Ubuntu Security Notice 2874-1 – It was discovered that Bind incorrectly handled certain APL data. A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service.
Monthly Archives: January 2016
OpenSCAP Libraries 1.2.8
The openscap project is a set of open source libraries that support the SCAP (Security Content Automation Protocol) set of standards from NIST. It supports CPE, CCE, CVE, CVSS, OVAL, and XCCDF.
Ubuntu Security Notice USN-2875-1
Ubuntu Security Notice 2875-1 – It was discovered that libxml2 incorrectly handled certain malformed documents. If a user or automated system were tricked into opening a specially crafted document, an attacker could possibly cause libxml2 to crash, resulting in a denial of service.
DSA-3451 fuse – security update
Jann Horn discovered a vulnerability in the fuse (Filesystem in
Userspace) package in Debian. The fuse package ships an udev rule
adjusting permissions on the related /dev/cuse character device, making
it world writable.
DSA-3450 ecryptfs-utils – security update
Jann Horn discovered that the setuid-root mount.ecryptfs_private helper
in the ecryptfs-utils would mount over any target directory that the
user owns, including a directory in procfs. A local attacker could use
this flaw to escalate his privileges.
Intel Driver Update Utility 2.2.0.5 Man-In-The-Middle
Intel Driver Update Utility version 2.2.0.5 suffers from a man-in-the-middle vulnerability..
Chrome Extension Empties Your Steam Inventory
Oracle Releases Security Bulletin
Original release date: January 19, 2016
Oracle has released its Critical Patch Update for January 2016 to address 248 vulnerabilities across multiple products. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system.
US-CERT encourages users and administrators to review the Oracle January 2016 Critical Patch Update and apply the necessary updates.
This product is provided subject to this Notification and this Privacy & Use policy.
Ubuntu Security Notice USN-2872-3
Ubuntu Security Notice 2872-3 – Yevgeny Pats discovered that the session keyring implementation in the Linux kernel did not properly reference count when joining an existing session keyring. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges.
Debian Security Advisory 3448-1
Debian Linux Security Advisory 3448-1 – Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation or denial-of-service.