Ubuntu Security Notice 3677-1 - It was discovered that the netfilter subsystem of the Linux kernel did not properly validate ebtables offsets. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Wen Xu discovered that the ext4 filesystem implementation in the Linux kernel did not properly handle corrupted meta data in some situations. An attacker could use this to specially craft an ext4 file system that caused a denial of service when mounted. Various other issues were also addressed.
b9917730793499eb901655a084ddb9a923d7d0df94773d6f89265ffa68e26866Ubuntu Security Notice 3676-2 - USN-3676-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. Wen Xu discovered that the ext4 filesystem implementation in the Linux kernel did not properly handle corrupted meta data in some situations. An attacker could use this to specially craft an ext4 file system that caused a denial of service when mounted. Various other issues were also addressed.
b4830110117fbba4ebcb3aed886d7a8ee5e4bde656c36861c7100ec0c951e607Ubuntu Security Notice 3676-1 - Wen Xu discovered that the ext4 filesystem implementation in the Linux kernel did not properly handle corrupted meta data in some situations. An attacker could use this to specially craft an ext4 file system that caused a denial of service when mounted. It was discovered that the cdrom driver in the Linux kernel contained an incorrect bounds check. A local attacker could use this to expose sensitive information. Various other issues were also addressed.
9eb8e7aa9a0d4aa6ddced7f3c8e17089dc358de41a491f619dde8e9fa99a51e9Dimofinf CMS version 3.0.0 suffers from a cross site scripting vulnerability.
5cd1d04c863e2ea25993ccfe3774c09cd9808cc458936a759845f037024db4a5OEcms version 3.1 suffers from a cross site scripting vulnerability.
6be68a4956903316b2c0de1e2389089cb7567d2ac1b838508251bde4b53201fcJoomla EkRishta component version 2.10 suffers from a remote SQL injection vulnerability in the username field.
1a38115c6476c6632dafb68b39d6cd46e6041087281815b9c3f4d2f9eeb7e7eeSiaberry version 1.2.2 suffers from a command injection vulnerability.
45683d6965850aac680b3a71072f16baeb2ff7e2c340860c5c50330a92b46ec3OpenSSL Security Advisory 20180612 - During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This could be exploited in a Denial Of Service attack.
990b7272eacc3360cb8f87129649c216bb73a08254b69b6490b15af00da77501
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed