SECURITY

No Image

RHSA-2016:2137-1: Critical: java-1.7.1-ibm security update

2016-11-02 KENNETH 0

RHSA-2016:2137-1: Critical: java-1.7.1-ibm security update Red Hat Enterprise Linux: An update for java-1.7.1-ibm is now available for Red Hat Enterprise Linux 6 Supplementary and Red Hat Enterprise Linux 7 Supplementary. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. CVE-2016-5542, CVE-2016-5554, CVE-2016-5556, CVE-2016-5573, CVE-2016-5597 Source: RHSA-2016:2137-1: Critical: java-1.7.1-ibm security update

No Image

RHSA-2016:2138-1: Critical: java-1.7.0-ibm security update

2016-11-02 KENNETH 0

RHSA-2016:2138-1: Critical: java-1.7.0-ibm security update Red Hat Enterprise Linux: An update for java-1.7.0-ibm is now available for Red Hat Enterprise Linux 5 Supplementary. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. CVE-2016-5542, CVE-2016-5554, CVE-2016-5556, CVE-2016-5573, CVE-2016-5597 Source: RHSA-2016:2138-1: Critical: java-1.7.0-ibm security update

No Image

USN-3119-1: Bind vulnerability

2016-11-02 KENNETH 0

USN-3119-1: Bind vulnerability Ubuntu Security Notice USN-3119-1 1st November, 2016 bind9 vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary Bind could be made to crash if it received specially crafted network traffic. Software description bind9 – Internet Domain Name Server Details Tony Finch and Marco Davids discovered that Bind incorrectly handledcertain responses containing a DNAME answer. A remote attacker couldpossibly use this issue to cause Bind to crash, resulting in a denial ofservice. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 16.10: bind9 1:9.10.3.dfsg.P4-10.1ubuntu1.1 Ubuntu 16.04 LTS: bind9 1:9.10.3.dfsg.P4-8ubuntu1.2 Ubuntu 14.04 LTS: bind9 1:9.9.5.dfsg-3ubuntu0.10 Ubuntu 12.04 LTS: bind9 1:9.8.1.dfsg.P1-4ubuntu0.19 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will [ more… ]

No Image

RHSA-2016:2135-1: Low: Red Hat Enterprise Linux 6.6 Extended Update Support Retirement Notice

2016-11-02 KENNETH 0

RHSA-2016:2135-1: Low: Red Hat Enterprise Linux 6.6 Extended Update Support Retirement Notice Red Hat Enterprise Linux: This is the final notification for the retirement of Red Hat Enterprise Linux 6.6 Extended Update Support (EUS). This notification applies only to those customers subscribed to the Extended Update Support (EUS) channel for Red Hat Enterprise Linux 6.6. Source: RHSA-2016:2135-1: Low: Red Hat Enterprise Linux 6.6 Extended Update Support Retirement Notice

No Image

USN-3118-1: Mailman vulnerabilities

2016-11-02 KENNETH 0

USN-3118-1: Mailman vulnerabilities Ubuntu Security Notice USN-3118-1 1st November, 2016 mailman vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary Several security issues were fixed in Mailman. Software description mailman – Powerful, web-based mailing list manager Details It was discovered that the Mailman administrative web interface did notprotect against cross-site request forgery (CSRF) attacks. If anauthenticated user were tricked into visiting a malicious website whilelogged into Mailman, a remote attacker could perform administrativeactions. This issue only affected Ubuntu 12.04 LTS. (CVE-2016-7123) Nishant Agarwala discovered that the Mailman user options page did notprotect against cross-site request forgery (CSRF) attacks. If anauthenticated user were tricked into visiting a malicious website whilelogged into Mailman, a remote attacker could modify user options.(CVE-2016-6893) Update instructions The problem can be corrected [ more… ]