Ubuntu Security Notice 3360-1 - It was discovered that the Linux kernel did not properly initialize a Wake- on-Lan data structure. A local attacker could use this to expose sensitive information. It was discovered that the Linux kernel did not properly restrict access to /proc/iomem. A local attacker could use this to expose sensitive information. It was discovered that a use-after-free vulnerability existed in the performance events and counters subsystem of the Linux kernel for ARM64. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
b728a817657de92c7a8e7a3974a7db179927290da525b28390f7ffee93bfc9c8
Apple Security Advisory 2017-07-19-7 - iCloud for Windows 6.2.2 is now available and addresses information disclosure, code execution, and various other vulnerabilities.
f6c72c4517098c3e7034d35d6ba98acffde8bf0131ee5bb5000e212e653c3fcc
Apple Security Advisory 2017-07-19-6 - iTunes 12.6.2 is now available and addresses code execution, information disclosure, and various other vulnerabilities.
c13a5cb60055a2f9fb0fc52c32c0f5cfdd41d6b2a43d5d86a0dac83a01cd277a
Ubuntu Security Notice 3360-2 - USN-3360-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 ESM. It was discovered that the Linux kernel did not properly initialize a Wake- on-Lan data structure. A local attacker could use this to expose sensitive information. Various other issues were also addressed.
dd0fe2c526143d34a107f7f383bf5197ebc0f403d7b65cfed4142a62d732f7a3
Apple Security Advisory 2017-07-19-5 - Safari 10.1.2 is now available and addresses spoofing, cross origin, and various other vulnerabilities.
45581232806476f5919c8e4e4c4fdf08c450b51103777da433824e0c8b3de277
Apple Security Advisory 2017-07-19-4 - tvOS 10.2.2 is now available and addresses code execution, memory corruption, and various other vulnerabilities.
798e9c95aeaa853124be2fc126e398e496507dcf41bb26e2e72c942964f741a3
Ubuntu Security Notice 3359-1 - It was discovered that the Linux kernel did not properly initialize a Wake- on-Lan data structure. A local attacker could use this to expose sensitive information. Dmitry Vyukov, Andrey Konovalov, Florian Westphal, and Eric Dumazet discovered that the netfiler subsystem in the Linux kernel mishandled IPv6 packet reassembly. A local user could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
4c2386596faece3a8190c5928d9c879c09f797743015282506baa7e3339d72ec
HPE Security Bulletin HPESBHF03766 1 - Potential security vulnerabilities with NTP have been addressed for HPE network products including Comware 5 used in certain ConvergedSystem 700 solutions. The vulnerabilities could be remotely exploited resulting in Denial of Service (DoS) or unauthorized modification, or locally exploited resulting in Denial of Service (DoS). Revision 1 of this advisory.
3edfee76e1994530da7a06fe189c9516c8fd4b472f41291e675135108bd439bc
Ubuntu Security Notice 3358-1 - It was discovered that the Linux kernel did not properly initialize a Wake- on-Lan data structure. A local attacker could use this to expose sensitive information. Alexander Potapenko discovered a race condition in the Advanced Linux Sound Architecture subsystem in the Linux kernel. A local attacker could use this to expose sensitive information. Various other issues were also addressed.
d2cf22e826ff1c4d35650ee61a489bed7dde9575afc78303e036d460dfe637d3
Red Hat Security Advisory 2017-1793-01 - Graphite2 is a project within SIL's Non-Roman Script Initiative and Language Software Development groups to provide rendering capabilities for complex non-Roman writing systems. Graphite can be used to create "smart fonts" capable of displaying writing systems with various complex behaviors. With respect to the Text Encoding Model, Graphite handles the "Rendering" aspect of writing system implementation. The following packages have been upgraded to a newer upstream version: graphite2. Multiple security issues have been addressed.
736af5abc072c79d5f321c80bfb71391a4b91c50e5670e5d50a8172ca59aa559
Apple Security Advisory 2017-07-19-2 - macOS 10.12.6 is now available and addresses code execution, memory corruption, and various other vulnerabilities.
bcc56d96708e760ecf0c7d3255dbf1e45f11507054dc7e9d429392beb7658554
Apple Security Advisory 2017-07-19-1 - iOS 10.3.3 is now available and addresses code execution, memory corruption, and various other vulnerabilities.
a2d4b5826b831607a1a8366303cee291dd5ca20677f208e056fb175e2afb1cea
Apple Security Advisory 2017-07-19-3 - watchOS 3.2.2 is now available and addresses buffer overflow, memory corruption, and various other vulnerabilities.
2fa8590de49a3c02931519d0800027cc9481ae8c56ee97b6eed14111c641ea61
Red Hat Security Advisory 2017-1789-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix: It was discovered that the DCG implementation in the RMI component of OpenJDK failed to correctly handle references. A remote attacker could possibly use this flaw to execute arbitrary code with the privileges of RMI registry or a Java RMI application. Multiple flaws were discovered in the RMI, JAXP, ImageIO, Libraries, AWT, Hotspot, and Security components in OpenJDK. An untrusted Java application or applet could use these flaws to completely bypass Java sandbox restrictions.
76628dadd7f569e118fab99cce8ff2b666334e4fb2a442575297edf2ee19eb19
Ubuntu Security Notice 3357-1 - Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.5.57 in Ubuntu 14.04 LTS. Ubuntu 16.04 LTS and Ubuntu 17.04 have been updated to MySQL 5.7.19. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Various other issues were also addressed.
b49a45918bc6c2ffba832ffccde5d3953466c8f2426e634f889f8dbdba759bca
Red Hat Security Advisory 2017-1790-01 - Oracle Java SE version 8 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update upgrades Oracle Java SE 8 to version 8 Update 141. Security Fix: This update fixes multiple vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit.
957558151d57a9ba206c09ea21b995d68e6590fe4c857ac561b51d94c913ab40
Red Hat Security Advisory 2017-1791-01 - Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update upgrades Oracle Java SE 7 to version 7 Update 151. Security Fix: This update fixes multiple vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit.
5fb6bf5f4a356511e8dcf3e2167946d7b18a870ae1ae0a0df9151257edecc8db
Red Hat Security Advisory 2017-1792-01 - Oracle Java SE version 6 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update upgrades Oracle Java SE 6 to version 6 Update 161. Security Fix: This update fixes multiple vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit.
a94df468f93b9ee2d95e0da96430c90b4615ff895508073a9657b87f545f8074
Red Hat Security Advisory 2017-1787-01 - collectd is a small C-language daemon, which reads various system metrics periodically and updates RRD files. Because the daemon does not start up each time it updates files, it has a low system footprint. The following packages have been upgraded to a later upstream version: collectd. Security Fix: collectd contains an infinite loop due to how the parse_packet() and parse_part_sign_sha256() functions interact. If an instance of collectd is configured with "SecurityLevel None" and empty "AuthFile" options, an attacker can send crafted UDP packets that trigger the infinite loop, causing a denial of service.
9fe4cce5befb77f355add009553c2ae645b6b416db689aea5c036985f29dd3ac
Ubuntu Security Notice 3356-2 - USN-3356-1 fix a vulnerability in Expat. This update provides the corresponding update for Ubuntu 12.04 ESM. A It was discovered that Expat incorrectly handled certain external A entities. A remote attacker could possibly use this issue to cause A Expat to hang, resulting in a denial of service. Various other issues were also addressed.
7298e45947fd02ee7303731ee6ff6c66f34cd68f1cb5281ef16ac87653584963
Ubuntu Security Notice 3356-1 - It was discovered that Expat incorrectly handled certain external entities. A remote attacker could possibly use this issue to cause Expat to hang, resulting in a denial of service.
2bfed7f069c4187c12f4e904e868cfc4cb0052fe6d136336fe816266ea7e4044
Ubuntu Security Notice 3355-1 - Frediano Ziglio discovered that Spice incorrectly handled certain invalid monitor configurations. A remote attacker could use this issue to cause Spice to crash, resulting in a denial of service, or possibly execute arbitrary code.
f481df33912bb2d773edf10b5d92627116d5d3c05a54eb0ff478f8396d9e6b16
Ubuntu Security Notice 3212-3 - USN-3212-1 and USN-3212-2 fixed a vulnerability in LibTIFF. This update provides a subset of corresponding update for Ubuntu 12.04 ESM. A It was discovered that LibTIFF incorrectly handled certain malformed A images. If a user or automated system were tricked into opening a A specially crafted image, a remote attacker could crash the A application, leading to a denial of service, or possibly execute A arbitrary code with user privileges. Various other issues were also addressed.
f6649d7376a67bb72bac2ef5ba3d5a08ce63560aecf03229be010bd3ac125ae0
Ubuntu Security Notice 3307-2 - USN-3307-1 fixed a vulnerability in OpenLDAP. This update provides the corresponding update for ubuntu 12.04 ESM. A Karsten Heymann discovered that OpenLDAP incorrectly handled certain A search requests. A remote attacker could use this issue to cause slapd A to crash, resulting in a denial of service. Various other issues were also addressed.
6824128b7ce99a1b204ab1d8547f25786cb0ac458e388f96913fa120bc5b4c12
Debian Linux Security Advisory 3914-1 - memory handling problems and cases of missing or incomplete input sanitizing may result in denial of service, memory disclosure or the execution of arbitrary code if malformed RLE, SVG, PSD, PDB, DPX, MAT, TGA, VST, CIN, DIB, MPC, EPT, JNG, DJVU, JPEG, ICO, PALM or MNG files are processed.
0f034f310d2383ee144c6075970bf32287ef618568e6f3447ec99ae371fb0055