1. Vulnerabilities in Adobe Flash Player
(APSB16-08)
[11/03/2016] Vulnerabilities were identified in the Adobe Flash Player. An
attacker could bypass security restrictions, execute arbitrary code and
compromise the system. These vulnerabilities affect multiple versions of the
mentioned product. Security patches are available to resolve these
vulnerabilities.
URL:helpx.adobe.com/security/products/flash-player/apsb16-08.html
URL:technet.microsoft.com/en-us/library/security/MS16-036
URL:www.hkcert.org/my_url/en/alert/16031101
URL:www.us-cert.gov/ncas/current-activity/2016/03/10/Adobe-Releases-Security-Updates-Flash-Player
2. Vulnerabilities in Apache
ActiveMQ
[11/03/2016]
Vulnerabilities were identified in the Apache
ActiveMQ . An attacker could bypass security restrictions, execute arbitrary
code and perform cross-site scripting and header clickjacking attacks. These
vulnerabilities affect multiple versions of the mentioned product. Security
patches are available to resolve these
vulnerabilities.
URL:activemq.apache.org/security-advisories.data/CVE-2016-0734-announcement.txt
URL:activemq.apache.org/security-advisories.data/CVE-2016-0782-announcement.txt
URL:exchange.xforce.ibmcloud.com/vulnerabilities/111420
URL:exchange.xforce.ibmcloud.com/vulnerabilities/111421
3. Vulnerability in Citrix Licensing Server
(CTX207824)
[11/03/2016] Vulnerability was identified in the Citrix Licensing Server.
An attacker could bypass security restrictions, execute arbitrary code, cause a
denial of service condition and crash the system. This vulnerability affects
multiple versions of the mentioned product. Security patches are available to
resolve this
vulnerability.
URL:support.citrix.com/article/CTX207824
URL:www.kb.cert.org/vuls/id/485744
URL:www.us-cert.gov/ncas/current-activity/2016/03/10/Citrix-Releases-Security-Update
4. Vulnerability in Quagga
(VU#270232)
[11/03/2016] Vulnerability was identified in the Quagga. An attacker could
bypass security restrictions and execute arbitrary code on the system. This
vulnerability affects versions prior to 1.0.20160309 of the mentioned product.
Security patches are available to resolve this
vulnerability.
URL:www.kb.cert.org/vuls/id/270232
5. Vulnerabilities in Wordpress ProjectTheme (111404,
111405, 111406)
[11/03/2016] Vulnerabilities were identified in the Wordpress
ProjectTheme. An attacker could bypass security restrictions, obtain sensitive
information, execute arbitrary code, cause a denial of service condition and
compromise the system. These vulnerabilities affect version 2.0.9.5 of the
mentioned
product.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/111404
URL:exchange.xforce.ibmcloud.com/vulnerabilities/111405
URL:exchange.xforce.ibmcloud.com/vulnerabilities/111406
6. Vulnerability in OpenSSH
[11/03/2016] Vulnerability was identified in the OpenSSH. An attacker
could bypass security restrictions, execute arbitrary code and compromise the
system. This vulnerability affects versions prior to 7.2p2 of the mentioned
product. Security patches are available to resolve this
vulnerability.
URL:www.openssh.com/txt/x11fwd.adv
URL:exchange.xforce.ibmcloud.com/vulnerabilities/111431
7. Vulnerability in Linux Kernel
(111418)
[11/03/2016]
Vulnerability was identified in the Linux
Kernel. An attacker could bypass security restrictions, execute arbitrary code
and compromise the system. This vulnerability affects multiple versions of the
mentioned
product.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/111418
8. Security Updates in Oracle Linux (ELSA-2016-0428,
ELSA-2016-0430)
[11/03/2016] Oracle has
released security update packages for fixing the vulnerabilities identified in
the libssh2 and xerces-c packages for Oracle Linux 6 and 7. Due to multiple
errors, an attacker could bypass security restrictions, obtain sensitive
information, gain elevated privileges, execute arbitrary code, cause a denial of
service condition and compromise the
system.
URL:linux.oracle.com/errata/ELSA-2016-0428.html
URL:linux.oracle.com/errata/ELSA-2016-0430.html
9. Security Updates in Debian (DSA-3511-1, DSA-3512-1,
DSA-3513-1)
[11/03/2016] Debian has
released security update packages for fixing the vulnerabilities identified in
the bind9, libotr and chromium-browser packages for multiple versions of Debian
GNU/Linux. Due to multiple errors, an attacker could bypass security
restrictions, obtain sensitive information, gain elevated privileges, execute
arbitrary code, cause a denial of service condition and compromise the
system.
URL:www.debian.org/security/2016/dsa-3511
URL:www.debian.org/security/2016/dsa-3512
URL:www.debian.org/security/2016/dsa-3513
10.
Security Updates in Red Hat Enterprise
Linux (RHSA-2016:0428-1, RHSA-2016:0429-1,
RHSA-2016:0430-1)
[11/03/2016] Red Hat
has released security update packages for fixing the vulnerabilities identified
in the libssh2, chromium-browser and xerces-c packages for Red Hat Enterprise
Linux 6 and 7, and Red Hat Enterprise Virtualization 3. Due to multiple errors,
an attacker could bypass security restrictions, obtain sensitive information,
gain elevated privileges, execute arbitrary code, cause a denial of service
condition and compromise the
system.
URL:rhn.redhat.com/errata/RHSA-2016-0428.html
URL:rhn.redhat.com/errata/RHSA-2016-0429.html
URL:rhn.redhat.com/errata/RHSA-2016-0430.html
11.
Security Updates in Slackware
(SSA:2016-070-01)
[11/03/2016] Slackware
has released security update packages for fixing the vulnerability identified in
the openssh packages for multiple versions of Slackware Linux. An attacker could
bypass security restrictions, obtain sensitive information, gain elevated
privileges, execute arbitrary code, cause a denial of service condition and
compromise the
system.
URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.517960
12.
Security Updates in SUSE
(openSUSE-SU-2016:0708-1)
[11/03/2016] SUSE has
released security update packages for fixing the vulnerability identified in the
libotr and libotr2 packages of openSUSE 13.2 and Leap 42.1. An attacker could
bypass security restrictions and execute arbitrary code on the
system.
URL:lists.opensuse.org/opensuse-security-announce/2016-03/msg00021.html
13.
Security Updates in Ubuntu GNU/Linux
(USN-2920-1, USN-2926-1)
[11/03/2016] Ubuntu has
released security update packages for fixing the vulnerabilities identified in
the oxide-qt and libotr packages for versions 12.04 LTS, 14.04 LTS and 15.10.
Due to multiple errors, an attacker could bypass security restrictions, obtain
sensitive information, gain elevated privileges, execute arbitrary code, cause a
denial of service condition and compromise the
system.
URL:www.ubuntu.com/usn/usn-2920-1/
URL:www.ubuntu.com/usn/usn-2926-1/
14.
Vulnerabilities in ISC BIND (AA-01351,
AA-01352, AA-01353)
[10/03/2016] Vulnerabilities were identified in the ISC BIND. An attacker
could bypass security restrictions, obtain sensitive information, cause a denial
of service condition and crash the system. These vulnerabilities affect multiple
versions of the mentioned product. Security patches are available to resolve
these
vulnerabilities.
URL:kb.isc.org/article/AA-01351
URL:kb.isc.org/article/AA-01352
URL:kb.isc.org/article/AA-01353
URL:exchange.xforce.ibmcloud.com/vulnerabilities/111389
URL:exchange.xforce.ibmcloud.com/vulnerabilities/111390
URL:exchange.xforce.ibmcloud.com/vulnerabilities/111391
15.
Vulnerability in Apple Software Update
(HT206091)
[10/03/2016]
Vulnerability was identified in the Apple
Software Update in Windows. An attacker could bypass security restrictions,
execute arbitrary code and control the contents of the updates window. This
vulnerability affects versions prior to 2.2 of the mentioned product. Security
patches are available to resolve this
vulnerability.
URL:support.apple.com/en-hk/HT206091
16.
Vulnerabilities in Cisco Products
(cisco-sa-20160309-cmdos, cisco-sa-20160309-cmre, cisco-sa-20160309-csc,
cisco-sa-20160309-rgid, cisco-sa-20160309-vcs)
[10/03/2016] Vulnerabilities were identified in multiple cisco products.
An attacker could bypass security restrictions, obtain sensitive information,
execute arbitrary code, cause a denial of service condition and crash the
system. These vulnerabilities affect multiple firmware versions of the mentioned
products. Security patches are available to resolve these
vulnerabilities.
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160309-cmdos
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160309-cmre
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160309-csc
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160309-rgid
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160309-vcs
URL:www.us-cert.gov/ncas/current-activity/2016/03/09/Cisco-Releases-Security-Updates
URL:exchange.xforce.ibmcloud.com/vulnerabilities/111381
URL:exchange.xforce.ibmcloud.com/vulnerabilities/111385
URL:exchange.xforce.ibmcloud.com/vulnerabilities/111386
URL:exchange.xforce.ibmcloud.com/vulnerabilities/111387
URL:exchange.xforce.ibmcloud.com/vulnerabilities/111388
17.
Vulnerabilities in F5 Products
(sol09052213, sol62012529, sol81903701, sol95463126)
[10/03/2016] Vulnerabilities were identified in the F5 BIG-IP LTM, BIG-IP
AAM, BIG-IP AFM, BIG-IP Analytics, BIG-IP APM, BIG-IP ASM, BIG-IP DNS, BIG-IP
Edge Gateway, BIG-IP GTM, BIG-IP Link Controller, BIG-IP PEM, BIG-IP PSM, BIG-IP
WebAccelerator, BIG-IP WOM, Enterprise Manager, BIG-IQ Cloud, BIG-IQ Device,
BIG-IQ Security, BIG-IQ ADC, BIG-IQ Centralized Management, BIG-IQ Cloud and
Orchestration and Traffix SDC. An attacker could bypass security restrictions,
obtain sensitive information, gain elevated privileges, execute arbitrary code,
cause a denial of service condition and crash the system. These vulnerabilities
affect multiple versions of the mentioned products. Security patches are
available to resolve these
vulnerabilities.
URL:support.f5.com/kb/en-us/solutions/public/k/09/sol09052213.html
URL:support.f5.com/kb/en-us/solutions/public/k/62/sol62012529.html
URL:support.f5.com/kb/en-us/solutions/public/k/81/sol81903701.html
URL:support.f5.com/kb/en-us/solutions/public/k/95/sol95463126.html
18.
Vulnerabilities in
Samba
[10/03/2016]
Vulnerabilities were identified in the Samba. An
attacker could bypass security restrictions, obtain sensitive information,
execute arbitrary code, cause a denial of service condition and crash the
system. These vulnerabilities affect multiple versions of the mentioned product.
Security patches are available to resolve these
vulnerabilities.
URL:www.hkcert.org/my_url/en/alert/16031001
URL:exchange.xforce.ibmcloud.com/vulnerabilities/111383
URL:exchange.xforce.ibmcloud.com/vulnerabilities/111384
19.
Vulnerabilities in Linux Kernel (111392,
111393, 111394, 111395, 111396, 111397, 111398)
[10/03/2016] Vulnerabilities were identified in the Linux Kernel. An
attacker could bypass security restrictions, execute arbitrary code, cause a
denial of service condition and crash the system. These vulnerabilities affect
multiple versions of the mentioned
product.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/111392
URL:exchange.xforce.ibmcloud.com/vulnerabilities/111393
URL:exchange.xforce.ibmcloud.com/vulnerabilities/111394
URL:exchange.xforce.ibmcloud.com/vulnerabilities/111395
URL:exchange.xforce.ibmcloud.com/vulnerabilities/111396
URL:exchange.xforce.ibmcloud.com/vulnerabilities/111397
URL:exchange.xforce.ibmcloud.com/vulnerabilities/111398
20.
Security Updates in Oracle Linux
(ELSA-2016-0370, ELSA-2016-0371, ELSA-2016-0372,
ELSA-2016-0373)
[10/03/2016] Oracle has
released security update packages for fixing the vulnerabilities identified in
the nss-util, nss, openssl098e, firefox packages for Oracle Linux 6 and 7. Due
to multiple errors, an attacker could bypass security restrictions, obtain
sensitive information, gain elevated privileges, execute arbitrary code, cause a
denial of service condition and compromise the
system.
URL:linux.oracle.com/errata/ELSA-2016-0370.html
URL:linux.oracle.com/errata/ELSA-2016-0371.html
URL:linux.oracle.com/errata/ELSA-2016-0372.html
URL:linux.oracle.com/errata/ELSA-2016-0373.html
21.
Security Updates in Debian (DSA-3509-1,
DSA-3510-1)
[10/03/2016] Debian has
released security update packages for fixing the vulnerabilities identified in
the rails and iceweasel packages for multiple versions of Debian GNU/Linux. Due
to multiple errors, an attacker could bypass security restrictions, obtain
sensitive information, gain elevated privileges, execute arbitrary code, cause a
denial of service condition and compromise the
system.
URL:www.debian.org/security/2016/dsa-3509
URL:www.debian.org/security/2016/dsa-3510
22.
Security Updates in Red Hat Enterprise
Linux (RHSA-2016:0370-1, RHSA-2016:0371-1, RHSA-2016:0372-1, RHSA-2016:0373-1,
RHSA-2016:0379-1)
[10/03/2016] Red Hat
has released security update packages for fixing the vulnerabilities identified
in the nss-util, nss, openssl098e, firefox and rhev-hypervisor packages for Red
Hat Enterprise Linux 5, 6 and 7, and Red Hat Enterprise Virtualization 3. Due to
multiple errors, an attacker could bypass security restrictions, obtain
sensitive information, gain elevated privileges, execute arbitrary code, cause a
denial of service condition and compromise the
system.
URL:rhn.redhat.com/errata/RHSA-2016-0370.html
URL:rhn.redhat.com/errata/RHSA-2016-0371.html
URL:rhn.redhat.com/errata/RHSA-2016-0372.html
URL:rhn.redhat.com/errata/RHSA-2016-0373.html
URL:rhn.redhat.com/errata/RHSA-2016-0379.html
23.
Security Updates in SUSE
(SUSE-SU-2016:0699-1, SUSE-SU-2016:0700-1)
[10/03/2016] SUSE has
released security update packages for fixing the vulnerabilities identified in
the bsh2 packages of SUSE Linux Enterprise 11 and 12. Due to multiple errors, an
attacker could bypass security restrictions, obtain sensitive information,
execute arbitrary code, cause a denial of service condition and crash the
system.
URL:lists.opensuse.org/opensuse-security-announce/2016-03/msg00019.html
URL:lists.opensuse.org/opensuse-security-announce/2016-03/msg00020.html
24.
Security Updates in Ubuntu GNU/Linux
(USN-2917-1, USN-2924-1, USN-2925-1)
[10/03/2016] Ubuntu has
released security update packages for fixing the vulnerabilities identified in
the firefox, nss and bind9 packages for versions 12.04 LTS, 14.04 LTS and 15.10.
Due to multiple errors, an attacker could bypass security restrictions, obtain
sensitive information, gain elevated privileges, execute arbitrary code, cause a
denial of service condition and compromise the
system.
URL:www.ubuntu.com/usn/usn-2917-1/
URL:www.ubuntu.com/usn/usn-2924-1/
URL:www.ubuntu.com/usn/usn-2925-1/
25.
Vulnerabilities in Microsoft Products
(3140410, 3140709, 3141780, 3141806, 3142015, 3142019, 3143081, 3143136,
3143141, 3143142, 3143145, 3143146, 3143148)
[09/03/2016] Vulnerabilities were identified in the Microsoft Internet
Explorer, Edge, Windows, Office and .NET Framework. An attacker could bypass
security restrictions, obtain sensitive information, gain elevated privileges,
execute arbitrary code, cause a denial of service condition and compromise the
system. These vulnerabilities affect multiple versions of the mentioned
products. Security patches are available to resolve these
vulnerabilities.
URL:technet.microsoft.com/en-us/library/security/ms16-mar
URL:technet.microsoft.com/library/security/MS16-023
URL:technet.microsoft.com/library/security/MS16-024
URL:technet.microsoft.com/library/security/MS16-025
URL:technet.microsoft.com/library/security/MS16-026
URL:technet.microsoft.com/library/security/MS16-027
URL:technet.microsoft.com/library/security/MS16-028
URL:technet.microsoft.com/library/security/MS16-029
URL:technet.microsoft.com/library/security/MS16-030
URL:technet.microsoft.com/library/security/MS16-031
URL:technet.microsoft.com/library/security/MS16-032
URL:technet.microsoft.com/library/security/MS16-033
URL:technet.microsoft.com/library/security/MS16-034
URL:technet.microsoft.com/library/security/MS16-035
URL:www.hkcert.org/my_url/en/alert/16030901
URL:www.hkcert.org/my_url/en/alert/16030902
URL:www.hkcert.org/my_url/en/alert/16030903
URL:www.hkcert.org/my_url/en/alert/16030904
URL:www.hkcert.org/my_url/en/alert/16030905
URL:www.hkcert.org/my_url/en/alert/16030906
URL:www.hkcert.org/my_url/en/alert/16030907
URL:www.hkcert.org/my_url/en/alert/16030908
URL:www.hkcert.org/my_url/en/alert/16030909
URL:www.hkcert.org/my_url/en/alert/16030910
URL:www.hkcert.org/my_url/en/alert/16030911
URL:www.hkcert.org/my_url/en/alert/16030912
URL:www.hkcert.org/my_url/en/alert/16030913
URL:www.us-cert.gov/ncas/current-activity/2016/03/08/Microsoft-Releases-March-2016-Security-Bulletin
26.
Vulnerabilities in Adobe Products
(APSB16-06, APSB16-09)
[09/03/2016] Vulnerabilities were identified in the Adobe Digital
Editions, Adobe Acrobat and Reader. An attacker could bypass security
restrictions, execute arbitrary code and compromise the system. These
vulnerabilities affect multiple versions of the mentioned products. Security
patches are available to resolve these
vulnerabilities.
URL:helpx.adobe.com/security/products/Digital-Editions/apsb16-06.html
URL:helpx.adobe.com/security/products/acrobat/apsb16-09.html
URL:www.us-cert.gov/ncas/current-activity/2016/03/08/Adobe-Releases-Security-Updates-Acrobat-Reader-and-Digital-Editions
URL:www.hkcert.org/my_url/en/alert/16030914
URL:exchange.xforce.ibmcloud.com/vulnerabilities/111277
URL:exchange.xforce.ibmcloud.com/vulnerabilities/111278
URL:exchange.xforce.ibmcloud.com/vulnerabilities/111279
URL:exchange.xforce.ibmcloud.com/vulnerabilities/111320
27.
Vulnerabilities in Mozilla Firefox (MFSA
2015-81, MFSA 2015-136, MFSA 2016-16, MFSA 2016-17, MFSA 2016-18, MFSA 2016-19,
MFSA 2016-20, MFSA 2016-21, MFSA 2016-22, MFSA 2016-23, MFSA 2016-24, MFSA
2016-25, MFSA 2016-26, MFSA 2016-27, MFSA 2016-28, MFSA 2016-29, MFSA 2016-30,
MFSA 2016-31, MFSA 2016-32, MFSA 2016-33, MFSA 2016-34, MFSA 2016-35, MFSA
2016-36, MFSA 2016-37)
[09/03/2016] Vulnerabilities were identified in the Mozilla Firefox and
Firefox ESR. An attacker could bypass security restrictions, obtain sensitive
information, execute arbitrary code, cause a denial of service condition and
compromise the system. These vulnerabilities affect versions prior to Firefox 45
and Firefox ESR 38.7 of the mentioned products. Security patches are available
to resolve these
vulnerabilities.
URL:www.mozilla.org/en-US/security/known-vulnerabilities/firefox/#firefox45
URL:www.mozilla.org/en-US/security/known-vulnerabilities/firefox-esr/#firefoxesr38.7
URL:www.mozilla.org/en-US/security/advisories/mfsa2015-81/
URL:www.mozilla.org/en-US/security/advisories/mfsa2015-136/
URL:www.mozilla.org/en-US/security/advisories/mfsa2016-16/
URL:www.mozilla.org/en-US/security/advisories/mfsa2016-17/
URL:www.mozilla.org/en-US/security/advisories/mfsa2016-18/
URL:www.mozilla.org/en-US/security/advisories/mfsa2016-19/
URL:www.mozilla.org/en-US/security/advisories/mfsa2016-20/
URL:www.mozilla.org/en-US/security/advisories/mfsa2016-21/
URL:www.mozilla.org/en-US/security/advisories/mfsa2016-22/
URL:www.mozilla.org/en-US/security/advisories/mfsa2016-23/
URL:www.mozilla.org/en-US/security/advisories/mfsa2016-24/
URL:www.mozilla.org/en-US/security/advisories/mfsa2016-25/
URL:www.mozilla.org/en-US/security/advisories/mfsa2016-26/
URL:www.mozilla.org/en-US/security/advisories/mfsa2016-27/
URL:www.mozilla.org/en-US/security/advisories/mfsa2016-28/
URL:www.mozilla.org/en-US/security/advisories/mfsa2016-29/
URL:www.mozilla.org/en-US/security/advisories/mfsa2016-30/
URL:www.mozilla.org/en-US/security/advisories/mfsa2016-31/
URL:www.mozilla.org/en-US/security/advisories/mfsa2016-32/
URL:www.mozilla.org/en-US/security/advisories/mfsa2016-33/
URL:www.mozilla.org/en-US/security/advisories/mfsa2016-34/
URL:www.mozilla.org/en-US/security/advisories/mfsa2016-35/
URL:www.mozilla.org/en-US/security/advisories/mfsa2016-36/
URL:www.mozilla.org/en-US/security/advisories/mfsa2016-37/
URL:www.us-cert.gov/ncas/current-activity/2016/03/08/Mozilla-Releases-Security-Updates
28.
Vulnerability in ISC DHCP
(AA-01354)
[09/03/2016]
Vulnerability was identified in the ISC DHCP. An
attacker could bypass security restrictions, execute arbitrary code, cause a
denial of service condition and crash the system. This vulnerability affects
multiple versions of the mentioned product. Security patches are available to
resolve this
vulnerability.
URL:kb.isc.org/article/AA-01354
URL:www.us-cert.gov/ncas/current-activity/2016/03/07/ISC-Releases-Security-Updates-DHCP-Server
29.
Vulnerabilities in Google
Chrome
[09/03/2016]
Vulnerabilities were identified in the Google
Chrome. An attacker could bypass security restrictions and execute arbitrary
code. These vulnerabilities affect versions prior to 49.0.2623.87 of the
mentioned product. Security patches are available to resolve these
vulnerabilities.
URL:googlechromereleases.blogspot.hk/2016/03/stable-channel-update_8.html
URL:www.us-cert.gov/ncas/current-activity/2016/03/08/Google-Releases-Security-Update-Chrome
30.
Security Updates in Mageia
(MGASA-2016-0095, MGASA-2016-0096, MGASA-2016-0097, MGASA-2016-0098,
MGASA-2016-0099, MGASA-2016-0100, MGASA-2016-0101,
MGASA-2016-0102)
[09/03/2016] Mageia has
released security update packages for fixing the vulnerabilities identified in
the squid, python-django, graphite2, xen, perl, jasper, exempi, exiv2, botan,
monotone and softhsm packages for multiple versions of Mageia. Due to multiple
errors, an attacker could bypass security restrictions, obtain sensitive
information, gain elevated privileges, execute arbitrary code, cause a denial of
service condition and compromise the
system.
URL:advisories.mageia.org/MGASA-2016-0095.html
URL:advisories.mageia.org/MGASA-2016-0096.html
URL:advisories.mageia.org/MGASA-2016-0097.html
URL:advisories.mageia.org/MGASA-2016-0098.html
URL:advisories.mageia.org/MGASA-2016-0099.html
URL:advisories.mageia.org/MGASA-2016-0100.html
URL:advisories.mageia.org/MGASA-2016-0101.html
URL:advisories.mageia.org/MGASA-2016-0102.html
31.
Security Updates in Red Hat Enterprise
Linux (RHSA-2016:0359-1, RHSA-2016:0364-1, RHSA-2016:0365-1, RHSA-2016:0366-1,
RHSA-2016:0368-1, RHSA-2016:0369-1)
[09/03/2016] Red Hat
has released security update packages for fixing the vulnerabilities identified
in the chromium-browser, openstack-nova and abbitmq-server packages for Red Hat
Enterprise Linux 6, Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse)
and 6.0 (Juno) for RHEL 6 and 7. Due to multiple errors, an attacker could
bypass security restrictions, obtain sensitive information, gain elevated
privileges, execute arbitrary code, cause a denial of service condition and
compromise the
system.
URL:rhn.redhat.com/errata/RHSA-2016-0359.html
URL:rhn.redhat.com/errata/RHSA-2016-0364.html
URL:rhn.redhat.com/errata/RHSA-2016-0365.html
URL:rhn.redhat.com/errata/RHSA-2016-0366.html
URL:rhn.redhat.com/errata/RHSA-2016-0368.html
URL:rhn.redhat.com/errata/RHSA-2016-0369.html
32.
Security Updates in SUSE
(SUSE-SU-2016:0677-1, SUSE-SU-2016:0678-1,
openSUSE-SU-2016:0684-1)
[09/03/2016] SUSE has
released security update packages for fixing the vulnerabilities identified in
the postgresql94, OpenSSL and Chromium packages of openSUSE 13.1 and SUSE Linux
Enterprise 10 and 11. Due to multiple errors, an attacker could bypass security
restrictions, obtain sensitive information, gain elevated privileges, execute
arbitrary code, cause a denial of service condition and compromise the
system.
URL:lists.opensuse.org/opensuse-security-announce/2016-03/msg00016.html
URL:lists.opensuse.org/opensuse-security-announce/2016-03/msg00017.html
URL:lists.opensuse.org/opensuse-security-announce/2016-03/msg00018.html
33.
Security Updates in Slackware
(SSA:2016-068-01, SSA:2016-068-02)
[09/03/2016] Slackware
has released security update packages for fixing the vulnerabilities identified
in the mozilla-firefox and samba packages for multiple versions of Slackware
Linux. Due to multiple errors, an attacker could bypass security restrictions,
obtain sensitive information, gain elevated privileges, execute arbitrary code,
cause a denial of service condition and compromise the
system.
URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.355414
URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.357003
34.
Security Updates in Ubuntu GNU/Linux
(USN-2904-1, USN-2922-1, USN-2923-1)
[09/03/2016] Ubuntu has
released security update packages for fixing the vulnerabilities identified in
the thunderbird, samba and bsh packages for versions 12.04 LTS, 14.04 LTS and
15.10. Due to multiple errors, an attacker could bypass security restrictions,
obtain sensitive information, gain elevated privileges, execute arbitrary code,
cause a denial of service condition and compromise the
system.
URL:www.ubuntu.com/usn/usn-2904-1/
URL:www.ubuntu.com/usn/usn-2922-1/
URL:www.ubuntu.com/usn/usn-2923-1/
35.
Vulnerability in EMC Documentum xCP
(111310)
[08/03/2016]
Vulnerability was identified in the EMC
Documentum xCP. An attacker could obtain sensitive information. This
vulnerability affects versions 2.1 and 2.2 of the mentioned product. Security
patches are available to resolve this
vulnerability.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/111310
36.
Vulnerability in HPE Network Automation
(111299, 111300)
[08/03/2016] Vulnerability was identified in the HPE Network Automation.
An attacker could execute arbitrary code. This vulnerability affects multiple
versions of the mentioned product. Security patches are available to resolve
this
vulnerability.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/111299
URL:exchange.xforce.ibmcloud.com/vulnerabilities/111300
37.
Vulnerability in exim
(111281)
[08/03/2016]
Vulnerability was identified in the exim. An
attacker could gain elevated privileges. The affected version was not specified.
Security patches are available to resolve this
vulnerability.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/111281
38.
Security Updates in Red Hat Enterprise
Linux (RHSA-2016:0358-1, RHSA-2016:0359-1)
[08/03/2016] Red Hat
has released security update packages for fixing the vulnerabilities identified
in the openstack-glance and chromium-browser packages for Red Hat Enterprise
Linux OpenStack Platform 5.0 (Icehouse) for RHEL 6 and Red Hat Enterprise Linux
6 Supplementary. An attacker could bypass security restrictions, execute
arbitrary code, obtain sensitive information and cause the application to
crash.
URL:rhn.redhat.com/errata/RHSA-2016-0358.html
URL:rhn.redhat.com/errata/RHSA-2016-0359.html
39.
Security Updates in Ubuntu GNU/Linux
(USN-2915-2, USN-2915-3, USN-2921-1)
[08/03/2016] Ubuntu has
released security update packages for fixing the vulnerabilities identified in
the python-django and squid3 packages for versions 12.04 LTS, 14.04 LTS and
15.10. Due to multiple errors, an attacker could perform cross-site scripting
attack, execute arbitrary code, cause a denial of service condition and crash
the
application.
URL:www.ubuntu.com/usn/usn-2915-2/
URL:www.ubuntu.com/usn/usn-2915-3/
URL:www.ubuntu.com/usn/usn-2921-1/
40.
Vulnerability in Moxa ioLogik E2200
Ethernet Micro RTU Controllers (ICSA-16-063-01)
[07/03/2016] Vulnerability was identified in the Moxa ioLogik E2200
Ethernet Micro RTU controllers. An attacker could gain access and change
settings and data of the affected device. This vulnerability affects versions
prior to 3.12 of ioLogik E2200 series and versions prior to 3.18 of ioAdmin
Configuration Utility. Security patches are available to resolve this
vulnerability.
URL:ics-cert.us-cert.gov/advisories/ICSA-16-063-01
41.
Vulnerabilities in Novell
Products
[07/03/2016]
Vulnerability was identified in the Novell Filr
and Novell NetIQ Sentinel. An attacker could cause buffer overflow and a denial
of service condition. This vulnerability affects multiple versions of the
mentioned products. Security patches are available to resolve this
vulnerabilities.
URL:download.novell.com/Download?buildid=LqikC-Hosps~
URL:download.novell.com/Download?buildid=PQBDzZUKFac~
URL:download.novell.com/Download?buildid=ZEMvbiAk5k8~
42.
Vulnerabilities in extensions for Typo3
(111238, 111239, 111240, 111250, 111251, 111252,
111253)
[07/03/2016]
Vulnerabilities were identified in the Google
Sitemap extension, List frontend users extension, UTOPIA extension, Apache Solr
extension, Extension Kickstarter and Fe user statistic extension for Typo3. Due
to multiple errors, an attacker could perform cross-site scripting attacks and
obtain sensitive information. These vulnerabilities affect multiple versions of
the mentioned products. Security patches are available to resolve these
vulnerabilities.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/111253
URL:exchange.xforce.ibmcloud.com/vulnerabilities/111252
URL:exchange.xforce.ibmcloud.com/vulnerabilities/111251
URL:exchange.xforce.ibmcloud.com/vulnerabilities/111250
URL:exchange.xforce.ibmcloud.com/vulnerabilities/111240
URL:exchange.xforce.ibmcloud.com/vulnerabilities/111239
URL:exchange.xforce.ibmcloud.com/vulnerabilities/111238
43.
Vulnerability in Bulk Delete Plugin for
WordPress (112244)
[07/03/2016] Vulnerability was identified in the Bulk Delete Plugin for
WordPress. An attacker could gain elevated privileges. This vulnerability
affects versions prior to 5.5.4 of the mentioned product. Security patches are
available to resolve this
vulnerability.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/111244
44.
Security Updates in Debian (DSA-3503-1,
DSA-3504-1, DSA-3505-1, DSA-3506-1, DSA-3507-1,
DSA-3508-1)
[07/03/2016] Debian has
released security update packages for fixing the vulnerabilities identified in
the linux, bsh, wireshark, libav, chromium and jasper packages for multiple
versions of Debian GNU/Linux. Due to multiple errors, an attacker could gain
elevated privileges, obtain sensitive information, cause a denial of service
condition, execute arbitrary code and cause a buffer
overflow.
URL:www.debian.org/security/2016/dsa-3503
URL:www.debian.org/security/2016/dsa-3504
URL:www.debian.org/security/2016/dsa-3505
URL:www.debian.org/security/2016/dsa-3506
URL:www.debian.org/security/2016/dsa-3507
URL:www.debian.org/security/2016/dsa-3508
45.
Security Updates in SUSE
(SUSE-SU-2016:0658-1, openSUSE-SU-2016:0664-1,
SUSE-SU-2016:0665-1)
[07/03/2016] SUSE has
released security update packages for fixing the vulnerabilities identified in
the xen and chromium packages of openSUSE Leap 42.1 and SUSE Linux Enterprise
10. Due to multiple errors, an attacker could bypass security restrictions,
cause buffer overflow and obtain sensitive
information.
URL:lists.opensuse.org/opensuse-security-announce/2016-03/msg00013.html
URL:lists.opensuse.org/opensuse-security-announce/2016-03/msg00014.html
URL:lists.opensuse.org/opensuse-security-announce/2016-03/msg00015.html
No comments:
Post a Comment