Suricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded and has native IPv6 support. It's capable of loading existing Snort rules and signatures and supports the Barnyard and Barnyard2 tools.
81a0bcb10b5c0b00efeafb4aac3ef70bf0e36b060ac6300d867f15f3dbe0e437OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.
370babb75f278c39e0c50e8c4e7493bc0f18db6867478341a832a982fd15a8feMohamed Ghannam discovered that a use-after-free vulnerability existed in the Netlink subsystem (XFRM) in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. It was discovered that the Linux kernel did not properly handle copy-on- write of transparent huge pages. A local attacker could use this to cause a denial of service (application crashes) or possibly gain administrative privileges. It was discovered that a race condition existed in the ALSA subsystem of the Linux kernel when creating and deleting a port via ioctl(). A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
35d9c5bcbc24182886ab41d96c51ca6c0855f15b3e7680d8f817e85810abee0fDebian Linux Security Advisory 4057-1 - It was discovered that the TLS server in Erlang is vulnerable to an adaptive chosen ciphertext attack against RSA keys.
2ae6574a92f94375c6ff4810f0f2c5b30ddee798e92a1eb825301717c5a04a15Ubuntu Security Notice 3507-2 - Mohamed Ghannam discovered that a use-after-free vulnerability existed in the Netlink subsystem in the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the Linux kernel did not properly handle copy-on- write of transparent huge pages. A local attacker could use this to cause a denial of service or possibly gain administrative privileges. Various other issues were also addressed.
ae388e8ac7bb58cd9abd9b333a0f2f4254cfb0c1fcd650c24b3063f016090fb0Red Hat Security Advisory 2017-3405-01 - PostgreSQL is an advanced object-relational database management system. Security Fix: Privilege escalation flaws were found in the initialization scripts of PostgreSQL. An attacker with access to the postgres user account could use these flaws to obtain root access on the server machine. Note: This patch drops the script privileges from root to the postgres user. Therefore, we dropped the --new-systemd-unit option for security reasons. Please use the root-only script postgresql-new-systemd-unit.
bccd5af337c7123ff604e536dfcb99595e48e4d648225dbf4904e2beff68400cRed Hat Security Advisory 2017-3404-01 - PostgreSQL is an advanced object-relational database management system. Security Fix: Privilege escalation flaws were found in the initialization scripts of PostgreSQL. An attacker with access to the postgres user account could use these flaws to obtain root access on the server machine. Note: This patch drops the script privileges from root to the postgres user. Therefore, we dropped the --new-systemd-unit option for security reasons. Please use the root-only script postgresql-new-systemd-unit.
28c628f28240ec77d3fe42064428b9695e73a73078e3f55984bcbaefa5f76588Red Hat Security Advisory 2017-3403-01 - PostgreSQL is an advanced object-relational database management system. Security Fix: Privilege escalation flaws were found in the initialization scripts of PostgreSQL. An attacker with access to the postgres user account could use these flaws to obtain root access on the server machine. Note: This patch drops the script privileges from root to the postgres user. Therefore, we dropped the --new-systemd-unit option for security reasons. Please use the root-only script postgresql-new-systemd-unit.
43daef00ad06de719fc79661c9c4cb770fb9741d5af8993d6465008463903c64Red Hat Security Advisory 2017-3402-01 - PostgreSQL is an advanced object-relational database management system. Security Fix: Privilege escalation flaws were found in the initialization scripts of PostgreSQL. An attacker with access to the postgres user account could use these flaws to obtain root access on the server machine. Note: This patch drops the script privileges from root to the postgres user. Therefore, this update works properly only if the postgres user has write access to the postgres' home directory, such as the one in the default configuration.
61bc21da4bb1d12a25e011c1aee345170d83a720fec156f11af096ba0df14eebUbuntu Security Notice 3511-1 - Mohamed Ghannam discovered that a use-after-free vulnerability existed in the Netlink subsystem in the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the Linux kernel did not properly handle copy-on- write of transparent huge pages. A local attacker could use this to cause a denial of service or possibly gain administrative privileges. Various other issues were also addressed.
314cedad6f26e3e6cfb741d3ff01146c4ceb3994dbef847911470586a0764c48Ubuntu Security Notice 3510-2 - USN-3510-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 ESM. Mohamed Ghannam discovered that a use-after-free vulnerability existed in the Netlink subsystem in the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
5a95d6f9a9d9018051e2c823b105a2aa633e946be16ef92c6a3c3a91fca744ecUbuntu Security Notice 3510-1 - Mohamed Ghannam discovered that a use-after-free vulnerability existed in the Netlink subsystem in the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the Linux kernel did not properly handle copy-on- write of transparent huge pages. A local attacker could use this to cause a denial of service or possibly gain administrative privileges. Various other issues were also addressed.
4400fc3dcf4d15995ec37a4e358e8367d7ffc03a00a4bf433a4a0b06de1fe04fWebsite Auction Marketplace version 2.0.5 suffers from a remote SQL injection vulnerability.
fb6a70e67a3bdd27a8661ca663819f6206cf7c1dd4fc4d070dc1f8f52c0d6417
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed