Red Hat Security Advisory 2017-0868-01 - Red Hat JBoss Fuse, based on Apache ServiceMix, provides a small-footprint, flexible, open source enterprise service bus and integration platform. Red Hat JBoss A-MQ, based on Apache ActiveMQ, is a standards compliant messaging system that is tailored for use in mission critical applications. This patch is an update to Red Hat JBoss Fuse 6.3 and Red Hat JBoss A-MQ 6.3. It includes bug fixes and enhancements, which are documented in the readme.txt file included with the patch files. Multiple security issues have been addressed.
b44baec06b4aa30482485d1d8aad1f8dcd12a8a67d5b08f4763ee3b328caa8b9
Ubuntu Security Notice 3253-1 - It was discovered that Nagios incorrectly handled certain long strings. A remote authenticated attacker could use this issue to cause Nagios to crash, resulting in a denial of service, or possibly obtain sensitive information. It was discovered that Nagios incorrectly handled certain long messages to cmd.cgi. A remote attacker could possibly use this issue to cause Nagios to crash, resulting in a denial of service. Various other issues were also addressed.
c79b4480ec225f484a4c3353e13bf0f2725307d7e9ba6254c20baa738cf5326f
Gentoo Linux Security Advisory 201804-2 - Multiple vulnerabilities have been found in glibc, the worst of which could allow remote attackers to execute arbitrary code. Versions less than 2.25-r11 are affected.
20bcb176dc8f678b8fcebb3c25e5481340c2a49599d9b052bbd05cff312da576
Ubuntu Security Notice 3617-2 - USN-3617-1 fixed vulnerabilities in the Linux kernel for Ubuntu 17.10. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 17.10 for Ubuntu 16.04 LTS. It was discovered that a race condition leading to a use-after-free vulnerability existed in the ALSA PCM subsystem of the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
0f276e7a9b2bfbe06e0d855d178a4c603928a7a485688ab62d5262889acef454
Gentoo Linux Security Advisory 201804-1 - Multiple vulnerabilities were discovered in libxslt, the worst of which may allow a remote attacker to execute arbitrary code. Versions less than 1.1.30 are affected.
d1879b034e5fc47ed24dc480f47c4e7a0c8ee1432d5e5748e9cd53782da9a161
Ubuntu Security Notice 3617-1 - It was discovered that a race condition leading to a use-after-free vulnerability existed in the ALSA PCM subsystem of the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the KVM implementation in the Linux kernel allowed passthrough of the diagnostic I/O port 0x80. An attacker in a guest VM could use this to cause a denial of service in the host OS. Various other issues were also addressed.
fe4a210e922b4739e377a7859b8122e447d7ffe0cc9c2252e70ad5829f91e7d1
Mongoose OS versions 1.2 and below suffers from use-after-free and denial of service vulnerabilities.
29230e265e6385403b48459f9970358441ef14a35850ac8f58e0c0615ecbb02c
Kony Enterprise Mobile Management version 4.2.0 suffers from a private key disclosure vulnerability.
dfac23b8cfe379e80ab577f0e5961abd9d7facc3a6363c97daf642b809407477
Red Hat Security Advisory 2017-0863-01 - In accordance with the Red Hat Enterprise Linux Errata Support Policy, Extended Life Cycle Support for Red Hat Enterprise Linux 4 was retired on March 31, 2017, and active support is no longer provided. Accordingly, Red Hat will no longer provide updated packages, including Critical Impact security patches or Urgent Priority bug fixes, for Red Hat Enterprise Linux 4 ELS after March 31, 2017.
131beb38cc9b40830d94c90e126d4e23e59e6a45e730087ab1ac6ab776c32045
Red Hat Security Advisory 2017-0862-01 - In accordance with the Red Hat Enterprise Linux Errata Support Policy, support for Red Hat Enterprise Linux 5 was retired on March 31, 2017, at the end of Production Phase 3 and active support is no longer provided. As the product will now be in the Extended Life Phase, customers will continue to have access to all previously released content, and limited technical support will be available through Red Hat's Customer Experience and Engagement as described in the Knowledge Base article available at https://access.redhat.com/articles/64664. However, we recognize that some customers will wish to remain on Red Hat Enterprise Linux 5 even after the March 31, 2017 retirement date. To meet this customer requirement, Red Hat will offer customers the option to purchase the Extended Life Cycle Support Add-On as an annually renewable subscription. This ELS Add-On provides customers with up to an additional three and a half years of Critical Impact security fixes and selected Urgent Priority bug fixes for Red Hat Enterprise Linux 5.11. Red Hat Enterprise Linux 5 ELS coverage will conclude on November 30, 2020.
d20db9cfe243dcc9600d667c3912980b508184bbf305692a5b59f606afb7193f
Red Hat Security Advisory 2017-0861-01 - In accordance with the Red Hat Enterprise Linux Errata Support Policy, Advanced Mission Critical for Red Hat Enterprise Linux 5.6 was retired on March 31, 2017, and active support is no longer provided. Accordingly, Red Hat will no longer provide updated packages, including Critical Impact security patches or Urgent Priority bug fixes, for Red Hat Enterprise Linux 5.6 AMC after March 31, 2017.
73af0a91302880b0fda84ff2a350359ef8afc8ca8e1ada416d43d14f11c22c58
Red Hat Security Advisory 2017-0864-01 - In accordance with the Red Hat Enterprise Linux Errata Support Policy, Extended Update Support for Red Hat Enterprise Linux 7.1 was retired on March 31, 2017, and active support is no longer provided. Accordingly, Red Hat will no longer provide updated packages, including Critical Impact security patches or Urgent Priority bug fixes, for Red Hat Enterprise Linux 7.1 EUS after March 31, 2017.
1726950944e029aa9e87b05926c45da5d19892259fd9378d3a11527bf5a608d1
OpenManage Server Administrator version 8.4 suffers from a directory traversal vulnerability.
64df1022197272561fbf522b26472bc450a0c8b7c4f7cf66729ba27dcad0eadc
PHP version 7.1.2 suffers from an incorrect behavior with fsockopen.
f95a66bf357d7a4d4cc45ea50c1c6154b09b14db99cf7f747b69412d4f11e0e0
Apple Security Advisory 2017-04-03-1 - iOS 10.3.1 is now available and addresses a wifi vulnerability.
8b5f0e4a03e750a7b56884a02e8dfd789cb35bb0287acfccf2e07d060e4d0524
GeoMoose versions 2.9.2 and below suffer from a directory traversal vulnerability.
e8ffd351cb42c9c1aa1f94365a6e68fff547aebacc6c9e8b8dfc861633983dd6
Chimein.mozilla.org suffers from multiple cross site scripting vulnerabilities.
677bf08f3abab45727864c625f11fef8a1d0809f03498843151760f1272f19e3
This Metasploit module abuses the sudo access granted to tomcat and the mvtroubleshooting.sh script to escalate privileges. In order to work, a tomcat session with access to sudo on the sudoers is needed. This Metasploit module is useful for post exploitation of BlueCoat vulnerabilities, where typically web server privileges are acquired, and this user is allowed to execute sudo on the sudoers file.
e2893d0c823a71c5e42bc07dcb197f2a382e0587c64f12ee1c7ad55690e5b7f2
360-FAAR Firewall Analysis Audit and Repair is an offline command line perl policy manipulation tool to filter, compare to logs, merge, translate and output firewall commands for new policies, in checkpoint dbedit or screenos commands.
f2753c34c9883dfe15003f5b0814c44255ff34cfd31b9a7bf514172123ed05ff