A security issue affects these releases of Ubuntu and its
derivatives:
Ubuntu 16.04 LTS
Ubuntu 14.04 LTS
Ubuntu 12.04 LTS
Summary
GnuPG incorrectly generated random numbers.
Software description
gnupg
– GNU privacy guard – a free PGP replacement
Details
Felix Dörre and Vladimir Klebanov discovered that GnuPG incorrectly handled mixing functions in the random number generator. An attacker able to obtain 4640 bits from the RNG can trivially predict the next 160 bits of output.
Update instructions
The problem can be corrected by updating your system to the following
package version:
A security issue affects these releases of Ubuntu and its
derivatives:
Ubuntu 16.04 LTS
Ubuntu 14.04 LTS
Ubuntu 12.04 LTS
Summary
Libgcrypt incorrectly generated random numbers.
Software description
libgcrypt11
– LGPL Crypto library
libgcrypt20
– LGPL Crypto library
Details
Felix Dörre and Vladimir Klebanov discovered that Libgcrypt incorrectly handled mixing functions in the random number generator. An attacker able to obtain 4640 bits from the RNG can trivially predict the next 160 bits of output.
Update instructions
The problem can be corrected by updating your system to the following
package version:
A security issue affects these releases of Ubuntu and its
derivatives:
Ubuntu 16.04 LTS
Ubuntu 14.04 LTS
Ubuntu 12.04 LTS
Summary
Several security issues were fixed in PostgreSQL.
Software description
postgresql-9.1
– Object-relational SQL database
postgresql-9.3
– Object-relational SQL database
postgresql-9.5
– object-relational SQL database
Details
Heikki Linnakangas discovered that PostgreSQL incorrectly handled certain nested CASE/WHEN expressions. A remote attacker could possibly use this issue to cause PostgreSQL to crash, resulting in a denial of service. (CVE-2016-5423)
Nathan Bossart discovered that PostgreSQL incorrectly handled special characters in database and role names. A remote attacker could possibly use this issue to escalate privileges. (CVE-2016-5424)
Update instructions
The problem can be corrected by updating your system to the following
package version:
This update uses a new upstream release, which includes additional bug fixes. After a standard system update you need to restart PostgreSQL to make all the necessary changes.
The Grapevine update process in Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) 1.0 allows remote authenticated users to execute arbitrary commands as root via a crafted upgrade parameter, aka Bug ID CSCux15507.
The web-based GUI in Cisco Firepower Management Center 4.x and 5.x before 5.3.1.2 and 5.4.x before 5.4.0.1 and Cisco Adaptive Security Appliance (ASA) Software on 5500-X devices with FirePOWER Services 4.x and 5.x before 5.3.1.2 and 5.4.x before 5.4.0.1 allows remote authenticated users to execute arbitrary commands as root via crafted HTTP requests, aka Bug ID CSCur25513.
The web-based GUI in Cisco Firepower Management Center 4.x and 5.x before 5.3.0.3, 5.3.1.x before 5.3.1.2, and 5.4.x before 5.4.0.1 and Cisco Adaptive Security Appliance (ASA) Software on 5500-X devices with FirePOWER Services 4.x and 5.x before 5.3.0.3, 5.3.1.x before 5.3.1.2, and 5.4.x before 5.4.0.1 allows remote authenticated users to increase user-account privileges via crafted HTTP requests, aka Bug ID CSCur25483.
IOMobileFrameBuffer in Apple iOS before 9.3.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
Onapsis Security Advisory ONAPSIS-2016-006: SAP HANA Get Topology Information
1. Impact on Business
=====================
By exploiting this vulnerability, a remote unauthenticated attacker
could obtain technical information about the SAP HANA Platform that
can be used to perform more complex attacks
Risk Level: Medium
2. Advisory Information
=======================
– Public Release Date: 07/20/2016
– Last Revised: 07/20/2016
– Security…