SECURITY

No Image

USN-3038-1: Apache HTTP Server vulnerability

2016-07-19 KENNETH 0

USN-3038-1: Apache HTTP Server vulnerability Ubuntu Security Notice USN-3038-1 18th July, 2016 apache2 vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Ubuntu 15.10 Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary A security issue was fixed in the Apache HTTP Server. Software description apache2 – Apache HTTP server Details It was discovered that the Apache HTTP Server would set the HTTP_PROXYenvironment variable based on the contents of the Proxy header from HTTPrequests. A remote attacker could possibly use this issue in combinationwith CGI scripts that honour the HTTP_PROXY variable to redirect outgoingHTTP requests. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 16.04 LTS: apache2-bin 2.4.18-2ubuntu3.1 Ubuntu 15.10: apache2-bin 2.4.12-2ubuntu2.1 Ubuntu 14.04 LTS: apache2.2-bin 2.4.7-1ubuntu4.13 Ubuntu 12.04 LTS: apache2.2-bin 2.2.22-1ubuntu1.11 To update your system, please follow [ more… ]

No Image

USN-3023-1: Thunderbird vulnerabilities

2016-07-19 KENNETH 0

USN-3023-1: Thunderbird vulnerabilities Ubuntu Security Notice USN-3023-1 18th July, 2016 thunderbird vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Ubuntu 15.10 Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary Several security issues were fixed in Thunderbird. Software description thunderbird – Mozilla Open Source mail and newsgroup client Details It was discovered that NSPR incorrectly handled memory allocation. If auser were tricked in to opening a specially crafted message, an attackercould potentially exploit this to cause a denial of service viaapplication crash, or execute arbitrary code. (CVE-2016-1951) Christian Holler, Gary Kwong, Jesse Ruderman, Tyson Smith, Timothy Nikkel,Sylvestre Ledru, Julian Seward, Olli Pettay, and Karl Tomlinson,discovered multiple memory safety issues in Thunderbird. If a user weretricked in to opening a specially crafted message, an attacker couldpotentially exploit these to cause a denial of service via applicationcrash, [ more… ]

No Image

RHSA-2016:1420-1: Important: httpd24-httpd security update

2016-07-19 KENNETH 0

RHSA-2016:1420-1: Important: httpd24-httpd security update Red Hat Enterprise Linux: An update for httpd24-httpd is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. CVE-2016-4979, CVE-2016-5387 Source: RHSA-2016:1420-1: Important: httpd24-httpd security update

No Image

RHSA-2016:1421-1: Important: httpd security update

2016-07-19 KENNETH 0

RHSA-2016:1421-1: Important: httpd security update Red Hat Enterprise Linux: An update for httpd is now available for Red Hat Enterprise Linux 5 and Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. CVE-2016-5387 Source: RHSA-2016:1421-1: Important: httpd security update

No Image

RHSA-2016:1422-1: Important: httpd security and bug fix update

2016-07-19 KENNETH 0

RHSA-2016:1422-1: Important: httpd security and bug fix update Red Hat Enterprise Linux: An update for httpd is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. CVE-2016-5387 Source: RHSA-2016:1422-1: Important: httpd security and bug fix update