Ubuntu Security Notice 4113-1 - Stefan Eissing discovered that the HTTP/2 implementation in Apache did not properly handle upgrade requests from HTTP/1.1 to HTTP/2 in some situations. A remote attacker could use this to cause a denial of service. This issue only affected Ubuntu 18.04 LTS and Ubuntu 19.04. Craig Young discovered that a memory overwrite error existed in Apache when performing HTTP/2 very early pushes in some situations. A remote attacker could use this to cause a denial of service. This issue only affected Ubuntu 18.04 LTS and Ubuntu 19.04. Various other issues were also addressed.
fc01073e29fa98b6982a2c858a17b8ca2bb20084a922393ce6c10b57d28d56cfWebKitGTK+ and WPE WebKit suffer from code execution, universal cross site scripting, and memory corruption vulnerabilities. Multiple versions are affected.
717a870dd2bc0256ddcda1abe745089002e9d297d7a372d49f1407bce3834e9dRed Hat Security Advisory 2019-2582-01 - Pango is a library for laying out and rendering of text, with an emphasis on internationalization. Pango forms the core of text and font handling for the GTK+ widget toolkit. Issues addressed include a buffer overflow vulnerability.
33c998429349460bae19a84051c87330740bd0e090eb14a23238b5ffc6016149Ubuntu Security Notice 4112-1 - Abhishek Lekshmanan discovered that the RADOS gateway implementation in Ceph did not handle client disconnects properly in some situations. A remote attacker could use this to cause a denial of service.
6bdf721ecf66ba3944cc831f4f5afda69ab1538183c30580680e689e202d623aUbuntu Security Notice 4111-1 - Hiroki Matsukuma discovered that the PDF interpreter in Ghostscript did not properly restrict privileged calls when -dSAFER restrictions were in effect. If a user or automated system were tricked into processing a specially crafted file, a remote attacker could possibly use this issue to access arbitrary files.
1d8927fb5ab42e83bac5c9d5b553f9406fcbe964befd3851ce63f6117f2e091dUbuntu Security Notice 4110-4 - USN-4110-1 fixed a vulnerability in Dovecot. The update introduced a regression causing a wrong check. This update fixes the problem for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Nick Roessler and Rafi Rubin discovered that Dovecot incorrectly handled certain data. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. Various other issues were also addressed.
ba5b903c212775a3900d1f88e72486fb256e8202fa117e10525eaf3cbcd9a736It was discovered that the USB video device class implementation in the Linux kernel did not properly validate control bits, resulting in an out of bounds buffer read. A local attacker could use this to possibly expose sensitive information (kernel memory). It was discovered that the Marvell Wireless LAN device driver in the Linux kernel did not properly validate the BSS descriptor. A local attacker could possibly use this to cause a denial of service (system crash) or possibly execute arbitrary code. Various other vulnerabilities have also been addressed.
3bf6f3467455c33428751c5faf437aa7d6c64fe01342c90cc65e1d94808e2336Ubuntu Security Notice 4110-3 - USN-4110-1 fixed a vulnerability in Dovecot. The update introduced a regression causing a wrong check. This update fixes the problem. Nick Roessler and Rafi Rubin discovered that Dovecot incorrectly handled certain data. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. Various other issues were also addressed.
ea497bd34cac8fb3ea8df64d24c03b963f18392532a993273d189149c06c84ccRed Hat Security Advisory 2019-2579-01 - Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment utilities, and support services. A crash issue was addressed.
b7da198c2a2efed0d3ca88cd075ea9eba23338a7a304cf7bd020c4f906c05729Red Hat Security Advisory 2019-2548-01 - Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron. Issues addressed include a cross site request forgery vulnerability.
4345dc1d608a0488b324d4434e2cfb1c27a4314f6530857a03a16fd149420252Red Hat Security Advisory 2019-2571-01 - Pango is a library for laying out and rendering of text, with an emphasis on internationalization. Pango forms the core of text and font handling for the GTK+ widget toolkit. Issues addressed include a buffer overflow vulnerability.
0faa131337ca5e32a57d48ec0ac89a3416c733ab208d593f8a65826cae68d0b0Red Hat Security Advisory 2019-2577-01 - Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment utilities, and support services. A crash issue has been addressed.
e60f27e303aab7b3ce7bce56331be0d0c4fd9b703ea70eac7cdcd0d653aeeba9Ubuntu Security Notice 4110-2 - USN-4110-1 fixed a vulnerability in Dovecot. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Nick Roessler and Rafi Rubin discovered that Dovecot incorrectly handled certain data. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. Various other issues were also addressed.
304d734f8346c73e85ea728a6b76429713959e68248569d54ebbdad82c84f68cDebian Linux Security Advisory 4510-1 - Nick Roessler and Rafi Rubin discovered that the IMAP and ManageSieve protocol parsers in the Dovecot email server do not properly validate input (both pre- and post-login). A remote attacker can take advantage of this flaw to trigger out of bounds heap memory writes, leading to information leaks or potentially the execution of arbitrary code.
c04546fd005105ce0ea049041181543abc29468ef19bad67410168c397658f7dUbuntu Security Notice 4110-1 - Nick Roessler and Rafi Rubin discovered that Dovecot incorrectly handled certain data. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code.
266fb9a4d88612b859b072db5fec419fd51c1b8f1685d5cfba9cc0a100abcb6bRed Hat Security Advisory 2019-2565-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. An OpenSSL issue was addressed where an X509 name equality check did not work correctly.
935cc6c3b1e5db1458c55ac7bd5923c3cb3ad5b2cfb9f8be3de685a814df4c15Red Hat Security Advisory 2019-2566-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. An issue was addressed where a missing check in fs/inode.c:inode_init_owner() did not clear SGID bit on non-directories for non-members.
786a2c0ea2c94bed1720aef805cb107fa37919901ca1dadc573cec6a373647f1Slackware Security Advisory - New kernel packages are available for Slackware 14.2 to fix a security issue.
aa594b346d11354a2066df25074c9d8e7426543aad3b1db4eb312a646852c745Debian Linux Security Advisory 4509-1 - Several vulnerabilities have been found in the Apache HTTPD server.
05f15168b7b98ddf7c58034b303654c50c6fce27c6c243e52c9f5c3c414bf30dApple Security Advisory 2019-8-26-3 - tvOS 12.4.1 is now available and addresses an arbitrary code execution vulnerability.
041f2d8074d27f28e655030a8d80e0c4f0803ffff4d36c01ad2db40aecce83eaApple Security Advisory 2019-8-26-2 - macOS Mojave 10.14.6 Supplemental Update is now available and addresses an arbitrary code execution vulnerability.
d6c9009bc10735742bd2f36d80f6d568d2ec1c8e6ad5ec5b208526eb55bdf72cApple Security Advisory 2019-8-26-1 - iOS 12.4.1 is now available and addresses an arbitrary code execution vulnerability.
db3a0d4a10a885a865526035d793907bf26f045d78eb465f902fe33e0dc06480Debian Linux Security Advisory 4508-1 - Three vulnerabilities were discovered in the HTTP/2 code of the H2O HTTP server, which could result in denial of service.
76fb0e4122080bc139ebee645c30819fe3573ab5a085d5f2008858e042069625Debian Linux Security Advisory 4507-1 - Several vulnerabilities were discovered in Squid, a fully featured web proxy cache. The flaws in the HTTP Digest Authentication processing, the HTTP Basic Authentication processing and in the cachemgr.cgi allowed remote attackers to perform denial of service and cross-site scripting attacks, and potentially the execution of arbitrary code.
102dff8cdfc700c7a5976e0e1116143994d1ce59068df780c80abd9cf39dc312Debian Linux Security Advisory 4506-1 - Multiple security issues were discovered in QEMU, a fast processor emulator, which could result in denial of service, the execution of arbitrary code or bypass of ACLs.
0a9a1b1a0cab98c6651b1d4d4ea0820c2dfe3abacd74c28f7e84a1abd8362147
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed