Download
| Alert*
|
oval:org.secpod.oval:def:39489
libxml2: GNOME XML library Several security issues were fixed in libxml2. oval:org.secpod.oval:def:41130 gnutls28: GNU TLS library - gnutls26: GNU TLS library Several security issues were fixed in GnuTLS. oval:org.secpod.oval:def:703595 lightdm: Display Manager LightDM could allow unintended access to files. oval:org.secpod.oval:def:703580 libxslt: XSLT processing library Several security issues were fixed in Libxslt. oval:org.secpod.oval:def:703322 Ubuntu 16.10 is installed oval:org.secpod.oval:def:38613 nss: Network Security Service library Several security issues were fixed in NSS. oval:org.secpod.oval:def:703677 systemd: system and service manager systemd-resolved could be made to crash or run programs if it received a specially crafted DNS response. oval:org.secpod.oval:def:703668 linux: Linux kernel Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:703667 linux-raspi2: Linux kernel for Raspberry Pi 2 Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:39199 libarchive: Library to read/write archive files libarchive could be made to crash, overwrite files, or run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:703404 apt: Advanced front-end for dpkg Details: USN-3156-1 fixed vulnerabilities in APT. It also caused a bug in unattended-upgrades on that may require manual intervention to repair. Users on Ubuntu 16.10 should run the following commands at a terminal: sudo dpkg --configure --pending sudo apt-get -f ins ... oval:org.secpod.oval:def:703646 linux: Linux kernel - linux-raspi2: Linux kernel for Raspberry Pi 2 The system could be made to run programs as an administrator. oval:org.secpod.oval:def:703401 apport: automatically generate crash reports for debugging Apport could be made to run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:703393 linux-raspi2: Linux kernel for Raspberry Pi 2 The system could be made to crash or run programs as an administrator. oval:org.secpod.oval:def:703391 linux: Linux kernel The system could be made to crash or run programs as an administrator. oval:org.secpod.oval:def:703610 linux: Linux kernel - linux-raspi2: Linux kernel for Raspberry Pi 2 The system could be made to crash or run programs as an administrator. oval:org.secpod.oval:def:703377 linux: Linux kernel Several security issues were fixed in the kernel. oval:org.secpod.oval:def:703350 linux-raspi2: Linux kernel for Raspberry Pi 2 The system could be made to crash under certain conditions. oval:org.secpod.oval:def:703348 linux: Linux kernel The system could be made to crash under certain conditions. oval:org.secpod.oval:def:703321 linux: Linux kernel The system could be made to run programs as an administrator. oval:org.secpod.oval:def:703325 linux-raspi2: Linux kernel for Raspberry Pi 2 The system could be made to run programs as an administrator. oval:org.secpod.oval:def:703424 linux-raspi2: Linux kernel for Raspberry Pi 2 Several security issues were fixed in the kernel. oval:org.secpod.oval:def:703429 linux: Linux kernel Several security issues were fixed in the kernel. oval:org.secpod.oval:def:703537 linux: Linux kernel - linux-raspi2: Linux kernel for Raspberry Pi 2 The system could be made to crash or run programs as an administrator. oval:org.secpod.oval:def:703500 linux: Linux kernel - linux-raspi2: Linux kernel for Raspberry Pi 2 The system could be made to crash or run programs as an administrator. oval:org.secpod.oval:def:38802 tomcat8: Servlet and JSP engine - tomcat7: Servlet and JSP engine - tomcat6: Servlet and JSP engine Several security issues were fixed in Tomcat. oval:org.secpod.oval:def:37871 dbus: simple interprocess messaging system Several security issues were fixed in DBus. oval:org.secpod.oval:def:40152 bind9: Internet Domain Name Server Bind could be made to crash if it received specially crafted network traffic. oval:org.secpod.oval:def:39292 The host is installed with zziplib package on Ubuntu 16.04, Ubuntu 14.04, Ubuntu 16.10 or Ubuntu 12.04 and is prone to a denial of service vulnerability. A flaw is present in application, which fails to properly handle a crafted zip files. Successful exploitation could allow remote attackers to caus ... oval:org.secpod.oval:def:39290 The host is installed with zziplib package on Ubuntu 16.04, Ubuntu 14.04, Ubuntu 16.10 or Ubuntu 12.04 and is prone to a denial of service vulnerability. A flaw is present in application, which fails to properly handle a crafted zip files. Successful exploitation could allow remote attackers to caus ... oval:org.secpod.oval:def:39291 The host is installed with zziplib package on Ubuntu 16.04, Ubuntu 14.04, Ubuntu 16.10 or Ubuntu 12.04 and is prone to a denial of service vulnerability. A flaw is present in application, which fails to properly handle a crafted zip files. Successful exploitation could allow remote attackers to caus ... oval:org.secpod.oval:def:39289 The host is installed with zziplib package on Ubuntu 16.04, Ubuntu 14.04, Ubuntu 16.10 or Ubuntu 12.04 and is prone to a denial of service vulnerability. A flaw is present in application, which fails to properly handle a crafted zip files. Successful exploitation could allow remote attackers to caus ... oval:org.secpod.oval:def:38999 irssi: terminal based IRC client Several security issues were fixed in Irssi. oval:org.secpod.oval:def:39281 The host is installed with icoutils through 0:0.31.0-3 on Ubuntu 16.04, 0:0.31.0-2+deb8u2build0.14.04.1 on Ubuntu 14.04, 0:0.31.0-3build1 on Ubuntu 16.10 or 0:0.29.1-2ubuntu0.1 on Ubuntu 12.04 and is prone to a buffer overflow vulnerability. A flaw is present in scripts, which fails to properly hand ... oval:org.secpod.oval:def:39282 The host is installed with zziplib package on Ubuntu 16.04, Ubuntu 14.04, Ubuntu 16.10 or Ubuntu 12.04 and is prone to a denial of service vulnerability. A flaw is present in application, which fails to properly handle a crafted zip files. Successful exploitation could allow remote attackers to caus ... oval:org.secpod.oval:def:39286 The host is installed with zziplib package on Ubuntu 16.04, Ubuntu 14.04, Ubuntu 16.10 or Ubuntu 12.04 and is prone to a denial of service vulnerability. A flaw is present in application, which fails to properly handle a crafted zip files. Successful exploitation could allow remote attackers to caus ... oval:org.secpod.oval:def:39287 The host is installed with zziplib package on Ubuntu 16.04, Ubuntu 14.04, Ubuntu 16.10 or Ubuntu 12.04 and is prone to a denial of service vulnerability. A flaw is present in application, which fails to properly handle a crafted zip files. Successful exploitation could allow remote attackers to caus ... oval:org.secpod.oval:def:39288 The host is installed with zziplib package on Ubuntu 16.04, Ubuntu 14.04, Ubuntu 16.10 or Ubuntu 12.04 and is prone to a denial of service vulnerability. A flaw is present in application, which fails to properly handle a crafted zip files. Successful exploitation could allow remote attackers to caus ... oval:org.secpod.oval:def:39280 The host is installed with icoutils through 0:0.31.0-3 on Ubuntu 16.04, 0:0.31.0-2+deb8u2build0.14.04.1 on Ubuntu 14.04, 0:0.31.0-3build1 on Ubuntu 16.10 or 0:0.29.1-2ubuntu0.1 on Ubuntu 12.04 and is prone to a buffer overflow vulnerability. A flaw is present in scripts, which fails to properly hand ... oval:org.secpod.oval:def:39279 The host is installed with icoutils through 0:0.31.0-3 on Ubuntu 16.04, 0:0.31.0-2+deb8u2build0.14.04.1 on Ubuntu 14.04, 0:0.31.0-3build1 on Ubuntu 16.10 or 0:0.29.1-2ubuntu0.1 on Ubuntu 12.04 and is prone to a buffer overflow vulnerability. A flaw is present in scripts, which fails to properly hand ... oval:org.secpod.oval:def:38739 bind9: Internet Domain Name Server Several security issues were fixed in Bind. oval:org.secpod.oval:def:37885 curl: HTTP, HTTPS, and FTP client and client libraries Several security issues were fixed in curl. oval:org.secpod.oval:def:38605 The host is installed with python-html5lib, python-html5lib-whl or python3-html5lib prone to an unspecified vulnerability. A flaw is present in the application, which fails to properly handle characters. An attacker who successfully exploited these vulnerability could have unspecified impact oval:org.secpod.oval:def:38606 The host is installed with python-html5lib, python-html5lib-whl or python3-html5lib prone to an unspecified vulnerability. A flaw is present in the application, which fails to properly handle characters. An attacker who successfully exploited these vulnerability could have cross site scripting oval:org.secpod.oval:def:40657 libytnef: improved decoder for application/ms-tnef attachments libytnef could be made to crash or