Red Hat Security Advisory 2018-2258-01 - KVM is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. Security fix: An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit. As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks. Issues addressed include a bypass vulnerability.
76959ab67f758bf3a25828abc174c7dee4a3e20303347acfeb5222db000f8b03
Red Hat Security Advisory 2018-2261-01 - Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment utilities, and support services. Issues addressed include a replay attack vulnerability.
3abdddcc6ff800466cb69e4f002a8015497e54b68610e36aa52a8258ba62d450
Red Hat Security Advisory 2018-2267-01 - The procps packages contain a set of system utilities that provide system information. The procps packages include the following utilities: ps, free, skill, pkill, pgrep, snice, tload, top, uptime, vmstat, w, watch, pwdx, sysctl, pmap, and slabtop. Issues addressed include a heap overflow vulnerability.
c0907ab3460d24304dcb7a7f242911a95312066de9cc013fadeb46fad7b1d68b
Red Hat Security Advisory 2018-2268-01 - The procps packages contain a set of system utilities that provide system information. The procps packages include the following utilities: ps, free, skill, pkill, pgrep, snice, tload, top, uptime, vmstat, w, watch, pwdx, sysctl, pmap, and slabtop. Issues addressed include a heap overflow vulnerability.
5c5dce04b98f5034ccab76187f370aa0ec5490e0a49c819bb83e596dc833f392
Red Hat Security Advisory 2018-2274-01 - Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment utilities, and support services. Issues addressed include a replay attack.
bea6f150d20001083244fdaba28167aa06e13177c81317dee86bdbc4c382fa81
Red Hat Security Advisory 2018-2276-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on Wildfly. This asynchronous patch is a security update for wildfly-core and apache-cxf packages in Red Hat JBoss Enterprise Application Platform 7.1 Issues addressed include a traversal vulnerability.
5bfd068d41ade41ff1f4c1290242f6d2137acaf5d4dccdaca5ac00d3c77c4c4c
Red Hat Security Advisory 2018-2277-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on Wildfly. This asynchronous patch is a security update for apache-cxf package in Red Hat JBoss Enterprise Application Platform 7.1 Issues addressed include a traversal vulnerability.
846c99de715bb3f633d02464de9d396b4458165b9af6c343861912a7f7ca622e
Red Hat Security Advisory 2018-2279-01 - Red Hat Single Sign-On 7.2 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This asynchronous patch is a security update for wildfly-core and apache-cxf packages in Red Hat Single Sign-On 7.2. Issues addressed include a traversal vulnerability.
d56913cfdf67e8721884d0fa325bfa7b3d2be10531eb51b925101cdb44681478
Tracto ERC20 suffers from an integer overflow vulnerability.
bc34d4bbbffaebf35132a4b460490459086c1cddcfe292345c067eb4956963b2
Ubuntu Security Notice 3722-3 - USN-3722-1 fixed vulnerabilities in ClamAV. The updated ClamAV version removed some configuration options which caused the daemon to fail to start in environments where the ClamAV configuration file was manually edited. This update fixes the problem. Various other issues were also addressed.
41052a7d3bb083be920c2df786f863a32cee51a01ca68f639683d2e4d9a7eeec
Ubuntu Security Notice 3722-4 - USN-3722-1 fixed vulnerabilities in ClamAV. The updated ClamAV version removed some configuration options which caused the daemon to fail to start in environments where the ClamAV configuration file was manually edited. This update fixes the problem. Various other issues were also addressed.
3f0e86e883998fe97abd02ceef3e0439bf2a4b04d4556694b7e29c0f101c686f
Ubuntu Security Notice 3724-1 - Jon Kristensen discovered that Evolution Data Server would automatically downgrade a connection to an IMAP server if the IMAP server did not support SSL. This would result in the user's password being unexpectedly sent in clear text, even though the user had requested to use SSL.
3d04bb1d5ce0cb74db7fe74df01a5a64e35f411215bfd767137a2d675c04a6bc
Debian Linux Security Advisory 4255-1 - Danny Grander reported that the unzip and untar tasks in ant, a Java based build tool like make, allow the extraction of files outside a target directory. An attacker can take advantage of this flaw by submitting a specially crafted Zip or Tar archive to an ant build to overwrite any file writable by the user running ant.
8712be2e985d62f6d793b6f112814849d622e01949bc463e0dd6bc737ba4fcf8
Debian Linux Security Advisory 4254-1 - Several vulnerabilities were discovered in the Simple Linux Utility for Resource Management (SLURM), a cluster resource management and job scheduling system.
36df183c5be2e5e744c588420db03e8dae0a737d61dc730040cf6311a28e0b24
Ubuntu Security Notice 3722-1 - It was discovered that ClamAV incorrectly handled parsing certain HWP files. A remote attacker could use this issue to cause ClamAV to hang, resulting in a denial of service. It was discovered that ClamAV incorrectly handled parsing certain PDF files. A remote attacker could use this issue to cause ClamAV to hang, resulting in a denial of service.
87bcf5d5b273a823a8b15af73ba76a85add54d3a2085fcca99994a47af5d727e
Ubuntu Security Notice 3721-1 - Danny Grander discovered that Apache Ant incorrectly handled certain compressed files. If a user or automated system were tricked into processing a specially crafted file, a remote attacker could use this issue to overwrite arbitrary files.
e66a0dc864705a951ca9cd6e15af89c3437c46679a3edaec62b3cb2df88e449b
Ubuntu Security Notice 3723-1 - It was discovered that Tomcat incorrectly handled decoding certain UTF-8 strings. A remote attacker could possibly use this issue to cause Tomcat to crash, resulting in a denial of service. It was discovered that the Tomcat WebSocket client incorrectly performed hostname verification. A remote attacker could possibly use this issue to intercept sensitive information.
52e53d41f2a7c0af572967d3eeaedbc9d8162599b381b71c92a81dfae9b7b9a5
Ubuntu Security Notice 3722-2 - USN-3722-1 fixed a vulnerability in ClamAV. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that ClamAV incorrectly handled parsing certain HWP files. A remote attacker could use this issue to cause ClamAV to hang, resulting in a denial of service. Various other issues were also addressed.
b0ea137c2da882ba7aa7df4f1494a39fc16ab3f6a19c52351e2de906cc087f0f
Red Hat Security Advisory 2018-2256-01 - Oracle Java SE version 8 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update upgrades Oracle Java SE 8 to version 8 Update 181. Issues addressed include an insufficient validation vulnerability.
e7a15a262e6f38ab2b37acb8be1d5941abb1bf6e2a3e2b1e6b45bb4e37eaf463
10-Strike LANState version 8.8 suffers from a buffer overflow vulnerability.
1a94fc8d236b99a85a8ea57a92f5adac5f8c7a4e7ee1d4e9b99a4d05c5624c44
Red Hat Security Advisory 2018-2250-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a bypass vulnerability.
93293a8b212b4ccf6df35397eb05a9fe26a965ccfae8d57e00725ccdab072adb
Inteno's IOPSYS suffers from an authenticated local privilege escalation vulnerability.
b9177eea9da8a509b704df3b4cf75bdc9608620f7338ca46161c5e96519ca5c8
Red Hat Security Advisory 2018-2254-01 - Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update upgrades Oracle Java SE 7 to version 7 Update 191. Issues addressed include an insufficient validation vulnerability.
5430b5eaac57be44a3bfd7e0b388429e3298c92f8f683c003f73135b13bb86c2
10-Strike Bandwidth Monitor version 3.7 suffers from a buffer overflow vulnerability.
66cbf6fa78b1c97a89a2ea347b1112bb3a6ace9d52e3135211837ebfd0253c18
Red Hat Security Advisory 2018-2253-01 - Oracle Java SE version 8 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update upgrades Oracle Java SE 8 to version 8 Update 181. Issues addressed include an insufficient validation vulnerability.
eb6f174756d76dde08ac873a0c25d4f9a60ce1f37a653a0ae8b45ee689713593