Ubuntu Security Notice 3876-2 - USN-3876-1 fixed a vulnerability in Avahi. This update provides the corresponding update for Ubuntu 12.04 ESM. Chad Seaman discovered that Avahi incorrectly handled certain messages. An attacker could possibly use this issue to cause a denial of service. Various other issues were also addressed.
534ed3e8821dc2c6659ee366ead6ba94eac2668ade728ba640d133a073ca6ca5Ubuntu Security Notice 3876-1 - Chad Seaman discovered that Avahi incorrectly handled certain messages. An attacker could possibly use this issue to cause a denial of service.
ecd33e9fdc0496684eebe6cc33ebb1d0db04916edfc7e746fe047c4f2255c5fcSlackware Security Advisory - New kernel packages are available for Slackware 14.2 to fix security issues.
b00c9750a9d1a5293cf1b00be4962a74b7a8b39c5ae241b16f2e5d2e209b667bUbuntu Security Notice 3875-1 - It was discovered that a memory disclosure issue existed in the OpenJDK Library subsystem. An attacker could use this to expose sensitive information and possibly bypass Java sandbox restrictions.
b8000d2283c05e4e0b377807f40d4d13096a58c131b3b0ae930ed8fee16f9d08Ubuntu Security Notice 3874-1 - Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, gain additional privileges by escaping the sandbox, or execute arbitrary code. It was discovered that Firefox allowed PAC files to specify that requests to localhost are sent through the proxy to another server. If proxy auto-detection is enabled, an attacker could potentially exploit this to conduct attacks on local services and tools. Various other issues were also addressed.
849e56e87e660f92ac3299e134feb4c3b7036ae3b970cdc33d069972baca43c4Debian Linux Security Advisory 4378-1 - Fariskhi Vidyan discovered that the PEAR Archive_Tar package for handling tar files in PHP is prone to a PHP object injection vulnerability, potentially allowing a remote attacker to execute arbitrary code.
7e4ef23ca8470300ddac7bad2d8bad6f040e2ce16dd0123ba1e84084b83ec707Ubuntu Security Notice 3873-1 - It was discovered that Open vSwitch incorrectly decoded certain packets. A remote attacker could possibly use this issue to cause Open vSwitch to crash, resulting in a denial of service. It was discovered that Open vSwitch incorrectly handled processing certain flows. A remote attacker could possibly use this issue to cause Open vSwitch to crash, resulting in a denial of service. This issue only affected Ubuntu 18.04 LTS. Various other issues were also addressed.
908ced99153ecc61b1eb36e454bae54f8f456af9c212d3462a5914e555707a01Slackware Security Advisory - New mozilla-firefox packages are available for 14.2 and -current to fix security issues.
0dc46838181933d0acf6584efd3c550dc477786a036a5f01afbe5a0646e30a11Debian Linux Security Advisory 4375-1 - Christophe Fergeau discovered an out-of-bounds read vulnerability in spice, a SPICE protocol client and server library, which might result in denial of service (spice server crash), or possibly, execution of arbitrary code.
2fefc99471bde1e9874b533008268cea08d397a084f2b10977898a4ddcdaa27bRed Hat Security Advisory 2019-0162-01 - The kernel-alt packages provide the Linux kernel version 4.x. Issues addressed include a buffer overflow vulnerability.
f409c98c717375dafb0f5899dab9be5df0498199876c46e4fdb25e0e29b210f6Debian Linux Security Advisory 4376-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code or privilege escalation.
aa608a46cb7069b1ff2ed601cef955aeebb1370b446e65de5ed222f4081cef46Debian Linux Security Advisory 4377-1 - The ESnet security team discovered a vulnerability in rssh, a restricted shell that allows users to perform only scp, sftp, cvs, svnserve (Subversion), rdist and/or rsync operations. Missing validation in the scp support could result in the bypass of this restriction, allowing the execution of arbitrary shell commands.
94d852fddd0d7de255869f71aa353a2bf3c2963c61f4197cc965bee4345d3540Red Hat Security Advisory 2019-0218-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.5.0 ESR. Issues addressed include a use-after-free vulnerability.
e1083e90b00e53fb904a7a9b0aafddd2e035ae690e0afb0b33aaa23f1cf575b1Red Hat Security Advisory 2019-0219-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.5.0 ESR. Issues addressed include a use-after-free vulnerability.
67efee2b070ca8e8c0dbedafdf0e19716ce73ee0a80eac4e0f5ae2bd1cd40a75Red Hat Security Advisory 2019-0194-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. Issues addressed include a crash related vulnerability.
ae67071105aaf1bdf88ec44bdc6f486f301f9d17ccf4669bb01648d3e0b0d157Red Hat Security Advisory 2019-0188-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include a use-after-free vulnerability.
95543b404311a724e4d4ae3a28dbef2e0c45febdf31c925aa85f1e48fa304eadRed Hat Security Advisory 2019-0163-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include bypass and use-after-free vulnerabilities.
67bea05cdf56e6c44d7f698e4059a01ff4fe8c273c037c1f15ba734adc98234fRed Hat Security Advisory 2019-0201-01 - The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides aggressive parallelism capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, and keeps track of processes using Linux cgroups. Issues addressed include a memory leak vulnerability.
850add0778d93ddf380dd47cb0d948b7e9aaf8c2a1e05dd1f3eb6693c18ff086Red Hat Security Advisory 2019-0204-01 - The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides aggressive parallelism capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, and keeps track of processes using Linux cgroups. Issues addressed include a stack overflow vulnerability.
6fcd5d14a723cf02465650b3333098f9f2c57140c8be2ebe89550de8bb349677Red Hat Security Advisory 2019-0202-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a bypass vulnerability.
e466d9e8d46a7fbdf7a04ff70339a8429fecbdce61463fd8ca56e052605ddbd5Ubuntu Security Notice 3872-1 - It was discovered that a race condition existed in the vsock address family implementation of the Linux kernel that could lead to a use-after-free condition. A local attacker in a guest virtual machine could use this to expose sensitive information. Cfir Cohen discovered that a use-after-free vulnerability existed in the KVM implementation of the Linux kernel, when handling interrupts in environments where nested virtualization is in use. A local attacker in a guest VM could possibly use this to gain administrative privileges in a host machine. Various other issues were also addressed.
4db2756d9eb8ba255e08ce015e2fad82f619501758cfcb7947e8a9d0b67adbceUbuntu Security Notice 3871-1 - Wen Xu discovered that a use-after-free vulnerability existed in the ext4 filesystem implementation in the Linux kernel. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service or possibly execute arbitrary code. Wen Xu discovered that a buffer overflow existed in the ext4 filesystem implementation in the Linux kernel. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
610a75c7ac7a32b12e02eece3933f2d902097e03a13e3d1b9fd535c83c4f3455Ubuntu Security Notice 3870-1 - Christophe Fergeau discovered that Spice incorrectly handled memory. A remote attacker could use this to cause Spice to crash, resulting in a denial of service, or possibly execute arbitrary code.
75b3b84236b60b3458a63a5f717cbd80617cbb119d28df06110534f0ab7a42d0Debian Linux Security Advisory 4374-1 - Several issues were discovered in qtbase-opensource-src, a cross-platform C++ application framework, which could lead to denial-of-service via application crash. Additionally, this update fixes a problem affecting vlc, where it would start without a GUI.
71dbc0ecaf2f6359430942d19217f17eb2faaebeed9d1ef583a4d25b74891794Debian Linux Security Advisory 4373-1 - Multiple vulnerabilities were discovered in coTURN, a TURN and STUN server for VoIP.
6e73804371ada043160901b24c306ab5dc539fb2283d74fb3cc8a0cd6becb8f7
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed