Red Hat Enterprise Linux: An update for curl is now available for Red Hat Enterprise Linux 6.
Red Hat Product Security has rated this update as having a security impact of
Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a
detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.
CVE-2017-2628
28th March, 2017
A security issue affects these releases of Ubuntu and its
derivatives:
AppArmor could remove the confinement from some programs.
Stéphane Graber discovered that AppArmor incorrectly unloaded some profiles
when restarted or upgraded, contrary to expected behavior.
The problem can be corrected by updating your system to the following
package version:
To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.
After a standard system update you need to reboot your computer to make
all the necessary changes.
A new utility, called aa-remove-unknown, was added to assist with profiles that
would have been previously unloaded when AppArmor was restarted or upgraded.
A buffer overflow exists in Microsoft Internet Information Services 6.0. The vulnerability is due to improper validation of a long header in HTTP request. A remote attacker could exploit this vulnerability by sending a crafted request over a network to the vulnerable application. Successful exploitation could result in denial of service conditions or execute arbitrary code on the target machine.
In Moodle 3.2.2+, there is XSS in the Course summary filter of the “Add a new course” page, as demonstrated by a crafted attribute of an SVG element.
The vmw_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel through 4.10.6 does not validate addition of certain levels data, which allows local users to trigger an integer overflow and out-of-bounds write, and cause a denial of service (system hang or crash) or possibly gain privileges, via a crafted ioctl call for a /dev/dri/renderD* device.
Siemens RUGGEDCOM ROX I (all versions) contain a vulnerability that could allow an authenticated user to read arbitrary files through the web interface at port 10000/TCP and access sensitive information.
Siemens RUGGEDCOM ROX I (all versions) allow an authenticated user to bypass access restrictions in the web interface at port 10000/TCP to obtain privileged file system access or change configuration settings.
Siemens RUGGEDCOM ROX I (all versions) contain a vulnerability in the integrated web server at port 10000/TCP which is prone to reflected Cross-Site Scripting attacks if an unsuspecting user is induced to click on a malicious link.
The integrated web server in Siemens RUGGEDCOM ROX I (all versions) at port 10000/TCP could allow remote attackers to perform actions with the privileges of an authenticated user, provided the targeted user has an active session and is induced into clicking on a malicious link or into visiting a malicious website, aka CSRF.
The integrated web server in Siemens RUGGEDCOM ROX I (all versions) at port 10000/TCP could allow an authenticated user to perform stored Cross-Site Scripting attacks.