Ubuntu Security Notice USN-3330-1

Ubuntu Security Notice 3330-1 – It was discovered that the stack guard page for processes in the Linux kernel was not sufficiently large enough to prevent overlapping with the heap. An attacker could leverage this with another vulnerability to execute arbitrary code and gain administrative privileges Roee Hay discovered that the parallel port printer driver in the Linux kernel did not properly bounds check passed arguments. A local attacker with write access to the kernel command line arguments could use this to execute arbitrary code. Various other issues were also addressed.

Link: https://packetstormsecurity.com/files/143022/USN-3330-1.txt

Ubuntu Security Notice USN-3331-1

Ubuntu Security Notice 3331-1 – It was discovered that the stack guard page for processes in the Linux kernel was not sufficiently large enough to prevent overlapping with the heap. An attacker could leverage this with another vulnerability to execute arbitrary code and gain administrative privileges Roee Hay discovered that the parallel port printer driver in the Linux kernel did not properly bounds check passed arguments. A local attacker with write access to the kernel command line arguments could use this to execute arbitrary code. Various other issues were also addressed.

Link: https://packetstormsecurity.com/files/143021/USN-3331-1.txt

Ubuntu Security Notice USN-3333-1

Ubuntu Security Notice 3333-1 – It was discovered that a use-after-free flaw existed in the filesystem encryption subsystem in the Linux kernel. A local attacker could use this to cause a denial of service. It was discovered that the stack guard page for processes in the Linux kernel was not sufficiently large enough to prevent overlapping with the heap. An attacker could leverage this with another vulnerability to execute arbitrary code and gain administrative privileges Various other issues were also addressed.

Link: https://packetstormsecurity.com/files/143023/USN-3333-1.txt

Red Hat Security Advisory 2017-1551-01

Red Hat Security Advisory 2017-1551-01 – Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release of Red Hat JBoss Enterprise Application Platform 6.4.16 serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.15, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix: It was found that the log file viewer in Red Hat JBoss Enterprise Application 6 and 7 allows arbitrary file read to authenticated user via path traversal.

Link: https://packetstormsecurity.com/files/143024/RHSA-2017-1551-01.txt

Red Hat Security Advisory 2017-1552-01

Red Hat Security Advisory 2017-1552-01 – The jboss-ec2-eap packages provide scripts for Red Hat JBoss Enterprise Application Platform running on the Amazon Web Services Elastic Compute Cloud. With this update, the jboss-ec2-eap package has been updated to ensure compatibility with Red Hat JBoss Enterprise Application Platform 6.4.16. Security Fix: It was found that the log file viewer in Red Hat JBoss Enterprise Application 6 and 7 allows arbitrary file read to authenticated user via path traversal.

Link: https://packetstormsecurity.com/files/143026/RHSA-2017-1552-01.txt

Red Hat Security Advisory 2017-1548-01

Red Hat Security Advisory 2017-1548-01 – Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release of Red Hat JBoss Enterprise Application Platform 6.4.16 serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.15, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix: It was found that the log file viewer in Red Hat JBoss Enterprise Application 6 and 7 allows arbitrary file read to authenticated user via path traversal.

Link: https://packetstormsecurity.com/files/143027/RHSA-2017-1548-01.txt

Red Hat Security Advisory 2017-1549-01

Red Hat Security Advisory 2017-1549-01 – Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release of Red Hat JBoss Enterprise Application Platform 6.4.16 serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.15, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix: It was found that the log file viewer in Red Hat JBoss Enterprise Application 6 and 7 allows arbitrary file read to authenticated user via path traversal.

Link: https://packetstormsecurity.com/files/143029/RHSA-2017-1549-01.txt

Red Hat Security Advisory 2017-1550-01

Red Hat Security Advisory 2017-1550-01 – Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release of Red Hat JBoss Enterprise Application Platform 6.4.16 serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.15, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix: It was found that the log file viewer in Red Hat JBoss Enterprise Application 6 and 7 allows arbitrary file read to authenticated user via path traversal.

Link: https://packetstormsecurity.com/files/143030/RHSA-2017-1550-01.txt