Monthly Archives: July 2016

Ubuntu

USN-3027-1: Tomcat vulnerability

Ubuntu Security Notice USN-3027-1

6th July, 2016

tomcat8 vulnerability

A security issue affects these releases of Ubuntu and its
derivatives:

  • Ubuntu 16.04 LTS

Summary

Tomcat could be made to hang if it received specially crafted network
traffic.

Software description

  • tomcat8
    – Servlet and JSP engine

Details

It was discovered that the Tomcat Fileupload library incorrectly handled
certain upload requests. A remote attacker could possibly use this issue to
cause a denial of service.

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 16.04 LTS:
tomcat8

8.0.32-1ubuntu1.1

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2016-3092

CentOS

CEEA-2016:1388 CentOS 6 tzdata Enhancement Update

CentOS Errata and Enhancement Advisory 2016:1388 

Upstream details at : https://rhn.redhat.com/errata/RHEA-2016-1388.html

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( sha256sum Filename ) 

i386:
4b162428dc9c65381dd763228edca7b47d49a0e2c59e5181fa1fb3d6e8c6f9c1  tzdata-2016f-1.el6.noarch.rpm
e6720b3e289f6a6f557a1e6b28f2ba1fd1ce8cbf1a5af6ac5e75979b4e5b3f6e  tzdata-java-2016f-1.el6.noarch.rpm

x86_64:
4b162428dc9c65381dd763228edca7b47d49a0e2c59e5181fa1fb3d6e8c6f9c1  tzdata-2016f-1.el6.noarch.rpm
e6720b3e289f6a6f557a1e6b28f2ba1fd1ce8cbf1a5af6ac5e75979b4e5b3f6e  tzdata-java-2016f-1.el6.noarch.rpm

Source:
b4aedecfd82d8d8cb121ad6cfeb5d04147ee692c263e3be32c0dcd142ab01344  tzdata-2016f-1.el6.src.rpm
CentOS

CEEA-2016:1388 CentOS 7 tzdata Enhancement Update

CentOS Errata and Enhancement Advisory 2016:1388 

Upstream details at : https://rhn.redhat.com/errata/RHEA-2016-1388.html

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( sha256sum Filename ) 

x86_64:
9cfaa0a8cab180a43620668afd9f276942b6d0b64897af14889a2136a1c52bf2  tzdata-2016f-1.el7.noarch.rpm
0377528b43794c2661f5e7200d7fbdeed2fc610c10130a777402a4342eda31a8  tzdata-java-2016f-1.el7.noarch.rpm

Source:
88848093c1d0e49c4dc4debe737914a3af2f328879882a347561cc43e1870935  tzdata-2016f-1.el7.src.rpm
CentOS

CEEA-2016:1388 CentOS 5 tzdata Enhancement Update

CentOS Errata and Enhancement Advisory 2016:1388 

Upstream details at : https://rhn.redhat.com/errata/RHEA-2016-1388.html

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( sha256sum Filename ) 

i386:
b6b5b63b31f42b6e194c762ae5ec10cdd1e08359ed7015d0425d9375918d391b  tzdata-2016f-1.el5.i386.rpm
3813186374237f8d57dcc12305989ffc85439da688547bc0a3d00d278939e648  tzdata-java-2016f-1.el5.i386.rpm

x86_64:
fef29332530b30b2f4cd78fbd72808af620b9bcaee2c511094d281ef683310e3  tzdata-2016f-1.el5.x86_64.rpm
e2c8f6d3e3588cad6d7e387d269c106bd9ed4cabc1ff6e6aa693d16ce635e168  tzdata-java-2016f-1.el5.x86_64.rpm

Source:
a246561964dc10dca6846bd3124776797047a4baef0c21079dfb528e96c73e5a  tzdata-2016f-1.el5.src.rpm
AVG

AVG Wins Three 2016 ChannelPro Readers’ Choice Awards

Our AVG Business products won top honors in ChannelPro’s 2016 Readers’ Choice Awards, securing Gold and Silver wins in the Antivirus, Security Software Suite and Remote Monitoring and Management categories.

This is also the third consecutive year we have been a ChannelPro medalist in the security software suite category.

The ChannelPro Readers’ Choice Awards are entirely driven by votes and direct feedback from SMB channel readers of ChannelPro magazine. More than 500 channel VARs, MSPs, integrators, system builders, and IT consultants cast their votes for Gold, Silver, and Bronze winners across a range of categories.

Readers were asked to cast their votes for the vendors with the most SMB- and partner-friendly products, technologies, services, and programs, as well as the top professional organizations in the channel today.  IT professionals were also asked to select the option that best satisfies the unique business requirements, work styles, and budgets of their small and midsize business clients, as well as those that best serve their own partner organizations.

This is a special win that our AVG partners can share with their clients. It also provides another strong testament to the quality, performance and simplicity of our AVG Business product portfolio, as well as the strong channel partner program we are building.

Comments from Cecilia Galvin, executive editor of ChannelPro-SMB, capture the value of this recognition, “We are gratified that such a large number of readers participated in our survey, underscoring their commitment to, and understanding of, the SMB market and the vendors, distributors, and professional associations with whom they partner. The results are a true snapshot of the top IT product and service providers in today’s SMB channel.”

Here are the awards you can mention and share:

AVG: Best AntiVirus Vendor (Gold)

AVG: Security Suite Software Vendor (Silver)

AVG: Best Remote Monitoring and Management Vendor (Silver)

 

Please share these wins with your teams and clients. Your AVG Account Manager can provide awards logos to share and promote. Thank you for your continued support!

Security

EMC Avamar Data Store / Virtual Edition Unauthorized Data Access

EMC Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) have released a fix for a vulnerability that may potentially lead to denial of service and data disclosure. When restoring backups of Linux Avamar clients using the web restore interface, a malicious Avamar Client user may read and/or delete critical directories on the Avamar Server. This may lead to a denial-of-service attack on the Avamar Server, or unauthorized access to Avamar Server data by the malicious Avamar Client user. All supported versions prior to 7.3.0 of EMC Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) are affected.