SECURITY

No Image

USN-3196-1: PHP vulnerabilities

2017-02-15 KENNETH 0

USN-3196-1: PHP vulnerabilities Ubuntu Security Notice USN-3196-1 14th February, 2017 php5 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary Several security issues were fixed in PHP. Software description php5 – HTML-embedded scripting language interpreter Details It was discovered that PHP incorrectly handled certain arguments to thelocale_get_display_name function. A remote attacker could use this issue tocause PHP to crash, resulting in a denial of service, or possibly executearbitrary code. (CVE-2014-9912) It was discovered that PHP incorrectly handled certain invalid objects whenunserializing data. A remote attacker could use this issue to cause PHP tohang, resulting in a denial of service. (CVE-2016-7478) It was discovered that PHP incorrectly handled certain invalid objects whenunserializing data. A remote attacker could use this issue to cause PHP tocrash, resulting in a denial of service, or [ more… ]

No Image

February 2017 security update release

2017-02-15 KENNETH 0

February 2017 security update release Our top priority is to provide the best possible experience for customers in maintaining and protecting their systems. This month, we discovered a last minute issue that could impact some customers and was not resolved in time for our planned updates today. After considering all options, we made the decision to delay this month’s updates. We apologize for any inconvenience caused by this change to the existing plan. MSRC Source: February 2017 security update release

No Image

RHSA-2017:0270-1: Important: kernel security and bug fix update

2017-02-14 KENNETH 0

RHSA-2017:0270-1: Important: kernel security and bug fix update Red Hat Enterprise Linux: An update for kernel is now available for Red Hat Enterprise Linux 7.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. CVE-2016-7117 Source: RHSA-2017:0270-1: Important: kernel security and bug fix update

No Image

RHSA-2017:0269-1: Critical: java-1.7.0-openjdk security update

2017-02-13 KENNETH 0

RHSA-2017:0269-1: Critical: java-1.7.0-openjdk security update Red Hat Enterprise Linux: An update for java-1.7.0-openjdk is now available for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. CVE-2016-5546, CVE-2016-5547, CVE-2016-5548, CVE-2016-5552, CVE-2017-3231, CVE-2017-3241, CVE-2017-3252, CVE-2017-3253, CVE-2017-3261, CVE-2017-3272, CVE-2017-3289 Source: RHSA-2017:0269-1: Critical: java-1.7.0-openjdk security update

No Image

USN-3195-1: Nova-LXD vulnerability

2017-02-10 KENNETH 0

USN-3195-1: Nova-LXD vulnerability Ubuntu Security Notice USN-3195-1 9th February, 2017 nova-lxd vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Summary Nova-LXD could allow unintended access to LXD instances over the network. Software description nova-lxd – Openstack Compute – LXD container hypervisor support Details James Page discovered that Nova-LXD incorrectly set up virtual network deviceswhen creating LXD instances. This could result in an unintended firewallconfiguration. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 16.04 LTS: python-nova-lxd 13.2.0-0ubuntu1.16.04.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes fornew instances. However, existing instances will still be affected and must bemanually updated. References CVE-2017-5936, LP: 1656847 Source: USN-3195-1: Nova-LXD vulnerability