[SECURITY] [DSA 3698-1] php5 security update
Monthly Archives: October 2016
Bugtraq: APPLE-SA-2016-10-24-3 Safari 10.0.1
APPLE-SA-2016-10-24-3 Safari 10.0.1
Week Four of National Cyber Security Awareness Month
Original release date: October 25, 2016
In partnership with DHS, the National Cyber Security Alliance has released information on Our Continuously Connected Lives: What’s Your “Apptitude?” which examines our future using Internet of Things (IoT) devices. The #CyberAware Tip of the Week details the infographic on the growing IoT and provides safe computing practices to help you stay safe online.
US-CERT encourages users and administrators to review the Stop.Think.Connect. publication Safety Tips for Mobile Devices and the US-CERT Tip Cybersecurity for Electronic Devices. Visit the US-CERT website for articles on Week 1, Week 2, and Week 3 of the campaign.
This product is provided subject to this Notification and this Privacy & Use policy.
RHSA-2016:2098-1: Important: kernel security update
Red Hat Enterprise Linux: An update for kernel is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of
Important. A Common Vulnerability Scoring System (CVSS) base score, which gives
a detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.
CVE-2016-5195
USN-3107-2: Linux kernel (Raspberry Pi 2) vulnerability
Ubuntu Security Notice USN-3107-2
24th October, 2016
linux-raspi2 vulnerability
A security issue affects these releases of Ubuntu and its
derivatives:
- Ubuntu 16.10
Summary
The system could be made to run programs as an administrator.
Software description
- linux-raspi2
– Linux kernel for Raspberry Pi 2
Details
It was discovered that a race condition existed in the memory manager of
the Linux kernel when handling copy-on-write breakage of private read-only
memory mappings. A local attacker could use this to gain administrative
privileges.
Update instructions
The problem can be corrected by updating your system to the following
package version:
- Ubuntu 16.10:
-
linux-image-4.8.0-1017-raspi2
4.8.0-1017.20
To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References
libXi-1.7.8-2.fc23
libXi 1.7.8
—-
Fix crash when calling XListInputDevices on devices without classes
—-
Security fix for CVE-2016-7945, CVE-2016-7946
CVE-2016-1000032
TGCaptcha2 version 0.3.0 is vulnerable to a replay attack due to a missing nonce allowing attackers to use a single solved CAPTCHA multiple times. (CVSS:5.0) (Last Update:2016-10-28)
DSA-3700 asterisk – security update
Multiple vulnerabilities have been discovered in Asterisk, an open source
PBX and telephony toolkit, which may result in denial of service or
incorrect certificate validation.
DSA-3699 virtualbox – end-of-life
Upstream support for the 4.3 release series has ended and since no
information is available which would allow backports of isolated
security fixes, security support for virtualbox in jessie needed to be
ended as well.
DSA-3701 nginx – security update
Dawid Golunski reported the nginx web server packages in Debian
suffered from a privilege escalation vulnerability (www-data to root)
due to the way log files are handled. This security update changes
ownership of the /var/log/nginx directory root. In addition,
/var/log/nginx has to be made accessible to local users, and local
users may be able to read the log files themselves local until the
next logrotate invocation.