NVIDIA GPU Display Driver CVE-2016-8806 Local Privilege Escalation Vulnerability
Monthly Archives: October 2016
Vuln: Symantec IT Management Suite CVE-2016-6589 Denial of Service Vulnerability
Symantec IT Management Suite CVE-2016-6589 Denial of Service Vulnerability
Red Hat Security Advisory 2016-2131-01
Red Hat Security Advisory 2016-2131-01 – MariaDB is a multi-user, multi-threaded SQL database server. For all practical purposes, MariaDB is binary-compatible with MySQL. The following packages have been upgraded to a newer upstream version: mariadb55-mariadb. Security Fix: It was discovered that the MariaDB logging functionality allowed writing to MariaDB configuration files. An administrative database user, or a database user with FILE privileges, could possibly use this flaw to run arbitrary commands with root privileges on the system running the database server.
Red Hat Security Advisory 2016-2130-01
Red Hat Security Advisory 2016-2130-01 – MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon, mysqld, and many client programs. The following packages have been upgraded to a newer upstream version: mysql55-mysql. Security Fix: It was discovered that the MySQL logging functionality allowed writing to MySQL configuration files. An administrative database user, or a database user with FILE privileges, could possibly use this flaw to run arbitrary commands with root privileges on the system running the database server.
Red Hat Security Advisory 2016-2128-01
Red Hat Security Advisory 2016-2128-01 – The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: A flaw was found in the Linux kernel’s keyring handling code: the key_reject_and_link() function could be forced to free an arbitrary memory block. An attacker could use this flaw to trigger a use-after-free condition on the system, potentially allowing for privilege escalation.
Red Hat Security Advisory 2016-2127-01
Red Hat Security Advisory 2016-2127-01 – The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: A race condition was found in the way the Linux kernel’s memory subsystem handled the copy-on-write breakage of private read-only memory mappings. An unprivileged, local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system.
Red Hat Security Advisory 2016-2126-01
Red Hat Security Advisory 2016-2126-01 – The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: A race condition was found in the way the Linux kernel’s memory subsystem handled the copy-on-write breakage of private read-only memory mappings. An unprivileged, local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system.
CVE-2016-8203 (netiron_os)
A memory corruption in the IPsec code path of Brocade NetIron OS on Brocade MLXs 5.8.00 through 5.8.00e, 5.9.00 through 5.9.00bd, 6.0.00, and 6.0.00a images could allow attackers to cause a denial of service (line card reset) via certain constructed IPsec control packets.
Nymaim Dropper Updates Delivery, Obfuscation Methods
A variant of the Nymaim dropper has surfaced, and it includes new delivery methods, obfuscation techniques, and the use of PowerShell to download payloads.
Apple Release Security Update for iOS
Original release date: October 31, 2016
Apple has released a security update to address vulnerabilities in iOS. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system.
US-CERT encourages users and administrators to review the Apple security page for iOS and apply the necessary update.
This product is provided subject to this Notification and this Privacy & Use policy.