Red Hat Enterprise Linux: An update for httpd is now available for Red Hat Enterprise Linux 5 and Red Hat
Enterprise Linux 6.
Red Hat Product Security has rated this update as having a security impact of
Important. A Common Vulnerability Scoring System (CVSS) base score, which gives
a detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.
CVE-2016-5387
Red Hat Enterprise Linux: An update for httpd24-httpd is now available for Red Hat Software Collections.
Red Hat Product Security has rated this update as having a security impact of
Important. A Common Vulnerability Scoring System (CVSS) base score, which gives
a detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.
CVE-2016-4979, CVE-2016-5387
Red Hat Enterprise Linux: An update for libxml2 is now available for Red Hat Enterprise Linux 6 and Red
Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of
Important. A Common Vulnerability Scoring System (CVSS) base score, which gives
a detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.
[Updated 18 July 2016]
This advisory has been updated to push packages into the Red Hat Enterprise
Linux 6 Desktop channels. The packages included in this revised update have not
been changed in any way from the packages included in the original advisory.
CVE-2016-1762, CVE-2016-1833, CVE-2016-1834, CVE-2016-1835, CVE-2016-1836, CVE-2016-1837, CVE-2016-1838, CVE-2016-1839, CVE-2016-1840, CVE-2016-3627, CVE-2016-3705, CVE-2016-4447, CVE-2016-4448, CVE-2016-4449
Red Hat Enterprise Linux: Updated packages that provide Red Hat JBoss Enterprise Application Platform
6.4.9 and fix several bugs, and add various enhancements are now available for
Red Hat Enterprise Linux 5.
Red Hat Enterprise Linux: Updated systemd packages that fix two bugs are now available for Red Hat
Enterprise Linux 7.
Posted by Vulnerability Lab on Jul 19
Document Title:
===============
Django CMS v3.3.0 – (Editor Snippet) Persistent Web Vulnerability (CVE-2016-6186)
References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1869
Security Release: https://www.djangoproject.com/weblog/2016/jul/18/security-releases/
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-6186
CVE-ID:
=======
CVE-2016-6186
Release Date:
=============
2016-07-19
Vulnerability…
18th July, 2016
A security issue affects these releases of Ubuntu and its
derivatives:
Several security issues were fixed in Thunderbird.
It was discovered that NSPR incorrectly handled memory allocation. If a
user were tricked in to opening a specially crafted message, an attacker
could potentially exploit this to cause a denial of service via
application crash, or execute arbitrary code. (CVE-2016-1951)
Christian Holler, Gary Kwong, Jesse Ruderman, Tyson Smith, Timothy Nikkel,
Sylvestre Ledru, Julian Seward, Olli Pettay, and Karl Tomlinson,
discovered multiple memory safety issues in Thunderbird. If a user were
tricked in to opening a specially crafted message, an attacker could
potentially exploit these to cause a denial of service via application
crash, or execute arbitrary code. (CVE-2016-2818)
The problem can be corrected by updating your system to the following
package version:
To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.
After a standard system update you need to restart Thunderbird to make
all the necessary changes.
18th July, 2016
A security issue affects these releases of Ubuntu and its
derivatives:
A security issue was fixed in the Apache HTTP Server.
It was discovered that the Apache HTTP Server would set the HTTP_PROXY
environment variable based on the contents of the Proxy header from HTTP
requests. A remote attacker could possibly use this issue in combination
with CGI scripts that honour the HTTP_PROXY variable to redirect outgoing
HTTP requests.
The problem can be corrected by updating your system to the following
package version:
To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.
In general, a standard system update will make all the necessary changes.
I am pleased to announce the immediate availability of version 9.5 of
the PostgreSQL server on CentOS Linux 7 x86_64, delivered via a Software
Collection (SCL) built by the SCLo Special Interest Group
(https://wiki.centos.org/SpecialInterestGroup/SCLo).
QuickStart
----------
You can get started in three easy steps:
$ sudo yum install centos-release-scl
$ sudo yum install rh-postgresql95
$ scl enable rh-postgresql95 bash
At this point you should be able to use PostgreSQL just as a normal
application. Here are some examples of commands you can run:
$ postgresql-setup --initdb
$ systemctl start rh-postgresql95-postgresql
$ su postgres -c psql
In order to view the individual components included in this collection,
including additional subpackages, you can run:
$ sudo yum list rh-postgresql95*
Last but not least you can try this Software Collection in Docker. You
can pull the image with the following command:
$ sudo docker pull centos/postgresql-95-centos7
For more on the docker image follow the link to public source
repository: https://github.com/sclorg/postgresql-container
For more on PostgreSQL in general, see http://www.postgresql.org.
About Software Collections
--------------------------
Software Collections give you the power to build, install, and use
multiple versions of software on the same system, without affecting
system-wide installed packages. Each collection is delivered as a group
of RPMs, with the grouping being done using the name of the collection
as a prefix of all packages that are part of the software collection.
The SCLo SIG in CentOS
----------------------
The Software Collections SIG group is an open community group
co-ordinating the development of the SCL technology, and helping curate
a reference set of collections. In addition to the PostgreSQL collection
being released here, we also build and deliver databases, web servers,
and language stacks including multiple versions of MongoDB, MariaDB,
Apache HTTP Server, NodeJS, Python and others.
You can learn more about Software Collections concepts at:
http://softwarecollections.org
You can find information on the SIG at
https://wiki.centos.org/SpecialInterestGroup/SCLo ; this includes howto
get involved and help with the effort.
Enjoy!
Honza
(thanks trepik for preparing the announcement)
I am pleased to announce the immediate availability of MariaDB in
version 10.1 on CentOS Linux 6 x86_64, delivered via a Software
Collection (SCL) built by the SCLo Special Interest Group
(https://wiki.centos.org/SpecialInterestGroup/SCLo).
QuickStart
----------
You can get started in three easy steps:
$ sudo yum install centos-release-scl
$ sudo yum install rh-mariadb101
$ scl enable rh-mariadb101 bash
At this point you should be able to use mariadb just as a normal
application. Here are some examples of commands you can run:
$ service rh-mariadb101-mariadb start
$ mysql
$ mysql_upgrade
In order to view the individual components included in this collection,
you can run:
$ sudo yum list rh-mariadb101*
For more on MariaDB in general, see https://mariadb.org.
About Software Collections
--------------------------
Software Collections give you the power to build, install, and use
multiple versions of software on the same system, without affecting
system-wide installed packages. Each collection is delivered as a group
of RPMs, with the grouping being done using the name of the collection
as a prefix of all packages that are part of the software collection.
The SCLo SIG in CentOS
----------------------
The Software Collections SIG group is an open community group
co-ordinating the development of the SCL technology, and helping curate
a reference set of collections. In addition to the collection MariaDB
being released here, we also build and deliver databases, web servers,
and language stacks including multiple versions of PostgreSQL, MongoDB,
Apache HTTP Server, NodeJS, Python and others.
You can learn more about Software Collections concepts at:
http://softwarecollections.org
You can find information on the SIG at
https://wiki.centos.org/SpecialInterestGroup/SCLo ; this includes howto
get involved and help with the effort.
Enjoy!
Honza
(thanks trepik for preparing the announcement)