Red Hat Enterprise Linux: Updated bind97 packages that fix two security issues are now available for
Red Hat Enterprise Linux 5.
Red Hat Product Security has rated this update as having Important security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.
CVE-2016-1285, CVE-2016-1286
CentOS Errata and Security Advisory 2016:0450 Important Upstream details at : https://rhn.redhat.com/errata/RHSA-2016-0450.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: b1ca8e1d5d19c15ba9c0b834dcb92de871cbc9baec9309875d5ef196f7046887 kernel-2.6.18-409.el5.i686.rpm 2a1a2a5849e38b055c24482b0dd84b81eba647ef7c75b44647ba5d743f86bcc5 kernel-debug-2.6.18-409.el5.i686.rpm 8c945898e6c2f7ea3f8e9ef687498f7b0429ceb0454086f6b8354cd8687ba3e6 kernel-debug-devel-2.6.18-409.el5.i686.rpm 08ca752751609c881e20683a460fad60851e3545911d1c3edb8214ca2570c49d kernel-devel-2.6.18-409.el5.i686.rpm b5ff570b4b9f5b1c45c0cb88b282729cd217de8d45b6bf67a42ccac5fd565d02 kernel-doc-2.6.18-409.el5.noarch.rpm 91b90f3eeffe13505ea032680627b089df428391518dc1d5da46166cd92ca45e kernel-headers-2.6.18-409.el5.i386.rpm e240a895c993bd25161fd0d8eb2afb56853537d861e8b63744efaba137b9b1c2 kernel-PAE-2.6.18-409.el5.i686.rpm 7b4de2d5254c240c8d9f524bad1c0c0183d03fcaccdda303f37e945260d67fa2 kernel-PAE-devel-2.6.18-409.el5.i686.rpm ac76eec1f734728f6b48ab45cfd5327c04762e2d8a9d7ceff84dd4b9739d85e3 kernel-xen-2.6.18-409.el5.i686.rpm e5e0602170df1e085cd5034750b8653f64e5ce3d1abb960e88fc0fa88d1d3876 kernel-xen-devel-2.6.18-409.el5.i686.rpm x86_64: 7268cbedc0bc92797209aba10e48dd3671d33b4d07a63558d0c4152d515d3b71 kernel-2.6.18-409.el5.x86_64.rpm 717aca95445557f0314995b01bce7655b364aa755d3bc1f228844f4c03b5ec68 kernel-debug-2.6.18-409.el5.x86_64.rpm 074b7f836dbedf1f58ad8e44690cbb1cf963b11ad01dbb5673d9e68c126e8c27 kernel-debug-devel-2.6.18-409.el5.x86_64.rpm bfc870f3b179b2a6059adebbc95a6a098cd9e954e2307543e15d5d489b044f7b kernel-devel-2.6.18-409.el5.x86_64.rpm b5ff570b4b9f5b1c45c0cb88b282729cd217de8d45b6bf67a42ccac5fd565d02 kernel-doc-2.6.18-409.el5.noarch.rpm 1a6e1744e4d32bb1d2a94d2255ef1e067f8c52fce70c123c132e61d676178b57 kernel-headers-2.6.18-409.el5.x86_64.rpm 9c3a2738ad1955cff33a90d2891ab2f6d19183894d19a4677b0329ec816582ab kernel-xen-2.6.18-409.el5.x86_64.rpm d948f2180825c4161ab8aa394fa26e37deb663a2fbdbef8769b34b10c8d52222 kernel-xen-devel-2.6.18-409.el5.x86_64.rpm Source: cf8a6861f1db5b7e0d8967feea2f98041dbcb55ba983f6f4d2ef89653b8dc38d kernel-2.6.18-409.el5.src.rpm
16th March, 2016
A security issue affects these releases of Ubuntu and its
derivatives:
Several security issues were fixed in the kernel.
Ben Hawkes discovered that the Linux netfilter implementation did not
correctly perform validation when handling IPT_SO_SET_REPLACE events. A
local unprivileged attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code with administrative
privileges. (CVE-2016-3134)
Ben Hawkes discovered an integer overflow in the Linux netfilter
implementation. On systems running 32 bit kernels, a local unprivileged
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code with administrative privileges.
(CVE-2016-3135)
Ralf Spenneberg discovered that the USB driver for Clie devices in the
Linux kernel did not properly sanity check the endpoints reported by the
device. An attacker with physical access could cause a denial of service
(system crash). (CVE-2015-7566)
It was discovered that a race condition existed when handling heartbeat-
timeout events in the SCTP implementation of the Linux kernel. A remote
attacker could use this to cause a denial of service. (CVE-2015-8767)
It was discovered that a race condition existed in the ioctl handler for
the TTY driver in the Linux kernel. A local attacker could use this to
cause a denial of service (system crash) or expose sensitive information.
(CVE-2016-0723)
Andrey Konovalov discovered that the ALSA USB MIDI driver incorrectly
performed a double-free. A local attacker with physical access could use
this to cause a denial of service (system crash) or possibly execute
arbitrary code with administrative privileges. (CVE-2016-2384)
Ralf Spenneberg discovered that the USB driver for Treo devices in the
Linux kernel did not properly sanity check the endpoints reported by the
device. An attacker with physical access could cause a denial of service
(system crash). (CVE-2016-2782)
The problem can be corrected by updating your system to the following
package version:
To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
CentOS Errata and Security Advisory 2016:0459 Important Upstream details at : https://rhn.redhat.com/errata/RHSA-2016-0459.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: a5eba41fcb4adf6207572d530b492827291b7e45b67b130e48dbe6aeb1e96012 bind-9.8.2-0.37.rc1.el6_7.7.i686.rpm 179b86911e5912fb2bda260b3d3b8f3bdbe3cfae1405bc2986282967ad042657 bind-chroot-9.8.2-0.37.rc1.el6_7.7.i686.rpm fe37415d3d330ac88fb5fcad3a43aa85d32b596bc875e4310e3e876ff787af97 bind-devel-9.8.2-0.37.rc1.el6_7.7.i686.rpm 06525b5d74cd28d99dd8806d6dccbeaacc26d8ad9397b9301dbf00f6a817bfe7 bind-libs-9.8.2-0.37.rc1.el6_7.7.i686.rpm dd9a7978c46d6ee84aecb0cdd229fb8f83c293bbc82ee0e28ed5c558ef567b48 bind-sdb-9.8.2-0.37.rc1.el6_7.7.i686.rpm 883ef44d6a0d39e5a498bd6c58c64ce44035ed61f5d991ab90dce91f806d035c bind-utils-9.8.2-0.37.rc1.el6_7.7.i686.rpm x86_64: 57077f8d9bae37f94757c02d5c5ae098dd77103e1ad6e85fa3beecb490837b41 bind-9.8.2-0.37.rc1.el6_7.7.x86_64.rpm 1205384a2d8d9043fc408e7ecacbacb6a2b66e286153efd9e2124e1a56f94ba1 bind-chroot-9.8.2-0.37.rc1.el6_7.7.x86_64.rpm fe37415d3d330ac88fb5fcad3a43aa85d32b596bc875e4310e3e876ff787af97 bind-devel-9.8.2-0.37.rc1.el6_7.7.i686.rpm 94822fb1cceb1d6cdc6e09d4acde0b2a8840fc668d7a082579f2bd661c982317 bind-devel-9.8.2-0.37.rc1.el6_7.7.x86_64.rpm 06525b5d74cd28d99dd8806d6dccbeaacc26d8ad9397b9301dbf00f6a817bfe7 bind-libs-9.8.2-0.37.rc1.el6_7.7.i686.rpm aa3f517922147c91e0a754970ac2f20ca334c3137a6d7fec0a148d4eba91a9e8 bind-libs-9.8.2-0.37.rc1.el6_7.7.x86_64.rpm dbd75d80bef90610f5f4ab75c8e8adac3df824f75859d33f4ce69210a4d39df3 bind-sdb-9.8.2-0.37.rc1.el6_7.7.x86_64.rpm 80b0c97593806647445bc9a0a1166879ebc86fe3d6c7288a8cf8391f9d107a77 bind-utils-9.8.2-0.37.rc1.el6_7.7.x86_64.rpm Source: c07a69f550759c5af190544bf1f2de74adcd7eac163c78bb41614023abe3122c bind-9.8.2-0.37.rc1.el6_7.7.src.rpm
Today at CeBIT 2016, Avast CEO Vince Steckler delivered a keynote speech focusing on the security risks in mobile enterprise environments. In his presentation, he discussed how mobile activity influences both employees and employers alike. Let’s take a closer look into the speech:
Manage individual apps on your Android device by time and place with the new Avira AppLock+ – and do it all remotely
The post AppLock+ your Android world appeared first on Avira Blog.
Despite being essential to protect your personal data, the security measures implemented by smartphone manufacturers to protect it from cyber-criminals can work against you. That’s the case wìth Apple and the Auto-Lock feature that automatically locks your device after six failed passcode attempts.
There are multiple reasons why that could occur. For example, your little one starts playing with your phone, you suffer a temporary memory lapse, or pay the consequences of a party that went a bit out of hand… Whatever the reason, a situation like that can have some serious consequences if you don’t take the appropriate precautionary measures.
A feature designed to prevent strangers from accessing your device in the event of loss or theft can cause you, the phone’s owner, to lose all of your photos, videos, music, and contacts. The solution? A backup which, if you haven’t already, you should definitely make now.
iPhones usually provide two options to make backups: iTunes (which saves backups to your computer) and iCloud (which saves them to Apple’s cloud). If you choose the first option, you can do two things: connect your smartphone to your computer via a USB port, or via Wi-Fi if both devices belong to the same network. You can check Apple’s website for detailed instructions.
If you choose iCloud, there is no need for both devices to be on the same network or connected via a cable: you can make the backup from any place, any time. Additionally, you can configure your account to make daily backups automatically. Another advantage is that cloud backups are encrypted by default, an option you can also enable in iTunes.
Whatever mechanism you choose to back up your iPhone, a recent backup can save your life if your device gets locked after six wrong codes are entered.
If that ever happens to you, the only solution is to wipe the content of the locked device and retrieve it from a backup. There is no way to reset the passcode. No shortcuts. You will have to wipe the entire iPhone and start it from the backup copy (if you have one), or, in the worst case scenario, from scratch. The entire process is explained on the website of the company with the half eaten apple logo.
However, there is yet another, more extreme scenario. If you have complete faith in your memory, there are no kids around and you think that the only reason to have a wrong code entered on your smartphone is that it gets stolen, you can choose to erase your device automatically (without locking it) after ten failed passcode attempts. In that case, keeping an up-to-date backup copy is even more necessary.
A good example of all this is what has happened with the iPhone of one of the perpetrators of the recent San Bernardino (California) shooting after being arrested by the police. As you may already know, the FBI has asked Apple to make a special version of iOS that doesn’t lock the device after six failed passcode attempts or wipes it after ten attempts. That would allow the FBI to brute-force attack the criminal’s phone to break into it without fear of turning it into a paperweight.
That is precisely what happened with the iPhone of another criminal that ended up in the hands of a not-so-skilled member of the Massachusetts Police Department. When trying to access the phone in search of evidence, the agent entered ten wrong passcodes, setting the device back to its factory defaults. Goodbye to any possible evidence…
So be careful. If you ignore our advice and don’t make backup copies regularly, the same could happen to you. Are you really willing to run that risk?
The post How to prevent your iPhone content from being lost if you forget your password appeared first on MediaCenter Panda Security.
Cross-site scripting (XSS) vulnerability in VMware vRealize Automation 6.x before 6.2.4 on Linux allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
HPE ArcSight ESM 5.x before 5.6, 6.0, 6.5.x before 6.5C SP1 Patch 2, and 6.8c, and ArcSight ESM Express, allows local users to gain privileges for command execution via unspecified vectors.
HPE ArcSight ESM 5.x before 5.6, 6.0, 6.5.x before 6.5C SP1 Patch 2, and 6.8c, and ArcSight ESM Express, allows remote authenticated users to conduct unspecified “file download” attacks via unknown vectors.
