Ubuntu Security Notice 3168-2 - USN-3168-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 LTS. Dmitry Vyukov discovered that the KVM implementation in the Linux kernel did not properly initialize the Code Segment in certain error cases. A local attacker could use this to expose sensitive information. Various other issues were also addressed.
9012cf3de066704f3448524d520c803cb2d915bc3249eb551d28620e06df1168Ubuntu Security Notice 3167-1 - Dmitry Vyukov discovered that the KVM implementation in the Linux kernel did not properly initialize the Code Segment in certain error cases. A local attacker could use this to expose sensitive information. Baozeng Ding discovered a race condition that could lead to a use-after- free in the Advanced Linux Sound Architecture subsystem of the Linux kernel. A local attacker could use this to cause a denial of service. Various other issues were also addressed.
922ea0d9162703a020810b8d5d1a488748c45604a87976262aa7430a6ec25b49Red Hat Security Advisory 2017-0057-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update upgrades Flash Player to version 24.0.0.194. Security Fix: This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities, detailed in the Adobe Security Bulletin listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to crash, execute arbitrary code, or disclose sensitive information when the victim loaded a page containing the malicious SWF content.
b59e5c9b740f43004b209aae61f98433e3eaaa0ea3be5b2d1729d0cf4892c31dUbuntu Security Notice 3171-1 - Josef Gajdusek discovered that the LibVNCServer client library incorrectly handled certain FrameBufferUpdate messages. If a user were tricked into connecting to a malicious server, an attacker could use this issue to cause a denial of service, or possibly execute arbitrary code.
8b1ac71d61ad7fcfdc77e67ed5cbdb743bca75ab32f33e96d0bf0214b29cb7d5Debian Linux Security Advisory 3757-1 - Multiple security issues have been found in Icedove, Debian's version of to the execution of arbitrary code, data leakage or bypass of the content security policy.
0a02d9d8783bc95b8d2aa6e9b7e1928fedda468aa86f0fc8a031b59bc1658458Red Hat Security Advisory 2017-0059-01 - Red Hat Mobile Application Platform 4.2 is delivered as a set of Docker-formatted container images.
bb684df8490f47dc33961edff6ba9ca17ae8b59c8a033e3ed2fa6bee68e303a6Gentoo Linux Security Advisory 201701-32 - Multiple vulnerabilities have been found in phpMyAdmin, the worst of which could lead to arbitrary code execution. Versions less than 4.6.5.1 are affected.
a3b7f6542c7661b4aaff9bd605cec15ffc932e03279fbf8e645a0b1dbc7d1f03Gentoo Linux Security Advisory 201701-31 - Flex might generate code with a buffer overflow making applications using such scanners vulnerable to the execution of arbitrary code. Versions less than 2.6.1 are affected.
ff160f2e3a912905e967468a8d00f3612073fe60bb3582e0ccb73710ff1d9566Gentoo Linux Security Advisory 201701-29 - A vulnerability has been found in Vim and gVim concerning how certain modeline options are treated. Versions less than 8.0.0106 are affected.
d8d6b74e6f707f724af9b04c7f14183c8bfe3e04379bb2adeb665e9b6a44719fGentoo Linux Security Advisory 201701-30 - A vulnerability in vzctl might allow attackers to gain control over ploop containers. Versions less than 4.9.4 are affected.
c349c59a0e9b4638c8507738a088629ad19e5b142e9df3e1f9f2ed74cde161e9Gentoo Linux Security Advisory 201701-28 - A heap-based buffer overflow in c-ares might allow remote attackers to cause a Denial of Service condition. Versions less than 1.12.0 are affected.
e22bebe9e1d6baa04d82a2600394e4cbe1397e8dac861aa025be79441cf640beFreeBSD Security Advisory - The ssh-agent(1) agent supports loading a PKCS#11 module from outside a trusted whitelist. An attacker can request loading of a PKCS#11 module across forwarded agent-socket. When privilege separation is disabled, forwarded Unix domain sockets would be created by sshd(8) with the privileges of 'root' instead of the authenticated user. A remote attacker who have control of a forwarded agent-socket on a remote system and have the ability to write files on the system running ssh-agent(1) agent can run arbitrary code under the same user credential. Because the attacker must already have some control on both systems, it is relatively hard to exploit this vulnerability in a practical attack. When privilege separation is disabled (on FreeBSD, privilege separation is enabled by default and has to be explicitly disabled), an authenticated attacker can potentially gain root privileges on systems running OpenSSH server.
4133c1c854c216326a44e20a387db0ea0e155db8534256aeaf099421a5c4ce6eGentoo Linux Security Advisory 201701-27 - Multiple vulnerabilities have been found in 7-Zip, the worst of which may allow execution of arbitrary code. Versions less than 16.02-r1 are affected.
78ddf9d28596f55aaf2f202d7385a1c93c89fb20c0fafd3eb31fb65c6e346649Gentoo Linux Security Advisory 201701-26 - A vulnerability in BIND might allow remote attackers to cause a Denial of Service condition. Versions less than 9.10.4_p4 are affected.
da713ca7bdfc8cf78c55794d73936703d200afa355b05196fb4ac36f78b2278eGentoo Linux Security Advisory 201701-25 - Multiple vulnerabilities have been found in phpBB, the worst of which may allow remote attackers to inject arbitrary web script or HTML. Versions less than 3.1.10 are affected.
bc60ad35a1039339ab8e490256a863e03eb2eb9cc5d6fef54602dea3ff1ac197Gentoo Linux Security Advisory 201701-24 - Multiple vulnerabilities have been found in PgBouncer, the worst of which may allow an attacker to bypass authentication. Versions less than 1.7.2 are affected.
205a3f3a6f941e5b160820c28e292f73cc049bea65f44670d9915cec0db72bd2Gentoo Linux Security Advisory 201701-23 - Multiple vulnerabilities have been found in Botan, the worst of which might allow remote attackers to obtain ECDSA secret keys. Versions less than 1.10.13 are affected.
0685afa3348f1d804a7ff3c64ec1228bf79083a2e51a8100aae7b344d491b5b3Gentoo Linux Security Advisory 201701-22 - Gentoo's NGINX ebuilds are vulnerable to privilege escalation due to the way log files are handled. Versions less than 1.10.2-r3 are affected.
d5737c96d2fd4eb019f4603f8785e51a870d534eae95402c0859a4059ad57ad8Gentoo Linux Security Advisory 201701-21 - Multiple vulnerabilities have been found in Expat, the worst of which may allow execution of arbitrary code. Versions less than 2.2.0-r1 are affected.
73f628f33cf75bb2a7b04cf0934d009261b4c570e6e337d0bca9e29b8d571fd1Gentoo Linux Security Advisory 201701-20 - A vulnerability has been found in D-Bus possibly resulting in a local Denial of Service. Versions less than 1.10.12 are affected.
0fa9402072fc2359792b48f00cbed0d8b6c9138549e2b174f6a6bede984b9d63Gentoo Linux Security Advisory 201701-19 - A vulnerability in NTFS-3G allows local users to gain root privileges. Versions less than 2016.2.22 are affected.
f3c6aa3fc3e690bfaa44082fdac97fdadda40fdd845217538ea91e0ec446021aUbuntu Security Notice 3170-2 - Andrey Konovalov discovered that the ipv6 icmp implementation in the Linux kernel did not properly check data structures on send. A remote attacker could use this to cause a denial of service. Andrey Konovalov discovered that signed integer overflows existed in the setsockopt system call when handling the SO_SNDBUFFORCE and SO_RCVBUFFORCE options. A local attacker with the CAP_NET_ADMIN capability could use this to cause a denial of service. Various other issues were also addressed.
5786a48bfee937cace3b7751bb9c0eb7fbf315f58862c75f47d84d7b98c0176aUbuntu Security Notice 3170-1 - Dmitry Vyukov discovered that the KVM implementation in the Linux kernel did not properly initialize the Code Segment in certain error cases. A local attacker could use this to expose sensitive information. Andrey Konovalov discovered that signed integer overflows existed in the setsockopt system call when handling the SO_SNDBUFFORCE and SO_RCVBUFFORCE options. A local attacker with the CAP_NET_ADMIN capability could use this to cause a denial of service. Various other issues were also addressed.
8b5deb1e0f7e97d4868b245412489de596a91259b71ec62afa0324b5a3cfb218Ubuntu Security Notice 3169-4 - Baozeng Ding discovered a race condition that could lead to a use-after- free in the Advanced Linux Sound Architecture subsystem of the Linux kernel. A local attacker could use this to cause a denial of service. Andrey Konovalov discovered that signed integer overflows existed in the setsockopt system call when handling the SO_SNDBUFFORCE and SO_RCVBUFFORCE options. A local attacker with the CAP_NET_ADMIN capability could use this to cause a denial of service. Various other issues were also addressed.
2a5b1accc9fa7ee63cafa4ed9b4df84e0ac64f121f269ac3933f510b64ce879bUbuntu Security Notice 3169-2 - USN-3169-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. Dmitry Vyukov discovered that the KVM implementation in the Linux kernel did not properly initialize the Code Segment in certain error cases. A local attacker could use this to expose sensitive information. Various other issues were also addressed.
eec4c4078812efef1c4d5f58451bc04fdbbba03ff36f6b8f1101a3d55a08e61d
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed