Ubuntu Security Notice 3305-1 - It was discovered that the NVIDIA graphics drivers contained flaws in the kernel mode layer. A local attacker could use these issues to cause a denial of service or potentially escalate their privileges on the system.
5a4035534975370cde44d757670aec428e9fc47fd2fa11dc88db41feb6be6ac4Red Hat Security Advisory 2017-1367-01 - Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller framework for web application development. Action Pack implements the controller and the view components. Security Fix: CloudForms includes a default SSL/TLS certificate for the web server. This certificate is replaced at install time, however if an attacker were able to man-in-the-middle an administrator while installing the new certificate the attacker could get a copy of the private key uploaded allowing for future attacks.
e3a4946886a23c02c2bddf4ad7aae93f8050a67aad92b2206614f0a720a56271Red Hat Security Advisory 2017-1372-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: A flaw was found in the Linux kernel's handling of packets with the URG flag. Applications using the splice() and tcp_splice_read() functionality can allow a remote attacker to force the kernel to enter a condition in which it can loop indefinitely.
1048de110dd6490790a9aa7f54f6a7a37704f3ff959dd20b4aa404be8f5cd3e9Red Hat Security Advisory 2017-1382-01 - The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Security Fix: A flaw was found in the way sudo parsed tty information from the process status file in the proc filesystem. A local user with privileges to execute commands via sudo could use this flaw to escalate their privileges to root.
4bfed0c75e7c025ce32520f5663dbc0de3d0ef88afa1aaa16196eab5dab9b4aaRed Hat Security Advisory 2017-1381-01 - The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Security Fix: A flaw was found in the way sudo parsed tty information from the process status file in the proc filesystem. A local user with privileges to execute commands via sudo could use this flaw to escalate their privileges to root.
72f511ffde80862ec8f67125ada6591bad83b2aaac109f5da2a4c4ccf814eed9Ubuntu Security Notice 3304-1 - It was discovered that Sudo did not properly parse the contents of /proc/[pid]/stat when attempting to determine its controlling tty. A local attacker in some configurations could possibly use this to overwrite any file on the filesystem, bypassing intended permissions.
bde0e222f88f678398a9f46fc30b62d5feca8f52856f50ad72c463b9643345fbDebian Linux Security Advisory 3867-1 - The Qualys Security team discovered that sudo, a program designed to provide limited super user privileges to specific users, does not properly parse "/proc/[pid]/stat" to read the device number of the tty from field 7 (tty_nr). A sudoers user can take advantage of this flaw on an SELinux-enabled system to obtain full root privileges.
923fef1347ec646736c7f71cf0bec169c3fbd5045ba1dcad1c306f7f9bab4e59Gentoo Linux Security Advisory 201705-15 - A vulnerability in sudo allows local users to gain root privileges. Versions less than 1.8.20_p1 are affected.
50553170e4ac24d9b95a7682d1a6accf3564f42794383c1bb9d50b93ff735bfeUbuntu Security Notice 3212-2 - USN-3212-1 fixed vulnerabilities in LibTIFF. Unfortunately, some of the security patches were misapplied, which caused a regression when processing certain images. This update fixes the problem. It was discovered that LibTIFF incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges. Various other issues were also addressed.
ce55b77df5a9ebdd947e8b8315854972bb32225267968fde15170ea18997b6faUbuntu Security Notice 3302-1 - It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the program.
f065aa2d93ab8f719748b85c35a2d0b93dd11a8a965c4b540ae4b52e5c7568e2Ubuntu Security Notice 3303-1 - A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.
2ad1438bf3be9f522e788a30b869a2a2ead1606496105fe04e5bd735a609ecabUbuntu Security Notice 3301-1 - It was discovered that the strongSwan gmp plugin incorrectly validated RSA public keys. A remote attacker could use this issue to cause strongSwan to crash, resulting in a denial of service. It was discovered that strongSwan incorrectly parsed ASN.1 CHOICE types. A remote attacker could use this issue to cause strongSwan to hang, resulting in a denial of service.
e908fe38ec2c00f57c43d5e90f17c1e0d4f22da2366f1f1fb98fbd6a4d93b915Debian Linux Security Advisory 3866-1 - Two denial of service vulnerabilities were identified in strongSwan, an IKE/IPsec suite, using Google's OSS-Fuzz fuzzing project.
9660ac76f6d140f0800e4c3f26cbe2a343f66c6f59b7291d794f1f9a15a19ac1Red Hat Security Advisory 2017-1364-01 - Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Security Fix: A null pointer dereference flaw was found in the way NSS handled empty SSLv2 messages. An attacker could use this flaw to crash a server application compiled against the NSS library.
0bd9c0cb15c7d46b2c6a83f4bb82b1446e11e276f590b32967c7dddc33e3093fRed Hat Security Advisory 2017-1365-03 - Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Security Fix: A null pointer dereference flaw was found in the way NSS handled empty SSLv2 messages. An attacker could use this flaw to crash a server application compiled against the NSS library.
94ede444f9d41f60514e1540d3ddedfff1ad01f42727f9ba0efa58ae36d94cbbDebian Linux Security Advisory 3865-1 - It was discovered that pattern-based ACLs in the Mosquitto MQTT broker could be bypassed.
b0ee54493db9d752898ab19cd019cec6efa0ed4e5efaa517975ebc1b9b259a3fRed Hat Security Advisory 2017-1363-01 - In accordance with the Red Hat Directory Server Life Cycle policy, Red Hat Directory Server 9 will be retired as of June 10, 2017 and support will no longer be provided. Accordingly, Red Hat will not provide extended support for this product, including critical impact security patches or urgent priority bug fixes, after this date.
3ef53be8cde307c3ad719b1423ff8edc655d951510cab7236399349e7f801386Acunetix Web Vulnerability Scanner 11 suffers from multiple local privilege escalation vulnerabilities.
e74f87a5941a3a01b52ac4a134d5fc5786b156fcbaadebaa2320791bf4d68481Libming version 0.4.8 suffers from a denial of service vulnerability.
8ae66ff58a62df5849401dc5183eca1930778389980ef7f920bb1cf7c46f76b7WebKitGTK+ suffers from code execution, denial of service, memory corruption, and various other vulnerabilities.
5804f630eaa2c72cacab41b2ccd9870e1e516c016780bc40df3a5bcae7ed2a44This bulletin summary lists multiple CVE additions for the May, 2017 security bulletin release.
ac0d024f7e9e085c500cd7f1d1fb0e04aa6fc92350547dfffc895068fd4678bbVeritas Backup Exec Remote Agent for Windows suffers from a use-after-free vulnerability. All versions before Backup Exec 16 FP1, Backup Exec 15 14.2.1180.3160, and Backup Exec 2014 14.1.1187.1126 are affected.
8ceb02397eea9ab98abf9619f4ab71f85b7ac2f8ffa9d669f5e674239b69ebd6Ubuntu Security Notice 3300-1 - Ryan Beisner discovered juju did not set permissions on a Unix domain socket. A local attacker could use this flaw to gain administrative privileges.
4a3e1ac9331881d06254b3af2d2c4a033fff96437ac64ee5e501c0675171cdc6HPE Security Bulletin HPESBHF03730 1 - Potential security vulnerabilities have been identified in HPE Aruba ClearPass Policy Manager. The vulnerabilities could be remotely exploited to allow access restriction bypass, arbitrary command execution, cross site scripting (XSS), escalation of privilege and disclosure of information. Revision 1 of this advisory.
2e54f155f6a6a7798dfeaf9418f020bd83703cdf9426cfeb5c27c907c8e60a72HPE Security Bulletin HPESBHF03754 1 - A potential security vulnerability has been identified in HPE ML10 Gen 9 Server using Intel Xeon E3-1200 v5 Processor. The vulnerability could be remotely exploited to allow access restriction bypass. **Note:** On May 1st, 2017, Intel disclosed a new vulnerability with their Intel Manageability Firmware which is utilized on some systems containing Intel processors. This vulnerability allows an unprivileged network or local attacker to gain control of the remote manageability features of Intel Active Management Technology (AMT), Intel Standard Manageability (ISM), and Intel Small Business Technology (SBT) platforms. Do not attempt to upgrade the ME FW without following the instructions detailed in the Resolution section. Refer to the "Platform Specific Information" section in the Resolution for more specific information on upgrades for specific ProLiant servers. Revision 1 of this advisory.
4d31e00a83f7af60acef62cbc14ea5e7015d46ee67c0435ccd3ad9f6141664b0
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed