Red Hat Security Advisory 2018-0336-01 - Red Hat Satellite is a systems management tool for Linux-based infrastructure. It allows for provisioning, remote management, and monitoring of multiple Linux deployments with a single centralized tool. This update provides Satellite 6.3 packages for Red Hat Enterprise Linux 7 Satellite server. For the full list of new features provided by Satellite 6.3, see the Release Notes linked to in the references section. See the Satellite 6 Installation Guide for detailed instructions on how to install a new Satellite 6.3 environment, or the Satellite 6 Upgrading and Updating guide for detailed instructions on how to upgrade from prior versions of Satellite 6.
f33fdbb9f17a9910f6bb8747cd69b73e5a65222f0d44324a839bac58722b9798Ubuntu Security Notice 3577-1 - Jann Horn discovered that CUPS permitted HTTP requests with the Host header set to "localhost.localdomain" from the loopback interface. If a user were tricked in to opening a specially crafted website in their web browser, an attacker could potentially exploit this to obtain sensitive information or control printers, via a DNS rebinding attack.
df2c2a365476e5ab3300528c58be0fd9fc0ebd53e18d182bb67578d8076a5932Red Hat Security Advisory 2018-0334-01 - Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 64.0.3282.167. Security Fix: chromium-browser: incorrect derived class instantiation in v8.
5055cae290c2dd58f5f325a276f0e772eb32720d091ad7ef5ce1b5d737448872Ubuntu Security Notice 3576-1 - Vivian Zhang and Christoph Anton Mitterer discovered that libvirt incorrectly disabled password authentication when the VNC password was set to an empty string. A remote attacker could possibly use this issue to bypass authentication, contrary to expectations. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. Daniel P. Berrange discovered that libvirt incorrectly handled validating SSL/TLS certificates. A remote attacker could possibly use this issue to obtain sensitive information. This issue only affected Ubuntu 17.10. Various other issues were also addressed.
90c6d4cdd362e55904c6d76f4118ef039e8e85b0aab04a6669ee178da97eb658Windows suffers from NPFS Symlink security feature bypass and privilege escalation vulnerabilities.
241a41e7b4c34606c5b8c38997e3a9919b21068375867365bd1daf381cc4f5dcUbuntu Security Notice 3575-1 - It was discovered that QEMU incorrectly handled guest ram. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. David Buchanan discovered that QEMU incorrectly handled the VGA device. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. This issue was only addressed in Ubuntu 17.10. Various other issues were also addressed.
9216cd38d1a355f9c315588c2a43b7eb0867dc1c8b82f16c2edab968fb6683e4Windows suffer from Global Reparse Point security feature bypass and privilege escalation vulnerabilities.
817479ced9c55750d45cb5a0bd0abe3a085b6eb1f5c6e5bafd694e7961cbeb11The Windows kernel suffers from a nt!RtlpCopyLegacyContextX86 stack memory disclosure vulnerability.
199235f1e50c783934bc089610c17d71c6e7359a26462fdd0048024c134ddbaeStorSvc SvcMoveFileInheritSecurity suffers from an arbitrary file creation vulnerability that allows for privilege escalation.
da3cf612ba7cedad78f1b652e836abe760eadee6b6d179778393eb87b95624a5This Metasploit module attempts to gain root privileges on systems running MagniComp SysInfo versions prior to 10-H64. The .mcsiwrapper suid executable allows loading a config file using the '--configfile' argument. The 'ExecPath' config directive is used to set the executable load path. This Metasploit module abuses this functionality to set the load path resulting in execution of arbitrary code as root. This Metasploit module has been tested successfully with SysInfo version 10-H63 on Fedora 20 x86_64, 10-H32 on Fedora 27 x86_64, 10-H10 on Debian 8 x86_64, and 10-GA on Solaris 10u11 x86.
809ebb68ed1aab5bb488f6d63c6c587cf594c965eb2d13367633fdff06cc093eRadiant CMS version 1.1.4 suffers from a persistent cross site scripting vulnerability.
94d9e7767b64e9f32c9c0292fe312b8b61b280f6a8bb0532ebeb9be8be39ef01Gentoo Linux Security Advisory 201802-6 - A vulnerability in LibreOffice might allow remote attackers to read arbitrary files. Versions less than 5.4.5.1 are affected.
e52783ecbf3d0aed53e821478a194b9d1227605de0ca88ff8d978517facdc9c9Gentoo Linux Security Advisory 201802-5 - A vulnerability has been found in Ruby which may allow for arbitrary command execution. Versions less than 2.2.9:2.2 are affected.
cef946c6cb0cfc9ef3f929b43b4dedbca821675979bd69edd5fb661f0d0a954aGentoo Linux Security Advisory 201802-4 - Multiple vulnerabilities were found in MySQL, the worst of which may allow remote execution of arbitrary code. Versions less than 5.6.39 are affected.
682e0b61aa43e86f7d5c80a68000e54a4ce775a285fbe79431d38e00abfa3ec1Gentoo Linux Security Advisory 201802-3 - Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which may allow execution of arbitrary code. Versions less than 52.6.0 are affected.
9c755436dabdfb3e7a966a0901e80d5c8a7a16dfd36c2bb6664051a1013932d3Mozilla's executable installers are vulnerable to dll hijacking.
667fb44cb2aa120fbd61c8117b32b9ec85ae2bc46b83d6b9d112e9bfb4199dc9
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Subscribe to an RSS Feed