Red Hat Security Advisory 2017-0868-01 - Red Hat JBoss Fuse, based on Apache ServiceMix, provides a small-footprint, flexible, open source enterprise service bus and integration platform. Red Hat JBoss A-MQ, based on Apache ActiveMQ, is a standards compliant messaging system that is tailored for use in mission critical applications. This patch is an update to Red Hat JBoss Fuse 6.3 and Red Hat JBoss A-MQ 6.3. It includes bug fixes and enhancements, which are documented in the readme.txt file included with the patch files. Multiple security issues have been addressed.
9d5682a768f54b6bab2b4f6020bf5895Ubuntu Security Notice 3253-1 - It was discovered that Nagios incorrectly handled certain long strings. A remote authenticated attacker could use this issue to cause Nagios to crash, resulting in a denial of service, or possibly obtain sensitive information. It was discovered that Nagios incorrectly handled certain long messages to cmd.cgi. A remote attacker could possibly use this issue to cause Nagios to crash, resulting in a denial of service. Various other issues were also addressed.
84b8bad522cea2d054117e97ba900205Gentoo Linux Security Advisory 201804-2 - Multiple vulnerabilities have been found in glibc, the worst of which could allow remote attackers to execute arbitrary code. Versions less than 2.25-r11 are affected.
481acc65ed3ebadae7cda90c8160770fUbuntu Security Notice 3617-2 - USN-3617-1 fixed vulnerabilities in the Linux kernel for Ubuntu 17.10. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 17.10 for Ubuntu 16.04 LTS. It was discovered that a race condition leading to a use-after-free vulnerability existed in the ALSA PCM subsystem of the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
d11ca9c13a563e7aef6bedeface4c395Gentoo Linux Security Advisory 201804-1 - Multiple vulnerabilities were discovered in libxslt, the worst of which may allow a remote attacker to execute arbitrary code. Versions less than 1.1.30 are affected.
59633ccc3eaa742dec431826d09d86e5Ubuntu Security Notice 3617-1 - It was discovered that a race condition leading to a use-after-free vulnerability existed in the ALSA PCM subsystem of the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the KVM implementation in the Linux kernel allowed passthrough of the diagnostic I/O port 0x80. An attacker in a guest VM could use this to cause a denial of service in the host OS. Various other issues were also addressed.
e0042230cc72c580afbd9830c13009ebMongoose OS versions 1.2 and below suffers from use-after-free and denial of service vulnerabilities.
dbb7821c7270b918b6fa4489bcc6f330Kony Enterprise Mobile Management version 4.2.0 suffers from a private key disclosure vulnerability.
0979b4ece6aefdbb3ecad6e94c60cb73Red Hat Security Advisory 2017-0863-01 - In accordance with the Red Hat Enterprise Linux Errata Support Policy, Extended Life Cycle Support for Red Hat Enterprise Linux 4 was retired on March 31, 2017, and active support is no longer provided. Accordingly, Red Hat will no longer provide updated packages, including Critical Impact security patches or Urgent Priority bug fixes, for Red Hat Enterprise Linux 4 ELS after March 31, 2017.
96fd62a7aed6c6a93c683e8396635100Red Hat Security Advisory 2017-0862-01 - In accordance with the Red Hat Enterprise Linux Errata Support Policy, support for Red Hat Enterprise Linux 5 was retired on March 31, 2017, at the end of Production Phase 3 and active support is no longer provided. As the product will now be in the Extended Life Phase, customers will continue to have access to all previously released content, and limited technical support will be available through Red Hat's Customer Experience and Engagement as described in the Knowledge Base article available at https://access.redhat.com/articles/64664. However, we recognize that some customers will wish to remain on Red Hat Enterprise Linux 5 even after the March 31, 2017 retirement date. To meet this customer requirement, Red Hat will offer customers the option to purchase the Extended Life Cycle Support Add-On as an annually renewable subscription. This ELS Add-On provides customers with up to an additional three and a half years of Critical Impact security fixes and selected Urgent Priority bug fixes for Red Hat Enterprise Linux 5.11. Red Hat Enterprise Linux 5 ELS coverage will conclude on November 30, 2020.
55fb277766f1c243772bfd07eb7ae6f0Red Hat Security Advisory 2017-0861-01 - In accordance with the Red Hat Enterprise Linux Errata Support Policy, Advanced Mission Critical for Red Hat Enterprise Linux 5.6 was retired on March 31, 2017, and active support is no longer provided. Accordingly, Red Hat will no longer provide updated packages, including Critical Impact security patches or Urgent Priority bug fixes, for Red Hat Enterprise Linux 5.6 AMC after March 31, 2017.
35282e2dbf7a3eb58fb966117322c162Red Hat Security Advisory 2017-0864-01 - In accordance with the Red Hat Enterprise Linux Errata Support Policy, Extended Update Support for Red Hat Enterprise Linux 7.1 was retired on March 31, 2017, and active support is no longer provided. Accordingly, Red Hat will no longer provide updated packages, including Critical Impact security patches or Urgent Priority bug fixes, for Red Hat Enterprise Linux 7.1 EUS after March 31, 2017.
66bbb35e78e3c48cf6ecb4e6221b6ea5OpenManage Server Administrator version 8.4 suffers from a directory traversal vulnerability.
011a0fd4b9583379978aa92d49c83500PHP version 7.1.2 suffers from an incorrect behavior with fsockopen.
13ada8d30286301511583f7ca95b33ceApple Security Advisory 2017-04-03-1 - iOS 10.3.1 is now available and addresses a wifi vulnerability.
d02ac418fea92c51f16e1bf3a1de203dGeoMoose versions 2.9.2 and below suffer from a directory traversal vulnerability.
f2cb14903dfe2ded38a20a99c9ecc2bcChimein.mozilla.org suffers from multiple cross site scripting vulnerabilities.
7ba9f4a4d61281bba898e7e5feaf31b6This Metasploit module abuses the sudo access granted to tomcat and the mvtroubleshooting.sh script to escalate privileges. In order to work, a tomcat session with access to sudo on the sudoers is needed. This Metasploit module is useful for post exploitation of BlueCoat vulnerabilities, where typically web server privileges are acquired, and this user is allowed to execute sudo on the sudoers file.
8b0d7ea1c77d4b6aaa60058e2549fceb360-FAAR Firewall Analysis Audit and Repair is an offline command line perl policy manipulation tool to filter, compare to logs, merge, translate and output firewall commands for new policies, in checkpoint dbedit or screenos commands.
ccc8ee4c1cae5c44a1d4530da9387ca9
© 2018 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed