OSCI-Transport library version 1.2 for German e-Government suffers from padding oracle, signature wrapping, and XML external entity injection vulnerabilities.
e836d90008122100e3bb9c8d79986aeef8cdb8cc46a5f5f505ce7a6396d60f8eTrihedral VTScada versions prior to 11.2.26 suffer from resource consumption, cross site scripting, and information disclosure vulnerabilities.
e14e0d0f4e7e01e5baeffed7b702d91c7d3bbbc0662e4bfd676b5401df83dcebUbuntu Security Notice 3323-2 - USN-3323-1 fixed a vulnerability in the GNU C Library. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that the GNU C library did not properly handle memory when processing environment variables for setuid programs. A local attacker could use this in combination with another vulnerability to gain administrative privileges. Various other issues were also addressed.
39e7f8f276dcc79f00dd5616e1101e41d073297143dedea3d186c76f8bf36f8eUbuntu Security Notice 3346-1 - Clement Berthaux discovered that Bind did not correctly check TSIG authentication for zone update requests. An attacker could use this to improperly perform zone updates. Clement Berthaux discovered that Bind did not correctly check TSIG authentication for zone transfer requests. An attacker could use this to improperly transfer entire zones.
8c0a85a29d7e094864d1ecfcffae3ea3162517bb7e02a399d5a29154df774192Ubuntu Security Notice 3342-2 - USN-3342-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.10. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 16.10 for Ubuntu 16.04 LTS. USN-3333-1 fixed a vulnerability in the Linux kernel. However, that fix introduced regressions for some Java applications. This update addresses the issue. It was discovered that a use-after-free flaw existed in the filesystem encryption subsystem in the Linux kernel. A local attacker could use this to cause a denial of service. Various other issues were also addressed.
ad451459a82d58adcf3830ea5d4699fed8e20f06f412d9ed72a01f01f346917dRed Hat Security Advisory 2017-1664-01 - In accordance with the Red Hat Enterprise Linux Errata Support Policy, Advanced Mission Critical for Red Hat Enterprise Linux 6.2 will be retired as of December 31, 2017, and active support will no longer be provided. Accordingly, Red Hat will no longer provide updated packages, including Critical Impact security patches or Urgent Priority bug fixes, for Red Hat Enterprise Linux 6.2 AMC after December 31, 2017.
52c7f57e1472d238435376232c35551c746a9d83b5397a43d27d161fefa1bfccMicrosoft Office Patch Installer suffers from dll hijacking vulnerabilities.
9dd76fa20f90231d58e4b700d50c6a63b8428b18f97fc2b8c466a1268ea2c8bcVASA Provider Virtual Appliance versions prior to 8.3.x may potentially be vulnerable to an unauthenticated remote code execution vulnerability. An unauthenticated remote attacker could upload a malicious file to run arbitrary code on the system with root privileges.
a4d0a8672e720b49dae2fef3ee2fa48acda55214ead9237b46537b91eade0b32Ubuntu Security Notice 3345-1 - USN 3324-1 fixed a vulnerability in the Linux kernel. However, that fix introduced regressions for some Java applications. This update addresses the issue. Roee Hay discovered that the parallel port printer driver in the Linux kernel did not properly bounds check passed arguments. A local attacker with write access to the kernel command line arguments could use this to execute arbitrary code. Various other issues were also addressed.
4fad8a2d68a376e72996bff518accee987d6531fbdbaade3e1a8aafe24ebd666Ubuntu Security Notice 3344-2 - USN-3344-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. USN 3334-1 fixed a vulnerability in the Linux kernel. However, that fix introduced regressions for some Java applications. This update addresses the issue. Various other issues were also addressed.
ec10468c5bcc0374a009d044a4736922434eb7ade1b26c45c16cecb020b07cafUbuntu Security Notice 3344-1 - USN 3328-1 fixed a vulnerability in the Linux kernel. However, that fix introduced regressions for some Java applications. This update addresses the issue. Roee Hay discovered that the parallel port printer driver in the Linux kernel did not properly bounds check passed arguments. A local attacker with write access to the kernel command line arguments could use this to execute arbitrary code. Various other issues were also addressed.
a4f0efc2b95ce1da0e5cacbafafb82858ba2e9f6956f158428863e22f80ea6d3Ubuntu Security Notice 3342-1 - USN 3326-1 fixed a vulnerability in the Linux kernel. However, that fix introduced regressions for some Java applications. This update addresses the issue. It was discovered that a use-after-free flaw existed in the filesystem encryption subsystem in the Linux kernel. A local attacker could use this to cause a denial of service. Roee Hay discovered that the parallel port printer driver in the Linux kernel did not properly bounds check passed arguments. A local attacker with write access to the kernel command line arguments could use this to execute arbitrary code. Various other issues were also addressed.
