‫ اخبار

ID: IRCAD2015114160

Release Date: 2015-11-27

Software:

Ubuntu 15.10

Ubuntu 15.04

Ubuntu 14.04 LTS

Description:

It was discovered that rebinding of the receiver of a DirectMethodHandle may allow a protected method to be accessed. An attacker could use this to expose sensitive information or possibly execute arbitrary code.

Solution

Apply updates.

Ubuntu 15.10:

openjdk-7-jre-lib 7u91-2.6.3-0ubuntu0.15.10.1

openjdk-7-jre-zero 7u91-2.6.3-0ubuntu0.15.10.1

icedtea-7-jre-jamvm 7u91-2.6.3-0ubuntu0.15.10.1

openjdk-7-jre-headless 7u91-2.6.3-0ubuntu0.15.10.1

openjdk-7-jre 7u91-2.6.3-0ubuntu0.15.10.1

Ubuntu 15.04:

openjdk-7-jre-lib 7u91-2.6.3-0ubuntu0.15.04.1

openjdk-7-jre-zero 7u91-2.6.3-0ubuntu0.15.04.1

icedtea-7-jre-jamvm 7u91-2.6.3-0ubuntu0.15.04.1

openjdk-7-jre-headless 7u91-2.6.3-0ubuntu0.15.04.1

openjdk-7-jre 7u91-2.6.3-0ubuntu0.15.04.1

Ubuntu 14.04 LTS:

openjdk-7-jre-lib 7u91-2.6.3-0ubuntu0.14.04.1

openjdk-7-jre-zero 7u91-2.6.3-0ubuntu0.14.04.1

icedtea-7-jre-jamvm 7u91-2.6.3-0ubuntu0.14.04.1

openjdk-7-jre-headless 7u91-2.6.3-0ubuntu0.14.04.1

openjdk-7-jre 7u91-2.6.3-0ubuntu0.14.04.1

References:

http://www.ubuntu.com/usn/usn-2818-1

https://packetstormsecurity.com/files/134547/Ubuntu-Security-Notice-USN-2818-1.html

ID: IRCAD2015114159

Release Date: 2015-11-23

Software:

Red Hat Enterprise Linux Supplementary

Description:

IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit.

Solution

Updated packages are available via the Red Hat Network.

https://rhn.redhat.com

References:

https://rhn.redhat.com/errata/RHSA-2015-2506.html

https://packetstormsecurity.com/files/134498/Red-Hat-Security-Advisory-2015-2506-01.html

ID: IRCAD2015114158

Release Date: 2015-11-23

Software:

Debian GNU/Linux 7.x

Debian GNU/Linux 8.x

Description:

Ryan Butterfield discovered a vulnerability in the date template filter in python-django, a high-level Python web development framework. A remote attacker can take advantage of this flaw to obtain any secret in the application's settings.

Solution

Apply updated packages via the apt-get package manager.

References:

https://www.debian.org/security/

https://packetstormsecurity.com/files/134498/Red-Hat-Security-Advisory-2015-2506-01.html

ID: IRCAD2015114157

Release Date: 2015-11-17

Software:

Ubuntu 15.10

Ubuntu 15.04

Ubuntu 14.04 LTS

Ubuntu 12.04 LTS

Description:

Florian Weimer discovered that libxml2 incorrectly handled certain XML data. If a user or automated system were tricked into opening a specially crafted document, an attacker could possibly cause resource consumption, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 15.04. Michal Zalewski discovered that libxml2 incorrectly handled certain XML data. If a user or automated system were tricked into opening a specially crafted document, an attacker could possibly cause libxml2 to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 15.04. Various other issues were also addressed.

Solution

Apply updates.

Ubuntu 15.10:

libxml2 2.9.2+zdfsg1-4ubuntu0.1

Ubuntu 15.04:

libxml2 2.9.2+dfsg1-3ubuntu0.1

Ubuntu 14.04 LTS:

libxml2 2.9.1+dfsg1-3ubuntu4.5

Ubuntu 12.04 LTS:

libxml2 2.7.8.dfsg-5.1ubuntu4.12

References:

http://www.ubuntu.com/usn/usn-2812-1

https://packetstormsecurity.com/files/134383/Ubuntu-Security-Notice-USN-2812-1.html

ID: IRCAD2015114156

Release Date: 2015-11-20

Software:

Red Hat JBoss Enterprise 6.1

Red Hat JBoss Enterprise 6.2

Red Hat JBoss Enterprise 6.3

Red Hat JBoss Enterprise 6.4

Description:

Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7.

It was found that the Apache commons-collections library permitted code execution when deserializing objects involving a specially constructed chain of classes. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using the commons-collections library.

Solution

Updated packages are available via the Red Hat Network.

https://rhn.redhat.com

References:

RHSA-2015:1926-1:

https://rhn.redhat.com/errata/RHSA-2015-2501.html

https://packetstormsecurity.com/files/134488/Red-Hat-Security-Advisory-2015-2501-01.html

ID: IRCAD2015114155

Release Date: 2015-11-11

Software:

Gentoo Linux

Description:

Multiple vulnerabilities have been discovered in Adobe Flash Player. A remote attacker could possibly execute arbitrary code with the privileges of the process, cause a Denial of Service condition, obtain sensitive information, or bypass security restrictions.

Solution

All Adobe Flash Player users should upgrade to the latest version:

"www-plugins/adobe-flash-11.2.202.548"

References:

GLSA 201511-02:

https://security.gentoo.org/glsa/201511-02

ID: IRCAD2015114154

Release Date: 2015-11-23

Software:

Red Hat Enterprise Linux 6

Red Hat Enterprise Linux 7

Description:

Red Hat has issued an update for java-1.7.1-ibm. IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit.

This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.

Solution

Updated packages are available via the Red Hat Network.

https://rhn.redhat.com

References:

RHSA-2015:1926-1:

https://rhn.redhat.com/errata/RHSA-2015-2506.html

https://packetstormsecurity.com/files/134498/Red-Hat-Security-Advisory-2015-2506-01.html