Red Hat Security Advisory 2017-2524-01 - Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically. The following packages have been upgraded to a later upstream version: ansible. Multiple security issues have been addressed.
eeb0e43eadcef23b93b4abe97297f528Ubuntu Security Notice 3401-1 - It was discovered that TeX Live incorrectly handled certain system commands. If a user were tricked into processing a specially crafted TeX file, a remote attacker could execute arbitrary code.
973f0d6d63a7108bfbe41b826faa80e8Debian Linux Security Advisory 3951-1 - Sebastian Krahmer discovered that a programming error in the mount helper binary of the Smb4k Samba network share browser may result in local privilege escalation.
cd62ea77e544e3c16423e462608118a7Debian Linux Security Advisory 3950-1 - Hossein Lotfi and Jakub Jirasek from Secunia Research have discovered multiple vulnerabilities in LibRaw, a library for reading RAW images. An attacker could cause a memory corruption leading to a DoS (Denial of Service) with craft KDC or TIFF file.
6b2dcf3f03044b5b372b42ba49189156Red Hat Security Advisory 2017-2493-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. This release provides an update to OpenSSL and Tomcat 6/7 for Red Hat JBoss Web Server 2.1.2.
c91f004dfb6ea550cac658c237092cadRed Hat Security Advisory 2017-2494-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. This release provides an update to OpenSSL and Tomcat 6/7 for Red Hat JBoss Web Server 2.1.2.
1c2b50089538626a94105f55b035f73aUbuntu Security Notice 3399-1 - Hank Leininger discovered that cvs did not properly handle SSH for remote repositories. A remote attacker could use this to construct a cvs repository that when accessed could run arbitrary code with the privileges of the user.
78f1f0af1f850ae448c23fcc826ae1deUbuntu Security Notice 3398-1 - Holger Fuhrmannek and Tyson Smith discovered that graphite2 incorrectly handled certain malformed fonts. If a user or automated system were tricked into opening a specially-crafted font file, a remote attacker could use this issue to cause graphite2 to crash, resulting in a denial of service, or possibly execute arbitrary code.
1ece36edb670fe9f149e370c636c688dRed Hat Security Advisory 2017-2492-01 - XML Security Library is a C library based on LibXML2 and OpenSSL. The library was created with a goal to support major XML security standards "XML Digital Signature" and "XML Encryption". Security Fix: It was discovered xmlsec1's use of libxml2 inadvertently enabled external entity expansion along with validation. An attacker could craft an XML file that would cause xmlsec1 to try and read local files or HTTP/FTP URLs, leading to information disclosure or denial of service.
819cb939df0a91198cf7f34e6d3f07d8Ubuntu Security Notice 3400-1 - It was discovered that Augeas incorrectly handled certain strings. An attacker could use this issue to cause Augeas to crash, leading to a denial of service, or possibly execute arbitrary code.
f710dd4756bb7d70d4620fc315b48ecfGentoo Linux Security Advisory 201708-8 - An use-after-free vulnerability has been found in bzip2 that could allow remote attackers to cause a Denial of Service condition. Versions less than 1.0.6-r8 are affected.
a3fe97f23a6c95ac0784ee8c435b368bGentoo Linux Security Advisory 201708-7 - Improper hypertext validation might allow remote attackers to execute arbitrary code. Versions less than 0.5.1 are affected.
77563b84a9cce46e35eff354d1ed709fUbuntu Security Notice 3397-1 - It was discovered that strongSwan incorrectly handled verifying specific RSA signatures. A remote attacker could use this issue to cause strongSwan to crash, resulting in a denial of service.
11eb9b113895405a91be0e597f4ced9bGentoo Linux Security Advisory 201708-6 - Multiple vulnerabilities have been found in GPL Ghostscript, the worst of which can resulting in the execution of arbitrary code. Versions less than 9.21 are affected.
d4ba3da54dbdd3528da3e6aa3b27caf6Gentoo Linux Security Advisory 201708-5 - An integer overflow in RAR and UnRAR might allow remote attackers to execute arbitrary code.
c99c3bdbce7638bba426fdb340bdee01Gentoo Linux Security Advisory 201708-4 - An insecure file usage has been reported in Ked Password Manager possibly allowing confidential information to be disclosed. Versions less than 0.4.0-r2 are affected.
659b6002b175185d450659c0d496a746Debian Linux Security Advisory 3948-1 - A read buffer overflow was discovered in the idtech3 (Quake III Arena) family of game engines. This allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted packet.
a4caa5617ae8118e654214e10ca2ae48Debian Linux Security Advisory 3946-1 - It was discovered that libsmpack, a library used to handle Microsoft compression formats, did not properly validate its input. A remote attacker could craft malicious CAB or CHM files and use this flaw to cause a denial of service via application crash, or potentially execute arbitrary code.
41203652aeeaba8153a6dec73c153cfaUbuntu Security Notice 3396-1 - It was discovered that the JPEGImageReader class in OpenJDK would incorrectly read unused image data. An attacker could use this to specially construct a jpeg image file that when opened by a Java application would cause a denial of service. It was discovered that the JAR verifier in OpenJDK did not properly handle archives containing files missing digests. An attacker could use this to modify the signed contents of a JAR file. Various other issues were also addressed.
563a851a69fe1deaec7a5894f67e7722Andrey Konovalov discovered a race condition in the UDP Fragmentation Offload (UFO) code in the Linux kernel. A local attacker could use this to cause a denial of service or execute arbitrary code. Andrey Konovalov discovered a race condition in AF_PACKET socket option handling code in the Linux kernel. A local unprivileged attacker could use this to cause a denial of service or possibly execute arbitrary code.
c8908f6bf286f4cf4b1a6341a51852ffUbuntu Security Notice 3391-3 - USN-3391-1 fixed vulnerabilities in Firefox. The update introduced a performance regression with WebExtensions. This update fixes the problem. Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to conduct cross-site scripting attacks, bypass sandbox restrictions, obtain sensitive information, spoof the origin of modal alerts, bypass same origin restrictions, read uninitialized memory, cause a denial of service via program crash or hang, or execute arbitrary code. Various other issues were also addressed.
70cb762bf916b30e1ecee308a541a880Red Hat Security Advisory 2017-2491-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection. Security Fix: A shell command injection flaw related to the handling of "ssh" URLs has been discovered in Git. An attacker could use this flaw to execute shell commands with the privileges of the user running the Git client, for example, when performing a "clone" action on a malicious repository or a legitimate repository containing a malicious commit.
2f87d3f7e18f8ea1608c332b3ef8877cUbuntu Security Notice 3393-2 - USN-3393-1 fixed several vulnerabilities in ClamAV. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that ClamAV incorrectly handled parsing certain e- mail messages. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service. Various other issues were also addressed.
3c6110b7ada194e5b8f653a22bc2baecUbuntu Security Notice 3395-1 - It was discovered that c-ares incorrectly handled certain NAPTR responses. A remote attacker could possibly use this issue to cause applications using c-ares to crash, resulting in a denial of service.
d2cce8e48df03fe7df069e3d6ead86afUbuntu Security Notice 3394-1 - It was discovered that libmspack incorrectly handled certain malformed CHM files. A remote attacker could use this issue to cause libmspack to crash, resulting in a denial of service, or possibly execute arbitrary code. It was discovered that libmspack incorrectly handled certain malformed CAB files. A remote attacker could use this issue to cause libmspack to crash, resulting in a denial of service. Various other issues were also addressed.
4f87d43d2be9a216285585808f4b1c2e
© 2016 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed