USN-3696-2: Linux kernel (Xenial HWE) vulnerabilities

USN-3696-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. It was discovered that an integer overflow existed in the perf subsystem of the Linux...

Design/Logic Flaw

It is possible to configure Apache CXF to use the com.sun.net.ssl implementation via 'System.setProperty"java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol";'. When this system property is set, CXF uses some reflection to try to make the HostnameVerifier work with the old...

Debian DSA-4237-1 : chromium-browser - security update

Several vulnerabilities have been discovered in the chromium web browser. - CVE-2018-6118 Ned Williamson discovered a use-after-free issue. - CVE-2018-6120 Zhou Aiting discovered a buffer overflow issue in the pdfium library. - CVE-2018-6121 It was discovered that malicious extensions could...

[SECURITY] Fedora 28 Update: bind-9.11.3-12.fc28

BIND Berkeley Internet Name Domain is an implementation of the DNS Domain Name System protocols. BIND includes a DNS server named, which resolves host names to IP addresses; a resolver library routines for applications to use when interfacing with DNS; and tools for verifying that the DNS server ...

CVE-2016-2108

The ASN.1 implementation in OpenSSL before 1.0.1o and 1.0.2 before 1.0.2c allows remote attackers to execute arbitrary code or cause a denial of service buffer underflow and memory corruption via an ANY field in crafted serialized data, aka the "negative zero" issue...

CVE-2017-7465

It was found that the JAXP implementation used in JBoss EAP 7.0 for XSLT processing is vulnerable to code injection. An attacker could use this flaw to cause remote code execution if they are able to provide XSLT content for parsing. Doing a transform in JAXP requires the use of a...

SUSE-SU-2018:1816-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 12 SP3 RT kernel was updated to 4.4.138 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-12233: A memory corruption bug in JFS could have been triggered by calling setxattr twice with two different extended attribute names on t...

PayPal Inc - Security Key Pin Approval & Expire Bypass

Document Title: =============== PayPal Inc - Security Key Pin Approval & Expire Bypass References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1666 Release Date: ============= 2018-06-26 Vulnerability Laboratory ID VL-ID: ==================================== 166...

openSUSE Security Update : the Linux Kernel (openSUSE-2018-656) (Spectre)

The openSUSE Leap 42.3 was updated to 4.4.138 to receive various security and bugfixes. The following security bugs were fixed : - CVE-2018-3639: Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes...

USN-3691-1: OpenJDK 7 vulnerabilities

It was discovered that the Security component of OpenJDK did not correctly perform merging of multiple sections for the same file listed in JAR archive file manifests. An attacker could possibly use this to modify attributes in a manifest without invalidating the signature. CVE-2018-2790 Francesc...

rtcmulticonnection-client path traversal vulnerability

rtcmulticonnection-client is a signaling implementation of RTCMultiConnection.js based on Node.js and Scoket.io. A path traversal vulnerability exists in rtcmulticonnection-client. An attacker can exploit this vulnerability by placing a '... /' sequence in a URL to gain access to the file system...

[SECURITY] Fedora 28 Update: bouncycastle-1.59-1.fc28

The Bouncy Castle Crypto package is a Java implementation of cryptographic algorithms. This jar contains JCE provider and lightweight API for the Bouncy Castle Cryptography APIs for JDK 1.5 to JDK 1.8...

Security Bulletin: Vulnerabilitiy in OpenSSL affect IBM Storwize V7000 Unified

Summary Cross-protocol attack on TLS using SSLv2 Vulnerability Details OpenSSL is used in IBM Storwize V7000 Unified for providing communication security by encrypting data being transmitted. CVEID: CVE-2016-2177 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by the incorrect u...

Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Storwize V7000 Unified (CVE-2016-6304, CVE-2016-6303, CVE-2016-2178, CVE-2016-6306 and CVE-2016-2183)

Summary OpenSSL is used by IBM Storwize V7000 Unified. IBM Storwize V7000 Unified has addressed the applicable CVEs. Vulnerability Details OpenSSL is used in IBM Storwize V7000 Unified for providing communication security by encrypting data being transmitted. CVEID: CVE-2016-6304 DESCRIPTION:...

Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2018-4134)

The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2018-4134 advisory. - x86/fpu: Make eager FPU default Mihai Carabas Orabug: 28156176 CVE-2018-3665 - KVM: Fix stack-out-of-bounds read in writemmio Wanpeng Li Orabug:...

Security Bulletin: IBM Tivoli Monitoring CPU utilization (CVE-2014-0963)

Summary IBM Tivoli Monitoring is affected by a problem related to the SSL implementation which, under very specific conditions, can cause CPU utilization to rapidly increase. Vulnerability Details CVE ID: CVE-2014-0963 DESCRIPTION: IBM Tivoli Monitoring is affected by a problem with the handling ...

Security Bulletin: TSM Server CPU Utilization (CVE-2014-0963)

Summary The IBM Tivoli Storage Manager TSM server and storage agent are affected by a problem related to the SSL implementation which, under very specific conditions, can cause CPU utilization to rapidly increase. Vulnerability Details CVE ID: CVE-2014-0963 DESCRIPTION: TSM server and storage age...

Security Bulletin: Vulnerability in IBM Java Runtime affects Rational Publishing Engine

Summary There is a vulnerability in IBM Java Runtime Environment, Versions 6 and 7 that are used by Rational Publishing Engine. Vulnerability Details CVEID: CVE-2016-5582 DESCRIPTION: A flaw in the Hotspot JIT compiler allows an attacker to disable the security manager and execute arbitrary code...

Security Bulletin: Multiple vulnerabilities in Open Source openSSL affect IBM Security Identity Governance Appliance

Summary Vulnerabilities in Open Source openssl that is used by IBM Security Identity Governance Vulnerability Details CVEID: CVE-2016-2177 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by the incorrect use of pointer arithmetic for heap-buffer boundary checks. By leveraging...

Security Bulletin: IBM Security Access Manager for Mobile and IBM Security Access Manager for Web appliances are affected by the following OpenSSL vulnerabilities: CVE-2014-0224, CVE-2014-0198, CVE-2010-5298, CVE-2014-3470 and possibly CVE-2014-0076

Summary Security vulnerabilities have been discovered in OpenSSL that were reported on June 5, 2014 by the OpenSSL Project. Vulnerability Details CVE-ID: CVE-2014-0224 DESCRIPTION: OpenSSL is vulnerable to a man-in-the-middle attack, caused by the use of weak keying material in SSL/TLS clients an...