Red Hat Security Advisory 2016-1547-01 – The libtiff packages contain a library of functions for manipulating Tagged Image File Format files. Security Fix: Multiple flaws have been discovered in libtiff. A remote attacker could exploit these flaws to cause a crash or memory corruption and, possibly, execute arbitrary code by tricking an application linked against libtiff into processing specially crafted files.

Red Hat Security Advisory 2016-1541-03 – The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. A flaw was found in the Linux kernel’s keyring handling code, where in key_reject_and_link() an uninitialised variable would eventually lead to arbitrary free address which could allow attacker to use a use-after-free style attack. The ovl_setattr function in fs/overlayfs/inode.c in the Linux kernel through 4.3.3 attempts to merge distinct setattr operations, which allows local users to bypass intended access restrictions and modify the attributes of arbitrary overlay files via a crafted application.

Red Hat Security Advisory 2016-1532-02 – The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. A flaw was found in the Linux kernel’s keyring handling code, where in key_reject_and_link() an uninitialised variable would eventually lead to arbitrary free address which could allow attacker to use a use-after-free style attack. The ovl_setattr function in fs/overlayfs/inode.c in the Linux kernel through 4.3.3 attempts to merge distinct setattr operations, which allows local users to bypass intended access restrictions and modify the attributes of arbitrary overlay files via a crafted application.

HP Security Bulletin HPSBGN03564 2 – A vulnerability in Apache Commons Collections for handling Java object deserialization was addressed by HPE Release Control. The vulnerability could be exploited remotely to allow code execution. Revision 2 of this advisory.

WikWiki version 2.1 suffers from a cross site scripting vulnerability.

HP Security Bulletin HPSBUX03632 SSRT110194 1 – A potential security vulnerability has been identified in the HP-UX Mail Server running Sendmail. This vulnerability could be locally exploited to allow unauthorized disclosure of information. Revision 1 of this advisory.

Ubuntu Security Notice 3045-1 – It was discovered that PHP incorrectly handled certain SplMinHeap::compare operations. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. Various other issues were also addressed.

This archive contains all of the 189 exploits added to Packet Storm in July, 2016.