Ubuntu Security Notice 3458-2 - USN-3458-1 fixed a vulnerability in ICU. This update provides the corresponding update for Ubuntu 12.04 ESM. A It was discovered that ICU incorrectly handled certain inputs. If an A application using ICU processed crafted data, a remote attacker could A possibly cause it to crash or potentially execute arbitrary code with A the privileges of the user invoking the program. Various other issues were also addressed.
e5f20afd7d7e0e8d8e517e0c5504d5f49f164f954343b98e97920f4233af7766Ubuntu Security Notice 3461-1 - It was discovered that the NVIDIA graphics drivers contained flaws in the kernel mode layer. A local attacker could use these issues to cause a denial of service or potentially escalate their privileges on the system.
663258a4aea245e2accd9a76c115a3fbe688ebb2ab8f368a1d2605cf04ace536Ubuntu Security Notice 3458-1 - It was discovered that ICU incorrectly handled certain inputs. If an application using ICU processed crafted data, a remote attacker could possibly cause it to crash or potentially execute arbitrary code with the privileges of the user invoking the program.
274a8461ed742fcb98d0a61c06e1852430fc7a0eb87b93f78e51758031e7048aUbuntu Security Notice 3460-1 - A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.
384ba8dedaf6420ae5558b7f6d647f6c22ec2ef1adbb37214209079c32ac2906Gentoo Linux Security Advisory 201710-27 - Multiple vulnerabilities have been found in Dnsmasq, the worst of which may allow remote attackers to execute arbitrary code. Versions less than 2.78 are affected.
38689f62169ad9727d20db758cda09ebd860a0cf445ff581a92ce63c5f6b096aGentoo Linux Security Advisory 201710-26 - Multiple vulnerabilities have been found in OpenJPEG, the worst of which may allow remote attackers to execute arbitrary code. Versions less than 2.3.0:2 are affected.
869f6c6e091d19293a71cba637355cc94a93b938d26ef5543bfaaf688f1098edGentoo Linux Security Advisory 201710-25 - Multiple vulnerabilities have been found in the PCRE Library, the worst of which may allow remote attackers to cause a Denial of Service condition. Versions less than 8.41 are affected.
2193225aa04df440a7b00f39ed529a699177212702436597ca09649b8e8a3b5dRed Hat Security Advisory 2017-3002-01 - Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices. The following packages have been upgraded to a later upstream version: rh-nodejs4-nodejs. Security Fix: It was found that Node.js was using a non-randomized seed when populating hash tables. An attacker, able to supply a large number of inputs, could send specially crafted entries to the Node.js application, maximizing hash collisions to trigger an excessive amount of CPU usage, resulting in a denial of service.
b7c8154b1f5237a078676a57b89ad1b4f6366494158e4a90b9f5691fbdad6562Red Hat Security Advisory 2017-2999-01 - Oracle Java SE version 8 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update upgrades Oracle Java SE 8 to version 8 Update 151. Security Fix: This update fixes multiple vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit.
5a4ce654a7f1a56a3e0c28d38c35a7bd07a67e4a9e13e00e1109d326f55215e6Gentoo Linux Security Advisory 201710-24 - Multiple vulnerabilities have been found in Chromium and Google Chrome, the worst of which could result in the execution of arbitrary code. Versions less than 62.0.3202.62 are affected.
a3f601b3c1424c220b0f15954ed5a1dea8576ebb6231a9b661bad5f2fb60ea2dGentoo Linux Security Advisory 201710-23 - Multiple vulnerabilities have been found in Go, the worst of which may result in the execution of arbitrary commands. Versions less than 1.9.1 are affected.
bf94b265f8846c16e26ea3dc339c3f0268d4a939482de4292f29ffc877facaceGentoo Linux Security Advisory 201710-22 - A vulnerability in Adobe Flash Player might allow remote attackers to execute arbitrary code. Versions less than 27.0.0.170 are affected.
dc65b829c89803538e09910cafc7de0940c865803aba55f2c2c947582b61ed06Ubuntu Security Notice 3459-1 - Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.5.58 in Ubuntu 14.04 LTS. Ubuntu 16.04 LTS, Ubuntu 17.04 and Ubuntu 17.10 have been updated to MySQL 5.7.20. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Various other issues were also addressed.
60e04cc4314d1e6802ea9de37fddc302419ea27711619e9ac828c586652f347fUbuntu Security Notice 3457-1 - Brian Carpenter discovered that curl incorrectly handled IMAP FETCH response lines. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code.
1b115a38c70e2d18635e3fe9217eb65e896a4c7c70caa393bd607a28352ff906Gentoo Linux Security Advisory 201710-21 - An integer overflow vulnerability in Kodi could result in remote execution of arbitrary code. Versions less than 17.3-r1 are affected.
84bfb4ee2a2a384556e350a2a66a5e47192c14f3b6f8ead872a09962a4d84543Red Hat Security Advisory 2017-2998-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix: Multiple flaws were discovered in the RMI and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to completely bypass Java sandbox restrictions. It was discovered that the Kerberos client implementation in the Libraries component of OpenJDK used the sname field from the plain text part rather than encrypted part of the KDC reply message. A man-in-the-middle attacker could possibly use this flaw to impersonate Kerberos services to Java applications acting as Kerberos clients.
a337858a09a369e61815370528ea0d53e9969dac321888bb5e09ec6b4b74c965Red Hat Security Advisory 2017-2997-01 - Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 62.0.3202.62. Security Fix: Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information when visited by the victim.
fc22ff81f7f5826e9ef487dc00d5dd07e8b39802cf85aaee383913881fef2261Debian Linux Security Advisory 4003-1 - Daniel P. Berrange reported that Libvirt, a virtualisation abstraction library, does not properly handle the default_tls_x509_verify (and related) parameters in qemu.conf when setting up TLS clients and servers in QEMU, resulting in TLS clients for character devices and disk devices having verification turned off and ignoring any errors while validating the server certificate.
47dab0a633f9c9c0444db6888c21643f68245d42df4f35f7137e9f48d551ead4Debian Linux Security Advisory 4002-1 - Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to the new upstream version 5.5.58, which includes additional changes, such as performance improvements, bug fixes, new features, and possibly incompatible changes. Please see the MySQL 5.5 Release Notes and Oracle's Critical Patch Update advisory for further details.
68f93aef09af0e6ae943b84a23a35ea8bf29c4a41f71b94e5cb287c8eddc7bfcRed Hat Security Advisory 2017-2972-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix: A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker could possibly use this flaw to disclose portions of the server memory, or cause httpd child process to crash.
1bb7f14dc38e7efb59e73e1b2a5be0d059ff2a638fedd58aad932318b621c676Red Hat Security Advisory 2017-2966-01 - Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically. The ansible packages have been upgraded to upstream version 2.4.0, which provides a number of bug fixes and enhancements over the previous version. For more information, please see the Ansible 2.4 Porting Guide linked in the References section.
68290a71cdbb333d9bb56d5b4af7b47ddb2d9dbf14502dfd54519c8693d0cbd5Red Hat Security Advisory 2017-2931-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix: Out-of-bounds kernel heap access vulnerability was found in xfrm, kernel's IP framework for transforming packets. An error dealing with netlink messages from an unprivileged user leads to arbitrary read/write and privilege escalation. A race condition issue leading to a use-after-free flaw was found in the way the raw packet sockets are implemented in the Linux kernel networking subsystem handling synchronization. A local user able to open a raw packet socket could use this flaw to elevate their privileges on the system.
edba1cdf75883b0afd4147a1b9b0f8c787387b79a168379d1cee80de73ebe1eaRed Hat Security Advisory 2017-2930-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: Out-of-bounds kernel heap access vulnerability was found in xfrm, kernel's IP framework for transforming packets. An error dealing with netlink messages from an unprivileged user leads to arbitrary read/write and privilege escalation. A race condition issue leading to a use-after-free flaw was found in the way the raw packet sockets are implemented in the Linux kernel networking subsystem handling synchronization. A local user able to open a raw packet socket could use this flaw to elevate their privileges on the system.
e290a5f1dc4b6935b2c09d9c88039750f701a314dff84bdf0a026e7c338e354dBMC Remedy suffers from log hijacking, code execution, cross site scripting, local/remote file inclusion, and various other vulnerabilities.
c6fa562818b1352c2a735852ad1c1476e144b6d0764d20ad7b71978fa845f0deFreeBSD Security Advisory - A vulnerability was found in how a number of implementations can be triggered to reconfigure WPA/WPA2/RSN keys (TK, GTK, or IGTK) by replaying a specific frame that is used to manage the keys. Such reinstallation of the encryption key can result in two different types of vulnerabilities: disabling replay protection and significantly reducing the security of encryption to the point of allowing frames to be decrypted or some parts of the keys to be determined by an attacker depending on which cipher is used.
8e8f49d170cd1b8f44a0c2998b6751ff57fcd2197169fa4e32976845bd0eaf80
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed