This Microsoft bulletin summary holds information regarding Microsoft security updates for March, 2018.
bd8143cef695664844888e79093fb17425c862aba77d1287c5c7a4b62750ec8cUbuntu Security Notice 3595-2 - USN-3595-1 fix a vulnerability in Samba. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that Samba incorrectly validated inputs to the RPC spoolss service. An authenticated attacker could use this issue to cause the service to crash, resulting in a denial of service. Various other issues were also addressed.
68e2d5cf546d54e59c3c1ea3e42fca8fff8876f1a591c7739fa0f99e08f701ccAndroid Bluetooth BNEP bnep_data_ind() remote heap disclosure proof of concept vulnerability.
bca48d1c32a6cf579a5ece90b87234274c98bed6401f1470ca5a6cdcba4d5b50Android Bluetooth BNEP BNEP_SETUP_CONNECTION_REQUEST_MSG out-of-bounds read proof of concept vulnerability.
99eb32567c7340a388cd09922afb5a94b3797a234d4baf2ff8977aa03764df08MyBB Last User's Threads in Profile plugin version 1.2 suffers from a persistent cross site scripting vulnerability.
e74748654b844156e0a5f78dc1cf3868c196a695841758e3e0dc5285d752d2f011 bytes small Linux/x86 egghunter shellcode.
7f349789d9f07a6fc8d0a749471ad2add38bcf72e27d6603d846f706b5f7d4a9WM Recorder version 16.8.1 suffers from a denial of service vulnerability.
cbd3e22e186e4ce1db80286f150facddd6c551b0838217182dd78ad3126cbf1cMIMEDefang is a flexible MIME email scanner designed to protect Windows clients from viruses. Includes the ability to do many other kinds of mail processing, such as replacing parts of messages with URLs. It can alter or delete various parts of a MIME message according to a very flexible configuration file. It can also bounce messages with unacceptable attachments. MIMEDefang works with the Sendmail 8.11 and newer "Milter" API, which makes it more flexible and efficient than procmail-based approaches.
6d1531c70a901fcddf9cb989d488beaf78ac0cc16d11beb981b99200146c4848Debian Linux Security Advisory 4149-1 - Charles Duffy discovered that the Commandline class in the utilities for the Plexus framework performs insufficient quoting of double-encoded strings, which could result in the execution of arbitrary shell commands.
1c7389b0224ab4e18e59ca810fffad595ec7e444382dcfd5c7ca050d6ff9fe23Debian Linux Security Advisory 4148-1 - Alfred Farrugia and Sandro Gauci discovered an off-by-one heap overflow in the Kamailio SIP server which could result in denial of service and potentially the execution of arbitrary code.
e87cddf537333c67b35c77df0b4654923385c58cacf82f01c14db41e505b9e61Ubuntu Security Notice 3605-1 - It was discovered that Sharutils incorrectly handled certain files. An attacker could possibly use this to execute arbitrary code.
46da1fd9325cd2d43ed8dceeb1c58db4e6634c06ca6432748e4845c0ecab9a7cEasy CD DVD Copy version 1.3.24 suffers from a local buffer overflow vulnerability.
af4cd9dc175f4d6e44a034f2c38317b533f3f93eb325533d511ebc5936edc685Bomgar Remote Support Portal (RSP) suffers from a path traversal vulnerability.
198c0a663e903151778dba0bb70bdc8962d81bbecba75ce4118877f409e1811dThe ModSecurity for Nginx "non-release" version suffers from a use-after-free vulnerability.
d9207b29252240c7674a132fbfa13cc88942175716e3707ba61e89b39606af89The Kaseya Virtual System Administrator (VSA) agent "AgentMon.exe" suffers from a local privilege escalation vulnerability.
ae389b3de0f2ff85eb73501729ef4cc6e3a1d36853d5c2a3572be96e3b97a4e0Allok Quicktime to AVI MPEG DVD Converter version 4.6.1217 suffers from a stack-based buffer overflow vulnerability.
6d738f758b76780e760be1a5fe53c647f19ffdb922705b0359e252d722d281c8XenForo 2 suffers from a CSS loader denial of service vulnerability.
f08a899f612b499b3a9aa1796d8fbaa32aad423a4aeac9610cc59c1f5b5c6e17Ubuntu Security Notice 3604-1 - Richard Zhu discovered that libvorbis incorrectly handled certain sound files. An attacker could use this to cause libvorbis to crash, resulting in a denial or service, or possibly execute arbitrary code.
0f9ff2cdeecb8cc4d2a898709c8507ddce8da29f88a7fa316e533695fbe0ec36Red Hat Security Advisory 2018-0577-01 - Red Hat JBoss BPM Suite is a business rules and processes management system for the management, storage, creation, modification, and deployment of JBoss rules and BPMN2-compliant business processes. This release of Red Hat JBoss BPM Suite 6.4.9 serves as a replacement for Red Hat JBoss BPM Suite 6.4.8, and includes bug fixes and enhancements. Issues addressed include an unsafe deserialization.
3cb20342e0b9efd7127480a6a4332fc2b3ca035d5ff90a465ff02df3041ccdcfRed Hat Security Advisory 2018-0574-01 - MariaDB is a multi-user, multi-threaded SQL database server. For all practical purposes, MariaDB is binary-compatible with MySQL. The following packages have been upgraded to a later upstream version: rh-mariadb101-mariadb. Issues addressed include a use-after-free vulnerability.
4811f7e8cd18589d5a9575a92358807bab59dcc849440d463cfcb0318d3f1686
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Subscribe to an RSS Feed