Red Hat Security Advisory 2018-0336-01 - Red Hat Satellite is a systems management tool for Linux-based infrastructure. It allows for provisioning, remote management, and monitoring of multiple Linux deployments with a single centralized tool. This update provides Satellite 6.3 packages for Red Hat Enterprise Linux 7 Satellite server. For the full list of new features provided by Satellite 6.3, see the Release Notes linked to in the references section. See the Satellite 6 Installation Guide for detailed instructions on how to install a new Satellite 6.3 environment, or the Satellite 6 Upgrading and Updating guide for detailed instructions on how to upgrade from prior versions of Satellite 6.
321ab6f0a0184312cc9770bd037c6df7Ubuntu Security Notice 3577-1 - Jann Horn discovered that CUPS permitted HTTP requests with the Host header set to "localhost.localdomain" from the loopback interface. If a user were tricked in to opening a specially crafted website in their web browser, an attacker could potentially exploit this to obtain sensitive information or control printers, via a DNS rebinding attack.
73e8a98550dd664c32df48cec1e47b6cRed Hat Security Advisory 2018-0334-01 - Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 64.0.3282.167. Security Fix: chromium-browser: incorrect derived class instantiation in v8.
1bf3920760fb2e14938aac7906098075Ubuntu Security Notice 3576-1 - Vivian Zhang and Christoph Anton Mitterer discovered that libvirt incorrectly disabled password authentication when the VNC password was set to an empty string. A remote attacker could possibly use this issue to bypass authentication, contrary to expectations. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. Daniel P. Berrange discovered that libvirt incorrectly handled validating SSL/TLS certificates. A remote attacker could possibly use this issue to obtain sensitive information. This issue only affected Ubuntu 17.10. Various other issues were also addressed.
931859bd5d694e9c9b0cfb0c3d3fb153Windows suffers from NPFS Symlink security feature bypass and privilege escalation vulnerabilities.
351a799b32a8be9550b61628f66dea60Ubuntu Security Notice 3575-1 - It was discovered that QEMU incorrectly handled guest ram. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. David Buchanan discovered that QEMU incorrectly handled the VGA device. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. This issue was only addressed in Ubuntu 17.10. Various other issues were also addressed.
bd2712c7c70f27164ec4d237cb2e9d33Windows suffer from Global Reparse Point security feature bypass and privilege escalation vulnerabilities.
84a050a0c09ac8b610c64807057eb756The Windows kernel suffers from a nt!RtlpCopyLegacyContextX86 stack memory disclosure vulnerability.
377dfc9711b87f3d2d74deede52a59efStorSvc SvcMoveFileInheritSecurity suffers from an arbitrary file creation vulnerability that allows for privilege escalation.
975bfeb1e370d50ca7f709523268f0beThis Metasploit module attempts to gain root privileges on systems running MagniComp SysInfo versions prior to 10-H64. The .mcsiwrapper suid executable allows loading a config file using the '--configfile' argument. The 'ExecPath' config directive is used to set the executable load path. This Metasploit module abuses this functionality to set the load path resulting in execution of arbitrary code as root. This Metasploit module has been tested successfully with SysInfo version 10-H63 on Fedora 20 x86_64, 10-H32 on Fedora 27 x86_64, 10-H10 on Debian 8 x86_64, and 10-GA on Solaris 10u11 x86.
8b66a6c82ba59a4ce479a1d17b9e36b6Radiant CMS version 1.1.4 suffers from a persistent cross site scripting vulnerability.
6dc58a00103bd51e9c6c7282cfb3fd76Gentoo Linux Security Advisory 201802-6 - A vulnerability in LibreOffice might allow remote attackers to read arbitrary files. Versions less than 5.4.5.1 are affected.
1e3e65ab877e7b8d76068f51e4d19eb3Gentoo Linux Security Advisory 201802-5 - A vulnerability has been found in Ruby which may allow for arbitrary command execution. Versions less than 2.2.9:2.2 are affected.
013a559d47b485c86bbb96a6c30d869bGentoo Linux Security Advisory 201802-4 - Multiple vulnerabilities were found in MySQL, the worst of which may allow remote execution of arbitrary code. Versions less than 5.6.39 are affected.
903f54350b730d80d84df608a73211baGentoo Linux Security Advisory 201802-3 - Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which may allow execution of arbitrary code. Versions less than 52.6.0 are affected.
342c99b34da6a302b3f5a3b2469de9eaMozilla's executable installers are vulnerable to dll hijacking.
8915a3fa0d07a20bdf3b322c2c1e4179
© 2018 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed