Red Hat Security Advisory 2017-1739-01 - OpenStack Dashboard provides administrators and users with a graphical interface to access, provision, and automate cloud-based resources. Security Fix: A cross-site scripting flaw was discovered in the OpenStack dashboard which allowed remote authenticated administrators to conduct XSS attacks using a crafted federation mapping rule. For this flaw to be exploited, federation mapping must be enabled in the dashboard.
95af0406275f158f0085ef9a2ede7899Red Hat Security Advisory 2017-1731-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update upgrades Flash Player to version 26.0.0.137. Security Fix: This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities, detailed in the Adobe Security Bulletin listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to crash, execute arbitrary code, or disclose sensitive information when the victim loaded a page containing the malicious SWF content.
32cef9657a3ce726d633e0dba2951591Red Hat Security Advisory 2017-1721-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix: It was discovered that the HTTP parser in httpd incorrectly allowed certain characters not permitted by the HTTP protocol specification to appear unencoded in HTTP request headers. If httpd was used in conjunction with a proxy or backend server that interpreted those characters differently, a remote attacker could possibly use this flaw to inject data into HTTP responses, resulting in proxy cache poisoning.
fc524626b25012e84611eccacaa89fdfRed Hat Security Advisory 2017-1715-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: The NFSv2 and NFSv3 server implementations in the Linux kernel through 4.10.13 lacked certain checks for the end of a buffer. A remote attacker could trigger a pointer-arithmetic error or possibly cause other unspecified impacts using crafted requests related to fs/nfsd/nfs3xdr.c and fs/nfsd/nfsxdr.c.
6cb9a3cd6aba6439cf93b7f8e27fb742Red Hat Security Advisory 2017-1723-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: The NFSv2 and NFSv3 server implementations in the Linux kernel through 4.10.13 lacked certain checks for the end of a buffer. A remote attacker could trigger a pointer-arithmetic error or possibly cause other unspecified impacts using crafted requests related to fs/nfsd/nfs3xdr.c and fs/nfsd/nfsxdr.c.
75185b7c03dfc5dde8fb73a832f79046When dealing with XFRM_MSG_MIGRATE message, xfrm_migrate func does not check dir value of xfrm_userpolicy_id. This will cause out of bound access to net->xfrm.policy_bydst in policy_hash_direct func and others when dir value exceeds XFRM_POLICY_MAX. Linux kernel versions 4.12 and below are affected.
0a9bccc3cad6b206f80adee221c9dd8fGentoo Linux Security Advisory 201707-14 - A vulnerability in Gajim might allow remote attackers to intercept encrypted communications. Versions less than 0.16.6-r1 are affected.
2ce7a444a40b74b85f8b2e84b09636cfSlackware Security Advisory - New irssi packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.
6f917da1caa8bfc75814b1bb03ee4aa7Gentoo Linux Security Advisory 201707-13 - Multiple vulnerabilities have been found in libcroco, the worst of which may have unspecified impacts. Versions less than 0.6.12-r1 are affected.
1793e2952d6addae780a82cc3f100816Debian Linux Security Advisory 3905-1 - Two security issues have been discovered in the X.org X server, which may lead to privilege escalation or an information leak.
eec15ef958b064e5d22c3fbaa8454462Gentoo Linux Security Advisory 201707-8 - A vulnerability in feh might allow remote attackers to execute arbitrary code. Versions less than 2.18.3 are affected.
40951553fff817c1dc86e7aab502b98fGentoo Linux Security Advisory 201707-7 - Multiple vulnerabilities have been found in JasPer, the worst of which could could allow an attacker to execute arbitrary code. Versions less than 2.0.12 are affected.
a80f5473fe70b14926714399895e5370Gentoo Linux Security Advisory 201707-6 - Multiple vulnerabilities have been found in virglrenderer, the worst of which could allow local guest OS users to cause a Denial of Service condition. Versions are affected.
3f4534c3255b0846c107799ebecc5712Gentoo Linux Security Advisory 201707-5 - Multiple vulnerabilities have been found in OpenSLP, the worst of which allows remote attackers to cause a Denial of Service condition or other unspecified impacts. Versions less than 2.0.0-r4 are affected.
1a3ddce2f748c7c3ff71382b62ca0845Gentoo Linux Security Advisory 201707-4 - Multiple vulnerabilities have been found in libsndfile, the worst of which might allow remote attackers to execute arbitrary code. Versions less than 1.0.28 are affected.
38cbfd5398ee180b875237e9e50b1329Gentoo Linux Security Advisory 201707-3 - A vulnerability in phpMyAdmin might allow remote attackers to bypass authentication. Versions less than 4.0.10.20 are affected.
51b517f05def67e4d8a109b8077e4599Gentoo Linux Security Advisory 201707-2 - Multiple vulnerabilities have been found in Game Music Emu, the worst of which could lead to the execution of arbitrary code. Versions are affected.
9e23fc9a4f05a5a92addf2ea5ccd7279Gentoo Linux Security Advisory 201707-11 - A vulnerability in RoundCube may allow authenticated users to bypass security restrictions. Versions less than 1.2.5 are affected.
39c1034455ea3979431c584a89fa0932Gentoo Linux Security Advisory 201707-10 - Multiple vulnerabilities have been found in VLC, the worst of which may allow remote attackers to execute arbitrary code. Versions less than 2.2.6 are affected.
a2c2fafa64935fe01062ec3036b6835bGentoo Linux Security Advisory 201707-9 - A vulnerability has been found in GNOME applet for NetworkManager allowing local attackers to access the local filesystem. Versions less than 1.4.6-r1 are affected.
15516137dcdcdd7dd84d94bca455ae67Debian Linux Security Advisory 3904-1 - ClA(c)ment Berthaux from Synaktiv discovered two vulnerabilities in BIND, a DNS server implementation. They allow an attacker to bypass TSIG authentication by sending crafted DNS packets to a server.
614af9c12cc1f45c436a7ec95a3703dbSlackware Security Advisory - New php packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.
b0ea49baf368fafefa60aaacd3034567Ubuntu Security Notice 3350-1 - Aleksandar Nikolic discovered that poppler incorrectly handled JPEG 2000 images. If a user or automated system were tricked into opening a crafted PDF file, an attacker could cause a denial of service or possibly execute arbitrary code with privileges of the user invoking the program. Jiaqi Peng discovered that the poppler pdfunite tool incorrectly parsed certain malformed PDF documents. If a user or automated system were tricked into opening a crafted PDF file, an attacker could cause poppler to crash, resulting in a denial of service. Various other issues were also addressed.
548be691af892f773e9a819ceafa873bRed Hat Security Advisory 2017-1712-01 - Red Hat 3scale API Management Platform 2.0 is a platform for the management of access and traffic for web-based APIs across a variety of deployment options. Security Fix: It was found that RH-3scale AMP would permit creation of an access token without a client secret. An attacker could use this flaw to circumvent authentication controls and gain access to restricted APIs. The underlying container image was also rebuilt to resolve other security issues.
956dddcd24d616d3e3eb9855a25dca7eRed Hat Security Advisory 2017-1685-01 - Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically. The following packages have been upgraded to a later upstream version: ansible. Multiple security issues have been addressed.
084dc8c61b5bccdb4f01fcf963d46fc5
© 2016 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed