Slackware Security Advisory - New kernel packages are available for Slackware 14.0 to fix security issues.
c28dd79c747d59ab4d92a0036b9acc8cf1fdee8759a0c01bd3bbd4940709cf92
Ubuntu Security Notice 3347-1 - Daniel J. Bernstein, Joachim Breitner, Daniel Genkin, Leon Groot Bruinderink, Nadia Heninger, Tanja Lange, Christine van Vredendaal, and Yuval Yarom discovered that Libgcrypt was susceptible to an attack via side channels. A local attacker could use this attack to recover RSA private keys. It was discovered that Libgcrypt was susceptible to an attack via side channels. A local attacker could use this attack to possibly recover EdDSA private keys. This issue only applied to Ubuntu 16.04 LTS, Ubuntu 16.10 and Ubuntu 17.04. Various other issues were also addressed.
99f000f63d5c3d36e35cb45731868ca37158b8a5396e4620eddbafd6657a3cab
Debian Linux Security Advisory 3901-1 - Daniel J. Bernstein, Joachim Breitner, Daniel Genkin, Leon Groot Bruinderink, Nadia Heninger, Tanja Lange, Christine van Vredendaal and Yuval Yarom discovered that Libgcrypt is prone to a local side-channel attack allowing full key recovery for RSA-1024.
f38cd2eb51e615eda4d90e6e35da580f9b63bef09132936eeb26203cba4eb89c
Slackware Security Advisory - New glibc packages are available for Slackware 14.2 and -current to fix security issues.
4600d19cc2f6edaef352944a686fb29304fca38dcf1ca6a8cab7a64d4766861e
Slackware Security Advisory - New kernel packages are available for Slackware 14.2 and -current to fix security issues.
499fe5b0cbe140cf779a2aa5d65de7b108c859c01c3d77851d6d6c83b68a11ad
OpenDreamBox version 2.0.0 suffers from a remote code execution vulnerability in the WebAdmin plugin.
a7e9564712d0eaf3992e83b36d2e6e9fb6f18795408f6fc7c2076dcd2aaa5cda
Xenforo Forum CMS version 1.5.13 suffers from a persistent cross site scripting vulnerability.
04a95493c65f2b52a034c87996556426ca17319df8588bae58b311116569aafc
It was found that the loader application bundled with InsomniaX can be used to load arbitrary Kernel Extensions (kext). The loader is normally used to load a kext file that is needed to disable the Lid Sleep. A flaw has been found in the loader that allows a local attacker to load (or unload) any arbitrary kext file. Version 2.1.8 is affected.
f28199946230e4daa1642242d33d9ca9f4e85aea826651a5cc95372e3d523473
Webmin version 1.840 suffers from a cross site scripting vulnerability.
79946720292e47f07df049f75813db652a8eb34758c01e099c3680a62e2fb2d5
Humax Digital HG100R version 2.0.6 suffers from backup disclosure, root credential disclosure, and cross site scripting vulnerabilities.
543eeec7a580cb4d86f8b57ebd89379d7ab1f3b249dc01f996ca87ed806b0236
Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.
16c005ce3df2ee7c39d8a94d2db38ff0b9ebdac416f01e3a607c992e285bdc37
Australian Education App suffers from a remote code execution vulnerability.
d61e21d898f71cc2999e353a767adf36d501a71a3c71ab23c12d4affb7b85869
BestSafe Browser FREE NoAds version 3 suffers from a remote code execution vulnerability.
cd16ba0fde1ce0a7ac72b2b5c38d8dbeec6520963e8c9398df537f90d98be849
BOA Web Server version 0.94.14rc21 an arbitrary file access vulnerability.
25bde8b29af6c46ab126ca90b1375e03f055e9d9f90b205e61bed7588d0b5c4d
Whitepaper called SYN Flood Attack for IP Cisco Phone. Written in French.
9d090aec17573df5115317729a90d24135b5138fb83e24c75fcf0568d1d4d36e