Red Hat Enterprise Linux: Updated initscripts packages that fix one bug are now available for Red Hat
Enterprise Linux 6.
Monthly Archives: February 2016
RHBA-2016:0134-1: firefox bug fix update
Red Hat Enterprise Linux: Updated firefox packages that fix one bug are now available for Red Hat
Enterprise Linux 6.
RHSA-2016:0158-1: Moderate: python-django security update
Red Hat Enterprise Linux: Updated python-django packages that fix one security issue are now
available for Red Hat Enterprise Linux OpenStack Platform 5.0 for Red Hat
Enterprise Linux 6.
Red Hat Product Security has rated this update as having Moderate security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.
CVE-2015-8213
RHSA-2016:0157-1: Moderate: python-django security update
Red Hat Enterprise Linux: Updated python-django packages that fix one security issue are now
available for Red Hat Enterprise Linux OpenStack Platform 5.0 for Red Hat
Enterprise Linux 7.
Red Hat Product Security has rated this update as having Moderate security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.
CVE-2015-8213
USN-2892-1: nginx vulnerabilities
Ubuntu Security Notice USN-2892-1
9th February, 2016
nginx vulnerabilities
A security issue affects these releases of Ubuntu and its
derivatives:
- Ubuntu 15.10
- Ubuntu 14.04 LTS
Summary
Several security issues were fixed in nginx.
Software description
- nginx
– small, powerful, scalable web/proxy server
Details
It was discovered that nginx incorrectly handled certain DNS server
responses when the resolver is enabled. A remote attacker could possibly
use this issue to cause nginx to crash, resulting in a denial of service.
(CVE-2016-0742)
It was discovered that nginx incorrectly handled CNAME response processing
when the resolver is enabled. A remote attacker could use this issue to
cause nginx to crash, resulting in a denial of service, or possibly execute
arbitrary code. (CVE-2016-0746)
It was discovered that nginx incorrectly handled CNAME resolution when
the resolver is enabled. A remote attacker could possibly use this issue to
cause nginx to consume resources, resulting in a denial of service.
(CVE-2016-0747)
Update instructions
The problem can be corrected by updating your system to the following
package version:
- Ubuntu 15.10:
-
nginx-extras
1.9.3-1ubuntu1.1
-
nginx-full
1.9.3-1ubuntu1.1
-
nginx-core
1.9.3-1ubuntu1.1
-
nginx-light
1.9.3-1ubuntu1.1
- Ubuntu 14.04 LTS:
-
nginx-extras
1.4.6-1ubuntu3.4
-
nginx-full
1.4.6-1ubuntu3.4
-
nginx-core
1.4.6-1ubuntu3.4
-
nginx-light
1.4.6-1ubuntu3.4
-
nginx-naxsi
1.4.6-1ubuntu3.4
To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.
In general, a standard system update will make all the necessary changes.
References
All Versions of Windows affected by Critical Security Vulnerability
Microsoft has released 13 security bulletins, six of which are considered to be critical, resolving a total of 41 security vulnerabilities in its software this month.
Every Windows version Affected:
One of the critical vulnerabilities affects all supported version of Windows, including Microsoft’s newest Windows 10 operating system, as well as Windows Server 2016 Tech Preview 4.
The
We're Going To Use Your Toothbrush To Spy On You, Says Clapper
'Hack' On DoJ And DHS Downplayed
Obama Asks Congress For $19 Billion To Stop Hacks
D-Link DCS-930L Authenticated Remote Command Execution
The D-Link DCS-930L Network Video Camera is vulnerable to OS Command Injection via the web interface. The vulnerability exists at /setSystemCommand, which is accessible with credentials. This vulnerability was present in firmware version 2.01 and fixed by 2.12.