Gentoo Linux Security Advisory 201702-14 - A heap-based buffer overflow in PyCrypto might allow remote attackers to execute arbitrary code. Versions less than 2.6.1-r2 are affected.
e49964c51be6513fd920fa46c295bd95fe24efd58c8d5f4f02ce944638d34e01
Gentoo Linux Security Advisory 201702-13 - Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could lead to the execution of arbitrary code. Versions less than 45.7.0 are affected.
4e6c9b6c887de08be450a8596c0ce33fe1812048715d0838bd2aa5d57658a6ac
Ubuntu Security Notice 3202-1 - Frediano Ziglio discovered that Spice incorrectly handled certain client messages. A remote attacker could use this issue to cause Spice to crash, resulting in a denial of service, or possibly execute arbitrary code.
48b335caa3db2e8cecc79f87924e6e7b7ef20b603e40720f1f3f109a03a9d3af
Ubuntu Security Notice 3203-1 - It was discovered that gtk-vnc incorrectly validated certain data. A malicious server could use this issue to cause gtk-vnc to crash, resulting in a denial of service, or possibly execute arbitrary code.
6c58dfec8d09852c5bf6261c22dcb2332232e0c2a285cf29b44c1e453ec62204
Ubuntu Security Notice 3204-1 - It was discovered that Tomcat incorrectly handled certain HTTP requests. A remote attacker could possibly use this issue to cause Tomcat to consume resources, resulting in a denial of service.
88d15946d2c7ca6641b2b0d9ab6a3032e893c12ef0b833c14b96a392bf4498f8
Red Hat Security Advisory 2017-0286-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Security Fix: An integer underflow leading to an out of bounds read flaw was found in OpenSSL. A remote attacker could possibly use this flaw to crash a 32-bit TLS/SSL server or client using OpenSSL if it used the RC4-MD5 cipher suite.
263e10e25244071ae6bff5440a09981e5d4c03c3e8382ee37d122e6f44fcaee2
Gentoo Linux Security Advisory 201702-12 - Multiple vulnerabilities have been found in MuPDF, the worst of which allows remote attackers to execute arbitrary code. Versions less than 1.10a-r1 are affected.
b5b498264a2f4a5e1823126da1134199b8ce2c43ccf54d288bb0e6623f948020
Gentoo Linux Security Advisory 201702-11 - Multiple vulnerabilities have been found in the GNU C Library, the worst of which allows context-dependent attackers to execute arbitrary code. Versions less than 2.23-r3 are affected.
fa2a94198c76126434e575483adb24e98f6fc6067b9bede81d1fab17552eb3e5
Gentoo Linux Security Advisory 201702-10 - A vulnerability in NTFS-3G allows local users to gain root privileges. Versions less than 2016.2.22-r2 are affected.
ee4509abb8d07659fe187c08f1cf8070767d055822625eb1de9ade54c1d6e459
QEMU has an issue where virtfs permits a guest to access the entire host filesystem.
8afb47007c79b3a9ac847f6e9b076ad790c162d53fdddf920e2a3d557b2daeb1
Cisco ASA WebVPN CIFS handling buffer overflow conditions have been discovered.
5f13058e5f06f00a4c9e17b0e2cff240e100c10816e9044cab1647b9e216332f
Ubuntu Security Notice 3199-2 - USN-3199-1 fixed a vulnerability in the Python Cryptography Toolkit. Unfortunately, various programs depended on the original behavior of the Python Cryptography Toolkit which was altered when fixing the vulnerability. This update retains the fix for the vulnerability but issues a warning rather than throwing an exception. Code which produces this warning should be updated because future versions of the Python Cryptography Toolkit re-introduce the exception. Various other issues were also addressed.
ffdcb4098907eacbe478078964c23d7b8fe357a3fb8a5cf606b1d9935d33f913
Gentoo Linux Security Advisory 201702-9 - Multiple vulnerabilities have been found in ImageMagick, the worst of which allows remote attackers to execute arbitrary code. Versions less than 6.9.7.4 are affected.
76c4d959e155995070047941ecd5e0069dcc43c4077e5f8e9c14cc9087bcdc9c
Debian Linux Security Advisory 3790-1 - Several vulnerabilities were discovered in spice, a SPICE protocol client and server library.
49cc794953e2a7fa3792442d95f833015b85f773dc7987a963b5beab5882e82d
Ubuntu Security Notice 3199-1 - It was discovered that the ALGnew function in block_templace.c in the Python Cryptography Toolkit contained a heap-based buffer overflow vulnerability. A remote attacker could use this flaw to execute arbitrary code by using a crafted initialization vector parameter.
e8a7c38d5847c9eb619e356107017e6f6145e41512cc339e081a0c3d1ef48e20
Ubuntu Security Notice 3201-1 - It was discovered that Bind incorrectly handled rewriting certain query responses when using both DNS64 and RPZ. A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service.
aa4b9a3339b5c3377bb62c14333d747ef7a018f9172d10f35322b16f7763eef6
Ubuntu Security Notice 3200-1 - A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.
a61c6b895c9fb308b79806c33c686eac64252cfe20244790ee0c7c447b60ff74
Ubuntu Security Notice 3198-1 - Karthik Bhargavan and Gaetan Leurent discovered that the DES and Triple DES ciphers were vulnerable to birthday attacks. A remote attacker could possibly use this flaw to obtain clear text data from long encrypted sessions. This update moves those algorithms to the legacy algorithm set and causes them to be used only if no non-legacy algorithms can be negotiated. It was discovered that OpenJDK accepted ECSDA signatures using non-canonical DER encoding. An attacker could use this to modify or expose sensitive data. Various other issues were also addressed.
401231d16faaf570a0694163991be2f69899e60a6316f4ea5ccc0ea0741ef00f
Red Hat Security Advisory 2017-0282-01 - The Oslo concurrency library has utilities for safely running multi-thread, multi-process applications using locking mechanisms, and for running external processes. OpenStack Compute launches and schedules large networks of virtual machines, creating a redundant and scalable cloud computing platform. Compute provides the software, control panels, and APIs required to orchestrate a cloud, including running virtual machine instances and controlling access through users and projects. OpenStack Image Service provides discovery, registration, and delivery services for disk and server images. The service provides the ability to copy or snapshot a server image, and immediately store it away. Stored images can be used as a template to get new servers up and running quickly and more consistently than installing a server operating system and individually configuring additional services.
5fd712c87b8881f2c1c11ceb138da557ae0c18a97e0eaffd9f628cfb8aad3438
Ubuntu Security Notice 3197-1 - Kuang-che Wu discovered that multiple integer overflow vulnerabilities existed in libgc. An attacker could use these to cause a denial of service or possibly execute arbitrary code.
9660c57eca69d7e5b5e3f1edab1ac7798f8fe091d546ea992308803cdc972e83
Cisco Security Advisory - A vulnerability in the web-based GUI of Cisco UCS Director could allow an authenticated, local attacker to execute arbitrary workflow items with just an end-user profile. The vulnerability is due to improper role-based access control (RBAC) after the Developer Menu is enabled in Cisco UCS Director. Attackers could exploit this vulnerability by enabling Developer Mode for their user profile with an end-user profile and then adding new catalogs with arbitrary workflow items to the profile. An exploit could allow attackers to perform any actions defined by these workflow items, including actions affecting other tenants. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
af8ddd4b376f7c30e09926c47b62cf5a42d2a31626a7239edac7bdaa02886344
Red Hat Security Advisory 2017-0276-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. Security Fix: A denial of service flaw was found in the way BIND handled query responses when both DNS64 and RPZ were used. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure or a null pointer dereference via a specially crafted DNS response.
33a7601585c42e9c028fe9fe800eccb4904146febae800994c309c87bb09a0ce
Suricata IDS / IPS versions 3.2.x before 3.2.13.13 and versions 3.1.3 and below suffered from an issue with IPv4 evasion.
ae4d50e6dd5d0d4d2b0cfb7661192e3225d3bededae3434f440a38ff2641bf79
OpenSSL Security Advisory 20170216 - During a renegotiation handshake if the Encrypt-Then-Mac extension is negotiated where it was not in the original handshake (or vice-versa) then this can cause OpenSSL to crash (dependent on ciphersuite). Both clients and servers are affected.
89f33fdcfc3a843de7fa742f846df800fb1b00666355c492d4ba177e9b4340bb
Multiple heap overflows, out of bound writes and reads, NULL pointer dereferences, and infinite loops have been discovered in ytnef versions 1.9 and below. These could be exploited by tricking a user into opening a malicious winmail.dat file.
863155d81c8f400b25a4c4da9abcbe4f9c556d4ce5bca22e8188cfbb64d6d669