Ubuntu Security Notice 3203-1 – It was discovered that gtk-vnc incorrectly validated certain data. A malicious server could use this issue to cause gtk-vnc to crash, resulting in a denial of service, or possibly execute arbitrary code.
Monthly Archives: February 2017
Ubuntu Security Notice USN-3202-1
Ubuntu Security Notice 3202-1 – Frediano Ziglio discovered that Spice incorrectly handled certain client messages. A remote attacker could use this issue to cause Spice to crash, resulting in a denial of service, or possibly execute arbitrary code.
Gentoo Linux Security Advisory 201702-10
Gentoo Linux Security Advisory 201702-10 – A vulnerability in NTFS-3G allows local users to gain root privileges. Versions less than 2016.2.22-r2 are affected.
Gentoo Linux Security Advisory 201702-11
Gentoo Linux Security Advisory 201702-11 – Multiple vulnerabilities have been found in the GNU C Library, the worst of which allows context-dependent attackers to execute arbitrary code. Versions less than 2.23-r3 are affected.
redis-3.2.8-1.fc24
Upstream 3.2.8
—-
Upstream 3.2.7 (important security fix)
—-
Security fix for CVE-2013-7458
It’s too easy to steal a second-hand connected car
Until more effort is made by vendors to integrate the internet in a safe way into the myriad of devices that surround us, we are going to hear more and more stories of security breaking down like this.
The post It’s too easy to steal a second-hand connected car appeared first on WeLiveSecurity
CVE-2017-0038
gdi32.dll in Graphics Device Interface (GDI) in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows remote attackers to obtain sensitive information from process heap memory via a crafted EMF file, as demonstrated by an EMR_SETDIBITSTODEVICE record with modified Device Independent Bitmap (DIB) dimensions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-3216, CVE-2016-3219, and/or CVE-2016-3220.
CVE-2016-6249
F5 BIG-IP 12.0.0 and 11.5.0 – 11.6.1 REST requests which timeout during user account authentication may log sensitive attributes such as passwords in plaintext to /var/log/restjavad.0.log. It may allow local users to obtain sensitive information by reading these files.