Red Hat Enterprise Linux: Updated rh-postgresql94 packages that add one enhancement are now available for
Red Hat Software Collections.
Monthly Archives: May 2016
RHBA-2016:1024-1: kernel bug fix update
Red Hat Enterprise Linux: Updated kernel packages that fix one bug are now available for Red Hat
Enterprise Linux 5.
RHBA-2016:1022-1: preupgrade-assistant bug fix and enhancement update
Red Hat Enterprise Linux: Updated preupgrade-assistant packages that fix several bugs and add various
enhancements are now available for the Extras channel of Red Hat Enterprise
Linux 6.
RHBA-2016:1021-1: new package: preupgrade-assistant-el6toel7-data
Red Hat Enterprise Linux: A new preupgrade-assistant-el6toel7-data package is now available for the Extras
channel of Red Hat Enterprise Linux 6.
RHBA-2016:1020-1: preupgrade-assistant-el6toel7 bug fix and enhancement update
Red Hat Enterprise Linux: An updated preupgrade-assistant-el6toel7 package that fixes several bugs and
adds various enhancements is now available for the Extras channel of Red Hat
Enterprise Linux 6.
USN-2972-1: OpenJDK 6 vulnerabilities
Ubuntu Security Notice USN-2972-1
10th May, 2016
openjdk-6 vulnerabilities
A security issue affects these releases of Ubuntu and its
derivatives:
- Ubuntu 12.04 LTS
Summary
Several security issues were fixed in OpenJDK 6.
Software description
- openjdk-6
– Open Source Java implementation
Details
Multiple vulnerabilities were discovered in the OpenJDK JRE related to
information disclosure, data integrity, and availability. An attacker
could exploit these to cause a denial of service, expose sensitive data
over the network, or possibly execute arbitrary code. (CVE-2016-0686,
CVE-2016-0687, CVE-2016-3427)
A vulnerability was discovered in the OpenJDK JRE related to information
disclosure. An attacker could exploit this to expose sensitive data over
the network. (CVE-2016-0695)
A vulnerability was discovered in the OpenJDK JRE related to availability.
An attacker could exploit this to cause a denial of service.
(CVE-2016-3425)
Update instructions
The problem can be corrected by updating your system to the following
package version:
- Ubuntu 12.04 LTS:
-
icedtea-6-jre-cacao
6b39-1.13.11-0ubuntu0.12.04.1
-
icedtea-6-jre-jamvm
6b39-1.13.11-0ubuntu0.12.04.1
-
openjdk-6-jdk
6b39-1.13.11-0ubuntu0.12.04.1
-
openjdk-6-source
6b39-1.13.11-0ubuntu0.12.04.1
-
openjdk-6-jre
6b39-1.13.11-0ubuntu0.12.04.1
-
openjdk-6-jre-headless
6b39-1.13.11-0ubuntu0.12.04.1
-
openjdk-6-jre-zero
6b39-1.13.11-0ubuntu0.12.04.1
-
openjdk-6-jre-lib
6b39-1.13.11-0ubuntu0.12.04.1
To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.
This update uses a new upstream release, which includes additional
bug fixes. After a standard system update you need to restart any
Java applications or applets to make all the necessary changes.
References
CVE-2016-1236
Multiple cross-site scripting (XSS) vulnerabilities in (1) revision.php, (2) log.php, (3) listing.php, and (4) comp.php in WebSVN allow context-dependent attackers to inject arbitrary web script or HTML via the name of a (a) file or (b) directory in a repository.
CVE-2016-3710
The VGA module in QEMU improperly performs bounds checking on banked access to video memory, which allows local guest OS users to execute arbitrary code on the host by changing access modes after setting the bank register, aka the “Dark Portal” issue.
CVE-2016-3712
Integer overflow in the VGA module in QEMU allows local guest OS users to cause a denial of service (out-of-bounds read and QEMU process crash) by editing VGA registers in VBE mode.
Google Releases Security Update for Chrome
Original release date: May 11, 2016
Google has released Chrome version 50.0.2661.102 to address multiple vulnerabilities for Windows, Mac, and Linux. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system.
Users and administrators are encouraged to review the Chrome Releases page and apply the necessary update.
This product is provided subject to this Notification and this Privacy & Use policy.