Ubuntu Security Notice 3290-1 - Marco Grassi discovered that the TCP implementation in the Linux kernel mishandles socket buffer truncation. A local attacker could use this to cause a denial of service.
563dfece3f8a1381536c36b79fbc4030397cf159f54546dca4e75ff220374ea6
Ubuntu Security Notice 3278-1 - Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit these to read uninitialized memory, cause a denial of service via application crash, or execute arbitrary code. Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to spoof the addressbar contents, conduct cross-site scripting attacks, cause a denial of service via application crash, or execute arbitrary code. Various other issues were also addressed.
5918077f633274f279ab87c4b055ad1b8af6e26633eab66e02241fb795da1fa5
Mozilla Firefox version 52.02 and Tor Browser version 6.5.1 suffer from a denial of service vulnerability.
f0e5b537ef26ae911e34540be077e56bc1b0d16a55ab119f95a081e6a4574c9c
Ubuntu Security Notice 3275-2 - USN-3275-1 fixed vulnerabilities in OpenJDK 8. This update provides the corresponding updates for OpenJDK 7. It was discovered that OpenJDK improperly re-used cached NTLM connections in some situations. A remote attacker could possibly use this to cause a Java application to perform actions with the credentials of a different user. Various other issues were also addressed.
4f21667f05e9140f4f1c8350046f6031922bc511769015c43e35d6c0ce3b2c5c
Red Hat Security Advisory 2017-1232-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: A race condition flaw was found in the N_HLDC Linux kernel driver when accessing n_hdlc.tbuf list that can lead to double free. A local, unprivileged user able to set the HDLC line discipline on the tty device could use this flaw to increase their privileges on the system.
5320ffedef283ff1f76aecce917fe67e21a02ba281439a96af56abccb5937cff
Red Hat Security Advisory 2017-1233-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: A race condition flaw was found in the N_HLDC Linux kernel driver when accessing n_hdlc.tbuf list that can lead to double free. A local, unprivileged user able to set the HDLC line discipline on the tty device could use this flaw to increase their privileges on the system.
aa5c908b13897fd2c9c4cf722fa84fe657869cd1437682227963a27f534ffa96
Ubuntu Security Notice 3272-2 - USN-3272-1 fixed vulnerabilities in Ghostscript. This change introduced a regression when the DELAYBIND feature is used with the eqproc command. This update fixes the problem. It was discovered that Ghostscript improperly handled parameters to the rsdparams and eqproc commands. An attacker could use these to craft a malicious document that could disable -dSAFER protections, thereby allowing the execution of arbitrary code, or cause a denial of service. Various other issues were also addressed.
89c2956bcc647b7f0010cbff3cb81eb6291d199296a26e5a2dd4b1eacc632b49
Ubuntu Security Notice 3289-1 - Li Qiang discovered that QEMU incorrectly handled VirtFS directory sharing. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. Jiangxin discovered that QEMU incorrectly handled the Cirrus VGA device. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. Li Qiang and Jiangxin discovered that QEMU incorrectly handled the Cirrus VGA device when being used with a VNC connection. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code on the host. In the default installation, when QEMU is used with libvirt, attackers would be isolated by the libvirt AppArmor profile. Various other issues were also addressed.
dde5185a850c3ac4a506f63cc22dbe863cf22505aee84dd81835562d4980c02a
HP ERK-321A is a wireless desktop set consisting of a mouse and a keyboard.
397d0a3e42b49ff649457998978949155ade071f9d5b96485fc2ed32dcb78d1b
Apple Security Advisory 2017-05-15-7 - Safari 10.1.1 is now available and addresses denial of service, spoofing, code execution, and various other vulnerabilities.
f184953a7037280d7e4e373cfd587685f3e1437bdc9f7b89a0745d9c829ee388
Apple Security Advisory 2017-05-15-6 - iTunes 12.6.1 is now available and addresses memory corruption issues.
15175fee8a41ad4cab3937c3fca580d717aedde85bec2691e3a21ba00c8dd8ef
Ubuntu Security Notice 3288-1 - It was discovered that libytnef incorrectly handled malformed TNEF streams. If a user were tricked into opening a specially crafted TNEF attachment, an attacker could cause a denial of service or possibly execute arbitrary code.
0bd4647cbf3608a8faab43b87222895eed8cee87221307f7e8b473c98e823c9f
Apple Security Advisory 2017-05-15-5 - iCloud for Windows 6.2.1 is now available and addresses memory corruption issues.
1050246e681450942693f3382f1b2ecf40b18c05b1a5676f21f38239abba21f6
Apple Security Advisory 2017-05-15-4 - watchOS 3.2.1 is now available and addresses memory corruption, code execution, and various other vulnerabilities.
cf0bfa4226002838972ba9c0e3f6481f00d38377970bfca121c3f6a42cc11d2a
Apple Security Advisory 2017-05-15-3 - tvOS 10.2.1 is now available and addresses memory corruption, code execution, and various other vulnerabilities.
779674addaa1654d40d2e4065c9f2ddff94260c3da33d4a8ac031a2f79f2f303
Apple Security Advisory 2017-05-15-2 - iOS 10.3.2 is now available and addresses memory corruption, code execution, and various other vulnerabilities.
f5820ea52b00fc116734e8b0de08fa5acad42cef92c5e3010010e8bff44f5cea
Secunia Research has discovered a vulnerability in FLAC, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error in the "read_metadata_vorbiscomment_()" function (stream_decoder.c), which can be exploited to cause a memory leak via a specially crafted FLAC file. The vulnerability is confirmed in version 1.3.2. Other versions may also be affected.
d03ed41c1a85fa12e6800c764a04ca3563c34ca3fa216a796399c5524c580f65
LibRaw version 0.18.1 suffers from a parse_tiff_ifd() memory corruption vulnerability.
8f498d873a6b8b8c276e753027950cf8851c888b2c1ac2b4664ef5afe3b545a7
Ubuntu Security Notice 3286-1 - Sebastian Krahmer discovered that the KDE-Libs Kauth component incorrectly checked services invoking D-Bus. A local attacker could use this issue to gain root privileges.
03634ccbfa798acc61ee8d677328fe1fb99e3ebe3ef1b6c3b445f79614923931
Debian Linux Security Advisory 3853-1 - It was discovered that bitlbee, an IRC to other chat networks gateway, contained issues that allowed a remote attacker to cause a denial of service (via application crash), or potentially execute arbitrary commands.
0ae2e756d359a8f85cd211d2cdafd6d770efd1a4c760cdf700690643e939498b
Ubuntu Security Notice 3287-1 - Timo Schmid discovered that the Git restricted shell incorrectly filtered allowed commands. A remote attacker could possibly use this issue to run an interactive pager and access sensitive information.
cdf148f00c10d4f5548f08bb4b5ceaa61ba376f7096316241c0b5a359617d8ce
Apple Security Advisory 2017-05-15-1 - macOS 10.12.5 is now available and addresses certificate validation, privilege escalation, and various other vulnerabilities.
c8e7fabadfea08c552a96a322996223bd75739ad1b76b9e5498a79914d41c38a
HPE Security Bulletin HPESBHF03745 1 - Potential security vulnerabilities have been identified in HPE Intelligent Management Center (iMC) PLAT. The vulnerabilities could be exploited remotely to allow execution of code. Revision 1 of this advisory.
0646540abc5b9cb35be636b8edae10d681619ef40750475d661504a25f0e469a
Various Mimosa products suffer from denial of service, information leakage, code execution, and file disclosure vulnerabilities.
7a6b33948781fb136bf41b92bc58cc0a1e46942a8f3b19bcf9a9eab576873d05
Red Hat Security Advisory 2017-1230-01 - The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fix: It was found that ghostscript did not properly validate the parameters passed to the .rsdparams and .eqproc functions. During its execution, a specially crafted PostScript document could execute code in the context of the ghostscript process, bypassing the -dSAFER protection.
b65e6e58ed27babdee15105ea19a10437baad7a98432bf586ba47d5a3562cd81