This Microsoft bulletin summary holds information regarding Microsoft security updates for March, 2018.
c5a89841b1aea86c814b57de8611809bUbuntu Security Notice 3595-2 - USN-3595-1 fix a vulnerability in Samba. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that Samba incorrectly validated inputs to the RPC spoolss service. An authenticated attacker could use this issue to cause the service to crash, resulting in a denial of service. Various other issues were also addressed.
f7750225eb7de170e991242187aba7dfAndroid Bluetooth BNEP bnep_data_ind() remote heap disclosure proof of concept vulnerability.
f50c8e71abc6155ddf7f0862fa749a3dAndroid Bluetooth BNEP BNEP_SETUP_CONNECTION_REQUEST_MSG out-of-bounds read proof of concept vulnerability.
f0f7ffa65e40262314d35ff3327714bdMyBB Last User's Threads in Profile plugin version 1.2 suffers from a persistent cross site scripting vulnerability.
cbdae62b2847d20bd49a397da80d5fd011 bytes small Linux/x86 egghunter shellcode.
9b4b51dc63cca9b58c058946a03cf25fWM Recorder version 16.8.1 suffers from a denial of service vulnerability.
c8ad608f9e74ae2d5caa999ade64718bMIMEDefang is a flexible MIME email scanner designed to protect Windows clients from viruses. Includes the ability to do many other kinds of mail processing, such as replacing parts of messages with URLs. It can alter or delete various parts of a MIME message according to a very flexible configuration file. It can also bounce messages with unacceptable attachments. MIMEDefang works with the Sendmail 8.11 and newer "Milter" API, which makes it more flexible and efficient than procmail-based approaches.
d18447ebfe55fb1d826d6a519b9e1674Debian Linux Security Advisory 4149-1 - Charles Duffy discovered that the Commandline class in the utilities for the Plexus framework performs insufficient quoting of double-encoded strings, which could result in the execution of arbitrary shell commands.
a87c86c6e125862540db4cdd0f7ccf12Debian Linux Security Advisory 4148-1 - Alfred Farrugia and Sandro Gauci discovered an off-by-one heap overflow in the Kamailio SIP server which could result in denial of service and potentially the execution of arbitrary code.
460c782249db6cb8960512bd5448cf5aUbuntu Security Notice 3605-1 - It was discovered that Sharutils incorrectly handled certain files. An attacker could possibly use this to execute arbitrary code.
9c52ad756c972d871bfa6d897c9acd0bEasy CD DVD Copy version 1.3.24 suffers from a local buffer overflow vulnerability.
57e8495f394f487cb4a81135cdb9a495Bomgar Remote Support Portal (RSP) suffers from a path traversal vulnerability.
3f40ab22e5c7a7b694af1162f8ab9899The ModSecurity for Nginx "non-release" version suffers from a use-after-free vulnerability.
5ecc1db2379d722379ab019204862c7fThe Kaseya Virtual System Administrator (VSA) agent "AgentMon.exe" suffers from a local privilege escalation vulnerability.
814ffa943c77c27f80eeda9249f12e0cAllok Quicktime to AVI MPEG DVD Converter version 4.6.1217 suffers from a stack-based buffer overflow vulnerability.
24d9f8804241491b78178e44739d1cc8XenForo 2 suffers from a CSS loader denial of service vulnerability.
a7079258f9faa8919a4726a3b7173681Ubuntu Security Notice 3604-1 - Richard Zhu discovered that libvorbis incorrectly handled certain sound files. An attacker could use this to cause libvorbis to crash, resulting in a denial or service, or possibly execute arbitrary code.
46ef89a21173c32ec78bbc1980e0c798Red Hat Security Advisory 2018-0577-01 - Red Hat JBoss BPM Suite is a business rules and processes management system for the management, storage, creation, modification, and deployment of JBoss rules and BPMN2-compliant business processes. This release of Red Hat JBoss BPM Suite 6.4.9 serves as a replacement for Red Hat JBoss BPM Suite 6.4.8, and includes bug fixes and enhancements. Issues addressed include an unsafe deserialization.
251b5209e85d204b0d634f1bf39f568eRed Hat Security Advisory 2018-0574-01 - MariaDB is a multi-user, multi-threaded SQL database server. For all practical purposes, MariaDB is binary-compatible with MySQL. The following packages have been upgraded to a later upstream version: rh-mariadb101-mariadb. Issues addressed include a use-after-free vulnerability.
3723bc4497fc6808bbb06d9a1c14b2b6
© 2018 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed