Monthly Archives: January 2016

Redhat

RHSA-2016:0050-1: Important: java-1.8.0-openjdk security update

Red Hat Enterprise Linux: Updated java-1.8.0-openjdk packages that fix multiple security issues are
now available for Red Hat Enterprise Linux 6.

Red Hat Product Security has rated this update as having Important security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.
CVE-2015-7575, CVE-2016-0402, CVE-2016-0448, CVE-2016-0466, CVE-2016-0475, CVE-2016-0483, CVE-2016-0494

Redhat

RHSA-2016:0049-1: Critical: java-1.8.0-openjdk security update

Red Hat Enterprise Linux: Updated java-1.8.0-openjdk packages that fix multiple security issues are
now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having Critical security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.
CVE-2015-7575, CVE-2016-0402, CVE-2016-0448, CVE-2016-0466, CVE-2016-0475, CVE-2016-0483, CVE-2016-0494

Ubuntu

USN-2876-1: eCryptfs vulnerability

Ubuntu Security Notice USN-2876-1

20th January, 2016

ecryptfs-utils vulnerability

A security issue affects these releases of Ubuntu and its
derivatives:

  • Ubuntu 15.10
  • Ubuntu 15.04
  • Ubuntu 14.04 LTS
  • Ubuntu 12.04 LTS

Summary

mount.ecryptfs_private could be used to run programs as an administrator.

Software description

  • ecryptfs-utils
    – eCryptfs cryptographic filesystem utilities

Details

Jann Horn discovered that mount.ecryptfs_private would mount over certain
directories in the proc filesystem. A local attacker could use this to escalate
their privileges. (CVE-2016-1572)

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 15.10:
ecryptfs-utils

108-0ubuntu1.1
Ubuntu 15.04:
ecryptfs-utils

107-0ubuntu1.3
Ubuntu 14.04 LTS:
ecryptfs-utils

104-0ubuntu1.14.04.4
Ubuntu 12.04 LTS:
ecryptfs-utils

96-0ubuntu3.5

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2016-1572

US-CERT

Google Releases Security Update for Chrome

Original release date: January 20, 2016

Google has released Chrome version 48.0.2564.82 to address multiple vulnerabilities for Windows, Mac, and Linux. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system.

Users and administrators are encouraged to review the Chrome Releases page and apply the necessary update.

This product is provided subject to this Notification and this Privacy & Use policy.

NVD

CVE-2016-0572

Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6, 12.1.2, 12.1.3, and 12.2.1 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Coherence Container.

NVD

CVE-2016-0573

Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6, 12.1.2, 12.1.3, and 12.2.1 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to WLS Java Messaging Service.

NVD

CVE-2016-0574

Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6, 12.1.2, 12.1.3, and 12.2.1 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to WLS Core Components, a different vulnerability than CVE-2016-0577.

NVD

CVE-2016-0575

Unspecified vulnerability in the Oracle Learning Management component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect integrity via vectors related to OTA Self Service.