This Microsoft bulletin summary holds information regarding Microsoft security updates for March, 2018.
c5a89841b1aea86c814b57de8611809b
Ubuntu Security Notice 3595-2 - USN-3595-1 fix a vulnerability in Samba. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that Samba incorrectly validated inputs to the RPC spoolss service. An authenticated attacker could use this issue to cause the service to crash, resulting in a denial of service. Various other issues were also addressed.
f7750225eb7de170e991242187aba7df
Android Bluetooth BNEP bnep_data_ind() remote heap disclosure proof of concept vulnerability.
f50c8e71abc6155ddf7f0862fa749a3d
Android Bluetooth BNEP BNEP_SETUP_CONNECTION_REQUEST_MSG out-of-bounds read proof of concept vulnerability.
f0f7ffa65e40262314d35ff3327714bd
MyBB Last User's Threads in Profile plugin version 1.2 suffers from a persistent cross site scripting vulnerability.
cbdae62b2847d20bd49a397da80d5fd0
11 bytes small Linux/x86 egghunter shellcode.
9b4b51dc63cca9b58c058946a03cf25f
WM Recorder version 16.8.1 suffers from a denial of service vulnerability.
c8ad608f9e74ae2d5caa999ade64718b
MIMEDefang is a flexible MIME email scanner designed to protect Windows clients from viruses. Includes the ability to do many other kinds of mail processing, such as replacing parts of messages with URLs. It can alter or delete various parts of a MIME message according to a very flexible configuration file. It can also bounce messages with unacceptable attachments. MIMEDefang works with the Sendmail 8.11 and newer "Milter" API, which makes it more flexible and efficient than procmail-based approaches.
d18447ebfe55fb1d826d6a519b9e1674
Debian Linux Security Advisory 4149-1 - Charles Duffy discovered that the Commandline class in the utilities for the Plexus framework performs insufficient quoting of double-encoded strings, which could result in the execution of arbitrary shell commands.
a87c86c6e125862540db4cdd0f7ccf12
Debian Linux Security Advisory 4148-1 - Alfred Farrugia and Sandro Gauci discovered an off-by-one heap overflow in the Kamailio SIP server which could result in denial of service and potentially the execution of arbitrary code.
460c782249db6cb8960512bd5448cf5a
Ubuntu Security Notice 3605-1 - It was discovered that Sharutils incorrectly handled certain files. An attacker could possibly use this to execute arbitrary code.
9c52ad756c972d871bfa6d897c9acd0b
Easy CD DVD Copy version 1.3.24 suffers from a local buffer overflow vulnerability.
57e8495f394f487cb4a81135cdb9a495
Bomgar Remote Support Portal (RSP) suffers from a path traversal vulnerability.
3f40ab22e5c7a7b694af1162f8ab9899
The ModSecurity for Nginx "non-release" version suffers from a use-after-free vulnerability.
5ecc1db2379d722379ab019204862c7f
The Kaseya Virtual System Administrator (VSA) agent "AgentMon.exe" suffers from a local privilege escalation vulnerability.
814ffa943c77c27f80eeda9249f12e0c
Allok Quicktime to AVI MPEG DVD Converter version 4.6.1217 suffers from a stack-based buffer overflow vulnerability.
24d9f8804241491b78178e44739d1cc8
XenForo 2 suffers from a CSS loader denial of service vulnerability.
a7079258f9faa8919a4726a3b7173681
Ubuntu Security Notice 3604-1 - Richard Zhu discovered that libvorbis incorrectly handled certain sound files. An attacker could use this to cause libvorbis to crash, resulting in a denial or service, or possibly execute arbitrary code.
46ef89a21173c32ec78bbc1980e0c798
Red Hat Security Advisory 2018-0577-01 - Red Hat JBoss BPM Suite is a business rules and processes management system for the management, storage, creation, modification, and deployment of JBoss rules and BPMN2-compliant business processes. This release of Red Hat JBoss BPM Suite 6.4.9 serves as a replacement for Red Hat JBoss BPM Suite 6.4.8, and includes bug fixes and enhancements. Issues addressed include an unsafe deserialization.
251b5209e85d204b0d634f1bf39f568e
Red Hat Security Advisory 2018-0574-01 - MariaDB is a multi-user, multi-threaded SQL database server. For all practical purposes, MariaDB is binary-compatible with MySQL. The following packages have been upgraded to a later upstream version: rh-mariadb101-mariadb. Issues addressed include a use-after-free vulnerability.
3723bc4497fc6808bbb06d9a1c14b2b6