No Image

RHSA-2017:0286-1: Moderate: openssl security update

2017-02-20 KENNETH 0

RHSA-2017:0286-1: Moderate: openssl security update Red Hat Enterprise Linux: An update for openssl is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. CVE-2016-8610, CVE-2017-3731 Source: RHSA-2017:0286-1: Moderate: openssl security update

No Image

USN-3199-2: Python Crypto regression

2017-02-18 KENNETH 0

USN-3199-2: Python Crypto regression Ubuntu Security Notice USN-3199-2 17th February, 2017 Python Crypto regression A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary USN-3199-1 introduced a regression in the Python Cryptography Toolkit which caused programs which relied on the original behavior to fail. Software description python-crypto – cryptographic algorithms and protocols for Python Details USN-3199-1 fixed a vulnerability in the Python Cryptography Toolkit.Unfortunately, various programs depended on the original behavior of the PythonCryptography Toolkit which was altered when fixing the vulnerability. Thisupdate retains the fix for the vulnerability but issues a warning rather thanthrowing an exception. Code which produces this warning should be updatedbecause future versions of the Python Cryptography Toolkit re-introduce theexception. We apologize for the inconvenience. Original advisory details: It was discovered that the ALGnew function in [ more… ]

No Image

USN-3199-1: Python Crypto vulnerability

2017-02-17 KENNETH 0

USN-3199-1: Python Crypto vulnerability Ubuntu Security Notice USN-3199-1 16th February, 2017 Python Crypto vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Programs using the Python Cryptography Toolkit could be made to crash or run programs if they receive specially crafted network traffic or other input. Software description python-crypto – cryptographic algorithms and protocols for Python Details It was discovered that the ALGnew function in block_templace.c in the PythonCryptography Toolkit contained a heap-based buffer overflow vulnerability.A remote attacker could use this flaw to execute arbitrary code by usinga crafted initialization vector parameter. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 16.10: python3-crypto 2.6.1-6ubuntu0.16.10.2 python-crypto 2.6.1-6ubuntu0.16.10.2 Ubuntu 16.04 LTS: python3-crypto 2.6.1-6ubuntu0.16.04.1 python-crypto 2.6.1-6ubuntu0.16.04.1 Ubuntu 14.04 LTS: python3-crypto 2.6.1-4ubuntu0.1 python-crypto 2.6.1-4ubuntu0.1 [ more… ]

No Image

USN-3201-1: Bind vulnerabilities

2017-02-17 KENNETH 0

USN-3201-1: Bind vulnerabilities Ubuntu Security Notice USN-3201-1 16th February, 2017 bind9 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary Bind could be made to crash if it received specially crafted network traffic. Software description bind9 – Internet Domain Name Server Details It was discovered that Bind incorrectly handled rewriting certain queryresponses when using both DNS64 and RPZ. A remote attacker could possiblyuse this issue to cause Bind to crash, resulting in a denial of service. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 16.10: bind9 1:9.10.3.dfsg.P4-10.1ubuntu1.3 Ubuntu 16.04 LTS: bind9 1:9.10.3.dfsg.P4-8ubuntu1.5 Ubuntu 14.04 LTS: bind9 1:9.9.5.dfsg-3ubuntu0.13 Ubuntu 12.04 LTS: bind9 1:9.8.1.dfsg.P1-4ubuntu0.21 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system [ more… ]

No Image

USN-3200-1: WebKitGTK+ vulnerabilities

2017-02-17 KENNETH 0

USN-3200-1: WebKitGTK+ vulnerabilities Ubuntu Security Notice USN-3200-1 16th February, 2017 webkit2gtk vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.10 Ubuntu 16.04 LTS Summary Several security issues were fixed in WebKitGTK+. Software description webkit2gtk – Web content engine library for GTK+ Details A large number of security issues were discovered in the WebKitGTK+ Web andJavaScript engines. If a user were tricked into viewing a maliciouswebsite, a remote attacker could exploit a variety of issues related to webbrowser security, including cross-site scripting attacks, denial of serviceattacks, and arbitrary code execution. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 16.10: libwebkit2gtk-4.0-37 2.14.5-0ubuntu0.16.10.1 libjavascriptcoregtk-4.0-18 2.14.5-0ubuntu0.16.10.1 Ubuntu 16.04 LTS: libwebkit2gtk-4.0-37 2.14.5-0ubuntu0.16.04.1 libjavascriptcoregtk-4.0-18 2.14.5-0ubuntu0.16.04.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. This update uses a new upstream release, which [ more… ]