Kaspersky Lab and HackerOne, the leading bug bounty platform, today announced results of the Hacking America: Cybersecurity Perception study, which revealed that American businesses and consumers still need a more comprehensive understanding of cyberthreats and how to protect personal and sensitive business data online.
Monthly Archives: February 2017
BYOD: Untrusted at best, compromised at worst
A decade ago the desktop PC was the primary connection to the Internet, and security was a whole lot easier. Fast forward to today and the threatscape has increased exponentially: More devices, more data, more locations, more malware attacks, and less control. Businesses are struggling to protect their data and processes, and everyone now has a role to play in ensuring that security.
webkitgtk4-2.14.5-1.fc24
This update addresses the following vulnerabilities:
* [CVE-2017-2350](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2350), [CVE-2017-2354](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2354), [CVE-2017-2355](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2355), [CVE-2017-2356](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2356), [CVE-2017-2362](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2362), [CVE-2017-2363](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2363), [CVE-2017-2364](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2364), [CVE-2017-2365](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2365), [CVE-2017-2366](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2366), [CVE-2017-2369](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2369), [CVE-2017-2371](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2371), [CVE-2017-2373](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2373)
Additional fixes:
* Make accelerating compositing mode on-demand again. By default it will only be used for websites that require it, saving a lot of memory on websites that don’t need it.
* Release unused UpdateAtlas and reduce the tile coverage on memory pressure.
* The media backend now stores preloaded media in /var/tmp instead of user cache dir.
* Make inspector work again when accelerated compositing support is disabled.
* Fix a deadlock when the media player is destroyed.
* Fix network process crashes when loading custom URI schemes.
* Fix overlay scrollbars that are over a subframe.
* Fix a crash in GraphicsContext3D::drawArrays when using OpenGL 3.2 core profile.
* Fix BadDamage X errors happening when resizing the WebView.
* Fix several crashes and rendering issues.
webkitgtk4-2.14.4-1.fc24
This update addresses the following vulnerabilities:
* [CVE-2017-2350](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2350), [CVE-2017-2354](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2354), [CVE-2017-2355](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2355), [CVE-2017-2356](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2356), [CVE-2017-2362](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2362), [CVE-2017-2363](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2363), [CVE-2017-2364](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2364), [CVE-2017-2365](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2365), [CVE-2017-2366](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2366), [CVE-2017-2369](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2369), [CVE-2017-2371](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2371), [CVE-2017-2373](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2373)
Additional fixes:
* Make accelerating compositing mode on-demand again. By default it will only be used for websites that require it, saving a lot of memory on websites that don’t need it.
* Fix rendering issues in long documents with transparent background.
* Release unused UpdateAtlas and reduce the tile coverage on memory pressure.
* The media backend now stores preloaded media in /var/tmp instead of user cache dir.
* Make inspector work again when accelerated compositing support is disabled.
* Fix a deadlock when the media player is destroyed.
* Fix network process crashes when loading custom URI schemes.
* Fix overlay scrollbars that are over a subframe.
* Fix a crash in GraphicsContext3D::drawArrays when using OpenGL 3.2 core profile.
* Fix BadDamage X errors happening when resizing the WebView.
* Fix several crashes and rendering issues.
webkitgtk4-2.14.5-1.fc25
This update addresses the following vulnerabilities:
* [CVE-2017-2350](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2350), [CVE-2017-2354](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2354), [CVE-2017-2355](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2355), [CVE-2017-2356](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2356), [CVE-2017-2362](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2362), [CVE-2017-2363](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2363), [CVE-2017-2364](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2364), [CVE-2017-2365](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2365), [CVE-2017-2366](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2366), [CVE-2017-2369](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2369), [CVE-2017-2371](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2371), [CVE-2017-2373](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2373)
Additional fixes:
* Make accelerating compositing mode on-demand again. By default it will only be used for websites that require it, saving a lot of memory on websites that don’t need it.
* Release unused UpdateAtlas and reduce the tile coverage on memory pressure.
* The media backend now stores preloaded media in /var/tmp instead of user cache dir.
* Make inspector work again when accelerated compositing support is disabled.
* Fix a deadlock when the media player is destroyed.
* Fix network process crashes when loading custom URI schemes.
* Fix overlay scrollbars that are over a subframe.
* Fix a crash in GraphicsContext3D::drawArrays when using OpenGL 3.2 core profile.
* Fix BadDamage X errors happening when resizing the WebView.
* Fix several crashes and rendering issues.
webkitgtk4-2.14.4-1.fc25
This update addresses the following vulnerabilities:
* [CVE-2017-2350](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2350), [CVE-2017-2354](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2354), [CVE-2017-2355](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2355), [CVE-2017-2356](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2356), [CVE-2017-2362](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2362), [CVE-2017-2363](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2363), [CVE-2017-2364](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2364), [CVE-2017-2365](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2365), [CVE-2017-2366](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2366), [CVE-2017-2369](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2369), [CVE-2017-2371](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2371), [CVE-2017-2373](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2373)
Additional fixes:
* Make accelerating compositing mode on-demand again. By default it will only be used for websites that require it, saving a lot of memory on websites that don’t need it.
* Fix rendering issues in long documents with transparent background.
* Release unused UpdateAtlas and reduce the tile coverage on memory pressure.
* The media backend now stores preloaded media in /var/tmp instead of user cache dir.
* Make inspector work again when accelerated compositing support is disabled.
* Fix a deadlock when the media player is destroyed.
* Fix network process crashes when loading custom URI schemes.
* Fix overlay scrollbars that are over a subframe.
* Fix a crash in GraphicsContext3D::drawArrays when using OpenGL 3.2 core profile.
* Fix BadDamage X errors happening when resizing the WebView.
* Fix several crashes and rendering issues.
DSA-3788 tomcat8 – security update
It was discovered that a programming error in the processing of HTTPS
requests in the Apache Tomcat servlet and JSP engine may result in
denial of service via an infinite loop.
DSA-3786 vim – security update
Editor spell files passed to the vim (Vi IMproved) editor
may result in an integer overflow in memory allocation
and a resulting buffer overflow which potentially
could result in the execution of arbitrary code or denial of
service.
DSA-3787 tomcat7 – security update
It was discovered that a programming error in the processing of HTTPS
requests in the Apache Tomcat servlet and JSP engine may result in
denial of service via an infinite loop.
xen-4.6.4-6.fc24
Qemu: net: mcf_fec: infinite loop while receiving data in mcf_fec_receive
[CVE-2016-9776]
Qemu: audio: memory leakage in ac97 [CVE-2017-5525] (#1414111)
Qemu: audio: memory leakage in es1370 device [CVE-2017-5526] (#1414211)
oob access in cirrus bitblt copy [XSA-208, CVE-2017-2615] (#1418243)