Red Hat Enterprise Linux: An updated ovirt-hosted-engine-setup package that fixes several bugs is now
available.
RHBA-2017:0542-1: Red Hat Virtualization Manager 4.0.7
Red Hat Enterprise Linux: An update is now available for Red Hat Virtualization Manager version 4.0.
RHBA-2017:0541-1: ovirt-hosted-engine-ha bug fix update for 4.0.7
Red Hat Enterprise Linux: An updated ovirt-hosted-engine-ha package is now available.
RHBA-2017:0540-1: rhevm-dwh 4.0.7 bug fix update
Red Hat Enterprise Linux: An updated rhevm-dwh package is now available.
RHBA-2017:0539-1: 4.0.7 – rubygem-ovirt-engine-sdk4 enhancement update
Red Hat Enterprise Linux: Updated rubygem-ovirt-engine-sdk4 packages that add various enhancements are now
available.
RHBA-2017:0538-1: ovirt-guest-agent bug fix and enhancement update for RHV 4.0.7
Red Hat Enterprise Linux: Updated ovirt-guest-agent packages that fix several bugs and add various
enhancements are now available.
RHBA-2017:0537-1: redhat-support-plugin-rhev bug fix and enhancement update for RHV 4.0.7
Red Hat Enterprise Linux: Updated redhat-support-plugin-rhev packages that fix several bugs and add
various enhancements are now available.
USN-3235-1: libxml2 vulnerabilities
Ubuntu Security Notice USN-3235-1
16th March, 2017
libxml2 vulnerabilities
A security issue affects these releases of Ubuntu and its
derivatives:
- Ubuntu 16.10
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
Summary
Several security issues were fixed in libxml2.
Software description
- libxml2
– GNOME XML library
Details
It was discovered that libxml2 incorrectly handled format strings. If a
user or automated system were tricked into opening a specially crafted
document, an attacker could possibly cause libxml2 to crash, resulting in a
denial of service. This issue only affected Ubuntu 12.04 LTS, Ubuntu 14.04
LTS, and Ubuntu 16.04 LTS. (CVE-2016-4448)
It was discovered that libxml2 incorrectly handled certain malformed
documents. If a user or automated system were tricked into opening a
specially crafted document, an attacker could cause libxml2 to crash,
resulting in a denial of service, or possibly execute arbitrary code.
(CVE-2016-4658)
Nick Wellnhofer discovered that libxml2 incorrectly handled certain
malformed documents. If a user or automated system were tricked into
opening a specially crafted document, an attacker could cause libxml2 to
crash, resulting in a denial of service, or possibly execute arbitrary
code. (CVE-2016-5131)
Update instructions
The problem can be corrected by updating your system to the following
package version:
- Ubuntu 16.10:
-
libxml2
2.9.4+dfsg1-2ubuntu0.1
- Ubuntu 16.04 LTS:
-
libxml2
2.9.3+dfsg1-1ubuntu0.2
- Ubuntu 14.04 LTS:
-
libxml2
2.9.1+dfsg1-3ubuntu4.9
- Ubuntu 12.04 LTS:
-
libxml2
2.7.8.dfsg-5.1ubuntu4.17
To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.
After a standard system update you need to reboot your computer to make
all the necessary changes.
References
CVE-2017-0043
Active Directory Federation Services in Microsoft Windows 10 1607, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 Gold and R2, and Windows Server 2016 allows local users to obtain sensitive information via a crafted application, aka “Microsoft Active Directory Federation Services Information Disclosure Vulnerability.”
CVE-2017-0050
The kernel API in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7; Windows 8; Windows 10 Gold, 1511, and 1607; Windows RT 8.1; Windows Server 2012 Gold and R2; and Windows Server 2016 does not properly enforce permissions, which allows local users to spoof processes, spoof inter-process communication, or cause a denial of service via a crafted application, aka “Windows Kernel Elevation of Privilege Vulnerability.”