Red Hat Security Advisory 2017-0876-01 – Red Hat Single Sign-On is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.1 serves as a replacement for Red Hat Single Sign-On 7.0, and includes several bug fixes and enhancements. For further information, refer to the Release Notes linked to in the References section. Multiple security issues have been addressed.
Debian Security Advisory 3826-1
Debian Linux Security Advisory 3826-1 – It was discovered that the original patch to address CVE-2016-1242 did not cover all cases, which may result in information disclosure of file contents.
Ubuntu Security Notice USN-3254-1
Ubuntu Security Notice 3254-1 – It was discovered that Django incorrectly handled numeric redirect URLs. A remote attacker could possibly use this issue to perform XSS attacks, and to use a Django server as an open redirect. Phithon Gong discovered that Django incorrectly handled certain URLs when the jango.views.static.serve view is being used. A remote attacker could possibly use a Django server as an open redirect.
Millennials and GDPR ‘pose increased cybersecurity risk to companies’
Millennials and the demands of upcoming GDPR regulations could result in a greater cybersecurity risk for many businesses, new research has suggested.
The post Millennials and GDPR ‘pose increased cybersecurity risk to companies’ appeared first on WeLiveSecurity
CVE-2016-9091
Blue Coat Advanced Secure Gateway (ASG) 6.6 before 6.6.5.4 and Content Analysis System (CAS) 1.3 before 1.3.7.4 are susceptible to an OS command injection vulnerability. An authenticated malicious administrator can execute arbitrary OS commands with elevated system privileges.
libtiff-4.0.7-4.fc26
Security fix for:
* **CVE-2016-10266**
* **CVE-2016-10267**
* **CVE-2016-10268**
* **CVE-2016-10269**
* **CVE-2016-10270**
* **CVE-2016-10271**
* **CVE-2016-10272**
libtiff-4.0.7-4.fc25
Security fix for:
* **CVE-2016-10266**
* **CVE-2016-10267**
* **CVE-2016-10268**
* **CVE-2016-10269**
* **CVE-2016-10270**
* **CVE-2016-10271**
* **CVE-2016-10272**
CVE-2017-0327
An elevation of privilege vulnerability in the NVIDIA crypto driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel 3.10. Android ID: A-33893669. References: N-CVE-2017-0327.
CVE-2017-0328
An information disclosure vulnerability in the NVIDIA crypto driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel 3.10. Android ID: A-33898322. References: N-CVE-2017-0328.
CVE-2017-0330
An information disclosure vulnerability in the NVIDIA crypto driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel 3.10. Android ID: A-33899858. References: N-CVE-2017-0330.