RHEA-2016:1982-1: tzdata enhancement update

Red Hat Enterprise Linux: Updated tzdata packages that add various enhancements are now available for Red
Hat Enterprise Linux 4 Extended Life Cycle Support, Red Hat Enterprise Linux 5.6
Long Life, Red Hat Enterprise Linux 5.9 Advanced Update Support, Red Hat
Enterprise Linux 5.11, Red Hat Enterprise Linux 6.2 Advanced Update Support, Red
Hat Enterprise Linux 6.4 Advanced Update Support, Red Hat Enterprise Linux 6.5
Advanced Update Support, Red Hat Enterprise Linux 6.6 Extended Update Support,
Red Hat Enterprise Linux 6.7, Red Hat Enterprise Linux 7.1 Extended Update
Support, Red Hat Enterprise Linux 7.1 Little Endian Extended Update Support, and
Red Hat Enterprise Linux 7.2.

USN-3090-2: Pillow regresssion

Ubuntu Security Notice USN-3090-2

30th September, 2016

Pillow regression

A security issue affects these releases of Ubuntu and its
derivatives:

  • Ubuntu 14.04 LTS

Software description

  • pillow
    – Python Imaging Library compatibility layer

Details

USN-3090-1 fixed vulnerabilities in Pillow. The patch to fix CVE-2014-9601
caused a regression which resulted in failures when processing certain
png images. This update temporarily reverts the security fix for CVE-2014-9601
pending further investigation.

We apologize for the inconvenience.

Original advisory details:

It was discovered that a flaw in processing a compressed text chunk in
a PNG image could cause the image to have a large size when decompressed,
potentially leading to a denial of service. (CVE-2014-9601)

Andrew Drake discovered that Pillow incorrectly validated input. A remote
attacker could use this to cause Pillow to crash, resulting in a denial
of service. (CVE-2014-3589)

Eric Soroos discovered that Pillow incorrectly handled certain malformed
FLI, Tiff, and PhotoCD files. A remote attacker could use this issue to
cause Pillow to crash, resulting in a denial of service.
(CVE-2016-0740, CVE-2016-0775, CVE-2016-2533)

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 14.04 LTS:
python-imaging

2.3.0-1ubuntu3.3
python3-pil

2.3.0-1ubuntu3.3
python-pil

2.3.0-1ubuntu3.3
python3-imaging

2.3.0-1ubuntu3.3

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

None

References

CVE-2014-9601,

LP: 1628351

CVE-2016-3042

Cross-site scripting (XSS) vulnerability in the Web UI in IBM WebSphere Application Server (WAS) Liberty before 16.0.0.3 allows remote authenticated users to inject arbitrary web script or HTML via vectors involving OpenID Connect clients.

CVE-2016-5986

IBM WebSphere Application Server (WAS) 7.x before 7.0.0.43, 8.0.x before 8.0.0.13, 8.5.x before 8.5.5.11, 9.0.x before 9.0.0.2, and Liberty before 16.0.0.3 mishandles responses, which allows remote attackers to obtain sensitive information via unspecified vectors.

CVE-2016-5995

Untrusted search path vulnerability in IBM DB2 9.7 through FP11, 10.1 through FP5, 10.5 before FP8, and 11.1 GA on Linux, AIX, and HP-UX allows local users to gain privileges via a Trojan horse library that is accessed by a setuid or setgid program.