Red Hat Security Advisory 2016-1968-01 – This release of Red Hat JBoss BRMS 6.3.3 serves as a replacement for Red Hat JBoss BRMS 6.3.2, and includes bug fixes and enhancements, which are documented in the Release Notes of the patch linked to in the References section. Security Fix: A security flaw was found in the way Business Process Editor displays the business process details to the user. A remote, authenticated attacker with privilege to create business processes could use this flaw to conduct stored XSS attacks against other users.

Red Hat Security Advisory 2016-1969-01 – This release of Red Hat JBoss BPM Suite 6.3.3 serves as a replacement for Red Hat JBoss BPM Suite 6.3.2, and includes bug fixes and enhancements, which are documented in the Release Notes of the patch linked to in the References section. Security Fix: A security flaw was found in the way Business Process Editor displays the business process details to the user. A remote, authenticated attacker with privilege to create business processes could use this flaw to conduct stored XSS attacks against other users.

Ubuntu Security Notice 3092-1 – Stefan Metzmacher discovered that Samba incorrectly handled certain flags in SMB2/3 client connections. A remote attacker could use this issue to disable client signing and impersonate servers by performing a man in the middle attack. Samba has been updated to 4.3.11 in Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. In addition to the security fix, the updated packages contain bug fixes, new features, and possibly incompatible changes. Various other issues were also addressed.