IT Security Alerts Weekly Digest (20 Mar ~ 26 Mar 2016)

1. Vulnerability in Oracle Java SE
[24/03/2016] Vulnerability was identified in the Oracle Java SE. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the system. This vulnerability affects versions 7 Update 97, and 8 Update 73 and 74 of the mentioned product. Security patches are available to resolve this vulnerability.

URL:www.oracle.com/technetwork/topics/security/alert-cve-2016-0636-2949497.html
2. Vulnerabilities in Cisco Products (cisco-sa-20160323-dhcpv6, cisco-sa-20160323-ios-ikev2, cisco-sa-20160323-l4f, cisco-sa-20160323-lisp, cisco-sa-20160323-sip, cisco-sa-20160323-smi)
[24/03/2016] Vulnerabilities were identified in the Cisco IOS, IOS XE, NX-OS and Unified Communications Manager software. An attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and crash the system. These vulnerabilities affect multiple firmware versions of the mentioned products. Security patches are available to resolve these vulnerabilities.

URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160323-dhcpv6
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160323-ios-ikev2
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160323-l4f
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160323-lisp
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160323-sip
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160323-smi
URL:www.hkcert.org/my_url/en/alert/16032401
URL:www.us-cert.gov/ncas/current-activity/2016/03/23/Cisco-Release-Security-Updates
3. Vulnerabilities in F5 Products (SOL06223540, SOL79215841)
[24/03/2016] Vulnerabilities were identified in the F5 BIG-IP LTM, BIG-IP AAM, BIG-IP AFM, BIG-IP Analytics, BIG-IP APM, BIG-IP ASM, BIG-IP DNS, BIG-IP Edge Gateway, BIG-IP GTM, BIG-IP Link Controller, BIG-IP PEM, BIG-IP PSM, BIG-IP WebAccelerator, BIG-IP WOM, Enterprise Manager, BIG-IQ Cloud, BIG-IQ Device, BIG-IQ Security, BIG-IQ ADC, BIG-IQ Centralized Management, BIG-IQ Cloud and Orchestration and LineRate. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the system. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.

URL:support.f5.com/kb/en-us/solutions/public/k/06/sol06223540.html
URL:support.f5.com/kb/en-us/solutions/public/k/79/sol79215841.html
4. Vulnerability in D-Link DWR-932 (111621)
[24/03/2016] Vulnerability was identified in the D-Link DWR-932. An attacker could bypass security restrictions and obtain sensitive information. This vulnerability affects firmware version 4.00 the mentioned product.

URL:exchange.xforce.ibmcloud.com/vulnerabilities/111621
5. Security Updates in Oracle Linux (ELSA-2016-0494, ELSA-2016-0496)
[24/03/2016] Oracle has released security update packages for fixing the vulnerabilities identified in the kernel and git packages for Oracle Linux 6 and 7. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.

URL:linux.oracle.com/errata/ELSA-2016-0494.html
URL:linux.oracle.com/errata/ELSA-2016-0496.html
6. Security Updates in Debian (DSA-3526-1, DSA-3528-1, DSA-3529-1)
[24/03/2016] Debian has released security update packages for fixing the vulnerabilities identified in the libmatroska, pidgin-otr and redmine packages for multiple versions of Debian GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the system.

URL:www.debian.org/security/2016/dsa-3526
URL:www.debian.org/security/2016/dsa-3528
URL:www.debian.org/security/2016/dsa-3529
7. Security Updates in Red Hat Enterprise Linux (RHSA-2016:0495-1, RHSA-2016:0496-1, RHSA-2016:0497-1)
[24/03/2016] Red Hat has released security update packages for fixing the vulnerabilities identified in the nss-util, git and git19-git packages for Red Hat Enterprise Linux 6 and 7, Red Hat Software Collections for RHEL 6 and 7. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.

URL:rhn.redhat.com/errata/RHSA-2016-0495.html
URL:rhn.redhat.com/errata/RHSA-2016-0496.html
URL:rhn.redhat.com/errata/RHSA-2016-0497.html
8. Security Updates in SUSE (openSUSE-SU-2016:0859-1, openSUSE-SU-2016:0865-1, SUSE-SU-2016:0867-1)
[24/03/2016] SUSE has released security update packages for fixing the vulnerabilities identified in the bind, tomcat and rubygem-actionview-4_2 package of openSUSE Leap 42.1, SUSE OpenStack Cloud 6 and SUSE Enterprise Storage 2.1. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and crash the system.

URL:lists.opensuse.org/opensuse-security-announce/2016-03/msg00084.html
URL:lists.opensuse.org/opensuse-security-announce/2016-03/msg00085.html
URL:lists.opensuse.org/opensuse-security-announce/2016-03/msg00086.html
9. Security Updates in Ubuntu GNU/Linux (USN-2939-1)
[24/03/2016] Ubuntu has released security update packages for fixing the vulnerabilities identified in the tiff packages for versions 12.04 LTS, 14.04 LTS and 15.10. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the system.

URL:www.ubuntu.com/usn/usn-2939-1/
10. Vulnerabilities in Novell Products (5237913, 5238651, 5238670, 5238671)
[23/03/2016] Vulnerabilities were identified in the Novell GroupWise, Identity Manager and NetIQ Self Service Password Reset. An attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code and perform cross-site scripting attacks on the system. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.

URL:download.novell.com/Download?buildid=AA7ZB93KAjc~
URL:download.novell.com/Download?buildid=dxd3rzvGvig~
URL:download.novell.com/Download?buildid=wqd_qGNyF7Q~
URL:download.novell.com/Download?buildid=Wxix0_fCdmI~
11. Vulnerabilities in F5 Products (SOL30971148, SOL51518670)
[23/03/2016] Vulnerabilities were identified in the F5 BIG-IP LTM, BIG-IP AAM, BIG-IP AFM, BIG-IP Analytics, BIG-IP APM, BIG-IP ASM, BIG-IP DNS, BIG-IP Edge Gateway, BIG-IP GTM, BIG-IP Link Controller, BIG-IP PEM, BIG-IP PSM, BIG-IP WebAccelerator, BIG-IP WOM, ARX, Enterprise Manager, BIG-IQ Cloud, BIG-IQ Device, BIG-IQ Security, BIG-IQ ADC, BIG-IQ Centralized Management, BIG-IQ Cloud and Orchestration and Traffix SDC. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the system. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.

URL:support.f5.com/kb/en-us/solutions/public/k/30/sol30971148.html
URL:support.f5.com/kb/en-us/solutions/public/k/51/sol51518670.html
12. Vulnerability in Siemens APOGEE Insight (ICSA-16-082-01)
[23/03/2016] Vulnerability was identified in the Siemens APOGEE Insight. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the system. This vulnerability affects multiple versions of the mentioned product.

URL:ics-cert.us-cert.gov/advisories/ICSA-16-082-01
13. Security Updates in Oracle Linux (ELSA-2016-0491, ELSA-2016-0492, ELSA-2016-0493)
[23/03/2016] Oracle has released security update packages for fixing the vulnerabilities identified in the foomatic, tomcat6 and krb5 packages for Oracle Linux 6. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.

URL:linux.oracle.com/errata/ELSA-2016-0491.html
URL:linux.oracle.com/errata/ELSA-2016-0492.html
URL:linux.oracle.com/errata/ELSA-2016-0493.html
14. Security Updates in Debian (DSA-3523-1, DSA-3524-1, DSA-3525-1)
[23/03/2016] Debian has released security update packages for fixing the vulnerabilities identified in the iceweasel, activemq and pixman packages for multiple versions of Debian GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the system.

URL:www.debian.org/security/2016/dsa-3523
URL:www.debian.org/security/2016/dsa-3524
URL:www.debian.org/security/2016/dsa-3525
15. Security Updates in FreeBSD (reeBSD-SA-16:12.openssl, FreeBSD-SA-16:13.bind, FreeBSD-SA-16:14.openssh, FreeBSD-SA-16:15.sysarch)
[23/03/2016] FreeBSD has released security update packages for fixing the vulnerabilities identified in the openssl, bind, OpenSSH and kernel packages for multiple versions of FreeBSD Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.

URL:www.freebsd.org/security/advisories/FreeBSD-SA-16:12.openssl.asc
URL:www.freebsd.org/security/advisories/FreeBSD-SA-16:13.bind.asc
URL:www.freebsd.org/security/advisories/FreeBSD-SA-16:14.openssh.asc
URL:www.freebsd.org/security/advisories/FreeBSD-SA-16:15.sysarch.asc
16. Security Updates in Gentoo Linux (GLSA 201603-01, GLSA 201603-02, GLSA 201603-03, GLSA 201603-04, GLSA 201603-05, GLSA 201603-06, GLSA 201603-07, GLSA 201603-08, GLSA 201603-09, GLSA 201603-10, GLSA 201603-11, GLSA 201603-12, GLSA 201603-13, GLSA 201603-14, GLSA 201603-15)
[23/03/2016] Gentoo has released security update packages for fixing the vulnerabilities identified in the GIMP, OSC, Roundcube, FUSE, LibreOffice, OpenOffice, FFmpeg, Adobe Flash Player, VLC, Chromium, QtGui, Oracle JRE/JDK, FlightGear, SimGear, Libreswan, IcedTea and OpenSSL packages for multiple versions of Gentoo Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.

URL:security.gentoo.org/glsa/201603-01
URL:security.gentoo.org/glsa/201603-02
URL:security.gentoo.org/glsa/201603-03
URL:security.gentoo.org/glsa/201603-04
URL:security.gentoo.org/glsa/201603-05
URL:security.gentoo.org/glsa/201603-06
URL:security.gentoo.org/glsa/201603-07
URL:security.gentoo.org/glsa/201603-08
URL:security.gentoo.org/glsa/201603-09
URL:security.gentoo.org/glsa/201603-10
URL:security.gentoo.org/glsa/201603-11
URL:security.gentoo.org/glsa/201603-12
URL:security.gentoo.org/glsa/201603-13
URL:security.gentoo.org/glsa/201603-14
URL:security.gentoo.org/glsa/201603-15
17. Security Updates in Red Hat Enterprise Linux (RHSA-2016:0491-1, RHSA-2016:0492-1, RHSA-2016:0493-1)
[23/03/2016] Red Hat has released security update packages for fixing the vulnerabilities identified in the foomatic, tomcat6 and krb5 packages for Red Hat Enterprise Linux 6. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.

URL:rhn.redhat.com/errata/RHSA-2016-0491.html
URL:rhn.redhat.com/errata/RHSA-2016-0492.html
URL:rhn.redhat.com/errata/RHSA-2016-0493.html
18. Security Updates in SUSE (SUSE-SU-2016:0854-1)
[23/03/2016] SUSE has released security update packages for fixing the vulnerabilities identified in the rubygem-actionview-4_1 package of SUSE OpenStack Cloud 5. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and crash the system.

URL:lists.opensuse.org/opensuse-security-announce/2016-03/msg00083.html
19. Vulnerabilities in Apple Products (HT206166, HT206167, HT206168, HT206169, HT206171, HT206172, HT206173)
[22/03/2016] Vulnerabilities were identified in multiple Apple Products. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.

URL:support.apple.com/en-us/HT206166
URL:support.apple.com/en-us/HT206167
URL:support.apple.com/en-us/HT206168
URL:support.apple.com/en-us/HT206169
URL:support.apple.com/en-us/HT206171
URL:support.apple.com/en-us/HT206172
URL:support.apple.com/en-us/HT206173
URL:www.hkcert.org/my_url/en/alert/16032201
URL:www.us-cert.gov/ncas/current-activity/2016/03/21/Apple-Releases-Multiple-Security-Updates
20. Vulnerability in IBM WebSphere Application Server (1978293)
[22/03/2016] Vulnerability was identified in the IBM WebSphere Application Server. An attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code and perform cross-site scripting attacks on the system. This vulnerability affects versions prior to 8.5.5.9 of the mentioned product. Security patches are available to resolve this vulnerability.

URL:www.ibm.com/support/docview.wss?uid=swg21978293
URL:exchange.xforce.ibmcloud.com/vulnerabilities/111229
21. Vulnerabilities in Moodle
[22/03/2016] Vulnerabilities were identified in the Moodle. An attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code and perform cross-site scripting attacks on the system. These vulnerabilities affect versions prior to 2.7.13, 2.8.11, 2.9.5 or 3.0.3 of the mentioned product. Security patches are available to resolve these vulnerabilities.

URL:www.hkcert.org/my_url/en/alert/16032202
22. Vulnerability in PCRE and PCRE2 (111583)
[22/03/2016] Vulnerability was identified in the PCRE and PCRE2. An attacker could bypass security restrictions, execute arbitrary code, cause a denial of service condition and crash the system. This vulnerability affects versions prior to 8.39 of PCRE and 10.22 of PCRE2. Security patches are available to resolve this vulnerability.

URL:exchange.xforce.ibmcloud.com/vulnerabilities/111583
23. Security Updates in Oracle Linux (ELSA-2016-0465, ELSA-2016-0466)
[22/03/2016] Oracle has released security update packages for fixing the vulnerabilities identified in the openssh packages for Oracle Linux 6 and 7. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code and perform password guessing attacks.

URL:linux.oracle.com/errata/ELSA-2016-0465.html
URL:linux.oracle.com/errata/ELSA-2016-0466.html
24. Security Updates in Red Hat Enterprise Linux (RHSA-2016:0465-1, RHSA-2016:0466-1)
[22/03/2016] Red Hat has released security update packages for fixing the vulnerabilities identified in the openssh packages for Red Hat Enterprise Linux 6 and 7. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code and perform password guessing attacks.

URL:rhn.redhat.com/errata/RHSA-2016-0465.html
URL:rhn.redhat.com/errata/RHSA-2016-0466.html
25. Security Updates in SUSE (SUSE-SU-2016:0837-1, SUSE-SU-2016:0839-1)
[22/03/2016] SUSE has released security update packages for fixing the vulnerabilities identified in the samba and tomcat6 packages of SUSE Linux Enterprise 11. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.

URL:lists.opensuse.org/opensuse-security-announce/2016-03/msg00081.html
URL:lists.opensuse.org/opensuse-security-announce/2016-03/msg00082.html
26. Security Updates in Ubuntu GNU/Linux (USN-2937-1, USN-2938-1)
[22/03/2016] Ubuntu has released security update packages for fixing the vulnerabilities identified in the webkitgtk and git packages for versions 12.04 LTS, 14.04 LTS and 15.10. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the system.

URL:www.ubuntu.com/usn/usn-2937-1/
URL:www.ubuntu.com/usn/usn-2938-1/
27. Security Updates in Debian (DSA-3519-1, DSA-3520-1, DSA-3521-1, DSA-3522-1)
[21/03/2016] Debian has released security update packages for fixing the vulnerabilities identified in the xen, icedove, git and squid3 packages for multiple versions of Debian GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the system.

URL:www.debian.org/security/2016/dsa-3519
URL:www.debian.org/security/2016/dsa-3520
URL:www.debian.org/security/2016/dsa-3521
URL:www.debian.org/security/2016/dsa-3522
28. Security Updates in Slackware (SSA:2016-078-01, SSA:2016-078-02)
[21/03/2016] Slackware has released security update packages for fixing the vulnerabilities identified in the git and mozilla-thunderbird packages for multiple versions of Slackware Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.

URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.360229
URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.512254
29. Security Updates in SUSE (openSUSE-SU-2016:0813-1, SUSE-SU-2016:0814-1, SUSE-SU-2016:0816-1, openSUSE-SU-2016:0817-1, openSUSE-SU-2016:0818-1, SUSE-SU-2016:0820-1, SUSE-SU-2016:0822-1, SUSE-SU-2016:0825-1, openSUSE-SU-2016:0826-1, openSUSE-SU-2016:0827-1, openSUSE-SU-2016:0828-1, openSUSE-SU-2016:0829-1, openSUSE-SU-2016:0830-1, openSUSE-SU-2016:0831-1, openSUSE-SU-2016:0832-1, openSUSE-SU-2016:0833-1, openSUSE-SU-2016:0834-1, openSUSE-SU-2016:0835-1)
[21/03/2016] SUSE has released security update packages for fixing the vulnerabilities identified in the samba, Chromium, MozillaFirefox, tomcat, bind, git, cgit, bsh2 and rubygem-actionpack-3_2 packages of SUSE Linux Enterprise 10, 11 and 12, openSUSE 13.1, 13.2, Evergreen 11.4 and Leap 42.1. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.

URL:lists.opensuse.org/opensuse-security-announce/2016-03/msg00063.html
URL:lists.opensuse.org/opensuse-security-announce/2016-03/msg00064.html
URL:lists.opensuse.org/opensuse-security-announce/2016-03/msg00065.html
URL:lists.opensuse.org/opensuse-security-announce/2016-03/msg00066.html
URL:lists.opensuse.org/opensuse-security-announce/2016-03/msg00067.html
URL:lists.opensuse.org/opensuse-security-announce/2016-03/msg00068.html
URL:lists.opensuse.org/opensuse-security-announce/2016-03/msg00069.html
URL:lists.opensuse.org/opensuse-security-announce/2016-03/msg00070.html
URL:lists.opensuse.org/opensuse-security-announce/2016-03/msg00071.html
URL:lists.opensuse.org/opensuse-security-announce/2016-03/msg00072.html
URL:lists.opensuse.org/opensuse-security-announce/2016-03/msg00073.html
URL:lists.opensuse.org/opensuse-security-announce/2016-03/msg00074.html
URL:lists.opensuse.org/opensuse-security-announce/2016-03/msg00075.html
URL:lists.opensuse.org/opensuse-security-announce/2016-03/msg00076.html
URL:lists.opensuse.org/opensuse-security-announce/2016-03/msg00077.html
URL:lists.opensuse.org/opensuse-security-announce/2016-03/msg00078.html
URL:lists.opensuse.org/opensuse-security-announce/2016-03/msg00079.html
URL:lists.opensuse.org/opensuse-security-announce/2016-03/msg00080.html
30. Security Updates in Ubuntu GNU/Linux (USN-2935-3)
[21/03/2016] Ubuntu has released security update packages for fixing the vulnerabilities identified in the linux, linux-lts-wily and linux-raspi2 packages for versions 14.04 LTS and 15.10. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.

URL:www.ubuntu.com/usn/usn-2930-1/
URL:www.ubuntu.com/usn/usn-2930-2/
URL:www.ubuntu.com/usn/usn-2930-3/

IT Security Alerts Weekly Digest (13 Mar ~ 19 Mar 2016)

1. Vulnerabilities in HP System Management Homepage (c05045763)
[18/03/2016] Vulnerabilities were identified in the HP System Management Homepage. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system. These vulnerabilities affect versions prior to 7.5.4 of the mentioned product. Security patches are available to resolve these vulnerabilities.

URL:h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05045763
URL:exchange.xforce.ibmcloud.com/vulnerabilities/111543
URL:exchange.xforce.ibmcloud.com/vulnerabilities/111544
URL:exchange.xforce.ibmcloud.com/vulnerabilities/111545
URL:exchange.xforce.ibmcloud.com/vulnerabilities/111546
2. Vulnerabilities in Symantec Endpoint Protection (SYM16-003)
[18/03/2016] Vulnerabilities were identified in the Symantec Endpoint Protection Manager and Client. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges and execute arbitrary code. These vulnerabilities affect versions prior to 12.1-RU6-MP4 of the mentioned products. Security patches are available to resolve these vulnerabilities.

URL:www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2016&suid=20160317_00
URL:www.us-cert.gov/ncas/current-activity/2016/03/17/Symantec-Releases-Security-Update
3. Vulnerability in Novell Messenger (5238163)
[18/03/2016] Vulnerability was identified in the Novell Messenger. An attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and compromise the system. This vulnerability affects versions prior to 3.0 Support Pack 3 of the mentioned product. Security patches are available to resolve this vulnerability.

URL:download.novell.com/Download?buildid=cAaN50isaQQ~
4. Vulnerability in ABB Panel Builder 800 (ICSA-16-077-01)
[18/03/2016] Vulnerability was identified in the ABB Panel Builder 800. An attacker could bypass security restrictions and execute arbitrary code on the system. This vulnerability affects versions prior to 6.0 of the mentioned product. Security patches are available to resolve this vulnerability.

URL:ics-cert.us-cert.gov/advisories/ICSA-16-077-01
5. Vulnerability in FreeBSD kernel (111527)
[18/03/2016] Vulnerability was identified in the FreeBSD kernel. An attacker could bypass security restrictions, execute arbitrary code, cause a denial of service condition and crash the system. This vulnerability affects versions prior to 10.2.0 of the mentioned product. Security patches are available to resolve this vulnerability.

URL:exchange.xforce.ibmcloud.com/vulnerabilities/111527
6. Vulnerabilities in GIT (111523, 111524)
[18/03/2016] Vulnerabilities were identified in the GIT. An attacker could bypass security restrictions and execute arbitrary code on the system. These vulnerabilities affect versions prior to 2.8.0-rc3 of the mentioned products. Security patches are available to resolve these vulnerabilities.

URL:exchange.xforce.ibmcloud.com/vulnerabilities/111523
URL:exchange.xforce.ibmcloud.com/vulnerabilities/111524
7. Vulnerabilities in PHP (111540, 111541, 111542)
[18/03/2016] Vulnerabilities were identified in the PHP. An attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and crash the system. These vulnerabilities affect versions prior to 5.6.13, 5.5.29 or 5.4.45 of the mentioned products. Security patches are available to resolve these vulnerabilities.

URL:exchange.xforce.ibmcloud.com/vulnerabilities/111540
URL:exchange.xforce.ibmcloud.com/vulnerabilities/111541
URL:exchange.xforce.ibmcloud.com/vulnerabilities/111542
8. Security Updates in Slackware (SSA:2016-077-01)
[18/03/2016] Slackware has released security update packages for fixing the vulnerabilities identified in the mozilla-firefox packages for multiple versions of Slackware Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.

URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.356369
9. Security Updates in SUSE (openSUSE-SU-2016:0802-1, openSUSE-SU-2016:0803-1)
[18/03/2016] SUSE has released security update packages for fixing the vulnerabilities identified in the git and cgit packages of openSUSE 13.2 and Leap 42.1. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and crash the system.

URL:lists.opensuse.org/opensuse-security-announce/2016-03/msg00061.html
URL:lists.opensuse.org/opensuse-security-announce/2016-03/msg00062.html
10. Security Updates in Ubuntu GNU/Linux (USN-2935-3)
[18/03/2016] Ubuntu has released security update packages for fixing the vulnerabilities identified in the pam packages for version 12.04 LTS. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the system.

URL:www.ubuntu.com/usn/usn-2935-3/
11. Vulnerabilities in Apache Struts (S2-028, S2-029, S2-030)
[17/03/2016] Vulnerabilities were identified in the Apache Struts. An attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code and perform cross-site scripting (XSS) attacks. These vulnerabilities affect versions prior to 2.3.25 of the mentioned products. Security patches are available to resolve these vulnerabilities.

URL:struts.apache.org/docs/s2-028.html
URL:struts.apache.org/docs/s2-029.html
URL:struts.apache.org/docs/s2-030.html
URL:exchange.xforce.ibmcloud.com/vulnerabilities/111513
URL:exchange.xforce.ibmcloud.com/vulnerabilities/111514
URL:exchange.xforce.ibmcloud.com/vulnerabilities/111515
12. Vulnerability in HP ArcSight ESM and ESM Express (c05048753)
[17/03/2016] Vulnerability was identified in the HP ArcSight ESM and ESM Express. An attacker could bypass security restrictions and obtain sensitive information. This vulnerability affects multiple versions of the mentioned products. Security patches are available to resolve this vulnerability.

URL:h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05048753
URL:exchange.xforce.ibmcloud.com/vulnerabilities/111522
13. Vulnerabilities in VMware Products (VMSA-2016-0003)
[17/03/2016] Vulnerabilities were identified in the VMware vRealize Automation and vRealize Business Advanced and Enterprise. An attacker could bypass security restrictions, execute arbitrary code and perform cross-site scripting (XSS) attacks. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.

URL:www.vmware.com/security/advisories/VMSA-2016-0003.html
URL:www.us-cert.gov/ncas/current-activity/2016/03/16/VMware-Releases-Security-Updates-0
URL:exchange.xforce.ibmcloud.com/vulnerabilities/111517
URL:exchange.xforce.ibmcloud.com/vulnerabilities/111518
14. Vulnerability in Siemens SIMATIC S7-1200 (ICSA-16-075-01)
[17/03/2016] Vulnerability was identified in the Siemens SIMATIC S7-1200. An attacker could bypass security restrictions, execute arbitrary code, cause a denial of service condition and crash the system. This vulnerability affects firmware versions prior to V4.0 of the mentioned product. Security patches are available to resolve this vulnerability.

URL:ics-cert.us-cert.gov/advisories/ICSA-16-075-01
URL:exchange.xforce.ibmcloud.com/vulnerabilities/111516
15. Vulnerability in Xen (XSA-171)
[17/03/2016] Vulnerability was identified in the Xen. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the system. This vulnerability affects multiple versions of the mentioned product. Security patches are available to resolve this vulnerability.

URL:xenbits.xen.org/xsa/advisory-171.html
URL:exchange.xforce.ibmcloud.com/vulnerabilities/111520
16. Security Updates in Oracle Linux (ELSA-2016-0450, ELSA-2016-0450-1, ELSA-2016-0458, ELSA-2016-0459, ELSA-2016-0460)
[17/03/2016] Oracle has released security update packages for fixing the vulnerabilities identified in the kernel, bind97, bind and thunderbird packages for Oracle Linux 5, 6 and 7. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and compromise the system.

URL:linux.oracle.com/errata/ELSA-2016-0450.html
URL:linux.oracle.com/errata/ELSA-2016-0450-1.html
URL:linux.oracle.com/errata/ELSA-2016-0458.html
URL:linux.oracle.com/errata/ELSA-2016-0459.html
URL:linux.oracle.com/errata/ELSA-2016-0460.html
17. Security Updates in Debian (DSA-3518-1)
[17/03/2016] Debian has released security update packages for fixing the vulnerabilities identified in the spip packages for multiple versions of Debian GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions and execute arbitrary code.

URL:www.debian.org/security/2016/dsa-3518
18. Security Updates in Red Hat Enterprise Linux (RHSA-2016:0458-1, RHSA-2016:0459-1, RHSA-2016:0460-1)
[17/03/2016] Red Hat has released security update packages for fixing the vulnerabilities identified in the bind97, bind and thunderbird packages for Red Hat Enterprise Linux 5, 6 and 7. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.

URL:rhn.redhat.com/errata/RHSA-2016-0458.html
URL:rhn.redhat.com/errata/RHSA-2016-0459.html
URL:rhn.redhat.com/errata/RHSA-2016-0460.html
19. Security Updates in Mageia (MGASA-2016-0111, MGASA-2016-0112, MGASA-2016-0113, MGASA-2016-0114, MGASA-2016-0115)
[17/03/2016] Mageia has released security update packages for fixing the vulnerabilities identified in the shotwell, halibut, putty, dropbear, rootcerts, nss, thunderbird and thunderbird-l10n packages for multiple versions of Mageia. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.

URL:advisories.mageia.org/MGASA-2016-0111.html
URL:advisories.mageia.org/MGASA-2016-0112.html
URL:advisories.mageia.org/MGASA-2016-0113.html
URL:advisories.mageia.org/MGASA-2016-0114.html
URL:advisories.mageia.org/MGASA-2016-0115.html
20. Security Updates in SUSE (SUSE-SU-2016:0785-1, SUSE-SU-2016:0786-1, openSUSE-SU-2016:0788-1, openSUSE-SU-2016:0790-1, openSUSE-SU-2016:0791-1, SUSE-SU-2016:0796-1, SUSE-SU-2016:0798-1)
[17/03/2016] SUSE has released security update packages for fixing the vulnerabilities identified in the Linux Kernel, sles12-docker-image, bsh2, rubygem-actionview-4_2, graphite2 and git packages of SUSE Linux Enterprise 11 and 12, openSUSE 13.2 and Leap 42.1. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.

URL:lists.opensuse.org/opensuse-security-announce/2016-03/msg00054.html
URL:lists.opensuse.org/opensuse-security-announce/2016-03/msg00055.html
URL:lists.opensuse.org/opensuse-security-announce/2016-03/msg00056.html
URL:lists.opensuse.org/opensuse-security-announce/2016-03/msg00057.html
URL:lists.opensuse.org/opensuse-security-announce/2016-03/msg00058.html
URL:lists.opensuse.org/opensuse-security-announce/2016-03/msg00059.html
URL:lists.opensuse.org/opensuse-security-announce/2016-03/msg00060.html
21. Security Updates in Ubuntu GNU/Linux (USN-2930-3, USN-2935-1, USN-2935-2)
[17/03/2016] Ubuntu has released security update packages for fixing the vulnerabilities identified in the linux-raspi2 and pam packages for versions 12.04 LTS, 14.04 LTS and 15.10. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.

URL:www.ubuntu.com/usn/usn-2930-3/
URL:www.ubuntu.com/usn/usn-2935-1/
URL:www.ubuntu.com/usn/usn-2935-2/
22. Vulnerabilities in HP ArcSight ESM and ESM Express (c05048452)
[16/03/2016] Vulnerabilities were identified in the HP ArcSight ESM and ESM Express. An attacker could bypass security restrictions, obtain sensitive information and execute arbitrary code on the system. These vulnerabilities affects multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.

URL:h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05048452
URL:exchange.xforce.ibmcloud.com/vulnerabilities/111476
URL:exchange.xforce.ibmcloud.com/vulnerabilities/111477
23. Security Updates in Oracle Linux (ELSA-2016-0448, ELSA-2016-0449)
[16/03/2016] Oracle has released security update packages for fixing the vulnerabilities identified in the samba and samba4 packages for Oracle Linux 6 and 7. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and crash the system.

URL:linux.oracle.com/errata/ELSA-2016-0448.html
URL:linux.oracle.com/errata/ELSA-2016-0449.html
24. Security Updates in Red Hat Enterprise Linux (RHSA-2016:0447-1, RHSA-2016:0448-1, RHSA-2016:0449-1, RHSA-2016:0450-1, RHSA-2016:0454-1, RHSA-2016:0455-1)
[16/03/2016] Red Hat has released security update packages for fixing the vulnerabilities identified in the samba, samba4, kernel, ror40-rubygem-actionpack, ror40-rubygem-activerecord, ruby193-rubygem-actionpack and ruby193-rubygem-activerecord packages for Red Hat Enterprise Linux 5, 6 and 7, Red Hat Gluster Storage 3.1 for Red Hat Enterprise Linux 6 and 7, Red Hat Software Collections 1 for RHEL 6 and 7. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.

URL:rhn.redhat.com/errata/RHSA-2016-0447.html
URL:rhn.redhat.com/errata/RHSA-2016-0448.html
URL:rhn.redhat.com/errata/RHSA-2016-0449.html
URL:rhn.redhat.com/errata/RHSA-2016-0450.html
URL:rhn.redhat.com/errata/RHSA-2016-0454.html
URL:rhn.redhat.com/errata/RHSA-2016-0455.html
25. Security Updates in Slackware (SSA:2016-075-01, SSA:2016-075-02)
[16/03/2016] Slackware has released security update packages for fixing the vulnerabilities identified in the git and seamonkey packages for multiple versions of Slackware Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.

URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.416864
URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.499727
26. Security Updates in SUSE (SUSE-SU-2016:0745-1, SUSE-SU-2016:0746-1, SUSE-SU-2016:0747-1, SUSE-SU-2016:0748-1, SUSE-SU-2016:0749-1, SUSE-SU-2016:0750-1, SUSE-SU-2016:0751-1, SUSE-SU-2016:0752-1, SUSE-SU-2016:0753-1, SUSE-SU-2016:0754-1, SUSE-SU-2016:0755-1, SUSE-SU-2016:0756-1, SUSE-SU-2016:0757-1, SUSE-SU-2016:0759-1, SUSE-SU-2016:0769-1, SUSE-SU-2016:0770-1, SUSE-SU-2016:0776-1, SUSE-SU-2016:0777-1, SUSE-SU-2016:0778-1, SUSE-SU-2016:0779-1, SUSE-SU-2016:0780-1)
[16/03/2016] SUSE has released security update packages for fixing the vulnerabilities identified in the kernel, sles12sp1-docker-image, bind, tomcat, java-1_6_0-ibm, mozillaFirefox, mozilla-nspr, mozilla-nss, sles11sp4-docker-image and graphite2 packages of SUSE Linux Enterprise 10, 11 and 12. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.

URL:lists.opensuse.org/opensuse-security-announce/2016-03/msg00033.html
URL:lists.opensuse.org/opensuse-security-announce/2016-03/msg00034.html
URL:lists.opensuse.org/opensuse-security-announce/2016-03/msg00035.html
URL:lists.opensuse.org/opensuse-security-announce/2016-03/msg00036.html
URL:lists.opensuse.org/opensuse-security-announce/2016-03/msg00037.html
URL:lists.opensuse.org/opensuse-security-announce/2016-03/msg00038.html
URL:lists.opensuse.org/opensuse-security-announce/2016-03/msg00039.html
URL:lists.opensuse.org/opensuse-security-announce/2016-03/msg00040.html
URL:lists.opensuse.org/opensuse-security-announce/2016-03/msg00041.html
URL:lists.opensuse.org/opensuse-security-announce/2016-03/msg00042.html
URL:lists.opensuse.org/opensuse-security-announce/2016-03/msg00043.html
URL:lists.opensuse.org/opensuse-security-announce/2016-03/msg00044.html
URL:lists.opensuse.org/opensuse-security-announce/2016-03/msg00045.html
URL:lists.opensuse.org/opensuse-security-announce/2016-03/msg00046.html
URL:lists.opensuse.org/opensuse-security-announce/2016-03/msg00047.html
URL:lists.opensuse.org/opensuse-security-announce/2016-03/msg00048.html
URL:lists.opensuse.org/opensuse-security-announce/2016-03/msg00049.html
URL:lists.opensuse.org/opensuse-security-announce/2016-03/msg00050.html
URL:lists.opensuse.org/opensuse-security-announce/2016-03/msg00051.html
URL:lists.opensuse.org/opensuse-security-announce/2016-03/msg00052.html
URL:lists.opensuse.org/opensuse-security-announce/2016-03/msg00053.html
27. Security Updates in Ubuntu GNU/Linux (USN-2933-1)
[16/03/2016] Ubuntu has released security update packages for fixing the vulnerabilities identified in the exim4 packages for versions 12.04 LTS, 14.04 LTS and 15.10. Due to multiple errors, an attacker could bypass security restrictions, execute arbitrary code, cause a denial of service condition and crash the system.

URL:www.ubuntu.com/usn/usn-2933-1/
28. Vulnerability in Juniper Products (JSA10722)
[15/03/2016] Vulnerability was identified in the Juniper ScreenOS, STRM/JSA Series and WLC Wireless LAN Controller. An attacker could obtain sensitive information. This vulnerability affects multiple versions of the mentioned products.

URL:kb.juniper.net/InfoCenter/index?page=content&id=JSA10722
29. Vulnerabilities in Linux Kernel (111452, 111453, 111454, 111459)
[15/03/2016] Vulnerabilities were identified in the Linux Kernel. An attacker could cause a denial of service condition and crash the system. These vulnerabilities affects multiple versions of the mentioned product.

URL:exchange.xforce.ibmcloud.com/vulnerabilities/111452
URL:exchange.xforce.ibmcloud.com/vulnerabilities/111453
URL:exchange.xforce.ibmcloud.com/vulnerabilities/111454
URL:exchange.xforce.ibmcloud.com/vulnerabilities/111459
30. Vulnerabilities in PHP (111456, 111457)
[15/03/2016] Vulnerabilities were identified in the PHP. An attacker could execute arbitrary code. These vulnerabilities affects version 5.5.32 of the mentioned product. Security patches are available to resolve these vulnerabilities.

URL:exchange.xforce.ibmcloud.com/vulnerabilities/111456
URL:exchange.xforce.ibmcloud.com/vulnerabilities/111457
31. Vulnerabilities in extensions for TYPO3 (111445, 111446)
[15/03/2016] Vulnerabilities were identified in the Another simple gallery and phpMyAdmin extensions for TYPO3. An attacker could perform code injection and cross-site scripting attacks. These vulnerabilities affects multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.

URL:exchange.xforce.ibmcloud.com/vulnerabilities/111445
URL:exchange.xforce.ibmcloud.com/vulnerabilities/111446
32. Security Updates in Debian (DSA-3516-1, DSA-3517-1)
[15/03/2016] Debian has released security update packages for fixing the vulnerabilities identified in the wireshark and exim4 packages for multiple versions of Debian GNU/Linux. Due to multiple errors, an attacker could cause a denial of service condition and gain elevated privileges.

URL:www.debian.org/security/2016/dsa-3516
URL:www.debian.org/security/2016/dsa-3517
33. Security Updates in Red Hat Enterprise Linux (RHSA-2016:0364-2, RHSA-2016:0365-2, RHSA-2016:0366-2, RHSA-2016:0440-1, RHSA-2016:0441-1, RHSA-2016:0442-1)
[15/03/2016] Red Hat has released security update packages for fixing the vulnerabilities identified in the openstack-nova and OpenStack Orchestration packages for Red Hat Enterprise Linux OpenStack Platform 5.0 and 6.0 for RHEL 6 and 7. Due to multiple errors, an attacker obtain sensitive information and cause a denial of service condition.

URL:rhn.redhat.com/errata/RHSA-2016-0364.html
URL:rhn.redhat.com/errata/RHSA-2016-0365.html
URL:rhn.redhat.com/errata/RHSA-2016-0366.html
URL:rhn.redhat.com/errata/RHSA-2016-0440.html
URL:rhn.redhat.com/errata/RHSA-2016-0441.html
URL:rhn.redhat.com/errata/RHSA-2016-0442.html
34. Security Updates in Ubuntu GNU/Linux (USN-2927-1, USN-2928-1, USN-2928-2, USN-2929-1, USN-2929-2, USN-2930-1, USN-2930-2, USN-2931-1, USN-2932-1)
[15/03/2016] Ubuntu has released security update packages for fixing the vulnerabilities identified in the graphite2 and Linux kernel packages for versions 12.04 LTS, 14.04 LTS and 15.10. Due to multiple errors, an attacker could obtain sensitive information, execute arbitrary code, cause a denial of service condition and crash the system.

URL:www.ubuntu.com/usn/usn-2927-1/
URL:www.ubuntu.com/usn/usn-2928-1/
URL:www.ubuntu.com/usn/usn-2928-2/
URL:www.ubuntu.com/usn/usn-2929-1/
URL:www.ubuntu.com/usn/usn-2929-2/
URL:www.ubuntu.com/usn/usn-2930-1/
URL:www.ubuntu.com/usn/usn-2930-2/
URL:www.ubuntu.com/usn/usn-2931-1/
URL:www.ubuntu.com/usn/usn-2932-1/
35. Vulnerabilities in Cisco Products (cisco-sa-20160310-prime-lms, cisco-sa-20160311-gsr)
[14/03/2016] Vulnerabilities were identified in the Cisco Prime LAN Management Solution (LMS) and Cisco Gigabit Switch Router (GSR) 12000 Series Routers. An attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and crash the system. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.

URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160310-prime-lms
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160311-gsr
URL:exchange.xforce.ibmcloud.com/vulnerabilities/111443
URL:exchange.xforce.ibmcloud.com/vulnerabilities/111444
36. Vulnerability in Schneider Electric Telvent RTU (ICSA-16-070-01)
[14/03/2016] Vulnerability was identified in the Schneider Electric Telvent RTU. An attacker could bypass security restrictions and obtain sensitive information. This vulnerability affects multiple firmware versions of the mentioned product.

URL:ics-cert.us-cert.gov/advisories/ICSA-16-070-01
37. Vulnerability in DTE Energy Insight (VU#713312)
[14/03/2016] Vulnerability was identified in the DTE Energy Insight. An attacker could bypass security restrictions and obtain sensitive information. This vulnerability affects versions prior to 1.7.8 of the mentioned product. Security patches are available to resolve this vulnerability.

URL:www.kb.cert.org/vuls/id/713312
38. Security Updates in Debian (DSA-3514-1, DSA-3515-1)
[14/03/2016] Debian has released security update packages for fixing the vulnerabilities identified in the samba and graphite2 packages for multiple versions of Debian GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the system.

URL:www.debian.org/security/2016/dsa-3514
URL:www.debian.org/security/2016/dsa-3515
39. Security Updates in Mageia (MGASA-2016-0103, MGASA-2016-0104, MGASA-2016-0105, MGASA-2016-0106, MGASA-2016-0107, MGASA-2016-0108, MGASA-2016-0109, MGASA-2016-0110)
[14/03/2016] Mageia has released security update packages for fixing the vulnerabilities identified in the libvirt, pigz, nspr, nss, firefox, firefox-l10n, samba, bind, openssh, flash-player-plugin, php, timezone and php-timezonedb packages for multiple versions of Mageia. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.

URL:advisories.mageia.org/MGASA-2016-0103.html
URL:advisories.mageia.org/MGASA-2016-0104.html
URL:advisories.mageia.org/MGASA-2016-0105.html
URL:advisories.mageia.org/MGASA-2016-0106.html
URL:advisories.mageia.org/MGASA-2016-0107.html
URL:advisories.mageia.org/MGASA-2016-0108.html
URL:advisories.mageia.org/MGASA-2016-0109.html
URL:advisories.mageia.org/MGASA-2016-0110.html
40. Security Updates in Red Hat Enterprise Linux (RHSA-2016:0438-1)
[14/03/2016] Red Hat has released security update packages for fixing the vulnerabilities identified in the Adobe Flash Player packages for Red Hat Enterprise Linux 5 and 6. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.

URL:rhn.redhat.com/errata/RHSA-2016-0438.html
41. Security Updates in SUSE (SUSE-SU-2016:0715-1, SUSE-SU-2016:0716-1, openSUSE-SU-2016:0719-1, openSUSE-SU-2016:0720-1, openSUSE-SU-2016:0721-1, SUSE-SU-2016:0727-1, openSUSE-SU-2016:0729-1, openSUSE-SU-2016:0731-1, openSUSE-SU-2016:0732-1, openSUSE-SU-2016:0733-1, openSUSE-SU-2016:0734-1)
[14/03/2016] SUSE has released security update packages for fixing the vulnerabilities identified in the flash-player, openssl, exim, MozillaFirefox, mozilla-nspr, mozilla-nss, Chromium, libotr and libotr2 packages of SUSE Linux Enterprise 11 and 12, openSUSE Leap 42.1, 13.1 and 13.2. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.

URL:lists.opensuse.org/opensuse-security-announce/2016-03/msg00022.html
URL:lists.opensuse.org/opensuse-security-announce/2016-03/msg00023.html
URL:lists.opensuse.org/opensuse-security-announce/2016-03/msg00024.html
URL:lists.opensuse.org/opensuse-security-announce/2016-03/msg00025.html
URL:lists.opensuse.org/opensuse-security-announce/2016-03/msg00026.html
URL:lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html
URL:lists.opensuse.org/opensuse-security-announce/2016-03/msg00028.html
URL:lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html
URL:lists.opensuse.org/opensuse-security-announce/2016-03/msg00030.html
URL:lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html
URL:lists.opensuse.org/opensuse-security-announce/2016-03/msg00032.html

IT Security Alerts Weekly Digest (6 Mar ~ 12 Mar 2016)

1. Vulnerabilities in Adobe Flash Player (APSB16-08)
[11/03/2016] Vulnerabilities were identified in the Adobe Flash Player. An attacker could bypass security restrictions, execute arbitrary code and compromise the system. These vulnerabilities affect multiple versions of the mentioned product. Security patches are available to resolve these vulnerabilities.

URL:helpx.adobe.com/security/products/flash-player/apsb16-08.html
URL:technet.microsoft.com/en-us/library/security/MS16-036
URL:www.hkcert.org/my_url/en/alert/16031101
URL:www.us-cert.gov/ncas/current-activity/2016/03/10/Adobe-Releases-Security-Updates-Flash-Player
2. Vulnerabilities in Apache ActiveMQ
[11/03/2016] Vulnerabilities were identified in the Apache ActiveMQ . An attacker could bypass security restrictions, execute arbitrary code and perform cross-site scripting and header clickjacking attacks. These vulnerabilities affect multiple versions of the mentioned product. Security patches are available to resolve these vulnerabilities.

URL:activemq.apache.org/security-advisories.data/CVE-2016-0734-announcement.txt
URL:activemq.apache.org/security-advisories.data/CVE-2016-0782-announcement.txt
URL:exchange.xforce.ibmcloud.com/vulnerabilities/111420
URL:exchange.xforce.ibmcloud.com/vulnerabilities/111421
3. Vulnerability in Citrix Licensing Server (CTX207824)
[11/03/2016] Vulnerability was identified in the Citrix Licensing Server. An attacker could bypass security restrictions, execute arbitrary code, cause a denial of service condition and crash the system. This vulnerability affects multiple versions of the mentioned product. Security patches are available to resolve this vulnerability.

URL:support.citrix.com/article/CTX207824
URL:www.kb.cert.org/vuls/id/485744
URL:www.us-cert.gov/ncas/current-activity/2016/03/10/Citrix-Releases-Security-Update
4. Vulnerability in Quagga (VU#270232)
[11/03/2016] Vulnerability was identified in the Quagga. An attacker could bypass security restrictions and execute arbitrary code on the system. This vulnerability affects versions prior to 1.0.20160309 of the mentioned product. Security patches are available to resolve this vulnerability.

URL:www.kb.cert.org/vuls/id/270232
5. Vulnerabilities in Wordpress ProjectTheme (111404, 111405, 111406)
[11/03/2016] Vulnerabilities were identified in the Wordpress ProjectTheme. An attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and compromise the system. These vulnerabilities affect version 2.0.9.5 of the mentioned product.

URL:exchange.xforce.ibmcloud.com/vulnerabilities/111404
URL:exchange.xforce.ibmcloud.com/vulnerabilities/111405
URL:exchange.xforce.ibmcloud.com/vulnerabilities/111406
6. Vulnerability in OpenSSH
[11/03/2016] Vulnerability was identified in the OpenSSH. An attacker could bypass security restrictions, execute arbitrary code and compromise the system. This vulnerability affects versions prior to 7.2p2 of the mentioned product. Security patches are available to resolve this vulnerability.

URL:www.openssh.com/txt/x11fwd.adv
URL:exchange.xforce.ibmcloud.com/vulnerabilities/111431
7. Vulnerability in Linux Kernel (111418)
[11/03/2016] Vulnerability was identified in the Linux Kernel. An attacker could bypass security restrictions, execute arbitrary code and compromise the system. This vulnerability affects multiple versions of the mentioned product.

URL:exchange.xforce.ibmcloud.com/vulnerabilities/111418
8. Security Updates in Oracle Linux (ELSA-2016-0428, ELSA-2016-0430)
[11/03/2016] Oracle has released security update packages for fixing the vulnerabilities identified in the libssh2 and xerces-c packages for Oracle Linux 6 and 7. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.

URL:linux.oracle.com/errata/ELSA-2016-0428.html
URL:linux.oracle.com/errata/ELSA-2016-0430.html
9. Security Updates in Debian (DSA-3511-1, DSA-3512-1, DSA-3513-1)
[11/03/2016] Debian has released security update packages for fixing the vulnerabilities identified in the bind9, libotr and chromium-browser packages for multiple versions of Debian GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.

URL:www.debian.org/security/2016/dsa-3511
URL:www.debian.org/security/2016/dsa-3512
URL:www.debian.org/security/2016/dsa-3513
10. Security Updates in Red Hat Enterprise Linux (RHSA-2016:0428-1, RHSA-2016:0429-1, RHSA-2016:0430-1)
[11/03/2016] Red Hat has released security update packages for fixing the vulnerabilities identified in the libssh2, chromium-browser and xerces-c packages for Red Hat Enterprise Linux 6 and 7, and Red Hat Enterprise Virtualization 3. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.

URL:rhn.redhat.com/errata/RHSA-2016-0428.html
URL:rhn.redhat.com/errata/RHSA-2016-0429.html
URL:rhn.redhat.com/errata/RHSA-2016-0430.html
11. Security Updates in Slackware (SSA:2016-070-01)
[11/03/2016] Slackware has released security update packages for fixing the vulnerability identified in the openssh packages for multiple versions of Slackware Linux. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.

URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.517960
12. Security Updates in SUSE (openSUSE-SU-2016:0708-1)
[11/03/2016] SUSE has released security update packages for fixing the vulnerability identified in the libotr and libotr2 packages of openSUSE 13.2 and Leap 42.1. An attacker could bypass security restrictions and execute arbitrary code on the system.

URL:lists.opensuse.org/opensuse-security-announce/2016-03/msg00021.html
13. Security Updates in Ubuntu GNU/Linux (USN-2920-1, USN-2926-1)
[11/03/2016] Ubuntu has released security update packages for fixing the vulnerabilities identified in the oxide-qt and libotr packages for versions 12.04 LTS, 14.04 LTS and 15.10. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.

URL:www.ubuntu.com/usn/usn-2920-1/
URL:www.ubuntu.com/usn/usn-2926-1/
14. Vulnerabilities in ISC BIND (AA-01351, AA-01352, AA-01353)
[10/03/2016] Vulnerabilities were identified in the ISC BIND. An attacker could bypass security restrictions, obtain sensitive information, cause a denial of service condition and crash the system. These vulnerabilities affect multiple versions of the mentioned product. Security patches are available to resolve these vulnerabilities.

URL:kb.isc.org/article/AA-01351
URL:kb.isc.org/article/AA-01352
URL:kb.isc.org/article/AA-01353
URL:exchange.xforce.ibmcloud.com/vulnerabilities/111389
URL:exchange.xforce.ibmcloud.com/vulnerabilities/111390
URL:exchange.xforce.ibmcloud.com/vulnerabilities/111391
15. Vulnerability in Apple Software Update (HT206091)
[10/03/2016] Vulnerability was identified in the Apple Software Update in Windows. An attacker could bypass security restrictions, execute arbitrary code and control the contents of the updates window. This vulnerability affects versions prior to 2.2 of the mentioned product. Security patches are available to resolve this vulnerability.

URL:support.apple.com/en-hk/HT206091
16. Vulnerabilities in Cisco Products (cisco-sa-20160309-cmdos, cisco-sa-20160309-cmre, cisco-sa-20160309-csc, cisco-sa-20160309-rgid, cisco-sa-20160309-vcs)
[10/03/2016] Vulnerabilities were identified in multiple cisco products. An attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and crash the system. These vulnerabilities affect multiple firmware versions of the mentioned products. Security patches are available to resolve these vulnerabilities.

URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160309-cmdos
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160309-cmre
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160309-csc
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160309-rgid
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160309-vcs
URL:www.us-cert.gov/ncas/current-activity/2016/03/09/Cisco-Releases-Security-Updates
URL:exchange.xforce.ibmcloud.com/vulnerabilities/111381
URL:exchange.xforce.ibmcloud.com/vulnerabilities/111385
URL:exchange.xforce.ibmcloud.com/vulnerabilities/111386
URL:exchange.xforce.ibmcloud.com/vulnerabilities/111387
URL:exchange.xforce.ibmcloud.com/vulnerabilities/111388
17. Vulnerabilities in F5 Products (sol09052213, sol62012529, sol81903701, sol95463126)
[10/03/2016] Vulnerabilities were identified in the F5 BIG-IP LTM, BIG-IP AAM, BIG-IP AFM, BIG-IP Analytics, BIG-IP APM, BIG-IP ASM, BIG-IP DNS, BIG-IP Edge Gateway, BIG-IP GTM, BIG-IP Link Controller, BIG-IP PEM, BIG-IP PSM, BIG-IP WebAccelerator, BIG-IP WOM, Enterprise Manager, BIG-IQ Cloud, BIG-IQ Device, BIG-IQ Security, BIG-IQ ADC, BIG-IQ Centralized Management, BIG-IQ Cloud and Orchestration and Traffix SDC. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the system. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.

URL:support.f5.com/kb/en-us/solutions/public/k/09/sol09052213.html
URL:support.f5.com/kb/en-us/solutions/public/k/62/sol62012529.html
URL:support.f5.com/kb/en-us/solutions/public/k/81/sol81903701.html
URL:support.f5.com/kb/en-us/solutions/public/k/95/sol95463126.html
18. Vulnerabilities in Samba
[10/03/2016] Vulnerabilities were identified in the Samba. An attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and crash the system. These vulnerabilities affect multiple versions of the mentioned product. Security patches are available to resolve these vulnerabilities.

URL:www.hkcert.org/my_url/en/alert/16031001
URL:exchange.xforce.ibmcloud.com/vulnerabilities/111383
URL:exchange.xforce.ibmcloud.com/vulnerabilities/111384
19. Vulnerabilities in Linux Kernel (111392, 111393, 111394, 111395, 111396, 111397, 111398)
[10/03/2016] Vulnerabilities were identified in the Linux Kernel. An attacker could bypass security restrictions, execute arbitrary code, cause a denial of service condition and crash the system. These vulnerabilities affect multiple versions of the mentioned product.

URL:exchange.xforce.ibmcloud.com/vulnerabilities/111392
URL:exchange.xforce.ibmcloud.com/vulnerabilities/111393
URL:exchange.xforce.ibmcloud.com/vulnerabilities/111394
URL:exchange.xforce.ibmcloud.com/vulnerabilities/111395
URL:exchange.xforce.ibmcloud.com/vulnerabilities/111396
URL:exchange.xforce.ibmcloud.com/vulnerabilities/111397
URL:exchange.xforce.ibmcloud.com/vulnerabilities/111398
20. Security Updates in Oracle Linux (ELSA-2016-0370, ELSA-2016-0371, ELSA-2016-0372, ELSA-2016-0373)
[10/03/2016] Oracle has released security update packages for fixing the vulnerabilities identified in the nss-util, nss, openssl098e, firefox packages for Oracle Linux 6 and 7. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.

URL:linux.oracle.com/errata/ELSA-2016-0370.html
URL:linux.oracle.com/errata/ELSA-2016-0371.html
URL:linux.oracle.com/errata/ELSA-2016-0372.html
URL:linux.oracle.com/errata/ELSA-2016-0373.html
21. Security Updates in Debian (DSA-3509-1, DSA-3510-1)
[10/03/2016] Debian has released security update packages for fixing the vulnerabilities identified in the rails and iceweasel packages for multiple versions of Debian GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.

URL:www.debian.org/security/2016/dsa-3509
URL:www.debian.org/security/2016/dsa-3510
22. Security Updates in Red Hat Enterprise Linux (RHSA-2016:0370-1, RHSA-2016:0371-1, RHSA-2016:0372-1, RHSA-2016:0373-1, RHSA-2016:0379-1)
[10/03/2016] Red Hat has released security update packages for fixing the vulnerabilities identified in the nss-util, nss, openssl098e, firefox and rhev-hypervisor packages for Red Hat Enterprise Linux 5, 6 and 7, and Red Hat Enterprise Virtualization 3. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.

URL:rhn.redhat.com/errata/RHSA-2016-0370.html
URL:rhn.redhat.com/errata/RHSA-2016-0371.html
URL:rhn.redhat.com/errata/RHSA-2016-0372.html
URL:rhn.redhat.com/errata/RHSA-2016-0373.html
URL:rhn.redhat.com/errata/RHSA-2016-0379.html
23. Security Updates in SUSE (SUSE-SU-2016:0699-1, SUSE-SU-2016:0700-1)
[10/03/2016] SUSE has released security update packages for fixing the vulnerabilities identified in the bsh2 packages of SUSE Linux Enterprise 11 and 12. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and crash the system.

URL:lists.opensuse.org/opensuse-security-announce/2016-03/msg00019.html
URL:lists.opensuse.org/opensuse-security-announce/2016-03/msg00020.html
24. Security Updates in Ubuntu GNU/Linux (USN-2917-1, USN-2924-1, USN-2925-1)
[10/03/2016] Ubuntu has released security update packages for fixing the vulnerabilities identified in the firefox, nss and bind9 packages for versions 12.04 LTS, 14.04 LTS and 15.10. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.

URL:www.ubuntu.com/usn/usn-2917-1/
URL:www.ubuntu.com/usn/usn-2924-1/
URL:www.ubuntu.com/usn/usn-2925-1/
25. Vulnerabilities in Microsoft Products (3140410, 3140709, 3141780, 3141806, 3142015, 3142019, 3143081, 3143136, 3143141, 3143142, 3143145, 3143146, 3143148)
[09/03/2016] Vulnerabilities were identified in the Microsoft Internet Explorer, Edge, Windows, Office and .NET Framework. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.

URL:technet.microsoft.com/en-us/library/security/ms16-mar
URL:technet.microsoft.com/library/security/MS16-023
URL:technet.microsoft.com/library/security/MS16-024
URL:technet.microsoft.com/library/security/MS16-025
URL:technet.microsoft.com/library/security/MS16-026
URL:technet.microsoft.com/library/security/MS16-027
URL:technet.microsoft.com/library/security/MS16-028
URL:technet.microsoft.com/library/security/MS16-029
URL:technet.microsoft.com/library/security/MS16-030
URL:technet.microsoft.com/library/security/MS16-031
URL:technet.microsoft.com/library/security/MS16-032
URL:technet.microsoft.com/library/security/MS16-033
URL:technet.microsoft.com/library/security/MS16-034
URL:technet.microsoft.com/library/security/MS16-035
URL:www.hkcert.org/my_url/en/alert/16030901
URL:www.hkcert.org/my_url/en/alert/16030902
URL:www.hkcert.org/my_url/en/alert/16030903
URL:www.hkcert.org/my_url/en/alert/16030904
URL:www.hkcert.org/my_url/en/alert/16030905
URL:www.hkcert.org/my_url/en/alert/16030906
URL:www.hkcert.org/my_url/en/alert/16030907
URL:www.hkcert.org/my_url/en/alert/16030908
URL:www.hkcert.org/my_url/en/alert/16030909
URL:www.hkcert.org/my_url/en/alert/16030910
URL:www.hkcert.org/my_url/en/alert/16030911
URL:www.hkcert.org/my_url/en/alert/16030912
URL:www.hkcert.org/my_url/en/alert/16030913
URL:www.us-cert.gov/ncas/current-activity/2016/03/08/Microsoft-Releases-March-2016-Security-Bulletin
26. Vulnerabilities in Adobe Products (APSB16-06, APSB16-09)
[09/03/2016] Vulnerabilities were identified in the Adobe Digital Editions, Adobe Acrobat and Reader. An attacker could bypass security restrictions, execute arbitrary code and compromise the system. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.

URL:helpx.adobe.com/security/products/Digital-Editions/apsb16-06.html
URL:helpx.adobe.com/security/products/acrobat/apsb16-09.html
URL:www.us-cert.gov/ncas/current-activity/2016/03/08/Adobe-Releases-Security-Updates-Acrobat-Reader-and-Digital-Editions
URL:www.hkcert.org/my_url/en/alert/16030914
URL:exchange.xforce.ibmcloud.com/vulnerabilities/111277
URL:exchange.xforce.ibmcloud.com/vulnerabilities/111278
URL:exchange.xforce.ibmcloud.com/vulnerabilities/111279
URL:exchange.xforce.ibmcloud.com/vulnerabilities/111320
27. Vulnerabilities in Mozilla Firefox (MFSA 2015-81, MFSA 2015-136, MFSA 2016-16, MFSA 2016-17, MFSA 2016-18, MFSA 2016-19, MFSA 2016-20, MFSA 2016-21, MFSA 2016-22, MFSA 2016-23, MFSA 2016-24, MFSA 2016-25, MFSA 2016-26, MFSA 2016-27, MFSA 2016-28, MFSA 2016-29, MFSA 2016-30, MFSA 2016-31, MFSA 2016-32, MFSA 2016-33, MFSA 2016-34, MFSA 2016-35, MFSA 2016-36, MFSA 2016-37)
[09/03/2016] Vulnerabilities were identified in the Mozilla Firefox and Firefox ESR. An attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and compromise the system. These vulnerabilities affect versions prior to Firefox 45 and Firefox ESR 38.7 of the mentioned products. Security patches are available to resolve these vulnerabilities.

URL:www.mozilla.org/en-US/security/known-vulnerabilities/firefox/#firefox45
URL:www.mozilla.org/en-US/security/known-vulnerabilities/firefox-esr/#firefoxesr38.7
URL:www.mozilla.org/en-US/security/advisories/mfsa2015-81/
URL:www.mozilla.org/en-US/security/advisories/mfsa2015-136/
URL:www.mozilla.org/en-US/security/advisories/mfsa2016-16/
URL:www.mozilla.org/en-US/security/advisories/mfsa2016-17/
URL:www.mozilla.org/en-US/security/advisories/mfsa2016-18/
URL:www.mozilla.org/en-US/security/advisories/mfsa2016-19/
URL:www.mozilla.org/en-US/security/advisories/mfsa2016-20/
URL:www.mozilla.org/en-US/security/advisories/mfsa2016-21/
URL:www.mozilla.org/en-US/security/advisories/mfsa2016-22/
URL:www.mozilla.org/en-US/security/advisories/mfsa2016-23/
URL:www.mozilla.org/en-US/security/advisories/mfsa2016-24/
URL:www.mozilla.org/en-US/security/advisories/mfsa2016-25/
URL:www.mozilla.org/en-US/security/advisories/mfsa2016-26/
URL:www.mozilla.org/en-US/security/advisories/mfsa2016-27/
URL:www.mozilla.org/en-US/security/advisories/mfsa2016-28/
URL:www.mozilla.org/en-US/security/advisories/mfsa2016-29/
URL:www.mozilla.org/en-US/security/advisories/mfsa2016-30/
URL:www.mozilla.org/en-US/security/advisories/mfsa2016-31/
URL:www.mozilla.org/en-US/security/advisories/mfsa2016-32/
URL:www.mozilla.org/en-US/security/advisories/mfsa2016-33/
URL:www.mozilla.org/en-US/security/advisories/mfsa2016-34/
URL:www.mozilla.org/en-US/security/advisories/mfsa2016-35/
URL:www.mozilla.org/en-US/security/advisories/mfsa2016-36/
URL:www.mozilla.org/en-US/security/advisories/mfsa2016-37/
URL:www.us-cert.gov/ncas/current-activity/2016/03/08/Mozilla-Releases-Security-Updates
28. Vulnerability in ISC DHCP (AA-01354)
[09/03/2016] Vulnerability was identified in the ISC DHCP. An attacker could bypass security restrictions, execute arbitrary code, cause a denial of service condition and crash the system. This vulnerability affects multiple versions of the mentioned product. Security patches are available to resolve this vulnerability.

URL:kb.isc.org/article/AA-01354
URL:www.us-cert.gov/ncas/current-activity/2016/03/07/ISC-Releases-Security-Updates-DHCP-Server
29. Vulnerabilities in Google Chrome
[09/03/2016] Vulnerabilities were identified in the Google Chrome. An attacker could bypass security restrictions and execute arbitrary code. These vulnerabilities affect versions prior to 49.0.2623.87 of the mentioned product. Security patches are available to resolve these vulnerabilities.

URL:googlechromereleases.blogspot.hk/2016/03/stable-channel-update_8.html
URL:www.us-cert.gov/ncas/current-activity/2016/03/08/Google-Releases-Security-Update-Chrome
30. Security Updates in Mageia (MGASA-2016-0095, MGASA-2016-0096, MGASA-2016-0097, MGASA-2016-0098, MGASA-2016-0099, MGASA-2016-0100, MGASA-2016-0101, MGASA-2016-0102)
[09/03/2016] Mageia has released security update packages for fixing the vulnerabilities identified in the squid, python-django, graphite2, xen, perl, jasper, exempi, exiv2, botan, monotone and softhsm packages for multiple versions of Mageia. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.

URL:advisories.mageia.org/MGASA-2016-0095.html
URL:advisories.mageia.org/MGASA-2016-0096.html
URL:advisories.mageia.org/MGASA-2016-0097.html
URL:advisories.mageia.org/MGASA-2016-0098.html
URL:advisories.mageia.org/MGASA-2016-0099.html
URL:advisories.mageia.org/MGASA-2016-0100.html
URL:advisories.mageia.org/MGASA-2016-0101.html
URL:advisories.mageia.org/MGASA-2016-0102.html
31. Security Updates in Red Hat Enterprise Linux (RHSA-2016:0359-1, RHSA-2016:0364-1, RHSA-2016:0365-1, RHSA-2016:0366-1, RHSA-2016:0368-1, RHSA-2016:0369-1)
[09/03/2016] Red Hat has released security update packages for fixing the vulnerabilities identified in the chromium-browser, openstack-nova and abbitmq-server packages for Red Hat Enterprise Linux 6, Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) and 6.0 (Juno) for RHEL 6 and 7. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.

URL:rhn.redhat.com/errata/RHSA-2016-0359.html
URL:rhn.redhat.com/errata/RHSA-2016-0364.html
URL:rhn.redhat.com/errata/RHSA-2016-0365.html
URL:rhn.redhat.com/errata/RHSA-2016-0366.html
URL:rhn.redhat.com/errata/RHSA-2016-0368.html
URL:rhn.redhat.com/errata/RHSA-2016-0369.html
32. Security Updates in SUSE (SUSE-SU-2016:0677-1, SUSE-SU-2016:0678-1, openSUSE-SU-2016:0684-1)
[09/03/2016] SUSE has released security update packages for fixing the vulnerabilities identified in the postgresql94, OpenSSL and Chromium packages of openSUSE 13.1 and SUSE Linux Enterprise 10 and 11. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.

URL:lists.opensuse.org/opensuse-security-announce/2016-03/msg00016.html
URL:lists.opensuse.org/opensuse-security-announce/2016-03/msg00017.html
URL:lists.opensuse.org/opensuse-security-announce/2016-03/msg00018.html
33. Security Updates in Slackware (SSA:2016-068-01, SSA:2016-068-02)
[09/03/2016] Slackware has released security update packages for fixing the vulnerabilities identified in the mozilla-firefox and samba packages for multiple versions of Slackware Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.

URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.355414
URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.357003
34. Security Updates in Ubuntu GNU/Linux (USN-2904-1, USN-2922-1, USN-2923-1)
[09/03/2016] Ubuntu has released security update packages for fixing the vulnerabilities identified in the thunderbird, samba and bsh packages for versions 12.04 LTS, 14.04 LTS and 15.10. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.

URL:www.ubuntu.com/usn/usn-2904-1/
URL:www.ubuntu.com/usn/usn-2922-1/
URL:www.ubuntu.com/usn/usn-2923-1/
35. Vulnerability in EMC Documentum xCP (111310)
[08/03/2016] Vulnerability was identified in the EMC Documentum xCP. An attacker could obtain sensitive information. This vulnerability affects versions 2.1 and 2.2 of the mentioned product. Security patches are available to resolve this vulnerability.

URL:exchange.xforce.ibmcloud.com/vulnerabilities/111310
36. Vulnerability in HPE Network Automation (111299, 111300)
[08/03/2016] Vulnerability was identified in the HPE Network Automation. An attacker could execute arbitrary code. This vulnerability affects multiple versions of the mentioned product. Security patches are available to resolve this vulnerability.

URL:exchange.xforce.ibmcloud.com/vulnerabilities/111299
URL:exchange.xforce.ibmcloud.com/vulnerabilities/111300
37. Vulnerability in exim (111281)
[08/03/2016] Vulnerability was identified in the exim. An attacker could gain elevated privileges. The affected version was not specified. Security patches are available to resolve this vulnerability.

URL:exchange.xforce.ibmcloud.com/vulnerabilities/111281
38. Security Updates in Red Hat Enterprise Linux (RHSA-2016:0358-1, RHSA-2016:0359-1)
[08/03/2016] Red Hat has released security update packages for fixing the vulnerabilities identified in the openstack-glance and chromium-browser packages for Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 6 and Red Hat Enterprise Linux 6 Supplementary. An attacker could bypass security restrictions, execute arbitrary code, obtain sensitive information and cause the application to crash.

URL:rhn.redhat.com/errata/RHSA-2016-0358.html
URL:rhn.redhat.com/errata/RHSA-2016-0359.html
39. Security Updates in Ubuntu GNU/Linux (USN-2915-2, USN-2915-3, USN-2921-1)
[08/03/2016] Ubuntu has released security update packages for fixing the vulnerabilities identified in the python-django and squid3 packages for versions 12.04 LTS, 14.04 LTS and 15.10. Due to multiple errors, an attacker could perform cross-site scripting attack, execute arbitrary code, cause a denial of service condition and crash the application.

URL:www.ubuntu.com/usn/usn-2915-2/
URL:www.ubuntu.com/usn/usn-2915-3/
URL:www.ubuntu.com/usn/usn-2921-1/
40. Vulnerability in Moxa ioLogik E2200 Ethernet Micro RTU Controllers (ICSA-16-063-01)
[07/03/2016] Vulnerability was identified in the Moxa ioLogik E2200 Ethernet Micro RTU controllers. An attacker could gain access and change settings and data of the affected device. This vulnerability affects versions prior to 3.12 of ioLogik E2200 series and versions prior to 3.18 of ioAdmin Configuration Utility. Security patches are available to resolve this vulnerability.

URL:ics-cert.us-cert.gov/advisories/ICSA-16-063-01
41. Vulnerabilities in Novell Products
[07/03/2016] Vulnerability was identified in the Novell Filr and Novell NetIQ Sentinel. An attacker could cause buffer overflow and a denial of service condition. This vulnerability affects multiple versions of the mentioned products. Security patches are available to resolve this vulnerabilities.

URL:download.novell.com/Download?buildid=LqikC-Hosps~
URL:download.novell.com/Download?buildid=PQBDzZUKFac~
URL:download.novell.com/Download?buildid=ZEMvbiAk5k8~
42. Vulnerabilities in extensions for Typo3 (111238, 111239, 111240, 111250, 111251, 111252, 111253)
[07/03/2016] Vulnerabilities were identified in the Google Sitemap extension, List frontend users extension, UTOPIA extension, Apache Solr extension, Extension Kickstarter and Fe user statistic extension for Typo3. Due to multiple errors, an attacker could perform cross-site scripting attacks and obtain sensitive information. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.

URL:exchange.xforce.ibmcloud.com/vulnerabilities/111253
URL:exchange.xforce.ibmcloud.com/vulnerabilities/111252
URL:exchange.xforce.ibmcloud.com/vulnerabilities/111251
URL:exchange.xforce.ibmcloud.com/vulnerabilities/111250
URL:exchange.xforce.ibmcloud.com/vulnerabilities/111240
URL:exchange.xforce.ibmcloud.com/vulnerabilities/111239
URL:exchange.xforce.ibmcloud.com/vulnerabilities/111238
43. Vulnerability in Bulk Delete Plugin for WordPress (112244)
[07/03/2016] Vulnerability was identified in the Bulk Delete Plugin for WordPress. An attacker could gain elevated privileges. This vulnerability affects versions prior to 5.5.4 of the mentioned product. Security patches are available to resolve this vulnerability.

URL:exchange.xforce.ibmcloud.com/vulnerabilities/111244
44. Security Updates in Debian (DSA-3503-1, DSA-3504-1, DSA-3505-1, DSA-3506-1, DSA-3507-1, DSA-3508-1)
[07/03/2016] Debian has released security update packages for fixing the vulnerabilities identified in the linux, bsh, wireshark, libav, chromium and jasper packages for multiple versions of Debian GNU/Linux. Due to multiple errors, an attacker could gain elevated privileges, obtain sensitive information, cause a denial of service condition, execute arbitrary code and cause a buffer overflow.

URL:www.debian.org/security/2016/dsa-3503
URL:www.debian.org/security/2016/dsa-3504
URL:www.debian.org/security/2016/dsa-3505
URL:www.debian.org/security/2016/dsa-3506
URL:www.debian.org/security/2016/dsa-3507
URL:www.debian.org/security/2016/dsa-3508
45. Security Updates in SUSE (SUSE-SU-2016:0658-1, openSUSE-SU-2016:0664-1, SUSE-SU-2016:0665-1)
[07/03/2016] SUSE has released security update packages for fixing the vulnerabilities identified in the xen and chromium packages of openSUSE Leap 42.1 and SUSE Linux Enterprise 10. Due to multiple errors, an attacker could bypass security restrictions, cause buffer overflow and obtain sensitive information.

URL:lists.opensuse.org/opensuse-security-announce/2016-03/msg00013.html
URL:lists.opensuse.org/opensuse-security-announce/2016-03/msg00014.html
URL:lists.opensuse.org/opensuse-security-announce/2016-03/msg00015.html