Red Hat Security Advisory 2016-0309-01 - OpenStack Image Service provides discovery, registration, and delivery services for disk and server images. The service provides the ability to copy or snapshot a server image, and immediately store it away. Stored images can be used as a template to get new servers up and running quickly and more consistently than installing a server operating system and individually configuring additional services. An authorization vulnerability in OpenStack Image service was discovered, which allowed image-status manipulation using locations. By removing the last location of an image, an authenticated user could change the status from 'active' to 'queue'. A malicious tenant could exploit this flaw to silently replace owned image data, regardless of its original creator or visibility settings. Only environments with show_multiple_locations set to true were affected.
ea535561c42b5bd9d777446c42c01a808de586a69aa8c2f4acfa2d8dbcbca27b
Slackware Security Advisory - New libssh packages are available for Slackware 14.0, 14.1, and -current to fix a security issue.
02c7441014bdd9e0f73350f6d47e292e57e03e9a03b3a1d62206ffdf4d7d9a4f
Debian Linux Security Advisory 3495-1 - Markus Krell discovered that xymon, a network and applications monitoring system, was vulnerable to incorrect data handling, incorrect permissions, and various other security issues.
53a0dba24a61cd8d8b2c08030f630e1b8f8ff722b419c80f9a8acbed492ce294
Debian Linux Security Advisory 3498-1 - Multiple security vulnerabilities have been found in the Drupal content management framework.
d05d759600212f327451853cf50f35c896fca22c35d1590b3a6cb5d8b118e93b
Debian Linux Security Advisory 3499-1 - Multiple security vulnerabilities have been found in Pillow, a Python imaging library, which may result in denial of service or the execution of arbitrary code if a malformed FLI, PCD or Tiff files is processed.
8b910f6671c0e4d3abcf87002c5d7014c4463092d27ad1d60c61cc97b88fdeed
Debian Linux Security Advisory 3496-1 - It was discovered that php-horde-core, a set of classes providing the core functionality of the Horde Application Framework, is prone to a cross-site scripting vulnerability.
fb2e808e2bc1b55e3a678a6bd92bf163b812a242063669eceb2cf4d1b24e361d
Debian Linux Security Advisory 3497-1 - It was discovered that php-horde, a flexible, modular, general-purpose web application framework written in PHP, is prone to a cross-site scripting vulnerability.
0c1655a872704facecb22f051bb6c9eea16caf3f0e87ad0f84b0f0de433a969d
Debian Linux Security Advisory 3494-1 - Two SQL injection vulnerabilities were discovered in cacti, a web interface for graphing of monitoring systems. Specially crafted input can be used by an attacker in parameters of the graphs_new.php script to execute arbitrary SQL commands on the database.
97808cf3529875d4bcd54cfdad0de8a01c508d89587d889ac02eab545d374b0b
Red Hat Security Advisory 2016-0308-01 - RabbitMQ is an implementation of AMQP, the emerging standard for high performance enterprise messaging. The RabbitMQ server is a robust and scalable implementation of an AMQP broker. A cross-site scripting vulnerability was discovered in RabbitMQ, which allowed using api/ path info to inject and receive data. A remote attacker could use this flaw to create an "/api/..." URL, forcing a server error that resulted in the server returning an HTML page with embedded text from the URL. A response-splitting vulnerability was discovered in RabbitMQ. An /api/definitions URL could be specified, which then caused an arbitrary additional header to be returned. A remote attacker could use this flaw to inject arbitrary HTTP headers and possibly gain access to secure data.
5afd04f5b678cbda103db43bf170342e4a739b7757cecdcccbbf96e357abaa44
Ubuntu Security Notice 2908-5 - USN-2908-2 fixed vulnerabilities in the Ubuntu 15.10 Linux kernel backported to Ubuntu 14.04 LTS. An incorrect locking fix caused a regression that broke graphics displays for Ubuntu 14.04 LTS guests running the Ubuntu 15.10 backport kernel within VMWare virtual machines. This update fixes the problem. Various other issues were also addressed.
5e10ec647672807200c174c55a66cdcc9b1b8e1775c7a5dfb35815b6935f9d01
Ubuntu Security Notice 2909-2 - USN-2909-1 fixed vulnerabilities in the Ubuntu 14.10 Linux kernel backported to Ubuntu 14.04 LTS. An incorrect locking fix caused a regression that broke graphics displays for Ubuntu 14.04 LTS guests running the Ubuntu 14.10 backport kernel within VMWare virtual machines. This update fixes the problem. Various other issues were also addressed.
3c3d759a7baed04064d8e1a5aaf0a6c656497f00d2b9bbda49970b61d924499e
Ubuntu Security Notice 2910-2 - USN-2910-1 fixed vulnerabilities in the Ubuntu 15.04 Linux kernel backported to Ubuntu 14.04 LTS. An incorrect locking fix caused a regression that broke graphics displays for Ubuntu 14.04 LTS guests running the Ubuntu 15.04 backport kernel within VMWare virtual machines. This update fixes the problem. Various other issues were also addressed.
1c5860f7d5e5f701a0618aa045b06de9bedc1bdeb2417d42f72a17ed4039636b
Gentoo Linux Security Advisory 201602-3 - Multiple vulnerabilities have been found in libwmf allowing remote attackers to execute arbitrary code or cause Denial of Service. Versions less than 0.2.8.4-r6 are affected.
7fb0b176af2fec4f40b8fe3b3185e69185aa1e07347c160419d8b2bf521e8430
Ubuntu Security Notice 2908-4 - USN-2908-1 fixed vulnerabilities in the Linux kernel for Ubuntu 15.10. An incorrect locking fix caused a regression that broke graphics displays for Ubuntu 15.10 guests running within VMWare virtual machines. This update fixes the problem. Various other issues were also addressed.
2ae3612b5f8c1f000a29250f123157f70e9d98b5ff013458912d9c9b43f07b03
Apple Security Advisory 2016-02-25-1 - Apple TV 7.2.1 is now available and addresses code execution, information disclosure, access bypass, and various other vulnerabilities.
bf6f4fe66d502f5d2cfe52364aee2616a8b6313109616db2da1627ad5a4b40a6
Debian Linux Security Advisory 3492-1 - Daniel Gultsch discovered in Gajim, an XMPP/jabber client. Gajim didn't verify the origin of roster update, allowing an attacker to spoof them and potentially allowing her to intercept messages.
6458ae433eb2d65cf2336d02a0482c8bb4abd3984d7aca3b17a9f73a7114422b
Red Hat Security Advisory 2016-0297-01 - In accordance with the Red Hat CloudForms Support Life Cycle Policy, support will end on February 28, 2017. Red Hat will not provide extended support for this product. Customers are requested to migrate to the newer Red Hat CloudForms product prior to the end of the life cycle for CloudForms 3.0.
904c22b05f19c5f99c4de16fbb194e475d9a3ddc6e10364eda2ee73976d76874
Debian Linux Security Advisory 3493-1 - Gustavo Grieco discovered that xerces-c, a validating XML parser library for C++, mishandles certain kinds of malformed input documents, resulting in buffer overflows during processing and error reporting. These flaws could lead to a denial of service in applications using the xerces-c library, or potentially, to the execution of arbitrary code.
65b274c933d90cefe3382f57ce846303ac98c8a5232db435954e456e7b506eac
HP Security Bulletin HPSBGN03549 1 - HPE IceWall products have addressed stack based buffer overflows in glibc's implementation of getaddrinfo(). These vulnerabilities could be remotely exploited to cause a Denial of Service (DoS) or allow execution of arbitrary code on the host with the permissions of a user running glibc library. Revision 1 of this advisory.
5c0bafbdb117854cb467fe44692de91315ec03062242458e577de6b74ec77e61
Various D-Link and Netgear devices that make use of the FIRMADYNE framework suffer from command injection, buffer overflow, and authentication bypass vulnerabilities.
e1f65451595116919451f722284040e48ed00ae6e1c4227dd28831ce50e8f637
The Linux kernel suffers from multiple privilege escalation vulnerabilities.
0b1307cf1bccf05f7afed496f827ea994587f2a9aabae71db2922ee6a1d127fd
Debian Linux Security Advisory 3491-1 - Multiple security issues have been found in Icedove, Debian's version of integer overflows, buffer overflows and other implementation errors may lead to the execution of arbitrary code or denial of service.
da789ff35efec29f4e4ba6d3ad8fcb7147acd2e8c11c35d4d42e58f5405efaec
The Xerces-C XML parser mishandles certain kinds of malformed input documents, resulting in buffer overflows during processing and error reporting. The overflows can manifest as a segmentation fault or as memory corruption during a parse operation. The bugs allow for a denial of service attack in many applications by an unauthenticated attacker, and could conceivably result in remote code execution. Apache Xerces-C XML Parser library versions prior to 3.1.3 are affected.
f78b373fd91beab5983d07e6a0808ff4c3c1af8dbb9cbeb69a728c93b7f28a6d
Ubuntu Security Notice 2903-2 - USN-2903-1 fixed a vulnerability in NSS. An incorrect package versioning change in Ubuntu 12.04 LTS caused a regression when building software against NSS. This update fixes the problem. Hanno Boeck discovered that NSS incorrectly handled certain division functions, possibly leading to cryptographic weaknesses. This update also refreshes the NSS package to version 3.21 which includes the latest CA certificate bundle, and removes the SPI CA. Various other issues were also addressed.
d3283200efa890107e2802a18cd81e5fbdacb3975b6da21cb9ccb7a1f29a4936
Ubuntu Security Notice 2912-1 - Mariusz Ziulek discovered that libssh incorrectly handled certain packets. A remote attacker could possibly use this issue to cause libssh to crash, resulting in a denial of service. Aris Adamantiadis discovered that libssh incorrectly generated ephemeral secret keys of 128 bits instead of the recommended 1024 or 2048 bits when using the diffie-hellman-group1 and diffie-hellman-group14 methods. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to view sensitive information. Various other issues were also addressed.
64e90d7f17cf676e3947fb61a36d15d6f07e6deabaa7f62a7ebfb2162dfd9513