Red Hat Security Advisory 2017-2918-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix: Out-of-bounds kernel heap access vulnerability was found in xfrm, kernel's IP framework for transforming packets. An error dealing with netlink messages from an unprivileged user leads to arbitrary read/write and privilege escalation. A race condition issue leading to a use-after-free flaw was found in the way the raw packet sockets are implemented in the Linux kernel networking subsystem handling synchronization. A local user able to open a raw packet socket could use this flaw to elevate their privileges on the system.
668de5ec7c2ffb14d70f655cc1fae90c9916874f80e9a59e8ec1cecdaf1fa43bWebKitGTK+ has had numerous security vulnerabilities addressed including arbitrary code execution, memory corruption, cookie theft, and various other issues.
3a18e3f692c17224ea98fd036f7468cb2c7bfb6852fc969ed1c8f78cbe39dd1dSlackware Security Advisory - New xorg-server packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.
00701a59a7ccfacff5f0b7c265dffab9bcd8df28608126b39ede7a33588c1267Slackware Security Advisory - New wpa_supplicant packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.
f7c456a7cfe81d5c9734a699a0a652dab3b12565a843c373d120f438a762b7deSlackware Security Advisory - New libXres packages are available for Slackware 14.1, 14.2, and -current to fix a security issue.
ba4dee4196f1fd0039a52c066dad8f5928def70d4e1cdb78f9f3eece879723ccRed Hat Security Advisory 2017-2913-01 - Tough-Cookie is a Node.js module that offers RFC6265 Cookies and Cookie Jar. The following packages have been upgraded to a later upstream version: rh-nodejs6-nodejs-tough-cookie. Security Fix: A regular expression denial of service flaw was found in Tough-Cookie. An attacker able to make an application using Touch-Cookie to parse a sufficiently large HTTP request Cookie header could cause the application to consume an excessive amount of CPU.
207c9f5b3bfa8096b0ad3099446383171cdc1c188392fa25bf0c7d8733b6f491Red Hat Security Advisory 2017-2912-01 - Tough-Cookie is a Node.js module that offers RFC6265 Cookies and Cookie Jar. The following packages have been upgraded to a later upstream version: rh-nodejs4-nodejs-tough-cookie. Security Fix: Regular expression denial of service flaws were found in Tough-Cookie. An attacker able to make an application using Touch-Cookie to parse a sufficiently large HTTP request Cookie header could cause the application to consume an excessive amount of CPU.
15d05375027e414524dfcc71c88c277757bdd2644e884d5051db86ec3f021974Red Hat Security Advisory 2017-2911-01 - The wpa_supplicant packages contain an 802.1X Supplicant with support for WEP, WPA, WPA2, and various EAP authentication methods. They implement key negotiation with a WPA Authenticator for client stations and controls the roaming and IEEE 802.11 authentication and association of the WLAN driver. Security Fix: A new exploitation technique called key reinstallation attacks affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit these attacks to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by manipulating cryptographic handshakes used by the WPA2 protocol.
ddcbb28cce8084e45243003d804c9765d7684845b992495ebc4aa25bdd7ef4afThis Microsoft bulletin summary lists a CVE that has undergone a major revision increment.
1b927278ff93e0ef884d0b2ecb9b3c9214f1647b82ce8f6a2c763f4196246afdGentoo Linux Security Advisory 201710-20 - Multiple vulnerabilities have been found in Nagios, the worst of which could lead to the remote execution of arbitrary code. Versions prior to 4.3.3 are affected.
71bbb60aa3362e4c8f4445ea29cd272ea687230997e48f4eb582bacc56ad6176Red Hat Security Advisory 2017-2908-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: rh-nodejs6-nodejs. Security Fix: It was found that Node.js was using a non-randomized seed when populating hash tables. An attacker, able to supply a large number of inputs, could send specially crafted entries to the Node.js application, maximizing hash collisions to trigger an excessive amount of CPU usage, resulting in a denial of service.
7969868d6d3e4cc32a9f6308dce75909322aa2c3b6f3723586b11a881f1a97e3Gentoo Linux Security Advisory 201710-19 - Multiple vulnerabilities have been found in libarchive, the worst of which could lead to a Denial of Service condition. Versions less than 3.3.0 are affected.
86fc0bec8e78681d6cf24948e8a4e2bb9e6f7b75e57aa12b7a41791b482d4e27Red Hat Security Advisory 2017-2905-01 - Red Hat Single Sign-On is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.1.3 serves as a replacement for Red Hat Single Sign-On 7.1.2, and includes several bug fixes and enhancements. For further information, refer to the Release Notes linked to in the References section. Multiple security issues have been addressed.
d7e1b54ddf358b368323a0d855bf2e5186841d7534eca072f35a8d897659fdfdGentoo Linux Security Advisory 201710-18 - Multiple vulnerabilities have been found in Ruby, the worst of which could lead to the remote execution of arbitrary code. Versions less than 2.2.8 are affected.
74182e2fa1de3051fe5a5e387c1c4a43e8c3561f268eef142677191cc11c3c11Red Hat Security Advisory 2017-2907-01 - The wpa_supplicant packages contain an 802.1X Supplicant with support for WEP, WPA, WPA2, and various EAP authentication methods. They implement key negotiation with a WPA Authenticator for client stations and controls the roaming and IEEE 802.11 authentication and association of the WLAN driver. Security Fix: A new exploitation technique called key reinstallation attacks affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit these attacks to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by manipulating cryptographic handshakes used by the WPA2 protocol.
c467a1c4f7cb51ed5062bdc517c2295e285cd5c495e37d543ae688167c35f501Gentoo Linux Security Advisory 201710-17 - Multiple vulnerabilities have been found in Xen, the worst of which may allow local attackers to escalate privileges. Versions less than 4.7.3 are affected.
9484e589a56881408d4c0766dd0c78bd8f82e19aea09b18a0919672dda99ea6bHPE Security Bulletin HPESBHF03789 2 - A potential security vulnerability has been identified in the "HP Trusted Platform Module 2.0 Option" kit. This optional kit is available for HPE Gen9 systems with firmware version 5.51. The vulnerability in TPM firmware 5.51 is that new mathematical methods exist such that RSA keys generated by the TPM 2.0 with firmware 5.51 are cryptographically weakened. This vulnerability could lead to local and remote unauthorized access to data. Revision 2 of this advisory.
acdb5759c51be71c692f1131460bb7021ed481bbd9c21ac6af091921bdd24b5eUbuntu Security Notice 3456-1 - It was discovered that the X.Org X server incorrectly handled certain lengths. An attacker able to connect to an X server, either locally or remotely, could use these issues to crash the server, or possibly execute arbitrary code.
ae7f1eae80900b7f7dfcf04b648d771c3b13b3d6314ba66e63f1427820c9d84bRed Hat Security Advisory 2017-2899-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update upgrades Flash Player to version 27.0.0.170. Security Fix: This update fixes one vulnerability in Adobe Flash Player. This vulnerability, detailed in the Adobe Security Bulletin listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to crash, execute arbitrary code, or disclose sensitive information when the victim loaded a page containing the malicious SWF content.
42c4b20574fd46cdec6e1151b9759e96c775095c6bb41183c21e4438ac3e1e90Red Hat Security Advisory 2017-2904-01 - Red Hat Single Sign-On is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.1.3 serves as a replacement for Red Hat Single Sign-On 7.1.2, and includes several bug fixes and enhancements. For further information, refer to the Release Notes linked to in the References section. Multiple security issues have been addressed.
5b20d3c47a867b021f89c414e2e15806585f337275ea0f6a5bd1d6adc8c38d66Interspire Email Marketer versions prior to 6.1.6 suffered from an administrative authentication bypass vulnerability.
63b12c183eef7d18a993e7da3f6e94fb295c8da79b37ec97a2295783aff97b9bRed Hat Security Advisory 2017-2906-01 - Red Hat Single Sign-On 7.1 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. The Node.js adapter provides a simple module for authentication and authorization in Node.js applications. This release of Red Hat Single Sign-On 7.1.3 serves as a replacement for Red Hat Single Sign-On 7.1.2, and includes several bug fixes and enhancements. For further information, refer to the Release Notes linked to in the References section.
d729e98f328dac94dc12ca2849872675e6350f226f0e2ac94427213f552718b6Ubuntu Security Notice 3455-1 - Mathy Vanhoef discovered that wpa_supplicant and hostapd incorrectly handled WPA2. A remote attacker could use this issue with using key reinstallation attacks to obtain sensitive information. Imre Rad discovered that wpa_supplicant and hostapd incorrectly handled invalid characters in passphrase parameters. A remote attacker could use this issue to cause a denial of service. Various other issues were also addressed.
5ea1473561df45ed73f31c70c3bec7ed067a0d030ebc28a43d266854cc54e8f7EMC Isilon OneFS suffers from a reflected cross site scripting vulnerability. Versions prior to 8.1.0.1, prior to 8.0.1.2, prior to 8.0.0.6, and 7.2.1.x are affected.
e4e7afbd444952c1a4a040ffa0abeb64181e5add2a1a0a92462825db33bfdd0aEMC NetWorker Server contains a buffer overflow vulnerability that could potentially be exploited by malicious users to compromise the affected system. Versions prior to 8.2.4.9, 9.0.x (all supported versions), prior to 9.1.1.3, and prior to 9.2.0.4 are affected.
369450dcc54bb4e682d177bc26e40df0e16897100df6e263e0947a432e6a9ef8
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed