Daily threat and vulnerability report (Rules users see note)

Security annoucements of interest to the AtomiCorp community, such as vulnerabilities in third party applications.
User avatar
mikeshinn
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
Posts: 4149
Joined: Thu Feb 07, 2008 7:49 pm
Location: Chantilly, VA

Daily threat and vulnerability report (Rules users see note)

Unread post by mikeshinn »

Please see this forum post for an explanation of the categories used in this report

ASL users

Summary: If you use OpenMRS there is an update available that prevents serialized java remote code injection attacks.

Already protect against/Known Method/No update required

Crony Cronjob Manager 0.4.4 Cross Site Request Forgery / Cross Site Scripting
WordPress versions 4.4 Cross Site Scripting Vulnerability
CVE 2016-01-07 (Linux kernel vulnerabilities, patches available from Vendors)
CVE-2015-8746 (Linux Kernel NFS Null Pointer Dereference Lets Local Users Cause Denial of Service Conditions on the Target System)

Not already protected against/New Method/Update Available

OpenMRS Reporting Module 0.9.7 Remote Code Execution

Not already protected against/Doesnt protect against/Solution

None.

Potential Vulnerability/Solution

None.

Rules only users

Summary: Two issues today:

1) There is a Linux kernel vulnerability that may be used to called a denial of service attack.

2) If you use OpenMRS there is an update available that prevents serialized java remote code injection attacks.

Already protect against/Known Method/No update required

Crony Cronjob Manager 0.4.4 Cross Site Request Forgery / Cross Site Scripting
WordPress versions 4.4 Cross Site Scripting Vulnerability

Not already protected against/New Method/Update Available

OpenMRS Reporting Module 0.9.7 Remote Code Execution

Not already protected against/Doesnt protect against/Solution

CVE 2016-01-07 (Linux kernel vulnerabilities, patches available from Vendors)
CVE-2015-8746 (Linux Kernel NFS Null Pointer Dereference Lets Local Users Cause Denial of Service Conditions on the Target System)

Potential Vulnerability/Solution

None.
Post Reply