Entries by admin

【CESA-2017:1271】An update for samba4 is now available for Red Hat Enterprise Linux 6

CESA-2017:1271 An update for samba4 is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Samba is an open-source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. Security Fix(es): * A remote code execution flaw was found in Samba. A malicious authenticated samba client, having write access to the samba share, could […]

【CESA-2017:1267】An update for rpcbind is now available for Red Hat Enterprise Linux 6

CESA-2017:1267 An update for rpcbind is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The rpcbind utility is a server that converts Remote Procedure Call (RPC) program numbers into universal addresses. It must be running on the host to be able to make RPC calls on a server on that machine. Security Fix(es): * It was found that due to the way rpcbind uses libtirpc (libntirpc), a memory […]

【CESA-2017:1268】An update for libtirpc is now available for Red Hat Enterprise Linux 6

CESA-2017:1268 An update for libtirpc is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The libtirpc packages contain SunLib’s implementation of transport-independent remote procedure call (TI-RPC) documentation, which includes a library required by programs in the nfs-utils and rpcbind packages. Security Fix(es): * It was found that due to the way rpcbind uses libtirpc (libntirpc), a memory leak can occur when parsing specially crafted XDR messages. An attacker […]

【CESA-2017:1263】An update for libtirpc is now available for Red Hat Enterprise Linux 7

CESA-2017:1263 An update for libtirpc is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The libtirpc packages contain SunLib’s implementation of transport-independent remote procedure call (TI-RPC) documentation, which includes a library required by programs in the nfs-utils and rpcbind packages. Security Fix(es): * It was found that due to the way rpcbind uses libtirpc (libntirpc), a memory leak can occur when parsing specially crafted XDR messages. An attacker […]

【CESA-2017:1262】An update for rpcbind is now available for Red Hat Enterprise Linux 7

CESA-2017:1262 An update for rpcbind is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The rpcbind utility is a server that converts Remote Procedure Call (RPC) program numbers into universal addresses. It must be running on the host to be able to make RPC calls on a server on that machine. Security Fix(es): * It was found that due to the way rpcbind uses libtirpc (libntirpc), a memory […]

【CESA-2017:1264】An update for kdelibs is now available for Red Hat Enterprise Linux 7

CESA-2017:1264 An update for kdelibs is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The K Desktop Environment (KDE) is a graphical desktop environment for the X Window System. The kdelibs packages include core libraries for the K Desktop Environment. Security Fix(es): * A privilege escalation flaw was found in the way kdelibs handled D-Bus messages. A local user could potentially use this flaw to gain root privileges […]

【CESA-2017:1265】An update for samba is now available for Red Hat Enterprise Linux 7

CESA-2017:1265 An update for samba is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Samba is an open-source implementation of the Server Message Block (SMB) protocol and the related Common Internet File System (CIFS) protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fix(es): * It was found that Samba always requested forwardable tickets when using Kerberos authentication. A service to which Samba authenticated […]

【CESA-2017:1230】An update for ghostscript is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7

CESA-2017:1230 An update for ghostscript is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fix(es): * It was found that ghostscript did not properly validate the parameters passed to the .rsdparams and .eqproc […]

【CESA-2017:1208】An update for jasper is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7

CESA-2017:1208 An update for jasper is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. JasPer is an implementation of Part 1 of the JPEG 2000 image compression standard. Security Fix(es): Multiple flaws were found in the way JasPer decoded JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash or, possibly, execute arbitrary code. (CVE-2016-8654, CVE-2016-9560, […]

【CESA-2017:1204】An update for java-1.7.0-openjdk is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7

CESA-2017:1204 An update for java-1.7.0-openjdk is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Security Fix(es): * An untrusted library search path flaw was found in the JCE component of OpenJDK. A local attacker could possibly use this flaw to cause a Java application […]