Ubuntu Security Notice 2907-1 - halfdog discovered that OverlayFS, when mounting on top of a FUSE mount, incorrectly propagated file attributes, including setuid. A local unprivileged attacker could use this to gain privileges. halfdog discovered that OverlayFS in the Linux kernel incorrectly propagated security sensitive extended attributes, such as POSIX ACLs. A local unprivileged attacker could use this to gain privileges. Various other issues were also addressed.
fdac4052fa0c407475c40375a8f0dfb58fed0c920779bbb4203e890183fb094e
Ubuntu Security Notice 2906-1 - Alexander Cherepanov discovered that GNU cpio incorrectly handled symbolic links when used with the --no-absolute-filenames option. If a user or automated system were tricked into extracting a specially-crafted cpio archive, a remote attacker could possibly use this issue to write arbitrary files. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. Gustavo Grieco discovered that GNU cpio incorrectly handled memory when extracting archive files. If a user or automated system were tricked into extracting a specially-crafted cpio archive, a remote attacker could use this issue to cause GNU cpio to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.
d325f862f7fc8ef80e24f8d0efdc54ce587cd101af92a075a5d4fe50d647846f
D-Link DVG-N5402SP suffers from multiple cross site scripting vulnerabilities.
00212030b0faf3597e3fc1a1ff6f673044fbc8446f0a10ea4595c4099289ccc5