Ubuntu Security Notice 3392-2 - USN-3392-1 fixed a regression in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. USN-3378-2 fixed vulnerabilities in the Linux Hardware Enablement kernel. Unfortunately, a regression was introduced that prevented conntrack from working correctly in some situations. This update fixes the problem. Various other issues were also addressed.
4ceb9f396710a55f870a4c100dea244d686b7a1aa5880daec8a3335ff4a68c80Ubuntu Security Notice 3392-1 - USN-3378-1 fixed vulnerabilities in the Linux kernel. Unfortunately, a regression was introduced that prevented conntrack from working correctly in some situations. This update fixes the problem. Fan Wu and Shixiong Zhao discovered a race condition between inotify events and vfs rename operations in the Linux kernel. An unprivileged local attacker could use this to cause a denial of service or execute arbitrary code. Various other issues were also addressed.
057793077b8f9ddf5f50bf32c1d7bd103fa235baebb78eca47b42e9dbf8d08a1Red Hat Security Advisory 2017-2480-01 - Subversion is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. Security Fix: A shell command injection flaw related to the handling of "svn+ssh" URLs has been discovered in Subversion. An attacker could use this flaw to execute shell commands with the privileges of the user running the Subversion client, for example when performing a "checkout" or "update" action on a malicious repository, or a legitimate repository containing a malicious commit.
df291b510e9dfcfc2d41578aecfc04746ad24357f66177f386b938dbfe619a0fUbuntu Security Notice 3391-1 - Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to conduct cross-site scripting attacks, bypass sandbox restrictions, obtain sensitive information, spoof the origin of modal alerts, bypass same origin restrictions, read uninitialized memory, cause a denial of service via program crash or hang, or execute arbitrary code. Various other issues were also addressed.
2812b7ed60fbfa6c259b5cf8ccf550794be94a60cbd471a861273c4731e7d3beRed Hat Security Advisory 2017-2481-01 - IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 7 to version 7R1 SR4-FP10. Security Fix: This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.
2ae66c68733a84aa0f97ce89603e0bb54fd9dd66362a9fabe88c5dbadb850251Red Hat Security Advisory 2017-2479-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix: It was discovered that the httpd's mod_auth_digest module did not properly initialize memory before using it when processing certain headers related to digest authentication. A remote attacker could possibly use this flaw to disclose potentially sensitive information or cause httpd child process to crash by sending specially crafted requests to a server.
41ba293fdae5c758b5488d00dab8a74a0b6b5b0bd324f4024cd9a75694390884Red Hat Security Advisory 2017-2478-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix: It was discovered that the httpd's mod_auth_digest module did not properly initialize memory before using it when processing certain headers related to digest authentication. A remote attacker could possibly use this flaw to disclose potentially sensitive information or cause httpd child process to crash by sending specially crafted requests to a server.
2a630a3c475f9c102f5151b208547d42c4827521cf214bd0b0fec7490ee5bd36Ubuntu Security Notice 3390-1 - Ben de Graaff, Jelte Fennema, and Jeroen van der Ham discovered that PostgreSQL allowed the use of empty passwords in some authentication methods, contrary to expected behaviour. A remote attacker could use an empty password to authenticate to servers that were believed to have password login disabled. Jeff Janes discovered that PostgreSQL incorrectly handled the pg_user_mappings catalog view. A remote attacker without server privileges could possibly use this issue to obtain certain passwords. Various other issues were also addressed.
e33b896562bb08b943ad04c8e6674cec8bbae25b2a12d57296df56fa1279b924Red Hat Security Advisory 2017-2477-01 - Red Hat JBoss Data Virtualization is a lean data integration solution that provides easy, real-time, and unified data access across disparate sources to multiple applications and users. JBoss Data Virtualization makes data spread across physically distinct systems - such as multiple databases, XML files, and even Hadoop systems - appear as a set of tables in a local database. This release of Red Hat JBoss Data Virtualization 6.3 Update 7 serves as a replacement for Red Hat JBoss Data Virtualization 6.3 Update 6, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.
b8d46c9b357df898ba13e7743117e374a70a9fea2b3576be0356495338595734AdvanDate iCupid Dating software version 12.2 suffers from a remote SQL injection vulnerability.
acca81d6fff2697fdb0f281c4a5e631ebea4912fb786a0298555e08d0859d8b9ALLPlayer version 7.4 SEH unicode buffer overflow exploit.
ca1ca522fd89108e5175a0d469750879c75d75143ff8ae8b79094fb603a7709aClipBucket version2.8.3 suffers from remote SQL injection, arbitrary file read/write, and default credential vulnerabilities.
35e3ac02402d77e06f0e1a4277e12bf1acda098063add07c4e899598c8fc9d6bRed Hat Security Advisory 2017-2473-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: A race condition was found in the Linux kernel, present since v3.14-rc1 through v4.12. The race happens between threads of inotify_handle_event() and vfs_rename() while running the rename operation against the same file. As a result of the race the next slab data or the slab's free list pointer can be corrupted with attacker-controlled data.
9652c71415d4cd5f986204ff51d606252a73679a56077c793a3a4248e7e099b3Red Hat Security Advisory 2017-2472-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: The NFSv2 and NFSv3 server implementations in the Linux kernel through 4.10.13 lacked certain checks for the end of a buffer. A remote attacker could trigger a pointer-arithmetic error or possibly cause other unspecified impacts using crafted requests related to fs/nfsd/nfs3xdr.c and fs/nfsd/nfsxdr.c.
8fc64174f7740a1b87367507cf7cbb2b784c3d9a31288c48b2e6ece6dcfad4beDebian Linux Security Advisory 3943-1 - Gajim, a GTK+-based XMPP/Jabber client, unconditionally implements the XMPP server to trigger commands to leak private conversations from encrypted sessions. With this update XEP-0146 support has been disabled by default and made opt-in via the 'remote_commands' option.
07790d376b865771b87bae6be010b4fafcfbe4757ed02432939c5f50f3d31869Internet Download Manager version 6.28 Build 17 SEH unicode buffer overflow exploit.
20124fa681e0d3c04fd40055ba8e6800edf717da45e493d4113eeb5997407708
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed