Slackware Security Advisory - New patch packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix a security issue.
d82d0bb32c2cf43806488c987a1059fb
The Dell EMC Avamar Installation Manager component, within Dell EMC Avamar Server and Integrated Data Protection Appliance, is affected by a missing access control vulnerability. Dell EMC Avamar Server versions 7.3.1, 7.4.1, 7.50 and Dell EMC Integrated Data Protection Appliance versions 2.0 and 2.1 are affected.
085fd424dd71f30286023e81af3df696
Ubuntu Security Notice 3596-2 - USN-3596-1 fixed vulnerabilities in Firefox. The update caused an issue where it was not possible to customize the toolbars when running Firefox in Unity. This update fixes the problem. Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash or opening new tabs, escape the sandbox, bypass same-origin restrictions, obtain sensitive information, confuse the user with misleading permission requests, or execute arbitrary code. It was discovered that the fetch API could incorrectly return cached copies of no-store/no-cache resources in some circumstances. A local attacker could potentially exploit this to obtain sensitive information in environments where multiple users share a common profile. Various other issues were also addressed.
49ca5b9a2e96eafbbfd9de997c943394
Red Hat Security Advisory 2018-0647-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 52.7.0. Issues addressed include a buffer overflow vulnerability.
bdb3968215778e7a0a67038c95f8e336
The Video Downloader Chrome extension suffers from a universal cross site scripting vulnerability.
7773a2a48a1659869a5f513b21355dfb
Ubuntu Security Notice 3619-2 - USN-3619-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. Jann Horn discovered that the Berkeley Packet Filter implementation in the Linux kernel improperly performed sign extension in some situations. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
bc8d51fb1a6f01647ffe1a71b00640a3
Debian Linux Security Advisory 4167-1 - A buffer-overflow vulnerability was discovered in Sharutils, a set of utilities handle Shell Archives. An attacker with control on the input of the unshar command, could crash the application or execute arbitrary code in the its context.
f45edf0e1ca9bff52faa495942d41a56
Cobub Razor version 0.7.2 suffers from a cross site request forgery vulnerability.
b8e2eb4df5cce7fb90eec9d6b2f756fd
Cockpit CMS version 0.13.0 suffers from a server-side request forgery vulnerability.
a8f5621bbb2134b06037d093d935393e
LineageOS version 14.1 Blueborne suffers from a remote code execution vulnerability.
90410d5586fb58a108784ae1818b9a2b
When a WebAssembly binary is parsed in ModuleParser::parse, it is expected to contain certain sections in a certain order, but can also contain custom sections that can appear anywhere in the binary. The ordering check validateOrder() does not adequately check that sections are in the correct order when a binary contains custom sections.
d9c23ee48266ac97c0d46ca18c95d336
Onethink CMS versions released up to date 2018/04/06 suffer from a server-side request forgery vulnerability.
37fbf6905231e41dc7ab8bbf92cf136c