what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 17 of 17 RSS Feed

Files Date: 2017-06-28

Red Hat Security Advisory 2017-1658-01
Posted Jun 28, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1658-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release includes bug fixes as well as a new release of OpenSSL. For further information, see the knowledge base article linked to in the References section. All users of Red Hat JBoss Enterprise Application Platform 6.4 on Red Hat Enterprise Linux 7 are advised to upgrade to these updated packages. The JBoss server process must be restarted for the update to take effect. Multiple security issues have been addressed.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2016-2177, CVE-2016-2178, CVE-2016-6304, CVE-2016-8610
SHA-256 | 50aa060f98da6b1e50308b6d01277a2a6b359083f0c8bbb7e34abde4dcebe506
Red Hat Security Advisory 2017-1599-01
Posted Jun 28, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1599-01 - Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically. Security Fix: An input validation vulnerability was found in Ansible's handling of data sent from client systems. An attacker with control over a client system being managed by Ansible, and the ability to send facts back to the Ansible server, could use this flaw to execute arbitrary code on the Ansible server using the Ansible server privileges.

tags | advisory, remote, arbitrary
systems | linux, redhat
advisories | CVE-2017-7466, CVE-2017-7473, CVE-2017-7481
SHA-256 | 534a661506144dd1d7c4748a4b8038a02eb473ba1ffd28cb7cbe641a049f56ee
Red Hat Security Advisory 2017-1598-01
Posted Jun 28, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1598-01 - OpenStack Dashboard provides administrators and users with a graphical interface to access, provision, and automate cloud-based resources. The following packages have been upgraded to a later upstream version: python-django-horizon. Security Fix: A cross-site scripting flaw was discovered in the OpenStack dashboard which allowed remote authenticated administrators to conduct XSS attacks using a crafted federation mapping rule. For this flaw to be exploited, federation mapping must be enabled in the dashboard.

tags | advisory, remote, xss, python
systems | linux, redhat
advisories | CVE-2017-7400
SHA-256 | 559e51a6b19aaa61c99248ccbdb1fcb845ea12e44cd8b4a143d495ee7d1395c1
Red Hat Security Advisory 2017-1597-01
Posted Jun 28, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1597-01 - The OpenStack Identity service authenticates and authorizes OpenStack users by keeping track of users and their permitted activities. The Identity service supports multiple forms of authentication, including user name and password credentials, token-based systems, and AWS-style logins. The following packages have been upgraded to a later upstream version: openstack-keystone. Multiple security issues have been addressed.

tags | advisory
systems | linux, redhat
advisories | CVE-2017-2673
SHA-256 | 7ce5a937781538a68f366244f4d415c9484ec8458131eb303ef5866f6bf3a4f0
Red Hat Security Advisory 2017-1596-01
Posted Jun 28, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1596-01 - Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY principle. The following packages have been upgraded to a later upstream version: python-django. Security Fix: A redirect flaw, where the is_safe_url() function did not correctly sanitize numeric-URL user input, was found in python-django. A remote attacker could exploit this flaw to perform XSS attacks against the OpenStack dashboard.

tags | advisory, remote, web, python
systems | linux, redhat
advisories | CVE-2017-7233
SHA-256 | d0e6a85be46c7aeefb2e61f70abc77ca2dd2e25ace97d6cacede77e48678e993
Red Hat Security Advisory 2017-1659-01
Posted Jun 28, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1659-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release includes bug fixes as well as a new release of OpenSSL that addresses a number of outstanding security flaws. For further information, see the knowledge base article linked to in the References section. All users of Red Hat JBoss Enterprise Application Platform 6.4 on Red Hat Enterprise Linux 6 are advised to upgrade to these updated packages. Multiple security issues have been addressed.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2016-2177, CVE-2016-2178, CVE-2016-6304, CVE-2016-8610
SHA-256 | b063190fd710dc1e98b42fc46ea97b54f3b495147b0d0c8c6dc8b32e46110a6d
Red Hat Security Advisory 2017-1595-01
Posted Jun 28, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1595-01 - OpenStack Compute launches and schedules large networks of virtual machines, creating a redundant and scalable cloud computing platform. Compute provides the software, control panels, and APIs required to orchestrate a cloud, including running virtual machine instances and controlling access through users and projects. python-novaclient is the python client for the OpenStack Nova API. The client's Python API and command-line script both implement 100% of the OpenStack Nova API. The following packages have been upgraded to a later upstream version: python-novaclient, openstack-nova.

tags | advisory, python
systems | linux, redhat
advisories | CVE-2017-7214
SHA-256 | 330df04280f7d7f7159a8e3468ba074f1edea700e2d331a76319fccf22b8fe8c
Red Hat Security Advisory 2017-1584-01
Posted Jun 28, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1584-01 - OpenStack Workflow groups multiple OpenStack tasks into workflows. Red Hat OpenStack Platform uses these workflows to perform common functions, including bare-metal node control, validations, plan management, and overcloud deployment. The following packages have been upgraded to a later upstream version: openstack-mistral. Security Fix: An accessibility flaw was found in the OpenStack Workflow service where a service log directory was improperly made world readable. A malicious system user could exploit this flaw to access sensitive information.

tags | advisory
systems | linux, redhat
advisories | CVE-2017-2622
SHA-256 | 83b83656626fa8b3b9b1b2ec988a662459fce6b1f729349623b89d60262c5bcc
Debian Security Advisory 3900-1
Posted Jun 28, 2017
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3900-1 - Several issues were discovered in openvpn, a virtual private network application.

tags | advisory
systems | linux, debian
advisories | CVE-2017-7479, CVE-2017-7508, CVE-2017-7520, CVE-2017-7521
SHA-256 | bf8347ff66079df80932f331596ee3113b769a47ba519e3bc4dca3d7a34bc4e6
Debian Security Advisory 3886-2
Posted Jun 28, 2017
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3886-2 - The security update announced as DSA-3886-1 caused regressions for some applications using Java - including jsvc, LibreOffice and Scilab - due to the fix for CVE-2017-1000364. Updated packages are now available to correct this issue.

tags | advisory, java
systems | linux, debian
SHA-256 | ce9bf9d0bbae9cb2f5019f278dbcafd470817881ac36abe0c8d7c89647dbd973
Red Hat Security Advisory 2017-1583-01
Posted Jun 28, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1583-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. Security Fix: A denial of service flaw was found in the way BIND handled responses containing a DNAME answer. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response.

tags | advisory, remote, denial of service, protocol
systems | linux, redhat
advisories | CVE-2016-8864, CVE-2016-9131, CVE-2016-9147, CVE-2016-9444, CVE-2017-3137
SHA-256 | e9b9a042180a214847e5dfb74e6d32ab0f667bf43a23874c8dba389ebd9a427a
Red Hat Security Advisory 2017-1582-01
Posted Jun 28, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1582-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. Security Fix: A denial of service flaw was found in the way BIND handled a query response containing CNAME or DNAME resource records in an unusual order. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response.

tags | advisory, remote, denial of service, protocol
systems | linux, redhat
advisories | CVE-2017-3137, CVE-2017-3139
SHA-256 | 84b22a5a96a36143771a9bef7a93bdc0456d8db21ec2a432908506f424ef8eae
Red Hat Security Advisory 2017-1601-01
Posted Jun 28, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1601-01 - Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller framework for web application development. Action Pack implements the controller and the view components. rh-ruby23-rubygem-nokogiri provides Nokogiri, which is an HTML, XML, SAX, and Reader parser. Among Nokogiri's many features is the ability to search documents using XPath or CSS3 selectors. rh-ruby23-rubygem-ovirt-engine-sdk4 provides the ruby SDK for the oVirt Engine API.

tags | advisory, web, ruby
systems | linux, redhat
advisories | CVE-2016-4457, CVE-2016-7047, CVE-2017-7497
SHA-256 | 0574f2d4fd96b9baab7b74076a3be29cf78f8d6826c4f076104246b11cb8e929
Red Hat Security Advisory 2017-1615-01
Posted Jun 28, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1615-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: A flaw was found in the way Linux kernel allocates heap memory to build the scattergather list from a fragment list->frag_list) in the socket buffer. The heap overflow occurred if 'MAX_SKB_FRAGS + 1' parameter and 'NETIF_F_FRAGLIST' feature were used together. A remote user or process could use this flaw to potentially escalate their privilege on a system.

tags | advisory, remote, overflow, kernel
systems | linux, redhat
advisories | CVE-2017-2583, CVE-2017-6214, CVE-2017-7477, CVE-2017-7645, CVE-2017-7895
SHA-256 | f1988095293b1d64049e46bd41403517aff425f5b6ac9160c3403479e585fd90
Red Hat Security Advisory 2017-1616-01
Posted Jun 28, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1616-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix: A flaw was found in the way memory was being allocated on the stack for user space binaries. If heap and stack memory regions were adjacent to each other, an attacker could use this flaw to jump over the stack guard gap, cause controlled memory corruption on process stack or the adjacent memory region, and thus increase their privileges on the system. This is a kernel-side mitigation which increases the stack guard gap size from one page to 1 MiB to make successful exploitation of this issue more difficult.

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2017-1000364, CVE-2017-2583, CVE-2017-6214, CVE-2017-7477, CVE-2017-7645, CVE-2017-7895
SHA-256 | 8aecb00d2b9667bdf5d8c27595fddfad109f0a2bfd6bc403167c8298e434ebc5
Red Hat Security Advisory 2017-1647-01
Posted Jun 28, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1647-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix: A flaw was found in the way memory was being allocated on the stack for user space binaries. If heap and stack memory regions were adjacent to each other, an attacker could use this flaw to jump over the stack guard gap, cause controlled memory corruption on process stack or the adjacent memory region, and thus increase their privileges on the system. This is a kernel-side mitigation which increases the stack guard gap size from one page to 1 MiB to make successful exploitation of this issue more difficult.

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2017-1000364, CVE-2017-6214, CVE-2017-7645, CVE-2017-7895
SHA-256 | 4df02e3c6dd354591d13a86f53c57cd626f1477f6715af4f1d6dffe22a92ba18
Red Hat Security Advisory 2017-1581-01
Posted Jun 28, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1581-01 - FreeRADIUS is a high-performance and highly configurable free Remote Authentication Dial In User Service server, designed to allow centralized authentication and authorization for a network. Security Fix: An authentication bypass flaw was found in the way the EAP module in FreeRADIUS handled TLS session resumption. A remote unauthenticated attacker could potentially use this flaw to bypass the inner authentication check in FreeRADIUS by resuming an older unauthenticated TLS session.

tags | advisory, remote
systems | linux, redhat
advisories | CVE-2017-9148
SHA-256 | b73b1497053005ca6e5d0d3802d993a74f39976d43523a78802ae9d4a60bacce
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close