Gentoo Linux Security Advisory 201612-25 – A vulnerability in CrackLib could lead to the execution of arbitrary code. Versions less than 2.9.6-r1 are affected.

Gentoo Linux Security Advisory 201612-26 – Multiple vulnerabilities have been found in OpenJPEG, the worst of which may allow execution of arbitrary code. Versions less than 2.1.1_p20160922 are affected.

Red Hat Security Advisory 2016-2928-01 – MariaDB is a multi-user, multi-threaded SQL database server. For all practical purposes, MariaDB is binary-compatible with MySQL. The following packages have been upgraded to a newer upstream version: rh-mariadb101-mariadb. Security Fix: It was discovered that the MariaDB logging functionality allowed writing to MariaDB configuration files. An administrative database user, or a database user with FILE privileges, could possibly use this flaw to run arbitrary commands with root privileges on the system running the database server.

Red Hat Security Advisory 2016-2927-01 – MariaDB is a multi-user, multi-threaded SQL database server. For all practical purposes, MariaDB is binary-compatible with MySQL. The following packages have been upgraded to a newer upstream version: rh-mariadb100-mariadb. Security Fix: It was discovered that the MariaDB logging functionality allowed writing to MariaDB configuration files. An administrative database user, or a database user with FILE privileges, could possibly use this flaw to run arbitrary commands with root privileges on the system running the database server.

Red Hat Security Advisory 2016-2937-01 – This release of Red Hat JBoss BPM Suite 6.3.4 serves as a replacement for Red Hat JBoss BPM Suite 6.3.3, and includes bug fixes and enhancements, which are documented in the Release Notes of the patch linked to in the References section. Security Fix: Drools Workbench contains the path traversal vulnerability. The vulnerability allows a remote, authenticated attacker to bypass the directory restrictions and retrieve arbitrary files from the affected host.

Red Hat Security Advisory 2016-2938-01 – This release of Red Hat JBoss BRMS 6.3.4 serves as a replacement for Red Hat JBoss BRMS 6.3.3, and includes bug fixes and enhancements, which are documented in the Release Notes of the patch linked to in the References section. Security Fix: Drools Workbench contains the path traversal vulnerability. The vulnerability allows a remote, authenticated attacker to bypass the directory restrictions and retrieve arbitrary files from the affected host.

Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).

GnuTLS is a secure communications library implementing the SSL and TLS protocols and technologies around them. It provides a simple C language application programming interface (API) to access the secure communications protocols, as well as APIs to parse and write X.509, PKCS #12, OpenPGP, and other required structures. It is intended to be portable and efficient with a focus on security and interoperability.