755756dda1db45dd85aee82fc3cf7d4f874e1f54dad06b2fd61d006d03
Apple WebKit suffers from a UXSS via Frame::setDocument.
5104194e03e417e5667c9b4e888d0c95f77d92b2d00a9053243150deb4f64f54
AppleWebKit suffers from a bypass in the pop-up blocker via a cross-origin or sandboxed iframe.
d457da214a1cf7f501ec9edc89ee54671857a33c838ee0dd2b0b469664bd1774
Siklu Etherhaul versions prior to 7.4.0 suffer from an unauthenticated remote command execution vulnerability.
1488db4819cb3d631d5458d8303eb2a66ace7ffc1a16fa5a512858691028f7ce
Java and Python both have URL handling code that can be leveraged for XML external entity (XXE) injection and SSRF attacks.
9f2a5aa311b233621706991238e47f4e31fc0b190ca89a1f42a16cfca5d09c4c
Ubuntu Security Notice 3210-1 - Ben Hayak discovered that it was possible to make LibreOffice Calc and Writer disclose arbitrary files to an attacker if a user opened a specially crafted file with embedded links.
eb76a721c6b299a108a59454abfea2068bb742c16cf457993916607f6caffb98
Red Hat Security Advisory 2017-0309-01 - Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Security Fix: Quick emulator built with the Cirrus CLGD 54xx VGA emulator support is vulnerable to an out-of-bounds access issue. It could occur while copying VGA data via bitblt copy in backward mode. A privileged user inside a guest could use this flaw to crash the Qemu process resulting in DoS or potentially execute arbitrary code on the host with privileges of Qemu process on the host.
b208a03f917075e83c83e02b7c9d9e67d01004db93202ffd0e4666086e2e5fbc
Red Hat Security Advisory 2017-0307-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: When creating audit records for parameters to executed children processes, an attacker can convince the Linux kernel audit subsystem can create corrupt records which may allow an attacker to misrepresent or evade logging of executing commands. A flaw was found in the Linux kernel's implementation of the SCTP protocol. A remote attacker could trigger an out-of-bounds read with an offset of up to 64kB potentially causing the system to crash.
f5626e12bf318a6ceba6e16077d4ef1c50c6d37818aae8533ea4a67d5ff5c19a
Red Hat Security Advisory 2017-0316-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: A use-after-free flaw was found in the way the Linux kernel's Datagram Congestion Control Protocol implementation freed SKB resources for a DCCP_PKT_REQUEST packet when the IPV6_RECVPKTINFO option is set on the socket. A local, unprivileged user could use this flaw to alter the kernel memory, allowing them to escalate their privileges on the system.
b636031802de3b3dfef681e9912cabfab34e12ce63c092ae7a18e3a97f900150
Ubuntu Security Notice 3211-1 - It was discovered that PHP incorrectly handled certain invalid objects when unserializing data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. It was discovered that PHP incorrectly handled certain invalid objects when unserializing data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.
ee725f310771fc35d7cc3ac15e95e4674c6a5a8b5ec3ed497c4f369a51d9cb9e
FreeBSD Security Advisory - If an SSL/TLS server or client is running on a 32-bit host, and a specific cipher is being used, then a truncated packet can cause that server or client to perform an out-of-bounds read, usually resulting in a crash. There is a carry propagating bug in the x86_64 Montgomery squaring procedure. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. Various other issues have also been identified.
fd0871f8f44d01650f47267d841a243c6a575b751f8b35d5ec24cc8563298df8
Debian Linux Security Advisory 3791-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or have other impacts.
d4c6af8f0e3dd4d9e278a3515440e0936dca73862bdc065cf6bd5e2d14200203
Red Hat Security Advisory 2017-0300-01 - The OpenStack Oslo Middleware library provides components that can be injected into WSGI pipelines to intercept request and response flows. The base class can be enhanced with functionality like adding or updating HTTP headers, or to offer support for limiting size or connections. Security Fix: An information-disclosure flaw was found in oslo.middleware. Software using the CatchError class could include sensitive values in a traceback's error message. Remote users could exploit this flaw to obtain sensitive information from OpenStack component error logs.
c3359bf03135b1a5ff63d07bd5d660438d80e7a084cdb79b79c57de44ee006f0
Ubuntu Security Notice 3142-2 - USN-3142-1 fixed vulnerabilities in ImageMagick. The security fixes introduced a regression with text labels and a regression with the text coder. This update fixes the problem. It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the program. Various other issues were also addressed.
6bd0ad7bc46bd1aec3d550bb978fdd2857a665eafe7bbbd3d348eff865feec3f
Debian Linux Security Advisory 3788-2 - The update for tomcat8 issued as DSA-3788-1 caused that the server could return HTTP 400 errors under certain circumstances. Updated packages are now available to correct this issue.
9a471d0b8a11213787df65f14ac8faa29f4bd6795bfbb006a10eb21ea59d636d
Red Hat Security Advisory 2017-0293-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: A use-after-free flaw was found in the way the Linux kernel's Datagram Congestion Control Protocol implementation freed SKB resources for a DCCP_PKT_REQUEST packet when the IPV6_RECVPKTINFO option is set on the socket. A local, unprivileged user could use this flaw to alter the kernel memory, allowing them to escalate their privileges on the system.
675d2cff55b3e4f76bda52e3edcac6e3540ae592d7cec108e0884eb508679175
Red Hat Security Advisory 2017-0295-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix: A use-after-free flaw was found in the way the Linux kernel's Datagram Congestion Control Protocol implementation freed SKB resources for a DCCP_PKT_REQUEST packet when the IPV6_RECVPKTINFO option is set on the socket. A local, unprivileged user could use this flaw to alter the kernel memory, allowing them to escalate their privileges on the system.
43f786bca525228053ddc893e7b07e03f946f70afcdc61825d743ae0d53139bc
Red Hat Security Advisory 2017-0294-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: A use-after-free flaw was found in the way the Linux kernel's Datagram Congestion Control Protocol implementation freed SKB resources for a DCCP_PKT_REQUEST packet when the IPV6_RECVPKTINFO option is set on the socket. A local, unprivileged user could use this flaw to alter the kernel memory, allowing them to escalate their privileges on the system.
0fb4e054d84d8aecf3a85b795c0e3c8be31aec44f88499706fea037f8323067b
Gentoo Linux Security Advisory 201702-32 - Ruby Archive::Tar::Minitar is vulnerable to a directory traversal attack. Versions prior to 0.6.1 are affected.
157e690b127e197b5e2dc69bc809ae8b72ef330c005521c03a4cf6eaf39f4814
Gentoo Linux Security Advisory 201702-31 - Multiple vulnerabilities have been found in GPL Ghostscript, the worst of which may allow execution of arbitrary code. Versions prior to 9.20-r1 are affected.
b3d656fb5ed70e42c11d5359cb050e758a1e9620ffbbe27b7796e55ec545d211