Debian Linux Security Advisory 3471-1 – Several vulnerabilities were discovered in qemu, a full virtualization solution on x86 hardware.

Debian Linux Security Advisory 3469-1 – Several vulnerabilities were discovered in qemu, a full virtualization solution on x86 hardware.

Ubuntu Security Notice 2892-1 – It was discovered that nginx incorrectly handled certain DNS server responses when the resolver is enabled. A remote attacker could possibly use this issue to cause nginx to crash, resulting in a denial of service. It was discovered that nginx incorrectly handled CNAME response processing when the resolver is enabled. A remote attacker could use this issue to cause nginx to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.

Red Hat Security Advisory 2016-0155-01 – OpenStack Object Storage provides object storage in virtual containers, which allows users to store and retrieve files. The service’s distributed architecture supports horizontal scaling; redundancy as failure-proofing is provided through software-based data replication. Because Object Storage supports asynchronous eventual consistency replication, it is well suited to multiple data-center deployment. A memory-leak issue was found in OpenStack Object Storage, in the proxy-to-server connection. An OpenStack-authenticated attacker could remotely trigger this flaw to cause denial of service through excess memory consumption.

Red Hat Security Advisory 2016-0156-01 – Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY principle. An information-exposure flaw was found in the Django date filter. If an application allowed users to provide non-validated date formats, a malicious end user could expose application-settings data by providing the relevant applications-settings key instead of a valid date format.

Ubuntu Security Notice 2880-2 – USN-2880-1 fixed vulnerabilities in Firefox. This update introduced a regression which caused Firefox to crash on startup with some configurations. This update fixes the problem. Various other issues were also addressed.

This bulletin summary lists two bulletins that have undergone a major revision increment for February, 2016.

Joomla Scatalog component version 2.0 suffers from a remote SQL injection vulnerability.

Joomla Subcategory component version 1.2.15 suffers from a remote SQL injection vulnerability.

ManageEngine Network Configuration Management build version 11000 suffers from a privilege escalation vulnerability.