Red Hat Enterprise Linux: An update for qemu-kvm-rhev is now available for Red Hat OpenStack Platform 9.0
(Mitaka).
Red Hat Product Security has rated this update as having a security impact of
Important. A Common Vulnerability Scoring System (CVSS) base score, which gives
a detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.
CVE-2017-2615, CVE-2017-2620
Red Hat Enterprise Linux: An update for qemu-kvm-rhev is now available for Red Hat OpenStack Platform 10.0
(Newton).
Red Hat Product Security has rated this update as having a security impact of
Important. A Common Vulnerability Scoring System (CVSS) base score, which gives
a detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.
CVE-2017-2615, CVE-2017-2620
Red Hat Enterprise Linux: An updated opendaylight package that adds new features is now available for Red
Hat OpenStack Platform 10.0 (Newton) for RHEL 7.
27th February, 2017
A security issue affects these releases of Ubuntu and its
derivatives:
LibTIFF could be made to crash or run programs as your login if it opened a
specially crafted file.
It was discovered that LibTIFF incorrectly handled certain malformed
images. If a user or automated system were tricked into opening a specially
crafted image, a remote attacker could crash the application, leading to a
denial of service, or possibly execute arbitrary code with user privileges.
The problem can be corrected by updating your system to the following
package version:
To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.
In general, a standard system update will make all the necessary changes.
Multiple vulnerabilities have been found in the PDF viewer MuPDF, which
may result in denial of service or the execution of arbitrary code if
a malformed PDF file is opened.
Xen through 4.7.x allows local ARM guest OS users to cause a denial of service (host crash) via vectors involving an asynchronous abort while at EL2.
Xen through 4.7.x allows local ARM guest OS users to cause a denial of service (host panic) by sending an asynchronous abort.
The DrawDashPolygon function in magick/render.c in GraphicsMagick before 1.3.24 and the SVG renderer in ImageMagick allow remote attackers to cause a denial of service (infinite loop) by converting a circularly defined SVG file.
The buf.pl before 2.20 script in Irssi before 0.8.20 uses weak permissions for the scrollbuffer dump file created between upgrades, which might allow local users to obtain sensitive information from private chat conversations by reading the file.
Xen through 4.7.x allows local ARM guest OS users to cause a denial of service (host crash) via vectors involving a (1) data or (2) prefetch abort with the ESR_EL2.EA bit set.