Red Hat Enterprise Linux: An update for spice is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of
Important. A Common Vulnerability Scoring System (CVSS) base score, which gives
a detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.
CVE-2016-0749, CVE-2016-2150
Red Hat Enterprise Linux: An update for spice-server is now available for Red Hat Enterprise Linux 6.
Red Hat Product Security has rated this update as having a security impact of
Important. A Common Vulnerability Scoring System (CVSS) base score, which gives
a detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.
CVE-2016-0749, CVE-2016-2150
6th June, 2016
A security issue affects these releases of Ubuntu and its
derivatives:
Several security issues were fixed in Oxide.
An unspecified security issue was discovered in Blink. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit this to bypass same-origin restrictions.
(CVE-2016-1673)
An issue was discovered with Document reattachment in Blink in some
circumstances. If a user were tricked in to opening a specially crafted
website, an attacker could potentially exploit this to bypass same-origin
restrictions. (CVE-2016-1675)
A type confusion bug was discovered in V8. If a user were tricked in to
opening a specially crafted website, an attacker could potentially exploit
this to obtain sensitive information. (CVE-2016-1677)
A heap overflow was discovered in V8. If a user were tricked in to opening
a specially crafted website, an attacker could potentially exploit this to
cause a denial of service (application crash) or execute arbitrary code.
(CVE-2016-1678)
A use-after-free was discovered in the V8ValueConverter implementation in
Chromium in some circumstances. If a user were tricked in to opening a
specially crafted website, an attacker could potentially exploit this to
cause a denial of service (application crash) or execute arbitrary code.
(CVE-2016-1679)
A use-after-free was discovered in Skia. If a user were tricked in to
opening a specially crafted website, an attacker could potentially exploit
this to cause a denial of service (application crash) or execute arbitrary
code. (CVE-2016-1680)
A security issue was discovered in ServiceWorker registration in Blink in
some circumstances. If a user were tricked in to opening a specially
crafted website, an attacker could potentially exploit this to bypass
Content Security Policy (CSP) protections. (CVE-2016-1682)
An out-of-bounds memory access was discovered in libxslt. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit this to cause a denial of service (application crash)
or execute arbitrary code. (CVE-2016-1683)
An integer overflow was discovered in libxslt. If a user were tricked in
to opening a specially crafted website, an attacker could potentially
exploit this to cause a denial of service (application crash or resource
consumption). (CVE-2016-1684)
An out-of-bounds read was discovered in the regular expression
implementation in V8. If a user were tricked in to opening a specially
crafted website, an attacker could potentially exploit this to cause a
denial of service (application crash). (CVE-2016-1688)
A heap overflow was discovered in Chromium. If a user were tricked in to
opening a specially crafted website, an attacker could potentially exploit
this to cause a denial of service (application crash) or execute arbitrary
code. (CVE-2016-1689)
A heap overflow was discovered in Skia. If a user were tricked in to
opening a specially crafted website, an attacker could potentially exploit
this to cause a denial of service (application crash) or execute arbitrary
code. (CVE-2016-1691)
It was discovered that Blink permits cross-origin loading of stylesheets
by a service worker even when the stylesheet download has an incorrect
MIME type. If a user were tricked in to opening a specially crafted
website, an attacker could potentially exploit this to bypass same-origin
restrictions. (CVE-2016-1692)
Multiple security issues were discovered in Chromium. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit these to read uninitialized memory, cause a denial
of service (application crash) or execute arbitrary code. (CVE-2016-1695,
CVE-2016-1703)
It was discovered that Blink does not prevent frame navigation during
DocumentLoader detach operations. If a user were tricked in to opening a
specially crafted website, an attacker could potentially exploit this to
bypass same-origin restrictions. (CVE-2016-1697)
A parameter sanitization bug was discovered in the devtools subsystem in
Blink. An attacker could potentially exploit this to bypass intended
access restrictions. (CVE-2016-1699)
An out-of-bounds read was discovered in Skia. If a user were tricked in
to opening a specially crafted website, an attacker could potentially
exploit this to cause a denial of service (application crash).
(CVE-2016-1702)
The problem can be corrected by updating your system to the following
package version:
To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.
In general, a standard system update will make all the necessary changes.
6th June, 2016
A security issue affects these releases of Ubuntu and its
derivatives:
Several security issues were fixed in libxml2.
It was discovered that libxml2 incorrectly handled certain malformed
documents. If a user or automated system were tricked into opening a
specially crafted document, an attacker could possibly cause libxml2 to
crash, resulting in a denial of service. (CVE-2015-8806, CVE-2016-2073,
CVE-2016-3627, CVE-2016-3705, CVE-2016-4447)
It was discovered that libxml2 incorrectly handled certain malformed
documents. If a user or automated system were tricked into opening a
specially crafted document, an attacker could cause libxml2 to crash,
resulting in a denial of service, or possibly execute arbitrary code.
(CVE-2016-1762, CVE-2016-1834)
Mateusz Jurczyk discovered that libxml2 incorrectly handled certain
malformed documents. If a user or automated system were tricked into
opening a specially crafted document, an attacker could cause libxml2 to
crash, resulting in a denial of service, or possibly execute arbitrary
code. (CVE-2016-1833, CVE-2016-1838, CVE-2016-1839)
Wei Lei and Liu Yang discovered that libxml2 incorrectly handled certain
malformed documents. If a user or automated system were tricked into
opening a specially crafted document, an attacker could cause libxml2 to
crash, resulting in a denial of service, or possibly execute arbitrary
code. (CVE-2016-1835, CVE-2016-1837)
Wei Lei and Liu Yang discovered that libxml2 incorrectly handled certain
malformed documents. If a user or automated system were tricked into
opening a specially crafted document, an attacker could cause libxml2 to
crash, resulting in a denial of service, or possibly execute arbitrary
code. This issue only applied to Ubuntu 14.04 LTS, Ubuntu 15.10 and
Ubuntu 16.04 LTS. (CVE-2016-1836)
Kostya Serebryany discovered that libxml2 incorrectly handled certain
malformed documents. If a user or automated system were tricked into
opening a specially crafted document, an attacker could cause libxml2 to
crash, resulting in a denial of service, or possibly execute arbitrary
code. (CVE-2016-1840)
It was discovered that libxml2 would load certain XML external entities. If
a user or automated system were tricked into opening a specially crafted
document, an attacker could possibly obtain access to arbitrary files or
cause resource consumption. (CVE-2016-4449)
Gustavo Grieco discovered that libxml2 incorrectly handled certain
malformed documents. If a user or automated system were tricked into
opening a specially crafted document, an attacker could possibly cause
libxml2 to crash, resulting in a denial of service. (CVE-2016-4483)
The problem can be corrected by updating your system to the following
package version:
To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.
After a standard system update you need to reboot your computer to make
all the necessary changes.
Kaspersky Lab survey reveals kids are addicted to online friendships
Dream Gallery version 1.0 suffers from a cross site request forgery vulnerability.
Sun Secure Global Desktop and Oracle Global Desktop version 4.61.915 remote shellshock code execution exploit.
PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network devices, detection of abnormal network activities including from remote snort sensors, isolation of problematic devices, remediation through a captive portal, and registration-based and scheduled vulnerability scans.
The ssl.match_hostname function in CPython (aka Python) before 2.7.9 and 3.x before 3.3.3 does not properly handle wildcards in hostnames, which might allow man-in-the-middle attackers to spoof servers via a crafted certificate. (CVSS:4.3) (Last Update:2016-06-08)
os/unix/ngx_files.c in nginx before 1.10.1 and 1.11.x before 1.11.1 allows remote attackers to cause a denial of service (NULL pointer dereference and worker process crash) via a crafted request, involving writing a client request body to a temporary file. (CVSS:5.0) (Last Update:2016-06-07)