Ubuntu Security Notice 3753-1 - It was discovered that the generic SCSI driver in the Linux kernel did not properly enforce permissions on kernel memory access. A local attacker could use this to expose sensitive information or possibly elevate privileges. Wen Xu discovered that a use-after-free vulnerability existed in the ext4 filesystem implementation in the Linux kernel. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
3b5999edf5c35c0584e8865b66aa44b922ddb9316d7b6d183227244d71e1bad5
Ubuntu Security Notice 3752-2 - USN-3752-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 18.04 LTS for Ubuntu 16.04 LTS. It was discovered that, when attempting to handle an out-of-memory situation, a null pointer dereference could be triggered in the Linux kernel in some circumstances. A local attacker could use this to cause a denial of service. Various other issues were also addressed.
f7a708d43dc8fc39287ba0870edf14e6d0ec3a7b3c72bc9ee988c9562a349836
Ubuntu Security Notice 3752-1 - It was discovered that, when attempting to handle an out-of-memory situation, a null pointer dereference could be triggered in the Linux kernel in some circumstances. A local attacker could use this to cause a denial of service. Wen Xu discovered that the XFS filesystem implementation in the Linux kernel did not properly validate meta-data information. An attacker could use this to construct a malicious xfs image that, when mounted, could cause a denial of service. Various other issues were also addressed.
c7a9f122697774982780879f9c8d3a59d9eae1e54b93440f77d25f92ab601153
Ubuntu Security Notice 3751-1 - It was discovered that Spice incorrectly handled certain messages. An attacker could possibly use this issue to cause a denial of service.
198cc71c4f16896dd1fc02e3811575d47304ff0967219c048f2e218875e2e82d
Ubuntu Security Notice 3753-2 - USN-3753-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. It was discovered that the generic SCSI driver in the Linux kernel did not properly enforce permissions on kernel memory access. A local attacker could use this to expose sensitive information or possibly elevate privileges. Various other issues were also addressed.
fe4421f7945a10e6dd7e5bd30b13a6cf37b09ea82bfdd6804ae6286a78061b1c
Textpad version 8.1.2 suffers from a denial of service vulnerability.
21f667891712be7792cd0d0f11f91254c4284334189e9819c6870beac0552b05
SkypeApp version 12.8.487.0 suffers from a denial of service vulnerability.
74a0008f25cf7019c32e06ec014fd9992cd08c5c5a6223d52d89765199e85dcd
I2P is an anonymizing network, offering a simple layer that identity-sensitive applications can use to securely communicate. All data is wrapped with several layers of encryption, and the network is both distributed and dynamic, with no trusted parties. This is the source code release version.
148c0f86f000d833901e7182797f6fb6470c1b600344056c710e326789d0fd54
This is a Linux/portable port of OpenBSD's excellent OpenSSH. OpenSSH is based on the last free version of Tatu Ylonen's SSH with all patent-encumbered algorithms removed, all known security bugs fixed, new features reintroduced, and many other clean-ups.
1a484bb15152c183bb2514e112aa30dd34138c3cfb032eee5490a66c507144ca
Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated auditing, software patch management, vulnerability and malware scanning of Unix based systems.
2e4c5157a4f2d9bb37d3f0f1f5bea03f92233a2a7d4df6eddf231a784087dfac
Foxit PDF Reader version 9.0.1.1049 has a use-after-free vulnerability in the Text Annotations component and the TypedArray's use uninitialized pointers. The vulnerabilities can be combined to leak a vtable memory address, which can be adjusted to point to the base address of the executable. A ROP chain can be constructed that will execute when Foxit Reader performs the UAF.
328a4999829d5eb3b12ffaeb666a27977fb72410e1a96f44c840761020615f82
Adobe Flash suffers from an out-of-bounds read vulnerability during AVC processing.
531f10bd21568c96270daeecaec7bda04a914e92764157798912ea0b8f4e9cd6
Red Hat Security Advisory 2018-2557-01 - PostgreSQL is an advanced object-relational database management system. Issues addressed include defeating of a client-side defense.
4c776c09a641818d1fe6a124d6e97d20bc0a97cd9eb1b0bbb5022fdab70fe82a
Couchbase Server allows for authenticated users to send arbitrary erlang code to diag/eval.
bee84c02eb590cd8afe480b2cb7df7bef5b42effc8121d3c4052343f9ea1a3df
Seagate Personal Cloud model SRN21C running firmware versions 4.3.16.0 and 4.3.18.0 suffer from remote SQL injection vulnerabilities in the media server.
e778b88faf6c13b9ded2dc0b1c5a4d719131745dd2f652b92a0899ab6d72d2b9
StyleWriter 4 version 1.0 suffers from a denial of service vulnerability.
138e4df543b1a34c60196c08e3284ae7504da6b8d6330b1e6ac80ea7706dbc34