Debian Linux Security Advisory 4122-1 - Several vulnerabilities have been discovered in Squid3, a fully featured web proxy cache.
413a77af9890c71c08bf0762f9364b899f3ba82b45ae04876760d0ea2af27ee3
Micro Focus Security Bulletin MFSBGN03798 1 - A potential security vulnerability has been identified in Micro Focus Universal CMDB. The vulnerability could be remotely exploited to allow Arbitrary Code Execution. Revision 1 of this advisory.
ef656714eb766f4da9920fcb4a9bd2827d80e3782688917d45e50599af3aa1fc
Debian Linux Security Advisory 4120-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.
a3ad2e617997e88d89ce295b5ac578ee9ff2374ed457833cbc29838bab220a36
Ubuntu Security Notice 3578-1 - It was discovered that WavPack incorrectly handled certain DSDIFF files. An attacker could possibly use this to execute arbitrary code or cause a denial of service. It was discovered that WavPack incorrectly handled certain CAF files. An attacker could possibly use this to cause a denial of service.
fb13b38146725c5c5fd257cc3e8744b5c27c09e4a580a2bb1eb8ac425bf50e20
Debian Linux Security Advisory 4121-1 - This update doesn't fix a vulnerability in GCC itself, but instead provides support for building retpoline-enabled Linux kernel updates.
3bbb62982b5848237a966c9a6da4fbdf339539dd7c8d552a64ee86eac064387a
Ubuntu Security Notice 3582-2 - USN-3582-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. Mohamed Ghannam discovered that the IPv4 raw socket implementation in the Linux kernel contained a race condition leading to uninitialized pointer usage. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
daa9be69cc0ac61cf74de6fe2e6ae8532732593d73b9cc8f758d6d65ec8f7b0f
Ubuntu Security Notice 3582-1 - Mohamed Ghannam discovered that the IPv4 raw socket implementation in the Linux kernel contained a race condition leading to uninitialized pointer usage. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Laurent Guerby discovered that the mbcache feature in the ext2 and ext4 filesystems in the Linux kernel improperly handled xattr block caching. A local attacker could use this to cause a denial of service. Various other issues were also addressed.
c5c51d5b650dde114c7cbd8f0482d085b4d9cee329060fb6a96e4903ef4497ab
Ubuntu Security Notice 3581-2 - USN-3581-1 fixed vulnerabilities in the Linux kernel for Ubuntu 17.10. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 17.10 for Ubuntu 16.04 LTS. Mohamed Ghannam discovered that the IPv4 raw socket implementation in the Linux kernel contained a race condition leading to uninitialized pointer usage. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
09b282ea0a79f98a93d584876e7479d8f059a39e4d821c376c122b737b1ab335
Ubuntu Security Notice 3581-1 - Mohamed Ghannam discovered that the IPv4 raw socket implementation in the Linux kernel contained a race condition leading to uninitialized pointer usage. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. ChunYu Wang discovered that a use-after-free vulnerability existed in the SCTP protocol implementation in the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code, Various other issues were also addressed.
72190ac8eaccc600ec27952b41a18832d109cc859d108ebfc84e36135c4a891f
The 64-bit Windows kernel suffers from a stack memory disclosure vulnerability in win32k!fnHkINLPMSLLHOOKSTRUCT (via user-mode callback).
39ed1a553dc5ba7854bda24d96724a606df94f6824a594b2c558d95999b97f8b
The 64-bit Windows kernel suffers from a stack memory disclosure vulnerability in win32k!SfnINLPHELPINFOSTRUCT (via user-mode callback).
9db2b6a2f72313734343e3ae0ca5ed65c710e29ce3e096990cacc40fef35204e
The 64-bit Windows kernel suffers from a stack memory disclosure vulnerability in win32k!fnHkINLPMOUSEHOOKSTRUCTEX (via user-mode callback).
9dc16fe0d908112819abe13e59b6af859aefcf4bc80c0dab0b2d415048277088
The 64-bit Windows kernel suffers from a pool memory disclosure vulnerability in win32k!SfnINOUTLPWINDOWPOS (via user-mode callback).
1eed7b00222e29c978acb68fc8864908886b54f016ea6b4c09c3f1a9b30a0409
The Windows Kernel suffers from double fetches in win32kfull!xxxImeWindowPosChanged and win32kfull!InternalRebuildHwndListForIMEClass.
04bd702a96710210ed2281a1b45d1698d4d195df575dc55bd9e354d475aaef45
Asterisk Project Security Advisory - By crafting an SDP message with an invalid media format description Asterisk crashes when using the pjsip channel driver because pjproject's sdp parsing algorithm fails to catch the invalid media format description. The severity of this vulnerability is lessened since an endpoint must be authenticated prior to reaching the crash point, or it's configured with no authentication.
