Monthly Archives: April 2016

NVD

CVE-2016-1789

Leave a comment

Apple iBooks Author before 2.4.1 allows remote attackers to read arbitrary files via an iBooks Author file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

Redhat

RHSA-2016:0590-1: Moderate: spacewalk-java security update

Leave a comment

RHN Satellite and Proxy: An update for spacewalk-java is now available for Red Hat Satellite 5.7.

Red Hat Product Security has rated this update as having a security impact of
Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a
detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.
CVE-2015-0284, CVE-2016-2103, CVE-2016-2104, CVE-2016-3079

Redhat

RHSA-2016:0591-1: Moderate: nss, nss-util, and nspr security, bug fix, and enhancement update

Leave a comment

Red Hat Enterprise Linux: An update for nss, nss-util, and nspr is now available for Red Hat Enterprise
Linux 6.

Red Hat Product Security has rated this update as having a security impact of
Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a
detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.
CVE-2016-1978, CVE-2016-1979

Ubuntu

USN-2944-1: Libav vulnerabilities

Leave a comment

Ubuntu Security Notice USN-2944-1

4th April, 2016

libav vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

  • Ubuntu 12.04 LTS

Summary

Libav could be made to crash or run programs as your login if it opened a
specially crafted file.

Software description

  • libav
    – Multimedia player, server, encoder and transcoder

Details

It was discovered that Libav incorrectly handled certain malformed media
files. If a user were tricked into opening a crafted media file, an
attacker could cause a denial of service via application crash, or possibly
execute arbitrary code with the privileges of the user invoking the
program.

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 12.04 LTS:
libavformat53

4:0.8.17-0ubuntu0.12.04.2
libavcodec53

4:0.8.17-0ubuntu0.12.04.2

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2014-8541,

CVE-2015-1872,

CVE-2015-3395,

CVE-2015-5479,

CVE-2015-6818,

CVE-2015-6820,

CVE-2015-6824,

CVE-2015-6826,

CVE-2015-8364,

CVE-2015-8365,

CVE-2016-1897,

CVE-2016-1898,

CVE-2016-2326,

CVE-2016-2330

Ubuntu

USN-2945-1: XChat-GNOME vulnerability

Leave a comment

Ubuntu Security Notice USN-2945-1

4th April, 2016

xchat-gnome vulnerability

A security issue affects these releases of Ubuntu and its
derivatives:

  • Ubuntu 15.10
  • Ubuntu 14.04 LTS
  • Ubuntu 12.04 LTS

Summary

XChat-GNOME could be made to expose sensitive information over the network.

Software description

  • xchat-gnome
    – simple and featureful IRC client for GNOME

Details

It was discovered that XChat-GNOME incorrectly verified the hostname in an
SSL certificate. An attacker could trick XChat-GNOME into trusting a rogue
server’s certificate, which was signed by a trusted certificate authority,
to perform a man-in-the-middle attack.

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 15.10:
xchat-gnome

1:0.30.0~git20141005.816798-0ubuntu6.2
Ubuntu 14.04 LTS:
xchat-gnome

1:0.30.0~git20131003.d20b8d+really20110821-0.2ubuntu12.2
Ubuntu 12.04 LTS:
xchat-gnome

1:0.30.0~git20110821.e2a400-0.2ubuntu4.3

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to restart XChat-GNOME to make
all the necessary changes.

References

LP: 1565000