Ubuntu Security Notice 4158-1 - It was discovered that LibTIFF incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges.

CA Technologies, a Broadcom Company, is alerting customers to a potential risk with CA Performance Management. A vulnerability exists that can allow a remote attacker to execute arbitrary commands. CA published solutions to address the vulnerabilities and recommends that all affected customers implement these solutions. The vulnerability occurs due to default credentials and a configuration weakness. A malicious actor may use the default credentials and exploit a weakness in the configuration to execute arbitrary commands on the Performance Center server. CA Performance Management versions 3.7.x prior to 3.7.4, 3.6.x prior to 3.6.9, and 3.5.x are affected.

Red Hat Security Advisory 2019-3136-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Issues addressed include deserialization and null pointer vulnerabilities.

Restaurant Management System version 1.0 suffers from a remote shell upload vulnerability.

VIM version 8.1.2135 suffers from a heap use-after-free vulnerability using freed memory with autocmd.

Ubuntu Security Notice 4157-1 - Wen Huang discovered that the Marvell Wi-Fi device driver in the Linux kernel did not properly perform bounds checking, leading to a heap overflow. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Matt Delco discovered that the KVM hypervisor implementation in the Linux kernel did not properly perform bounds checking when handling coalesced MMIO write operations. A local attacker with write access to /dev/kvm could use this to cause a denial of service. Various other issues were also addressed.

ThinVNC version 1.0b1 suffers from an authentication bypass vulnerability.

Red Hat Security Advisory 2019-3135-01 - The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Issues addressed include deserialization and null pointer vulnerabilities.

WordPress Popup Builder plugin version 3.49 suffers from a persistent cross site scripting vulnerability.

Red Hat Security Advisory 2019-3134-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Issues addressed include deserialization and null pointer vulnerabilities.

VMware VeloCloud versions 3.3.0 and 3.2.2 suffer from an authorization bypass vulnerability.

WordPress Soliloquy Lite plugin version 2.5.6 suffers from a persistent cross site scripting vulnerability.

WordPress FooGallery plugin version 1.8.12 suffers from a persistent cross site scripting vulnerability.

WorkgroupMail version 7.5.1 suffers from a WorkgroupMail unquoted service path vulnerability.

Web Companion version 5.1.1035.1047 suffers from a WCAssistantService unquoted service path vulnerability.

BlackMoon FTP Server version 3.1.2.1731 suffers from a BMFTP-RELEASE unquoted service path vulnerability.

Red Hat Security Advisory 2019-3007-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the openshift-enterprise-builder container image for Red Hat OpenShift Container Platform 4.1.20.

Red Hat Security Advisory 2019-3131-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the cri-o, cri-tools, faq, ignition, openshift-external-storage and pivot RPM packages, which have been rebuilt with an updated version of golang for Red Hat OpenShift Container Platform 4.1.20.

Red Hat Security Advisory 2019-3132-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the openshift RPM package for Red Hat OpenShift Container Platform 4.1.20. Issues addressed include a denial of service vulnerability.

Ubuntu Security Notice 4156-2 - USN-4156-1 fixed several vulnerabilities in SDL. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. It was discovered that SDL incorrectly handled certain images. If a user were tricked into opening a crafted image file, a remote attacker could use this issue to cause SDL to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.

Red Hat Security Advisory 2019-3127-01 - The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Issues addressed include deserialization and null pointer vulnerabilities.

Suricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded and has native IPv6 support. It's capable of loading existing Snort rules and signatures and supports the Barnyard and Barnyard2 tools.

Adobe Acrobat Reader DC for Windows suffers from a heap-based buffer overflow vulnerability that can be leveraged via malformed JP2 streams.

Debian Linux Security Advisory 4544-1 - X41 D-Sec discovered that unbound, a validating, recursive, and caching DNS resolver, did not correctly process some NOTIFY queries. This could lead to remote denial-of-service by application crash.