Gentoo Linux Security Advisory 201705-14

Gentoo Linux Security Advisory 201705-14 – A vulnerability in Smb4K could allow local attackers to execute commands as root. Versions less than 1.2.3-r1=E2=80=88 are affected.

Link: https://packetstormsecurity.com/files/142688/glsa-201705-14.txt

HP Security Bulletin HPESBHF03750 1

HP Security Bulletin HPESBHF03750 1 – Potential security vulnerabilities with NTP have been addressed for HPE network products including Comware 5, Comware 7 and VCX. The vulnerabilities could be remotely exploited resulting in Denial of Service (DoS) or unauthorized modification, or locally exploited resulting in Denial of Service (DoS). Revision 1 of this advisory.

Link: https://packetstormsecurity.com/files/142689/HPESBHF03750-1.txt

Ubuntu Security Notice USN-3296-1

Ubuntu Security Notice 3296-1 – It was discovered that Samba incorrectly handled shared libraries. A remote attacker could use this flaw to upload a shared library to a writable share and execute arbitrary code.

Link: https://packetstormsecurity.com/files/142690/USN-3296-1.txt

Ubuntu Security Notice USN-3298-2

Ubuntu Security Notice 3298-2 – USN-3298-1 fixed a vulnerability in MiniUPnP. This update provides the corresponding update for Ubuntu 17.04. It was discovered that MiniUPnP incorrectly handled memory. A remote attacker could use this issue to cause a denial of service or possibly execute arbitrary code with privileges of the user running an application that uses the MiniUPnP library. Various other issues were also addressed.

Link: https://packetstormsecurity.com/files/142691/USN-3298-2.txt

Red Hat Security Advisory 2017-1285-01

Red Hat Security Advisory 2017-1285-01 – collectd is a small C-language daemon, which reads various system metrics periodically and updates RRD files. Because the daemon does not start up each time it updates files, it has a low system footprint. The following packages have been upgraded to a newer upstream version: collectd. Security Fix: collectd contains an infinite loop due to how the parse_packet() and parse_part_sign_sha256() functions interact. If an instance of collectd is configured with “SecurityLevel None" and with empty "AuthFile" options an attacker can send crafted UDP packets that trigger the infinite loop, causing a denial of service.

Link: https://packetstormsecurity.com/files/142692/RHSA-2017-1285-01.txt