Ubuntu Security Notice 2753-3 – USN-2753-1 fixed a vulnerability in LXC. The update caused a regression that prevented some containers from starting. This regression only affected containers that had a path that contained a ‘/./’ directory specified as a bind mount target in their configuration file. This update fixes the problem. Roman Fiedler discovered a directory traversal flaw in lxc-start. A local attacker with access to an LXC container could exploit this flaw to run programs inside the container that are not confined by AppArmor or expose unintended files in the host to the container. Various other issues were also addressed.

Ubuntu Security Notice 2761-1 – Dmitry Vyukov discovered that the Linux kernel did not properly initialize IPC object state in certain situations. A local attacker could use this to escalate their privileges, expose confidential information, or cause a denial of service (system crash).

WordPress DWBooster Payment Form for PayPal Pro plugin version 1.0.1 suffers from a cross site scripting vulnerability.

Liferay Portal version 6.2 EE SP13 suffers from an administrator-inflicted cross site scripting vulnerability.

SourceBans version 1.4.11 suffers from a cross site scripting vulnerability.

ManageEngine ServiceDesk Plus versions 9.1 build 9110 and below suffer from a path traversal vulnerability.

Cisco AnyConnect Secure Mobility Client version 3.1.08009 suffers from a privilege escalation vulnerability. The fix for CVE-2015-4211 is insufficient which allows a local application to elevate to local system through the CMainThread::launchDownloader command.

ZTE ZXHN H108N version 3.3.0_MU suffers from a CWMP configuration disclosure vulnerability.