Adobe Flash suffers from a crash due to a wild pointer 0x1808121a502959a4 decoding h.264.

There is an apparent use-after-free in Adobe Flash video decoding, which can be manifesting by running a specific SWF file.

Red Hat Security Advisory 2016-0466-01 – OpenSSH is OpenBSD’s SSH protocol implementation. These packages include the core files necessary for both the OpenSSH client and server. It was discovered that the OpenSSH server did not sanitize data received in requests to enable X11 forwarding. An authenticated client with restricted SSH access could possibly use this flaw to bypass intended restrictions. It was discovered that the OpenSSH sshd daemon did not check the list of keyboard-interactive authentication methods for duplicates. A remote attacker could use this flaw to bypass the MaxAuthTries limit, making it easier to perform password guessing attacks.

Ubuntu Security Notice 2938-1 – Lael Cellier discovered that Git incorrectly handled path strings in crafted Git repositories. A remote attacker could use this issue to cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking Git.

Red Hat Security Advisory 2016-0465-01 – OpenSSH is OpenBSD’s SSH protocol implementation. These packages include the core files necessary for both the OpenSSH client and server. It was discovered that the OpenSSH server did not sanitize data received in requests to enable X11 forwarding. An authenticated client with restricted SSH access could possibly use this flaw to bypass intended restrictions. An access flaw was discovered in OpenSSH; the OpenSSH client did not correctly handle failures to generate authentication cookies for untrusted X11 forwarding. A malicious or compromised remote X application could possibly use this flaw to establish a trusted connection to the local X server, even if only untrusted X11 forwarding was requested.

HP Security Bulletin HPSBGN03551 1 – HPE Helion Development Platform has addressed stack based buffer overflows in glibc’s implementation of getaddrinfo(). These vulnerabilities could be remotely exploited to cause a Denial of Service (DoS) or allow execution of arbitrary code on the host with the permissions of a user running glibc library. Revision 1 of this advisory.

HP Security Bulletin HPSBGN03560 1 – A vulnerability in Apache Commons Collections (ACC) for handling Java object deserialization was addressed by HP Operations Orchestration. The vulnerability could be exploited remotely to allow remote code execution. Revision 1 of this advisory.

Ubuntu Security Notice 2937-1 – A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

HP Security Bulletin HPSBMU03562 1 – A vulnerability in Apache Commons Collections for handling Java object deserialization was addressed by HPE Service Manager. The vulnerability could be exploited remotely to allow code execution. Revision 1 of this advisory.