NVD

CVE-2016-1368

May 5, 2016 007admin

Cisco FirePOWER System Software 5.3.x through 5.3.0.6 and 5.4.x through 5.4.0.3 on FirePOWER 7000 and 8000 appliances, and on the Advanced Malware Protection (AMP) for Networks component on these appliances, allows remote attackers to cause a denial of service (packet-processing outage) via crafted packets, aka Bug ID CSCuu86214.

NVD

CVE-2016-1369

May 5, 2016 007admin

The Adaptive Security Appliance (ASA) 5585-X FirePOWER Security Services Processor (SSP) module for Cisco ASA with FirePOWER Services 5.3.1 through 6.0.0 misconfigures kernel logging, which allows remote attackers to cause a denial of service (resource consumption, and inspection outage or module outage) via a flood of crafted IP traffic, aka Bug ID CSCux19922.

NVD

CVE-2016-1373

May 5, 2016 007admin

The gadgets-integration API in Cisco Finesse 8.5(1) through 8.5(5), 8.6(1), 9.0(1), 9.0(2), 9.1(1), 9.1(1)SU1, 9.1(1)SU1.1, 9.1(1)ES1 through 9.1(1)ES5, 10.0(1), 10.0(1)SU1, 10.0(1)SU1.1, 10.5(1), 10.5(1)ES1 through 10.5(1)ES4, 10.5(1)SU1, 10.5(1)SU1.1, 10.5(1)SU1.7, 10.6(1), 10.6(1)SU1, 10.6(1)SU2, and 11.0(1) allows remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted request, aka Bug ID CSCuw86623.

NVD

CVE-2016-1387

May 5, 2016 007admin

The XML API in TelePresence Codec (TC) 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.3.2, 7.3.3, 7.3.4, and 7.3.5 and Collaboration Endpoint (CE) 8.0.0, 8.0.1, and 8.1.0 in Cisco TelePresence Software mishandles authentication, which allows remote attackers to execute control commands or make configuration changes via an API request, aka Bug ID CSCuz26935.

NVD

CVE-2016-1392

May 5, 2016 007admin

Open redirect vulnerability in Cisco Prime Collaboration Assurance Software 10.5 through 11.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka Bug ID CSCuu34121.

NVD

CVE-2016-2059

May 5, 2016 007admin

The msm_ipc_router_bind_control_port function in net/ipc_router/ipc_router_core.c in the IPC router kernel module for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not verify that a port is a client port, which allows attackers to gain privileges or cause a denial of service (race condition and list corruption) by making many BIND_CONTROL_PORT ioctl calls.

NVD

CVE-2016-2062

May 5, 2016 007admin

The adreno_perfcounter_query_group function in drivers/gpu/msm/adreno_perfcounter.c in the Adreno GPU driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, uses an incorrect integer data type, which allows attackers to cause a denial of service (integer overflow, heap-based buffer overflow, and incorrect memory allocation) or possibly have unspecified other impact via a crafted IOCTL_KGSL_PERFCOUNTER_QUERY ioctl call.

Ubuntu

USN-2963-1: OpenJDK 8 vulnerabilities

May 5, 2016 007admin

Ubuntu Security Notice USN-2963-1

4th May, 2016

openjdk-8 vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

Ubuntu 16.04 LTS

Summary

Several security issues were fixed in OpenJDK 8.

Software description

openjdk-8
– Open Source Java implementation

Details

Multiple vulnerabilities were discovered in the OpenJDK JRE related to
information disclosure, data integrity, and availability. An attacker
could exploit these to cause a denial of service, expose sensitive data
over the network, or possibly execute arbitrary code. (CVE-2016-0686,
CVE-2016-0687, CVE-2016-3427)

Multiple vulnerabilities were discovered in the OpenJDK JRE related
to information disclosure. An attacker could exploit this to expose
sensitive data over the network. (CVE-2016-0695, CVE-2016-3426)

A vulnerability was discovered in the OpenJDK JRE related to availability.
An attacker could exploit this to cause a denial of service.
(CVE-2016-3425)

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 16.04 LTS:: openjdk-8-jdk

8u91-b14-0ubuntu4~16.04.1; openjdk-8-jre-headless

8u91-b14-0ubuntu4~16.04.1; openjdk-8-jre

8u91-b14-0ubuntu4~16.04.1; openjdk-8-jdk-headless

8u91-b14-0ubuntu4~16.04.1; openjdk-8-source

8u91-b14-0ubuntu4~16.04.1; openjdk-8-jre-zero

8u91-b14-0ubuntu4~16.04.1; openjdk-8-jre-jamvm

8u91-b14-0ubuntu4~16.04.1

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

This update uses a new upstream release, which includes additional
bug fixes. After a standard system update you need to restart any
Java applications or applets to make all the necessary changes.

References

Ubuntu

USN-2964-1: OpenJDK 7 vulnerabilities

May 5, 2016 007admin

Ubuntu Security Notice USN-2964-1

4th May, 2016

openjdk-7 vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

Ubuntu 15.10
Ubuntu 14.04 LTS

Summary

Several security issues were fixed in OpenJDK 7.

Software description

openjdk-7
– Open Source Java implementation

Details

Multiple vulnerabilities were discovered in the OpenJDK JRE related to information
disclosure, data integrity, and availability. An attacker could exploit
these to cause a denial of service, expose sensitive data over the network,
or possibly execute arbitrary code. (CVE-2016-0686, CVE-2016-0687,
CVE-2016-3427)

A vulnerability was discovered in the OpenJDK JRE related to information
disclosure. An attacker could exploit this to expose sensitive data over
the network. (CVE-2016-0695)

A vulnerability was discovered in the OpenJDK JRE related to availability.
An attacker could exploit this to cause a denial of service.
(CVE-2016-3425)

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 15.10:: openjdk-7-jre-zero

7u101-2.6.6-0ubuntu0.15.10.1; openjdk-7-source

7u101-2.6.6-0ubuntu0.15.10.1; icedtea-7-jre-jamvm

7u101-2.6.6-0ubuntu0.15.10.1; openjdk-7-jre-lib

7u101-2.6.6-0ubuntu0.15.10.1; openjdk-7-jdk

7u101-2.6.6-0ubuntu0.15.10.1; openjdk-7-jre-headless

7u101-2.6.6-0ubuntu0.15.10.1; openjdk-7-jre

7u101-2.6.6-0ubuntu0.15.10.1
Ubuntu 14.04 LTS:: openjdk-7-jre-zero

7u101-2.6.6-0ubuntu0.14.04.1; openjdk-7-source

7u101-2.6.6-0ubuntu0.14.04.1; icedtea-7-jre-jamvm

7u101-2.6.6-0ubuntu0.14.04.1; openjdk-7-jre-lib

7u101-2.6.6-0ubuntu0.14.04.1; openjdk-7-jdk

7u101-2.6.6-0ubuntu0.14.04.1; openjdk-7-jre-headless

7u101-2.6.6-0ubuntu0.14.04.1; openjdk-7-jre

7u101-2.6.6-0ubuntu0.14.04.1

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

This update uses a new upstream release, which includes additional
bug fixes. After a standard system update you need to restart any
Java applications or applets to make all the necessary changes.

References

NVD

CVE-2016-2167

May 5, 2016 007admin

The canonicalize_username function in svnserve/cyrus_auth.c in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4, when Cyrus SASL authentication is used, allows remote attackers to authenticate and bypass intended access restrictions via a realm string that is a prefix of an expected repository realm string.

007 Software

Monthly Archives: May 2016

CVE-2016-1368

CVE-2016-1369

CVE-2016-1373

CVE-2016-1387

CVE-2016-1392

CVE-2016-2059

CVE-2016-2062

USN-2963-1: OpenJDK 8 vulnerabilities

Ubuntu Security Notice USN-2963-1

openjdk-8 vulnerabilities

Summary

Software description

Details

Update instructions

References

USN-2964-1: OpenJDK 7 vulnerabilities

Ubuntu Security Notice USN-2964-1

openjdk-7 vulnerabilities

Summary

Software description

Details

Update instructions

References

CVE-2016-2167

Software and Security Information