Slackware Security Advisory – New imagemagick packages are available for Slackware 14.0, 14.1, and -current to fix security issues.

Debian Linux Security Advisory 3565-2 – This updates fixes a regression introduced in botan1.10 by DSA-3565-1: packages depending on libbotan1.10 needed to be rebuilt against the latest version to function properly.

Red Hat Security Advisory 2016-0855-01 – The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: It was found that reporting emulation failures to user space could lead to either a local or a L2->L1 denial of service. In the case of a local denial of service, an attacker must have access to the MMIO area or be able to access an I/O port. Please note that on certain systems, HPET is mapped to userspace as part of vdso and thus an unprivileged user may generate MMIO transactions this way.

Red Hat Security Advisory 2016-0760-01 – The file command is used to identify a particular file according to the type of data the file contains. It can identify many different file types, including Executable and Linkable Format binary files, system libraries, RPM packages, and different graphics formats. Security Fix: Multiple flaws were found in the file regular expression rules for detecting various files. A remote attacker could use these flaws to cause file to consume an excessive amount of CPU.

Red Hat Security Advisory 2016-0780-01 – The Network Time Protocol is used to synchronize a computer’s time with another referenced time source. These packages include the ntpd service which continuously adjusts system time and utilities used to query and configure the ntpd service. Security Fix: It was found that the fix for CVE-2014-9750 was incomplete: three issues were found in the value length checks in NTP’s ntp_crypto.c, where a packet with particular autokey operations that contained malicious data was not always being completely validated. A remote attacker could use a specially crafted NTP packet to crash ntpd.

Ubuntu Security Notice 2972-1 – Multiple vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity, and availability. An attacker could exploit these to cause a denial of service, expose sensitive data over the network, or possibly execute arbitrary code. CVE-2016-0687, A vulnerability was discovered in the OpenJDK JRE related to information disclosure. An attacker could exploit this to expose sensitive data over the network. Various other issues were also addressed.

Red Hat Security Advisory 2016-1019-01 – KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM in environments managed by Red Hat Enterprise Virtualization Manager. Security Fix: An out-of-bounds read/write access flaw was found in the way QEMU’s VGA emulation with VESA BIOS Extensions support performed read/write operations via I/O port methods. A privileged guest user could use this flaw to execute arbitrary code on the host with the privileges of the host’s QEMU process.

Debian Linux Security Advisory 3574-1 – Rock Stevens, Andrew Ruef and Marcin ‘Icewall’ Noga discovered a heap-based buffer overflow vulnerability in the zip_read_mac_metadata function in libarchive, a multi-format archive and compression library, which may lead to the execution of arbitrary code if a user or automated system is tricked into processing a specially crafted ZIP file.