Ubuntu Security Notice 3935-1 - Tyler Hicks discovered that BusyBox incorrectly handled symlinks inside tar archives. If a user or automated system were tricked into processing a specially crafted tar archive, a remote attacker could overwrite arbitrary files outside of the current directory. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. Mathias Krause discovered that BusyBox incorrectly handled kernel module loading restrictions. A local attacker could possibly use this issue to bypass intended restrictions. This issue only affected Ubuntu 14.04 LTS. Various other issues were also addressed.
d04293581994ba012e305b667f533a43f91c013c6da677eff4fa9c29ace725ffUbuntu Security Notice 3934-1 - It was discovered that PolicyKit incorrectly relied on the fork system call in the Linux kernel being atomic. A local attacker could possibly use this issue to gain access to services that have cached authorizations.
c8d204f7fe9cea49ee5d807afdb6f7cdfa086127bccf23406e8c8a76fc5ec584Debian Linux Security Advisory 4422-1 - Several vulnerabilities have been found in the Apache HTTP server.
961d97f7066c2153712981e824caca1ecdd1c8ed3bcf22d5649c1e105a41be19Slackware Security Advisory - New wget packages are available for Slackware 14.2 and -current to fix security issues.
6f7c9bf6930258c4b9cd925dfbbad55769b68eb9834ab3de64199aaf3f349568This Metasploit module exploits a command injection vulnerability in TeemIp versions prior to 2.4.0. The "new_config" parameter of "exec.php" allows you to create a new PHP file with the exception of config information. The malicious PHP code sent is executed instantaneously and is not saved on the server. The vulnerability can be exploited by an authorized user (Administrator). Module allows remote command execution by sending php payload with parameter 'new_config'.
6b23f44b58a78b7d7096bae0b41143c292c72490f68b7275ef4ce25d71e55466Ubuntu Security Notice 3933-2 - USN-3933-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 ESM. It was discovered that an information leak vulnerability existed in the Bluetooth implementation of the Linux kernel. An attacker within Bluetooth range could possibly expose sensitive information. Various other issues were also addressed.
293ab65e73bf98d20f314b55630ebb7d784a521cd0ca32fe2129f80d23b2e3acUbuntu Security Notice 3933-1 - It was discovered that an information leak vulnerability existed in the Bluetooth implementation of the Linux kernel. An attacker within Bluetooth range could possibly expose sensitive information. It was discovered that the USB serial device driver in the Linux kernel did not properly validate baud rate settings when debugging is enabled. A local attacker could use this to cause a denial of service. Various other issues were also addressed.
dacdaa1df1a65a7d64811fadba0688d21342dc6a545f4369b2f3a0d1e7628320Clinic Pro version 4 suffers from a remote SQL injection vulnerability.
5bea9587cd72fb3a99087201ad844fd9929953293c46ae99bdac59e3436b8294Ubuntu Security Notice 3932-2 - USN-3932-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. It was discovered that a race condition existed in the f2fs file system implementation in the Linux kernel. A local attacker could use this to cause a denial of service. Various other issues were also addressed.
6b04b1ca2b939f9ef77c26b11ce5669d6f7a229ddfbabf646e284686af89d8a3PhreeBooks ERP version 5.2.3 suffers from a remote command execution vulnerability.
ef91e23045cc28f2a527c8875343db76430b6f42d8e278cc154800d093f173abUbuntu Security Notice 3932-1 - It was discovered that a race condition existed in the f2fs file system implementation in the Linux kernel. A local attacker could use this to cause a denial of service. Wen Xu discovered that the f2fs file system implementation in the Linux kernel did not properly validate metadata. An attacker could use this to construct a malicious f2fs image that, when mounted, could cause a denial of service. Various other issues were also addressed.
8a9cf057269e567e457b41d6710b7b91e84287f5f6e3ab62365a668b68242bbcUbuntu Security Notice 3931-2 - USN-3931-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 18.04 LTS for Ubuntu 16.04 LTS and for the Linux Azure kernel for Ubuntu 14.04 LTS. M. Vefa Bicakci and Andy Lutomirski discovered that the kernel did not properly set up all arguments to an error handler callback used when running as a paravirtualized guest. An unprivileged attacker in a paravirtualized guest VM could use this to cause a denial of service. Various other issues were also addressed.
3da25881795c75e4bb949d560d025be98c843cd588e2826360ca5c71e4e66c69Ubuntu Security Notice 3931-1 - M. Vefa Bicakci and Andy Lutomirski discovered that the kernel did not properly set up all arguments to an error handler callback used when running as a paravirtualized guest. An unprivileged attacker in a paravirtualized guest VM could use this to cause a denial of service. It was discovered that the KVM implementation in the Linux kernel on ARM 64bit processors did not properly handle some ioctls. An attacker with the privilege to create KVM-based virtual machines could use this to cause a denial of service or execute arbitrary code in the host. Various other issues were also addressed.
8648907b306a30de1b668a41a8ae79574d61f4eeddb6db9b310b4966103ace78PhreeBooks ERP version 5.2.3 suffers from an arbitrary file upload vulnerability.
8946af8607d01cdbb4bbf87907507e414123374fc00ec083466a26acdbe24cb7Ubuntu Security Notice 3930-2 - USN-3930-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.10. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 18.10 for Ubuntu 18.04 LTS. Mathias Payer and Hui Peng discovered a use-after-free vulnerability in the Advanced Linux Sound Architecture subsystem. A physically proximate attacker could use this to cause a denial of service. Various other issues were also addressed.
4102f0cd3e3625cbe62726a696226a0b078386a4844fe7aa1d3769f8d3be7544Ubuntu Security Notice 3930-1 - Mathias Payer and Hui Peng discovered a use-after-free vulnerability in the Advanced Linux Sound Architecture subsystem. A physically proximate attacker could use this to cause a denial of service. Shlomi Oberman, Yuli Shapiro, and Ran Menscher discovered an information leak in the Bluetooth implementation of the Linux kernel. An attacker within Bluetooth range could use this to expose sensitive information. Various other issues were also addressed.
368e9dbf141a9e760054a79a440120646f0b3026e48ac5716619c4793e2820ffSlackware Security Advisory - New ghostscript packages are available for Slackware 14.2 and -current to fix security issues.
abebe83ea8a0adef25f49987ca9bc808814c9bb0422eca0d29b97ebc3ef1f249Ubuntu Security Notice 3929-1 - It was discovered that Firebird incorrectly handled certain malformed packets. A remote attacker could possibly use this issue with a specially crafted network packet to cause Firebird to crash, resulting in a denial of service. It was discovered that Firebird incorrectly handled certain UDF libraries. A remote attacker could possibly use this issue to execute arbitrary code. Various other issues were also addressed.
f2e28f902dd88d8beb6c8c1326bc248e679f5fe5aff3b26ca2c8d74944fb3b3cAIDA64 Business version 5.99.4900 SEH buffer overflow exploit with egghunter.
b6d0250046d5e3791787f6b8eb1a37d9d007fe3aec47fcaa47c94c5ecc35a1a9Ashop Shopping Cart Software suffers from a remote SQL injection vulnerability.
533760c67d1d7fa6de35406aeccb7237b87feddc499a0a0f9f448cf2d85166ceiScripts ReserveLogic suffers from a remote SQL injection vulnerability.
860f8981d085a7ac4e933bf61573a124c96dacb0a9741a486848a551a27ab80b
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Subscribe to an RSS Feed