Adobe Flash suffers from an out-of-bounds read in metadata parsing.
Monthly Archives: March 2017
Adobe Flash MovieClip Use-After-Free
Adobe Flash suffers from a use-after-free in MovieClip attach init object.
Ubuntu Security Notice USN-3232-1
Ubuntu Security Notice 3232-1 – It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the program.
Red Hat Security Advisory 2017-0517-01
Red Hat Security Advisory 2017-0517-01 – Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. This release of Red Hat JBoss Enterprise Application Platform 6.4.14 serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.13, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix: It was discovered that EAP packages in certain versions of Red Hat Enterprise Linux use incorrect permissions for /etc/sysconfig/jbossas configuration files. The file is writable to jboss group. On systems using classic /etc/init.d init scripts, the file is sourced by the jboss init script and its content executed with root privileges when jboss service is started, stopped, or restarted.
Microsoft Security Bulletin Summary For March, 2017
This bulletin summary lists eighteen released Microsoft security bulletins for March, 2017.
cloud-init-0.7.9-4.fc26
This update fixes several issues with systemd service ordering and network configuration. It also backports a fix for a [security issue](https://bugs.launchpad.net/cloud-init/+bug/1638312) in which instances run in EC2 write IAM instance profile credentials to disk. To work around the security issue without updating cloud-init, wait at least six hours between creating a bundle or an EBS snapshot and registering that as a machine image.
cloud-init-0.7.8-6.fc25
This update fixes a systemd service ordering issue in cloud-init and backports a fix for a [security issue](https://bugs.launchpad.net/cloud-init/+bug/1638312) in which instances run in EC2 write IAM instance profile credentials to disk. To work around the security issue without updating cloud-init, wait at least six hours between creating a bundle or an EBS snapshot and registering that as a machine image.
CVE-2016-8020
Improper control of generation of code vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote authenticated users to execute arbitrary code via a crafted HTTP request parameter.
CVE-2016-8019
Cross-site scripting (XSS) vulnerability in attributes in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows unauthenticated remote attackers to inject arbitrary web script or HTML via a crafted user input.
CVE-2016-8017
Special element injection vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows authenticated remote attackers to read files on the webserver via a crafted user input.