891c0434dd5c6146ed9c01205891569b4cbbd6cb0ddddb9c96165c020a8fe6ab
Asterisk Project Security Advisory - The RTP support in Asterisk maintains its own registry of dynamic codecs and desired payload numbers. While an SDP negotiation may result in a codec using a different payload number these desired ones are still stored internally. When an RTP packet was received this registry would be consulted if the payload number was not found in the negotiated SDP. This registry was incorrectly consulted for all packets, even those which are dynamic. If the payload number resulted in a codec of a different type than the RTP stream (for example the payload number resulted in a video codec but the stream carried audio) a crash could occur if no stream of that type had been negotiated. This was due to the code incorrectly assuming that a stream of the type would always exist.
7deda55a35acebe5f67e42485b2042572f1941ee107a31867433c7a487a737c0
Red Hat Security Advisory 2018-0342-01 - The jackson-databind package provides general data-binding functionality for Jackson, which works on top of Jackson core streaming API. Security Fix: A deserialization flaw was discovered in the jackson-databind which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. Further classes that an attacker could use to achieve code execution through deserialisation were discovered, and added to the blacklist introduced by CVE-2017-7525.
6c43e18a6120401c278a1c45ec616eece4dffcb52a0c05c541f3dcf91ad4be85
Ubuntu Security Notice 3580-1 - Jann Horn discovered that microprocessors utilizing speculative execution and branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Spectre. A local attacker could use this to expose sensitive information, including kernel memory.
5d5bf13f4bcbf073969de1f6ab2375fb2aa4970f1b1bea71c6df9d31307cca91
Ubuntu Security Notice 3579-1 - It was discovered that =WEBSERVICE calls in a document could be used to read arbitrary files. If a user were tricked in to opening a specially crafted document, a remote attacker could exploit this to obtain sensitive information.
f3872a1250abd74adc97da1e6a1fc8ace6d7d684e70810c2736f77ead5aba063
miSafes Mi-Cam remote video monitors suffer from broken session management, insecure direct object reference, password handling issues, and various other vulnerabilities.
75ef1d97e2a643cdb4ef6b7947420b6565944cb108220c9441f7b1a25a110dff
PureVPN versions 5.19.4.0 and below suffer from a privilege escalation vulnerability.
f01935ae5539d9a66d7d09ee0ec64486230558bc46f1e918ef59cf2148cdaa26
Red Hat Security Advisory 2018-0336-01 - Red Hat Satellite is a systems management tool for Linux-based infrastructure. It allows for provisioning, remote management, and monitoring of multiple Linux deployments with a single centralized tool. This update provides Satellite 6.3 packages for Red Hat Enterprise Linux 7 Satellite server. For the full list of new features provided by Satellite 6.3, see the Release Notes linked to in the references section. See the Satellite 6 Installation Guide for detailed instructions on how to install a new Satellite 6.3 environment, or the Satellite 6 Upgrading and Updating guide for detailed instructions on how to upgrade from prior versions of Satellite 6.
f33fdbb9f17a9910f6bb8747cd69b73e5a65222f0d44324a839bac58722b9798
Ubuntu Security Notice 3577-1 - Jann Horn discovered that CUPS permitted HTTP requests with the Host header set to "localhost.localdomain" from the loopback interface. If a user were tricked in to opening a specially crafted website in their web browser, an attacker could potentially exploit this to obtain sensitive information or control printers, via a DNS rebinding attack.
df2c2a365476e5ab3300528c58be0fd9fc0ebd53e18d182bb67578d8076a5932
Red Hat Security Advisory 2018-0334-01 - Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 64.0.3282.167. Security Fix: chromium-browser: incorrect derived class instantiation in v8.
5055cae290c2dd58f5f325a276f0e772eb32720d091ad7ef5ce1b5d737448872
Ubuntu Security Notice 3576-1 - Vivian Zhang and Christoph Anton Mitterer discovered that libvirt incorrectly disabled password authentication when the VNC password was set to an empty string. A remote attacker could possibly use this issue to bypass authentication, contrary to expectations. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. Daniel P. Berrange discovered that libvirt incorrectly handled validating SSL/TLS certificates. A remote attacker could possibly use this issue to obtain sensitive information. This issue only affected Ubuntu 17.10. Various other issues were also addressed.
90c6d4cdd362e55904c6d76f4118ef039e8e85b0aab04a6669ee178da97eb658