1. Vulnerability
in Oracle Java SE
[24/03/2016] Vulnerability was identified in the Oracle Java SE. An
attacker could bypass security restrictions, obtain sensitive information, gain
elevated privileges, execute arbitrary code, cause a denial of service condition
and crash the system. This vulnerability affects versions 7 Update 97, and 8
Update 73 and 74 of the mentioned product. Security patches are available to
resolve this
vulnerability.
URL:www.oracle.com/technetwork/topics/security/alert-cve-2016-0636-2949497.html
2. Vulnerabilities in Cisco Products
(cisco-sa-20160323-dhcpv6, cisco-sa-20160323-ios-ikev2, cisco-sa-20160323-l4f,
cisco-sa-20160323-lisp, cisco-sa-20160323-sip,
cisco-sa-20160323-smi)
[24/03/2016] Vulnerabilities were identified in the Cisco IOS, IOS XE,
NX-OS and Unified Communications Manager software. An attacker could bypass
security restrictions, obtain sensitive information, execute arbitrary code,
cause a denial of service condition and crash the system. These vulnerabilities
affect multiple firmware versions of the mentioned products. Security patches
are available to resolve these
vulnerabilities.
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160323-dhcpv6
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160323-ios-ikev2
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160323-l4f
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160323-lisp
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160323-sip
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160323-smi
URL:www.hkcert.org/my_url/en/alert/16032401
URL:www.us-cert.gov/ncas/current-activity/2016/03/23/Cisco-Release-Security-Updates
3. Vulnerabilities in F5 Products (SOL06223540,
SOL79215841)
[24/03/2016] Vulnerabilities were identified in the F5 BIG-IP LTM, BIG-IP
AAM, BIG-IP AFM, BIG-IP Analytics, BIG-IP APM, BIG-IP ASM, BIG-IP DNS, BIG-IP
Edge Gateway, BIG-IP GTM, BIG-IP Link Controller, BIG-IP PEM, BIG-IP PSM, BIG-IP
WebAccelerator, BIG-IP WOM, Enterprise Manager, BIG-IQ Cloud, BIG-IQ Device,
BIG-IQ Security, BIG-IQ ADC, BIG-IQ Centralized Management, BIG-IQ Cloud and
Orchestration and LineRate. An attacker could bypass security restrictions,
obtain sensitive information, gain elevated privileges, execute arbitrary code,
cause a denial of service condition and crash the system. These vulnerabilities
affect multiple versions of the mentioned products. Security patches are
available to resolve these
vulnerabilities.
URL:support.f5.com/kb/en-us/solutions/public/k/06/sol06223540.html
URL:support.f5.com/kb/en-us/solutions/public/k/79/sol79215841.html
4. Vulnerability in D-Link DWR-932
(111621)
[24/03/2016]
Vulnerability was identified in the D-Link
DWR-932. An attacker could bypass security restrictions and obtain sensitive
information. This vulnerability affects firmware version 4.00 the mentioned
product.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/111621
5. Security Updates in Oracle Linux (ELSA-2016-0494,
ELSA-2016-0496)
[24/03/2016] Oracle has
released security update packages for fixing the vulnerabilities identified in
the kernel and git packages for Oracle Linux 6 and 7. Due to multiple errors, an
attacker could bypass security restrictions, obtain sensitive information, gain
elevated privileges, execute arbitrary code, cause a denial of service condition
and compromise the
system.
URL:linux.oracle.com/errata/ELSA-2016-0494.html
URL:linux.oracle.com/errata/ELSA-2016-0496.html
6. Security Updates in Debian (DSA-3526-1, DSA-3528-1,
DSA-3529-1)
[24/03/2016] Debian has
released security update packages for fixing the vulnerabilities identified in
the libmatroska, pidgin-otr and redmine packages for multiple versions of Debian
GNU/Linux. Due to multiple errors, an attacker could bypass security
restrictions, obtain sensitive information, gain elevated privileges, execute
arbitrary code, cause a denial of service condition and crash the
system.
URL:www.debian.org/security/2016/dsa-3526
URL:www.debian.org/security/2016/dsa-3528
URL:www.debian.org/security/2016/dsa-3529
7. Security Updates in Red Hat Enterprise Linux
(RHSA-2016:0495-1, RHSA-2016:0496-1,
RHSA-2016:0497-1)
[24/03/2016] Red Hat
has released security update packages for fixing the vulnerabilities identified
in the nss-util, git and git19-git packages for Red Hat Enterprise Linux 6 and
7, Red Hat Software Collections for RHEL 6 and 7. Due to multiple errors, an
attacker could bypass security restrictions, obtain sensitive information, gain
elevated privileges, execute arbitrary code, cause a denial of service condition
and compromise the
system.
URL:rhn.redhat.com/errata/RHSA-2016-0495.html
URL:rhn.redhat.com/errata/RHSA-2016-0496.html
URL:rhn.redhat.com/errata/RHSA-2016-0497.html
8. Security Updates in SUSE (openSUSE-SU-2016:0859-1,
openSUSE-SU-2016:0865-1, SUSE-SU-2016:0867-1)
[24/03/2016] SUSE has
released security update packages for fixing the vulnerabilities identified in
the bind, tomcat and rubygem-actionview-4_2 package of openSUSE Leap 42.1, SUSE
OpenStack Cloud 6 and SUSE Enterprise Storage 2.1. Due to multiple errors, an
attacker could bypass security restrictions, obtain sensitive information,
execute arbitrary code, cause a denial of service condition and crash the
system.
URL:lists.opensuse.org/opensuse-security-announce/2016-03/msg00084.html
URL:lists.opensuse.org/opensuse-security-announce/2016-03/msg00085.html
URL:lists.opensuse.org/opensuse-security-announce/2016-03/msg00086.html
9. Security Updates in Ubuntu GNU/Linux
(USN-2939-1)
[24/03/2016] Ubuntu has
released security update packages for fixing the vulnerabilities identified in
the tiff packages for versions 12.04 LTS, 14.04 LTS and 15.10. Due to multiple
errors, an attacker could bypass security restrictions, obtain sensitive
information, gain elevated privileges, execute arbitrary code, cause a denial of
service condition and crash the
system.
URL:www.ubuntu.com/usn/usn-2939-1/
10. Vulnerabilities in Novell Products (5237913, 5238651,
5238670, 5238671)
[23/03/2016] Vulnerabilities were identified in the Novell GroupWise,
Identity Manager and NetIQ Self Service Password Reset. An attacker could bypass
security restrictions, obtain sensitive information, execute arbitrary code and
perform cross-site scripting attacks on the system. These vulnerabilities affect
multiple versions of the mentioned products. Security patches are available to
resolve these
vulnerabilities.
URL:download.novell.com/Download?buildid=AA7ZB93KAjc~
URL:download.novell.com/Download?buildid=dxd3rzvGvig~
URL:download.novell.com/Download?buildid=wqd_qGNyF7Q~
URL:download.novell.com/Download?buildid=Wxix0_fCdmI~
11.
Vulnerabilities in F5 Products
(SOL30971148, SOL51518670)
[23/03/2016] Vulnerabilities were identified in the F5 BIG-IP LTM, BIG-IP
AAM, BIG-IP AFM, BIG-IP Analytics, BIG-IP APM, BIG-IP ASM, BIG-IP DNS, BIG-IP
Edge Gateway, BIG-IP GTM, BIG-IP Link Controller, BIG-IP PEM, BIG-IP PSM, BIG-IP
WebAccelerator, BIG-IP WOM, ARX, Enterprise Manager, BIG-IQ Cloud, BIG-IQ
Device, BIG-IQ Security, BIG-IQ ADC, BIG-IQ Centralized Management, BIG-IQ Cloud
and Orchestration and Traffix SDC. An attacker could bypass security
restrictions, obtain sensitive information, gain elevated privileges, execute
arbitrary code, cause a denial of service condition and crash the system. These
vulnerabilities affect multiple versions of the mentioned products. Security
patches are available to resolve these
vulnerabilities.
URL:support.f5.com/kb/en-us/solutions/public/k/30/sol30971148.html
URL:support.f5.com/kb/en-us/solutions/public/k/51/sol51518670.html
12.
Vulnerability in Siemens APOGEE Insight
(ICSA-16-082-01)
[23/03/2016] Vulnerability was identified in the Siemens APOGEE Insight.
An attacker could bypass security restrictions, obtain sensitive information,
gain elevated privileges, execute arbitrary code, cause a denial of service
condition and crash the system. This vulnerability affects multiple versions of
the mentioned
product.
URL:ics-cert.us-cert.gov/advisories/ICSA-16-082-01
13.
Security Updates in Oracle Linux
(ELSA-2016-0491, ELSA-2016-0492, ELSA-2016-0493)
[23/03/2016] Oracle has released security update packages for fixing the
vulnerabilities identified in the foomatic, tomcat6 and krb5 packages for Oracle
Linux 6. Due to multiple errors, an attacker could bypass security restrictions,
obtain sensitive information, gain elevated privileges, execute arbitrary code,
cause a denial of service condition and compromise the
system.
URL:linux.oracle.com/errata/ELSA-2016-0491.html
URL:linux.oracle.com/errata/ELSA-2016-0492.html
URL:linux.oracle.com/errata/ELSA-2016-0493.html
14.
Security Updates in Debian (DSA-3523-1,
DSA-3524-1, DSA-3525-1)
[23/03/2016] Debian has
released security update packages for fixing the vulnerabilities identified in
the iceweasel, activemq and pixman packages for multiple versions of Debian
GNU/Linux. Due to multiple errors, an attacker could bypass security
restrictions, obtain sensitive information, gain elevated privileges, execute
arbitrary code, cause a denial of service condition and crash the
system.
URL:www.debian.org/security/2016/dsa-3523
URL:www.debian.org/security/2016/dsa-3524
URL:www.debian.org/security/2016/dsa-3525
15.
Security Updates in FreeBSD
(reeBSD-SA-16:12.openssl, FreeBSD-SA-16:13.bind, FreeBSD-SA-16:14.openssh,
FreeBSD-SA-16:15.sysarch)
[23/03/2016] FreeBSD
has released security update packages for fixing the vulnerabilities identified
in the openssl, bind, OpenSSH and kernel packages for multiple versions of
FreeBSD Linux. Due to multiple errors, an attacker could bypass security
restrictions, obtain sensitive information, gain elevated privileges, execute
arbitrary code, cause a denial of service condition and compromise the
system.
URL:www.freebsd.org/security/advisories/FreeBSD-SA-16:12.openssl.asc
URL:www.freebsd.org/security/advisories/FreeBSD-SA-16:13.bind.asc
URL:www.freebsd.org/security/advisories/FreeBSD-SA-16:14.openssh.asc
URL:www.freebsd.org/security/advisories/FreeBSD-SA-16:15.sysarch.asc
16.
Security Updates in Gentoo Linux (GLSA
201603-01, GLSA 201603-02, GLSA 201603-03, GLSA 201603-04, GLSA 201603-05, GLSA
201603-06, GLSA 201603-07, GLSA 201603-08, GLSA 201603-09, GLSA 201603-10, GLSA
201603-11, GLSA 201603-12, GLSA 201603-13, GLSA 201603-14, GLSA
201603-15)
[23/03/2016]
Gentoo has released security update packages for
fixing the vulnerabilities identified in the GIMP, OSC, Roundcube, FUSE,
LibreOffice, OpenOffice, FFmpeg, Adobe Flash Player, VLC, Chromium, QtGui,
Oracle JRE/JDK, FlightGear, SimGear, Libreswan, IcedTea and OpenSSL packages for
multiple versions of Gentoo Linux. Due to multiple errors, an attacker could
bypass security restrictions, obtain sensitive information, gain elevated
privileges, execute arbitrary code, cause a denial of service condition and
compromise the
system.
URL:security.gentoo.org/glsa/201603-01
URL:security.gentoo.org/glsa/201603-02
URL:security.gentoo.org/glsa/201603-03
URL:security.gentoo.org/glsa/201603-04
URL:security.gentoo.org/glsa/201603-05
URL:security.gentoo.org/glsa/201603-06
URL:security.gentoo.org/glsa/201603-07
URL:security.gentoo.org/glsa/201603-08
URL:security.gentoo.org/glsa/201603-09
URL:security.gentoo.org/glsa/201603-10
URL:security.gentoo.org/glsa/201603-11
URL:security.gentoo.org/glsa/201603-12
URL:security.gentoo.org/glsa/201603-13
URL:security.gentoo.org/glsa/201603-14
URL:security.gentoo.org/glsa/201603-15
17.
Security Updates in Red Hat Enterprise
Linux (RHSA-2016:0491-1, RHSA-2016:0492-1,
RHSA-2016:0493-1)
[23/03/2016] Red Hat
has released security update packages for fixing the vulnerabilities identified
in the foomatic, tomcat6 and krb5 packages for Red Hat Enterprise Linux 6. Due
to multiple errors, an attacker could bypass security restrictions, obtain
sensitive information, gain elevated privileges, execute arbitrary code, cause a
denial of service condition and compromise the
system.
URL:rhn.redhat.com/errata/RHSA-2016-0491.html
URL:rhn.redhat.com/errata/RHSA-2016-0492.html
URL:rhn.redhat.com/errata/RHSA-2016-0493.html
18.
Security Updates in SUSE
(SUSE-SU-2016:0854-1)
[23/03/2016] SUSE has
released security update packages for fixing the vulnerabilities identified in
the rubygem-actionview-4_1 package of SUSE OpenStack Cloud 5. Due to multiple
errors, an attacker could bypass security restrictions, obtain sensitive
information, execute arbitrary code, cause a denial of service condition and
crash the
system.
URL:lists.opensuse.org/opensuse-security-announce/2016-03/msg00083.html
19.
Vulnerabilities in Apple Products
(HT206166, HT206167, HT206168, HT206169, HT206171, HT206172,
HT206173)
[22/03/2016]
Vulnerabilities were identified in multiple
Apple Products. An attacker could bypass security restrictions, obtain sensitive
information, gain elevated privileges, execute arbitrary code, cause a denial of
service condition and compromise the system. These vulnerabilities affect
multiple versions of the mentioned products. Security patches are available to
resolve these
vulnerabilities.
URL:support.apple.com/en-us/HT206166
URL:support.apple.com/en-us/HT206167
URL:support.apple.com/en-us/HT206168
URL:support.apple.com/en-us/HT206169
URL:support.apple.com/en-us/HT206171
URL:support.apple.com/en-us/HT206172
URL:support.apple.com/en-us/HT206173
URL:www.hkcert.org/my_url/en/alert/16032201
URL:www.us-cert.gov/ncas/current-activity/2016/03/21/Apple-Releases-Multiple-Security-Updates
20.
Vulnerability in IBM WebSphere
Application Server (1978293)
[22/03/2016] Vulnerability was identified in the IBM WebSphere Application
Server. An attacker could bypass security restrictions, obtain sensitive
information, execute arbitrary code and perform cross-site scripting attacks on
the system. This vulnerability affects versions prior to 8.5.5.9 of the
mentioned product. Security patches are available to resolve this
vulnerability.
URL:www.ibm.com/support/docview.wss?uid=swg21978293
URL:exchange.xforce.ibmcloud.com/vulnerabilities/111229
21.
Vulnerabilities in
Moodle
[22/03/2016]
Vulnerabilities were identified in the Moodle.
An attacker could bypass security restrictions, obtain sensitive information,
execute arbitrary code and perform cross-site scripting attacks on the system.
These vulnerabilities affect versions prior to 2.7.13, 2.8.11, 2.9.5 or 3.0.3 of
the mentioned product. Security patches are available to resolve these
vulnerabilities.
URL:www.hkcert.org/my_url/en/alert/16032202
22.
Vulnerability in PCRE and PCRE2
(111583)
[22/03/2016]
Vulnerability was identified in the PCRE and
PCRE2. An attacker could bypass security restrictions, execute arbitrary code,
cause a denial of service condition and crash the system. This vulnerability
affects versions prior to 8.39 of PCRE and 10.22 of PCRE2. Security patches are
available to resolve this
vulnerability.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/111583
23.
Security Updates in Oracle Linux
(ELSA-2016-0465, ELSA-2016-0466)
[22/03/2016] Oracle has
released security update packages for fixing the vulnerabilities identified in
the openssh packages for Oracle Linux 6 and 7. Due to multiple errors, an
attacker could bypass security restrictions, obtain sensitive information,
execute arbitrary code and perform password guessing
attacks.
URL:linux.oracle.com/errata/ELSA-2016-0465.html
URL:linux.oracle.com/errata/ELSA-2016-0466.html
24.
Security Updates in Red Hat Enterprise
Linux (RHSA-2016:0465-1, RHSA-2016:0466-1)
[22/03/2016] Red Hat
has released security update packages for fixing the vulnerabilities identified
in the openssh packages for Red Hat Enterprise Linux 6 and 7. Due to multiple
errors, an attacker could bypass security restrictions, obtain sensitive
information, execute arbitrary code and perform password guessing
attacks.
URL:rhn.redhat.com/errata/RHSA-2016-0465.html
URL:rhn.redhat.com/errata/RHSA-2016-0466.html
25.
Security Updates in SUSE
(SUSE-SU-2016:0837-1, SUSE-SU-2016:0839-1)
[22/03/2016] SUSE has
released security update packages for fixing the vulnerabilities identified in
the samba and tomcat6 packages of SUSE Linux Enterprise 11. Due to multiple
errors, an attacker could bypass security restrictions, obtain sensitive
information, gain elevated privileges, execute arbitrary code, cause a denial of
service condition and compromise the
system.
URL:lists.opensuse.org/opensuse-security-announce/2016-03/msg00081.html
URL:lists.opensuse.org/opensuse-security-announce/2016-03/msg00082.html
26.
Security Updates in Ubuntu GNU/Linux
(USN-2937-1, USN-2938-1)
[22/03/2016] Ubuntu has
released security update packages for fixing the vulnerabilities identified in
the webkitgtk and git packages for versions 12.04 LTS, 14.04 LTS and 15.10. Due
to multiple errors, an attacker could bypass security restrictions, obtain
sensitive information, gain elevated privileges, execute arbitrary code, cause a
denial of service condition and crash the
system.
URL:www.ubuntu.com/usn/usn-2937-1/
URL:www.ubuntu.com/usn/usn-2938-1/
27.
Security Updates in Debian (DSA-3519-1,
DSA-3520-1, DSA-3521-1, DSA-3522-1)
[21/03/2016] Debian has
released security update packages for fixing the vulnerabilities identified in
the xen, icedove, git and squid3 packages for multiple versions of Debian
GNU/Linux. Due to multiple errors, an attacker could bypass security
restrictions, obtain sensitive information, gain elevated privileges, execute
arbitrary code, cause a denial of service condition and crash the
system.
URL:www.debian.org/security/2016/dsa-3519
URL:www.debian.org/security/2016/dsa-3520
URL:www.debian.org/security/2016/dsa-3521
URL:www.debian.org/security/2016/dsa-3522
28.
Security Updates in Slackware
(SSA:2016-078-01, SSA:2016-078-02)
[21/03/2016] Slackware
has released security update packages for fixing the vulnerabilities identified
in the git and mozilla-thunderbird packages for multiple versions of Slackware
Linux. Due to multiple errors, an attacker could bypass security restrictions,
obtain sensitive information, gain elevated privileges, execute arbitrary code,
cause a denial of service condition and compromise the
system.
URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.360229
URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.512254
29.
Security Updates in SUSE
(openSUSE-SU-2016:0813-1, SUSE-SU-2016:0814-1, SUSE-SU-2016:0816-1,
openSUSE-SU-2016:0817-1, openSUSE-SU-2016:0818-1, SUSE-SU-2016:0820-1,
SUSE-SU-2016:0822-1, SUSE-SU-2016:0825-1, openSUSE-SU-2016:0826-1,
openSUSE-SU-2016:0827-1, openSUSE-SU-2016:0828-1, openSUSE-SU-2016:0829-1,
openSUSE-SU-2016:0830-1, openSUSE-SU-2016:0831-1, openSUSE-SU-2016:0832-1,
openSUSE-SU-2016:0833-1, openSUSE-SU-2016:0834-1,
openSUSE-SU-2016:0835-1)
[21/03/2016] SUSE has
released security update packages for fixing the vulnerabilities identified in
the samba, Chromium, MozillaFirefox, tomcat, bind, git, cgit, bsh2 and
rubygem-actionpack-3_2 packages of SUSE Linux Enterprise 10, 11 and 12, openSUSE
13.1, 13.2, Evergreen 11.4 and Leap 42.1. Due to multiple errors, an attacker
could bypass security restrictions, obtain sensitive information, gain elevated
privileges, execute arbitrary code, cause a denial of service condition and
compromise the
system.
URL:lists.opensuse.org/opensuse-security-announce/2016-03/msg00063.html
URL:lists.opensuse.org/opensuse-security-announce/2016-03/msg00064.html
URL:lists.opensuse.org/opensuse-security-announce/2016-03/msg00065.html
URL:lists.opensuse.org/opensuse-security-announce/2016-03/msg00066.html
URL:lists.opensuse.org/opensuse-security-announce/2016-03/msg00067.html
URL:lists.opensuse.org/opensuse-security-announce/2016-03/msg00068.html
URL:lists.opensuse.org/opensuse-security-announce/2016-03/msg00069.html
URL:lists.opensuse.org/opensuse-security-announce/2016-03/msg00070.html
URL:lists.opensuse.org/opensuse-security-announce/2016-03/msg00071.html
URL:lists.opensuse.org/opensuse-security-announce/2016-03/msg00072.html
URL:lists.opensuse.org/opensuse-security-announce/2016-03/msg00073.html
URL:lists.opensuse.org/opensuse-security-announce/2016-03/msg00074.html
URL:lists.opensuse.org/opensuse-security-announce/2016-03/msg00075.html
URL:lists.opensuse.org/opensuse-security-announce/2016-03/msg00076.html
URL:lists.opensuse.org/opensuse-security-announce/2016-03/msg00077.html
URL:lists.opensuse.org/opensuse-security-announce/2016-03/msg00078.html
URL:lists.opensuse.org/opensuse-security-announce/2016-03/msg00079.html
URL:lists.opensuse.org/opensuse-security-announce/2016-03/msg00080.html
30.
Security Updates in Ubuntu GNU/Linux
(USN-2935-3)
[21/03/2016] Ubuntu has
released security update packages for fixing the vulnerabilities identified in
the linux, linux-lts-wily and linux-raspi2 packages for versions 14.04 LTS and
15.10. Due to multiple errors, an attacker could bypass security restrictions,
obtain sensitive information, gain elevated privileges, execute arbitrary code,
cause a denial of service condition and compromise the
system.
URL:www.ubuntu.com/usn/usn-2930-1/
URL:www.ubuntu.com/usn/usn-2930-2/
URL:www.ubuntu.com/usn/usn-2930-3/
No comments:
Post a Comment