Exim versions 4.84-3 and below suffer from a local privilege escalation vulnerability.
338e278d54bff0fcb3160902a0f4e6e04e509da47b831229d06ee56563a1ce5c
This bulletin summary lists thirteen released Microsoft security bulletins for March, 2016.
2b1aef83033281d72cc9463addeb39543650001eb067e9c7a75a4ad7e74b9fb0
Red Hat Security Advisory 2016-0365-01 - OpenStack Compute launches and schedules large networks of virtual machines, creating a redundant and scalable cloud computing platform. Compute provides the software, control panels, and APIs required to orchestrate a cloud, including running virtual machine instances and controlling access through users and projects. An information-exposure flaw was found in the OpenStack Compute resize and migrate functionality. An authenticated user could write a malicious qcow header to an ephemeral or root disk, referencing a block device as a backing file. With a subsequent resize or migration, file system content on the specified device would be leaked to the user. Only setups using libvirt with raw storage and "use_cow_images = False" were affected.
2a608fa8fbe520f4d54fa3c7dbf910eb476d99ebb854e7f864548d4ad439ebd5
Red Hat Security Advisory 2016-0364-01 - OpenStack Compute launches and schedules large networks of virtual machines, creating a redundant and scalable cloud computing platform. Compute provides the software, control panels, and APIs required to orchestrate a cloud, including running virtual machine instances and controlling access through users and projects. An information-exposure flaw was found in the OpenStack Compute resize and migrate functionality. An authenticated user could write a malicious qcow header to an ephemeral or root disk, referencing a block device as a backing file. With a subsequent resize or migration, file system content on the specified device would be leaked to the user. Only setups using libvirt with raw storage and "use_cow_images = False" were affected.
42f43c962db704a6e4d1ef4275f1c6ab1979f03bd2aba312893b8d69ff7c0c9b
Red Hat Security Advisory 2016-0363-01 - OpenStack Compute launches and schedules large networks of virtual machines, creating a redundant and scalable cloud computing platform. Compute provides the software, control panels, and APIs required to orchestrate a cloud, including running virtual machine instances and controlling access through users and projects. An information-exposure flaw was found in the OpenStack Compute resize and migrate functionality. An authenticated user could write a malicious qcow header to an ephemeral or root disk, referencing a block device as a backing file. With a subsequent resize or migration, file system content on the specified device would be leaked to the user. Only setups using libvirt with raw storage and "use_cow_images = False" were affected.
807f9dc627917a3ab6155b29750bc8cca6f2081cb7fb9a13c0c8632a4b6fe6c6
HP Security Bulletin HPSBHF03557 1 - A potential security vulnerability has been identified with HPE Networking products using Comware 7 (CW7) running NTP. The vulnerability could be remotely exploited resulting in Denial of Service (DoS). Revision 1 of this advisory.
6e2309bc06ad5e4c3030cade0da03d041a9be29ed81c5ddd587e172312d053e2
Slackware Security Advisory - New samba packages are available for Slackware 14.1 and -current to fix security issues.
274d84c171279ccff7e3225ed2dbe4dbf2aa420514a84b8855d2dd0bc9b90adf
Slackware Security Advisory - New mozilla-firefox packages are available for Slackware 14.1 and -current to fix security issues.
06b863c6e5e927853a166e8dc8437d41ed9961f61d4401db3925a6951a5c7bf8
Ubuntu Security Notice 2923-1 - Alvaro Munoz and Christian Schneider discovered that BeanShell incorrectly handled deserialization. A remote attacker could possibly use this issue to execute arbitrary code.
3fd51cf31d3027308b2b62ccbdb0574abcbabf1d05ac42351d8f18a0cc8ad81f
Ubuntu Security Notice 2922-1 - Jeremy Allison discovered that Samba incorrectly handled ACLs on symlink paths. A remote attacker could use this issue to overwrite the ownership of ACLs using symlinks. Garming Sam and Douglas Bagnall discovered that the Samba internal DNS server incorrectly handled certain DNS TXT records. A remote attacker could use this issue to cause Samba to crash, resulting in a denial of service, or possibly obtain uninitialized memory contents. This issue only applied to Ubuntu 14.04 LTS and Ubuntu 15.10. Various other issues were also addressed.
d89321fe54aaae2fee8ac4126b5ed1dd4b4a026fe607daad51d94d265b82ac95
Ubuntu Security Notice 2904-1 - Karthikeyan Bhargavan and Gaetan Leurent discovered that NSS incorrectly allowed MD5 to be used for TLS 1.2 connections. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to view sensitive information. Yves Younan discovered that graphite2 incorrectly handled certain malformed fonts. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. Various other issues were also addressed.
00e2112e476b8ee0ea01963d5d54a9bcdbba8012f5b17c74973a114b0b5d54cb
Red Hat Security Advisory 2016-0360-01 - Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY principle. An information-exposure flaw was found in the Django date filter. If an application allowed users to provide non-validated date formats, a malicious end user could expose application-settings data by providing the relevant applications-settings key instead of a valid date format.
534dc85f19e1756823f50a36a48b1664523beae4b518b000419000601d8f26e6
Red Hat Security Advisory 2016-0366-01 - OpenStack Compute launches and schedules large networks of virtual machines, creating a redundant and scalable cloud computing platform. Compute provides the software, control panels, and APIs required to orchestrate a cloud, including running virtual machine instances and controlling access through users and projects. An information-exposure flaw was found in the OpenStack Compute resize and migrate functionality. An authenticated user could write a malicious qcow header to an ephemeral or root disk, referencing a block device as a backing file. With a subsequent resize or migration, file system content on the specified device would be leaked to the user. Only setups using libvirt with raw storage and "use_cow_images = False" were affected.
214355ec6dde9651562bfb9588c0d193bdcafd9debc91171f1d1f43fee5d6fe1
Slackware Security Advisory - New php packages are available for Slackware 14.0, 14.1, and -current to fix security issues.
e1c5763f859f2f3b80aa99bc29bc04e8ed56978fc7407ea89a55b9748ff45496
A DLL side loading vulnerability was found in the Windows Mail Find People DLL.
ea917827aad00097e1d2145c6360443bad6934c6dc351135b29531a3c97f5dde