Apple Security Advisory 2017-04-03-1 - iOS 10.3.1 is now available and addresses a wifi vulnerability.
8b5f0e4a03e750a7b56884a02e8dfd789cb35bb0287acfccf2e07d060e4d0524
HPE Security Bulletin HPESBGN03722 1 - A security vulnerability in Linux kernel, also known as "Dirty COW", has been addressed in HPE Operations Agent. This vulnerability could be exploited locally to allow escalation of privilege. Revision 1 of this advisory.
5cb236af127bf2a15a76d901615c16bafe12e3e560b3c0e9e06a8de0ca19354a
Red Hat Security Advisory 2017-0860-01 - Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 57.0.2987.133. Security Fix: Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information when visited by the victim.
0f0c543a9c844c1ddd73436bed647ca9b229550b62fe06f2b8b6729963867aa5
Ubuntu Security Notice 3216-2 - USN-3216-1 fixed vulnerabilities in Firefox. The update resulted in a startup crash when Firefox is used with XRDP. This update fixes the problem. Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to bypass same origin restrictions, obtain sensitive information, spoof the addressbar, spoof the print dialog, cause a denial of service via application crash or hang, or execute arbitrary code. Various other issues were also addressed.
bdd690475d755f6e237c1928c67804e0d04d22fce097049cdd6f3faf990c3736
Red Hat Security Advisory 2017-0854-01 - After March 31, 2017, as per the life-cycle support policy for Red Hat Satellite, Red Hat will discontinue technical support services as well as software maintenance services for all Red Hat Satellite and Proxy versions 5.6 or older on Red Hat Enterprise Linux 5. The listed versions will exit the existing Limited Maintenance Release phase. This means that new bug fixes, security updates, and product enhancements will no longer be provided for the following product versions: Red Hat Satellite 5.6 and Proxy 5.6 on Red Hat Enterprise Linux 5 Details of the Satellite support policy can be found at:
c91b07662cdb7fb5ffc1118d99778a02b5faa200ec6d9c2571e570c1741923dd
Red Hat Security Advisory 2017-0855-01 - After March 31, 2017, as per the life-cycle support policy for Red Hat Satellite, Red Hat will discontinue technical support services as well as software maintenance services for all Red Hat Satellite and Proxy versions 5.6 or older on Red Hat Enterprise Linux 5. The listed versions will exit the existing Limited Maintenance Release phase. This means that new bug fixes, security updates, and product enhancements will no longer be provided for the following product versions: Red Hat Satellite 5.6 and Proxy 5.6 on Red Hat Enterprise Linux 5 Details of the Satellite support policy can be found at:
f453c136858e9563ca0770b26c555cb4790f655fb81b72607fb982c410a00704
Ubuntu Security Notice 3242-2 - USN-3242-1 fixed a vulnerability in Samba. The upstream fix introduced a regression when Samba is configured to disable following symbolic links. This update fixes the problem. Jann Horn discovered that Samba incorrectly handled symlinks. An authenticated remote attacker could use this issue to access files on the server outside of the exported directories. Various other issues were also addressed.
19c8c437d5ff2c736e55fe5001b1da5f1ac26b6e6652db0528f69a57cf7faa71
The Trend Micro Enterprise Mobile Security android application suffers from a man-in-the-middle SSL certificate vulnerability.
3be0a3916b23746808c0c776f1e66acee4ee7df205c6f4e4557903bacd4c08eb
HPE Security Bulletin HPESBHF03723 1 - A potential security vulnerability has been identified in HPE Aruba ClearPass Policy Manager. The vulnerability could be remotely exploited to allow execution of code. **Note:** The ClearPass Policy Manager administrative Web interface is affected by the vulnerability. ClearPass Guest, Insight, and Graphite are NOT impacted. Revision 1 of this advisory.
d6e597c7bb73b8b7ba06f660e94513f08f799d97c77d1c9cf31cc41c314e3fa6
HPE Security Bulletin HPESBUX03725 1 - Potential security vulnerabilities have been identified with HP-UX Web Server Suite running Apache on HP-UX 11iv3. These vulnerabilities could be exploited remotely to create a Denial of Service (DoS), Unauthorized Read Access to Data and other impacts including: * Padding Oracle attack in Apache mod_session_crypto * Apache HTTP Request Parsing Whitespace Defects. Revision 1 of this advisory.
5df1b537a3a2899886f0263d940c4193b758bfc583dd96021c5e940a90f029a8
Ubuntu Security Notice 3251-2 - USN-3251-1 fixed a vulnerability in the Linux kernel for Ubuntu 16.10. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 16.10 for Ubuntu 16.04 LTS. It was discovered that the xfrm framework for transforming packets in the Linux kernel did not properly validate data received from user space. A local attacker could use this to cause a denial of service or execute arbitrary code with administrative privileges. Various other issues were also addressed.
b1d487963e5c52b099632d8ab214ebd2e907b74a6c379f725d804c0da4616fcb
Ubuntu Security Notice 3251-1 - It was discovered that the xfrm framework for transforming packets in the Linux kernel did not properly validate data received from user space. A local attacker could use this to cause a denial of service or execute arbitrary code with administrative privileges.
1ca3a3e8ffe4e088904c9f1b8447dbb3bf2c0b1d8c96424615dc666524cfd330
Ubuntu Security Notice 3250-1 - It was discovered that the xfrm framework for transforming packets in the Linux kernel did not properly validate data received from user space. A local attacker could use this to cause a denial of service or execute arbitrary code with administrative privileges.
e0d47a21fe1bda95bc4b052c9f7665e52054b71dab369a17a44a17c1ebde95d4
Ubuntu Security Notice 3250-2 - USN-3250-1 fixed a vulnerability in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 LTS. It was discovered that the xfrm framework for transforming packets in the Linux kernel did not properly validate data received from user space. A local attacker could use this to cause a denial of service or execute arbitrary code with administrative privileges. Various other issues were also addressed.
b422cb5aab80fdbf0c348767b7d781f06b31e9fe1bd2d4d06b44326a9ad12b40
Ubuntu Security Notice 3249-2 - USN-3249-1 fixed a vulnerability in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. It was discovered that the xfrm framework for transforming packets in the Linux kernel did not properly validate data received from user space. A local attacker could use this to cause a denial of service or execute arbitrary code with administrative privileges. Various other issues were also addressed.
460470cda31135e28bf5e1bede438fdd331eba3492c08a19c3210a779e90f05a
Ubuntu Security Notice 3248-1 - It was discovered that the xfrm framework for transforming packets in the Linux kernel did not properly validate data received from user space. A local attacker could use this to cause a denial of service or execute arbitrary code with administrative privileges.
b2af43e9ee4661670491287b35ae5b6204a60fd2e6cb9ae3dbee38243de221bd
Ubuntu Security Notice 3249-1 - It was discovered that the xfrm framework for transforming packets in the Linux kernel did not properly validate data received from user space. A local attacker could use this to cause a denial of service or execute arbitrary code with administrative privileges.
8e6a027bf065ecdae1744051be9c1eeb8feffddb13c1d70f176316aecc5f924c
Ubuntu Security Notice 3236-1 - Multiple vulnerabilities were discovered in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to obtain sensitive information, spoof application UI by causing the security status API or webview URL to indicate the wrong values, bypass security restrictions, cause a denial of service via application crash, or execute arbitrary code. Various other issues were also addressed.
7069b55c974764404a6bd3c1a7386f8efd74a673a5217b50585d13825906a1ff
Debian Linux Security Advisory 3824-1 - George Noseevich discovered that firebird2.5, a relational database system, did not properly check User-Defined Functions (UDF), thus allowing remote authenticated users to execute arbitrary code on the firebird server.
77569fa3e3fe5a77943c7cab473511a3a5e942a79f3b4057eec65f15d8cdbc0e
Debian Linux Security Advisory 3798-2 - DSA-3798-1 for tnef introduced a regression that caused crashes on some attachments.
91907dc419eacbfe525acaae6b9baccfc9233d9873b50246b5cf24e06fb463de
Red Hat Security Advisory 2017-0847-01 - The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fix: It was found that the fix for CVE-2015-3148 in curl was incomplete. An application using libcurl with HTTP Negotiate authentication could incorrectly re-use credentials for subsequent requests to the same server.
974b5fabd635b171138950d3c4169a2374eec8a7fa006d510de7b420497dd80f
Slackware Security Advisory - New mariadb packages are available for Slackware 14.2 and -current to fix security issues.
d28bdd977d39f007c77399f719272fae2c4233f4574b5f1bad80d829ac511400
EMC Isilon OneFS versions 7.1.0 through 7.1.1.10, 7.2.0 through 7.2.1.3, and 8.0.0 through 8.0.0.1 suffer from a path traversal vulnerability.
e19aca5b754771c11a24391d2108333efd59db0c26f9b6719e2dd9b3d446f54c
Samsumg suffers from an RKP kernel protection bypass via lack of MSR trapping on Qualcomm devices.
0dbe80fe47e0d163198f99af0f2dd6414287047cc82447e99da5cf0bff3da457
RSA Archer Security Operations Management with RSA Unified Collector Framework contains a sensitive information disclosure vulnerability that could potentially be exploited by malicious users to compromise an affected system.
10839de202bb4655a184d8961982e46440c4191ebe1429db50e9ec565998237e