Red Hat Enterprise Linux: Updated libldb packages that fix two security issues are now available for
Red Hat Enterprise Linux 6 and 7.
Red Hat Product Security has rated this update as having Moderate security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.
CVE-2015-3223, CVE-2015-5330
Red Hat Enterprise Linux: Updated openssl packages that fix one security issue are now available for
Red Hat Enterprise Linux 6 and 7.
Red Hat Product Security has rated this update as having Moderate security
impact. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available from the CVE link in the
References section.
CVE-2015-7575
Red Hat Enterprise Linux: Updated nss packages that fix one security issue are now available for Red
Hat Enterprise Linux 6 and 7.
Red Hat Product Security has rated this update as having Moderate security
impact. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available from the CVE link in the
References section.
CVE-2015-7575
Red Hat Enterprise Linux: Updated samba packages that fix multiple security issues are now available
for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having Moderate security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.
CVE-2015-3223, CVE-2015-5252, CVE-2015-5296, CVE-2015-5299, CVE-2015-7540
Red Hat Enterprise Linux: Updated rpcbind packages that fix one security issue are now available for
Red Hat Enterprise Linux 6 and 7.
Red Hat Product Security has rated this update as having Moderate security
impact. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available from the CVE link in the
References section.
CVE-2015-7236
Red Hat Enterprise Linux: Updated kernel packages that fix two security issues are now available for
Red Hat Enterprise Linux 6.4 Advanced Update Support.
Red Hat Product Security has rated this update as having Important security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.
CVE-2015-5307, CVE-2015-8104
7th January, 2016
A security issue affects these releases of Ubuntu and its
derivatives:
Pygments could be made to crash or run programs if it processed a specially
crafted font request.
It was discovered that Pygments incorrectly sanitized strings used to
search system fonts. An attacker could possibly use this issue to execute
arbitrary code.
The problem can be corrected by updating your system to the following
package version:
To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.
In general, a standard system update will make all the necessary changes.
7th January, 2016
A security issue affects these releases of Ubuntu and its
derivatives:
OpenSSL could be made to expose sensitive information over the network.
Karthikeyan Bhargavan and Gaetan Leurent discovered that OpenSSL
incorrectly allowed MD5 to be used for TLS 1.2 connections. If a remote
attacker were able to perform a man-in-the-middle attack, this flaw could
be exploited to view sensitive information.
The problem can be corrected by updating your system to the following
package version:
To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.
After a standard system update you need to reboot your computer to make
all the necessary changes.
7th January, 2016
A security issue affects these releases of Ubuntu and its
derivatives:
NSS could be made to expose sensitive information over the network.
Karthikeyan Bhargavan and Gaetan Leurent discovered that NSS incorrectly
allowed MD5 to be used for TLS 1.2 connections. If a remote attacker were
able to perform a man-in-the-middle attack, this flaw could be exploited to
view sensitive information.
The problem can be corrected by updating your system to the following
package version:
To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.
After a standard system update you need to restart any applications that
use NSS, such as Evolution and Chromium, to make all the necessary changes.
SQL injection vulnerability in Cisco Unified Communications Manager 11.0(0.98000.225) allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCut66767.