Ubuntu Security Notice 3270-1 - Karthik Bhargavan and Gaetan Leurent discovered that the DES and Triple DES ciphers were vulnerable to birthday attacks. A remote attacker could possibly use this flaw to obtain clear text data from long encrypted sessions. This update causes NSS to limit use of the same symmetric key. It was discovered that NSS incorrectly handled Base64 decoding. A remote attacker could use this flaw to cause NSS to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.
44be071f187a0942450fff54f9c82abbf62b4771273b8f124a15a42e6b7d3d03Ubuntu Security Notice 3272-1 - It was discovered that Ghostscript improperly handled parameters to the rsdparams and eqproc commands. An attacker could use these to craft a malicious document that could disable -dSAFER protections, thereby allowing the execution of arbitrary code, or cause a denial of service. Kamil Frankowicz discovered a use-after-free vulnerability in the color management module of Ghostscript. An attacker could use this to cause a denial of service. Various other issues were also addressed.
4015e0f3946b15d5f86b1f9f2e921a3c57df6d8cc654f08da49a0578dcfed0a9Ubuntu Security Notice 3271-1 - Holger Fuhrmannek discovered an integer overflow in the xsltAddTextString function in Libxslt. An attacker could use this to craft a malicious document that, when opened, could cause a denial of service or possible execute arbitrary code. Nicolas Gregoire discovered that Libxslt mishandled namespace nodes. An attacker could use this to craft a malicious document that, when opened, could cause a denial of service or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS, Ubuntu 14.04 LTS, and Ubuntu 12.04 LTS. Various other issues were also addressed.
5b9baa4caca5baf512247834862d3d2f28d5caca515396d8ef5d295c535b59b1Debian Linux Security Advisory 3836-1 - It was discovered that weechat, a fast and light chat client, is prone to a buffer overflow vulnerability in the IRC plugin, allowing a remote attacker to cause a denial-of-service by sending a specially crafted filename via DCC.
7f2901b36e641f312f34c381cfe95943ab367a5b73419cc336b2972cfdea9cf2Live Helper Chat versions 2.06v through 2.58v suffer from a cross site scripting vulnerability.
8c2cd541af72808587c847fb2ea925e85c34d97b7a65f6b07c7762f3b0e35605Alerton Webtalk versions 2.5 and 3.3 suffer from cross site request forgery, password hash disclosure, command injection, and login flow vulnerabilities.
be96769dc81301b02252f6d8006cd1b6c3c22bae6c57e3450ff6953e9cded4f6Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).
a3e512e93cb555601fd207d914d7c5fe981d66d6ebb5821ecdf5dea738c2fb14There is a memory corruption vulnerability in Microsoft Internet Explorer. The vulnerability was confirmed on version 11.576.14393.0 (update version 11.0.38) running on Windows 10 64-bit with page heap enabled for iexplore.exe process.
149166f2d66d26f641ea07d704e2cf7bd66635da58a4980d0fd218ed33ccadddUbuntu Security Notice 3269-1 - Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.5.55 in Ubuntu 14.04 LTS. Ubuntu 16.04 LTS, Ubuntu 16.10 and Ubuntu 17.04 have been updated to MySQL 5.7.18. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Various other issues were also addressed.
faa4cb06a63e88b6cc80f14511115fca41abcfc7e1856617f6415bde543ea9cfFreeBSD Security Advisory - ipfilter(4), capable of stateful packet inspection, using the "keep state" or "keep frags" rule options, will not only maintain the state of connections, such as TCP streams or UDP communication, it also maintains the state of fragmented packets. When a packet fragments are received they are cached in a hash table (and linked list). When a fragment is received it is compared with fragments already cached in the hash table for a match. If it does not match the new entry is used to create a new entry in the hash table. If on the other hand it does match, unfortunately the wrong entry is freed, the entry in the hash table. This results in use after free panic (and for a brief moment prior to the panic a memory leak due to the wrong entry being freed). Carefully feeding fragments that are allowed to pass by an ipfilter(4) firewall can be used to cause a panic followed by reboot loop denial of service attack.
b89fc05b57fe99553d6a74a79295d9f06af2e8419b5f1dde9462382576ce7f24Gentoo Linux Security Advisory 201704-4 - Multiple vulnerabilities have been found in Adobe Flash Player, the worst of which allows remote attackers to execute arbitrary code. Versions less than 25.0.0.148 are affected.
490c2c681bc25ea71d983c03704a7c944125bc080deea683949220ed88b28a4aSimple File Uploader suffers from an arbitrary file download vulnerability.
997c4b9ae11b593d913fe5d1e54ba62c788bb4e17866a7ef3743863d6799d051Easy File Uploader suffers from a remote shell upload vulnerability.
3352f635424a1c854fdc560ad724e93227e49110bd4e645b6b76df1decf178e9The TYPO3 News module suffers from a remote SQL injection vulnerability.
bb71657eaa7e4ca543ead5df7415208b7f27687d4255a45a2c042482a48a7805
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed