This archive contains all of the 162 exploits added to Packet Storm in October, 2017.
71e5efdfc6853913e1afe7fcc9881762
Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.
437fb656747dd312044f16e09c35c6aa
MIMEDefang is a flexible MIME email scanner designed to protect Windows clients from viruses. Includes the ability to do many other kinds of mail processing, such as replacing parts of messages with URLs. It can alter or delete various parts of a MIME message according to a very flexible configuration file. It can also bounce messages with unacceptable attachments. MIMEDefang works with the Sendmail 8.11 and newer "Milter" API, which makes it more flexible and efficient than procmail-based approaches.
77b2f2178727dc600a9c1cf075b0ecd8
Ubuntu Security Notice 3470-2 - USN-3470-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 ESM. Qian Zhang discovered a heap-based buffer overflow in the tipc_msg_build function in the Linux kernel. A local attacker could use to cause a denial of service or possibly execute arbitrary code with administrative privileges. Various other issues were also addressed.
7949d63988c2185b2fec1d6ff3ab737d
Red Hat Security Advisory 2017-3107-01 - In accordance with the Red Hat Enterprise Linux Errata Support Policy, Telecommunications Update Service for Red Hat Enterprise Linux 6.5 will be retired as of November 30, 2017, and active support will no longer be provided. Accordingly, Red Hat will no longer provide updated packages, including Critical Impact security patches or Urgent Priority bug fixes, for Red Hat Enterprise Linux 6.5 TUS after November 30, 2017.
3d4ed07b1847da3278e84f956dcf0c3d
Apple Security Advisory 2017-10-31-12 - Additional information for the APPLE-SA-2017-09-25-9 macOS Server 5.4 advisory has been provided that relates to FreeRADIUS and Postfix.
bebf5d34c34331cceff071fe913aeb58
Apple Security Advisory 2017-10-31-11 - tvOS 11 addresses TLS weaknesses, denial of service, and various other vulnerabilities.
1438c51b6f0ce0b62694c02639eed049
Ubuntu Security Notice 3471-1 - Andreas Jaggi discovered that Quagga incorrectly handled certain BGP UPDATE messages. A remote attacker could possibly use this issue to cause Quagga to crash, resulting in a denial of service. Quentin Young discovered that Quagga incorrectly handled memory in the telnet vty CLI. An attacker able to connect to the telnet interface could possibly use this issue to cause Quagga to consume memory, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. Various other issues were also addressed.
1e0338625f876b7459734f6bcabf63b5
Red Hat Security Advisory 2017-3108-01 - In accordance with the Red Hat Enterprise Linux Errata Support Policy, Extended Update Support for Red Hat Enterprise Linux 7.2 will be retired as of November 30, 2017, and active support will no longer be provided. Accordingly, Red Hat will no longer provide updated packages, including Critical Impact security patches or Urgent Priority bug fixes, for Red Hat Enterprise Linux 7.2 EUS after November 30, 2017.
01400ae8d02d674dbea8435322b24e35
Apple Security Advisory 2017-10-31-10 - watchOS 4 addresses TLS weaknesses, denial of service, memory corruption, and various other vulnerabilities.
66ebfb14ec2ddf6786ed96ae4e31f6cf
Apple Security Advisory 2017-10-31-9 - iOS 11 addresses TLS weaknesses, denial of service, arbitrary code execution, and various other vulnerabilities.
60d493af6335566be6f6af354b214a48
Apple Security Advisory 2017-10-31-7 - iCloud for Windows 7.1 is now available and addresses multiple code execution vulnerabilities.
26891f75fd57c0122ac654f4a17c984c
Apple Security Advisory 2017-10-31-6 - iTunes 12.7.1 for Windows is now available and addresses multiple code execution vulnerabilities.
4a902dbb65b5e5fff878166c822f5799
Apple Security Advisory 2017-10-31-4 - watchOS 4.1 is now available and addresses denial of service, arbitrary code execution, and various other vulnerabilities.
125937aae8f68ab47e174ed22699ad00
Apple Security Advisory 2017-10-31-3 - tvOS 11.1 is now available and addresses denial of service, memory corruption, arbitrary code execution, and various other vulnerabilities.
ce951392b96987f3949dfa26f45a4450
Apple Security Advisory 2017-10-31-2 - macOS High Sierra 10.13.1, Security Update 2017-001 Sierra, Security Update 2017-004 El Capitan are now available and address TLS weaknesses, issues in Apache, and many more vulnerabilities.
0a3f85251303c010a3fa74783867a502
Red Hat Security Advisory 2017-3093-01 - Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY principle. Security Fix: A redirect flaw, where the is_safe_url() function did not correctly sanitize numeric-URL user input, was found in python-django. A remote attacker could exploit this flaw to perform XSS attacks against the OpenStack dashboard.
0f97ed415081382f3ea140716572f296
Debian Linux Security Advisory 4012-1 - Several security issues have been corrected in multiple demuxers and decoders of the libav multimedia library.
c20cdce839d3703f541f78b7475ef138
HPE Security Bulletin HPESBHF03785 1 - HPE B-Series SAN Network Advisor Software versions released prior to and including v14.0.2 contain several remotely exploitable directory traversal vulnerabilities. Revision 1 of this advisory.
93f52803b2d8a1e749eb05e24cc3766b
Debian Linux Security Advisory 4009-1 - Niklas Abel discovered that insufficient input sanitising in the the ss-manager component of shadowsocks-libev, a lightweight socks5 proxy, could result in arbitrary shell command execution.
f7d370565938725f8e57e51913e2916c
Slackware Security Advisory - New wget packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix security issues.
bac6e0ae7ad74eb2a7081c8647a3243d
WhatsApp versions 2.17.52 and below suffer from a memory corruption vulnerability that can result in a denial of service.
52cf023f313d359776c21c2b3eebd1fb