Red Hat Security Advisory 2016-0430-01 – Xerces-C is a validating XML parser written in a portable subset of C++. It was discovered that the Xerces-C XML parser did not properly process certain XML input. By providing specially crafted XML data to an application using Xerces-C for XML processing, a remote attacker could exploit this flaw to cause an application crash or, possibly, execute arbitrary code with the privileges of the application.
Monthly Archives: March 2016
Ubuntu Security Notice USN-2920-1
Ubuntu Security Notice 2920-1 – It was discovered that the ContainerNode::parserRemoveChild function in Blink mishandled widget updates in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass same-origin restrictions. It was discovered that the PPB_Flash_MessageLoop_Impl::InternalRun function in Chromium mishandled nested message loops. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass same-origin restrictions. Various other issues were also addressed.
Linux Netfilter IPT_SO_SET_REPLACE Memory Corruption
A memory corruption vulnerability exists in the IPT_SO_SET_REPLACE ioctl in the netfilter code for iptables support. This ioctl is can be triggered by an unprivileged user on PF_INET sockets when unprivileged user namespaces are available (CONFIG_USER_NS=y). Android does not enable this option, but desktop/server distributions and Chrome OS will commonly enable this to allow for containers support or sandboxing.
GNU Transport Layer Security Library 3.3.22
GnuTLS is a secure communications library implementing the SSL and TLS protocols and technologies around them. It provides a simple C language application programming interface (API) to access the secure communications protocols, as well as APIs to parse and write X.509, PKCS #12, OpenPGP, and other required structures. It is intended to be portable and efficient with a focus on security and interoperability. This is the previous stable release.
Android BnBluetoothGattServer / BnBluetoothGatServerCallback IPC Memory Corruption
The SEND_RESPONSE_TRANSACTION and SEND_NOTIFICATION_TRANSACTION IPC calls in BnBluetoothGattServer::onTransact are vulnerable to stack corruption which could allow an attacker to locally elevate privileges to the level of the bluetooth service.
Citrix Releases Security Update
Original release date: March 10, 2016
Citrix has released updates to address a vulnerability in its Citrix Licensing Server. Exploitation of this vulnerability could allow a remote attacker to take control of an affected server.
Users and administrators are encouraged to review Citrix Security Bulletin CTX207824 and Vulnerability Note VU#485744 for more information and apply the necessary updates.
This product is provided subject to this Notification and this Privacy & Use policy.
Exim Local Privilege Escalation
Exim versions prior to 4.86.2 suffer from a local root privilege escalation vulnerability. When Exim installation has been compiled with Perl support and contains a perl_startup configuration variable it can be exploited by malicious local attackers to gain root privileges.
Adobe Releases Security Updates for Flash Player
Original release date: March 10, 2016
Adobe has released security updates to address multiple vulnerabilities in Flash Player. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system.
US-CERT encourages users and administrators to review Adobe Security Bulletin APSB16-08 and apply the necessary updates.
This product is provided subject to this Notification and this Privacy & Use policy.
