Red Hat Security Advisory 2016-2766-01 – The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: It was found that stacking a file system over procfs in the Linux kernel could lead to a kernel stack overflow due to deep nesting, as demonstrated by mounting ecryptfs over procfs and creating a recursion by mapping /proc/environ. An unprivileged, local user could potentially use this flaw to escalate their privileges on the system.
Monthly Archives: November 2016
Red Hat Security Advisory 2016-2778-01
Red Hat Security Advisory 2016-2778-01 – Red Hat OpenShift Container Platform is the company’s cloud computing Platform-as-a-Service solution designed for on-premise or private cloud deployments. Security Fix: Ansible fails to properly sanitize fact variables sent from the Ansible controller. An attacker with the ability to create special variables on the controller could execute arbitrary commands on Ansible clients as the user Ansible runs as.
HP Security Bulletin HPSBST03671 1
HP Security Bulletin HPSBST03671 1 – A security vulnerability in PHP was addressed by the HPE StoreEver MSL6480 Tape Library firmware version 5.10. The vulnerability could be exploited remotely to allow Unauthorized Disclosure of Information. Revision 1 of this advisory.
Red Hat Security Advisory 2016-2696-01
Red Hat Security Advisory 2016-2696-01 – Red Hat OpenShift Container Platform is the company’s cloud computing Platform-as-a-Service solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform release 3.3.1.4. Multiple security issues have been addressed.
Symantec Releases Security Updates
Original release date: November 15, 2016
Symantec has released security updates to address a vulnerability in multiple products. Exploitation of this vulnerability may allow an attacker to take control of an affected system.
US-CERT encourages users and administrators to review Symantec Security Advisory SYM16-020 and apply the necessary updates.
This product is provided subject to this Notification and this Privacy & Use policy.
Cryptsetup 2:1.7.3-2 Root Initramfs Shell
A vulnerability in Cryptsetup, concretely in the scripts that unlock the system partition when the partition is ciphered using LUKS (Linux Unified Key Setup). This vulnerability allows to obtain a root initramfs shell on affected systems. The vulnerability is very reliable because it doesn’t depend on specific systems or configurations. Attackers can copy, modify or destroy the hard disc as well as set up the network to data. In cloud environments it is also possible to remotely exploit this vulnerability without having “physical access”. Cryptsetup versions 2:1.7.3-2 and below are affected.
DSA-3716 firefox-esr – security update
Multiple security issues have been found in the Mozilla Firefox web
browser: Multiple memory safety errors, buffer overflows and other
implementation errors may lead to the execution of arbitrary code or
bypass of the same-origin policy. Also, a man-in-the-middle attack in
the addon update mechanism has been fixed.
Vuln: Mozilla Firefox CVE-2016-5296 Heap Buffer Overflow Vulnerability
Mozilla Firefox CVE-2016-5296 Heap Buffer Overflow Vulnerability
Vuln: Cisco IOS XE Software CVE-2016-6450 Local Directory Traversal Vulnerability
Cisco IOS XE Software CVE-2016-6450 Local Directory Traversal Vulnerability
Vuln: Mozilla Network Security Services CVE-2016-9074 Multiple Security Bypass Vulnerabilities
Mozilla Network Security Services CVE-2016-9074 Multiple Security Bypass Vulnerabilities