[SYSS-2016-060] Logitech M520 – Insufficient Verification of Data Authenticity (CWE-345)
Monthly Archives: September 2016
Bugtraq: Multiple exposures in Sophos UTM
Multiple exposures in Sophos UTM
RHEA-2016:1982-1: tzdata enhancement update
Red Hat Enterprise Linux: Updated tzdata packages that add various enhancements are now available for Red
Hat Enterprise Linux 4 Extended Life Cycle Support, Red Hat Enterprise Linux 5.6
Long Life, Red Hat Enterprise Linux 5.9 Advanced Update Support, Red Hat
Enterprise Linux 5.11, Red Hat Enterprise Linux 6.2 Advanced Update Support, Red
Hat Enterprise Linux 6.4 Advanced Update Support, Red Hat Enterprise Linux 6.5
Advanced Update Support, Red Hat Enterprise Linux 6.6 Extended Update Support,
Red Hat Enterprise Linux 6.7, Red Hat Enterprise Linux 7.1 Extended Update
Support, Red Hat Enterprise Linux 7.1 Little Endian Extended Update Support, and
Red Hat Enterprise Linux 7.2.
USN-3090-2: Pillow regresssion
Ubuntu Security Notice USN-3090-2
30th September, 2016
Pillow regression
A security issue affects these releases of Ubuntu and its
derivatives:
- Ubuntu 14.04 LTS
Software description
- pillow
– Python Imaging Library compatibility layer
Details
USN-3090-1 fixed vulnerabilities in Pillow. The patch to fix CVE-2014-9601
caused a regression which resulted in failures when processing certain
png images. This update temporarily reverts the security fix for CVE-2014-9601
pending further investigation.
We apologize for the inconvenience.
Original advisory details:
It was discovered that a flaw in processing a compressed text chunk in
a PNG image could cause the image to have a large size when decompressed,
potentially leading to a denial of service. (CVE-2014-9601)
Andrew Drake discovered that Pillow incorrectly validated input. A remote
attacker could use this to cause Pillow to crash, resulting in a denial
of service. (CVE-2014-3589)
Eric Soroos discovered that Pillow incorrectly handled certain malformed
FLI, Tiff, and PhotoCD files. A remote attacker could use this issue to
cause Pillow to crash, resulting in a denial of service.
(CVE-2016-0740, CVE-2016-0775, CVE-2016-2533)
Update instructions
The problem can be corrected by updating your system to the following
package version:
- Ubuntu 14.04 LTS:
-
python-imaging
2.3.0-1ubuntu3.3
-
python3-pil
2.3.0-1ubuntu3.3
-
python-pil
2.3.0-1ubuntu3.3
-
python3-imaging
2.3.0-1ubuntu3.3
To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.
None
References
CVE-2016-3042
Cross-site scripting (XSS) vulnerability in the Web UI in IBM WebSphere Application Server (WAS) Liberty before 16.0.0.3 allows remote authenticated users to inject arbitrary web script or HTML via vectors involving OpenID Connect clients.
CVE-2016-5986
IBM WebSphere Application Server (WAS) 7.x before 7.0.0.43, 8.0.x before 8.0.0.13, 8.5.x before 8.5.5.11, 9.0.x before 9.0.0.2, and Liberty before 16.0.0.3 mishandles responses, which allows remote attackers to obtain sensitive information via unspecified vectors.
CVE-2016-5995
Untrusted search path vulnerability in IBM DB2 9.7 through FP11, 10.1 through FP5, 10.5 before FP8, and 11.1 GA on Linux, AIX, and HP-UX allows local users to gain privileges via a Trojan horse library that is accessed by a setuid or setgid program.
Vuln: phpMyAdmin CVE-2016-5733 Multiple Cross Site Scripting Vulnerabilities
phpMyAdmin CVE-2016-5733 Multiple Cross Site Scripting Vulnerabilities
Vuln: phpMyAdmin CVE-2016-6608 Multiple Cross Site Scripting Vulnerabilities
phpMyAdmin CVE-2016-6608 Multiple Cross Site Scripting Vulnerabilities
Vuln: phpMyAdmin CVE-2016-6607 Multiple Cross Site Scripting Vulnerabilities
phpMyAdmin CVE-2016-6607 Multiple Cross Site Scripting Vulnerabilities