Suricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded and has native IPv6 support. It's capable of loading existing Snort rules and signatures and supports the Barnyard and Barnyard2 tools.
81a0bcb10b5c0b00efeafb4aac3ef70bf0e36b060ac6300d867f15f3dbe0e437
OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.
370babb75f278c39e0c50e8c4e7493bc0f18db6867478341a832a982fd15a8fe
Mohamed Ghannam discovered that a use-after-free vulnerability existed in the Netlink subsystem (XFRM) in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. It was discovered that the Linux kernel did not properly handle copy-on- write of transparent huge pages. A local attacker could use this to cause a denial of service (application crashes) or possibly gain administrative privileges. It was discovered that a race condition existed in the ALSA subsystem of the Linux kernel when creating and deleting a port via ioctl(). A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
35d9c5bcbc24182886ab41d96c51ca6c0855f15b3e7680d8f817e85810abee0f
Debian Linux Security Advisory 4057-1 - It was discovered that the TLS server in Erlang is vulnerable to an adaptive chosen ciphertext attack against RSA keys.
2ae6574a92f94375c6ff4810f0f2c5b30ddee798e92a1eb825301717c5a04a15
Ubuntu Security Notice 3507-2 - Mohamed Ghannam discovered that a use-after-free vulnerability existed in the Netlink subsystem in the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the Linux kernel did not properly handle copy-on- write of transparent huge pages. A local attacker could use this to cause a denial of service or possibly gain administrative privileges. Various other issues were also addressed.
ae388e8ac7bb58cd9abd9b333a0f2f4254cfb0c1fcd650c24b3063f016090fb0
Red Hat Security Advisory 2017-3405-01 - PostgreSQL is an advanced object-relational database management system. Security Fix: Privilege escalation flaws were found in the initialization scripts of PostgreSQL. An attacker with access to the postgres user account could use these flaws to obtain root access on the server machine. Note: This patch drops the script privileges from root to the postgres user. Therefore, we dropped the --new-systemd-unit option for security reasons. Please use the root-only script postgresql-new-systemd-unit.
bccd5af337c7123ff604e536dfcb99595e48e4d648225dbf4904e2beff68400c
Red Hat Security Advisory 2017-3404-01 - PostgreSQL is an advanced object-relational database management system. Security Fix: Privilege escalation flaws were found in the initialization scripts of PostgreSQL. An attacker with access to the postgres user account could use these flaws to obtain root access on the server machine. Note: This patch drops the script privileges from root to the postgres user. Therefore, we dropped the --new-systemd-unit option for security reasons. Please use the root-only script postgresql-new-systemd-unit.
28c628f28240ec77d3fe42064428b9695e73a73078e3f55984bcbaefa5f76588
Red Hat Security Advisory 2017-3403-01 - PostgreSQL is an advanced object-relational database management system. Security Fix: Privilege escalation flaws were found in the initialization scripts of PostgreSQL. An attacker with access to the postgres user account could use these flaws to obtain root access on the server machine. Note: This patch drops the script privileges from root to the postgres user. Therefore, we dropped the --new-systemd-unit option for security reasons. Please use the root-only script postgresql-new-systemd-unit.
43daef00ad06de719fc79661c9c4cb770fb9741d5af8993d6465008463903c64
Red Hat Security Advisory 2017-3402-01 - PostgreSQL is an advanced object-relational database management system. Security Fix: Privilege escalation flaws were found in the initialization scripts of PostgreSQL. An attacker with access to the postgres user account could use these flaws to obtain root access on the server machine. Note: This patch drops the script privileges from root to the postgres user. Therefore, this update works properly only if the postgres user has write access to the postgres' home directory, such as the one in the default configuration.
61bc21da4bb1d12a25e011c1aee345170d83a720fec156f11af096ba0df14eeb
Ubuntu Security Notice 3511-1 - Mohamed Ghannam discovered that a use-after-free vulnerability existed in the Netlink subsystem in the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the Linux kernel did not properly handle copy-on- write of transparent huge pages. A local attacker could use this to cause a denial of service or possibly gain administrative privileges. Various other issues were also addressed.
314cedad6f26e3e6cfb741d3ff01146c4ceb3994dbef847911470586a0764c48
Ubuntu Security Notice 3510-2 - USN-3510-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 ESM. Mohamed Ghannam discovered that a use-after-free vulnerability existed in the Netlink subsystem in the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
5a95d6f9a9d9018051e2c823b105a2aa633e946be16ef92c6a3c3a91fca744ec
Ubuntu Security Notice 3510-1 - Mohamed Ghannam discovered that a use-after-free vulnerability existed in the Netlink subsystem in the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the Linux kernel did not properly handle copy-on- write of transparent huge pages. A local attacker could use this to cause a denial of service or possibly gain administrative privileges. Various other issues were also addressed.
4400fc3dcf4d15995ec37a4e358e8367d7ffc03a00a4bf433a4a0b06de1fe04f
Website Auction Marketplace version 2.0.5 suffers from a remote SQL injection vulnerability.
fb6a70e67a3bdd27a8661ca663819f6206cf7c1dd4fc4d070dc1f8f52c0d6417