NVD

CVE-2017-7255

XSS exists in the CMS Made Simple (CMSMS) 2.1.6 “Content–>News–>Add Article” feature via the m1_title parameter. Someone must login to conduct the attack.

NVD

CVE-2017-7256

XSS exists in the CMS Made Simple (CMSMS) 2.1.6 “Content–>News–>Add Article” feature via the m1_summary parameter. Someone must login to conduct the attack.

Hackers News

Google Chrome to Distrust Symantec SSLs for Mis-issuing 30,000 EV Certificates

Google announced its plans to punish Symantec by gradually distrusting its SSL certificates after the company was caught improperly issuing 30,000 Extended Validation (EV) certificates over the past few years.

The Extended Validation (EV) status of all certificates issued by Symantec-owned certificate authorities will no longer be recognized by the Chrome browser for at least a year until

Fedora

kernel-4.9.17-100.fc24

The 4.9.17 update contains a number of important fixes across the tree

—-

The 4.9.16 update contains a number of important fixes across the tree

—-

The 4.9.15 update contains a number of important fixes across the tree

—-

The 4.9.14 update contains a number of important fixes across the tree.

Security

Ubuntu Security Notice USN-3239-3

Ubuntu Security Notice 3239-3 – USN-3239-1 fixed vulnerabilities in the GNU C Library. Unfortunately, the fix for CVE-2016-3706 introduced a regression that in some circumstances prevented IPv6 addresses from resolving. This update reverts the change in Ubuntu 12.04 LTS.

NVD

CVE-2017-5644

Apache POI in versions prior to release 3.15 allows remote attackers to cause a denial of service (CPU consumption) via a specially crafted OOXML file, aka an XML Entity Expansion (XEE) attack.

Software and Security Information