Red Hat Enterprise Linux: This is the final notification for the retirement of Red Hat Enterprise Linux
5.6 Advanced Mission Critical (AMC). This notification applies only to those
customers subscribed to the Advanced Mission Critical (AMC) channel for Red Hat
Enterprise Linux 5.6.
Monthly Archives: April 2017
USN-3253-1: Nagios vulnerabilities
Ubuntu Security Notice USN-3253-1
3rd April, 2017
nagios3 vulnerabilities
A security issue affects these releases of Ubuntu and its
derivatives:
- Ubuntu 16.10
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
Summary
Several security issues were fixed in Nagios.
Software description
- nagios3
– host/service/network monitoring and management system
Details
It was discovered that Nagios incorrectly handled certain long strings. A
remote authenticated attacker could use this issue to cause Nagios to
crash, resulting in a denial of service, or possibly obtain sensitive
information. (CVE-2013-7108, CVE-2013-7205)
It was discovered that Nagios incorrectly handled certain long messages to
cmd.cgi. A remote attacker could possibly use this issue to cause Nagios to
crash, resulting in a denial of service. (CVE-2014-1878)
Dawid Golunski discovered that Nagios incorrectly handled symlinks when
accessing log files. A local attacker could possibly use this issue to
elevate privileges. In the default installation of Ubuntu, this should be
prevented by the Yama link restrictions. (CVE-2016-9566)
Update instructions
The problem can be corrected by updating your system to the following
package version:
- Ubuntu 16.10:
-
nagios3-core
3.5.1.dfsg-2.1ubuntu3.1
-
nagios3-cgi
3.5.1.dfsg-2.1ubuntu3.1
- Ubuntu 16.04 LTS:
-
nagios3-core
3.5.1.dfsg-2.1ubuntu1.1
-
nagios3-cgi
3.5.1.dfsg-2.1ubuntu1.1
- Ubuntu 14.04 LTS:
-
nagios3-core
3.5.1-1ubuntu1.1
-
nagios3-cgi
3.5.1-1ubuntu1.1
To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.
In general, a standard system update will make all the necessary changes.
References
Avira goes Prime time with its new all-in-one premium subscription service
We have launched Avira Prime, the industry’s first all-in-one subscription service that provides you with convenient, no-obligation coverage for all of your online security, privacy, and performance needs. The Prime range of solutions cover the major operating systems for today’s growing portfolios of online devices, whether they run on Windows, Mac, iOS, or Android. With […]
The post Avira goes Prime time with its new all-in-one premium subscription service appeared first on Avira Blog.
Kaspersky Lab identifies alarming trend: cybercriminals are focusing heavily on businesses
Kaspersky Lab researchers have discovered an emerging and alarming trend: more and more cybercriminals are turning their attention from attacks against private users to targeted ransomware attacks against businesses.
Double Attack: What Are Fileless Banking Attackers Really After?
Kaspersky Lab experts announced research detailing how attackers are using unique tactics to withdraw money through remote administration from ATMs.
CVE-2014-9922
The eCryptfs subsystem in the Linux kernel before 3.18 allows local users to gain privileges via a large filesystem stack that includes an overlayfs layer, related to fs/ecryptfs/main.c and fs/overlayfs/super.c.
CVE-2016-10229
udp.c in the Linux kernel before 4.5 allows remote attackers to execute arbitrary code via UDP traffic that triggers an unsafe second checksum calculation during execution of a recv system call with the MSG_PEEK flag.
php-horde-Horde-Crypt-2.7.6-1.fc24
**Horde_Crypt 2.7.6**
* [mjr] SECURITY: Fix remote code execution vulnerability (**CVE-2017-7413**, and **CVE-2017-7414**).
php-horde-Horde-Crypt-2.7.6-1.fc25
**Horde_Crypt 2.7.6**
* [mjr] SECURITY: Fix remote code execution vulnerability (**CVE-2017-7413**, and **CVE-2017-7414**).
php-horde-Horde-Crypt-2.7.6-1.el6
**Horde_Crypt 2.7.6**
* [mjr] SECURITY: Fix remote code execution vulnerability (**CVE-2017-7413**, and **CVE-2017-7414**).