Cisco Security Advisory: Cisco Meeting Server Client Authentication Bypass Vulnerability
Monthly Archives: October 2016
RHSA-2016:2057-1: Critical: flash-plugin security update
Red Hat Enterprise Linux: An update for flash-plugin is now available for Red Hat Enterprise Linux 5
Supplementary and Red Hat Enterprise Linux 6 Supplementary.
Red Hat Product Security has rated this update as having a security impact of
Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a
detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.
CVE-2016-4273, CVE-2016-4286, CVE-2016-6981, CVE-2016-6982, CVE-2016-6983, CVE-2016-6984, CVE-2016-6985, CVE-2016-6986, CVE-2016-6987, CVE-2016-6989, CVE-2016-6990, CVE-2016-6992
RHSA-2016:2055-1: Important: Red Hat JBoss Enterprise Application Platform 6.4.10 natives update on RHEL 6
Red Hat Enterprise Linux: Updated packages that provide Red Hat JBoss Enterprise Application Platform
6.4.10 natives, fix several bugs, and add various enhancements are now available
for Red Hat Enterprise Linux 6.
Red Hat Product Security has rated this update as having a security impact of
Important. A Common Vulnerability Scoring System (CVSS) base score, which gives
a detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.
CVE-2015-3183, CVE-2015-3195, CVE-2015-4000, CVE-2016-2105, CVE-2016-2106, CVE-2016-2108, CVE-2016-2109, CVE-2016-3110, CVE-2016-4459
RHEA-2016:2053-1: new packages: kmod-qed, kmod-qede
Red Hat Enterprise Linux: The kmod-qed packages contain the QLogic FastLinQ 4xxxx Core Module and the
kmod-qede packages contain the QLogic FastLinQ 4xxxx Ethernet Driver.
USN-3100-1: KDE-PIM Libraries vulnerability
Ubuntu Security Notice USN-3100-1
12th October, 2016
kdepimlibs vulnerability
A security issue affects these releases of Ubuntu and its
derivatives:
- Ubuntu 12.04 LTS
Summary
KMail could be made to run HTML if it opened a specially crafted email.
Software description
- kdepimlibs
– the KDE PIM libraries
Details
Roland Tapken discovered that the KDE-PIM Libraries incorrectly filtered
URLs. A remote attacker could use this issue to perform an HTML injection
attack in the KMail plain text viewer.
Update instructions
The problem can be corrected by updating your system to the following
package version:
- Ubuntu 12.04 LTS:
-
libkpimutils4
4:4.8.5-0ubuntu0.3
To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.
After a standard system update you need to restart KMail to make all the
necessary changes.
References
USN-3101-1: Tracker vulnerability
Ubuntu Security Notice USN-3101-1
12th October, 2016
tracker vulnerability
A security issue affects these releases of Ubuntu and its
derivatives:
- Ubuntu 16.04 LTS
Summary
Tracker could be made to crash if it opened a specially crafted file.
Software description
- tracker
– metadata database, indexer and search tool
Details
It was discovered that Tracker incorrectly handled certain malformed GIF
images. If a user or automated system were tricked into downloading a
specially-crafted GIF image, Tracker could crash, resulting in a denial of
service.
Update instructions
The problem can be corrected by updating your system to the following
package version:
- Ubuntu 16.04 LTS:
-
tracker-extract
1.6.2-0ubuntu1.1
To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.
After a standard system update you need to restart your session to make
all the necessary changes.
References
VOX Music Player 2.8.8 Denial Of Service
VOX Music Player version 2.8.8 denial of service exploit that leverages a malicious .pls file.
Hotspot Shield 6.0.3 Privilege Escalation
Hotspot Shield version 6.0.3 suffers from an unquoted service path privilege escalation vulnerability.
IObit Malware Fighter 4.3.1 Privilege Escalation
IObit Malware Fighter version 4.3.1 suffers from an unquoted service path privilege escalation vulnerability.