[SECURITY] [DSA 3823-1] eject security update
Monthly Archives: March 2017
Bugtraq: [slackware-security] mariadb (SSA:2017-087-01)
[slackware-security] mariadb (SSA:2017-087-01)
Bugtraq: APPLE-SA-2017-03-28-1 iCloud for Windows 6.2
APPLE-SA-2017-03-28-1 iCloud for Windows 6.2
RHBA-2017:0846-1: grubby bug fix update
Red Hat Enterprise Linux: Updated grubby packages that fix one bug are now available for Red Hat
Enterprise Linux 7.1 Extended Update Support.
RHBA-2017:0845-1: yum-rhn-plugin bug fix update
Red Hat Enterprise Linux: An updated yum-rhn-plugin package that fixes one bug is now available for Red
Hat Enterprise Linux 7.1 Extended Update Support.
RHSA-2017:0847-1: Moderate: curl security update
Red Hat Enterprise Linux: An update for curl is now available for Red Hat Enterprise Linux 6.
Red Hat Product Security has rated this update as having a security impact of
Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a
detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.
CVE-2017-2628
USN-3247-1: AppArmor vulnerability
Ubuntu Security Notice USN-3247-1
28th March, 2017
apparmor vulnerability
A security issue affects these releases of Ubuntu and its
derivatives:
- Ubuntu 16.10
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
Summary
AppArmor could remove the confinement from some programs.
Software description
- apparmor
– Linux security system
Details
Stéphane Graber discovered that AppArmor incorrectly unloaded some profiles
when restarted or upgraded, contrary to expected behavior.
Update instructions
The problem can be corrected by updating your system to the following
package version:
- Ubuntu 16.10:
-
apparmor
2.10.95-4ubuntu5.3
- Ubuntu 16.04 LTS:
-
apparmor
2.10.95-0ubuntu2.6
- Ubuntu 14.04 LTS:
-
apparmor
2.10.95-0ubuntu2.6~14.04.1
- Ubuntu 12.04 LTS:
-
apparmor
2.7.102-0ubuntu3.11
To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.
After a standard system update you need to reboot your computer to make
all the necessary changes.
A new utility, called aa-remove-unknown, was added to assist with profiles that
would have been previously unloaded when AppArmor was restarted or upgraded.
References
Microsoft IIS WebDAV ScStoragePathFromUrl Buffer Overflow (CVE-2017-7269)
A buffer overflow exists in Microsoft Internet Information Services 6.0. The vulnerability is due to improper validation of a long header in HTTP request. A remote attacker could exploit this vulnerability by sending a crafted request over a network to the vulnerable application. Successful exploitation could result in denial of service conditions or execute arbitrary code on the target machine.
CVE-2017-7298
In Moodle 3.2.2+, there is XSS in the Course summary filter of the “Add a new course” page, as demonstrated by a crafted attribute of an SVG element.
CVE-2017-7294
The vmw_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel through 4.10.6 does not validate addition of certain levels data, which allows local users to trigger an integer overflow and out-of-bounds write, and cause a denial of service (system hang or crash) or possibly gain privileges, via a crafted ioctl call for a /dev/dri/renderD* device.