Monthly Archives: March 2016

US-CERT

Cisco Releases Security Updates

Original release date: March 23, 2016

Cisco has released security updates to address vulnerabilities in multiple products. Exploitation of these vulnerabilities could allow a remote attacker to create a denial-of-service condition.

US-CERT encourages users and administrators to review the following Cisco Security Advisories and apply the necessary updates:

  • cisco-sa-20160323-sip: Cisco IOS, IOS XE, Unified Communications Manager software session initiation protocol memory leak vulnerability 
  • cisco-sa-20160323-lisp: Cisco IOS and NX-OS software locator/ID separation protocol packet denial-of-service vulnerability   
  • cisco-sa-20160323-ios-ikev2: Cisco IOS and IOS XE software Internet Key Exchange v2 fragmentation denial-of-service vulnerability
  • cisco-sa-20160323-dhcpv6: Cisco IOS and IOS XE software DHCPv6 relay denial-of-service vulnerability
  • cisco-sa-20160323-smi: Cisco IOS and IOS XE software Smart Install denial-of-service vulnerability
  • cisco-sa-20160323-l4f: Cisco IOS software wide area application services express denial-of-service vulnerability

This product is provided subject to this Notification and this Privacy & Use policy.

Full Disclosure

APPLE-SA-2016-03-21-3 tvOS 9.2

Posted by Apple Product Security on Mar 23

APPLE-SA-2016-03-21-3 tvOS 9.2

tvOS 9.2 is now available and addresses the following:

FontParser
Available for: Apple TV (4th generation)
Impact: Opening a maliciously crafted PDF file may lead to an
unexpected application termination or arbitrary code execution
Description: A memory corruption issue was addressed through
improved memory handling.
CVE-ID
CVE-2016-1740 : HappilyCoded (ant4g0nist and r3dsm0k3) working with
Trend Micro’s…

Full Disclosure

APPLE-SA-2016-03-21-4 Xcode 7.3

Posted by Apple Product Security on Mar 23

APPLE-SA-2016-03-21-4 Xcode 7.3

Xcode 7.3 is now available and addresses the following:

otool
Available for: OS X El Capitan v10.11 and later
Impact: A local attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: Multiple memory corruption issues were addressed
through improved memory handling.
CVE-ID
CVE-2016-1765 : Proteas of Qihoo 360 Nirvan Team and Will Estes
(@squiffy)

subversion…

Full Disclosure

APPLE-SA-2016-03-21-5 OS X El Capitan 10.11.4 and Security Update 2016-002

Posted by Apple Product Security on Mar 23

APPLE-SA-2016-03-21-5 OS X El Capitan 10.11.4 and Security Update
2016-002

OS X El Capitan 10.11.4 and Security Update 2016-002 is now available
and addresses the following:

apache_mod_php
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
and OS X El Capitan v10.11 to v10.11.3
Impact: Processing a maliciously crafted .png file may lead to
arbitrary code execution
Description: Multiple vulnerabilities existed in libpng versions…

Full Disclosure

APPLE-SA-2016-03-21-6 Safari 9.1

Posted by Apple Product Security on Mar 23

APPLE-SA-2016-03-21-6 Safari 9.1

Safari 9.1 is now available and addresses the following:

libxml2
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
OS X El Capitan v10.11 to v10.11.3
Impact: Processing maliciously crafted XML may lead to unexpected
application termination or arbitrary code execution
Description: Multiple memory corruption issues were addressed
through improved memory handling.
CVE-ID
CVE-2016-1762

Safari…

Full Disclosure

APPLE-SA-2016-03-21-7 OS X Server 5.1

Posted by Apple Product Security on Mar 23

APPLE-SA-2016-03-21-7 OS X Server 5.1

OS X Server 5.1 is now available and addresses the following:

Server App
Available for: OS X Yosemite v10.10.5 and later
Impact: An administrator may unknowingly store backups on a volume
without permissions enabled
Description: An issue in Time Machine server did not properly warn
administrators if permissions were ignored when performing a server
backup. This issue was addressed through improved…

Full Disclosure

APPLE-SA-2016-03-21-1 iOS 9.3

Posted by Apple Product Security on Mar 23

APPLE-SA-2016-03-21-1 iOS 9.3

iOS 9.3 is now available and addresses the following:

AppleUSBNetworking
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue existed in the parsing of
data from USB devices. This issue was addressed through improved
input validation.
CVE-ID…

Full Disclosure

APPLE-SA-2016-03-21-2 watchOS 2.2

Posted by Apple Product Security on Mar 23

APPLE-SA-2016-03-21-2 watchOS 2.2

watchOS 2.2 is now available and addresses the following:

Disk Images
Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition,
and Apple Watch Hermes
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue existed in the parsing of
disk images. This issue was addressed through improved memory
handling.
CVE-ID
CVE-2016-1717 : Frank…

CentOS

CESA-2016:0496 Important CentOS 7 git SecurityUpdate

CentOS Errata and Security Advisory 2016:0496 Important

Upstream details at : https://rhn.redhat.com/errata/RHSA-2016-0496.html

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( sha256sum Filename ) 

x86_64:
995682f12f73c0dfb0dd3ee31aaad640e76977462e69f04e26b35a2e73751867  emacs-git-1.8.3.1-6.el7_2.1.noarch.rpm
3dc418f0bd777483482682fa6b94db1f00cc102491a8a868769803b4cbb87b2c  emacs-git-el-1.8.3.1-6.el7_2.1.noarch.rpm
97a79393e5793e8519db8cec84514f2c0de17a4d226d84b9cc580d294e80861e  git-1.8.3.1-6.el7_2.1.x86_64.rpm
b35123ee943cdaaf6e90cf08002b6cd6d977933c919fa6566ad2eca8143729f1  git-all-1.8.3.1-6.el7_2.1.noarch.rpm
693df19093b07241c0146c28aace0e2671461ce1d94c46438b911f47d01c14da  git-bzr-1.8.3.1-6.el7_2.1.noarch.rpm
235c80091390e5b4e814f31fa70c557532a1dcbf4dd468cc1587bce10f0f18e6  git-cvs-1.8.3.1-6.el7_2.1.noarch.rpm
d9521f551580e6e83c94c0251ef90289864cbad3d973cac5f5add866b068fd87  git-daemon-1.8.3.1-6.el7_2.1.x86_64.rpm
6ce61208e0b88fe4948c152af1fcf4baf40043b56d85f2bab9b738d9f50afc34  git-email-1.8.3.1-6.el7_2.1.noarch.rpm
ca240e27031946c0c7391e21717b24dce6e44f4c36ad22ede7825e308115ecc8  git-gui-1.8.3.1-6.el7_2.1.noarch.rpm
c59ed6fc3534cd0be9dffccddb9415eec72ba6551b7dccd4ad104260b40ead04  git-hg-1.8.3.1-6.el7_2.1.noarch.rpm
a53dc01712d9acf4666d108582c886158f648aee0acb2a30eed4778b8399fc28  gitk-1.8.3.1-6.el7_2.1.noarch.rpm
6a239595436306e7fce5399b78643685c0aa30b44b3bb84159fdcd14a18f4760  git-p4-1.8.3.1-6.el7_2.1.noarch.rpm
b592ee69e053c01e987aeef7e85650e71cb9f16d9d8df6fefecebeaf0376c504  git-svn-1.8.3.1-6.el7_2.1.x86_64.rpm
a02f7b8706a24966995fbd3308b9942a20fac21ef60d05353931f83127c277c9  gitweb-1.8.3.1-6.el7_2.1.noarch.rpm
24760b5cc231db2119965900f28a38b2494ab4685f9bc243cb7d11e3b8870d48  perl-Git-1.8.3.1-6.el7_2.1.noarch.rpm
e358bceec8f486256df66a53f6c5efee7446032f720194c3ac7b70556cfaebb4  perl-Git-SVN-1.8.3.1-6.el7_2.1.noarch.rpm

Source:
2db183bbfd7dbb52bf0cd77e5e7f0d7687dc599e75f492930b889e99653f8061  git-1.8.3.1-6.el7_2.1.src.rpm
CentOS

CESA-2016:0496 Important CentOS 6 git SecurityUpdate

CentOS Errata and Security Advisory 2016:0496 Important

Upstream details at : https://rhn.redhat.com/errata/RHSA-2016-0496.html

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( sha256sum Filename ) 

i386:
4df8c85e583053f410931d5068ce0b27317f494272993309c6a80be9bd186d26  emacs-git-1.7.1-4.el6_7.1.noarch.rpm
f5152081d61f5401c627ff1f59d643d9314f5cd481dbbb058e94867dcf41b382  emacs-git-el-1.7.1-4.el6_7.1.noarch.rpm
87d0c00d60ca45d864e25e6e905260936699796dc7959b995b5f25e845842d68  git-1.7.1-4.el6_7.1.i686.rpm
a4eae7ac377e362515e459fd7e6f38aa342c67bea6150e43e75ede38ae05c9d6  git-all-1.7.1-4.el6_7.1.noarch.rpm
8565ff89c0bc2cae821d5ecdfa0d403ae9b5bc1d8b7c7787a0489d39ec547ec4  git-cvs-1.7.1-4.el6_7.1.noarch.rpm
f1cd4367402ceb77d0ed65bd463c3514e7d4d14b50da0ab0e23d388487ddf216  git-daemon-1.7.1-4.el6_7.1.i686.rpm
d1d822654029cd4f3abdb9a682aafae764fa99dcac16f7f83b0e3804255b6c99  git-email-1.7.1-4.el6_7.1.noarch.rpm
d4bf822b26856aa5ca31aa968c1bf3dcd6e149f7b78521345247fc6244d0b9cb  git-gui-1.7.1-4.el6_7.1.noarch.rpm
979eb00946e71d29c950204ea3deddc36a9b719d10d8ade95f0963643663e7e4  gitk-1.7.1-4.el6_7.1.noarch.rpm
fbb6c398046b54577abf4418b23588facb6e9f023c50e09fc1cd7c8c3409f4bc  git-svn-1.7.1-4.el6_7.1.noarch.rpm
e187aadaee7f69706ccd5453a4029dddf49f8263fafd3cb8dd0e7517da3ec1e9  gitweb-1.7.1-4.el6_7.1.noarch.rpm
ef945770dfff1528f3ceb62b7a1514568df82d76691930245c1739a646b1d355  perl-Git-1.7.1-4.el6_7.1.noarch.rpm

x86_64:
4df8c85e583053f410931d5068ce0b27317f494272993309c6a80be9bd186d26  emacs-git-1.7.1-4.el6_7.1.noarch.rpm
f5152081d61f5401c627ff1f59d643d9314f5cd481dbbb058e94867dcf41b382  emacs-git-el-1.7.1-4.el6_7.1.noarch.rpm
58f63625be84f830335e5b5b50c490e8831c76f0f3f0d9c45605f836bb3a60a2  git-1.7.1-4.el6_7.1.x86_64.rpm
a4eae7ac377e362515e459fd7e6f38aa342c67bea6150e43e75ede38ae05c9d6  git-all-1.7.1-4.el6_7.1.noarch.rpm
8565ff89c0bc2cae821d5ecdfa0d403ae9b5bc1d8b7c7787a0489d39ec547ec4  git-cvs-1.7.1-4.el6_7.1.noarch.rpm
dc66fa570bb6598affbd4aad12ef6c21821c281a6a1ad36a1111d551c2113c5f  git-daemon-1.7.1-4.el6_7.1.x86_64.rpm
d1d822654029cd4f3abdb9a682aafae764fa99dcac16f7f83b0e3804255b6c99  git-email-1.7.1-4.el6_7.1.noarch.rpm
d4bf822b26856aa5ca31aa968c1bf3dcd6e149f7b78521345247fc6244d0b9cb  git-gui-1.7.1-4.el6_7.1.noarch.rpm
979eb00946e71d29c950204ea3deddc36a9b719d10d8ade95f0963643663e7e4  gitk-1.7.1-4.el6_7.1.noarch.rpm
fbb6c398046b54577abf4418b23588facb6e9f023c50e09fc1cd7c8c3409f4bc  git-svn-1.7.1-4.el6_7.1.noarch.rpm
e187aadaee7f69706ccd5453a4029dddf49f8263fafd3cb8dd0e7517da3ec1e9  gitweb-1.7.1-4.el6_7.1.noarch.rpm
ef945770dfff1528f3ceb62b7a1514568df82d76691930245c1739a646b1d355  perl-Git-1.7.1-4.el6_7.1.noarch.rpm

Source:
8645556c32bd985528b84c4e7ae9607aee45d34bf179e02824a939510adb7898  git-1.7.1-4.el6_7.1.src.rpm