WebKitGTK+ and WPE WebKit suffer from multiple memory corruption vulnerabilities that can lead to code execution. Multiple versions are affected.
3cb5fdcd6bc0ec5fd603824f6ca990d828d8b0a217586bb8ab36b7bb300e82c5Apple Security Advisory 2019-2-07-1 - iOS 12.1.4 is now available and addresses memory corruption vulnerabilities.
023cec1d8e3337599dbf973600fc1b8287142d496d0146a145707c50c8f577c7Slackware Security Advisory - New php packages are available for Slackware 14.0, 14.1, 14.2 to fix security issues. A bugfix release for -current is also available.
0f420b22277ddb140369dde619a7d53c5fefaef9095b42044308668e971633bfUbuntu Security Notice 3871-5 - Wen Xu discovered that a use-after-free vulnerability existed in the ext4 filesystem implementation in the Linux kernel. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service or possibly execute arbitrary code. Wen Xu discovered that a buffer overflow existed in the ext4 filesystem implementation in the Linux kernel. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
a5d71e69056829a026e081231955a45dd385e4689768c26f0fa5281f7bb32196Ubuntu Security Notice 3878-2 - It was discovered that a race condition existed in the vsock address family implementation of the Linux kernel that could lead to a use-after-free condition. A local attacker in a guest virtual machine could use this to expose sensitive information. Cfir Cohen discovered that a use-after-free vulnerability existed in the KVM implementation of the Linux kernel, when handling interrupts in environments where nested virtualization is in use. A local attacker in a guest VM could possibly use this to gain administrative privileges in a host machine. Various other issues were also addressed.
836e2d26e3cb7e111d07f62c277179c810b8d3827600b341b6da1a764f655919Red Hat Security Advisory 2019-0212-01 - Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller framework for web application development. Action Pack implements the controller and the view components. Issues addressed include a cross site scripting vulnerability.
835760b3d6dfa49fe6d91c0adf7b5055c3da00d6b75ac1af0554eedc1a8d3fafUbuntu Security Notice 3885-1 - Harry Sintonen discovered multiple issues in the OpenSSH scp utility. If a user or automated system were tricked into connecting to an untrusted server, a remote attacker could possibly use these issues to write to arbitrary files, change directory permissions, and spoof client output.
081649ccfa282b9f8eeb5c454b5712ab60990d297495d610ee10e4ab2229c421Apple Security Advisory 2019-2-07-3 - Shortcuts 2.1.3 for iOS is now available and addresses information disclosure and sandbox escape vulnerabilities.
65531847afd9d520f000898444aae963fdc7b61e902aacb814789f5987e4721dApple Security Advisory 2019-2-07-1 - iOS 12.1.4 is now available and addresses memory corruption and logic issues.
c5d6f82cbefa18848dead9bac8bdb6df4221120b037ddf81eac68fb7a009a80eApple Security Advisory 2019-2-07-2 - macOS Mojave 10.14.3 Supplemental Update is now available and addresses memory corruption and logic issues.
10a0844b8bff43b9944f9fd5da2df403da6942242f43163a7b4ceca69b0ea882Ubuntu Security Notice 3884-1 - It was discovered that libarchive incorrectly handled certain 7zip files. An attacker could possibly use this issue to cause a denial of service.
b7f40e2deafea3896a92d15326d375475a4087695f4a9f74337c025802fe1394Slackware Security Advisory - New curl packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.
55bfd78a791cb07eb86d9eb4ab83a37d47182932d30e450c37338132fe078005Debian Linux Security Advisory 4386-1 - Multiple vulnerabilities were discovered in cURL, an URL transfer library.
389920e5b0a54ae3c59ca15c0208b0912c4ae38e63794ae0abf9317bbce73127Ubuntu Security Notice 3883-1 - It was discovered that LibreOffice incorrectly handled certain document files. If a user were tricked into opening a specially crafted document, a remote attacker could cause LibreOffice to crash, and possibly execute arbitrary code. It was discovered that LibreOffice incorrectly handled embedded SMB connections in document files. If a user were tricked in to opening a specially crafted document, a remote attacker could possibly exploit this to obtain sensitive information. Various other issues were also addressed.
3590319206e9f994fc6427d7de0f5ff90c527befe59e8cf74e9ea0c9042ca778Ubuntu Security Notice 3882-1 - Wenxiang Qian discovered that curl incorrectly handled certain NTLM authentication messages. A remote attacker could possibly use this issue to cause curl to crash, resulting in a denial of service. This issue only applied to Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 18.10. Wenxiang Qian discovered that curl incorrectly handled certain NTLMv2 authentication messages. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only applied to Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 18.10. Various other issues were also addressed.
8730f1a95efb3ad9f330fd2c5e6d04c57d0239a933014e5309ef2e03007ce512FreeBSD Security Advisory - FreeBSD 12.0 attempts to handle the case where the receiving process does not provide a sufficiently large buffer for an incoming control message containing rights. In particular, to avoid leaking the corresponding descriptors into the receiving process' descriptor table, the kernel handles the truncation case by closing descriptors referenced by the discarded message. The code which performs this operation failed to release a reference obtained on the file corresponding to a received right. This bug can be used to cause the reference counter to wrap around and free the file structure. A local user can exploit the bug to gain root privileges or escape from a jail.
855f095edd8dddc5d144dfb14428d131335a8466a40afb0a5c40cf8aee8b1767FreeBSD Security Advisory - The callee-save registers are used by kernel and for some of them (%r8, %r10, and for non-PTI configurations, %r9) the content is not sanitized before return from syscalls, potentially leaking sensitive information. Typically an address of some kernel data structure used in the syscall implementation, is exposed.
236a816eea4311588ca36396d798417774e37912f40da745164d7609d6d42425Debian Linux Security Advisory 4385-1 - halfdog discovered an authentication bypass vulnerability in the Dovecot email server. Under some configurations Dovecot mistakenly trusts the username provided via authentication instead of failing. If there is no additional password verification, this allows the attacker to login as anyone else in the system. Only installations using.
6833491f703287eb135623eab6b3f3e0926f3acd5a1bb2dc72afa6c93a8a9b33Ubuntu Security Notice 3881-2 - USN-3881-1 fixed a vulnerability in Dovecot. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that Dovecot incorrectly handled client certificates. A remote attacker in possession of a valid certificate with an empty username field could possibly use this issue to impersonate other users. Various other issues were also addressed.
1d145a7d6061f246f48a848680c45f7979b1476512372f57248c8bafef25526bVNX Control Station in Dell EMC VNX2 OE for File versions prior to 8.1.9.236 contains OS command injection vulnerability. Due to inadequate restriction configured in sudoers, a local authenticated malicious user could potentially execute arbitrary OS commands as root by exploiting this vulnerability.
8b5e1fd9a35d270ca6343964f334e12ca3745a32f7221231dcc6a0b1feb3acafUbuntu Security Notice 3881-1 - It was discovered that Dovecot incorrectly handled client certificates. A remote attacker in possession of a valid certificate with an empty username field could possibly use this issue to impersonate other users.
81303d55c739f8568896780709c6a639e81aad971c982094aa53db5d0c65afcfRed Hat Security Advisory 2019-0275-01 - HAProxy is a TCP/HTTP reverse proxy which is particularly suited for high availability environments. Issues addressed include a crash condition.
b9c8271df299a7793c1153f0a5cfabd6a01afe5c1302129ec0dc31c90466ee60Debian Linux Security Advisory 4384-1 - Multiple vulnerabilities have been discovered in libgd2, a library for programmatic graphics creation and manipulation, which may result in denial of service or potentially the execution of arbitrary code if a malformed file is processed.
185a43ed9d6a8dabfd51568c47827afdb4622c5d5deae768927db27844e37d1bUbuntu Security Notice 3880-2 - USN-3880-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 ESM. It was discovered that the CIFS client implementation in the Linux kernel did not properly handle setup negotiation during session recovery, leading to a NULL pointer exception. An attacker could use this to create a malicious CIFS server that caused a denial of service. Various other issues were also addressed.
e41eef2f8971b874412e48efd5c8d3f92c9b207977f7cf0a4850da5a80335941Qkr! with MasterPass suffers from an SSL man-in-the-middle vulnerability. Version 5.0.8 addresses this issue.
05797b1faff6dafab46b3c8075ceaa2fc5193c578b6b52cde2f50b384a64f33d
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed