Ubuntu Security Notice 3677-1 - It was discovered that the netfilter subsystem of the Linux kernel did not properly validate ebtables offsets. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Wen Xu discovered that the ext4 filesystem implementation in the Linux kernel did not properly handle corrupted meta data in some situations. An attacker could use this to specially craft an ext4 file system that caused a denial of service when mounted. Various other issues were also addressed.
b9917730793499eb901655a084ddb9a923d7d0df94773d6f89265ffa68e26866
Ubuntu Security Notice 3676-2 - USN-3676-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. Wen Xu discovered that the ext4 filesystem implementation in the Linux kernel did not properly handle corrupted meta data in some situations. An attacker could use this to specially craft an ext4 file system that caused a denial of service when mounted. Various other issues were also addressed.
b4830110117fbba4ebcb3aed886d7a8ee5e4bde656c36861c7100ec0c951e607
Ubuntu Security Notice 3676-1 - Wen Xu discovered that the ext4 filesystem implementation in the Linux kernel did not properly handle corrupted meta data in some situations. An attacker could use this to specially craft an ext4 file system that caused a denial of service when mounted. It was discovered that the cdrom driver in the Linux kernel contained an incorrect bounds check. A local attacker could use this to expose sensitive information. Various other issues were also addressed.
9eb8e7aa9a0d4aa6ddced7f3c8e17089dc358de41a491f619dde8e9fa99a51e9
Dimofinf CMS version 3.0.0 suffers from a cross site scripting vulnerability.
5cd1d04c863e2ea25993ccfe3774c09cd9808cc458936a759845f037024db4a5
OEcms version 3.1 suffers from a cross site scripting vulnerability.
6be68a4956903316b2c0de1e2389089cb7567d2ac1b838508251bde4b53201fc
Joomla EkRishta component version 2.10 suffers from a remote SQL injection vulnerability in the username field.
1a38115c6476c6632dafb68b39d6cd46e6041087281815b9c3f4d2f9eeb7e7ee
Siaberry version 1.2.2 suffers from a command injection vulnerability.
45683d6965850aac680b3a71072f16baeb2ff7e2c340860c5c50330a92b46ec3
OpenSSL Security Advisory 20180612 - During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This could be exploited in a Denial Of Service attack.
990b7272eacc3360cb8f87129649c216bb73a08254b69b6490b15af00da77501