run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:38100 The host is installed with cryptsetup through 2:1.6.6-5ubuntu2 on Ubuntu 16.04, cryptsetup through 2:1.6.1-1ubuntu1 on Ubuntu 14.04, cryptsetup through 2:1.7.2-0ubuntu1 on Ubuntu 16.10 or cryptsetup through 2:1.4.1-2ubuntu4 on Ubuntu 12.04 and is prone to security bypass vulnerability. A flaw is pre ... oval:org.secpod.oval:def:41167 libgcrypt20: LGPL Crypto library - libgcrypt11: LGPL Crypto library Several security issues were fixed in Libgcrypt. oval:org.secpod.oval:def:703399 firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website. oval:org.secpod.oval:def:703398 oxide-qt: Web browser engine for Qt Several security issues were fixed in Oxide. oval:org.secpod.oval:def:703385 ghostscript: PostScript and PDF interpreter Ghostscript could be made to crash, run programs, or disclose sensitive information if it processed a specially crafted file. oval:org.secpod.oval:def:703384 oxide-qt: Web browser engine for Qt Several security issues were fixed in Oxide. oval:org.secpod.oval:def:703383 c-ares: library for asynchronous name resolves c-ares could be made to crash or run programs if it processed a specially crafted hostname. oval:org.secpod.oval:def:703493 php7.0: HTML-embedded scripting language interpreter Details: USN-3211-1 fixed vulnerabilities in PHP by updating to the new 7.0.15 upstream release. PHP 7.0.15 introduced a regression when using MySQL with large blobs. This update fixes the problem with a backported fix. Original advisory USN-3211- ... oval:org.secpod.oval:def:703499 network-manager-applet: GNOME frontend for NetworkManager The system could be made to expose sensitive information. oval:org.secpod.oval:def:703376 firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website. oval:org.secpod.oval:def:703375 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:38027 qemu: Machine emulator and virtualizer - qemu-kvm: Machine emulator and virtualizer Several security issues were fixed in QEMU. oval:org.secpod.oval:def:703370 gst-plugins-good1.0: GStreamer plugins - gst-plugins-good0.10: GStreamer plugins Details: USN-3135-1 fixed a vulnerability in GStreamer Good Plugins. The original security fix was incomplete. This update fixes the problem. Original advisory GStreamer could be made to crash or run programs as your lo ... oval:org.secpod.oval:def:703490 libgd2: GD Graphics Library The GD library could be made to crash or run programs if it processed a specially crafted image file. oval:org.secpod.oval:def:703379 imagemagick: Image manipulation programs and library Several security issues were fixed in ImageMagick. oval:org.secpod.oval:def:703483 imagemagick: Image manipulation programs and library Details: USN-3142-1 fixed vulnerabilities in ImageMagick. The security fixes introduced a regression with text labels and a regression with the text coder. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-31 ... oval:org.secpod.oval:def:703361 gst-plugins-good1.0: GStreamer plugins - gst-plugins-good0.10: GStreamer plugins GStreamer could be made to crash or run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:703367 lxc: Linux Containers userspace tools LXC could be made to allow containers to access to the host filesystem. oval:org.secpod.oval:def:703366 moin: Collaborative hypertext environment Several security issues were fixed in MoinMoin. oval:org.secpod.oval:def:703369 python-cryptography: Cryptography Python library python-cryptography could generate incorrect keys. oval:org.secpod.oval:def:703473 python-crypto: cryptographic algorithms and protocols for Python Details: USN-3199-1 fixed a vulnerability in the Python Cryptography Toolkit. Unfortunately, various programs depended on the original behavior of the Python Cryptography Toolkit which was altered when fixing the vulnerability. This up ... oval:org.secpod.oval:def:703471 bind9: Internet Domain Name Server Bind could be made to crash if it received specially crafted network traffic. oval:org.secpod.oval:def:703470 python-crypto: cryptographic algorithms and protocols for Python Programs using the Python Cryptography Toolkit could be made to crash or run programs if they receive specially crafted network traffic or other input. oval:org.secpod.oval:def:703476 spice: SPICE protocol client and server library Spice could be made to crash or run programs if it received specially crafted network traffic. oval:org.secpod.oval:def:703359 tar: GNU version of the tar archiving utility tar could be made to overwrite files. oval:org.secpod.oval:def:703358 imagemagick: Image manipulation programs and library Several security issues were fixed in ImageMagick. oval:org.secpod.oval:def:703479 tcpdump: command-line network traffic analyzer tcpdump could be made to crash or run programs if it received specially crafted network traffic. oval:org.secpod.oval:def:703460 oxide-qt: Web browser engine for Qt Several security issues were fixed in Oxide. oval:org.secpod.oval:def:703581 ghostscript: PostScript and PDF interpreter Several security issues were fixed in Ghostscript. oval:org.secpod.oval:def:703343 memcached: high-performance memory object caching system Memcached could be made to crash or run programs if it received specially crafted network traffic. oval:org.secpod.oval:def:703467 libgc: Boehm-Demers-Weiser garbage collecting storage allocator library Applications using libgc could be made to crash or run programs as your login. oval:org.secpod.oval:def:703334 mailman: Powerful, web-based mailing list manager Several security issues were fixed in Mailman. oval:org.secpod.oval:def:703333 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:703332 firefox: Mozilla Open Source web browser Several security issues were fixed in Firefox. oval:org.secpod.oval:def:703331 nginx: small, powerful, scalable web/proxy server Details: USN-3114-1 fixed a vulnerability in nginx. A packaging issue prevented nginx from being reinstalled or upgraded to a subsequent release. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-3114-1 introduc ... oval:org.secpod.oval:def:703338 bind9: Internet Domain Name Server Bind could be made to crash if it received specially crafted network traffic. oval:org.secpod.oval:def:703459 firefox: Mozilla Open Source web browser Details: USN-3175-1 fixed vulnerabilities in Firefox. The update caused a regression on systems where the AppArmor profile for Firefox is set to enforce mode. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-3175-1 intr ... oval:org.secpod.oval:def:703337 python-django: High-level Python web development framework Several security issues were fixed in Django. oval:org.secpod.oval:def:703579 mysql-5.7: MySQL database - mysql-5.5: MySQL database Several security issues were fixed in MySQL. oval:org.secpod.oval:def:703339 oxide-qt: Web browser engine for Qt Several security issues were fixed in Oxide. oval:org.secpod.oval:def:703440 firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website. oval:org.secpod.oval:def:703444 iucode-tool: Intel processor microcode tool iucode-tool could be made to crash or run programs if it opened a specially crafted file. oval:org.secpod.oval:def:703443 libxpm: X11 pixmap library libXpm could be made to crash or run programs if it opened a specially crafted file. oval:org.secpod.oval:def:703563 dovecot: IMAP and POP3 email server Details: USN-3258-1 intended to fix a vulnerability in Dovecot. Further investigation revealed that only Dovecot versions 2.2.26 and newer were affected by the vulnerability. Additionally, the change introduced a regression when Dovecot was configured to use the & ... oval:org.secpod.oval:def:703562 dovecot: IMAP and POP3 email server Dovecot could be made to crash if it received specially crafted input. oval:org.secpod.oval:def:703327 nginx: small, powerful, scalable web/proxy server The system could be made to run programs as an administrator. oval:org.secpod.oval:def:703446 ntfs-3g: read/write NTFS driver for FUSE NTFS-3G could be made to load kernel modules as an administrator. oval:org.secpod.oval:def:703566 freetype: FreeType 2 is a font engine library FreeType could be made to crash or run programs if it opened a specially crafted font file. oval:org.secpod.oval:def:703329 quagga: BGP/OSPF/RIP routing daemon Quagga could be made to crash if it received specially crafted network traffic. oval:org.secpod.oval:def:703328 mysql-5.7: MySQL database - mysql-5.5: MySQL database Several security issues were fixed in MySQL. oval:org.secpod.oval:def:703550 samba: SMB/CIFS file, print, and login server for Unix Details: USN-3242-1 fixed a vulnerability in Samba. The upstream fix introduced a regression when Samba is configured to disable following symbolic links. This update fixes the problem. Original advisory USN-3242-1 introduced a regression in Sam ... oval:org.secpod.oval:def:703433 nvidia-graphics-drivers-304: NVIDIA binary X.Org driver - nvidia-graphics-drivers-340: NVIDIA binary X.Org driver NVIDIA graphics drivers could be made to crash under certain conditions. oval:org.secpod.oval:def:703554 nagios3: host/service/network monitoring and management system Several security issues were fixed in Nagios. oval:org.secpod.oval:def:703558 lightdm: Display Manager LightDM could be made to run programs as an administrator. oval:org.secpod.oval:def:703557 python-django: High-level Python web development framework Several security issues were fixed in Django. oval:org.secpod.oval:def:703435 pcsc-lite: Middleware to access a smart card using PC/SC PCSC-Lite could be made to crash or run programs as an administrator if it received specially crafted input. oval:org.secpod.oval:def:703434 mysql-5.7: MySQL database - mysql-5.5: MySQL database Several security issues were fixed in MySQL. oval:org.secpod.oval:def:703439 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:703547 apparmor: Linux security system AppArmor could remove the confinement from some programs. oval:org.secpod.oval:def:703425 libvncserver: vnc server library Several security issues were fixed in LibVNCServer. oval:org.secpod.oval:def:703546 oxide-qt: Web browser engine for Qt Several security issues were fixed in Oxide. oval:org.secpod.oval:def:703545 gst-plugins-base1.0: GStreamer Plugins - gst-plugins-base0.10: GStreamer Plugins GStreamer Base Plugins could be made to crash if it opened a specially crafted file. oval:org.secpod.oval:def:703549 firefox: Mozilla Open Source web browser Details: USN-3216-1 fixed vulnerabilities in Firefox. The update resulted in a startup crash when Firefox is used with XRDP. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-3216-1 introduced a regression in Firefox. oval:org.secpod.oval:def:703548 gst-plugins-good1.0: GStreamer plugins - gst-plugins-good0.10: GStreamer plugins GStreamer Good Plugins could be made to crash if it opened a specially crafted file. oval:org.secpod.oval:def:703535 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:703533 samba: SMB/CIFS file, print, and login server for Unix Samba could be made to expose sensitive information over the network. oval:org.secpod.oval:def:703417 exim4: Exim is a mail transport agent Exim could be made to expose private DKIM signing keys. oval:org.secpod.oval:def:703400 apt: Advanced front-end for dpkg An attacker could trick APT into installing altered packages. oval:org.secpod.oval:def:703525 firefox: Mozilla Open Source web browser An integer overflow was discovered in Firefox. oval:org.secpod.oval:def:703524 nvidia-graphics-drivers-375: NVIDIA binary X.Org driver Details: USN-3173-1 fixed a vulnerability in nvidia-graphics-drivers-304 and nvidia-graphics-drivers-340. This update provides the corresponding update for nvidia-graphics-drivers-375. Original advisory NVIDIA graphics drivers could be made to ... oval:org.secpod.oval:def:703523 imagemagick: Image manipulation programs and library Several security issues were fixed in ImageMagick. oval:org.secpod.oval:def:703529 nvidia-graphics-drivers-304: NVIDIA binary X.Org driver - nvidia-graphics-drivers-340: NVIDIA binary X.Org driver - nvidia-graphics-drivers-375: NVIDIA binary X.Org driver NVIDIA graphics drivers could be made to crash under certain conditions. oval:org.secpod.oval:def:703526 freetype: FreeType 2 is a font engine library FreeType could be made to crash or run programs if it opened a specially crafted font file. oval:org.secpod.oval:def:703516 libevent: Asynchronous event notification library Several security issues were fixed in libevent. oval:org.secpod.oval:def:703508 lxc: Linux Containers userspace tools LXC could be made to create arbitrary virtual network interfaces as an administrator. oval:org.secpod.oval:def:703502 firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website. oval:org.secpod.oval:def:703506 imagemagick: Image manipulation programs and library Several security issues were fixed in ImageMagick. oval:org.secpod.oval:def:703700 evince: Document viewer Evince could be made run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:703705 apport: automatically generate crash reports for debugging An attacker could trick a user into opening a malicious .crash file and execute arbitrary code as the user. oval:org.secpod.oval:def:703594 firefox: Mozilla Open Source web browser Details: USN-3260-1 fixed vulnerabilities in Firefox. The update caused the date picker panel and form validation errors to close immediately on opening. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-3260-1 caused a ... oval:org.secpod.oval:def:703599 git: fast, scalable, distributed revision control system Git could be made to expose sensitive information over the network. oval:org.secpod.oval:def:703583 icu: International Components for Unicode library Several security issues were fixed in ICU. oval:org.secpod.oval:def:703582 libreoffice: Office productivity suite LibreOffice could be made to crash or run programs as your login if it opened a specially crafted EMF file. oval:org.secpod.oval:def:703585 freetype: FreeType 2 is a font engine library FreeType could be made to crash or run programs if it opened a specially crafted font file. oval:org.secpod.oval:def:703584 shadow: system login tools su could be made to crash or stop programs as an administrator. oval:org.secpod.oval:def:703588 apache2: Apache HTTP server Several security issues were fixed in Apache HTTP Server. oval:org.secpod.oval:def:703693 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:703692 samba: SMB/CIFS file, print, and login server for Unix Samba could be made to hang if it received specially crafted network traffic. oval:org.secpod.oval:def:703694 poppler: PDF rendering library poppler could be made to crash or run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:703699 nginx: small, powerful, scalable web/proxy server nginx could be made to expose sensitive information over the network. oval:org.secpod.oval:def:703685 bind9: Internet Domain Name Server Bind could be made to serve incorrect information or expose sensitive information over the network. oval:org.secpod.oval:def:703674 nss: Network Security Service library NSS could be made to crash if it received specially crafted network traffic. oval:org.secpod.oval:def:703673 valgrind: instrumentation framework for building dynamic analysis tools Valgrind could be made to crash or run programs if it opened a specially crafted file. oval:org.secpod.oval:def:703672 openvpn: virtual private network software Several security issues were fixed in OpenVPN. oval:org.secpod.oval:def:703662 exim4: Exim is a mail transport agent Exim could be made to run programs as an administrator. oval:org.secpod.oval:def:703652 irssi: terminal based IRC client Irssi could be made to crash if it received specially crafted network traffic. oval:org.secpod.oval:def:703656 firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website. oval:org.secpod.oval:def:703655 zziplib: library providing read access on ZIP-archives zziplib could be made to crash or run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:703654 libmwaw: import library for some old Mac text documents libmwaw could be made to crash or run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:703659 glibc: GNU C Library - eglibc: GNU C Library Gnu C library could be made to run programs as an administrator. oval:org.secpod.oval:def:703642 libnl3: library for dealing with netlink sockets libnl could be made to crash or run programs. oval:org.secpod.oval:def:703641 lintian: Debian package checker lintian could be made to run programs if it processed a specially crafted package. oval:org.secpod.oval:def:703647 nagios3: host/service/network monitoring and management system Details: USN-3253-1 fixed vulnerabilities in Nagios. The update prevented log files from being displayed in the web interface. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-3253-1 introduced a r ... oval:org.secpod.oval:def:703631 tiff: Tag Image File Format library Details: USN-3212-1 fixed vulnerabilities in LibTIFF. Unfortunately, some of the security patches were misapplied, which caused a regression when processing certain images. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-3 ... oval:org.secpod.oval:def:703639 libtasn1-6: Library to manage ASN.1 structures Libtasn1 could be made to crash or run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:703638 openldap: OpenLDAP utilities OpenLDAP could be made to crash if it received specially crafted network traffic. oval:org.secpod.oval:def:703637 libsndfile: Library for reading/writing audio files Several security issues were fixed in libsndfile. oval:org.secpod.oval:def:703636 nvidia-graphics-drivers-375: NVIDIA binary X.Org driver NVIDIA graphics drivers could be made to crash or run programs as an administrator. oval:org.secpod.oval:def:703620 miniupnpc: UPnP IGD client lightweight library MiniUPnP could be made to crash or run programs if it received specially crafted network traffic. oval:org.secpod.oval:def:703629 strongswan: IPsec VPN solution strongSwan could be made to crash or hang if it received specially crafted network traffic. oval:org.secpod.oval:def:703622 juju-core: next generation service orchestration system The system could be made to run programs as an administrator. oval:org.secpod.oval:def:703621 firefox: Mozilla Open Source web browser Firefox was updated to a new version. oval:org.secpod.oval:def:703628 sudo: Provide limited super user privileges to specific users Sudo could be made to overwrite files as the administrator. oval:org.secpod.oval:def:703627 imagemagick: Image manipulation programs and library Several security issues were fixed in ImageMagick. oval:org.secpod.oval:def:703619 samba: SMB/CIFS file, print, and login server for Unix Samba could be made to run programs as an administrator. oval:org.secpod.oval:def:703618 jbig2dec: JBIG2 decoder library Several security issues were fixed in jbig2dec. oval:org.secpod.oval:def:703612 bash: GNU Bourne Again SHell Several security issues were fixed in Bash. oval:org.secpod.oval:def:703609 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:703607 shadow: system login tools Details: USN-3276-1 intended to fix a vulnerability in su. The solution introduced a regression in su signal handling. This update modifies the security fix. We apologize for the inconvenience. Original advisory USN-3276-1 introduced a regression in su. oval:org.secpod.oval:def:703603 ghostscript: PostScript and PDF interpreter Details: USN-3272-1 fixed vulnerabilities in Ghostscript. This change introduced a regression when the DELAYBIND feature is used with the eqproc command. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-3272-1 introd ... oval:org.secpod.oval:def:703513 pillow: Python Imaging Library Several security issues were fixed in Pillow. oval:org.secpod.oval:def:703596 openjdk-8: Open Source Java implementation Several security issues were fixed in OpenJDK 8. oval:org.secpod.oval:def:703340 openjdk-8: Open Source Java implementation Several security issues were fixed in OpenJDK 8. oval:org.secpod.oval:def:703542 eject: ejects CDs and operates CD-Changers under Linux Eject could be made to run programs as an administrator. oval:org.secpod.oval:def:703512 icu: International Components for Unicode library Several security issues were fixed in ICU. oval:org.secpod.oval:def:41172 ntp: Network Time Protocol daemon and utility programs Several security issues were fixed in NTP. oval:org.secpod.oval:def:703707 expat: XML parsing C library Expat could be made to hang if it received specially crafted input. oval:org.secpod.oval:def:703701 samba: SMB/CIFS file, print, and login server for Unix Samba could allow unintended access to network services. oval:org.secpod.oval:def:703702 heimdal: Heimdal Kerberos Network Authentication Protocol Heimdal could allow unintended access to network services. oval:org.secpod.oval:def:703357 firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website. oval:org.secpod.oval:def:41305 The host is installed with zlib dependencies through 1:1.2.8.dfsg-2ubuntu4.1 on Ubuntu 16.04, through 1:1.2.8.dfsg-1ubuntu1 on Ubuntu 14.04, through 1:1.2.8.dfsg-2ubuntu5.1 on Ubuntu 16.10 or through 1:1.2.11.dfsg-0ubuntu1 on Ubuntu 12.04 and is prone to a denial of service vulnerability. A flaw is ... oval:org.secpod.oval:def:41306 The host is installed with zlib dependencies through 1:1.2.8.dfsg-2ubuntu4.1 on Ubuntu 16.04, through 1:1.2.8.dfsg-1ubuntu1 on Ubuntu 14.04, through 1:1.2.8.dfsg-2ubuntu5.1 on Ubuntu 16.10 or through 1:1.2.11.dfsg-0ubuntu1 on Ubuntu 12.04 and is prone to a denial of service vulnerability. A flaw is ... oval:org.secpod.oval:def:41304 The host is installed with zlib dependencies through 1:1.2.8.dfsg-2ubuntu4.1 on Ubuntu 16.04, through 1:1.2.8.dfsg-1ubuntu1 on Ubuntu 14.04, through 1:1.2.8.dfsg-2ubuntu5.1 on Ubuntu 16.10 or through 1:1.2.11.dfsg-0ubuntu1 on Ubuntu 12.04 and is prone to a denial of service vulnerability. A flaw is ... oval:org.secpod.oval:def:41307 The host is installed with zlib dependencies through 1:1.2.8.dfsg-2ubuntu4.1 on Ubuntu 16.04, through 1:1.2.8.dfsg-1ubuntu1 on Ubuntu 14.04, through 1:1.2.8.dfsg-2ubuntu5.1 on Ubuntu 16.10 or through 1:1.2.11.dfsg-0ubuntu1 on Ubuntu 12.04 and is prone to a denial of service vulnerability. A flaw is ... oval:org.secpod.oval:def:703469 webkit2gtk: Web content engine library for GTK+ Several security issues were fixed in WebKitGTK+. oval:org.secpod.oval:def:703458 webkit2gtk: Web content engine library for GTK+ Several security issues were fixed in WebKitGTK+. oval:org.secpod.oval:def:703457 nettle: low level cryptographic library Nettle could be made to expose sensitive information over the network. oval:org.secpod.oval:def:703561 webkit2gtk: Web content engine library for GTK+ Several security issues were fixed in WebKitGTK+. oval:org.secpod.oval:def:703565 qemu: Machine emulator and virtualizer Several security issues were fixed in QEMU. oval:org.secpod.oval:def:703559 linux: Linux kernel - linux-raspi2: Linux kernel for Raspberry Pi 2 - linux-aws: Linux kernel for Amazon Web Services systems - linux-gke: Linux kernel for Google Container Engine systems - linux-snapdragon: Linux kernel for Snapdragon Processors - linux-ti-omap4: Linux kernel for OMAP4 The system ... oval:org.secpod.oval:def:703410 linux-raspi2: Linux kernel for Raspberry Pi 2 Several security issues were fixed in the kernel. oval:org.secpod.oval:def:703408 linux: Linux kernel Several security issues were fixed in the kernel. oval:org.secpod.oval:def:703630 webkit2gtk: Web content engine library for GTK+ Several security issues were fixed in WebKitGTK+. oval:org.secpod.oval:def:703601 qemu: Machine emulator and virtualizer Several security issues were fixed in QEMU. oval:org.secpod.oval:def:703441 openssl: Secure Socket Layer cryptographic library and tools Several security issues were fixed in OpenSSL. oval:org.secpod.oval:def:703445 gnutls28: GNU TLS library - gnutls26: GNU TLS library Several security issues were fixed in GnuTLS. oval:org.secpod.oval:def:39003 squid3: Web proxy cache server Squid could be made to expose sensitive information over the network. oval:org.secpod.oval:def:703405 samba: SMB/CIFS file, print, and login server for Unix Several security issues were fixed in Samba. oval:org.secpod.oval:def:703368 vim: Vi IMproved - enhanced vi editor Vim could be made run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:703519 libxml2: GNOME XML library Several security issues were fixed in libxml2. oval:org.secpod.oval:def:703488 php7.0: HTML-embedded scripting language interpreter Several security issues were fixed in PHP. oval:org.secpod.oval:def:703335 libgd2: GD Graphics Library The GD library could be made to crash or run programs if it processed a specially crafted image file. oval:org.secpod.oval:def:703676 apache2: Apache HTTP server Several security issues were fixed in Apache HTTP Server. oval:org.secpod.oval:def:703463 linux-raspi2: Linux kernel for Raspberry Pi 2 Several security issues were fixed in the kernel. oval:org.secpod.oval:def:703450 linux: Linux kernel Several security issues were fixed in the kernel. oval:org.secpod.oval:def:703480 linux: Linux kernel - linux-raspi2: Linux kernel for Raspberry Pi 2 Several security issues were fixed in the kernel. oval:org.secpod.oval:def:703578 nss: Network Security Service library Several security issues were fixed in NSS. oval:org.secpod.oval:def:703438 openjdk-8: Open Source Java implementation Several security issues were fixed in OpenJDK 8. oval:org.secpod.oval:def:703489 tiff: Tag Image File Format library LibTIFF could be made to crash or run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:703709 linux: Linux kernel - linux-raspi2: Linux kernel for Raspberry Pi 2 Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:703571 linux: Linux kernel - linux-raspi2: Linux kernel for Raspberry Pi 2 The system could be made to crash under certain conditions. oval:org.secpod.oval:def:703689 linux: Linux kernel - linux-raspi2: Linux kernel for Raspberry Pi 2 Several security issues were fixed in the Linux kernel. |
