Ubuntu Security Notice 2956-1 - Zygmunt Krynicki discovered that ubuntu-core-launcher did not properly sanitize its input and contained a logic error when determining the mountpoint of bind mounts when using snaps on Ubuntu classic systems (eg, traditional desktop and server). If a user were tricked into installing a malicious snap with a crafted snap name, an attacker could perform a delayed attack to steal data or execute code within the security context of another snap. This issue did not affect Ubuntu Core systems.
Debian Linux Security Advisory 3561-1 - Several vulnerabilities were discovered in Subversion, a version control system.
GLPI version 0.90.2 suffers from a remote SQL injection vulnerability.
Mozilla continues to ship Firefox and Thunderbird for Windows with a vulnerable executable installer.
WordPress Truemag theme from 2016 Q2 suffers from a cross site scripting vulnerability.
431 bytes small NULL free shellcode for windows that is a primitive keylogger that writes to a file.
HP Security Bulletin HPSBUX03583 SSRT110084 1 - Potential security vulnerabilities have been identified in the HP-UX BIND service running named. These vulnerabilities could be exploited remotely to create a Denial of Service (DoS). Revision 1 of this advisory.
An integer wrap may occur in PHP 7.x before version 7.0.6 when reading zip files with the getFromIndex() and getFromName() methods of ZipArchive, resulting in a heap overflow. Full exploit included.
Red Hat Security Advisory 2016-0699-01 - In accordance with the Red Hat Enterprise Developer Toolset Life Cycle policy, the Red Hat Developer Toolset Version 3.x offering will be retired as of October 31, 2016, and support will no longer be provided. Accordingly, Red Hat will no longer provide updated packages, including Critical impact security patches or urgent priority bug fixes, for Developer Toolset Version 3.x after October 31, 2016.
Debian Linux Security Advisory 3560-1 - Several vulnerabilities were found in PHP, a general-purpose scripting language commonly used for web application development.
Apache Cordova iOS versions 3.9.1 and below suffer from an access bypass vulnerability.
Apache Cordova iOS versions 3.9.1 and below allow for arbitrary plugin execution.
PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network devices, detection of abnormal network activities including from remote snort sensors, isolation of problematic devices, remediation through a captive portal, and registration-based and scheduled vulnerability scans.