SECURITY

No Image

USN-3187-1: Linux kernel vulnerabilities

2017-02-03 KENNETH 0

USN-3187-1: Linux kernel vulnerabilities Ubuntu Security Notice USN-3187-1 3rd February, 2017 linux vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 LTS Summary Several security issues were fixed in the kernel. Software description linux – Linux kernel Details Andrey Konovalov discovered that the SCTP implementation in the Linuxkernel improperly handled validation of incoming data. A remote attackercould use this to cause a denial of service (system crash). (CVE-2016-9555) It was discovered that multiple memory leaks existed in the XFSimplementation in the Linux kernel. A local attacker could use this tocause a denial of service (memory consumption). (CVE-2016-9685) Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 12.04 LTS: linux-image-3.2.0-121-powerpc-smp 3.2.0-121.164 linux-image-powerpc-smp 3.2.0.121.136 linux-image-3.2.0-121-highbank 3.2.0-121.164 linux-image-3.2.0-121-powerpc64-smp 3.2.0-121.164 linux-image-3.2.0-121-virtual 3.2.0-121.164 linux-image-3.2.0-121-generic 3.2.0-121.164 linux-image-3.2.0-121-generic-pae 3.2.0-121.164 linux-image-generic-pae 3.2.0.121.136 linux-image-highbank 3.2.0.121.136 linux-image-3.2.0-121-omap [ more… ]

No Image

RHSA-2017:0250-1: Important: jboss-ec2-eap security, bug fix, and enhancement update

2017-02-03 KENNETH 0

RHSA-2017:0250-1: Important: jboss-ec2-eap security, bug fix, and enhancement update Red Hat Enterprise Linux: An update for jboss-ec2-eap is now available for Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. CVE-2016-6816, CVE-2016-7061, CVE-2016-8627, CVE-2016-8656 Source: RHSA-2017:0250-1: Important: jboss-ec2-eap security, bug fix, and enhancement update

No Image

RHSA-2017:0244-1: Important: Red Hat JBoss Enterprise Application Platform security update

2017-02-03 KENNETH 0

RHSA-2017:0244-1: Important: Red Hat JBoss Enterprise Application Platform security update Red Hat Enterprise Linux: An update is now available for Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. CVE-2016-6816, CVE-2016-7061, CVE-2016-8627, CVE-2016-8656 Source: RHSA-2017:0244-1: Important: Red Hat JBoss Enterprise Application Platform security update

No Image

RHSA-2017:0246-1: Important: Red Hat JBoss Enterprise Application Platform security update

2017-02-03 KENNETH 0

RHSA-2017:0246-1: Important: Red Hat JBoss Enterprise Application Platform security update Red Hat Enterprise Linux: An update is now available for Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. CVE-2016-6816, CVE-2016-7061, CVE-2016-8627, CVE-2016-8656 Source: RHSA-2017:0246-1: Important: Red Hat JBoss Enterprise Application Platform security update

No Image

USN-3177-2: Tomcat regression

2017-02-03 KENNETH 0

USN-3177-2: Tomcat regression Ubuntu Security Notice USN-3177-2 2nd February, 2017 tomcat6, tomcat7 regression A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary USN-3177-1 introduced a regression in Tomcat. Software description tomcat6 – Servlet and JSP engine tomcat7 – Servlet and JSP engine Details USN-3177-1 fixed vulnerabilities in Tomcat. The update introduced aregression in environments where Tomcat is started with a security manager.This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that the Tomcat realm implementations incorrectly handled passwords when a username didn't exist. A remote attacker could possibly use this issue to enumerate usernames. This issue only applied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-0762) Alvaro Munoz and Alexander Mirosh discovered that Tomcat incorrectly limited use of a certain [ more… ]