SECURITY

No Image

RHSA-2017:1838-1: Moderate: rh-postgresql95-postgresql security update

2017-08-01 KENNETH 0

RHSA-2017:1838-1: Moderate: rh-postgresql95-postgresql security update RHN Satellite and Proxy: An update for rh-postgresql95-postgresql is now available for Red Hat Satellite 5.8 and Red Hat Satellite 5.8 ELS. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. This update applies only to Satellite 5.8 instances using either embedded or managed PostgreSQL databases. There are manual steps required in order to finish the migration from postgresql92-postgresql to rh-postgresql95-postgresql. If these steps are not undertaken, the affected Satellite will continue to use PostgreSQL 9.2. postgresql92-postgresql will be upgraded automatically to rh-postgresql95-postgresql as part of an upgrade to Satellite 5.8. CVE-2017-7484, CVE-2017-7485, CVE-2017-7486 Source: RHSA-2017:1838-1: Moderate: rh-postgresql95-postgresql security update

No Image

RHSA-2017:1839-1: Important: rh-eclipse46-jackson-databind security update

2017-08-01 KENNETH 0

RHSA-2017:1839-1: Important: rh-eclipse46-jackson-databind security update Red Hat Enterprise Linux: An update for rh-eclipse46-jackson-databind is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. CVE-2017-7525 Source: RHSA-2017:1839-1: Important: rh-eclipse46-jackson-databind security update

No Image

USN-3372-1: NSS vulnerability

2017-08-01 KENNETH 0

USN-3372-1: NSS vulnerability Ubuntu Security Notice USN-3372-1 31st July, 2017 nss vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 LTS Summary Several security issues were fixed in NSS. Software description nss – Network Security Service library Details It was discovered that NSS incorrectly handled certain empty SSLv2messages. A remote attacker could possibly use this issue to cause NSS tocrash, resulting in a denial of service. (CVE-2017-7502) Karthik Bhargavan and Gaetan Leurent discovered that the DES and Triple DESciphers were vulnerable to birthday attacks. A remote attacker couldpossibly use this flaw to obtain clear text data from long encryptedsessions. This update causes NSS to limit use of the same symmetric key.(CVE-2016-2183) It was discovered that NSS incorrectly handled Base64 decoding. A remoteattacker could use this flaw to cause NSS to crash, resulting in a denialof [ more… ]

No Image

RHSA-2017:1833-1: Important: chromium-browser security update

2017-08-01 KENNETH 0

RHSA-2017:1833-1: Important: chromium-browser security update Red Hat Enterprise Linux: An update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. CVE-2017-5091, CVE-2017-5092, CVE-2017-5093, CVE-2017-5094, CVE-2017-5095, CVE-2017-5096, CVE-2017-5097, CVE-2017-5098, CVE-2017-5099, CVE-2017-5100, CVE-2017-5101, CVE-2017-5102, CVE-2017-5103, CVE-2017-5104, CVE-2017-5105, CVE-2017-5106, CVE-2017-5107, CVE-2017-5108, CVE-2017-5109, CVE-2017-5110, CVE-2017-7000 Source: RHSA-2017:1833-1: Important: chromium-browser security update

No Image

USN-3371-1: Linux kernel (HWE) kernel vulnerabilities

2017-07-29 KENNETH 0

USN-3371-1: Linux kernel (HWE) kernel vulnerabilities Ubuntu Security Notice USN-3371-1 28th July, 2017 linux-hwe vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Summary Several security issues were fixed in the Linux kernel. Software description linux-hwe – Linux hardware enablement (HWE) kernel Details It was discovered that the Linux kernel did not properly initialize a Wake-on-Lan data structure. A local attacker could use this to expose sensitiveinformation (kernel memory). (CVE-2014-9900) Alexander Potapenko discovered a race condition in the Advanced Linux SoundArchitecture (ALSA) subsystem in the Linux kernel. A local attacker coulduse this to expose sensitive information (kernel memory).(CVE-2017-1000380) Li Qiang discovered that the DRM driver for VMware Virtual GPUs in theLinux kernel did not properly validate some ioctl arguments. A localattacker could use this to cause a denial of service (system crash).(CVE-2017-7346) Murray McAllister [ more… ]