Red Hat Security Advisory 2017-0847-01

Red Hat Security Advisory 2017-0847-01 – The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fix: It was found that the fix for CVE-2015-3148 in curl was incomplete. An application using libcurl with HTTP Negotiate authentication could incorrectly re-use credentials for subsequent requests to the same server.

Link: https://packetstormsecurity.com/files/141851/RHSA-2017-0847-01.txt

Ubuntu Security Notice USN-3236-1

Ubuntu Security Notice 3236-1 – Multiple vulnerabilities were discovered in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to obtain sensitive information, spoof application UI by causing the security status API or webview URL to indicate the wrong values, bypass security restrictions, cause a denial of service via application crash, or execute arbitrary code. Various other issues were also addressed.

Link: https://packetstormsecurity.com/files/141854/USN-3236-1.txt

Ubuntu Security Notice USN-3249-2

Ubuntu Security Notice 3249-2 – USN-3249-1 fixed a vulnerability in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. It was discovered that the xfrm framework for transforming packets in the Linux kernel did not properly validate data received from user space. A local attacker could use this to cause a denial of service or execute arbitrary code with administrative privileges. Various other issues were also addressed.

Link: https://packetstormsecurity.com/files/141857/USN-3249-2.txt