Red Hat Security Advisory 2016-1593-01 – Red Hat JBoss BPM Suite is a business rules and processes management system for the management, storage, creation, modification, and deployment of JBoss rules and BPMN2-compliant business processes. Security Fix: A denial of service flaw was found in the way Spring processes inline DTD declarations. A remote attacker could submit a specially crafted XML file that would cause out-of-memory errors when parsed.
Monthly Archives: August 2016
Red Hat Security Advisory 2016-1587-01
Red Hat Security Advisory 2016-1587-01 – IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR3-FP10. Security Fix: This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.
Red Hat Security Advisory 2016-1588-01
Red Hat Security Advisory 2016-1588-01 – IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 7 to version 7R1 SR3-FP50. Security Fix: This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.
DSA-3647 icedove – security update
Multiple security issues have been found in Icedove, Debian’s version of
the Mozilla Thunderbird mail client: Multiple memory safety errors may
lead to the execution of arbitrary code or denial of service.
GLSA 201608-01: OptiPNG: Multiple vulnerabilities
DSA-3646 postgresql-9.4 – security update
Several vulnerabilities have been found in PostgreSQL-9.4, a SQL
database system.
[CORE-2016-0006] – SAP CAR Multiple Vulnerabilities
Posted by CORE Advisories Team on Aug 10
1. Advisory Information
Title: SAP CAR Multiple Vulnerabilities
Advisory ID: CORE-2016-0006
Advisory URL: http://www.coresecurity.com/advisories/sap-car-multiple-vulnerabilities
Date published: 2016-08-09
Date of last update: 2016-08-09
Vendors contacted: SAP
Release mode: Coordinated release
2. Vulnerability Information
Class: Unchecked Return Value [CWE-252], TOCTOU Race Condition [CWE-367]
Impact: Denial of service, Security bypass
Remotely…
vBulletin Patches Serious Flaw in Forum Software
A serious vulnerability has been patched in forum software made by vBulletin that could allow attackers to scan servers hosting the package and possibly execute arbitrary code.
RHSA-2016:1589-1: Critical: java-1.7.0-ibm security update
Red Hat Enterprise Linux: An update for java-1.7.0-ibm is now available for Red Hat Enterprise Linux 5
Supplementary.
Red Hat Product Security has rated this update as having a security impact of
Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a
detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.
CVE-2016-3511, CVE-2016-3598
RHSA-2016:1588-1: Critical: java-1.7.1-ibm security update
Red Hat Enterprise Linux: An update for java-1.7.1-ibm is now available for Red Hat Enterprise Linux 6
Supplementary and Red Hat Enterprise Linux 7 Supplementary.
Red Hat Product Security has rated this update as having a security impact of
Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a
detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.
CVE-2016-3511, CVE-2016-3598