Red Hat Security Advisory 2017-1583-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. Security Fix: A denial of service flaw was found in the way BIND handled responses containing a DNAME answer. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response.
e9b9a042180a214847e5dfb74e6d32ab0f667bf43a23874c8dba389ebd9a427a
Red Hat Security Advisory 2017-1582-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. Security Fix: A denial of service flaw was found in the way BIND handled a query response containing CNAME or DNAME resource records in an unusual order. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response.
84b22a5a96a36143771a9bef7a93bdc0456d8db21ec2a432908506f424ef8eae
Red Hat Security Advisory 2017-1601-01 - Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller framework for web application development. Action Pack implements the controller and the view components. rh-ruby23-rubygem-nokogiri provides Nokogiri, which is an HTML, XML, SAX, and Reader parser. Among Nokogiri's many features is the ability to search documents using XPath or CSS3 selectors. rh-ruby23-rubygem-ovirt-engine-sdk4 provides the ruby SDK for the oVirt Engine API.
0574f2d4fd96b9baab7b74076a3be29cf78f8d6826c4f076104246b11cb8e929
Red Hat Security Advisory 2017-1615-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: A flaw was found in the way Linux kernel allocates heap memory to build the scattergather list from a fragment list->frag_list) in the socket buffer. The heap overflow occurred if 'MAX_SKB_FRAGS + 1' parameter and 'NETIF_F_FRAGLIST' feature were used together. A remote user or process could use this flaw to potentially escalate their privilege on a system.
f1988095293b1d64049e46bd41403517aff425f5b6ac9160c3403479e585fd90
Red Hat Security Advisory 2017-1616-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix: A flaw was found in the way memory was being allocated on the stack for user space binaries. If heap and stack memory regions were adjacent to each other, an attacker could use this flaw to jump over the stack guard gap, cause controlled memory corruption on process stack or the adjacent memory region, and thus increase their privileges on the system. This is a kernel-side mitigation which increases the stack guard gap size from one page to 1 MiB to make successful exploitation of this issue more difficult.
8aecb00d2b9667bdf5d8c27595fddfad109f0a2bfd6bc403167c8298e434ebc5
Red Hat Security Advisory 2017-1647-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix: A flaw was found in the way memory was being allocated on the stack for user space binaries. If heap and stack memory regions were adjacent to each other, an attacker could use this flaw to jump over the stack guard gap, cause controlled memory corruption on process stack or the adjacent memory region, and thus increase their privileges on the system. This is a kernel-side mitigation which increases the stack guard gap size from one page to 1 MiB to make successful exploitation of this issue more difficult.
4df02e3c6dd354591d13a86f53c57cd626f1477f6715af4f1d6dffe22a92ba18
Red Hat Security Advisory 2017-1581-01 - FreeRADIUS is a high-performance and highly configurable free Remote Authentication Dial In User Service server, designed to allow centralized authentication and authorization for a network. Security Fix: An authentication bypass flaw was found in the way the EAP module in FreeRADIUS handled TLS session resumption. A remote unauthenticated attacker could potentially use this flaw to bypass the inner authentication check in FreeRADIUS by resuming an older unauthenticated TLS session.
b73b1497053005ca6e5d0d3802d993a74f39976d43523a78802ae9d4a60bacce
Ubuntu Security Notice 3341-1 - An out-of-bounds write was discovered in systemd-resolved when handling specially crafted DNS responses. A remote attacker could potentially exploit this to cause a denial of service or execute arbitrary code.
f70c86242a8d9c2bb482ca58cb9bc1ed7c3a1dbcc3ca402d658d13a42f066308
Debian Linux Security Advisory 3899-1 - Several vulnerabilities have been found in VLC, the VideoLAN project's media player. Processing malformed subtitles or movie files could lead to denial of service and potentially the execution of arbitrary code.
1d89f07e3eaf3a21eb9d878b9b6bbe0493bc043a7d00836d211ef54ddaeeab27
Gentoo Linux Security Advisory 201706-29 - A vulnerability in KAuth and KDELibs allows local users to gain root privileges. Versions less than 5.29.0-r1 are affected.
a6514831f6193a3f2e7d37397a2b49bbba61c57093e95e6c2e2f5f26c55d9602
Gentoo Linux Security Advisory 201706-28 - Multiple vulnerabilities have been found in LibreOffice, the worst of which allows for the remote execution of arbitrary code. Versions less than 5.2.7.2 are affected.
18ccac86e7fcb5b42793ef6cb9f989623be1cd6625b8f7b60be444b45f2e8176
Gentoo Linux Security Advisory 201706-27 - A vulnerability in FreeRADIUS might allow remote attackers to bypass authentication. Versions less than 3.0.14 are affected.
cfdaccccfa8752e7363654d2eaefe258f8031b52529f0216f4b0c0855b3e65f7
Red Hat Security Advisory 2017-1576-01 - Mercurial is a fast, lightweight source control management system designed for efficient handling of very large distributed projects. Security Fix: A flaw was found in the way "hg serve --stdio" command in Mercurial handled command-line options. A remote, authenticated attacker could use this flaw to execute arbitrary code on the Mercurial server by using specially crafted command-line options.
1734ed9eb729720f08ed7e92dc3dc860b851675b778347155bacb8e60fb582cc
Slackware Security Advisory - New kernel packages are available for Slackware 14.2 and -current to fix security issues.
970a6a172e9260f4249ec31d0dfcbdc5b73376df688024ebe93ac6125c292a2f
This Microsoft bulletin summary lists many CVEs that have undergone a major revision increment.
8f3f2c8aac06bb0814cbc4f0f5cc66e6c13a9604da0bf615f67a1892ba342272
Ubuntu Security Notice 3340-1 - Emmanuel Dreyfus discovered that third-party modules using the ap_get_basic_auth_pw function outside of the authentication phase may lead to authentication requirements being bypassed. This update adds a new ap_get_basic_auth_components function for use by third-party modules. Vasileios Panopoulos discovered that the Apache mod_ssl module may crash when third-party modules call ap_hook_process_connection during an HTTP request to an HTTPS port. Various other issues were also addressed.
4fbb0cd5128e4b23de1949c019dde3ebd97609ecd0bfa2b4a8e88c05d3455098
Red Hat Security Advisory 2017-1574-01 - The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Security Fix: It was found that the original fix for CVE-2017-1000367 was incomplete. A flaw was found in the way sudo parsed tty information from the process status file in the proc filesystem. A local user with privileges to execute commands via sudo could use this flaw to escalate their privileges to root.
a3fd6f04b6ad8fda2683b5fb984f344082cd866c71e638d5c9353f10fb2aa301
Gentoo Linux Security Advisory 201706-26 - Multiple vulnerabilities have been found in Vim and gVim, the worst of which might allow remote attackers to execute arbitrary code. Versions less than 8.0.0386 are affected.
7c10733701e29eeac37e6aa8fe06cb324e6b890f4459b3cb0b45ca1fc384e0e9
Gentoo Linux Security Advisory 201706-25 - An out-of-bounds write in Graphite might allow remote attackers to execute arbitrary code. Versions less than 1.3.8-r1 are affected.
1946705f6b04b4a318b88a460932bc22203cf80d8a418c8a00f59203e127b15d
Gentoo Linux Security Advisory 201706-24 - Multiple vulnerabilities have been found in jbig2dec, the worst of which might allow remote attackers to execute arbitrary code. Versions less than 0.13-r1 are affected.
bbe4193e46518a36b58547ae9e8ceafb2ceff2dfeab96c22e4a47be79974f263
This Microsoft bulletin summary lists one CVE that has undergone a major revision increment.
228ba02789c521391ee6c48698b3e7b885ad417c33c778543d53ba8a3ccfe129
This Microsoft bulletin summary lists many CVEs that have undergone a major revision increment.
fae845b246924cc9e54f816a4286310351404dff440feefbf497cb13fd42589b
Gentoo Linux Security Advisory 201706-21 - A cache-related side channel vulnerability was found in nettle which might allow an attacker to obtain sensitive information. Versions less than 3.2-r1 are affected.
885f8056e74c9f6d0aea60f7ffb6818f90255f732b0dca76c25821d89e332ea7
Ubuntu Security Notice 3339-1 - Karthikeyan Bhargavan and Gaetan Leurent discovered that 64-bit block ciphers are vulnerable to a birthday attack. A remote attacker could possibly use this issue to recover cleartext data. Fixing this issue requires a configuration change to switch to a different cipher. This update adds a warning to the log file when a 64-bit block cipher is in use. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 16.10. It was discovered that OpenVPN incorrectly handled rollover of packet ids. An authenticated remote attacker could use this issue to cause OpenVPN to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 16.10. Various other issues were also addressed.
18a5c77511e3ae26a7bfae4c9431f20c33fd11ad212e06d8a50e2ce03e855ef6
Gentoo Linux Security Advisory 201706-23 - Multiple vulnerabilities have been found in Urban Terror, the worst of which allows for the remote execution of arbitrary code. Versions less than 4.3.2_p20170426 are affected.
e1ed8d30f0b392a1b39ea2791603589dc1bacab5b9a9bad5fe16c9d56300d144