Ubuntu Security Notice 1664-1 - Zhang Zuotao discovered a bug in the Linux kernel's handling of overlapping fragments in ipv6. A remote attacker could exploit this flaw to bypass firewalls and initial new network connections that should have been blocked by the firewall.
6cc269777de498820b4f3428ffca1afeccf4ef82851bcddbf4c41147c00f8664
Red Hat Security Advisory 2012-1569-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes three vulnerabilities in Adobe Flash Player. These vulnerabilities are detailed in the Adobe Security bulletin APSB12-27, listed in the References section. Specially-crafted SWF content could cause flash-plugin to crash or, potentially, execute arbitrary code when a victim loads a page containing the malicious SWF content. All users of Adobe Flash Player should install this updated package, which upgrades Flash Player to version 11.2.202.258.
68826378a23c6835ab8786ab943ceb72b5d7206f214c74e9a810f6faa9d464c9
Red Hat Security Advisory 2012-1573-01 - JBoss Enterprise BRMS Platform is a business rules management system for the management, storage, creation, modification, and deployment of JBoss Rules. This release of JBoss Enterprise BRMS Platform 5.3.1 serves as a replacement for JBoss Enterprise BRMS Platform 5.3.0. This release is currently only available as a deployable package to run on an existing JBoss application server. This release includes various bug fixes and enhancements which are detailed in the JBoss Enterprise BRMS Platform 5.3.1 Release Notes.
bf9f8f6a4d2ff0e97219f6e2e185cd7d046382fc5b2477937fcb87b996f5b2cc
Red Hat Security Advisory 2012-1559-01 - JBoss Enterprise BRMS Platform is a business rules management system for the management, storage, creation, modification, and deployment of JBoss Rules. A flaw was found in the way Apache CXF verified that XML elements were signed or encrypted by a particular Supporting Token. Apache CXF checked to ensure these elements were signed or encrypted by a Supporting Token, but not whether the correct token was used. A remote attacker could use this flaw to transmit confidential information without the appropriate security, and potentially circumvent access controls on web services exposed via Apache CXF.
d5e73eb74d72466bddcd439ae2bba0a2104e4aad9662744fbaf796e820bc8742
Ubuntu Security Notice 1663-1 - Eric Windisch discovered that Nova did not properly clear LVM-backed images before they were reallocated which could potentially lead to an information leak. This issue only affected setups using libvirt LVM-backed instances.
47552d961cb7420e227e0d7f341bfa33241e9daa98c95fecf923a48db77bb204