Ubuntu Security Notice 2821-1 - It was discovered that GnuTLS incorrectly validated the first byte of padding in CBC modes. A remote attacker could possibly use this issue to perform a padding oracle attack.
e80bf8eb05cb869629fb181fef4e8ce6ff45d5814e62e60eac7d3bf40b0cc724
LibRaw versions 0.17 and below suffer from multiple memory errors that can result in code execution or other problems.
f01f4f3e01a6002596eda126f98c0d171d4c9cfae6920a1364dc2c23385e2639
In their original report, Security Explorations indicated that Issue 42 in SE-2014-02 had its origin in klassItable::initialize_itable_for_interface method's implementation of Java SE 7 HotSpot VM. They have recently learned that their initial analysis regarding the root cause of Issue 42 was incorrect. This report contains more detailed information about the actual cause of Issue 42, the reasoning that has mislead them into concluding it was caused by an improper initialization of non-public interface method slots and some additional findings regarding this issue.
926ad5f5f27088ecc130997d08aa12a0ca81902394fe5f1767a391a11cdfa9ea
Red Hat Security Advisory 2015-2522-01 - The Apache Commons Collections library provides new interfaces, implementations, and utilities to extend the features of the Java Collections Framework. It was found that the Apache commons-collections library permitted code execution when deserializing objects involving a specially constructed chain of classes. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using the commons-collections library. With this update, deserialization of certain classes in the commons-collections library is no longer allowed. Applications that require those classes to be deserialized can use the system property "org.apache.commons.collections.enableUnsafeSerialization" to re-enable their deserialization.
809e280c3a7b28ef3849dd41013146eafcff4fe7afab41ae20a95a8c92f6d041
Red Hat Security Advisory 2015-2521-01 - The Jakarta/Apache Commons Collections library provides new interfaces, implementations, and utilities to extend the features of the Java Collections Framework. It was found that the Apache commons-collections library permitted code execution when deserializing objects involving a specially constructed chain of classes. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using the commons-collections library. With this update, deserialization of certain classes in the commons-collections library is no longer allowed. Applications that require those classes to be deserialized can use the system property "org.apache.commons.collections.enableUnsafeSerialization" to re-enable their deserialization.
0659db4fb18959becb1b68966660f9369016bb2edbc36966c2eb5bab639f4482
Red Hat Security Advisory 2015-2523-01 - The Apache Commons Collections library provides new interfaces, implementations, and utilities to extend the features of the Java Collections Framework. It was found that the Apache commons-collections library permitted code execution when deserializing objects involving a specially constructed chain of classes. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using the commons-collections library. With this update, deserialization of certain classes in the commons-collections library is no longer allowed. Applications that require those classes to be deserialized can use the system property "org.apache.commons.collections.enableUnsafeSerialization" to re-enable their deserialization.
1d94e5fd242f7da99f1762e3844877f90673339f11d9af4ce1156c460ea63bd3
Red Hat Security Advisory 2015-2524-01 - Apache Commons Collections is a library built upon Java JDK classes by providing new interfaces, implementations and utilities. It was found that the Apache commons-collections library permitted code execution when deserializing objects involving a specially constructed chain of classes. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using the commons-collections library.
f9546e636f1967b0f887a87c03e59a4a51cc9a02ff48c100b01cffe74ab8a494
Red Hat Security Advisory 2015-2517-01 - Apache Commons Collections is a library built upon Java JDK classes by providing new interfaces, implementations and utilities. It was found that the Apache commons-collections library permitted code execution when deserializing objects involving a specially constructed chain of classes. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using the commons-collections library.
307be76e804ec87b99d8c4285e6c0b866882e5818e8b5c81784f0fb7251ae4c0
Red Hat Security Advisory 2015-2516-01 - Apache Commons Collections is a library built upon Java JDK classes by providing new interfaces, implementations and utilities. It was found that the Apache commons-collections library permitted code execution when deserializing objects involving a specially constructed chain of classes. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using the commons-collections library.
89a84ea97cadc015b03977c43f2838c425f5b6e67730b5a868ae859c0b8f11b9
Red Hat Security Advisory 2015-2515-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection. A flaw was found in the way the git-remote-ext helper processed certain URLs. If a user had Git configured to automatically clone submodules from untrusted repositories, an attacker could inject commands into the URL of a submodule, allowing them to execute arbitrary code on the user's system.
e32fe9ddf8851ecabfcf5006bf82aa9daaffa5a9d19aa1c0ebfacda0fa5155eb
Debian Linux Security Advisory 3404-1 - Ryan Butterfield discovered a vulnerability in the date template filter in python-django, a high-level Python web development framework. A remote attacker can take advantage of this flaw to obtain any secret in the application's settings.
0b58e8ca659dee4ee5116e23bd086472730fc449accaa2eca6cb5501d11fc141
Ubuntu Security Notice 2818-1 - It was discovered that rebinding of the receiver of a DirectMethodHandle may allow a protected method to be accessed. Am attacker could use this to expose sensitive information or possibly execute arbitrary code.
a9fe82136c955c433722b503fc60c06705defffd05682f9e89d7645dee7a7255
HP Security Bulletin HPSBGN03523 1 - A potential security vulnerability has been identified in HP Loadrunner Virtual Table Server that could be exploited remotely resulting in the execution of code. Revision 1 of this advisory.
6f4706b10ff069ecad90deb5270a945fba17698a771ff4c1087123518ddcb4eb
Ubuntu Security Notice 2820-1 - Hanno Boeck discovered that the dpkg-deb tool incorrectly handled certain old style Debian binary packages. If a user or an automated system were tricked into unpacking a specially crafted binary package, a remote attacker could possibly use this issue to execute arbitrary code.
5ea619810a1858647bc6decd944ac40456af9ba8b3a6b17aa480ef128878af21
Debian Linux Security Advisory 3407-1 - Hanno Boeck discovered a stack-based buffer overflow in the dpkg-deb component of dpkg, the Debian package management system. This flaw could potentially lead to arbitrary code execution if a user or an automated system were tricked into processing a specially crafted Debian binary package (.deb) in the old style Debian binary package format.
9598ae2264f8a14638f87a3ca5d821950ee36da44b3324ea62f986b8f2e0c4d0
Red Hat Security Advisory 2015-2519-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A same-origin policy bypass flaw was found in the way Thunderbird handled certain cross-origin resource sharing requests. A web page containing malicious content could cause Thunderbird to disclose sensitive information.
a69410df0fcb37dd6f888b0b290e215e7d2ec1cb9c8fa9f167275dbff6ff9de4
Red Hat Security Advisory 2015-2520-01 - The Network Time Protocol is used to synchronize a computer's time with a referenced time source. It was discovered that ntpd as a client did not correctly check timestamps in Kiss-of-Death packets. A remote attacker could use this flaw to send a crafted Kiss-of-Death packet to an ntpd client that would increase the client's polling interval value, and effectively disable synchronization with the server.
5688d2b98fee014d2dc9754b03ff6046b68d6f1e776060d5583fadb5ece90aa3
Debian Linux Security Advisory 3405-1 - Tero Marttila discovered that the Debian packaging for smokeping installed it in such a way that the CGI implementation of Apache httpd (mod_cgi) passed additional arguments to the smokeping_cgi program, potentially leading to arbitrary code execution in response to crafted HTTP requests.
093436dd8877007cc38f10a273809c83511466a1c55d6c0914d14c87e2b9cf4c
Debian Linux Security Advisory 3406-1 - It was discovered that incorrect memory allocation in the NetScape Portable Runtime library might result in denial of service or the execution of arbitrary code.
930894e681573a82ac8191e73c85435a31821c44a824377eb46afcc3622b98bf
Red Hat Security Advisory 2015-2518-01 - IBM J2SE version 5.0 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.
cd01d7b57fe3e51875ebdc9a1bf9b8098c2149ac2ff6216a439aa9920b087813
EMC Isilon OneFS is affected by a privilege escalation vulnerability that may potentially be exploited by attackers to compromise the affected system. Affected versions include EMC Isilon OneFS 7.2.1.0, 7.2.0.0 through 7.2.0.2, 7.1.1.0 through 7.1.1.4, and 7.1.0.x.
e2d777f280c8f4de1b10b38abc67618b8e6a0f1c6a21b29eb62ce8ab802369f6
Slackware Security Advisory - New pcre packages are available for Slackware 14.1 and -current to fix security issues.
6b622a8497108bd0b45667aa432a5e68a79cc42f3e823428ac3c4c7d028c898e
Debian Linux Security Advisory 3403-1 - This update backports changes from the commons-collections 3.2.2 release which disable the deserialisation of the functors classes unless the system property org.apache.commons.collections.enableUnsafeSerialization is set to 'true'. This fixes a vulnerability in unsafe applications deserialising objects from untrusted sources without sanitizing the InstantiateFactory, InstantiateTransformer, InvokerTransformer, PrototypeCloneFactory, PrototypeSerializationFactory and WhileClosure.
adb69be65adb4f0344cb7814e5ad87030f8cc2266e9ab7f0c44f39ba3b02bcb2
Ubuntu Security Notice 2816-1 - Ryan Butterfield discovered that Django incorrectly handled the date template filter. A remote attacker could possibly use this issue to obtain secrets from application settings.
da595e8eace605909d52fec9182fe2ce928c8f4eeb05c274314802dfc91845e8
Ubuntu Security Notice 2817-1 - It was discovered that IcedTea Web incorrectly handled applet URLs. A remote attacker could possibly use this issue to inject applets into the .appletTrustSettings configuration file and bypass user approval. Andrea Palazzo discovered that IcedTea Web incorrectly determined the origin of unsigned applets. A remote attacker could possibly use this issue to bypass user approval, or to trick the user into approving applet execution. Various other issues were also addressed.
0c95df3ba385830931e81928cf6357437d5124af42b0969aee880229cde673d0