Monthly Archives: November 2016
Bugtraq: [slackware-security] x11 (SSA:2016-305-02)
[slackware-security] x11 (SSA:2016-305-02)
Bugtraq: [slackware-security] mariadb (SSA:2016-305-03)
[slackware-security] mariadb (SSA:2016-305-03)
Bugtraq: [slackware-security] php (SSA:2016-305-04)
[slackware-security] php (SSA:2016-305-04)
Bugtraq: Microsoft Internet Explorer 9 MSHTML CAttrArray use-after-free details
Microsoft Internet Explorer 9 MSHTML CAttrArray use-after-free details
RHSA-2016:2135-1: Low: Red Hat Enterprise Linux 6.6 Extended Update Support Retirement Notice
Red Hat Enterprise Linux: This is the final notification for the retirement of Red Hat Enterprise Linux
6.6 Extended Update Support (EUS). This notification applies only to those
customers subscribed to the Extended Update Support (EUS) channel for Red Hat
Enterprise Linux 6.6.
RHSA-2016:2134-1: Low: Red Hat Enterprise Developer Toolset Version 3.x Retirement Notice
This is the final notification for the retirement of Red Hat Developer Toolset
Version 3.x. This notification applies only to those customers subscribed to the
channel for Red Hat Developer Toolset Version 3.x.
RHSA-2016:2133-1: Important: kernel security update
Red Hat Enterprise Linux: An update for kernel is now available for Red Hat Enterprise Linux 6.4 Advanced
Update Support.
Red Hat Product Security has rated this update as having a security impact of
Important. A Common Vulnerability Scoring System (CVSS) base score, which gives
a detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.
CVE-2016-4470, CVE-2016-5195
RHSA-2016:2132-1: Important: kernel security and bug fix update
Red Hat Enterprise Linux: An update for kernel is now available for Red Hat Enterprise Linux 6.2 Advanced
Update Support.
Red Hat Product Security has rated this update as having a security impact of
Important. A Common Vulnerability Scoring System (CVSS) base score, which gives
a detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.
CVE-2016-5195
USN-3115-1: Django vulnerabilities
Ubuntu Security Notice USN-3115-1
1st November, 2016
python-django vulnerabilities
A security issue affects these releases of Ubuntu and its
derivatives:
- Ubuntu 16.10
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
Summary
Several security issues were fixed in Django.
Software description
- python-django
– High-level Python web development framework
Details
Marti Raudsepp discovered that Django incorrectly used a hardcoded password
when running tests on an Oracle database. A remote attacker could possibly
connect to the database while the tests are running and prevent the test
user with the hardcoded password from being removed. (CVE-2016-9013)
Aymeric Augustin discovered that Django incorrectly validated hosts when
being run with the debug setting enabled. A remote attacker could possibly
use this issue to perform DNS rebinding attacks. (CVE-2016-9014)
Update instructions
The problem can be corrected by updating your system to the following
package version:
- Ubuntu 16.10:
-
python3-django
1.8.7-1ubuntu8.1
-
python-django
1.8.7-1ubuntu8.1
- Ubuntu 16.04 LTS:
-
python3-django
1.8.7-1ubuntu5.4
-
python-django
1.8.7-1ubuntu5.4
- Ubuntu 14.04 LTS:
-
python-django
1.6.1-2ubuntu0.16
- Ubuntu 12.04 LTS:
-
python-django
1.3.1-4ubuntu1.22
To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.
In general, a standard system update will make all the necessary changes.