Red Hat Enterprise Linux: An update for kernel is now available for Red Hat Enterprise Linux 6.6 Extended
Update Support.
Red Hat Product Security has rated this update as having a security impact of
Important. A Common Vulnerability Scoring System (CVSS) base score, which gives
a detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.
CVE-2016-5696
Red Hat Enterprise Linux: Updated ovirt-guest-agent packages that fix several bugs and add various
enhancements are now available.
27th September, 2016
A security issue affects these releases of Ubuntu and its
derivatives:
Django could be made to set arbitrary cookies.
Sergey Bobrov discovered that Django incorrectly parsed cookies when being
used with Google Analytics. A remote attacker could possibly use this issue
to set arbitrary cookies leading to a CSRF protection bypass.
The problem can be corrected by updating your system to the following
package version:
To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.
In general, a standard system update will make all the necessary changes.
27th September, 2016
A security issue affects these releases of Ubuntu and its
derivatives:
Bind could be made to crash if it received specially crafted network
traffic.
It was discovered that Bind incorrectly handled building responses to
certain specially crafted requests. A remote attacker could possibly use
this issue to cause Bind to crash, resulting in a denial of service.
The problem can be corrected by updating your system to the following
package version:
To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.
In general, a standard system update will make all the necessary changes.
27th September, 2016
A security issue affects these releases of Ubuntu and its
derivatives:
Pillow could be made to crash if it received specially crafted input or opened
a specially crafted file.
It was discovered that a flaw in processing a compressed text chunk in
a PNG image could cause the image to have a large size when decompressed,
potentially leading to a denial of service. (CVE-2014-9601)
Andrew Drake discovered that Pillow incorrectly validated input. A remote
attacker could use this to cause Pillow to crash, resulting in a denial
of service. (CVE-2014-3589)
Eric Soroos discovered that Pillow incorrectly handled certain malformed
FLI, Tiff, and PhotoCD files. A remote attacker could use this issue to
cause Pillow to crash, resulting in a denial of service.
(CVE-2016-0740, CVE-2016-0775, CVE-2016-2533)
The problem can be corrected by updating your system to the following
package version:
To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.
In general, a standard system update will make all the necessary changes.
FreePBX versions prior to 13.0.188 remote root exploit.
This security update addresses issues that were caused by patches included in the previous security update, released on 22nd September 2016. Given the Critical severity of one of these flaws they have chosen to release this advisory immediately to prevent upgrades to the affected version, rather than delaying in order to provide their usual public pre-notification.
Apache Xerces-C CVE-2016-4463 Stack Buffer Overflow Vulnerability
SSL/TLS RC4 CVE-2013-2566 Information Disclosure Weakness
IETF RFC 3279 X.509 Certificate MD5 Signature Collision Vulnerability