Ubuntu Security Notice 3188-1 – Andrey Konovalov discovered that the SCTP implementation in the Linux kernel improperly handled validation of incoming data. A remote attacker could use this to cause a denial of service.

Ubuntu Security Notice 3190-1 – Mikulas Patocka discovered that the asynchronous multibuffer cryptographic daemon in the Linux kernel did not properly handle being invoked with incompatible algorithms. A local attacker could use this to cause a denial of service. It was discovered that a use-after-free existed in the KVM susbsystem of the Linux kernel when creating devices. A local attacker could use this to cause a denial of service. Various other issues were also addressed.

Ubuntu Security Notice 3177-2 – USN-3177-1 fixed vulnerabilities in Tomcat. The update introduced a regression in environments where Tomcat is started with a security manager. This update fixes the problem. It was discovered that the Tomcat realm implementations incorrectly handled passwords when a username didn’t exist. A remote attacker could possibly use this issue to enumerate usernames. This issue only applied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. Alvaro Munoz and Alexander Mirosh discovered that Tomcat incorrectly limited use of a certain utility method. A malicious application could possibly use this to bypass Security Manager restrictions. Various other issues were also addressed.

Itech Multi Vendor Script version 6.49 suffers from multiple remote SQL injection vulnerabilities.