CESA-2016:0430 Important CentOS 7 xerces-cSecurity Update
CentOS Errata and Security Advisory 2016:0430 Important Upstream details at : https://rhn.redhat.com/errata/RHSA-2016-0430.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) x86_64: 0102baca3c47fdb3a16d421d42be3c2e1944ef95cf0bad1b42d01e8fda4d5f83 xerces-c-3.1.1-8.el7_2.i686.rpm 06c92060b15956706630e2d2fd84d72ad71db65151b4435828980d869a7d4f11 xerces-c-3.1.1-8.el7_2.x86_64.rpm 9009f3e814779b14a0e0d6a75fbe555804f2a031e70b15309fe6734205c1c4d2 xerces-c-devel-3.1.1-8.el7_2.i686.rpm dad423ae642a29be177bb4825f71ad3fa5d8db98c4ee658f12094e30c3a88d04 xerces-c-devel-3.1.1-8.el7_2.x86_64.rpm 7fbb6adaf2adb7f3dbf34bf3f2c9e9ea4da1bd61660d84856189583511eec395 xerces-c-doc-3.1.1-8.el7_2.noarch.rpm Source: 95181791907cd7b8bc12c5814cf8e8182aec7dd51faa88224c6f1ec3f4a2336c xerces-c-3.1.1-8.el7_2.src.rpm
CESA-2016:C001 ipa and glusterfs Update
CentOS Errata and BugFix Advisory 2016:C001 Upstream details at : https://bugs.centos.org/view.php?id=10538 The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) x86_64: 96963d839797a7601ef6a4922c94e7ef82b42fcb70533f9a31c43adceee2fb19 glusterfs-3.7.1-16.0.1.el7.centos.x86_64.rpm 0edd9669023af5881cd554a25f11af30c4ad1cec2ac515355a55541ca5afd444 glusterfs-api-3.7.1-16.0.1.el7.centos.x86_64.rpm 1ff4ab3dee2755555db663d522929c45949544d023f0af862e595234eb206b1e glusterfs-api-devel-3.7.1-16.0.1.el7.centos.x86_64.rpm 310cdbc4645b1dff02f7fd1ab15ca11f3d2b65a49e684a3015de264cc9055d2d glusterfs-cli-3.7.1-16.0.1.el7.centos.x86_64.rpm 7ebb8186125e4246b0ba612961872e3a6229351d15c6849c9b4d3d57587005f0 glusterfs-client-xlators-3.7.1-16.0.1.el7.centos.x86_64.rpm fb6f197ac33e79768892ec98548521cba9dbabbaf6dd577a1b9d09c461c344bc glusterfs-devel-3.7.1-16.0.1.el7.centos.x86_64.rpm c50c59c56d305efd2caaf49f9a03a934f60d6d60b9ede5fa6f9c7c41d4d0af3e glusterfs-fuse-3.7.1-16.0.1.el7.centos.x86_64.rpm 8eb112d7a006b9edcf0a6dce79abb6018909c8d9b6baa645f623f5cc4a38a837 glusterfs-libs-3.7.1-16.0.1.el7.centos.x86_64.rpm 959d24d812bb0679000f78d9e17b13476e424bb811b159eea8632d98dd2b46a3 glusterfs-rdma-3.7.1-16.0.1.el7.centos.x86_64.rpm be195e50fcbd3c190e90ecbe5690a664e01bf953ae29be709a4a6aba662736bb ipa-admintools-4.2.0-15.0.1.el7.centos.6.x86_64.rpm 46df2769ffc4e7439ddd6a8a140b0afcb4f45204aa717dbe4fc027dd4c5dda71 ipa-client-4.2.0-15.0.1.el7.centos.6.x86_64.rpm c64d59f138beb4fb8a8a3a200c7696213eebf5c07ac50bb43a7faaadd1b5b9c0 ipa-python-4.2.0-15.0.1.el7.centos.6.x86_64.rpm c20a31a1e4ac386e50c55839ef25b4ad1b3c261d60981da35d7c0d6a7d773ee9 ipa-server-4.2.0-15.0.1.el7.centos.6.x86_64.rpm 9accd7c6001f0f0c02b37eae8538e3045eaaf0f04008d5202fd4007368ba0a64 ipa-server-dns-4.2.0-15.0.1.el7.centos.6.x86_64.rpm 5a5a91ff922ba863eef85723f589d3c940d2e8e529683ca811016688f7bcc95a ipa-server-trust-ad-4.2.0-15.0.1.el7.centos.6.x86_64.rpm 2bc01ee09379a075724d311ff883fac2564ac27826a5b4ee0d4c7c09492a75c4 python-gluster-3.7.1-16.0.1.el7.centos.x86_64.rpm Source: e2ca01712e5f0c52b16a9397597ca15597bccf692881404f695f6cec8f97d925 glusterfs-3.7.1-16.0.1.el7.centos.src.rpm febdf5cf5065c93fb4ba44c02f3ac44bfe1a02b2ff5c489e3a4ec8556c99762f ipa-4.2.0-15.0.1.el7.centos.6.src.rpm NOTE: This rebuild was done to all the packages to have a DIST tag of .el7.centos.