Debian Linux Security Advisory 4596-1 - Several issues were discovered in the Tomcat servlet and JSP engine, which could result in session fixation attacks, information disclosure, cross- site scripting, denial of service via resource exhaustion and insecure redirects.
6ebceaf0d89b2cfd7371e7b66dc4d0a44198b1bc2430ecc38e1dec0541185915
Debian Linux Security Advisory 4595-1 - It was discovered that debian-lan-config, a FAI config space for the Debian-LAN system, configured too permissive ACLs for the Kerberos admin server, which allowed password changes for other user principals.
82061cfc85edebc357e70e88bef1a28092a77d75e58404c34d56e60eb1d2f284
Debian Linux Security Advisory 4594-1 - Guido Vranken discovered an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli.
a39d0cc9a81c74129e5f00871afb245984b1984fc1e3bd6c3edaaa4475432379
Debian Linux Security Advisory 4593-1 - It was found that freeimage, a graphics library, was affected by the heap buffer overflow and stack exhaustion vulnerabilities.
4ebdd4858626576870687736dfb6bbf6dc59bf2ac9dcf517ef5a2dd786183e7b
Debian Linux Security Advisory 4592-1 - It was discovered that the Title blacklist functionality in MediaWiki, a website engine for collaborative work, could by bypassed.
bb20c7cf79bcabae820f69665eb8d16f0f0eb6ff267718a901d2578df8890394
Debian Linux Security Advisory 4591-1 - Stephan Zeisberg reported an out-of-bounds write vulnerability in the _sasl_add_string() function in cyrus-sasl2, a library implementing the Simple Authentication and Security Layer. A remote attacker can take advantage of this issue to cause denial-of-service conditions for applications using the library.
4db92c809e74e626ad26cbe38cd7f796e781962de618ac889bc9c491e03a3624
Slackware Security Advisory - New tigervnc packages are available for Slackware 14.2 and -current to fix security issues.
3761322629c9c5cd98ffac11bc9c7d21c77149de443b8fc3a1a74626a8aca9e2
Slackware Security Advisory - New openssl packages are available for Slackware 14.2 and -current to fix a security issue.
ac183b8e752e5f00b1fc5cc6180eb2594a11d4d02915f3992ca665a26a46e860
A vulnerability exists in CA Client Automation that can allow a local attacker to gain escalated privileges. CA published solutions to address the vulnerability and recommends that all affected customers implement the applicable solution. The vulnerability, CVE-2019-19231, occurs due to insecure file access by the agent services. A local attacker may exploit this vulnerability to execute arbitrary commands with escalated privileges on an installation of the Client Automation agent. The Windows agent in CA Client Automation versions 14.0, 14.1, 14.2, and 14.3 are affected.
f83b28b09c7c76554eda487fcb8f48e6c31754eb1815d5deca6571ca3cc74d47
Red Hat Security Advisory 2019-4361-01 - A library to handle bidirectional scripts, so that the display is done in the proper way, while the text data itself is always written in logical order. Issues addressed include buffer overflow, code execution, and denial of service vulnerabilities.
8fb50e20295bd9ecc4cbcc8d48352c1e7358fa6fbaaf0d25dbdbee7024c335c5
Red Hat Security Advisory 2019-4360-01 - The libyang package provides a library for YANG data modeling language. libyang is a YANG data modelling language parser and toolkit written in C. The library is used e.g. in libnetconf2, Netopeer2, sysrepo and FRRouting projects. Issues addressed include a buffer overflow vulnerability.
be3166a5b5988a969e5b240bb3ab3ef561a9e2a0ed082e45d7449b9601d02f95
Debian Linux Security Advisory 4590-1 - It was discovered that the lmtpd component of the Cyrus IMAP server created mailboxes with administrator privileges if the "fileinto" was used, bypassing ACL checks.
7499dbe419697acfe2027ceca0aba6b752a7e8780a14c7275faefccefb192664
Red Hat Security Advisory 2019-4344-01 - KVM is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. Issues addressed include buffer overflow and null pointer vulnerabilities.
e11ac502d606e1134718d23388fd9668d8b17fde716bcede8c211a3ae676b634
Slackware Security Advisory - New wavpack packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.
9cefb5e15aa67fbfa341c9f107fa051a63541401c64efa56a9eaf3dd2adda9cd
Atlassian Confluence suffers from a man-in-the-middle vulnerability. Versions affected include the 6.x.x and 7.x.x releases.
210e5ceb62fd144e2e3a8982f12780c0009868a791ee1c6d03db5bed99a58027
Red Hat Security Advisory 2019-4237-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Issues addressed include bypass and man-in-the-middle vulnerabilities.
3ef3ef43c36441eb0a3d42185d73d3c7abdeea9f1d0fa06b1391b2681245eed3
Red Hat Security Advisory 2019-4358-01 - The OpenStack Identity service authenticates and authorizes OpenStack users by keeping track of users and their permitted activities. The Identity service supports multiple forms of authentication, including user name and password credentials, token-based systems, and AWS-style logins. An issue was addressed where the credentials API allowed non-admin users to list and retrieve all users credentials.
8d64a15f8acd37509d405de1e4329f96f3110df713ea6216a2650682dc3e0346
Red Hat Security Advisory 2019-4356-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection. Issues addressed include a code execution vulnerability.
75b2c23f16e2c56c47dd13c644fc7c0898bd6dcca7a91807c78a3eb2563846dc
Red Hat Security Advisory 2019-4357-01 - Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment utilities, and support services. Issues addressed include a denial of service vulnerability.
881de3defb7584bf97a9132a154940789ab184d3390211d15fe49e902e793ca6
Red Hat Security Advisory 2019-4353-01 - Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment utilities, and support services. Issues addressed include a denial of service vulnerability.
01e632f693290194f6decf41d319edc3180d561f66612a7500d6101d952f0ec1
Red Hat Security Advisory 2019-4326-01 - A library to handle bidirectional scripts, so that the display is done in the proper way, while the text data itself is always written in logical order. Issues addressed include buffer overflow, code execution, and denial of service vulnerabilities.
b9d0915061cf43dbc1453ef5fd0fb6b2e6ebe01cf43682aaa4f4195f863c6394
Red Hat Security Advisory 2019-4341-01 - An issue was resolved where Red Hat Quay stored robot account tokens in plain text.
cb4d46e0c022d28e2017f6f2cb80a4bc9bde13c8bc9b0a6bf487ad588d84fe19
Red Hat Security Advisory 2019-4352-01 - Red Hat Fuse provides a small-footprint, flexible, open source enterprise service bus and integration platform. Red Hat A-MQ is a standards compliant messaging system that is tailored for use in mission critical applications. Issues addressed include code execution, deserialization, and information leakage vulnerabilities.
f1533a79e96cd3429ddc8bf06dda73bd15b59ba3b3f8b62bdccf40e56138d887
Debian Linux Security Advisory 4589-1 - It was discovered that debian-edu-config, a set of configuration files used for the Debian Edu blend, configured too permissive ACLs for the Kerberos admin server, which allowed password changes for other user principals.
81ed36fc1bdd6f0fc5538e25cf7ea4ef12558378dee24e75461bf5406b3f57fa
Ubuntu Security Notice 4224-1 - Simon Charette discovered that the password reset functionality in Django used a Unicode case insensitive query to retrieve accounts associated with an email address. An attacker could possibly use this to obtain password reset tokens and hijack accounts.
2d00245a2e8b66cfc557ff1fb2cb66b61f72d82bf26c36911ca948106d412ecb