Ubuntu Security Notice 2858-3 - Nathan Williams discovered that overlayfs in the Linux kernel incorrectly handled setattr operations. A local unprivileged attacker could use this to create files with administrative permission attributes and execute arbitrary code with elevated privileges.
48425681b0b5e53cc4b801c91c5dcb8b298e07313c119da1cedff6eacf4292a3
Ubuntu Security Notice 2858-2 - Nathan Williams discovered that overlayfs in the Linux kernel incorrectly handled setattr operations. A local unprivileged attacker could use this to create files with administrative permission attributes and execute arbitrary code with elevated privileges.
84b822e206e80ae7b54ed801761cd7e4fb9808f03798dc7446e5325a4760b793
Ubuntu Security Notice 2858-1 - Nathan Williams discovered that overlayfs in the Linux kernel incorrectly handled setattr operations. A local unprivileged attacker could use this to create files with administrative permission attributes and execute arbitrary code with elevated privileges.
45cfcb2e85fdde5eb27a504542175a36445956c958ab02632509d0bd1adead99
Ubuntu Security Notice 2857-2 - Nathan Williams discovered that overlayfs in the Linux kernel incorrectly handled setattr operations. A local unprivileged attacker could use this to create files with administrative permission attributes and execute arbitrary code with elevated privileges.
7e38428ed628f59f51dad90aea0dacbac3f82c78e918bc84ccec9e85b4f01c29
Debian Linux Security Advisory 3435-1 - Blake Burkhart discovered that the Git git-remote-ext helper incorrectly handled recursive clones of git repositories. A remote attacker could possibly use this issue to execute arbitrary code by injecting commands via crafted URLs.
79e3590b0ad8688b6035120a579889261e6e6c3face4d28a132126be082d0fb3
Ubuntu Security Notice 2857-1 - Nathan Williams discovered that overlayfs in the Linux kernel incorrectly handled setattr operations. A local unprivileged attacker could use this to create files with administrative permission attributes and execute arbitrary code with elevated privileges.
8af0ea8abe573c2c245c547df79ec15d62a5547312f9d4d0daf04fa42de8d477
Red Hat Security Advisory 2016-0001-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A flaw was found in the way Thunderbird handled content using the 'data:' and 'view-source:' URIs. An attacker could use this flaw to bypass the same-origin policy and read data from cross-site URLs and local files.
51d1b08204b8faeea255411a7e312189b297b5089ebbab3ff4e4b43c6dc3182a
Ubuntu Security Notice 2856-1 - Thilo Uttendorfer discovered that the ldb incorrectly handled certain zero values. A remote attacker could use this issue to cause applications using ldb, such as Samba, to stop responding, resulting in a denial of service. Douglas Bagnall discovered that ldb incorrectly handled certain string lengths. A remote attacker could use this issue to possibly access sensitive information from memory of applications using ldb, such as Samba. Various other issues were also addressed.
06bff63b4bcbbd739e856db003c4656d0fe21fde784af34dc73fb6bb7e9d35ae
Ubuntu Security Notice 2855-1 - Thilo Uttendorfer discovered that the Samba LDAP server incorrectly handled certain packets. A remote attacker could use this issue to cause the LDAP server to stop responding, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu 15.04 and Ubuntu 15.10. Jan Kasprzak discovered that Samba incorrectly handled certain symlinks. A remote attacker could use this issue to access files outside the exported share path. Various other issues were also addressed.
18d6b6eab4573732c5916ffb8324e2969fbb471ee55086f434a7c90629cc7e91
Debian Linux Security Advisory 3434-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leak.
f1141a8de6449e71f448b35c2f5555c825d9e8cd9ccb92406b4982ef5187cd2b
The Nuit Du Hack Call For Papers for 2016 has been announced. It will be held July 2nd through the 3rd, 2016 at the Disneyland Paris convention center.
cb5e8bc26780ada44c0a11dec6732e1115a5648e137cf6ceb77c4a6c82386420
The Alcatel Lucent Home Device Manager management console suffers from multiple cross site scripting vulnerabilities.
6ca37aa2b741d2a932bf88aeb2a7c29e34b2f41d21497e9dcccf69519f7dc7f9
Simple PHP Polling System suffers from cross site scripting, password reset, and remote SQL injection vulnerabilities.
cd2d6fb0263ff61ebc10adeed54da7f570c9f68aa5e24fa1fc5e2ffc8a9132c5
F5 BIG-IP suffers from an input validation vulnerability that can lead to denial of service and possibly code execution.
555fb203d5884a261a2665d9d2bab1b145012d04be04c0364004742fdf0be93c
This papers discusses security and the REST API. Specifically discussed is a security implementation using OAUTH as part of the security framework to protect access to resources (data and services).
40a74b8637269bef957b13e6aadc3261bd5989070ec315366453e9c3dd50c2b8
Ganeti suffers from unauthenticated information disclosure and denial of service vulnerabilities.
b366b0e8cdc76ece2a45806306e7e5adc7f7ed618bac49a090623b0b34db5e3c