Security

Red Hat Security Advisory 2017-0868-01

Red Hat Security Advisory 2017-0868-01 – Red Hat JBoss Fuse, based on Apache ServiceMix, provides a small-footprint, flexible, open source enterprise service bus and integration platform. Red Hat JBoss A-MQ, based on Apache ActiveMQ, is a standards compliant messaging system that is tailored for use in mission critical applications. This patch is an update to Red Hat JBoss Fuse 6.3 and Red Hat JBoss A-MQ 6.3. It includes bug fixes and enhancements, which are documented in the readme.txt file included with the patch files. Multiple security issues have been addressed.

Security

Ubuntu Security Notice USN-3253-1

Ubuntu Security Notice 3253-1 – It was discovered that Nagios incorrectly handled certain long strings. A remote authenticated attacker could use this issue to cause Nagios to crash, resulting in a denial of service, or possibly obtain sensitive information. It was discovered that Nagios incorrectly handled certain long messages to cmd.cgi. A remote attacker could possibly use this issue to cause Nagios to crash, resulting in a denial of service. Various other issues were also addressed.

NVD

CVE-2017-7410

Multiple SQL injection vulnerabilities in account/signup.php and account/signup2.php in WebsiteBaker 2.10.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) username, (2) display_name parameter.

Security

Security Analyst Summit 2017 Day One Recap

Mike Mimoso and Chris Brook recap the first day of this year’s Security Analyst Summit, including Mark Dowd’s memory corruption bug keynote, the digital archeology around Moonlight Maze, ATM hacking, and the Lazarus APT.

NVD

CVE-2017-5685

The BIOS in Intel NUC systems based on 6th Gen Intel Core processors prior to version KY0045 may allow may allow an attacker with physical access to the system to gain access to personal information.

Software and Security Information