Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.
0b566718a7579045309e6e849bfd01b84c42891038067b2151d415ab2e87a50eGentoo Linux Security Advisory 202310-23 - Several use-after-free vulnerabilities have been found in libxslt. Versions greater than or equal to 1.1.35 are affected.
2977fac96373f49fb09106e9d5a7e1f40ed504bf41125749e607e0e8f580180dGentoo Linux Security Advisory 202310-22 - Multiple vulnerabilities have been discovered in Salt, the worst of which could result in local privilege escalation. Versions greater than or equal to 3004.2 are affected.
8d15c49b62885ce5a92b80cc9b7455a545b31835278e8e5f87d3866b3dd6e790Gentoo Linux Security Advisory 202310-21 - Multiple vulnerabilities have been discovered in ConnMan, the worst of which can lead to remote code execution. Versions greater than or equal to 1.42_pre20220801 are affected.
9dfeb85d57972f2d70c4a0a5a86743f9d6690016bc7d1b9c3627a49632e39815Ubuntu Security Notice 6460-1 - It was discovered that the IPv6 implementation in the Linux kernel contained a high rate of hash collisions in connection lookup table. A remote attacker could use this to cause a denial of service. It was discovered that the Broadcom FullMAC USB WiFi driver in the Linux kernel did not properly perform data buffer size validation in some situations. A physically proximate attacker could use this to craft a malicious USB device that when inserted, could cause a denial of service or possibly expose sensitive information.
ccc14e1e2347798994b0336a3ccd2a0a1c44b24485ea7d3488a8ff85109c2c43Debian Linux Security Advisory 5542-1 - Multiple vulnerabilities have been discovered in Request Tracker, an extensible trouble-ticket tracking system.
21987c129e7f038834496daa8b4bb9533290aebfe3172991bd4e6b20ca3959b7Debian Linux Security Advisory 5541-1 - Multiple vulnerabilities have been discovered in Request Tracker, an extensible trouble-ticket tracking system.
c0e0249164fd47321acc5693b290a1534941789af87d3a335b2f846ab218b78dDebian Linux Security Advisory 5540-1 - Two remotely exploitable security vulnerabilities were discovered in Jetty 9, a Java based web server and servlet engine. The HTTP/2 protocol implementation did not sufficiently verify if HPACK header values exceed their size limit. Furthermore the HTTP/2 protocol allowed a denial of service (server resource consumption) because request cancellation can reset many streams quickly. This problem is also known as Rapid Reset Attack.
19d34104164c646ad6b0f2161a5af11a88009b06f4e5e247a2834dd69e90401aUbuntu Security Notice 6454-2 - Kyle Zeng discovered that the netfilter subsystem in the Linux kernel contained a race condition in IP set operations in certain situations. A local attacker could use this to cause a denial of service. Alex Birnberg discovered that the netfilter subsystem in the Linux kernel did not properly validate register length, leading to an out-of- bounds write vulnerability. A local attacker could possibly use this to cause a denial of service.
45adc50792bf0b58826ae5e3cb21377f79bbfea5839827a138bd1a00889891edUbuntu Security Notice 6441-3 - Ross Lagerwall discovered that the Xen netback backend driver in the Linux kernel did not properly handle certain unusual packets from a paravirtualized network frontend, leading to a buffer overflow. An attacker in a guest VM could use this to cause a denial of service or possibly execute arbitrary code. Kyle Zeng discovered that the networking stack implementation in the Linux kernel did not properly validate skb object size in certain conditions. An attacker could use this cause a denial of service or possibly execute arbitrary code.
cd013211e7487024671fcf7d94d72ba9336b3ec594db53047c4a61d17a3ea40bDebian Linux Security Advisory 5539-1 - It was reported that incorrect bound checks in the dsaVerify function in node-browserify-sign, a Node.js library which adds crypto signing for browsers, allows an attacker to perform signature forgery attacks by constructing signatures that can be successfully verified by any public key.
bd4d2f5bb4a56492acf5a0f3f5a7176edb7f3f2a9e00ffd9fa12ec5357176f21Ubuntu Security Notice 6459-1 - Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 8.0.35 in Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 23.04, and Ubuntu 23.10. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes.
0164c4661f73dae4cad3a15190243652a07e0c2c44f504bf3fc60e9b21a748dbUbuntu Security Notice 6457-1 - Tavis Ormandy discovered that Node.js incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. Elison Niven discovered that Node.js incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to execute arbitrary code.
cfa0613c1b1aa4b7c7b951a0118420adfd35eec31549e3b6fef5812395731cf2Ubuntu Security Notice 6458-1 - It was discovered that Slurm did not properly handle credential management, which could allow an unprivileged user to impersonate the SlurmUser account. An attacker could possibly use this issue to execute arbitrary code as the root user. It was discovered that Slurm did not properly handle access control when dealing with RPC traffic through PMI2 and PMIx, which could allow an unprivileged user to send data to an arbitrary unix socket in the host. An attacker could possibly use this issue to execute arbitrary code as the root user.
fd8be9a6e4a0f304eeeaae3e16f54de466dd929852f00ffb10c2647f58340c01Red Hat Security Advisory 2023-6202-01 - Red Hat Advanced Cluster Management for Kubernetes 2.6.8 General Availability release images, which provide security updates and fix bugs. Issues addressed include a denial of service vulnerability.
82527535751300355c14cd7d80309cf4c22a7859261d57a33f14a6d1126d4b71Red Hat Security Advisory 2023-6200-01 - The multicluster engine for Kubernetes 2.1.9 General Availability release images, which contains security fixes and update container images. Issues addressed include a denial of service vulnerability.
247d7f523bbca7b63e1185ab1bbb72da689d1d9d6b5c6ec0c2d7d8efa55e9f31Red Hat Security Advisory 2023-6199-01 - An update for firefox is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Issues addressed include a spoofing vulnerability.
33de3023ba2e934d87fb42561a35c9b2c21bb01e800028e437f2982e612928c6Red Hat Security Advisory 2023-6198-01 - An update for thunderbird is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Issues addressed include a spoofing vulnerability.
30317493bfbe285ba79c947429acae69dbf66549571ca50562ced27e3e6c77d8Red Hat Security Advisory 2023-6197-01 - An update for thunderbird is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Issues addressed include a spoofing vulnerability.
2d19c4f2bb34a69de7fae9f998ff4ecae1da209c23fab2b8f90ea15191e64f62Red Hat Security Advisory 2023-6196-01 - An update for thunderbird is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Issues addressed include a spoofing vulnerability.
40ec9bf7a0fe4b119c41239f57320eb6e5f82d77d5e8e2b7c8988f6c36663bfaRed Hat Security Advisory 2023-6195-01 - An update for thunderbird is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Issues addressed include a spoofing vulnerability.
c7305924c6865408fd85d8f49bb1f8eb21963ae9b9d6afb97abf612fac51c37aRed Hat Security Advisory 2023-6194-01 - An update for thunderbird is now available for Red Hat Enterprise Linux 8. Issues addressed include a spoofing vulnerability.
621af0780168d673835447662193ebae34088b8b16a1fe54e9829598510d0f41Red Hat Security Advisory 2023-6193-01 - An update for thunderbird is now available for Red Hat Enterprise Linux 7.
d52a9d3d539e291d0c71288835554445214d7b4a708ef30a4b4a9a726e5746e0Red Hat Security Advisory 2023-6192-01 - An update for thunderbird is now available for Red Hat Enterprise Linux 9.0 Extended Update Support.
1b74b15a0e67c1d2e17bfce9a0087171aecac6646849db8eca9c06bf5f1d4b5eRed Hat Security Advisory 2023-6191-01 - An update for thunderbird is now available for Red Hat Enterprise Linux 9. Issues addressed include a spoofing vulnerability.
e6e95c2e2703cd02ec5839e804e796f6b71371bc23880f2db36683f5f8a80c7f
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed