Red Hat Enterprise Linux: An update for puppet-swift is now available for Red Hat OpenStack Platform 10.0
(Newton).
Red Hat Product Security has rated this update as having a security impact of
Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a
detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.
CVE-2016-9590
Red Hat Enterprise Linux: An update for kernel is now available for Red Hat Enterprise Linux 6.4 Advanced
Update Support.
Red Hat Product Security has rated this update as having a security impact of
Important. A Common Vulnerability Scoring System (CVSS) base score, which gives
a detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.
CVE-2016-7117
Red Hat Enterprise Linux: Updated OpenStack Telemetry packages that resolve various issues are now
available for Red Hat OpenStack Platform 10.0 (Newton) for RHEL 7.
Red Hat Enterprise Linux: Updated OpenStack Dashboard packages that resolve various issues are now
available for Red Hat OpenStack Platform 10.0 (Newton) for RHEL 7.
Red Hat Enterprise Linux: Updated OpenStack Networking packages that resolve various issues are now
available for Red Hat OpenStack Platform 10.0 (Newton) for RHEL 7.
An exploitable out-of-bounds read vulnerability exists in the client message-parsing functionality of Aerospike Database Server 3.10.0.3. A specially crafted packet can cause an out-of-bounds read resulting in disclosure of memory within the process, the same vulnerability can also be used to trigger a denial of service. An attacker can simply connect to the port and send the packet to trigger this vulnerability.
An exploitable stack-based buffer overflow vulnerability exists in the querying functionality of Aerospike Database Server 3.10.0.3. A specially crafted packet can cause a stack-based buffer overflow in the function as_sindex__simatch_list_by_set_binid resulting in remote code execution. An attacker can simply connect to the port to trigger this vulnerability.
An exploitable stack-based buffer overflow vulnerability exists in the querying functionality of Aerospike Database Server 3.10.0.3. A specially crafted packet can cause a stack-based buffer overflow in the function as_sindex__simatch_by_iname resulting in remote code execution. An attacker can simply connect to the port to trigger this vulnerability.
An exploitable heap write out of bounds vulnerability exists in the decoding of BPG images in Libbpg library. A crafted BPG image decoded by libbpg can cause an integer underflow vulnerability causing an out of bounds heap write leading to remote code execution. This vulnerability can be triggered via attempting to decode a crafted BPG image using Libbpg.
Facebook is letting users tie a physical security key to their account as an added layer of security.