Red Hat Security Advisory 2019-0396-01 - Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 72.0.3626.96. Issues addressed include an inappropriate implementation in V8.
334b210947d857cbc050cadc1b4d495f2d00bb75ed50493071bb4d31a20562beSlackware Security Advisory - New file packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.
dc2b2bb882c2e78e63a28c7f49612b4d270b6841136b08fba33056561a9c24a9Debian Linux Security Advisory 4377-3 - The restrictions introduced in the security fix to address CVE-2019-1000018 also disallowed the -pf and -pt options which are used by the scp support in libssh2. This update restores support for those.
c1086ef619d30d33c973554f8c81008469bc8fd1c9b5a060a0f84560ad6b93adRed Hat Security Advisory 2019-0375-01 - Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Issues addressed include a sandbox escape vulnerability.
206a6a56321a9edc49063d0484c2e9aa5cd97213653b035186d44b1c5d34e0bbRed Hat Security Advisory 2019-0374-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.5.1 ESR. Issues addressed include integer overflow and use-after-free vulnerabilities.
94cb3b914e24096a9953d2552fa161db349fd60fcbcc64c1bce30759ea79c657Red Hat Security Advisory 2019-0368-01 - The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides aggressive parallelism capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, and keeps track of processes using Linux cgroups. Issues addressed include an input validation vulnerability. Does this look okay?
fd8df8cb4e6e0db493f1f71689b9f8c28fbec63a0146be1127bded9a26a70976Red Hat Security Advisory 2019-0366-01 - This release adds the new Apache HTTP Server 2.4.29 Service Pack 1 packages that are part of the JBoss Core Services offering. This release serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.29, and includes bug fixes and enhancements. Issues addressed include bypass, denial of service, null pointer, out of bounds write, traversal, and use-after-free vulnerabilities.
d3b3ce54e51fb837ee55b210bef2e4adb0ebb11e803bbd0a54c2b9e2194299a3Red Hat Security Advisory 2019-0364-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release of Red Hat JBoss Enterprise Application Platform 7.1.6 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.1.5, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include a cross site scripting vulnerability.
a228d9418494e5a5cd97d703c55108239e82d26c2deebf111ebb52fd2adf1aecRed Hat Security Advisory 2019-0362-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release of Red Hat JBoss Enterprise Application Platform 7.1.6 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.1.5, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include a cross site scripting vulnerability.
09b757ecbeea503e2e2dd6f7ac771af07bbaed81be2e458c03e54c8290188e5dUbuntu Security Notice 3893-1 - Toshifumi Sakaguchi discovered that Bind incorrectly handled memory. A remote attacker could possibly use this issue to cause Bind to consume resources, leading to a denial of service. This issue only affected Ubuntu 18.04 LTS and Ubuntu 18.10. It was discovered that Bind incorrectly handled certain trust anchors when used with the "managed-keys" feature. A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service. Various other issues were also addressed.
d764a48abf0e545fcb7ac51dfc66b540808772988998742ed8bf5aa6f538b5b8Ubuntu Security Notice 3866-2 - USN-3866-1 fixed vulnerabilities in Ghostscript. The new Ghostscript version introduced a regression when printing certain page sizes. This update fixes the problem. Tavis Ormandy discovered that Ghostscript incorrectly handled certain PostScript files. If a user or automated system were tricked into processing a specially crafted file, a remote attacker could possibly use this issue to access arbitrary files, execute arbitrary code, or cause a denial of service. Various other issues were also addressed.
d3b572b9e8dd59539d1f53e077357aac14bc80c5a7b56bc9204c9a39e33d44ecUbuntu Security Notice 3892-1 - Burghard Britzke discovered that GDM incorrectly handled certain configurations. An attacker could possibly use this issue to get unauthorized access to a different user.
5cbde4b75000a4c185fe9c87414fb3810aba4a7733e35005a88e58de4295fb5fDebian Linux Security Advisory 4396-1 - Several vulnerabilities have been found in Ansible, a configuration management, deployment, and task execution system.
2dde31e5783af9038db0eb1aa458aab47e774751c9f88602e04c74b7ca36d972Microsoft Edge has an issue where the default flash click2play whitelist is insecure.
b67a708bf7118de58f25eedb37a2a8891d000105b033f1e3397bcf8d54354a2aRed Hat Security Advisory 2019-0373-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.5.1 ESR. Issues addressed include integer overflow and use-after-free vulnerabilities.
d9e619b1d1cfe086dd5ea0a1600b42ab8ccd0f1e5d123f8460a10ba9333849e7Red Hat Security Advisory 2019-0380-01 - Red Hat Single Sign-On 7.2 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.2.6 serves as a replacement for Red Hat Single Sign-On 7.2.5, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include a cross site scripting vulnerability.
32aad9996df6400db8adadb3fa8c9c6302bbd9bc31c388eac459b86318d6202aDebian Linux Security Advisory 4395-1 - Several vulnerabilities have been discovered in the chromium web browser.
0d80f97ea8c997b4852f773519b065bb52fe2e2656fd1eec41871f8e8f69fb2aDebian Linux Security Advisory 4394-1 - Multiple security issues were found in the rdesktop RDP client, which could result in denial of service, information disclosure and the execution of arbitrary code.
9e58510d36577c8dc7c866554a270c468fc6e4338ccd262bc6566b39eaa77680Debian Linux Security Advisory 4393-1 - Chris Coulson discovered a flaw in systemd leading to denial of service. An unprivileged user could take advantage of this issue to crash PID1 by sending a specially crafted D-Bus message on the system bus.
64475b2c15df7a16ec2742c9a4415dfdb26c9cd162026b27397be16ff98ffd03Red Hat Security Advisory 2019-0367-01 - Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.29 Service Pack 1 serves as an update to Red Hat JBoss Core Services Apache HTTP Server 2.4.29, and includes bug fixes for CVEs which are linked to in the References section. Issues addressed include bypass, denial of service, null pointer, out of bounds write, traversal, and use-after-free vulnerabilities.
7fc6ff287841b94de3a16d48a7a29e072b8a385a22fc3abffb52431844efbda6Ubuntu Security Notice 3891-1 - It was discovered that systemd incorrectly handled certain D-Bus messages. A local unprivileged attacker could exploit this in order to crash the init process, resulting in a system denial-of-service.
0339a4b6bd2cb6bb7568dd845c47138a60750bc8ad7030a395a499ca3c392eb6Ubuntu Security Notice 3850-2 - USN-3850-1 fixed several vulnerabilities in NSS. This update provides the corresponding update for Ubuntu 12.04 ESM. Keegan Ryan discovered that NSS incorrectly handled ECDSA key generation. A local attacker could possibly use this issue to perform a cache-timing attack and recover private ECDSA keys. Various other issues were also addressed.
7498b43104d4fb07034d4fa82fae12b25b42d1e94165a25a6a94e278d49e0473Red Hat Security Advisory 2019-0365-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release of Red Hat JBoss Enterprise Application Platform 7.1.6 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.1.5, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include a cross site scripting vulnerability.
6e0db3fe2f3f38836bb6573608efad79fe56089340c18ecdc05321a13b97597dRed Hat Security Advisory 2019-0361-01 - The RHV-M Virtual Appliance automates the process of installing and configuring the Red Hat Virtualization Manager. The appliance is available to download as an OVA file from the Customer Portal. Issues addressed include stack overflow vulnerabilities.
a5a8677c8603e96cdd87eb005aaaf0c1f9ed17b0b6b3a027414690708ca0df13Debian Linux Security Advisory 4388-2 - Kushal Kumaran reported that the update for mosquitto issued as DSA 4388-1 causes mosquitto to crash when reloading the persistent database. Updated packages are now available to correct this issue.
b43a3f2f313bf01fb7950f72211f33e520a48661914365cf7e3ca80f5ae831c5
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed