Ubuntu Security Notice 3405-2 - USN-3405-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. It was discovered that a use-after-free vulnerability existed in the POSIX message queue implementation in the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
9fb7e5e4b1090eb89ab9343b4aac56e8f9b44171aade9cf1e7eb6e419ed30450
Ubuntu Security Notice 3405-1 - It was discovered that a use-after-free vulnerability existed in the POSIX message queue implementation in the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Huang Weller discovered that the ext4 filesystem implementation in the Linux kernel mishandled a needs-flushing-before-commit list. A local attacker could use this to expose sensitive information. Various other issues were also addressed.
e985c878ac1f840112d8ae173a55521c302cdeedb1d58e78149cb339271b8e3a
Ubuntu Security Notice 3404-2 - USN-3404-1 fixed a vulnerability in the Linux kernel for Ubuntu 17.04. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 17.04 for Ubuntu 16.04 LTS. A reference count bug was discovered in the Linux kernel ipx protocol stack. A local attacker could exploit this flaw to cause a denial of service or possibly other unspecified problems.
2d34da306d516c16c1e2ce1d0a0fe419b9503fabe728dc169521bcf6b9b61947
OpenSSL Security Advisory 20170828 - If an X.509 certificate has a malformed IPAddressFamily extension, OpenSSL could do a one-byte buffer overread. The most likely result would be an erroneous display of the certificate in text format.
bfe693c207e12bf41b62de943a276fa92f260530bb94dfc8fc7787631bc42165
Ubuntu Security Notice 3404-1 - A reference count bug was discovered in the Linux kernel ipx protocol stack. A local attacker could exploit this flaw to cause a denial of service or possibly other unspecified problems.
fa33301449a180f6590fe7f0733eaeb35c623426b0539632995cb7b32c393c21
Gentoo Linux Security Advisory 201708-10 - Multiple integer overflow flaws have been discovered in jbig2dec, possibly resulting in execution of arbitrary code or Denial of Service. Versions less than 0.13-r4 are affected.
e800564a9d543207a426b461e655f3bbd79afb05e0188afad6b3e1e318f2fa3d
Gentoo Linux Security Advisory 201708-9 - Multiple vulnerabilities have been found in AutoTrace, the worst of which could cause a Denial of Service condition. Versions less than or equal to 0.31.1-r8 are affected.
7cfe73403f43378408fb5b3769e1d307d509e53b27c65a073dcd33b95ed6497d
HPE Security Bulletin HPESBHF03769 1 - A potential security vulnerability has been identified in HPE Integrated Lights-out (iLO 4). The vulnerability could be exploited remotely to allow authentication bypass and execution of code. Revision 1 of this advisory.
55e502bbbda3b626b9c1e5d89f1185c6db3ed04eb47bc7d55058c15b071a11c7
Ubuntu Security Notice 3402-1 - It was discovered that PySAML2 incorrectly handled certain SAML XML requests and responses. A remote attacker could use this issue to read arbitrary files.
7e2b752c629f0db0c9e92473055636c9ddd7e0ae07259a5129bcae252d90f5b7
Red Hat Security Advisory 2017-2534-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 52.3.0. Security Fix: Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird.
3efa095ba1b37ce40cff95ab71a1b77294a876547f5725f38d79b19e653d6887
Red Hat Security Advisory 2017-2533-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. Security Fix: It was found that the lightweight resolver protocol implementation in BIND could enter an infinite recursion and crash when asked to resolve a query name which, when combined with a search list entry, exceeds the maximum allowable length. A remote attacker could use this flaw to crash lwresd or named when using the "lwres" statement in named.conf.
f67e3196c2b632817bfb8e448d9d3dd646f5092db83ded905469f711f1af5d8f
Debian Linux Security Advisory 3953-1 - Zane Bitter from Red Hat discovered a vulnerability in Aodh, the alarm engine for OpenStack. Aodh does not verify that the user creating the alarm is the trustor or has the same rights as the trustor, nor that the trust is for the same project as the alarm. The bug allows that an authenticated users without a Keystone token with knowledge of trust IDs to perform unspecified authenticated actions by adding alarm actions.
b852fd7ecd286f6539eacf7df6220d7b6245d0b7ac2a1d9c823d9d20266e3fc4
Red Hat Security Advisory 2017-2530-01 - IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 6 to version 6 SR16-FP50. Security Fix: This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.
f5c9687c4bf79d6f277442191c422c31b1f4ffc77e93628a29f07ca77a7109d8
Red Hat Security Advisory 2017-2524-01 - Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically. The following packages have been upgraded to a later upstream version: ansible. Multiple security issues have been addressed.
