No Image

USN-3374-1: RabbitMQ vulnerability

2017-08-01 KENNETH 0

USN-3374-1: RabbitMQ vulnerability Ubuntu Security Notice USN-3374-1 31st July, 2017 rabbitmq-server vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary RabbitMQ could allow unintended access to network services. Software description rabbitmq-server – AMQP server written in Erlang Details It was discovered that RabbitMQ incorrectly handled MQTT (MQ TelemetryTransport) authentication. A remote attacker could use this issue toauthenticate successfully with an existing username by omitting thepassword. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 16.04 LTS: rabbitmq-server 3.5.7-1ubuntu0.16.04.2 Ubuntu 14.04 LTS: rabbitmq-server 3.2.4-1ubuntu0.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2016-9877 Source: USN-3374-1: RabbitMQ vulnerability

No Image

USN-3373-1: Apache HTTP Server vulnerabilities

2017-08-01 KENNETH 0

USN-3373-1: Apache HTTP Server vulnerabilities Ubuntu Security Notice USN-3373-1 31st July, 2017 apache2 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 LTS Summary Several security issues were fixed in Apache HTTP Server. Software description apache2 – Apache HTTP server Details Emmanuel Dreyfus discovered that third-party modules using theap_get_basic_auth_pw() function outside of the authentication phase maylead to authentication requirements being bypassed. This update adds a newap_get_basic_auth_components() function for use by third-party modules.(CVE-2017-3167) Vasileios Panopoulos discovered that the Apache mod_ssl module may crashwhen third-party modules call ap_hook_process_connection() during an HTTPrequest to an HTTPS port. (CVE-2017-3169) Javier Jiménez discovered that the Apache HTTP Server incorrectly handledparsing certain requests. A remote attacker could possibly use this issueto cause the Apache HTTP Server to crash, resulting in a denial of service.(CVE-2017-7668) ChenQin and Hanno Böck discovered that the Apache [ more… ]

No Image

RHSA-2017:1840-1: Important: devtoolset-4-jackson-databind security update

2017-08-01 KENNETH 0

RHSA-2017:1840-1: Important: devtoolset-4-jackson-databind security update Red Hat Enterprise Linux: An update for devtoolset-4-jackson-databind is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. CVE-2017-7525 Source: RHSA-2017:1840-1: Important: devtoolset-4-jackson-databind security update

No Image

RHSA-2017:1839-1: Important: rh-eclipse46-jackson-databind security update

2017-08-01 KENNETH 0

RHSA-2017:1839-1: Important: rh-eclipse46-jackson-databind security update Red Hat Enterprise Linux: An update for rh-eclipse46-jackson-databind is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. CVE-2017-7525 Source: RHSA-2017:1839-1: Important: rh-eclipse46-jackson-databind security update

No Image

RHSA-2017:1838-1: Moderate: rh-postgresql95-postgresql security update

2017-08-01 KENNETH 0

RHSA-2017:1838-1: Moderate: rh-postgresql95-postgresql security update RHN Satellite and Proxy: An update for rh-postgresql95-postgresql is now available for Red Hat Satellite 5.8 and Red Hat Satellite 5.8 ELS. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. This update applies only to Satellite 5.8 instances using either embedded or managed PostgreSQL databases. There are manual steps required in order to finish the migration from postgresql92-postgresql to rh-postgresql95-postgresql. If these steps are not undertaken, the affected Satellite will continue to use PostgreSQL 9.2. postgresql92-postgresql will be upgraded automatically to rh-postgresql95-postgresql as part of an upgrade to Satellite 5.8. CVE-2017-7484, CVE-2017-7485, CVE-2017-7486 Source: RHSA-2017:1838-1: Moderate: rh-postgresql95-postgresql security update