Monthly Archives: January 2017

NVD

CVE-2017-0399 (android)

An information disclosure vulnerability in lvm/wrapper/Bundle/EffectBundle.cpp in libeffects in the Qualcomm audio post processor could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-32588756.

NVD

CVE-2017-0396

An information disclosure vulnerability in visualizer/EffectVisualizer.cpp in libeffects in Mediaserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-31781965.

NVD

CVE-2017-0383

An elevation of privilege vulnerability in the Framework APIs could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 7.0, 7.1. Android ID: A-31677614.

Redhat

RHSA-2017:0061-1: Important: java-1.6.0-openjdk security update

Red Hat Enterprise Linux: An update for java-1.6.0-openjdk is now available for Red Hat Enterprise Linux
5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of
Important. A Common Vulnerability Scoring System (CVSS) base score, which gives
a detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.
CVE-2016-5542, CVE-2016-5554, CVE-2016-5573, CVE-2016-5582, CVE-2016-5597

Ubuntu

USN-3172-1: Bind vulnerabilities

Ubuntu Security Notice USN-3172-1

12th January, 2017

bind9 vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

  • Ubuntu 16.10
  • Ubuntu 16.04 LTS
  • Ubuntu 14.04 LTS
  • Ubuntu 12.04 LTS

Summary

Several security issues were fixed in Bind.

Software description

  • bind9
    – Internet Domain Name Server

Details

It was discovered that Bind incorrectly handled certain malformed responses
to an ANY query. A remote attacker could possibly use this issue to cause
Bind to crash, resulting in a denial of service. (CVE-2016-9131)

It was discovered that Bind incorrectly handled certain malformed responses
to an ANY query. A remote attacker could possibly use this issue to cause
Bind to crash, resulting in a denial of service. (CVE-2016-9147)

It was discovered that Bind incorrectly handled certain malformed DS record
responses. A remote attacker could possibly use this issue to cause Bind to
crash, resulting in a denial of service. This issue only affected Ubuntu
14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-9444)

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 16.10:
bind9

1:9.10.3.dfsg.P4-10.1ubuntu1.2
Ubuntu 16.04 LTS:
bind9

1:9.10.3.dfsg.P4-8ubuntu1.4
Ubuntu 14.04 LTS:
bind9

1:9.9.5.dfsg-3ubuntu0.11
Ubuntu 12.04 LTS:
bind9

1:9.8.1.dfsg.P1-4ubuntu0.20

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2016-9131,

CVE-2016-9147,

CVE-2016-9444

Hackers News

Phone-Hacking Firm Cellebrite Got Hacked; 900GB Of Data Stolen

The company that sells digital forensics and mobile hacking tools to others has itself been hacked.

Israeli firm Cellebrite, the popular company that provides digital forensics tools and software to help law enforcement access mobile phones in investigations, has had 900 GB of its data stolen by an unknown hacker.

But the hacker has not yet publicly released anything from the stolen data