Red Hat Security Advisory 2016-0446-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector, JBoss HTTP Connector, Hibernate, and the Tomcat Native library. A padding oracle flaw was found in the Secure Sockets Layer version 2.0 protocol. An attacker could potentially use this flaw to decrypt RSA-encrypted cipher text from a connection using a newer SSL/TLS protocol version, allowing them to decrypt such connections. This cross-protocol attack is publicly referred to as DROWN.
d333c4a0aeaf04680a2bdc87ee36d64906dbd2a4daad9efa0e70eb3578890175
Red Hat Security Advisory 2016-0445-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector, JBoss HTTP Connector, Hibernate, and the Tomcat Native library. A padding oracle flaw was found in the Secure Sockets Layer version 2.0 protocol. An attacker could potentially use this flaw to decrypt RSA-encrypted cipher text from a connection using a newer SSL/TLS protocol version, allowing them to decrypt such connections. This cross-protocol attack is publicly referred to as DROWN.
c097468913b971121d549c7ff8f04c7fe7ab81d56f0adfaf010974f48181aec2
Ubuntu Security Notice 2932-1 - Ben Hawkes discovered that the Linux netfilter implementation did not correctly perform validation when handling IPT_SO_SET_REPLACE events. A local unprivileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. It was discovered that the Linux kernel did not properly enforce rlimits for file descriptors sent over UNIX domain sockets. A local attacker could use this to cause a denial of service. Various other issues were also addressed.
421e9b597b70eb12baf1034ebec4b0f03c77c60ff4b5609c4b1772fba3fc09e2
Ubuntu Security Notice 2931-1 - Ben Hawkes discovered that the Linux netfilter implementation did not correctly perform validation when handling IPT_SO_SET_REPLACE events. A local unprivileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. It was discovered that the Linux kernel did not properly enforce rlimits for file descriptors sent over UNIX domain sockets. A local attacker could use this to cause a denial of service. Various other issues were also addressed.
6bc8eb0e863f5ff313e1303d61fb180c1611348de244e844ea6a7c11d6d95665
Ubuntu Security Notice 2930-1 - Ben Hawkes discovered that the Linux netfilter implementation did not correctly perform validation when handling IPT_SO_SET_REPLACE events. A local unprivileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. Ben Hawkes discovered an integer overflow in the Linux netfilter implementation. On systems running 32 bit kernels, a local unprivileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. Various other issues were also addressed.
ed1c28d1f6926b5c4e80d7b1b903f009cbd310cf3df495217bf6754b73d4b552
Ubuntu Security Notice 2930-2 - Ben Hawkes discovered that the Linux netfilter implementation did not correctly perform validation when handling IPT_SO_SET_REPLACE events. A local unprivileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. Ben Hawkes discovered an integer overflow in the Linux netfilter implementation. On systems running 32 bit kernels, a local unprivileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. Various other issues were also addressed.
784ffb71077a2e0d18d41c091e7b0b99dbbca2a74a4e518c63a09f12ca39889c
Ubuntu Security Notice 2928-1 - Andrey Konovalov discovered that the ALSA USB MIDI driver incorrectly performed a double-free. A local attacker with physical access could use this to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges.
db84bdcc9caad691623d082ad1ea4b919567f3705dbb31fda1345c4c69a24489
Ubuntu Security Notice 2929-2 - Ben Hawkes discovered that the Linux netfilter implementation did not correctly perform validation when handling IPT_SO_SET_REPLACE events. A local unprivileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. It was discovered that the Linux kernel did not properly enforce rlimits for file descriptors sent over UNIX domain sockets. A local attacker could use this to cause a denial of service. Various other issues were also addressed.
bba28e71e6033f96152af947621cf4933d97e21957cc2f1f70e31e20ab20f622
Ubuntu Security Notice 2929-1 - Ben Hawkes discovered that the Linux netfilter implementation did not correctly perform validation when handling IPT_SO_SET_REPLACE events. A local unprivileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. It was discovered that the Linux kernel did not properly enforce rlimits for file descriptors sent over UNIX domain sockets. A local attacker could use this to cause a denial of service. Various other issues were also addressed.
74db26f13d1ccc003a0c966de150041aa382179ecd7ddc90dd8983e9af63a533
Ubuntu Security Notice 2928-2 - Andrey Konovalov discovered that the ALSA USB MIDI driver incorrectly performed a double-free. A local attacker with physical access could use this to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges.
0548ba874506e42d15a13b5b301f1959e1ec7b5fd2d22c19353fda781c5a77b3
Gentoo Linux Security Advisory 201603-9 - Multiple vulnerabilities have been found in the Chromium web browser, the worst of which allows remote attackers to execute arbitrary code. Versions less than 49.0.2623.87 are affected.
5abf25c12584159c54e56734f91a78c967d2d5a4f45e1fe5e4e2b1009b5bd883
Gentoo Linux Security Advisory 201603-8 - Multiple vulnerabilities have been found in VLC allowing remote attackers to execute arbitrary code or cause Denial of Service. Versions less than 2.2.1-r1 are affected.
b44c0d617e043641084c50ec23f1ace83e0933a771659944c3d8c07f480c964d
Gentoo Linux Security Advisory 201603-7 - Multiple vulnerabilities have been found in Adobe Flash Player, the worst of which allows remote attackers to execute arbitrary code. Versions less than 11.2.202.577 are affected.
f8357eb80e42f0dd6bc7f9600edd0db1489d0cc2e3b9872c99ad66d60c055bc3
Ubuntu Security Notice 2927-1 - It was discovered that graphite2 incorrectly handled certain malformed fonts. If a user or automated system were tricked into opening a specially-crafted font file, a remote attacker could use this issue to cause graphite2 to crash, resulting in a denial of service, or possibly execute arbitrary code.
1dec122d4770e83622f1149e9fed9f4cdda02850be1b53ec1aa24daae7a5fe9b
Red Hat Security Advisory 2016-0442-01 - OpenStack Orchestration is a template-driven engine used to specify and deploy configurations for Compute, Storage, and OpenStack Networking. It can also be used to automate post-deployment actions, which in turn allows automated provisioning of infrastructure, services, and applications. Orchestration can also be integrated with Telemetry alarms to implement auto-scaling for certain infrastructure resources. A vulnerability was discovered in the OpenStack Orchestration service, where a specially formatted template could be used to trick the heat-engine service into opening a local file. Although the file contents are never disclosed to the end user, an OpenStack-authenticated attacker could use this flaw to cause a denial of service or determine whether a given file name is present on the server.
e3b8d03817397f5b49bc26d50b3fa75b965fed7f4a833c5876cf701051723720
Red Hat Security Advisory 2016-0441-01 - OpenStack Orchestration is a template-driven engine used to specify and deploy configurations for Compute, Storage, and OpenStack Networking. It can also be used to automate post-deployment actions, which in turn allows automated provisioning of infrastructure, services, and applications. Orchestration can also be integrated with Telemetry alarms to implement auto-scaling for certain infrastructure resources. A vulnerability was discovered in the OpenStack Orchestration service, where a specially formatted template could be used to trick the heat-engine service into opening a local file. Although the file contents are never disclosed to the end user, an OpenStack- authenticated attacker could use this flaw to cause a denial of service or determine whether a given file name is present on the server.
170e7ca57e8d6f20a1ffdd6c2303108e0d0b55a0af1990d2eee10a6011d3f04a
Red Hat Security Advisory 2016-0440-01 - OpenStack Orchestration is a template-driven engine used to specify and deploy configurations for Compute, Storage, and OpenStack Networking. It can also be used to automate post-deployment actions, which in turn allows automated provisioning of infrastructure, services, and applications. Orchestration can also be integrated with Telemetry alarms to implement auto-scaling for certain infrastructure resources. A vulnerability was discovered in the OpenStack Orchestration service, where a specially formatted template could be used to trick the heat-engine service into opening a local file. Although the file contents are never disclosed to the end user, an OpenStack- authenticated attacker could use this flaw to cause a denial of service or determine whether a given file name is present on the server.
2531502b6ebff01ba91ddfc4ec74f7110aeb63feb5d9ed23b0544970e8c9c320
Debian Linux Security Advisory 3516-1 - Multiple vulnerabilities were discovered in the dissectors/parsers for DNP, RSL, LLRP, GSM A-bis OML, ASN 1 BER which could result in denial of service.
883135610877a3feab6c54b824835ee4cc6c7c0cd1aa7134c1e88f7537b25be1
Debian Linux Security Advisory 3515-1 - Multiple vulnerabilities have been found in the Graphite font rendering engine which might result in denial of service or the execution of arbitrary code if a malformed font file is processed.
bcf7651163b924b4e831971e57ba70c8b310b8d547e66d2e0d0d68a9416057d2
Gentoo Linux Security Advisory 201603-6 - Multiple vulnerabilities have been found in FFmpeg, the worst of which could lead to arbitrary code execution or Denial of Service condition. Versions less than 2.6.3 are affected.
18de70edba797a51c3c8ccb26d96c99dbe6bb5407fc277ac947f2cd4c31e9879
Debian Linux Security Advisory 3514-1 - Several vulnerabilities have been discovered in Samba, a SMB/CIFS file, print, and login server for Unix.
2e1edc4684862c32448efa8de999e75547d374c6933165ec33ac77249bf6d9eb
Slackware Security Advisory - New openssh packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues.
6477699d57dfa5022f58dcdb5052861d7681ffefac5c19401d79840a5827107f
Debian Linux Security Advisory 3513-1 - Several vulnerabilities have been discovered in the chromium web browser.
4d096388ce78b5b8cf8a52dc924b1466e2394e2dd454d6aefd068ccebba59aa6
FreeBSD Security Advisory - A cross-protocol attack was discovered that could lead to decryption of TLS sessions by using a server supporting SSLv2 and EXPORT cipher suites as a Bleichenbacher RSA padding oracle. Note that traffic between clients and non-vulnerable servers can be decrypted provided another server supporting SSLv2 and EXPORT ciphers (even with a different protocol such as SMTP, IMAP or POP3) shares the RSA keys of the non-vulnerable server. This vulnerability is known as DROWN. Various other issues were also addressed.
3dc25b95a3b0e894796bebc78d2c22db92393a6b8fa48106e84605e40b76a348
FreeBSD Security Advisory - Testing by ISC has uncovered a defect in control channel input handling which can cause named to exit due to an assertion failure in sexpr.c or alist.c when a malformed packet is sent to named's control channel (the interface which allows named to be controlled using the "rndc" server control utility). An error when parsing signature records for DNAME records having specific properties can lead to named exiting due to an assertion failure in resolver.c or db.c. A remote attacker can deliberately trigger the failed assertion if the DNS server accepts remote rndc commands regardless if authentication is configured. Note that this is not enabled by default. A remote attacker who can cause a server to make a query deliberately chosen to generate a response containing a signature record which would trigger a failed assertion and cause named to stop. Disabling DNSsec does not provide protection against this vulnerability.
511b0fffe4ca8e6584c5c8a182c7a5ff4bb7fa1f2086db6fc678849054b18a03