Slackware Security Advisory - New openssh packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues.
ec698319f7f7ea8c16c295deffc3c5094efe8b6fdd43979472eb978b7d2d7ba6
FreeBSD Security Advisory - The OpenSSH client code contains experimental support for resuming SSH connections (roaming). The matching server code has never been shipped, but the client code was enabled by default and could be tricked by a malicious server into leaking client memory to the server, including private client user keys. A user that authenticates to a malicious or compromised server may reveal private data, including the private SSH key of the user.
515455f581e8b3dbf9ef54978b06f4fd0aa011a223e46d82ca02ed434678d234
Debian Linux Security Advisory 3431-2 - The update for ganeti issued as DSA-3431-1 causes the gnt-instance info command to fail for all instances of type DRBD. Updated packages are now available to address this regression.
16d0de9299c0d2dddcfa979d332f4727e6f9ab7c327186592da66251be5b8acd
This is a Linux/portable port of OpenBSD's excellent OpenSSH. OpenSSH is based on the last free version of Tatu Ylonen's SSH with all patent-encumbered algorithms removed, all known security bugs fixed, new features reintroduced, and many other clean-ups.
dd75f024dcf21e06a0d6421d582690bf987a1f6323e32ad6619392f3bfde6bbd
360-FAAR Firewall Analysis Audit and Repair is an offline command line perl policy manipulation tool to filter, compare to logs, merge, translate and output firewall commands for new policies, in checkpoint dbedit or screenos commands.
a8c1c364c648e086cfd990841c9c8f7d40d5c133e2077e48f9dce9e60a569f4a
dbsudio version R1 2.14.4 and DNS-SD version 379.32.2 suffer from an unquoted search path issue impacting the service 'dbaudio DNS-SD' for Windows deployed as part of dbaudio R1. This could potentially allow an authorized but non-privileged local user to execute arbitrary code with elevated privileges on the system.
8540ce34f757c3caaa3423f7f660d1846c35c7dd764ffc65e4f5273bd6c83122
Roundcube version 1.1.3 suffers from a path traversal vulnerability.
6551689ab0f8ab20c15662733c86a38c232df6050526b42e48f077a5a32b41e9
Since version 5.4 (released on March 8, 2010), the OpenSSH client supports an undocumented feature called roaming: if the connection to an SSH server breaks unexpectedly, and if the server supports roaming as well, the client is able to reconnect to the server and resume the suspended SSH session. Although roaming is not supported by the OpenSSH server, it is enabled by default in the OpenSSH client, and contains two vulnerabilities that can be exploited by a malicious SSH server (or a trusted but compromised server): an information leak (memory disclosure), and a buffer overflow (heap-based).
6d98389560de3c7942fe87c17e680b28f2ad90ec6c5d8f9a0f59e153dff5d23e
FreeBSD Security Advisory - The SNMP protocol supports an authentication model called USM, which relies on a shared secret. The default permission of the bsnmpd configuration file, /etc/bsnmpd.conf, is weak and does not provide adequate protection against local unprivileged users. A local user may be able to read the shared secret, if configured and used by the system administrator.
a72b9ae60396ff46558b0ec651b04f329fe46350335df2906500a42e8c4ad50b
FreeBSD Security Advisory - A lack of proper input checks in the ICMPv6 processing in the SCTP stack can lead to either a failed kernel assertion or to a NULL pointer dereference. In either case, a kernel panic will follow. A remote, unauthenticated attacker can reliably trigger a kernel panic in a vulnerable system running IPv6. Any kernel compiled with both IPv6 and SCTP support is vulnerable. There is no requirement to have an SCTP socket open. IPv4 ICMP processing is not impacted by this vulnerability.
4bef6e3ea2f1171573414a2017dc744185b0cd4dec11a97cd0033f86aae1bbe0
FreeBSD Security Advisory - The ntpd(8) daemon has a safety feature to prevent excessive stepping of the clock called the "panic threshold". If ever ntpd(8) determines the system clock is incorrect by more than this threshold, the daemon exits. There is an implementation error within the ntpd(8) implementation of this feature, which allows the system time be adjusted in certain circumstances. When ntpd(8) is started with the '-g' option specified, the system time will be corrected regardless of if the time offset exceeds the panic threshold (by default, 1000 seconds). The FreeBSD rc(8) subsystem allows specifying the '-g' option by either including '-g' in the ntpd_flags list or by enabling ntpd_sync_on_start in the system rc.conf(5) file. If at the moment ntpd(8) is restarted, an attacker can immediately respond to enough requests from enough sources trusted by the target, which is difficult and not common, there is a window of opportunity where the attacker can cause ntpd(8) to set the time to an arbitrary value.
5b686dd5c1094f8df8e568f63282df537867ba1a7462ed0d52244d035dd8943c
FreeBSD Security Advisory - A programming error in processing a TCP connection with both TCP_MD5SIG and TCP_NOOPT socket options may lead to kernel crash. A local attacker can crash the kernel, resulting in a denial-of-service. A remote attack is theoretically possible, if server has a listening socket with TCP_NOOPT set, and server is either out of SYN cache entries, or SYN cache is disabled by configuration.
aae224887feba54329c62ef5dbccfcd1734ce5544a6b0e2abe2408d83ae2803e
FreeBSD Security Advisory - A programming error in the handling of Linux futex robust lists may result in incorrect memory locations being accessed. It is possible for a local attacker to read portions of kernel memory, which may result in a privilege escalation.
6e71a946b05a4fbf7520e8ab6b55ed26c9e72fb9ef0e53bb0028769e88743e7b
FreeBSD Security Advisory - A programming error in the Linux compatibility layer setgroups(2) system call can lead to an unexpected results, such as overwriting random kernel memory contents. It is possible for a local attacker to overwrite portions of kernel memory, which may result in a privilege escalation or cause a system panic.
cf75e26a6ef0395cbb85b7cf7c6e2b19e6cb888a8f0146ab3ad766b12fd06c13
HPE Security Bulletin HPSBUX03359 SSRT102094 3 - A potential security vulnerability has been identified with the HP-UX pppoec utility. The vulnerability could be exploited in allowing a local user to elevate their privilege. Revision 3 of this advisory.
90583306ee0ebd5bf59b694edbc5213b5b2a0ab6b3ffb340b78977ce53dda0d2
Debian Linux Security Advisory 3443-1 - Several vulnerabilities have been discovered in the libpng PNG library.
26ba8ee3556c32e1bf3dbb28193e116c000cbd497a9d1c518052ff1932713f41
Slackware Security Advisory - New dhcp packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues.
32bcb32d0749133d609115f3b6a189d53a58fea30407fb8b5396131b925120e2
Red Hat Security Advisory 2016-0043-01 - OpenSSH is OpenBSD's SSH protocol implementation. These packages include the core files necessary for both the OpenSSH client and server. An information leak flaw was found in the way the OpenSSH client roaming feature was implemented. A malicious server could potentially use this flaw to leak portions of memory of a successfully authenticated OpenSSH client. A buffer overflow flaw was found in the way the OpenSSH client roaming feature was implemented. A malicious server could potentially use this flaw to execute arbitrary code on a successfully authenticated OpenSSH client if that client used certain non-default configuration options.
3ce7d8e13f6ac4af2d35ebb62eb062b0e3db89ea4ad51c709407b958ae9fd6c9
Red Hat Security Advisory 2016-0041-01 - Red Hat JBoss BRMS is a business-rules management system for the management, storage, creation, modification, and deployment of JBoss Rules. This release of Red Hat JBoss BRMS 6.1.5 serves as a replacement for Red Hat JBoss BRMS 6.1.2, and includes bug fixes and enhancements that are documented in the README.txt file included with the patch files. The following security issue is also fixed with this release: It was found that batik was vulnerable to XML External Entity attacks when parsing SVG files. A remote attacker able to send malicious SVG content to the affected server could use this flaw to read files accessible to the user running the application server, and potentially perform other more advanced XXE attacks.
ecf50ed6b27bd5cb65f243cf38a699b302292ed4b30ec06c24b2a7e8a36ce9ac
Red Hat Security Advisory 2016-0042-01 - Red Hat JBoss BPM Suite is a business rules and processes management system for the management, storage, creation, modification, and deployment of JBoss rules and BPMN2-compliant business processes. This release of Red Hat JBoss BPM Suite 6.1.5 serves as a replacement for Red Hat JBoss BPM Suite 6.1.2, and includes bug fixes and enhancements, which are documented in the README.txt file included with the patch files. The following security issue is also fixed with this release: It was found that batik was vulnerable to XML External Entity attacks when parsing SVG files. A remote attacker able to send malicious SVG content to the affected server could use this flaw to read files accessible to the user running the application server, and potentially perform other more advanced XXE attacks.
44ac4683b3f4026f361e4266c427d6d4681a4e87c9c31c5b5815e0a422ee0fca
Red Hat Security Advisory 2016-0040-01 - JBoss Operations Network provides an integrated solution for managing JBoss middleware, other network infrastructure, and applications built on Red Hat Enterprise Application Platform. The Apache Commons Collections library provides new interfaces, implementations, and utilities to extend the features of the Java Collections Framework. It was found that the Apache commons-collections library permitted code execution when deserializing objects involving a specially constructed chain of classes. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using the commons-collections library.
b4942ce747fe27ac157faff88270c785c3daece0bce3e125925311048085e72f
Debian Linux Security Advisory 3446-1 - The Qualys Security team discovered two vulnerabilities in the roaming code of the OpenSSH client (an implementation of the SSH protocol suite).
3b9120b2571948cc822754e3b24e372278bb3933eb5ee094178545d9c45275cd
SevOne NMS versions 4.3.6.0 and below remote root exploit.
4ecc1064b5b940e7ff96dc71a97937b7e8b843fd42a1a2aae48e8b2cecd0cb94
WhatsUp Gold version 16.3 suffers from an unauthenticated remote code execution vulnerability.
df6131c24e9763178d88b67f681d11a702eaed59ec76a3b6001dd6908d14c034