Debian Linux Security Advisory 4232-1 - This update provides mitigations for the "lazy FPU" vulnerability affecting a range of Intel CPUs, which could result in leaking CPU register states belonging to another vCPU previously scheduled on the same CPU.
a6b4e2a3380dbefdaab3f2a5274ae52bDebian Linux Security Advisory 4231-1 - It was discovered that Libgcrypt is prone to a local side-channel attack allowing recovery of ECDSA private keys.
8b7597b32fc2a2f158d2624d6e507119Debian Linux Security Advisory 4230-1 - Multiple vulnerabilities were discovered in the Lua subsystem of Redis, a persistent key-value database, which could result in denial of service.
d712eead66cabe92230211edff8d985fDebian Linux Security Advisory 4229-1 - Two vulnerabilities were discovered in strongSwan, an IKE/IPsec suite.
48499d9b1cf9d650d7f3c59cd956f760Debian Linux Security Advisory 4228-1 - Several vulnerabilities were found in SPIP, a website engine for publishing, resulting in cross-site scripting and PHP injection.
34b2e7462bfa056a0c19bbce40b04c29Debian Linux Security Advisory 4227-1 - Danny Grander discovered a directory traversal flaw in plexus-archiver, an Archiver plugin for the Plexus compiler system, allowing an attacker to overwrite any file writable by the extracting user via a specially crafted Zip archive.
3e6c7e4c336db858ce3c343012428294Debian Linux Security Advisory 4226-1 - Jakub Wilk discovered a directory traversal flaw in the Archive::Tar module, allowing an attacker to overwrite any file writable by the extracting user via a specially crafted tar archive.
fa2765272a509416ac08b9def96b1f3dDebian Linux Security Advisory 4223-1 - Marcus Brinkmann discovered that GnuGPG performed insufficient sanitisation of file names displayed in status messages, which could be abused to fake the verification status of a signed email.
5de2f16d80f3fa5b50328a10036e3b18Debian Linux Security Advisory 4222-1 - Marcus Brinkmann discovered that GnuGPG performed insufficient sanitisation of file names displayed in status messages, which could be abused to fake the verification status of a signed email.
0aac941a2a25af5264e133c5a1387b2aDebian Linux Security Advisory 4225-1 - Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in denial of service, sandbox bypass, execution of arbitrary code or bypass of JAR signature validation.
adc0a79a22e87a683003ba79045b5048Debian Linux Security Advisory 4224-1 - Marcus Brinkmann discovered that GnuGPG performed insufficient sanitisation of file names displayed in status messages, which could be abused to fake the verification status of a signed email.
f5973ec905525583de23dde81261f20aDebian Linux Security Advisory 4220-1 - Ivan Fratric discovered a buffer overflow in the Skia graphics library used by Firefox, which could result in the execution of arbitrary code.
34f809c7056ae15863580c0c5e59f50bDebian Linux Security Advisory 4221-1 - Alexander Peslyak discovered that insufficient input sanitising of RFB packets in LibVNCServer could result in the disclosure of memory contents.
b668ecf77da8dd39c9441c42729dccf6Debian Linux Security Advisory 4219-1 - Several vulnerabilities were discovered in jruby, a Java implementation of the Ruby programming language. They would allow an attacker to use specially crafted gem files to mount cross-site scripting attacks, cause denial of service through an infinite loop, write arbitrary files, or run malicious code.
7d3ba91bea7cc4af627f93c7f93e2120Debian Linux Security Advisory 4218-1 - Several vulnerabilities were discovered in memcached, a high-performance memory object caching system.
bdc08efd0978e5621eb378b74655fd10Debian Linux Security Advisory 4217-1 - It was discovered that Wireshark, a network protocol analyzer, contained several vulnerabilities in the dissectors for PCP, ADB, NBAP, UMTS MAC, IEEE 802.11, SIGCOMP, LDSS, GSM A DTAP and Q.931, which result in denial of service or the execution of arbitrary code.
ed14b6ee0b3f3db808323e7d461242caDebian Linux Security Advisory 4191-2 - The redmine security update announced as DSA-4191-1 caused regressions with multi-value fields while doing queries on project issues due to an bug in the patch to address CVE-2017-15569. Updated packages are now available to correct this issue.
5f044ef78e21d9149292db1106af1a36Debian Linux Security Advisory 4216-1 - It was discovered that Prosody, a lightweight Jabber/XMPP server, does not properly validate client-provided parameters during XMPP stream restarts, allowing authenticated users to override the realm associated with their session, potentially bypassing security policies and allowing impersonation.
150d626152b3845adc7e4a60fc7b246eDebian Linux Security Advisory 4215-1 - Man Yue Mo, Lars Krapf and Pierre Ernst discovered that Batik, a toolkit for processing SVG images, did not properly validate its input. This would allow an attacker to cause a denial-of-service, mount cross-site scripting attacks, or access restricted files on the server.
3993e80415ade99982b86b799f5588c4Debian Linux Security Advisory 4214-1 - It was discovered that Zookeeper, a service for maintaining configuration information, enforced no authentication/authorisation when a server attempts to join a Zookeeper quorum.
4a16c31f71a4d9357a2a8587b9ed862dDebian Linux Security Advisory 4210-1 - This update provides mitigations for the Spectre v4 variant in x86-based micro processors. On Intel CPUs this requires updated microcode which is currently not released publicly (but your hardware vendor may have issued an update).
675d048788c90a65cc1c06cdbf93690fDebian Linux Security Advisory 4209-1 - Multiple security issues have been found in Thunderbird, which may lead to the execution of arbitrary code, denial of service or attacks on encrypted emails.
beaf141404bc7f22621c2c7e3ab520cfDebian Linux Security Advisory 4206-1 - Several vulnerabilities have been discovered in Gitlab, a software platform to collaborate on code.
ff5e7917f02ad2645f82b0b92762d8fdDebian Linux Security Advisory 4207-1 - Matthias Gerstner discovered that PackageKit, a DBus abstraction layer for simple software management tasks, contains an authentication bypass flaw allowing users without privileges to install local packages.
818bf44649183241556978bcfc04e17dDebian Linux Security Advisory 4208-1 - The Qualys Research Labs discovered multiple vulnerabilities in procps, a set of command line and full screen utilities for browsing procfs.
f85b2103baa8b53441d31885f22b6509
© 2018 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed