Ubuntu Security Notice 2961-1 - It was discovered that a double free() could occur when the intent handling code in the Little CMS library detected an error. An attacker could use this to specially craft a file that caused an application using the Little CMS library to crash or possibly execute arbitrary code.
701e44cec1bab032322cc2c8afbd13f26be4c817843c080d7ae44315a450dc57
Ubuntu Security Notice 2950-3 - USN-2950-1 fixed vulnerabilities in Samba. The fixes introduced in Samba 4.3.8 caused certain regressions and interoperability issues. This update resolves some of these issues by updating to Samba 4.3.9 in Ubuntu 14.04 LTS, Ubuntu 15.10 and Ubuntu 16.04 LTS. Backported regression fixes were added to Samba 3.6.25 in Ubuntu 12.04 LTS. This advisory was inadvertently published as USN-2950-2 originally. Various other issues were also addressed.
9964099b1f206087f80df7cd7fa0e5270996486fe34e8197537e2d4ab769d4ab
Cisco Security Advisory - A vulnerability in the kernel logging configuration for Firepower System Software for the Adaptive Security Appliance (ASA) 5585-X FirePOWER Security Services Processor (SSP) module could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition due to high consumption of system resources. The vulnerability is due to the logging of certain IP packets. An attacker could exploit this vulnerability by sending a flood of specially crafted IP packets to the affected device. An exploit could allow the attacker to cause the Cisco FirePOWER module to cease inspecting traffic or go offline. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
f71af0aceafd94ea29a500da9d3f98979e46875269911ed675da590ed70b44b9
Cisco Security Advisory - A vulnerability in the XML application programming interface (API) of Cisco TelePresence Codec (TC) and Collaboration Endpoint (CE) Software could allow an unauthenticated, remote attacker to bypass authentication and access a targeted system through the API. The vulnerability is due to improper implementation of authentication mechanisms for the XML API of the affected software. An attacker could exploit this vulnerability by sending a crafted HTTP request to the XML API. A successful exploit could allow the attacker to perform unauthorized configuration changes or issue control commands to the affected system by using the API. Cisco has released software updates that address this vulnerability. There is a workaround that addresses this vulnerability.
1a9ee629a44c191a23b45a92b4ebde36c0f54a5ad4fd4b4c806fad1f8bb90725
Cisco Security Advisory - A vulnerability in the packet processing functions of Cisco FirePOWER System Software could allow an unauthenticated, remote attacker to cause an affected system to stop inspecting and processing packets, resulting in a denial of service (DoS) condition. The vulnerability is due to improper packet handling by the affected software when packets are passed through the sensing interfaces of an affected system. An attacker could exploit this vulnerability by sending crafted packets through a targeted system. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
5e764ed9dfa00a567d6a7c6b44144df6ca97e9c1bd9b52d4613de8f4879d0170
Ubuntu Security Notice 2950-2 - USN-2950-1 fixed vulnerabilities in Samba. The fixes introduced in Samba 4.3.8 caused certain regressions and interoperability issues. This update resolves some of these issues by updating to Samba 4.3.9 in Ubuntu 14.04 LTS, Ubuntu 15.10 and Ubuntu 16.04 LTS. Backported regression fixes were added to Samba 3.6.25 in Ubuntu 12.04 LTS. Various other issues were also addressed.
c93cbed83234be923370d6ba5d82693b733041d4363045f33e415c791441bba2
Debian Linux Security Advisory 3569-1 - Two vulnerabilities were discovered in openafs, an implementation of the distributed filesystem AFS.
5350c2a92faea1a018856d55ceeb910ed1a5cb1a1a955764695eac0570e686d5
Debian Linux Security Advisory 3568-1 - Pascal Cuoq and Miod Vallat discovered that Libtasn1, a library to manage ASN.1 structures, does not correctly handle certain malformed DER certificates. A remote attacker can take advantage of this flaw to cause an application using the Libtasn1 library to hang, resulting in a denial of service.
4f7c001b7918fdd39a5d7274ba1f8cef1164d9f85c0ccba2a5bcc194555b7c57
FreeBSD Security Advisory - The padding check in AES-NI CBC MAC was rewritten to be in constant time by making sure that always the same bytes are read and compared against either the MAC or padding bytes. But it no longer checked that there was enough data to have both the MAC and padding bytes. [CVE-2016-2107] An overflow can occur in the EVP_EncodeUpdate() function which is used for Base64 encoding of binary data. [CVE-2016-2105] An overflow can occur in the EVP_EncryptUpdate() function, however it is believed that there can be no overflows in internal code due to this problem. [CVE-2016-2106] When ASN.1 data is read from a BIO using functions such as d2i_CMS_bio() a short invalid encoding can casuse allocation of large amounts of memory potentially consuming excessive resources or exhausting memory. [CVE-2016-2109] ASN1 Strings that are over 1024 bytes can cause an overread in applications using the X509_NAME_oneline() function on EBCDIC systems. [CVE-2016-2176] FreeBSD does not run on any EBCDIC systems and therefore is not affected. A MITM attacker can use a padding oracle attack to decrypt traffic when the connection uses an AES CBC cipher and the server support AES-NI. [CVE-2016-2107] If an attacker is able to supply very large amounts of input data then a length check can overflow resulting in a heap corruption. [CVE-2016-2105] Any application parsing untrusted data through d2i BIO functions are vulnerable to memory exhaustion attack. [CVE-2016-2109] TLS applications are not affected.
182b52531dd70de627d6fe99dbbd9fa0404b54c26fd1b7e6a5ebb96e63de362d
Cisco Security Advisory - On May 3, 2016, the OpenSSL Software Foundation released a security advisory that included six vulnerabilities. Out of the six vulnerabilities disclosed, four of them may cause a memory corruption or excessive memory usage, one could allow a padding oracle attack to decrypt traffic when the connection uses an AES CBC cipher and the server supports AES-NI, and, lastly, one is specific to a product performing an operation with Extended Binary Coded Decimal Interchange Code (EBCDIC) encoding. Multiple Cisco products incorporate a version of the OpenSSL package affected by one or more vulnerabilities. This advisory will be updated as additional information becomes available.
5a1d26ffa965666042771287e49eabd16666cb21629b1910bc5f2603d13803ea
Debian Linux Security Advisory 3567-1 - It was discovered that libpam-sshauth, a PAM module to authenticate using an SSH server, does not correctly handle system users. In certain configurations an attacker can take advantage of this flaw to gain root privileges.
13a99d95340e817f1b8e1ea5b49769e77dd6effc9f35fd09cb7ea8fdff44b267
Ubuntu Security Notice 2964-1 - Multiple vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity, and availability. An attacker could exploit these to cause a denial of service, expose sensitive data over the network, or possibly execute arbitrary code. A vulnerability was discovered in the OpenJDK JRE related to information disclosure. An attacker could exploit this to expose sensitive data over the network. Various other issues were also addressed.
6bae2763b80a8d7b32d5685bff42586f95d773670b03b3b26026900a3ac7fdf5
Ubuntu Security Notice 2963-1 - Multiple vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity, and availability. An attacker could exploit these to cause a denial of service, expose sensitive data over the network, or possibly execute arbitrary code. CVE-2016-0687, Multiple vulnerabilities were discovered in the OpenJDK JRE related to information disclosure. An attacker could exploit this to expose sensitive data over the network. Various other issues were also addressed.
1dc6043b60bef399d9cc5b979104a50ea202d1352f4458598c7f58c7687fd5d6
ManageEngine Applications Manager build 12700 suffers from information disclosure and remote SQL injection vulnerabilities.
9638bd04858f548d97b6c5c4af204f6913898488f0894e3070466dacb592dded