SECURITY

No Image

USN-2992-1: Oxide vulnerabilities

2016-06-07 KENNETH 0

USN-2992-1: Oxide vulnerabilities Ubuntu Security Notice USN-2992-1 6th June, 2016 oxide-qt vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Ubuntu 15.10 Ubuntu 14.04 LTS Summary Several security issues were fixed in Oxide. Software description oxide-qt – Web browser engine for Qt (QML plugin) Details An unspecified security issue was discovered in Blink. If a user weretricked in to opening a specially crafted website, an attacker couldpotentially exploit this to bypass same-origin restrictions.(CVE-2016-1673) An issue was discovered with Document reattachment in Blink in somecircumstances. If a user were tricked in to opening a specially craftedwebsite, an attacker could potentially exploit this to bypass same-originrestrictions. (CVE-2016-1675) A type confusion bug was discovered in V8. If a user were tricked in toopening a specially crafted website, an attacker could potentially exploitthis to obtain sensitive information. (CVE-2016-1677) [ more… ]

No Image

RHSA-2016:1205-1: Important: spice security update

2016-06-07 KENNETH 0

RHSA-2016:1205-1: Important: spice security update Red Hat Enterprise Linux: An update for spice is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. CVE-2016-0749, CVE-2016-2150 Source: RHSA-2016:1205-1: Important: spice security update

No Image

RHSA-2016:1204-1: Important: spice-server security update

2016-06-07 KENNETH 0

RHSA-2016:1204-1: Important: spice-server security update Red Hat Enterprise Linux: An update for spice-server is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. CVE-2016-0749, CVE-2016-2150 Source: RHSA-2016:1204-1: Important: spice-server security update

No Image

RHBA-2016:1202-1: sssd bug fix update

2016-06-03 KENNETH 0

RHBA-2016:1202-1: sssd bug fix update Red Hat Enterprise Linux: Updated sssd packages that fix one bug are now available for Red Hat Enterprise Linux 6.6 Extended Update Support. Source: RHBA-2016:1202-1: sssd bug fix update

No Image

USN-2991-1: nginx vulnerability

2016-06-03 KENNETH 0

USN-2991-1: nginx vulnerability Ubuntu Security Notice USN-2991-1 2nd June, 2016 nginx vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Ubuntu 15.10 Ubuntu 14.04 LTS Summary nginx could be made to crash if it received specially crafted network traffic. Software description nginx – small, powerful, scalable web/proxy server Details It was discovered that nginx incorrectly handled saving client requestbodies to temporary files. A remote attacker could possibly use this issueto cause nginx to crash, resulting in a denial of service. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 16.04 LTS: nginx-extras 1.10.0-0ubuntu0.16.04.2 nginx-full 1.10.0-0ubuntu0.16.04.2 nginx-core 1.10.0-0ubuntu0.16.04.2 nginx-light 1.10.0-0ubuntu0.16.04.2 Ubuntu 15.10: nginx-extras 1.9.3-1ubuntu1.2 nginx-full 1.9.3-1ubuntu1.2 nginx-core 1.9.3-1ubuntu1.2 nginx-light 1.9.3-1ubuntu1.2 Ubuntu 14.04 LTS: nginx-extras 1.4.6-1ubuntu3.5 nginx-full 1.4.6-1ubuntu3.5 nginx-core 1.4.6-1ubuntu3.5 nginx-light 1.4.6-1ubuntu3.5 To update your system, please follow [ more… ]