Red Hat Security Advisory 2017-3315-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. These updated kernel packages include several security issues and numerous bug fixes, some of which you can see below. Space precludes documenting all of these bug fixes in this advisory.
2028823382216b9493c0bf056280c297c2bd677f271814aa58d6cf9f13e8cca5Debian Linux Security Advisory 4052-1 - Adam Collard discovered that Bazaar, an easy to use distributed version control system, did not correctly handle maliciously constructed bzr+ssh URLs, allowing a remote attackers to run an arbitrary shell command.
06de7ebfe4eb54489505eb26fdc2a04dce80457e49b28c9c2119d0190c1fdc38Red Hat Security Advisory 2017-3368-01 - Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm package provides the user-space component for running virtual machines that use KVM. Security Fix: Quick Emulator, compiled with the PC System Emulator with multiboot feature support, is vulnerable to an OOB r/w memory access issue. The issue could occur due to an integer overflow while loading a kernel image during a guest boot. A user or process could use this flaw to potentially achieve arbitrary code execution on a host.
682cd4f9e4229c10932e11b3d2ac23066bdafab617753713cb2ec10632130e20Red Hat Security Advisory 2017-3369-01 - KVM is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. Security Fix: Quick Emulator, compiled with qemu_map_ram_ptr to access guests' RAM block area, is vulnerable to an OOB r/w access issue. The crash can occur if a privileged user inside a guest conducts certain DMA operations, resulting in a DoS.
8772a3e39319b85ec00526ac683eb62611b7a823641c428559c0c26d704e710bDebian Linux Security Advisory 4051-1 - Two vulnerabilities were discovered in cURL, an URL transfer library.
abf8f2192ee54bd891f3a491928912c1fd8e425aa2cf0c71f3258482af29ea8cRed Hat Security Advisory 2017-3295-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix: It was found that the timer functionality in the Linux kernel ALSA subsystem is prone to a race condition between read and ioctl system call handlers, resulting in an uninitialized memory disclosure to user space. A local user could use this flaw to read information belonging to other users.
ec748d31f8d2398f3d79e56a226080b8b5e1a61e3e3e6554dbaa7f83a39f6847Red Hat Security Advisory 2017-3354-01 - Red Hat JBoss BRMS is a business rules management system for the management, storage, creation, modification, and deployment of JBoss Rules. This release of Red Hat JBoss BRMS 6.4.7 serves as a replacement for Red Hat JBoss BRMS 6.4.6, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix: A denial of service vulnerability was discovered in ZooKeeper which allows an attacker to dramatically increase CPU utilization by abusing "wchp/wchc" commands, leading to the server being unable to serve legitimate requests.
65b88debbef2de39ad5456c58be485ebf803c8d40914a6b1ddee02d891692010Red Hat Security Advisory 2017-3355-01 - Red Hat JBoss BPM Suite is a business rules and processes management system for the management, storage, creation, modification, and deployment of JBoss rules and BPMN2-compliant business processes. This release of Red Hat JBoss BPM Suite 6.4.7 serves as a replacement for Red Hat JBoss BPM Suite 6.4.6, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Multiple security issues have been addressed.
0a968c131c0cf64a0e431aaa4b747d7d12b6461c6022d6efe499c75df1517f28Red Hat Security Advisory 2017-3322-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix: It was found that the timer functionality in the Linux kernel ALSA subsystem is prone to a race condition between read and ioctl system call handlers, resulting in an uninitialized memory disclosure to user space. A local user could use this flaw to read information belonging to other users.
4973d71923df5aa9887f8d97bd478129ae45c8f7a2c0eb31d083e45262e11f9dRed Hat Security Advisory 2017-3335-01 - In accordance with the Red Hat Enterprise Linux Errata Support Policy, Advanced Mission Critical for Red Hat Enterprise Linux 6.2 will be retired as of December 31, 2017, and active support will no longer be provided. Accordingly, Red Hat will no longer provide updated packages, including Critical Impact security patches or Urgent Priority bug fixes, for Red Hat Enterprise Linux 6.2 AMC after December 31, 2017.
002395070a9ea0b5d0fa582a7794a228cc412acc4553e1d160febe908f935da1Debian Linux Security Advisory 4050-1 - Multiple vulnerabilities have been discovered in the Xen hypervisor, which could result in denial of service, information leaks, privilege escalation or the execution of arbitrary code.
a529e71e47e45bfddd90466706afd9373a145cba82a1e0b55cb9002972cff57aHipchat for Mac desktop client versions prior to 4.30 suffer from a remote code execution vulnerability.
8d4ee003b008842df1a8bbe4503c53d309960157148ffac1215331883d3d8291Anthony Perard discovered that the Xen virtual block driver did not properly initialize some data structures before passing them to user space. A local attacker in a guest VM could use this to expose sensitive information from the host OS or other guest VMs. Bo Zhang discovered that the netlink wireless configuration interface in the Linux kernel did not properly validate attributes when handling certain requests. A local attacker with the CAP_NET_ADMIN could use this to cause a denial of service (system crash). It was discovered that the nested KVM implementation in the Linux kernel in some situations did not properly prevent second level guests from reading and writing the hardware CR8 register. A local attacker in a guest could use this to cause a denial of service (system crash). Otto Ebeling discovered that the memory manager in the Linux kernel did not properly check the effective UID in some situations. A local attacker could use this to expose sensitive information.
4ac498fe64bdf58c75838bf98a75ded8239a7ff13c95ce564a4824dd91f56222Ubuntu Security Notice 3499-1 - It was discovered that Exim incorrectly handled certain BDAT data headers. A remote attacker could possibly use this issue to cause Exim to crash, resulting in a denial of service.
84f6e7318add2363801a7c087f557e0bfddc5858647315c8653fcfcb594b870eUbuntu Security Notice 3501-1 - It was discovered that libxcursor incorrectly handled certain files. An attacker could use these issues to cause libxcursor to crash, resulting in a denial of service, or possibly execute arbitrary code.
8533f39168f2a2d6205e712f40adfbaf90b4d8e07d352222a21441228524870dUbuntu Security Notice 3500-1 - It was discovered that libXfont incorrectly followed symlinks when opening font files. A local unprivileged user could use this issue to cause the X server to access arbitrary files, including special device files.
b53da59663327cdf80b5b7d9f88bd1b1f437c9713750218a9ffa0d56f2f3808fHipchat Data Center and Hipchat Server suffer from server-side request forgery and remote code execution vulnerabilities.
85ff28883c85d9d50aed28fb22e57f0ab765ebcb2f08baf9a4d008871ee54eb5Ubuntu Security Notice 3498-1 - Alex Nichols discovered that curl incorrectly handled NTLM authentication credentials. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS, Ubuntu 17.04 and Ubuntu 17.10. It was discovered that curl incorrectly handled FTP wildcard matching. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly obtain sensitive information. Various other issues were also addressed.
650767a44353568490e38105acd3e0afe1602b6c2b58241f68d62f5dae049444Ubuntu Security Notice 3497-1 - It was discovered that the Smart Card IO subsystem in OpenJDK did not properly maintain state. An attacker could use this to specially construct an untrusted Java application or applet to gain access to a smart card, bypassing sandbox restrictions. Gaston Traberg discovered that the Serialization component of OpenJDK did not properly limit the amount of memory allocated when performing deserializations. An attacker could use this to cause a denial of service. Various other issues were also addressed.
5b6e1cbb08aebbd2d544357da18dc70e489442ccb7b7c6b9b67ccfd975ff3593Red Hat Security Advisory 2017-3278-01 - Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. Security Fix: A use-after-free flaw was found in the way samba servers handled certain SMB1 requests. An unauthenticated attacker could send specially-crafted SMB1 requests to cause the server to crash or execute arbitrary code.
de1f8ce0c545dd5e721901bd69c8576b25fd91fc7c1a1fc6417acc89c997fbbdRed Hat Security Advisory 2017-3277-01 - The tcmu-runner packages provide a service that handles the complexity of the LIO kernel target's userspace passthrough interface. It presents a C plugin API for extension modules that handle SCSI requests in ways not possible or suitable to be handled by LIO's in-kernel backstores. Security Fix: A flaw was found in the implementation of CheckConfig method in handler_glfs.so of the tcmu-runner daemon. A local, non-root user with access to the D-Bus system bus could send a specially crafted string to CheckConfig method resulting in various kinds of segmentation fault.
aaf6c821ca36f84890f09f4ef1269c388be4499cfef38eeaf3932641c32909bcRed Hat Security Advisory 2017-3270-01 - The Apache Portable Runtime is a portability library used by the Apache HTTP Server and other projects. It provides a free library of C data structures and routines. Security Fix: An out-of-bounds array dereference was found in apr_time_exp_get(). An attacker could abuse an unvalidated usage of this function to cause a denial of service or potentially lead to data leak.
ac092a4be485ac7d15c938e50713a1d1b80f85f242be87121a1bb281cf5c2665Red Hat Security Advisory 2017-3269-01 - The procmail packages contain a mail processing tool that can be used to create mail servers, mailing lists, sort incoming mail into separate folders or files, preprocess mail, start any program upon mail arrival, or automatically forward selected incoming mail. Security Fix: A heap-based buffer overflow flaw was found in procmail's formail utility. A remote attacker could send a specially crafted email that, when processed by formail, could cause formail to crash or, possibly, execute arbitrary code as the user running formail.
5622b099a9dfdea7d27cd19e91fd3673e0d1f340111ff01937ce5596b21a9dafRed Hat Security Advisory 2017-3188-01 - Red Hat OpenShift Container Platform is the company's cloud computing Platform-as-a-Service solution designed for on-premise or private cloud deployments. The OpenShift Container Platform 3.7 Release Notes provides information about new features, bug fixes, and known issues. This advisory contains the RPM packages for this release.
0fe9fc5b2a90021d45b19857908bc1ef158f71fdbebf89369594e79322e8773fRed Hat Security Advisory 2017-3268-01 - IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 7 to version 7R1 SR4-FP15. Security Fix: This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.
4d3f99353fc0df0e6a3b532ab60da83e1644f085c1e6bc829589edb141973576
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed