Red Hat Enterprise Linux: Updated dbus packages that fix one bug are now available for Red Hat Enterprise
Linux 6.5 Advanced Update Support.
Monthly Archives: August 2016
RHSA-2016:1586-1: Moderate: qemu-kvm-rhev security update
Red Hat Enterprise Linux: An update for qemu-kvm-rhev is now available for RHEV-H and Agents for RHEL-6.
Red Hat Product Security has rated this update as having a security impact of
Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a
detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.
CVE-2016-5403
RHSA-2016:1585-1: Moderate: qemu-kvm security update
Red Hat Enterprise Linux: An update for qemu-kvm is now available for Red Hat Enterprise Linux 6.
Red Hat Product Security has rated this update as having a security impact of
Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a
detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.
CVE-2016-5403
RHSA-2016:1583-1: Moderate: rh-nodejs4-nodejs-minimatch security update
Red Hat Enterprise Linux: An update for rh-nodejs4-nodejs-minimatch is now available for Red Hat Software
Collections.
Red Hat Product Security has rated this update as having a security impact of
Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a
detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.
CVE-2016-1000
RHSA-2016:1582-1: Moderate: nodejs010-nodejs-minimatch security update
Red Hat Enterprise Linux: An update for nodejs010-nodejs-minimatch is now available for Red Hat Software
Collections.
Red Hat Product Security has rated this update as having a security impact of
Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a
detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.
CVE-2016-1000
RHSA-2016:1581-1: Important: kernel security update
Red Hat Enterprise Linux: An update for kernel is now available for Red Hat Enterprise Linux 6.4 Advanced
Update Support.
Red Hat Product Security has rated this update as having a security impact of
Important. A Common Vulnerability Scoring System (CVSS) base score, which gives
a detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.
CVE-2016-4565
RHSA-2016:1580-1: Important: chromium-browser security update
Red Hat Enterprise Linux: An update for chromium-browser is now available for Red Hat Enterprise Linux 6
Supplementary.
Red Hat Product Security has rated this update as having a security impact of
Important. A Common Vulnerability Scoring System (CVSS) base score, which gives
a detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.
CVE-2016-5139, CVE-2016-5140, CVE-2016-5141, CVE-2016-5142, CVE-2016-5143, CVE-2016-5144, CVE-2016-5145, CVE-2016-5146
USN-3048-1: curl vulnerabilities
Ubuntu Security Notice USN-3048-1
8th August, 2016
curl vulnerabilities
A security issue affects these releases of Ubuntu and its
derivatives:
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
Summary
Several security issues were fixed in curl.
Software description
- curl
– HTTP, HTTPS, and FTP client and client libraries
Details
Bru Rom discovered that curl incorrectly handled client certificates when
resuming a TLS session. (CVE-2016-5419)
It was discovered that curl incorrectly handled client certificates when
reusing TLS connections. (CVE-2016-5420)
Marcelo Echeverria and Fernando Muñoz discovered that curl incorrectly
reused a connection struct, contrary to expectations. This issue only
applied to Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-5421)
Update instructions
The problem can be corrected by updating your system to the following
package version:
- Ubuntu 16.04 LTS:
-
libcurl3-nss
7.47.0-1ubuntu2.1
-
libcurl3-gnutls
7.47.0-1ubuntu2.1
-
libcurl3
7.47.0-1ubuntu2.1
- Ubuntu 14.04 LTS:
-
libcurl3-nss
7.35.0-1ubuntu2.8
-
libcurl3-gnutls
7.35.0-1ubuntu2.8
-
libcurl3
7.35.0-1ubuntu2.8
- Ubuntu 12.04 LTS:
-
libcurl3-nss
7.22.0-3ubuntu4.16
-
libcurl3-gnutls
7.22.0-3ubuntu4.16
-
libcurl3
7.22.0-3ubuntu4.16
To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.
In general, a standard system update will make all the necessary changes.
References
Facebook User ID Bypass Issue
A vulnerability allowed remote attackers to determine which specific Facebook user ID is linked with a mobile phone number without secure approval. The vulnerability is located in the ctx and recover lwv parameters and /login/identify modules.
AirSnort 0.2.7 Stack Corruption Denial Of Service
AirSnort version 0.2.7 suffers from a stack corruption denial of service vulnerability.