Red Hat Enterprise Linux: Updated libtool packages that fix one bug are now available for Red Hat
Enterprise Linux 7.2 Extended Update Support.
Monthly Archives: March 2017
RHBA-2017:0502-1: polkit bug fix update
Red Hat Enterprise Linux: Updated polkit packages that fix one bug are now available for Red Hat
Enterprise Linux 7.2 Extended Update Support.
USN-3231-1: Pidgin vulnerability
Ubuntu Security Notice USN-3231-1
14th March, 2017
pidgin vulnerability
A security issue affects these releases of Ubuntu and its
derivatives:
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
Summary
Pidgin could be made to crash or run programs if it received specially
crafted network traffic.
Software description
- pidgin
– graphical multi-protocol instant messaging client for X
Details
Joseph Bisch discovered that Pidgin incorrectly handled certain xml
messages. A remote attacker could use this issue to cause Pidgin to crash,
resulting in a denial of service, or possibly execute arbitrary code.
Update instructions
The problem can be corrected by updating your system to the following
package version:
- Ubuntu 14.04 LTS:
-
libpurple0
1:2.10.9-0ubuntu3.4
- Ubuntu 12.04 LTS:
-
libpurple0
1:2.10.3-0ubuntu1.8
To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.
After a standard system update you need to restart Pidgin to make all the
necessary changes.
References
USN-3232-1: ImageMagick vulnerabilities
Ubuntu Security Notice USN-3232-1
14th March, 2017
imagemagick vulnerabilities
A security issue affects these releases of Ubuntu and its
derivatives:
- Ubuntu 16.10
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
Summary
Several security issues were fixed in ImageMagick.
Software description
- imagemagick
– Image manipulation programs and library
Details
It was discovered that ImageMagick incorrectly handled certain malformed
image files. If a user or automated system using ImageMagick were tricked
into opening a specially crafted image, an attacker could exploit this to
cause a denial of service or possibly execute code with the privileges of
the user invoking the program.
Update instructions
The problem can be corrected by updating your system to the following
package version:
- Ubuntu 16.10:
-
libmagick++-6.q16-5v5
8:6.8.9.9-7ubuntu8.5
-
imagemagick
8:6.8.9.9-7ubuntu8.5
-
libmagickcore-6.q16-2-extra
8:6.8.9.9-7ubuntu8.5
-
imagemagick-6.q16
8:6.8.9.9-7ubuntu8.5
-
libmagickcore-6.q16-2
8:6.8.9.9-7ubuntu8.5
- Ubuntu 16.04 LTS:
-
libmagick++-6.q16-5v5
8:6.8.9.9-7ubuntu5.6
-
imagemagick
8:6.8.9.9-7ubuntu5.6
-
libmagickcore-6.q16-2-extra
8:6.8.9.9-7ubuntu5.6
-
imagemagick-6.q16
8:6.8.9.9-7ubuntu5.6
-
libmagickcore-6.q16-2
8:6.8.9.9-7ubuntu5.6
- Ubuntu 14.04 LTS:
-
libmagick++5
8:6.7.7.10-6ubuntu3.6
-
libmagickcore5-extra
8:6.7.7.10-6ubuntu3.6
-
libmagickcore5
8:6.7.7.10-6ubuntu3.6
-
imagemagick
8:6.7.7.10-6ubuntu3.6
- Ubuntu 12.04 LTS:
-
libmagick++4
8:6.6.9.7-5ubuntu3.9
-
libmagickcore4
8:6.6.9.7-5ubuntu3.9
-
imagemagick
8:6.6.9.7-5ubuntu3.9
-
libmagickcore4-extra
8:6.6.9.7-5ubuntu3.9
To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.
In general, a standard system update will make all the necessary changes.
References
CVE-2017-6907
An issue was discovered in Open.GL before 2017-03-13. The vulnerability exists due to insufficient filtration of user-supplied data (content) passed to the “Open.GL-master/index.php” URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.
CVE-2017-6905
An issue was discovered in concrete5 <= 5.6.3.4. The vulnerability exists due to insufficient filtration of user-supplied data (disable_choose) passed to the “concrete5-legacy-master/web/concrete/tools/files/search_dialog.php” URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.
CVE-2017-6908
An issue was discovered in concrete5 <= 5.6.3.4. The vulnerability exists due to insufficient filtration of user-supplied data (fID) passed to the “concrete5-legacy-master/web/concrete/tools/files/selector_data.php” URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.
CVE-2017-6909
An issue was discovered in Shimmie <= 2.5.1. The vulnerability exists due to insufficient filtration of user-supplied data (log) passed to the “shimmie2-master/ext/chatbox/history/index.php” URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.
CVE-2017-6906
An issue was discovered in SiberianCMS before 4.10.0. The vulnerability exists due to insufficient filtration of user-supplied data (log) passed to the the “SiberianCMS-master/errors/500.php” URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.
DSA-3810 chromium-browser – security update
Several vulnerabilities have been discovered in the chromium web browser.