Ubuntu Security Notice 3565-1 - Meh Chang discovered that Exim incorrectly handled memory in certain decoding operations. A remote attacker could use this issue to cause Exim to crash, resulting in a denial of service, or possibly execute arbitrary code.
af6290b7d81b5f37c8718f3ea211ac9f5fe0e3ba2706920599cde51286c5524bGentoo Linux Security Advisory 201802-1 - Multiple vulnerabilities have been found in VirtualBox, the worst of which could allow an attacker to take control of VirtualBox. Versions prior to 5.1.32 are affected.
3eff27ee3cb3fac8ed2fbe42a43b2e137e3f1e761b264492611f01f3ae88462aDebian Linux Security Advisory 4111-1 - Mikhail Klementev, Ronnie Goodrich and Andrew Krasichkov discovered that missing restrictions in the implementation of the WEBSERVICE function in LibreOffice could result in the disclosure of arbitrary files readable by the user who opens a malformed document.
875fb1d918df3b661e4db466d4345a2f702d542ff1100d9a149bf7bbf114f493Debian Linux Security Advisory 4110-1 - Meh Chang discovered a buffer overflow flaw in a utility function used in the SMTP listener of Exim, a mail transport agent. A remote attacker can take advantage of this flaw to cause a denial of service, or potentially the execution of arbitrary code via a specially crafted message.
177e2fda59e9e6ba3a12f1c8d564ad42a8ca0e3bef74df674862b69bd02f1f54Debian Linux Security Advisory 4109-1 - Lalith Rallabhandi discovered that OmniAuth, a Ruby library for implementing multi-provider authentication in web applications, mishandled and leaked sensitive information. An attacker with access to the callback environment, such as in the case of a crafted web application, can request authentication services from this module and access to the CSRF token.
e59f433e0256fcb085e31cbcbe55a04241623a2742f3d2f521b26f9b0dd390b5Ubuntu Security Notice 3564-1 - It was discovered that PostgreSQL incorrectly handled certain temp files. An attacker could possibly use this to access sensitive information.
8582d3bff62772a8c4a3e02107d9fa2f05fe789440ea9347b4b65ec83282c468Red Hat Security Advisory 2018-0292-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions. There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Note: This issue is present in hardware and cannot be fully fixed via software update. The updated kernel packages provide software mitigation for this hardware issue at a cost of potential performance penalty.
3ba7536b16c6918a15061bf1675150269a2b2ead9b1aae5bff49d61efc0bf261Debian Linux Security Advisory 4108-1 - Calum Hutton and the Mailman team discovered a cross site scripting and information leak vulnerability in the user options page. A remote attacker could use a crafted URL to steal cookie information or to fish for whether a user is subscribed to a list with a private roster.
9d35d5ad565bca8c1f75bbba0777b61cfc5cb238a65a157dc896ba52dd6acfffDebian Linux Security Advisory 4105-2 - A regression was detected in the previously issued fix for CVE-2018-6360. The patch released with DSA 4105-1 broke the feature of invoking mpv with raw YouTube ids. This update fixes this functionality issue.
e149e9c257505c1e884d8289d5b40537f299c12305def2f628b19cc3e5834d61Fisheye and Crucible suffer from a remote code execution vulnerability through OGNL double evaluation. Versions of Fisheye and Crucible before 4.4.5 (the fixed version for 4.4.x) and from 4.5.0 before 4.5.2 (the fixed version for 4.5.x) are affected by this vulnerability.
35ef4535e3daa3e68378bcdc040495f7a74cf8f45f2407bd08ca9a68199b42e0Formstack's outbound webhook implementation fails to not print the HMAC secretin every request.
64b04b21668f9971f5a41a9697cb62fefe5ba5895d2aa607900430bd54a9b710Red Hat Security Advisory 2018-0287-01 - Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Service Pack 4 serves as a replacement of Red Hat JBoss Core Services Apache HTTP Server 2.4.23, and includes bug fixes.
da4425b71f26da2469debd67beca7ccb905206efc354003322faeff196e8d68aDebian Linux Security Advisory 4107-1 - It was discovered that the webhook validation of Anymail, a Django email backends for multiple ESPs, is prone to a timing attack. A remote attacker can take advantage of this flaw to obtain a WEBHOOK_AUTHORIZATION secret and post arbitrary email tracking events.
72744935de785760401d98987bbeaabfb711ae71d0beb335b3b768cca5382140HP Security Bulletin HPSBHF02981 2 - A potential security vulnerability has been identified in HPE Integrated Lights-Out 2, 3, 4 (iLO2, iLO3, iLO4) and HPE Superdome Flex RMC. The vulnerability could be exploited to allow an attacker to gain unauthorized privileges and unauthorized access to privileged information. **Note:** - This vulnerability also impacts the RMC of the "Superdome Flex" Server. Revision 2 of this advisory.
a2964cc8b96f7208d5ae7e0ddcf956c8d282b386abf5ac64183dbead5d56315eVMware Security Advisory 2018-0007 - VMware Virtual Appliance updates address side-channel analysis due to speculative execution.
ec8f147c16b39decc064b40987ddaf4daf5a97ec067ad903f105fee9b1a0a0d9Debian Linux Security Advisory 4106-1 - Two vulnerabilities were discovered in Libtasn1, a library to manage ASN.1 structures, allowing a remote attacker to cause a denial of service against an application using the Libtasn1 library.
8891131abb3ecb748839b63593d0fd657e763ef1bc5bbf7b0e21f83327caff75Ubuntu Security Notice 3563-1 - It was discovered that Mailman incorrectly handled certain web scripts. An attacker could possibly use this to inject arbitrary code.
e37262374a510e78ca6ffc4ad02a497378e1f8ea46f377a5a9593c3e43d1581bUbuntu Security Notice 3562-1 - It was discovered that MiniUPnP incorrectly handled memory. A remote attacker could use this issue to cause a denial of service or possibly execute arbitrary code with privileges of the user running an application that uses the MiniUPnP library.
98d9226801e5c7587d9b5810a6e8d0708dc53fcc0720617b17f6e80442e0f585Ubuntu Security Notice 3561-1 - It was discovered that microprocessors utilizing speculative execution and branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Spectre. An attacker in the guest could use this to expose sensitive guest information, including kernel memory. This update allows libvirt to expose new CPU features added by microcode updates to guests. On amd64 and i386, new CPU models that match the updated microcode features were added with an -IBRS suffix. Certain environments will require guests to be switched manually to the new CPU models after microcode updates have been applied to the host. Various other issues were also addressed.
dcecc1c0c320933f560d27edcde2541b800157c29b7c91559c36818fa010ff71This Microsoft bulletin summary holds information regarding Microsoft security updates for February, 2018.
61faea73c1b902f8b0a37675555f8d7ed455127e01ed15cc0f3b18f2393dbe26Ubuntu Security Notice 3560-1 - It was discovered that microprocessors utilizing speculative execution and branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Spectre. An attacker in the guest could use this to expose sensitive guest information, including kernel memory. This update allows QEMU to expose new CPU features added by microcode updates to guests on amd64, i386, and s390x. On amd64 and i386, new CPU models that match the updated microcode features were added with an -IBRS suffix. Certain environments will require guests to be switched manually to the new CPU models after microcode updates have been applied to the host. Various other issues were also addressed.
ecf30c2ab3063f7c4453fd5a2f25fd20a9a0811b8b750790af31f961d51b10e9Red Hat Security Advisory 2018-0285-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update upgrades Flash Player to version 28.0.0.161. Security Fix: This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities, detailed in the Adobe Security Bulletin listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to crash, execute arbitrary code, or disclose sensitive information when the victim loaded a page containing the malicious SWF content.
8a55ff082adb2050d0ba197537f62c4ce0a4d5b6d98222bd4250b5d7e7669d5aUbuntu Security Notice 3559-1 - It was discovered that Django incorrectly handled certain requests. An attacker could possibly use this to access sensitive information.
24fb96a7aeea6dbab0ee7506db4be544a25951c589739278125f848889e699ccDebian Linux Security Advisory 4105-1 - It was discovered that mpv, a media player, was vulnerable to remote code execution attacks. An attacker could craft a malicious web page that, when used as an argument in mpv, could execute arbitrary code in the host of the mpv user.
9d62b2442745a4c9c4bd227c62bd0a6d2955e0b06fe5fa74c04517dcf75ea546Slackware Security Advisory - New kernel packages are available for Slackware 14.2 to mitigate the speculative side channel attack known as Spectre variant 2.
cec4318e6170cf890d70887ea261d7b817e29df36602bfbfb364e75cb35456bb
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed