Ubuntu Security Notice 3880-1 - It was discovered that the CIFS client implementation in the Linux kernel did not properly handle setup negotiation during session recovery, leading to a NULL pointer exception. An attacker could use this to create a malicious CIFS server that caused a denial of service. Jann Horn discovered that the procfs file system implementation in the Linux kernel did not properly restrict the ability to inspect the kernel stack of an arbitrary task. A local attacker could use this to expose sensitive information. Various other issues were also addressed.
eb0ada9fcea297efc352c24bdd5ddeae3d18ba54e2e99898677029db73d54cb5Ubuntu Security Notice 3871-3 - Wen Xu discovered that a use-after-free vulnerability existed in the ext4 filesystem implementation in the Linux kernel. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service or possibly execute arbitrary code. Wen Xu discovered that a buffer overflow existed in the ext4 filesystem implementation in the Linux kernel. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
1041b56c301afb52ce67b7fd6cc20810a44176e8fb1e082b236d07915a47660aUbuntu Security Notice 3879-1 - Wen Xu discovered that the ext4 file system implementation in the Linux kernel could possibly perform an out of bounds write when updating the journal for an inline file. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service. Vasily Averin and Pavel Tikhomirov discovered that the cleancache subsystem of the Linux kernel did not properly initialize new files in some situations. A local attacker could use this to expose sensitive information. Various other issues were also addressed.
d4c5943e106e709ebaf8cb958548047219fd51242e4b6e55b8450bdf25835215Ubuntu Security Notice 3878-1 - It was discovered that a race condition existed in the vsock address family implementation of the Linux kernel that could lead to a use-after-free condition. A local attacker in a guest virtual machine could use this to expose sensitive information. Cfir Cohen discovered that a use-after-free vulnerability existed in the KVM implementation of the Linux kernel, when handling interrupts in environments where nested virtualization is in use. A local attacker in a guest VM could possibly use this to gain administrative privileges in a host machine. Various other issues were also addressed.
53443e7ab73989a11fa42178ed663148853ae0460bc906e43bd330b74c010761Ubuntu Security Notice 3879-2 - USN-3879-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. Wen Xu discovered that the ext4 file system implementation in the Linux kernel could possibly perform an out of bounds write when updating the journal for an inline file. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service. Various other issues were also addressed.
3b2d16cc10420bfae074ab35fc894aa0b16179de5f3354dcf218acf4d1e689f7Ubuntu Security Notice 3871-4 - USN-3871-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 18.04 LTS for Ubuntu 16.04 LTS. Wen Xu discovered that a use-after-free vulnerability existed in the ext4 filesystem implementation in the Linux kernel. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
a11206552fc0cabc9183c5f6c62349248af6aeafede8241f7d11f3a3f97109b7Red Hat Security Advisory 2019-0271-01 - The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides aggressive parallelism capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, and keeps track of processes using Linux cgroups. Issues addressed include a stack overflow vulnerability.
ff905303c6db54649d5fbd7e6c6d3027bf65a74efe6d252c36eae5d30cb0db93Red Hat Security Advisory 2019-0269-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 60.5.0. Issues addressed include a use-after-free vulnerability.
a790814cd402b889e67c53fc78af31bd83ad8ded1575ebef5d56274bf3221bafRed Hat Security Advisory 2019-0270-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 60.5.0. Issues addressed include a use-after-free vulnerability.
ffad4a50b00fb9b83e281fa8bea84e96d405751b5a836bb99de3d9b79acc3c25Red Hat Security Advisory 2019-0265-01 - Red Hat Gluster Storage Web Administration includes a fully automated setup based on Ansible and provides deep metrics and insights into active Gluster storage pools by using the Grafana platform. Red Hat Gluster Storage WebAdministration provides a dashboard view which allows an administrator to get a view of overall gluster health in terms of hosts, volumes, bricks, and other components of GlusterFS. Issues addressed include open redirection and other vulnerabilities.
9d82018522de2fc347d4ee6b64d2daefaabd198db26dc0e3fcb5e963a8e2768eDebian Linux Security Advisory 4383-1 - Pavel Cheremushkin discovered several vulnerabilities in libvncserver, a library to implement VNC server/client functionalities, which might result in the execution of arbitrary code, denial of service or information disclosure.
15aa8b5caceabb75fc63852264b9817afd4fa46634c3111f68f5a5c122748e09Debian Linux Security Advisory 4381-1 - Alex Infuehr discovered a directory traversal vulnerability which could result in the execution of Python script code when opening a malformed document.
18f090410d03a2a0a44f6fad18350a0e14db3ce0e6a006a9894dda7fbdf69cd5Debian Linux Security Advisory 4382-1 - Nick Cleaton discovered two vulnerabilities in rssh, a restricted shell that allows users to perform only scp, sftp, cvs, svnserve (Subversion), rdist and/or rsync operations. Missing validation in the rsync support could result in the bypass of this restriction, allowing the execution of arbitrary shell commands.
90d089df2746ccd0e13a5b4effa81aa2b9b37376df0cff30c992e43f9b7a0418Slackware Security Advisory - New mariadb packages are available for Slackware 14.1 and 14.2 to fix security issues.
6c1202eb7e6b12c0844a96aca1392976db608cd10edea353ccf77578d86b7501Debian Linux Security Advisory 4380-1 - A vulnerability was discovered in the implementation of the P-521 and P-384 elliptic curves, which could result in denial of service and in some cases key recovery.
b2466647e1bef9885f511c58ff168af89dde385f0bb6cb6b36ac6fbbf0c4a251Debian Linux Security Advisory 4379-1 - A vulnerability was discovered in the implementation of the P-521 and P-384 elliptic curves, which could result in denial of service and in some cases key recovery.
469bcf3e291b28feb6f5962748118013615d34b60110e0a7704b41a8e1e5557bUbuntu Security Notice 3871-2 - USN-3871-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 LTS. Unfortunately, that update introduced regressions with docking station displays and mounting ext4 file systems with the meta_bg option enabled. This update fixes the problems. Various other issues were also addressed.
b3e1923af0fea3e3581de72bb292c33d319b54f08b70c8d14fd63f3ae53a3166Ubuntu Security Notice 3877-1 - It was discovered that LibVNCServer incorrectly handled certain operations. A remote attacker able to connect to applications using LibVNCServer could possibly use this issue to obtain sensitive information, cause a denial of service, or execute arbitrary code.
7bb816aece59b9aab809749a28009badb441a6a40624bdbbbb3fb7066549f21aRed Hat Security Advisory 2019-0237-01 - The etcd packages provide a highly available key-value store for shared configuration. Issues addressed include an improper authentication vulnerability.
c72b9fe5413afc546311050d978e7b7a8055256991222c11fd930786001f7788Red Hat Security Advisory 2019-0230-01 - The polkit packages provide a component for controlling system-wide privileges. This component provides a uniform and organized way for non-privileged processes to communicate with privileged ones. Issues addressed include an auth hijacking vulnerability.
89f54c45c0df7d5be2075a39c847c14e324c0916fb43ec12e92c80dcf55244aaRed Hat Security Advisory 2019-0229-01 - The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Issues addressed include bypass and use-after-free vulnerabilities.
e81ad852a81d59f92ab945d478f633f6eee573cf410bb8aeae1f8c6a0eec97c9Red Hat Security Advisory 2019-0231-01 - The Simple Protocol for Independent Computing Environments is a remote display system built for virtual environments which allows the user to view a computing 'desktop' environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. Issues addressed include an off-by-one error.
7d6ae7f9db2dbef1c0230d17826701cf08e76873ca847339dabf4b152c8d36cdRed Hat Security Advisory 2019-0232-01 - The Simple Protocol for Independent Computing Environments is a remote display protocol for virtual environments. SPICE users can access a virtualized desktop or server from the local system or any system with network access to the server. SPICE is used in Red Hat Enterprise Linux for viewing virtualized guests running on the Kernel-based Virtual Machine hypervisor or on Red Hat Enterprise Virtualization Hypervisors. Issues addressed include an off-by-one error.
d09f0a0488731b09d6e56b80cd725749619a0d9a28bdc1c4b130959e3f76b6c0
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed