Slackware Security Advisory – New php packages are available for Slackware 14.0, 14.1, and -current to fix security issues.

Slackware Security Advisory – New openssl packages are available for Slackware 14.0, 14.1, and -current to fix a security issue.

Slackware Security Advisory – New mozilla-firefox packages are available for Slackware 14.1 and -current to fix security issues.

Gentoo Linux Security Advisory 201602-1 – Multiple vulnerabilities have been found in QEMU, the worst of which may allow a remote attacker to cause a Denial of Service or gain elevated privileges from a guest VM. Versions less than 2.5.0-r1 are affected.

Cisco Security Advisory – A vulnerability in the role-based access control (RBAC) of the Cisco Application Policy Infrastructure Controller (APIC) could allow an authenticated remote user to make configuration changes outside of their configured access privileges. The vulnerability is due to eligibility logic in the RBAC processing code. An authenticated user could exploit this vulnerability by sending specially crafted representational state transfer (REST) requests to the APIC. An exploit could allow the authenticated user to make configuration changes to the APIC beyond the configured privilege for their role. Cisco has released software updates that address this vulnerability.

Cisco Security Advisory – A vulnerability in the role-based access control of Cisco ASA-CX and Cisco Prime Security Manager (PRSM) could allow an authenticated, remote attacker to change the password of any user on the system. The vulnerability exists because the password change request is not fully qualified. An authenticated attacker with a user role other than Administrator could exploit this vulnerability by sending a specially crafted HTTP request to the Cisco PRSM. An exploit could allow the attacker to change the password of any user on the system, including users with the Administrator role. Cisco has released software updates that address this vulnerability.

Cisco Security Advisory – A vulnerability in the ICMP implementation in the Cisco Nexus 9000 Series Application Centric Infrastructure (ACI) Mode Switch could allow an unauthenticated, remote attacker to cause the switch to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to improper handling of an ICMP packet with the IPv4 Type 7 option for record route. An attacker could exploit this vulnerability by sending an ICMP packet with the record route option to an interface on the affected switch. An exploit could allow the attacker to cause a DoS condition because the switch will reload each time the ICMP packet is received. Cisco has released software updates that address this vulnerability. A workaround that addresses this vulnerability is available.