Red Hat Security Advisory 2016-2975-01

Red Hat Security Advisory 2016-2975-01 – GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer-plugins-good packages contain a collection of well-supported plug-ins of good quality and under the LGPL license. Security Fix: Multiple flaws were discovered in GStreamer’s FLC/FLI/FLX media file format decoding plug-in. A remote attacker could use these flaws to cause an application using GStreamer to crash or, potentially, execute arbitrary code with the privileges of the user running the application.

Link: https://packetstormsecurity.com/files/140231/RHSA-2016-2975-01.txt

Red Hat Security Advisory 2016-2973-01

Red Hat Security Advisory 2016-2973-01 – Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 45.6.0. Security Fix: Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird.

Link: https://packetstormsecurity.com/files/140228/RHSA-2016-2973-01.txt

Red Hat Security Advisory 2016-2974-01

Red Hat Security Advisory 2016-2974-01 – GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer-plugins-bad-free package contains a collection of plug-ins for GStreamer. Security Fix: An integer overflow flaw, leading to a heap-based buffer overflow, was found in GStreamer’s VMware VMnc video file format decoding plug-in. A remote attacker could use this flaw to cause an application using GStreamer to crash or, potentially, execute arbitrary code with the privileges of the user running the application.

Link: https://packetstormsecurity.com/files/140230/RHSA-2016-2974-01.txt

Nmap Port Scanner 7.40

Nmap is a utility for port scanning large networks, although it works fine for single hosts. Sometimes you need speed, other times you may need stealth. In some cases, bypassing firewalls may be required. Not to mention the fact that you may want to scan different protocols (UDP, TCP, ICMP, etc.). Nmap supports Vanilla TCP connect() scanning, TCP SYN (half open) scanning, TCP FIN, Xmas, or NULL (stealth) scanning, TCP ftp proxy (bounce attack) scanning, SYN/FIN scanning using IP fragments (bypasses some packet filters), TCP ACK and Window scanning, UDP raw ICMP port unreachable scanning, ICMP scanning (ping-sweep), TCP Ping scanning, Direct (non portmapper) RPC scanning, Remote OS Identification by TCP/IP Fingerprinting, and Reverse-ident scanning. Nmap also supports a number of performance and reliability features such as dynamic delay time calculations, packet timeout and retransmission, parallel port scanning, detection of down hosts via parallel pings.

Link: https://packetstormsecurity.com/files/140234/nmap-7.40.tgz

Ubuntu Security Notice USN-3162-2

Ubuntu Security Notice 3162-2 – CAI Qian discovered that shared bind mounts in a mount namespace exponentially added entries without restriction to the Linux kernel’s mount table. A local attacker could use this to cause a denial of service. Andreas Gruenbacher and Jan Kara discovered that the filesystem implementation in the Linux kernel did not clear the setgid bit during a setxattr call. A local attacker could use this to possibly elevate group privileges. Various other issues were also addressed.

Link: https://packetstormsecurity.com/files/140225/USN-3162-2.txt

Ubuntu Security Notice USN-3161-1

Ubuntu Security Notice 3161-1 – Tilman Schmidt and Sasha Levin discovered a use-after-free condition in the TTY implementation in the Linux kernel. A local attacker could use this to expose sensitive information. It was discovered that the Video For Linux Two implementation in the Linux kernel did not properly handle multiple planes when processing a VIDIOC_DQBUF ioctl. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.

Link: https://packetstormsecurity.com/files/140220/USN-3161-1.txt