HP Security Bulletin HPESBUX03725 1 – Potential security vulnerabilities have been identified with HP-UX Web Server Suite running Apache on HP-UX 11iv3. These vulnerabilities could be exploited remotely to create a Denial of Service (DoS), Unauthorized Read Access to Data and other impacts including: * Padding Oracle attack in Apache mod_session_crypto * Apache HTTP Request Parsing Whitespace Defects. Revision 1 of this advisory.

HP Security Bulletin HPESBHF03723 1 – A potential security vulnerability has been identified in HPE Aruba ClearPass Policy Manager. The vulnerability could be remotely exploited to allow execution of code. **Note:** The ClearPass Policy Manager administrative Web interface is affected by the vulnerability. ClearPass Guest, Insight, and Graphite are NOT impacted. Revision 1 of this advisory.

Debian Linux Security Advisory 3824-1 – George Noseevich discovered that firebird2.5, a relational database system, did not properly check User-Defined Functions (UDF), thus allowing remote authenticated users to execute arbitrary code on the firebird server.

Ubuntu Security Notice 3236-1 – Multiple vulnerabilities were discovered in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to obtain sensitive information, spoof application UI by causing the security status API or webview URL to indicate the wrong values, bypass security restrictions, cause a denial of service via application crash, or execute arbitrary code. Various other issues were also addressed.

Ubuntu Security Notice 3249-1 – It was discovered that the xfrm framework for transforming packets in the Linux kernel did not properly validate data received from user space. A local attacker could use this to cause a denial of service or execute arbitrary code with administrative privileges.

Ubuntu Security Notice 3248-1 – It was discovered that the xfrm framework for transforming packets in the Linux kernel did not properly validate data received from user space. A local attacker could use this to cause a denial of service or execute arbitrary code with administrative privileges.

Ubuntu Security Notice 3249-2 – USN-3249-1 fixed a vulnerability in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. It was discovered that the xfrm framework for transforming packets in the Linux kernel did not properly validate data received from user space. A local attacker could use this to cause a denial of service or execute arbitrary code with administrative privileges. Various other issues were also addressed.

Ubuntu Security Notice 3250-2 – USN-3250-1 fixed a vulnerability in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 LTS. It was discovered that the xfrm framework for transforming packets in the Linux kernel did not properly validate data received from user space. A local attacker could use this to cause a denial of service or execute arbitrary code with administrative privileges. Various other issues were also addressed.