RHEA-2016:1982-1: tzdata enhancement update

Red Hat Enterprise Linux: Updated tzdata packages that add various enhancements are now available for Red
Hat Enterprise Linux 4 Extended Life Cycle Support, Red Hat Enterprise Linux 5.6
Long Life, Red Hat Enterprise Linux 5.9 Advanced Update Support, Red Hat
Enterprise Linux 5.11, Red Hat Enterprise Linux 6.2 Advanced Update Support, Red
Hat Enterprise Linux 6.4 Advanced Update Support, Red Hat Enterprise Linux 6.5
Advanced Update Support, Red Hat Enterprise Linux 6.6 Extended Update Support,
Red Hat Enterprise Linux 6.7, Red Hat Enterprise Linux 7.1 Extended Update
Support, Red Hat Enterprise Linux 7.1 Little Endian Extended Update Support, and
Red Hat Enterprise Linux 7.2.

Read More

USN-3090-2: Pillow regresssion

Ubuntu Security Notice USN-3090-2

30th September, 2016

Pillow regression

A security issue affects these releases of Ubuntu and its
derivatives:

  • Ubuntu 14.04 LTS

Software description

  • pillow
    – Python Imaging Library compatibility layer

Details

USN-3090-1 fixed vulnerabilities in Pillow. The patch to fix CVE-2014-9601
caused a regression which resulted in failures when processing certain
png images. This update temporarily reverts the security fix for CVE-2014-9601
pending further investigation.

We apologize for the inconvenience.

Original advisory details:

It was discovered that a flaw in processing a compressed text chunk in
a PNG image could cause the image to have a large size when decompressed,
potentially leading to a denial of service. (CVE-2014-9601)

Andrew Drake discovered that Pillow incorrectly validated input. A remote
attacker could use this to cause Pillow to crash, resulting in a denial
of service. (CVE-2014-3589)

Eric Soroos discovered that Pillow incorrectly handled certain malformed
FLI, Tiff, and PhotoCD files. A remote attacker could use this issue to
cause Pillow to crash, resulting in a denial of service.
(CVE-2016-0740, CVE-2016-0775, CVE-2016-2533)

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 14.04 LTS:
python-imaging

2.3.0-1ubuntu3.3
python3-pil

2.3.0-1ubuntu3.3
python-pil

2.3.0-1ubuntu3.3
python3-imaging

2.3.0-1ubuntu3.3

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

None

References

CVE-2014-9601,

LP: 1628351

Read More

CVE-2016-5986

IBM WebSphere Application Server (WAS) 7.x before 7.0.0.43, 8.0.x before 8.0.0.13, 8.5.x before 8.5.5.11, 9.0.x before 9.0.0.2, and Liberty before 16.0.0.3 mishandles responses, which allows remote attackers to obtain sensitive information via unspecified vectors.

Read More