Red Hat Security Advisory 2017-2832-01 - Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Security Fix: A use-after-free flaw was found in the TLS 1.2 implementation in the NSS library when client authentication was used. A malicious client could use this flaw to cause an application compiled against NSS to crash or, potentially, execute arbitrary code with the permission of the user running the application.
f6d25e475ba88f963fde6ff80256abf19259f2246d2704c39da7cb1f4cbe6ece
Red Hat Security Advisory 2017-2831-01 - Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 52.4.0 ESR. Security Fix: Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox.
f890e6d4a2503e3c55f1573641340308744535c5bcaee7b7230a65dd9586e88c
Red Hat Security Advisory 2017-2818-01 - In accordance with the Red Hat Virtualization 3.x Support Life Cycle Policy, support will end on September 30, 2017. Red Hat will not provide extended support for the Red Hat Virtualization Manager and Red Hat Virtualization Host. Customers are requested to migrate to the newer Red Hat Virtualization product prior to the end of the life cycle for Red Hat Virtualization 3.x. After September 30, 2017, technical support through Red Hatas Global Support Services will no longer be provided, other than assisting in upgrades. We encourage customers to plan their migration from Red Hat Virtualization 3.x to the latest version of Red Hat Virtualization. Please contact your Red Hat account representative if you have questions and/or concerns on this matter.
c8ac9668781707c88654fb8b7ba988adc3f1702f87b57c04ccfad1dec5d0d034
HPE Security Bulletin HPESBGN03773 2 - A potential security vulnerability has been identified in Application Performance Management (BSM) Platform. The vulnerability could be remotely exploited to allow code execution. Revision 2 of this advisory.
b9537e8d57a0d231e698e3b91604a181835b850d18eb806d57883a364fa1ef95
SAP Enterprise Portal versions 7.50 and below suffer from a cross site scripting vulnerability.
4503b81eaafa421596f9ee7c02f6584b28692f5ce5d6d382856e0da15b47ab1b
A Linux PIE/stack corruption vulnerability exists. Most notably, all versions of CentOS 7 before 1708 (released on September 13, 2017), all versions of Red Hat Enterprise Linux 7 before 7.4 (released on August 1, 2017), and all versions of CentOS 6 and Red Hat Enterprise Linux 6 are exploitable.
e629fc1437f3afd0ad4608b004f8c31a78825d7d031176a742308b19fc02b46d
Debian Linux Security Advisory 3984-1 - joernchen discovered that the git-cvsserver subcommand of Git, a distributed version control system, suffers from a shell command injection vulnerability due to unsafe use of the Perl backtick operator. The git-cvsserver subcommand is reachable from the git-shell subcommand even if CVS support has not been configured (however, the git-cvs package needs to be installed).
45c5b391bc95f3cc52114ee4a0b69f4f29bc0b3cde6352f0143c59740c21e65f
EMC AppSync host plug-in on Windows platform includes a denial of service (DoS) vulnerability that could potentially be exploited by malicious users to compromise the affected system. Versions 3.5 and below are affected.
7ebe2b6f0ac9b5e9121b9f4b3b3575a777b179ff319af54ce97240772f5fcfcb
ECS versions prior to 3.1 contain an undocumented account (emcservice) that is protected with a default password. This user account is intended for use by customer support representatives to troubleshoot ECS configuration issues. A remote malicious user with the knowledge of the default password could potentially login to compromise the affected system.
25337f0cf2611f718c36d835f6039844f57b35756a5bcdf2fb0cbd23997d38db
Apple Security Advisory 2017-09-25-9 - macOS Server 5.4 is now available and addresses multiple vulnerabilities in FreeRADIUS.
55e8bc0b8dac96f5d4ea0c8772595685f930c0aabdaf38ed83e4aefe2c18f431
Apple Security Advisory 2017-09-25-8 - iTunes 12.7 for Windows addresses code execution, memory corruption, and various other vulnerabilities.
844525a770503a5f08fcf669cfae57d133eac33ea6b77faf7a8364c493185997
Apple Security Advisory 2017-09-25-7 - iTunes 12.7 addresses a backup disclosure vulnerability.
7f4987f9069c845d48314bb01725d3c4c9f6bb37294502738cde72a273a6d822
Apple Security Advisory 2017-09-25-6 - tvOS 11 addresses denial of service, code execution, and various other vulnerabilities.
53eb4a2acf7b564fb6f43daa73fe1c337e985950b8484de9a126198169c002c6
Apple Security Advisory 2017-09-25-5 - watchOS 4 addresses denial of service, memory corruption, and various other vulnerabilities.
d5a111413d289178bede9544ded91507b5c752cecc04b196f9d4d463c663aab9
Apple Security Advisory 2017-09-25-4 - iOS 11 addresses denial of service, service impersonation, and various other vulnerabilities.
63d7ee9aed6f2dbe84b1bde7894ca17abe7eb97f4cfd69dcb8570468e235d4a4
Apple Security Advisory 2017-09-25-3 - Safari 11 addresses address bar spoofing, code execution, and various other vulnerabilities.
b42508f43e48cdb9c1330f8c1a56d05183154dfbc70bdf83c126097950d887de
Apple Security Advisory 2017-09-25-2 - iCloud for Windows 7 is now available and addresses memory corruption, arbitrary code execution, and various other vulnerabilities.
65aaa5944b9609f7a1730e416108280016984c29dded803ab627f79f44c58986
Apple Security Advisory 2017-09-25-1 - macOS High Sierra 10.13 is now available and addresses denial of service, insecure transit, and various other vulnerabilities.
56a33c5e5ed39ad993bf22ead073e39949c0c55274f11b40248081e1873fc193
Broadcom suffers from denial of service and out-of-bounds read vulnerabilities in TCP KeepAlive Offloading.
0fd01faa7f991415a9981c3f63751b39f36aaeb1dec6b946eaed0cb7adfa715f
Bitdefender Total Security 2017 suffers from an unquoted service path vulnerability.
2826282b80d6d3b6a1814dd14a44b77fa18de68ea4d071a11564a8c58e249c79
Red Hat Security Advisory 2017-2795-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: A flaw was found in the way the Linux kernel loaded ELF executables. Provided that an application was built as Position Independent Executable, the loader could allow part of that application's data segment to map over the memory area reserved for its stack, potentially resulting in memory corruption. An unprivileged local user with access to SUID PIE binary could use this flaw to escalate their privileges on the system.
934a940dab30a592a02e07455e3094183299356243b334ef95ac79e84914895a
Red Hat Security Advisory 2017-2802-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: A flaw was found in the way the Linux kernel loaded ELF executables. Provided that an application was built as Position Independent Executable, the loader could allow part of that application's data segment to map over the memory area reserved for its stack, potentially resulting in memory corruption. An unprivileged local user with access to SUID PIE binary could use this flaw to escalate their privileges on the system.
bfd0689a6c80bfdd023af7ba1544e909bd3742cffc39037e70d4907f9e378ac9
Red Hat Security Advisory 2017-2809-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release of Red Hat JBoss Enterprise Application Platform 7.0.8 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.0.7, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix: It was found that when using remote logging with log4j socket server the log4j server would deserialize any log event received via TCP or UDP. An attacker could use this flaw to send a specially crafted log event that, during deserialization, would execute arbitrary code in the context of the logger application.
2cd12b03d2f33b5eca8602b894a216c2a22849b1ada1361fa1119aa29110e876
Red Hat Security Advisory 2017-2811-01 - The eap7-jboss-ec2-eap packages provide scripts for Red Hat JBoss Enterprise Application Platform running on the Amazon Web Services Elastic Compute Cloud. With this update, the eap7-jboss-ec2-eap package has been updated to ensure compatibility with Red Hat JBoss Enterprise Application Platform 7.0.8.
4625335874434e605c89b642c9228227df29e49da115ed2ae5344ae66dd9f48c
Red Hat Security Advisory 2017-2808-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release of Red Hat JBoss Enterprise Application Platform 7.0.8 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.0.7, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix: It was found that when using remote logging with log4j socket server the log4j server would deserialize any log event received via TCP or UDP. An attacker could use this flaw to send a specially crafted log event that, during deserialization, would execute arbitrary code in the context of the logger application.
f6590a11f2604542166e3cc7b6db6117e23303732c6aef136befc45deb5384eb