WordPress Truemag Theme – Client Side Cross Site Scripting Web Vulnerability
Monthly Archives: April 2016
Bugtraq: SQL Injection in GLPI
SQL Injection in GLPI
Bugtraq: [SECURITY] [DSA 3561-1] subversion security update
[SECURITY] [DSA 3561-1] subversion security update
RHSA-2016:0699-1: Low: Red Hat Enterprise Developer Toolset Version 3.x Six-Month Retirement Notice
This is the Six-Month notification for the retirement of Red Hat Developer
Toolset Version 3.x. This notification applies only to those customers
subscribed to the channel for Red Hat Developer Toolset Version 3.x.
RHBA-2016:0700-1: glusterfs bug fix update
Red Hat Enterprise Linux: Updated glusterfs packages that fix one bug are now available for Red Hat
Enterprise Linux 6.6 Extended Update Support.
RHBA-2016:0698-1: Red Hat Satellite rhn-upgrade-5.7 bug fix update
RHN Satellite and Proxy: An updated rhn-upgrade package that fixes several bugs is now available for Red
Hat Satellite 5.7.
RHSA-2016:0702-1: Critical: java-1.7.0-ibm security update
Red Hat Enterprise Linux: An update for java-1.7.0-ibm is now available for Red Hat Enterprise Linux 5
Supplementary.
Red Hat Product Security has rated this update as having a security impact of
Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a
detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.
CVE-2016-0264, CVE-2016-0363, CVE-2016-0376, CVE-2016-0686, CVE-2016-0687, CVE-2016-3422, CVE-2016-3426, CVE-2016-3427, CVE-2016-3443, CVE-2016-3449
RHSA-2016:0701-1: Critical: java-1.7.1-ibm security update
Red Hat Enterprise Linux: An update for java-1.7.1-ibm is now available for Red Hat Enterprise Linux 6
Supplementary and Red Hat Enterprise Linux 7 Supplementary.
Red Hat Product Security has rated this update as having a security impact of
Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a
detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.
CVE-2016-0264, CVE-2016-0363, CVE-2016-0376, CVE-2016-0686, CVE-2016-0687, CVE-2016-3422, CVE-2016-3426, CVE-2016-3427, CVE-2016-3443, CVE-2016-3449
RHEA-2016:0703-1: Red Hat Enterprise Linux Atomic pod-infrastructure Container Image Update
An updated Red Hat Enterprise Linux Atomic pod-infrastructure container image is
now available for Red Hat Enterprise Linux Atomic Host.
USN-2956-1: ubuntu-core-launcher vulnerability
Ubuntu Security Notice USN-2956-1
29th April, 2016
ubuntu-core-launcher vulnerability
A security issue affects these releases of Ubuntu and its
derivatives:
- Ubuntu 16.04 LTS
Summary
ubuntu-core-launcher did not properly isolate snaps from one another.
Software description
- ubuntu-core-launcher
– Snap application launcher
Details
Zygmunt Krynicki discovered that ubuntu-core-launcher did not properly
sanitize its input and contained a logic error when determining the
mount point of bind mounts when using snaps on Ubuntu classic systems (eg,
traditional desktop and server). If a user were tricked into installing a
malicious snap with a crafted snap name, an attacker could perform a
delayed attack to steal data or execute code within the security context of
another snap. This issue did not affect Ubuntu Core systems.
Update instructions
The problem can be corrected by updating your system to the following
package version:
- Ubuntu 16.04 LTS:
-
ubuntu-core-launcher
1.0.27.1
To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.
In general, a standard system update will make all the necessary changes.