Ubuntu Security Notice 3509-2 - USN-3509-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. Mohamed Ghannam discovered that a use-after-free vulnerability existed in the Netlink subsystem in the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
55c76901713125a703bae824209741aaa3580edc3d3ffb5d1318fec8c8c6c7ce
Ubuntu Security Notice 3509-1 - Mohamed Ghannam discovered that a use-after-free vulnerability existed in the Netlink subsystem in the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the Linux kernel did not properly handle copy-on- write of transparent huge pages. A local attacker could use this to cause a denial of service or possibly gain administrative privileges. Various other issues were also addressed.
1fee3d4c5f363d883d9e0d3340e1b92019a2c25227d2f422c40c64d91d321d09
Ubuntu Security Notice 3508-2 - USN-3508-1 fixed vulnerabilities in the Linux kernel for Ubuntu 17.04. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 17.04 for Ubuntu 16.04 LTS. Mohamed Ghannam discovered that a use-after-free vulnerability existed in the Netlink subsystem in the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
8f21eef7c2fc6cb6eebd43e8feec5bbc855c5b079f9a47dc86cb9da1ea8ddd29
Ubuntu Security Notice 3508-1 - Mohamed Ghannam discovered that a use-after-free vulnerability existed in the Netlink subsystem in the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the Linux kernel did not properly handle copy-on- write of transparent huge pages. A local attacker could use this to cause a denial of service or possibly gain administrative privileges. Various other issues were also addressed.
71f952ea8f2b52d88d4d95fb89d27c8b6a5b7d5796ef9e769ba309c68c79d355
Ubuntu Security Notice 3507-1 - Mohamed Ghannam discovered that a use-after-free vulnerability existed in the Netlink subsystem in the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the Linux kernel did not properly handle copy-on- write of transparent huge pages. A local attacker could use this to cause a denial of service or possibly gain administrative privileges. Various other issues were also addressed.
69cb8bd23eccd5b890d722fba3cdc82d3096243ff4f4b5537c3e96d1b5de40da
Red Hat Security Advisory 2017-3401-01 - Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 63.0.3239.84. Security Fix: Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information when visited by the victim.
5bd0b2cbeabcf688e6d9f16cea82f64051f2874ff1e444401d3e0a45c1a77044
Red Hat Security Advisory 2017-3399-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This asynchronous patch is a security update for log4j package in Red Hat JBoss Enterprise Application Platform 5.2.0. Security Fix: It was found that when using remote logging with log4j socket server the log4j server would deserialize any log event received via TCP or UDP. An attacker could use this flaw to send a specially crafted log event that, during deserialization, would execute arbitrary code in the context of the logger application.
5f7c290255283ca8558f9e080e48b8c3b9da33e398b2eadd8011345eb5fc9e44
Red Hat Security Advisory 2017-3400-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This asynchronous patch is a security update for log4j package in Red Hat JBoss Enterprise Application Platform 5.2.0. Security Fix: It was found that when using remote logging with log4j socket server the log4j server would deserialize any log event received via TCP or UDP. An attacker could use this flaw to send a specially crafted log event that, during deserialization, would execute arbitrary code in the context of the logger application.
5ea1cec9f6933eab9187ac254d93d4f4e639613ce51a4f20d85a8723b379a92a
WordPress Crowd Ideas plugin version 1.0 suffers from a cross site scripting vulnerability.
c6fcd6f0c3697cccd7a9d17bdb4e5be6ec6663d9fe5c857f87f513ffb6c53162
Ubuntu Security Notice 3506-2 - USN-3506-1 fixed two vulnerabilities in rsync. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that rsync proceeds with certain file metadata updates before checking for a filename. An attacker could use this to bypass access restrictions. Various other issues were also addressed.
fadf821b7f75a4e2b252ef20c8691b6094a528145976b83c1b2f9e35357a8062
Ubuntu Security Notice 3506-1 - It was discovered that rsync proceeds with certain file metadata updates before checking for a filename. An attacker could use this to bypass access restrictions. It was discovered that rsync does not check for fnamecmp filenames and also does not apply the sanitize_paths protection mechanism to pathnames. An attacker could use this to bypass access restrictions. Various other issues were also addressed.
8f97470368f1ee947f4293ade4fb9b4051d27097ac26ac0d6e612c9ef333dfde
Debian Linux Security Advisory 4056-1 - George Shuklin from servers.com discovered that Nova, a cloud computing fabric controller, did not correctly enforce its image- or hosts-filters. This allowed an authenticated user to bypass those filters by simply rebuilding an instance.
fb7b647269054c29195ca37543cb4c0d4601d524f74938c162051e8e9c64c7fc
Red Hat Security Advisory 2017-3389-01 - OpenShift Enterprise by Red Hat is the company's cloud computing Platform-as-a-Service solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for this release.
ae9f8aec2b2ee802f9f935b728b574e080a9d3c448e0373c0462fc829f456d75
OpenSSL Security Advisory 20171207 - OpenSSL 1.0.2 (starting from version 1.0.2b) introduced an "error state" mechanism. The intent was that if a fatal error occurred during a handshake then OpenSSL would move into the error state and would immediately fail if you attempted to continue the handshake. This works as designed for the explicit handshake functions (SSL_do_handshake(), SSL_accept() and SSL_connect()), however due to a bug it does not work correctly if SSL_read() or SSL_write() is called directly. In that scenario, if the handshake fails then a fatal error will be returned in the initial function call. If SSL_read()/SSL_write() is subsequently called by the application for the same SSL object then it will succeed and the data is passed without being decrypted/encrypted directly from the SSL/TLS record layer. Other issues were also addressed.
5b23d35b31c30e0ba27356ef231c18b5e034386ca01935b4c9740a2cf6a7469b
LaCie 5big Network version 2.2.8 suffers from a remote command injection vulnerability.
02d280f3570d3138e947978e63913f9151f791af5e4077d6ac666a48580ce904
Apple macOS version 10.13.1 (High Sierra) suffers from a cron related local privilege escalation vulnerability that allows you to gain root privileges.
fbe2d99d3b7ef8fd7877306d5456d2c15f9aac738eb9b0ae46533c5eed03251a
Wireshark versions 2.4.0 through 2.4.2 and 2.2.0 through 2.2.10 suffer from a crash issue in the CIP Safety dissector.
646635366decbef4399396c501e19649221604dfc3ac9afca5ee8739d867b191
The Linux kernel suffers from a DCCP socket use-after-free vulnerability.
cae1f33164a9e9af6e636a830eeee8c78626be982d8e3ca731d872a32cdf347e