Gentoo Linux Security Advisory 201706-19 - Multiple vulnerabilities have been found in the GNU C Library, the worst of which may allow execution of arbitrary code. Versions less than 2.23-r4 are affected.
b042a9fc410bfc48b07851567cd191a13e543080d34a0b9511fa8406a8e546b6
Gentoo Linux Security Advisory 201706-18 - Multiple vulnerabilities have been found in mbed TLS, the worst of which could lead to the remote execution of arbitrary code. Versions less than 2.4.2 are affected.
139b319763ce14589220d31223be8b93b30461ac57aaf618d5d20ba6908dac87
Ubuntu Security Notice 3325-1 - It was discovered that the stack guard page for processes in the Linux kernel was not sufficiently large enough to prevent overlapping with the heap. An attacker could leverage this with another vulnerability to execute arbitrary code and gain administrative privileges Roee Hay discovered that the parallel port printer driver in the Linux kernel did not properly bounds check passed arguments. A local attacker with write access to the kernel command line arguments could use this to execute arbitrary code. Various other issues were also addressed.
426ec316fe236e8d4959114127b40493159b960d73bfac790d20f2dc4485a012
Red Hat Security Advisory 2017-1550-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release of Red Hat JBoss Enterprise Application Platform 6.4.16 serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.15, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix: It was found that the log file viewer in Red Hat JBoss Enterprise Application 6 and 7 allows arbitrary file read to authenticated user via path traversal.
b38fbb96686334c79c8089af92b83fa789abf61a11fe39f62cedebfd30371e13
Red Hat Security Advisory 2017-1549-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release of Red Hat JBoss Enterprise Application Platform 6.4.16 serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.15, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix: It was found that the log file viewer in Red Hat JBoss Enterprise Application 6 and 7 allows arbitrary file read to authenticated user via path traversal.
b3dffaa5826ddeb437cf9ba3a3faa39e8d5ec3cc5e068c94abbc6ae858e349b2
Gentoo Linux Security Advisory 201706-17 - Multiple vulnerabilities have been found in Kodi, the worst of which could allow remote attackers to execute arbitrary code. Versions less than 17.2 are affected.
8abb131ee92154274ecbc50b0b43d870cfc267ead7e67220164fde50bb1d459e
Red Hat Security Advisory 2017-1548-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release of Red Hat JBoss Enterprise Application Platform 6.4.16 serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.15, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix: It was found that the log file viewer in Red Hat JBoss Enterprise Application 6 and 7 allows arbitrary file read to authenticated user via path traversal.
b43ee448088714f6cce26d0861def784b5d92b1a93e2fc8bd3b225096ea014f4
Red Hat Security Advisory 2017-1552-01 - The jboss-ec2-eap packages provide scripts for Red Hat JBoss Enterprise Application Platform running on the Amazon Web Services Elastic Compute Cloud. With this update, the jboss-ec2-eap package has been updated to ensure compatibility with Red Hat JBoss Enterprise Application Platform 6.4.16. Security Fix: It was found that the log file viewer in Red Hat JBoss Enterprise Application 6 and 7 allows arbitrary file read to authenticated user via path traversal.
83999230d01a9c3bbbf6d3b2ee5723a712f6426c18d00dde9b46bcba4d48d1e0
Gentoo Linux Security Advisory 201706-16 - A header injection vulnerability in GNU Wget might allow remote attackers to inject arbitrary HTTP headers. Versions less than 1.19.1-r1 are affected.
63ff0366622b0de8bac0c65a69ef7df6029f5b44dc41736d4dafce671f722a93
Red Hat Security Advisory 2017-1551-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release of Red Hat JBoss Enterprise Application Platform 6.4.16 serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.15, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix: It was found that the log file viewer in Red Hat JBoss Enterprise Application 6 and 7 allows arbitrary file read to authenticated user via path traversal.
46737bfb65431c424d1b2db74165eb2d03dfe6e0fd5ab3cdb389c49ff61cd6d5
Ubuntu Security Notice 3333-1 - It was discovered that a use-after-free flaw existed in the filesystem encryption subsystem in the Linux kernel. A local attacker could use this to cause a denial of service. It was discovered that the stack guard page for processes in the Linux kernel was not sufficiently large enough to prevent overlapping with the heap. An attacker could leverage this with another vulnerability to execute arbitrary code and gain administrative privileges Various other issues were also addressed.
4f09ff9dd0d89be7716f1de63c51f7fa6a9d6f67532e75235081f7aa9d16038e
Ubuntu Security Notice 3330-1 - It was discovered that the stack guard page for processes in the Linux kernel was not sufficiently large enough to prevent overlapping with the heap. An attacker could leverage this with another vulnerability to execute arbitrary code and gain administrative privileges Roee Hay discovered that the parallel port printer driver in the Linux kernel did not properly bounds check passed arguments. A local attacker with write access to the kernel command line arguments could use this to execute arbitrary code. Various other issues were also addressed.
561ba665a7c8f14f516368a687aefc2ebe5edf93a9e4bdf5d2c8abff837be886
Ubuntu Security Notice 3331-1 - It was discovered that the stack guard page for processes in the Linux kernel was not sufficiently large enough to prevent overlapping with the heap. An attacker could leverage this with another vulnerability to execute arbitrary code and gain administrative privileges Roee Hay discovered that the parallel port printer driver in the Linux kernel did not properly bounds check passed arguments. A local attacker with write access to the kernel command line arguments could use this to execute arbitrary code. Various other issues were also addressed.
5360f2519114cf4b52118ed5761eecdee88d6b6f9f4e8f48aceb3b4dd94c7be3
Ubuntu Security Notice 3332-1 - It was discovered that the stack guard page for processes in the Linux kernel was not sufficiently large enough to prevent overlapping with the heap. An attacker could leverage this with another vulnerability to execute arbitrary code and gain administrative privileges Roee Hay discovered that the parallel port printer driver in the Linux kernel did not properly bounds check passed arguments. A local attacker with write access to the kernel command line arguments could use this to execute arbitrary code. Various other issues were also addressed.
d86bb80f33e0989ed1392542782f2b74404af76ec716b844dd5b37b8a9521b5e
Red Hat Security Advisory 2017-1484-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: A flaw was found in the way memory was being allocated on the stack for user space binaries. If heap and stack memory regions were adjacent to each other, an attacker could use this flaw to jump over the stack guard gap, cause controlled memory corruption on process stack or the adjacent memory region, and thus increase their privileges on the system. This is a kernel-side mitigation which increases the stack guard gap size from one page to 1 MiB to make successful exploitation of this issue more difficult.
70f2d03339adc94ba659898ee5ec2c30a159d8de22a306e7bfddacc3f37c63b2
Ubuntu Security Notice 3335-1 - It was discovered that the stack guard page for processes in the Linux kernel was not sufficiently large enough to prevent overlapping with the heap. An attacker could leverage this with another vulnerability to execute arbitrary code and gain administrative privileges It was discovered that a use-after-free vulnerability in the core voltage regulator driver of the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
a18999a5900951e758b482057ceed33a0d89e8139f2125f11dd871bbd302fdfc
Ubuntu Security Notice 3334-1 - It was discovered that the stack guard page for processes in the Linux kernel was not sufficiently large enough to prevent overlapping with the heap. An attacker could leverage this with another vulnerability to execute arbitrary code and gain administrative privileges Roee Hay discovered that the parallel port printer driver in the Linux kernel did not properly bounds check passed arguments. A local attacker with write access to the kernel command line arguments could use this to execute arbitrary code. Various other issues were also addressed.
1b72b0433ffd0f73d5780bc3643d40413707b65705b1bea82d24d12c690f5e18
Apache mod_http2 versions 2.4.24 and 2.4.25 suffer from a null pointer dereference vulnerability.
e530e961d3a007b273620b857888fc551cce328fa775403586033587d675abe0
Apache httpd versions 2.2.0 through 2.2.32 and 2.4.0 through 2.4.25 suffer from an ap_get_basic_auth_pw authentication bypass vulnerability.
91185608bf17446a65d3162acf6502b214022de0afb72f7e8442d2cb9e7c1616
Qualys has released a large amount of research surrounding the use of stack clash vulnerabilities and how stack guard on Linux can be bypassed.
a388b77480d7ab1132bd2ce877ddcf881022854bdff22370446258252e109e37
Red Hat Security Advisory 2017-1504-01 - Red Hat OpenStack Platform director provides the facilities for deploying and monitoring a private or public infrastructure-as-a-service cloud based on Red Hat OpenStack Platform. Security Fix: A design flaw issue was found in the Red Hat OpenStack Platform director use of TripleO to enable libvirtd based live-migration. Libvirtd is deployed by default listening on 0.0.0.0 with no-authentication or encryption. Anyone able to make a TCP connection to any compute host IP address, including 127.0.0.1, other loopback interface addresses, or in some cases possibly addresses that have been exposed beyond the management interface, could use this to open a virsh session to the libvirtd instance and gain control of virtual machine instances or possibly take over the host.
3840589e2693d08d1670384f05a200afe399afbeb9796c19932b40525836262c
Red Hat Security Advisory 2017-1508-01 - OpenStack Compute launches and schedules large networks of virtual machines, creating a redundant and scalable cloud computing platform. Compute provides the software, control panels, and APIs required to orchestrate a cloud, including running virtual machine instances and controlling access through users and projects. The following packages have been upgraded to a later upstream version: openstack-nova. Multiple security issues have been addressed.
59ccdaf46d209e1a08cb8ecf8a5ab06073d958eb47544d66f6d9c4cbc7698c5f
Ubuntu Security Notice 3311-2 - USN-3311-1 fixed a vulnerability in libnl. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that libnl incorrectly handled memory when performing certain operations. A local attacker could possibly use this issue to cause libnl to crash, resulting in a denial of service, or execute arbitrary code. Various other issues were also addressed.
ffae3047b0eb79a4dcb9763352ab036b802e3dda8579495edfbe4877d079504f
Red Hat Security Advisory 2017-1481-01 - The glibc packages provide the standard C libraries, POSIX thread libraries, standard math libraries, and the name service cache daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fix: A flaw was found in the way memory was being allocated on the stack for user space binaries. If heap and stack memory regions were adjacent to each other, an attacker could use this flaw to jump over the stack guard gap, cause controlled memory corruption on process stack or the adjacent memory region, and thus increase their privileges on the system. This is glibc-side mitigation which blocks processing of LD_LIBRARY_PATH for programs running in secure-execution mode and reduces the number of allocations performed by the processing of LD_AUDIT, LD_PRELOAD, and LD_HWCAP_MASK, making successful exploitation of this issue more difficult.
c6c174c0d8ec6d669792bb5e4069958974e409436c5d7c7cdf697a20b28ebc53
Red Hat Security Advisory 2017-1482-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: A flaw was found in the way memory was being allocated on the stack for user space binaries. If heap and stack memory regions were adjacent to each other, an attacker could use this flaw to jump over the stack guard gap, cause controlled memory corruption on process stack or the adjacent memory region, and thus increase their privileges on the system. This is a kernel-side mitigation which increases the stack guard gap size from one page to 1 MiB to make successful exploitation of this issue more difficult.
eb7d49178d141c8ba644fcf36ba9936fbb18c3c09524af225eb82f67aa6bb010