[SYSS-2016-060] Logitech M520 – Insufficient Verification of Data Authenticity (CWE-345)
Multiple exposures in Sophos UTM
Red Hat Enterprise Linux: Updated tzdata packages that add various enhancements are now available for Red
Hat Enterprise Linux 4 Extended Life Cycle Support, Red Hat Enterprise Linux 5.6
Long Life, Red Hat Enterprise Linux 5.9 Advanced Update Support, Red Hat
Enterprise Linux 5.11, Red Hat Enterprise Linux 6.2 Advanced Update Support, Red
Hat Enterprise Linux 6.4 Advanced Update Support, Red Hat Enterprise Linux 6.5
Advanced Update Support, Red Hat Enterprise Linux 6.6 Extended Update Support,
Red Hat Enterprise Linux 6.7, Red Hat Enterprise Linux 7.1 Extended Update
Support, Red Hat Enterprise Linux 7.1 Little Endian Extended Update Support, and
Red Hat Enterprise Linux 7.2.
Ubuntu Security Notice USN-3090-2
30th September, 2016
A security issue affects these releases of Ubuntu and its
- Ubuntu 14.04 LTS
– Python Imaging Library compatibility layer
USN-3090-1 fixed vulnerabilities in Pillow. The patch to fix CVE-2014-9601
caused a regression which resulted in failures when processing certain
png images. This update temporarily reverts the security fix for CVE-2014-9601
pending further investigation.
We apologize for the inconvenience.
Original advisory details:
It was discovered that a flaw in processing a compressed text chunk in
a PNG image could cause the image to have a large size when decompressed,
potentially leading to a denial of service. (CVE-2014-9601)
Andrew Drake discovered that Pillow incorrectly validated input. A remote
attacker could use this to cause Pillow to crash, resulting in a denial
of service. (CVE-2014-3589)
Eric Soroos discovered that Pillow incorrectly handled certain malformed
FLI, Tiff, and PhotoCD files. A remote attacker could use this issue to
cause Pillow to crash, resulting in a denial of service.
(CVE-2016-0740, CVE-2016-0775, CVE-2016-2533)
The problem can be corrected by updating your system to the following
- Ubuntu 14.04 LTS:
To update your system, please follow these instructions:
Cross-site scripting (XSS) vulnerability in the Web UI in IBM WebSphere Application Server (WAS) Liberty before 188.8.131.52 allows remote authenticated users to inject arbitrary web script or HTML via vectors involving OpenID Connect clients.
IBM WebSphere Application Server (WAS) 7.x before 184.108.40.206, 8.0.x before 220.127.116.11, 8.5.x before 18.104.22.168, 9.0.x before 22.214.171.124, and Liberty before 126.96.36.199 mishandles responses, which allows remote attackers to obtain sensitive information via unspecified vectors.
Untrusted search path vulnerability in IBM DB2 9.7 through FP11, 10.1 through FP5, 10.5 before FP8, and 11.1 GA on Linux, AIX, and HP-UX allows local users to gain privileges via a Trojan horse library that is accessed by a setuid or setgid program.
phpMyAdmin CVE-2016-5733 Multiple Cross Site Scripting Vulnerabilities
phpMyAdmin CVE-2016-6608 Multiple Cross Site Scripting Vulnerabilities
phpMyAdmin CVE-2016-6607 Multiple Cross Site Scripting Vulnerabilities