Monthly Archives: June 2016

Redhat

RHSA-2016:1237-1: Important: ImageMagick security update

Red Hat Enterprise Linux: An update for ImageMagick is now available for Red Hat Enterprise Linux 6 and
Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of
Important. A Common Vulnerability Scoring System (CVSS) base score, which gives
a detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.
CVE-2015-8895, CVE-2015-8896, CVE-2015-8897, CVE-2015-8898, CVE-2016-5118, CVE-2016-5239, CVE-2016-5240

US-CERT

Adobe Releases Security Updates

Original release date: June 16, 2016

Adobe has released security updates to address vulnerabilities in Adobe Flash Player and Adobe AIR. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system. The critical vulnerability in Flash Player is being used in limited, targeted attacks.

Users and administrators are encouraged to review Adobe Security Bulletins APSB16-18 and APSB16-23 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

CentOS

CESA-2016:1237 Important CentOS 7 ImageMagickSecurity Update

CentOS Errata and Security Advisory 2016:1237 Important

Upstream details at : https://rhn.redhat.com/errata/RHSA-2016-1237.html

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( sha256sum Filename ) 

x86_64:
c2381a8bc056204b610b111e957897b0992c3814d9a8e7dbdd304a85ac401aa8  ImageMagick-6.7.8.9-15.el7_2.i686.rpm
b47a343b21df93744f88fa94eb049905763150f97804ed7971d0cdfad28e6bf8  ImageMagick-6.7.8.9-15.el7_2.x86_64.rpm
5a3ffb1e7eecb59304481181a6b0935e4fcd8ecadd0630a43934143d7c97be51  ImageMagick-c++-6.7.8.9-15.el7_2.i686.rpm
492fc944f8908199248f1fdba5b6c5a15aa1422aaece6eae899747380cb20d5f  ImageMagick-c++-6.7.8.9-15.el7_2.x86_64.rpm
f6f17de463a7378fc3ae7126d5d1112a26b1566c3e73051eaea4ac0dfec3408e  ImageMagick-c++-devel-6.7.8.9-15.el7_2.i686.rpm
7106ca5a407e75158056c82bd2cd9ecbb112be6e29d599594d952c779bdd57f5  ImageMagick-c++-devel-6.7.8.9-15.el7_2.x86_64.rpm
e0c9445f1d7a1b4a0ee97d7d1e3c6665667ebf84557f87227cbe7f1950930496  ImageMagick-devel-6.7.8.9-15.el7_2.i686.rpm
03f51bda15c581bcc6e56d5f24803c44ac46d56bf180058e93ddb39258cd1fbe  ImageMagick-devel-6.7.8.9-15.el7_2.x86_64.rpm
8c5b7f5064340a04eb8cdbfb8a20d3e0cb11d6867ef64820fd9edc7be89c7329  ImageMagick-doc-6.7.8.9-15.el7_2.x86_64.rpm
feb0024d0d98cb90f3dc02b08af565548ac9d6e0b9548a7af2fc0b1d66289b4f  ImageMagick-perl-6.7.8.9-15.el7_2.x86_64.rpm

Source:
401974be1ac1a9e64fe9a8d8a0d8ee9a32fbf8deef2ee23ad7e37c0f43a9d184  ImageMagick-6.7.8.9-15.el7_2.src.rpm
CentOS

CESA-2016:1237 Important CentOS 6 ImageMagickSecurity Update

CentOS Errata and Security Advisory 2016:1237 Important

Upstream details at : https://rhn.redhat.com/errata/RHSA-2016-1237.html

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( sha256sum Filename ) 

i386:
65c983e6e5121fe3739bef92b59f71c343a382b583ecc2ad29c536d48e354a74  ImageMagick-6.7.2.7-5.el6_8.i686.rpm
1ce7dfba86870708042cba5180c90d04e66067444192fad0c94cd89a64f8d25c  ImageMagick-c++-6.7.2.7-5.el6_8.i686.rpm
3f5b4e728b60086914fb981d691bdf85c693119e4a9d4be21db3bc7c805e710a  ImageMagick-c++-devel-6.7.2.7-5.el6_8.i686.rpm
b84e69c4ae62329d7b39d9c872755056e08b1b749d8a527f8b77d1ce072854db  ImageMagick-devel-6.7.2.7-5.el6_8.i686.rpm
ae675e2b4041e3c5616f866eb200403e7a534ca485902b4216615907382fa89a  ImageMagick-doc-6.7.2.7-5.el6_8.i686.rpm
78b1ee094571ea9cfe915c63cd9ad1a0406221c7428b08bd4521cc19635223c7  ImageMagick-perl-6.7.2.7-5.el6_8.i686.rpm

x86_64:
65c983e6e5121fe3739bef92b59f71c343a382b583ecc2ad29c536d48e354a74  ImageMagick-6.7.2.7-5.el6_8.i686.rpm
7b18fce8ab88c27d216956e7719664cf1d4295483a2cd1558034d299f886185d  ImageMagick-6.7.2.7-5.el6_8.x86_64.rpm
1ce7dfba86870708042cba5180c90d04e66067444192fad0c94cd89a64f8d25c  ImageMagick-c++-6.7.2.7-5.el6_8.i686.rpm
9c64febc2372c91e557adfead3481b2d7c6c44aff7bc96061a97b3a0b3c1dcfc  ImageMagick-c++-6.7.2.7-5.el6_8.x86_64.rpm
3f5b4e728b60086914fb981d691bdf85c693119e4a9d4be21db3bc7c805e710a  ImageMagick-c++-devel-6.7.2.7-5.el6_8.i686.rpm
96874c4e1b25ce7dd6ab5754dae183d738f9092f128a7088fef6ba7d5df8dd2c  ImageMagick-c++-devel-6.7.2.7-5.el6_8.x86_64.rpm
b84e69c4ae62329d7b39d9c872755056e08b1b749d8a527f8b77d1ce072854db  ImageMagick-devel-6.7.2.7-5.el6_8.i686.rpm
61b212db7fba37e77b24bdd29830da40af93bfc6fd435f14b13b48cb7fc4c99e  ImageMagick-devel-6.7.2.7-5.el6_8.x86_64.rpm
2089a7c8bdec3d78fc317bf665050221a387f5388378dad3111d156733573647  ImageMagick-doc-6.7.2.7-5.el6_8.x86_64.rpm
8fb705c93e211aa5c177175c045fb848efd0fae691d8a97333508b73e06a7295  ImageMagick-perl-6.7.2.7-5.el6_8.x86_64.rpm

Source:
426aa2c46e8591e4fafc55d1c7c32f5f154a0dd48b81afc1485f360c1871f565  ImageMagick-6.7.2.7-5.el6_8.src.rpm
Full Disclosure

CVE-2016-5709 – Use of Weak Encryption Algorithm in Solarwinds Virtualization Manager

Posted by Nate Kettlewell on Jun 16

Product: Solarwinds Virtualization Manager

Vendor: Solarwinds
Vulnerable Version(s): < 6.3.1
Tested Version: 6.3.1

Vendor Notification: April 25th, 2016
Vendor Patch Availability to Customers: June 1st, 2016
Public Disclosure: June 14th, 2016

Vulnerability Type: Security Misconfiguration
CVE Reference: CVE-2016-5709
Risk Level: High
CVSSv3 Base Score: 6.0 (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N)
Solution Status: Solution Available…

Security

Hydra Network Logon Cracker 8.2

THC-Hydra is a high quality parallelized login hacker for Samba, Smbnt, Cisco AAA, FTP, POP3, IMAP, Telnet, HTTP Auth, LDAP, NNTP, MySQL, VNC, ICQ, Socks5, PCNFS, Cisco and more. Includes SSL support, parallel scans, and is part of Nessus.