02f110dbf3f133d2c7e542623023dfb8fc8045b5c5147b836e889becc448b849Ubuntu Security Notice 3343-1 - USN 3335-1 fixed a vulnerability in the Linux kernel. However, that fix introduced regressions for some Java applications. This update addresses the issue. It was discovered that a use-after-free vulnerability in the core voltage regulator driver of the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
9ea59fe7184daae4dabc3d41854293f31717e8ced346b9507f46908a71b2ba14Ubuntu Security Notice 3343-2 - USN 3343-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 ESM. USN 3335-2 fixed a vulnerability in the Linux kernel. However, that fix introduced regressions for some Java applications. This update addresses the issue. Various other issues were also addressed.
f56a67ded25cba5991da6e27ed05f27e72923a50d6768bc40e175e9410f6a869Ubuntu Security Notice 3338-2 - USN-3338-1 fixed vulnerabilities in the Linux kernel. However, the fix for CVE-2017-1000364 introduced regressions for some Java applications. This update addresses the issue. It was discovered that the stack guard page for processes in the Linux kernel was not sufficiently large enough to prevent overlapping with the heap. An attacker could leverage this with another vulnerability to execute arbitrary code and gain administrative privileges Various other issues were also addressed.
5a99af3894c4fc090fac2baaecc7fd883c01e2ad021d13522a1c7fa248f1aaf7Red Hat Security Advisory 2017-1658-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release includes bug fixes as well as a new release of OpenSSL. For further information, see the knowledge base article linked to in the References section. All users of Red Hat JBoss Enterprise Application Platform 6.4 on Red Hat Enterprise Linux 7 are advised to upgrade to these updated packages. The JBoss server process must be restarted for the update to take effect. Multiple security issues have been addressed.
50aa060f98da6b1e50308b6d01277a2a6b359083f0c8bbb7e34abde4dcebe506Red Hat Security Advisory 2017-1599-01 - Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically. Security Fix: An input validation vulnerability was found in Ansible's handling of data sent from client systems. An attacker with control over a client system being managed by Ansible, and the ability to send facts back to the Ansible server, could use this flaw to execute arbitrary code on the Ansible server using the Ansible server privileges.
534a661506144dd1d7c4748a4b8038a02eb473ba1ffd28cb7cbe641a049f56eeRed Hat Security Advisory 2017-1598-01 - OpenStack Dashboard provides administrators and users with a graphical interface to access, provision, and automate cloud-based resources. The following packages have been upgraded to a later upstream version: python-django-horizon. Security Fix: A cross-site scripting flaw was discovered in the OpenStack dashboard which allowed remote authenticated administrators to conduct XSS attacks using a crafted federation mapping rule. For this flaw to be exploited, federation mapping must be enabled in the dashboard.
559e51a6b19aaa61c99248ccbdb1fcb845ea12e44cd8b4a143d495ee7d1395c1Red Hat Security Advisory 2017-1597-01 - The OpenStack Identity service authenticates and authorizes OpenStack users by keeping track of users and their permitted activities. The Identity service supports multiple forms of authentication, including user name and password credentials, token-based systems, and AWS-style logins. The following packages have been upgraded to a later upstream version: openstack-keystone. Multiple security issues have been addressed.
7ce5a937781538a68f366244f4d415c9484ec8458131eb303ef5866f6bf3a4f0Red Hat Security Advisory 2017-1596-01 - Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY principle. The following packages have been upgraded to a later upstream version: python-django. Security Fix: A redirect flaw, where the is_safe_url() function did not correctly sanitize numeric-URL user input, was found in python-django. A remote attacker could exploit this flaw to perform XSS attacks against the OpenStack dashboard.
d0e6a85be46c7aeefb2e61f70abc77ca2dd2e25ace97d6cacede77e48678e993Red Hat Security Advisory 2017-1659-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release includes bug fixes as well as a new release of OpenSSL that addresses a number of outstanding security flaws. For further information, see the knowledge base article linked to in the References section. All users of Red Hat JBoss Enterprise Application Platform 6.4 on Red Hat Enterprise Linux 6 are advised to upgrade to these updated packages. Multiple security issues have been addressed.
b063190fd710dc1e98b42fc46ea97b54f3b495147b0d0c8c6dc8b32e46110a6dRed Hat Security Advisory 2017-1595-01 - OpenStack Compute launches and schedules large networks of virtual machines, creating a redundant and scalable cloud computing platform. Compute provides the software, control panels, and APIs required to orchestrate a cloud, including running virtual machine instances and controlling access through users and projects. python-novaclient is the python client for the OpenStack Nova API. The client's Python API and command-line script both implement 100% of the OpenStack Nova API. The following packages have been upgraded to a later upstream version: python-novaclient, openstack-nova.
330df04280f7d7f7159a8e3468ba074f1edea700e2d331a76319fccf22b8fe8cRed Hat Security Advisory 2017-1584-01 - OpenStack Workflow groups multiple OpenStack tasks into workflows. Red Hat OpenStack Platform uses these workflows to perform common functions, including bare-metal node control, validations, plan management, and overcloud deployment. The following packages have been upgraded to a later upstream version: openstack-mistral. Security Fix: An accessibility flaw was found in the OpenStack Workflow service where a service log directory was improperly made world readable. A malicious system user could exploit this flaw to access sensitive information.
83b83656626fa8b3b9b1b2ec988a662459fce6b1f729349623b89d60262c5bccDebian Linux Security Advisory 3900-1 - Several issues were discovered in openvpn, a virtual private network application.
bf8347ff66079df80932f331596ee3113b769a47ba519e3bc4dca3d7a34bc4e6Debian Linux Security Advisory 3886-2 - The security update announced as DSA-3886-1 caused regressions for some applications using Java - including jsvc, LibreOffice and Scilab - due to the fix for CVE-2017-1000364. Updated packages are now available to correct this issue.
ce9bf9d0bbae9cb2f5019f278dbcafd470817881ac36abe0c8d7c89647dbd973
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed