Red Hat Security Advisory 2018-2258-01 - KVM is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. Security fix: An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit. As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks. Issues addressed include a bypass vulnerability.
76959ab67f758bf3a25828abc174c7dee4a3e20303347acfeb5222db000f8b03Red Hat Security Advisory 2018-2261-01 - Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment utilities, and support services. Issues addressed include a replay attack vulnerability.
3abdddcc6ff800466cb69e4f002a8015497e54b68610e36aa52a8258ba62d450Red Hat Security Advisory 2018-2267-01 - The procps packages contain a set of system utilities that provide system information. The procps packages include the following utilities: ps, free, skill, pkill, pgrep, snice, tload, top, uptime, vmstat, w, watch, pwdx, sysctl, pmap, and slabtop. Issues addressed include a heap overflow vulnerability.
c0907ab3460d24304dcb7a7f242911a95312066de9cc013fadeb46fad7b1d68bRed Hat Security Advisory 2018-2268-01 - The procps packages contain a set of system utilities that provide system information. The procps packages include the following utilities: ps, free, skill, pkill, pgrep, snice, tload, top, uptime, vmstat, w, watch, pwdx, sysctl, pmap, and slabtop. Issues addressed include a heap overflow vulnerability.
5c5dce04b98f5034ccab76187f370aa0ec5490e0a49c819bb83e596dc833f392Red Hat Security Advisory 2018-2274-01 - Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment utilities, and support services. Issues addressed include a replay attack.
bea6f150d20001083244fdaba28167aa06e13177c81317dee86bdbc4c382fa81Red Hat Security Advisory 2018-2276-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on Wildfly. This asynchronous patch is a security update for wildfly-core and apache-cxf packages in Red Hat JBoss Enterprise Application Platform 7.1 Issues addressed include a traversal vulnerability.
5bfd068d41ade41ff1f4c1290242f6d2137acaf5d4dccdaca5ac00d3c77c4c4cRed Hat Security Advisory 2018-2277-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on Wildfly. This asynchronous patch is a security update for apache-cxf package in Red Hat JBoss Enterprise Application Platform 7.1 Issues addressed include a traversal vulnerability.
846c99de715bb3f633d02464de9d396b4458165b9af6c343861912a7f7ca622eRed Hat Security Advisory 2018-2279-01 - Red Hat Single Sign-On 7.2 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This asynchronous patch is a security update for wildfly-core and apache-cxf packages in Red Hat Single Sign-On 7.2. Issues addressed include a traversal vulnerability.
d56913cfdf67e8721884d0fa325bfa7b3d2be10531eb51b925101cdb44681478Tracto ERC20 suffers from an integer overflow vulnerability.
bc34d4bbbffaebf35132a4b460490459086c1cddcfe292345c067eb4956963b2Ubuntu Security Notice 3722-3 - USN-3722-1 fixed vulnerabilities in ClamAV. The updated ClamAV version removed some configuration options which caused the daemon to fail to start in environments where the ClamAV configuration file was manually edited. This update fixes the problem. Various other issues were also addressed.
41052a7d3bb083be920c2df786f863a32cee51a01ca68f639683d2e4d9a7eeecUbuntu Security Notice 3722-4 - USN-3722-1 fixed vulnerabilities in ClamAV. The updated ClamAV version removed some configuration options which caused the daemon to fail to start in environments where the ClamAV configuration file was manually edited. This update fixes the problem. Various other issues were also addressed.
3f0e86e883998fe97abd02ceef3e0439bf2a4b04d4556694b7e29c0f101c686fUbuntu Security Notice 3724-1 - Jon Kristensen discovered that Evolution Data Server would automatically downgrade a connection to an IMAP server if the IMAP server did not support SSL. This would result in the user's password being unexpectedly sent in clear text, even though the user had requested to use SSL.
3d04bb1d5ce0cb74db7fe74df01a5a64e35f411215bfd767137a2d675c04a6bcDebian Linux Security Advisory 4255-1 - Danny Grander reported that the unzip and untar tasks in ant, a Java based build tool like make, allow the extraction of files outside a target directory. An attacker can take advantage of this flaw by submitting a specially crafted Zip or Tar archive to an ant build to overwrite any file writable by the user running ant.
8712be2e985d62f6d793b6f112814849d622e01949bc463e0dd6bc737ba4fcf8Debian Linux Security Advisory 4254-1 - Several vulnerabilities were discovered in the Simple Linux Utility for Resource Management (SLURM), a cluster resource management and job scheduling system.
36df183c5be2e5e744c588420db03e8dae0a737d61dc730040cf6311a28e0b24Ubuntu Security Notice 3722-1 - It was discovered that ClamAV incorrectly handled parsing certain HWP files. A remote attacker could use this issue to cause ClamAV to hang, resulting in a denial of service. It was discovered that ClamAV incorrectly handled parsing certain PDF files. A remote attacker could use this issue to cause ClamAV to hang, resulting in a denial of service.
87bcf5d5b273a823a8b15af73ba76a85add54d3a2085fcca99994a47af5d727eUbuntu Security Notice 3721-1 - Danny Grander discovered that Apache Ant incorrectly handled certain compressed files. If a user or automated system were tricked into processing a specially crafted file, a remote attacker could use this issue to overwrite arbitrary files.
e66a0dc864705a951ca9cd6e15af89c3437c46679a3edaec62b3cb2df88e449bUbuntu Security Notice 3723-1 - It was discovered that Tomcat incorrectly handled decoding certain UTF-8 strings. A remote attacker could possibly use this issue to cause Tomcat to crash, resulting in a denial of service. It was discovered that the Tomcat WebSocket client incorrectly performed hostname verification. A remote attacker could possibly use this issue to intercept sensitive information.
52e53d41f2a7c0af572967d3eeaedbc9d8162599b381b71c92a81dfae9b7b9a5Ubuntu Security Notice 3722-2 - USN-3722-1 fixed a vulnerability in ClamAV. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that ClamAV incorrectly handled parsing certain HWP files. A remote attacker could use this issue to cause ClamAV to hang, resulting in a denial of service. Various other issues were also addressed.
b0ea137c2da882ba7aa7df4f1494a39fc16ab3f6a19c52351e2de906cc087f0fRed Hat Security Advisory 2018-2256-01 - Oracle Java SE version 8 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update upgrades Oracle Java SE 8 to version 8 Update 181. Issues addressed include an insufficient validation vulnerability.
e7a15a262e6f38ab2b37acb8be1d5941abb1bf6e2a3e2b1e6b45bb4e37eaf46310-Strike LANState version 8.8 suffers from a buffer overflow vulnerability.
1a94fc8d236b99a85a8ea57a92f5adac5f8c7a4e7ee1d4e9b99a4d05c5624c44Red Hat Security Advisory 2018-2250-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a bypass vulnerability.
93293a8b212b4ccf6df35397eb05a9fe26a965ccfae8d57e00725ccdab072adbInteno's IOPSYS suffers from an authenticated local privilege escalation vulnerability.
b9177eea9da8a509b704df3b4cf75bdc9608620f7338ca46161c5e96519ca5c8Red Hat Security Advisory 2018-2254-01 - Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update upgrades Oracle Java SE 7 to version 7 Update 191. Issues addressed include an insufficient validation vulnerability.
5430b5eaac57be44a3bfd7e0b388429e3298c92f8f683c003f73135b13bb86c210-Strike Bandwidth Monitor version 3.7 suffers from a buffer overflow vulnerability.
66cbf6fa78b1c97a89a2ea347b1112bb3a6ace9d52e3135211837ebfd0253c18Red Hat Security Advisory 2018-2253-01 - Oracle Java SE version 8 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update upgrades Oracle Java SE 8 to version 8 Update 181. Issues addressed include an insufficient validation vulnerability.
eb6f174756d76dde08ac873a0c25d4f9a60ce1f37a653a0ae8b45ee689713593
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed