Red Hat Enterprise Linux: Updated packages that resolve various issues are now available for Red Hat
OpenStack Platform 9.0 director for RHEL 7.
Monthly Archives: October 2016
RHSA-2016:2119-1: Critical: flash-plugin security update
Red Hat Enterprise Linux: An update for flash-plugin is now available for Red Hat Enterprise Linux 5
Supplementary and Red Hat Enterprise Linux 6 Supplementary.
Red Hat Product Security has rated this update as having a security impact of
Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a
detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.
CVE-2016-7855
Cisco Releases Security Updates for Multiple Products
Original release date: October 26, 2016
Cisco has released several updates to address vulnerabilities affecting multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.
Users and administrators are encouraged to review the following Cisco Security Advisories and apply the necessary updates:
- Identity Services Engine SQL Injection Vulnerability cisco-sa-20161026-ise
- Vulnerability in Linux Kernel Affecting Cisco Products: October 2016 cisco-sa-20161026-linux
- Email Security Appliance Malformed DGN File Attachment Denial of Service Vulnerability cisco-sa-20161026-esa1
- Email Security Appliance Advanced Malware Protection Attachment Scanning Denial of Service Vulnerability cisco-sa-20161026-esa2
- Email Security Appliance Corrupted Attachment Fields Denial of Service Vulnerability cisco-sa-20161026-esa3
- Email Security Appliance Quarantine Email Rendering Vulnerability cisco-sa-20161026-esa4
- Email Security Appliance Drop Bypass Vulnerability cisco-sa-20161026-esa5
- Email Security Appliance FTP Denial of Service Vulnerability cisco-sa-20161026-esa6
- Email and Web Security Appliance Malformed MIME Header Vulnerability cisco-sa-20161026-esawsa1
- Email and Web Security Appliance MIME Header Bypass Vulnerability cisco-sa-20161026-esawsa2
- Email and Web Security Appliance JAR Advanced Malware Protection DoS Vulnerability cisco-sa-20161026-esawsa3
- Hosted Collaboration Mediation Fulfillment Cross-Site Request Forgery Vulnerability cisco-sa-20161026-hcmf
- IP Interoperability and Collaboration System Universal Media Services Unauthorized Access Vulnerability cisco-sa-20161026-ipics
- IP Interoperability and Collaboration System Cross-Site Scripting Vulnerability cisco-sa-20161026-ipics1
- IP Interoperability and Collaboration System Command-Line Interface Privilege Escalation Vulnerability cisco-sa-20161026-ipics2
- Prime Collaboration Provisioning Cross-Site Scripting Vulnerability cisco-sa-20161026-pcp
This product is provided subject to this Notification and this Privacy & Use policy.
AIEngine 1.6
AIEngine is a packet inspection engine with capabilities of learning without any human intervention. It helps network/security professionals to identify traffic and develop signatures for use them on NIDS, Firewalls, Traffic classifiers and so on.
Vuln: WordPress admin-font-editor Plugin CVE-2016-1000126 Cross Site Scripting Vulnerability
WordPress admin-font-editor Plugin CVE-2016-1000126 Cross Site Scripting Vulnerability
Vuln: Cisco Identity Services Engine CVE-2016-6453 SQL Injection Vulnerability
Cisco Identity Services Engine CVE-2016-6453 SQL Injection Vulnerability
[CSS] POINTYFEATHER / tar extract pathname bypass (CVE-2016-6321)
Posted by Harry Sintonen on Oct 26
—————- t2’16 special vulnerability release —————–
Vulnerability: POINTYFEATHER aka Tar extract pathname bypass
Credits: Harry Sintonen / FSC1V Cyber Security Services
Date: 2016-10-27
Impact: File overwrite in certain situations
Classifier: Full spectrum cyber
CVSS: 4.3.2
Threat level: Manatee
//NORDIC EYES ONLY//NOFORN//PUBLIC//EXPLOIT GLOBAL//…
CVE-2016-1240 – Tomcat packaging on Debian-based distros – Local Root Privilege Escalation
Posted by Dawid Golunski on Oct 26
I added a simple PoC video for the CVE-2016-1240 vulnerability.
In the PoC I used Ubuntu 16.04 with the latest tomcat7 package
(version: 7.0.68-ubuntu-0.1) installed from the default ubuntu repos
which appears vulnerable still.
The video poc can be found at:
http://legalhackers.com/videos/Apache-Tomcat-DebPkg-Root-PrivEsc-Exploit.html
Hewlett Packard TouchSmart Calendar Service 4.1.4245 Privilege Escalation
Hewlett Packard TouchSmart Calendar Service version 4.1.4245 suffers from a privilege escalation vulnerability.
Red Hat Security Advisory 2016-2118-01
Red Hat Security Advisory 2016-2118-01 – The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: A race condition was found in the way the Linux kernel’s memory subsystem handled the copy-on-write breakage of private read-only memory mappings. An unprivileged, local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system.