Debian Linux Security Advisory 4131-1 - Multiple vulnerabilities have been discovered in the Xen hypervisor.
44126adb9dc6023698619a69927387aec7de75396a47cc07fc3d6bb10c0ff462Debian Linux Security Advisory 4120-2 - The security update announced as DSA-4120-1 caused regressions on the powerpc kernel architecture (random programs segfault, data corruption). Updated packages are now available to correct this issue.
6db687ffb31e334420398bf2d817e2c64ae98a95664300613faacd110fbe98caDebian Linux Security Advisory 4130-1 - Several vulnerabilities have been discovered in the Dovecot email server.
b72645d04abb2796b35b7272e5208019f22ef74f7893524d18a0bb44b81ddbd3OWASP JoomScan is an opensource project for detecting Joomla CMS vulnerabilities. Written in Perl.
6066d5427e46a3fd26abe10435389c66c8c38392bbec9773ac4dbe0b9897a23cDebian Linux Security Advisory 4129-1 - Multiple heap buffer over reads were discovered in freexl, a library to read Microsoft Excel spreadsheets, which could result in denial of service.
d10b94dee22c58777aa8e6dbe1c9af35dbff76972dd407761f9ddafb760ff717Debian Linux Security Advisory 4128-1 - Several vulnerabilities were discovered in Apache Traffic Server, a reverse and forward proxy server. They could lead to the use of an incorrect upstream proxy, or allow a remote attacker to cause a denial-of-service by application crash.
98f5dbcdd3f255927e85e8a1b0b9780b11e40c6e12aaff121d759b542ca0947eUbuntu Security Notice 3588-1 - Daniel Shapira discovered an integer overflow issue in Memcached. A remote attacker could use this to cause a denial of service. It was discovered that Memcached listened to UDP by default. A remote attacker could use this as part of a distributed denial of service attack.
e5074075234b29293847972a0ab54458d79197401d9818e6ef4f2af4c3625ac9Ubuntu Security Notice 3587-1 - It was discovered that Dovecot incorrectly handled parsing certain email addresses. A remote attacker could use this issue to cause Dovecot to crash, resulting in a denial of service, or possibly obtain sensitive information. It was discovered that Dovecot incorrectly handled TLS SNI config lookups. A remote attacker could possibly use this issue to cause Dovecot to crash, resulting in a denial of service. Various other issues were also addressed.
625cfc8b26e130e4d7c58da134e865f2618f6ccdfec01a7149b33f4a9d48d196Ubuntu Security Notice 3575-2 - USN-3575-1 fixed vulnerabilities in QEMU. The fix for CVE-2017-11334 caused a regression in Xen environments. This update removes the problematic fix pending further investigation. It was discovered that QEMU incorrectly handled guest ram. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. David Buchanan discovered that QEMU incorrectly handled the VGA device. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. This issue was only addressed in Ubuntu 17.10. Thomas Garnier discovered that QEMU incorrectly handled multiboot. An attacker could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code on the host. In the default installation, when QEMU is used with libvirt, attackers would be isolated by the libvirt AppArmor profile. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. Various other issues were also addressed.
9552b2912301778a8c60092d6adbf1e844f5f2e13f1985b94b4fe06b63c2559cChrome V8 JIT suffers from a type confusion vulnerability in GetSpecializationContext.
99a6e3514cf19cca4fe6002bb305173115f88838cdba2875ffa1a4de4f173f43Chrome V8 JIT JSBuiltinReducer::ReduceObjectCreate fails to ensure that the prototype is "null".
1dab39822e88deb84dbd34344ce1eae38572e48ff784b7a073deec1bb63b7b1dChrome V8 has an empty BytecodeJumpTable that may lead to an out-of-bounds read.
7acf9bc038faf16f44253fb9a2fe21825a81572b59e8ab231e65443fdd0db941Chrome V8 JIT suffers from a simplified-lowererer IrOpcode::kStoreField, IrOpcode::kStoreElement optimization bug.
ea79bf295a09f5f37553a269c502167a1bf4e5dddb597b29e6fa88cd9179c5f8Softros Network Time System Server version 2.3.4 suffers from a denial of service vulnerability.
7c9dc9be67ccec4b75f3731f09dc82bef2d6203d922a38198acc04027d1abda6CloudMe Sync version 1.9.2 remote buffer overflow exploit. Tested on Win7 32b SP1.
b88d054a7610fd70f618975d2a0ff376869824def2b4846b8ee33666bc44e702
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Subscribe to an RSS Feed