Ubuntu Security Notice 2858-2 – Nathan Williams discovered that overlayfs in the Linux kernel incorrectly handled setattr operations. A local unprivileged attacker could use this to create files with administrative permission attributes and execute arbitrary code with elevated privileges.

Ubuntu Security Notice 2858-1 – Nathan Williams discovered that overlayfs in the Linux kernel incorrectly handled setattr operations. A local unprivileged attacker could use this to create files with administrative permission attributes and execute arbitrary code with elevated privileges.

Ubuntu Security Notice 2857-2 – Nathan Williams discovered that overlayfs in the Linux kernel incorrectly handled setattr operations. A local unprivileged attacker could use this to create files with administrative permission attributes and execute arbitrary code with elevated privileges.

Debian Linux Security Advisory 3435-1 – Blake Burkhart discovered that the Git git-remote-ext helper incorrectly handled recursive clones of git repositories. A remote attacker could possibly use this issue to execute arbitrary code by injecting commands via crafted URLs.

Ubuntu Security Notice 2857-1 – Nathan Williams discovered that overlayfs in the Linux kernel incorrectly handled setattr operations. A local unprivileged attacker could use this to create files with administrative permission attributes and execute arbitrary code with elevated privileges.

Red Hat Security Advisory 2016-0001-01 – Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A flaw was found in the way Thunderbird handled content using the ‘data:’ and ‘view-source:’ URIs. An attacker could use this flaw to bypass the same-origin policy and read data from cross-site URLs and local files.

Ubuntu Security Notice 2856-1 – Thilo Uttendorfer discovered that the ldb incorrectly handled certain zero values. A remote attacker could use this issue to cause applications using ldb, such as Samba, to stop responding, resulting in a denial of service. Douglas Bagnall discovered that ldb incorrectly handled certain string lengths. A remote attacker could use this issue to possibly access sensitive information from memory of applications using ldb, such as Samba. Various other issues were also addressed.

Ubuntu Security Notice 2855-1 – Thilo Uttendorfer discovered that the Samba LDAP server incorrectly handled certain packets. A remote attacker could use this issue to cause the LDAP server to stop responding, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu 15.04 and Ubuntu 15.10. Jan Kasprzak discovered that Samba incorrectly handled certain symlinks. A remote attacker could use this issue to access files outside the exported share path. Various other issues were also addressed.

Debian Linux Security Advisory 3434-1 – Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leak.

The Nuit Du Hack Call For Papers for 2016 has been announced. It will be held July 2nd through the 3rd, 2016 at the Disneyland Paris convention center.