RHBA-2017:1577-1: kernel bug fix update
RHBA-2017:1577-1: kernel bug fix update Red Hat Enterprise Linux: An update for kernel is now available for Red Hat Enterprise Linux 6. Source: RHBA-2017:1577-1: kernel bug fix update
SECURITY
4033453 – Vulnerability in Azure AD Connect Could Allow Elevation of Privilege – Version: 1.0
4033453 – Vulnerability in Azure AD Connect Could Allow Elevation of Privilege – Version: 1.0 Revision Note: V1.0 (June 27, 2017): Advisory published.Summary: Microsoft is releasing this security advisory to inform customers that a new version of Azure Active Directory (AD) Connect is available that addresses an Important security vulnerability. Source: 4033453 – Vulnerability in Azure AD Connect Could Allow Elevation of Privilege – Version: 1.0
RHSA-2017:1576-1: Important: mercurial security update
RHSA-2017:1576-1: Important: mercurial security update Red Hat Enterprise Linux: An update for mercurial is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. CVE-2017-9462 Source: RHSA-2017:1576-1: Important: mercurial security update
USN-3340-1: Apache HTTP Server vulnerabilities
USN-3340-1: Apache HTTP Server vulnerabilities Ubuntu Security Notice USN-3340-1 26th June, 2017 apache2 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.04 Ubuntu 16.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Several security issues were fixed in Apache HTTP Server. Software description apache2 – Apache HTTP server Details Emmanuel Dreyfus discovered that third-party modules using theap_get_basic_auth_pw() function outside of the authentication phase maylead to authentication requirements being bypassed. This update adds a newap_get_basic_auth_components() function for use by third-party modules.(CVE-2017-3167) Vasileios Panopoulos discovered that the Apache mod_ssl module may crashwhen third-party modules call ap_hook_process_connection() during an HTTPrequest to an HTTPS port. (CVE-2017-3169) Javier Jiménez discovered that the Apache HTTP Server incorrectly handledparsing certain requests. A remote attacker could possibly use this issueto cause the Apache HTTP Server to crash, resulting in a denial of service.(CVE-2017-7668) ChenQin [ more… ]
USN-3339-1: OpenVPN vulnerabilities
USN-3339-1: OpenVPN vulnerabilities Ubuntu Security Notice USN-3339-1 22nd June, 2017 openvpn vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.04 Ubuntu 16.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Several security issues were fixed in OpenVPN. Software description openvpn – virtual private network software Details Karthikeyan Bhargavan and Gaëtan Leurent discovered that 64-bit blockciphers are vulnerable to a birthday attack. A remote attacker couldpossibly use this issue to recover cleartext data. Fixing this issuerequires a configuration change to switch to a different cipher. Thisupdate adds a warning to the log file when a 64-bit block cipher is in use.This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS andUbuntu 16.10. (CVE-2016-6329) It was discovered that OpenVPN incorrectly handled rollover of packet ids.An authenticated remote attacker could use this issue to cause OpenVPN tocrash, resulting in [ more… ]