Red Hat Security Advisory 2016-1773-01 – OpenShift Enterprise by Red Hat is the company’s cloud computing Platform-as-a-Service solution designed for on-premise or private cloud deployments. The Jenkins continuous integration server has been updated to upstream version 1.651.2 LTS that addresses a large number of security issues, including open redirects, a potential denial of service, unsafe handling of user provided environment variables and several instances of sensitive information disclosure.
Monthly Archives: August 2016
Ubuntu Security Notice USN-3067-1
Ubuntu Security Notice 3067-1 – Kostya Serebryany discovered that HarfBuzz incorrectly handled memory. A remote attacker could use this issue to cause HarfBuzz to crash, resulting in a denial of service, or possibly execute arbitrary code. It was discovered that HarfBuzz incorrectly handled certain length checks. A remote attacker could use this issue to cause HarfBuzz to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only applied to Ubuntu 16.04 LTS. Various other issues were also addressed.
Ubuntu Security Notice USN-3068-1
Ubuntu Security Notice 3068-1 – Thijs Alkemade, Gustavo Grieco, Daniel Stenberg, and Nikos Mavrogiannopoulos discovered that Libidn incorrectly handled invalid UTF-8 characters. A remote attacker could use this issue to cause Libidn to crash, resulting in a denial of service, or possibly disclose sensitive memory. This issue only applied to Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. Hanno Boeck discovered that Libidn incorrectly handled certain input. A remote attacker could possibly use this issue to cause Libidn to crash, resulting in a denial of service. Various other issues were also addressed.
VMWare Releases Security Updates
Original release date: August 24, 2016
VMWare has released security updates to address vulnerabilities in VMware Identity Manager and vRealize Automation. Exploitation of one of these vulnerabilities could allow a remote attacker to take control of an affected system.
Users and administrators are encouraged to review VMware Security Advisory VMSA-2016-0013 and apply the necessary updates.
This product is provided subject to this Notification and this Privacy & Use policy.
Bugtraq: [slackware-security] gnupg (SSA:2016-236-01)
[slackware-security] gnupg (SSA:2016-236-01)
Bugtraq: nullcon 8-bit Call for Papers is open
nullcon 8-bit Call for Papers is open
RHSA-2016:1773-1: Important: Red Hat OpenShift Enterprise 2.2.10 security, bug fix, and enhancement update
Red Hat Enterprise Linux: An update is now available for Red Hat OpenShift Enterprise 2.2.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
RHSA-2016:1763-1: Moderate: qemu-kvm-rhev security update
Red Hat Enterprise Linux: An update for qemu-kvm-rhev is now available for Red Hat OpenStack Platform 9.0
(Mitaka).
Red Hat Product Security has rated this update as having a security impact of
Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a
detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.
RHBA-2016:1771-1: Red Hat Enterprise Linux OpenStack Platform 5 Bug Fix and Enhancement Advisory
Red Hat Enterprise Linux: Updated packages that resolve various issues are now available for Red Hat
Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 7.
RHBA-2016:1766-1: Red Hat OpenStack Platform 9 director 0day Advisory
Red Hat Enterprise Linux: This is a 0day Advisory for Red Hat OpenStack Platform 9 director