Red Hat Enterprise Linux: Updated ovirt-image-uploader packages that fix several bugs are now available.
Monthly Archives: September 2016
RHBA-2016:1950-1: vdsm 4.0.4 bug fix and enhancement update
Red Hat Enterprise Linux: Updated vdsm packages that fix several bugs and add various enhancements are now
available.
RHBA-2016:1949-1: ovirt-iso-uploader bug fix update for RHV 4.0.4
Red Hat Enterprise Linux: Updated ovirt-iso-uploader packages that fix several bugs are now available.
RHBA-2016:1948-1: 4.0.4 – java-ovirt-engine-sdk4 bug fix and enhancement update
Red Hat Enterprise Linux: Updated java-ovirt-engine-sdk4 packages are now
available.
RHBA-2016:1947-1: 4.0.4 – python-ovirt-engine-sdk4 bug fix and enhancement update
Red Hat Enterprise Linux: Updated python-ovirt-engine-sdk4 packages that fix several bugs are now
available.
RHBA-2016:1946-1: 4.0.4 – rubygem-ovirt-engine-sdk4 bug fix and enhancement update
Red Hat Enterprise Linux: Updated rubygem-ovirt-engine-sdk4 packages that fix several bugs are now
available.
USN-3092-1: Samba vulnerability
Ubuntu Security Notice USN-3092-1
28th September, 2016
samba vulnerability
A security issue affects these releases of Ubuntu and its
derivatives:
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
Summary
Samba could be tricked into connecting to impersonated servers.
Software description
- samba
– SMB/CIFS file, print, and login server for Unix
Details
Stefan Metzmacher discovered that Samba incorrectly handled certain flags
in SMB2/3 client connections. A remote attacker could use this issue to
disable client signing and impersonate servers by performing a man in the
middle attack.
Samba has been updated to 4.3.11 in Ubuntu 14.04 LTS and Ubuntu 16.04 LTS.
In addition to the security fix, the updated packages contain bug fixes,
new features, and possibly incompatible changes.
Update instructions
The problem can be corrected by updating your system to the following
package version:
- Ubuntu 16.04 LTS:
-
samba
2:4.3.11+dfsg-0ubuntu0.16.04.1
- Ubuntu 14.04 LTS:
-
samba
2:4.3.11+dfsg-0ubuntu0.14.04.1
To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.
This update uses a new upstream release, which includes additional bug
fixes. In general, a standard system update will make all the necessary
changes.
References
USN-3093-1: ClamAV vulnerabilities
Ubuntu Security Notice USN-3093-1
28th September, 2016
clamav vulnerabilities
A security issue affects these releases of Ubuntu and its
derivatives:
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
Summary
ClamAV could be made to crash or run programs if it processed a specially
crafted file.
Software description
- clamav
– Anti-virus utility for Unix
Details
It was discovered that ClamAV incorrectly handled certain malformed files.
A remote attacker could use this issue to cause ClamAV to crash, resulting
in a denial of service, or possibly execute arbitrary code.
In the default installation, attackers would be isolated by the ClamAV
AppArmor profile.
Update instructions
The problem can be corrected by updating your system to the following
package version:
- Ubuntu 16.04 LTS:
-
clamav
0.99.2+dfsg-0ubuntu0.16.04.1
- Ubuntu 14.04 LTS:
-
clamav
0.99.2+addedllvm-0ubuntu0.14.04.1
- Ubuntu 12.04 LTS:
-
clamav
0.99.2+addedllvm-0ubuntu0.12.04.1
To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.
This update uses a new upstream release, which includes additional bug
fixes. In general, a standard system update will make all the necessary
changes.
References
Cisco Releases Security Updates
Original release date: September 28, 2016
Cisco has released security updates to address vulnerabilities in multiple products. Exploitation of one of these vulnerabilities could allow a remote attacker to take over an affected system.
Users and administrators are encouraged to review the following Cisco Security Advisories and apply the necessary updates:
- Cisco Email Security Appliance Internal Testing Interface Vulnerability
- Cisco IOS and IOS XE Software Smart Install Memory Leak Vulnerability
- Cisco IOS and IOS XE Software Multicast Routing Denial of Service Vulnerabilities
- Cisco IOS and IOS XE Software IP Detail Record Denial of Service Vulnerability
- Cisco IOS and IOS XE Software Internet Key Exchange Version 1 Fragmentation Denial of Service Vulnerability
- Cisco IOS and IOS XE Software H.323 Message Validation Denial of Service Vulnerability
- Cisco IOS XE Software IP Fragment Reassembly Denial of Service Vulnerability
- Cisco Firepower Management Center SQL Injection Vulnerability
- Cisco Firepower Management Center Privilege Escalation Vulnerability
- Cisco IOS XE Software NAT Denial of Service Vulnerability
- Cisco IOS and IOS XE Software DNS Forwarder Denial of Service Vulnerability
- Cisco IOS Software Common Industrial Protocol Request Denial of Service Vulnerability
- Cisco IOS and IOS XE Software AAA Login Denial of Service Vulnerability
This product is provided subject to this Notification and this Privacy & Use policy.
DSA-3681 wordpress – security update
Several vulnerabilities were discovered in wordpress, a web blogging tool,
which could allow remote attackers to compromise a site via cross-site
scripting, cross-site request forgery, path traversal, or bypass restrictions.