33d24d0ae6ef6c520ee5abc9a80f8d042eb685f1a5d9a37ffb1c2af99bff2122
Ubuntu Security Notice 3401-1 - It was discovered that TeX Live incorrectly handled certain system commands. If a user were tricked into processing a specially crafted TeX file, a remote attacker could execute arbitrary code.
e2dd15b88bd511cf338df474d6659910010ee0c046f5ebf774a500cbf8251847
Debian Linux Security Advisory 3951-1 - Sebastian Krahmer discovered that a programming error in the mount helper binary of the Smb4k Samba network share browser may result in local privilege escalation.
f090c64e83c637a740e51341916f0499c6f32755580e47146fb7b8bf082aafbd
Debian Linux Security Advisory 3950-1 - Hossein Lotfi and Jakub Jirasek from Secunia Research have discovered multiple vulnerabilities in LibRaw, a library for reading RAW images. An attacker could cause a memory corruption leading to a DoS (Denial of Service) with craft KDC or TIFF file.
6bd640d22d0636b104d231b80f39fb8bd250f4aa1590299391ca0277bd425d7b
Red Hat Security Advisory 2017-2493-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. This release provides an update to OpenSSL and Tomcat 6/7 for Red Hat JBoss Web Server 2.1.2.
433eb5a4ba8c2a4ffb2b9fdb5aae2ede9d17adb9eef7d9ad9f509286e86517e5
Red Hat Security Advisory 2017-2494-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. This release provides an update to OpenSSL and Tomcat 6/7 for Red Hat JBoss Web Server 2.1.2.
5df0cde009ea76fc4d097ec8af7d6914e065e0eb2e8b377de3486c9be15a06b4
Ubuntu Security Notice 3399-1 - Hank Leininger discovered that cvs did not properly handle SSH for remote repositories. A remote attacker could use this to construct a cvs repository that when accessed could run arbitrary code with the privileges of the user.
e23e4f58ae7a4fb2abde5c65507b1ea997de4d014bc53813f98e38b53a87c713
Ubuntu Security Notice 3398-1 - Holger Fuhrmannek and Tyson Smith discovered that graphite2 incorrectly handled certain malformed fonts. If a user or automated system were tricked into opening a specially-crafted font file, a remote attacker could use this issue to cause graphite2 to crash, resulting in a denial of service, or possibly execute arbitrary code.
5171bb449a2c30960b248aece49de8e4622c8d0b6b55a34c13fb9f1067da82e7
Red Hat Security Advisory 2017-2492-01 - XML Security Library is a C library based on LibXML2 and OpenSSL. The library was created with a goal to support major XML security standards "XML Digital Signature" and "XML Encryption". Security Fix: It was discovered xmlsec1's use of libxml2 inadvertently enabled external entity expansion along with validation. An attacker could craft an XML file that would cause xmlsec1 to try and read local files or HTTP/FTP URLs, leading to information disclosure or denial of service.
e8bcf95b5c5ae7a1240f8be1f988de36d99bb4814d5eaf28c6f9b0ad935bf1d5
Ubuntu Security Notice 3400-1 - It was discovered that Augeas incorrectly handled certain strings. An attacker could use this issue to cause Augeas to crash, leading to a denial of service, or possibly execute arbitrary code.
069c31ed3c92aa61e9da9557a3351b78cdf628e2ca68cd856e67f0af67331b0d
Gentoo Linux Security Advisory 201708-8 - An use-after-free vulnerability has been found in bzip2 that could allow remote attackers to cause a Denial of Service condition. Versions less than 1.0.6-r8 are affected.
5253c85b763cf31254a3615b19f2ca67a15a7bef7732e42cd55f6e3f95a14ae1
Gentoo Linux Security Advisory 201708-7 - Improper hypertext validation might allow remote attackers to execute arbitrary code. Versions less than 0.5.1 are affected.
d3085c3a417493ef68055fb14f8a4b6ac78b31031d405e786a5aee67a36c3696