Monthly Archives: March 2016

Debian

DSA-3522 squid3 – security update

Alex Rousskov from The Measurement Factory discovered that Squid3, a
fully featured web proxy cache, does not properly handle errors for
certain malformed HTTP responses. A remote HTTP server can exploit this
flaw to cause a denial of service (assertion failure and daemon exit).

NVD

CVE-2016-0283

Cross-site scripting (XSS) vulnerability in the OpenID Connect (OIDC) client web application in IBM WebSphere Application Server (WAS) Liberty Profile 8.5.5 before 8.5.5.9 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.

Redhat

RHEA-2016:0463-1: tzdata enhancement update

Red Hat Enterprise Linux: Updated tzdata packages that add various enhancements are now available for Red
Hat Enterprise Linux 4 Extended Life Cycle Support, Red Hat Enterprise Linux 5.6
Long Life, Red Hat Enterprise Linux 5.9 Advanced Update Support, Red Hat
Enterprise Linux 5.11, Red Hat Enterprise Linux 6.2 Advanced Update Support, Red
Hat Enterprise Linux 6.4 Advanced Update Support, Red Hat Enterprise Linux 6.5
Advanced Update Support, Red Hat Enterprise Linux 6.6 Extended Update Support,
Red Hat Enterprise Linux 6.7, Red Hat Enterprise Linux 7.1 Extended Update
Support, Red Hat Enterprise Linux 7.1 Little Endian Extended Update Support, and
Red Hat Enterprise Linux 7.2.

NVD

CVE-2015-2286

lms/templates/footer-edx-new.html in Open edX edx-platform before 2015-01-29 does not properly restrict links on the password-reset page, which allows user-assisted remote attackers to discover password-reset tokens by reading a referer log after a victim navigates from this page to a social-sharing site.