Slackware Security Advisory - New php packages are available for Slackware 14.0, 14.1, 14.2 to fix security issues. A bugfix release for -current is also available.
0f420b22277ddb140369dde619a7d53c5fefaef9095b42044308668e971633bf
Ubuntu Security Notice 3871-5 - Wen Xu discovered that a use-after-free vulnerability existed in the ext4 filesystem implementation in the Linux kernel. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service or possibly execute arbitrary code. Wen Xu discovered that a buffer overflow existed in the ext4 filesystem implementation in the Linux kernel. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
a5d71e69056829a026e081231955a45dd385e4689768c26f0fa5281f7bb32196
Ubuntu Security Notice 3878-2 - It was discovered that a race condition existed in the vsock address family implementation of the Linux kernel that could lead to a use-after-free condition. A local attacker in a guest virtual machine could use this to expose sensitive information. Cfir Cohen discovered that a use-after-free vulnerability existed in the KVM implementation of the Linux kernel, when handling interrupts in environments where nested virtualization is in use. A local attacker in a guest VM could possibly use this to gain administrative privileges in a host machine. Various other issues were also addressed.
836e2d26e3cb7e111d07f62c277179c810b8d3827600b341b6da1a764f655919
OpenText Documentum Webtop version 5.3.SP2 suffers from an open redirection vulnerability.
e44a6f8701efdc6da276208167ec596d64a4551e4442fbde0fc4a21cdf70744d
Red Hat Security Advisory 2019-0212-01 - Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller framework for web application development. Action Pack implements the controller and the view components. Issues addressed include a cross site scripting vulnerability.
835760b3d6dfa49fe6d91c0adf7b5055c3da00d6b75ac1af0554eedc1a8d3faf
Ubuntu Security Notice 3885-1 - Harry Sintonen discovered multiple issues in the OpenSSH scp utility. If a user or automated system were tricked into connecting to an untrusted server, a remote attacker could possibly use these issues to write to arbitrary files, change directory permissions, and spoof client output.
081649ccfa282b9f8eeb5c454b5712ab60990d297495d610ee10e4ab2229c421
Apple Security Advisory 2019-2-07-3 - Shortcuts 2.1.3 for iOS is now available and addresses information disclosure and sandbox escape vulnerabilities.
65531847afd9d520f000898444aae963fdc7b61e902aacb814789f5987e4721d
Apple Security Advisory 2019-2-07-1 - iOS 12.1.4 is now available and addresses memory corruption and logic issues.
c5d6f82cbefa18848dead9bac8bdb6df4221120b037ddf81eac68fb7a009a80e
Apple Security Advisory 2019-2-07-2 - macOS Mojave 10.14.3 Supplemental Update is now available and addresses memory corruption and logic issues.
10a0844b8bff43b9944f9fd5da2df403da6942242f43163a7b4ceca69b0ea882
This Metasploit module exploits a vulnerability in the web application of NUUO NVRmini IP camera, which can be done by triggering the writeuploaddir command in the upgrade_handle.php file.
0e6d6f16b31358d1595593354838281181d64f454a338a4ce6a5d4c2cc1f34b3
This Metasploit module exploits a command injection vulnerability in Evince before version 3.24.1 when opening comic book `.cbt` files. Some file manager software, such as Nautilus and Atril, may allow automatic exploitation without user interaction due to thumbnailer preview functionality. Note that limited space is available for the payload.
be7441cb5d0ca4f4495067990292385a52fbdd586a1d34cad46036dcc7576c4c
Sysdig falco is a behavioral activity monitoring agent that is open source and comes with native support for containers. Falco lets you define highly granular rules to check for activities involving file and network activity, process execution, IPC, and much more, using a flexible syntax. Falco will notify you when these rules are violated. You can think about falco as a mix between snort, ossec and strace.
0e09198a685a4fa3d23e3d0f714045a36c147c0c07ed29f5da71d2347d764101
Ubuntu Security Notice 3884-1 - It was discovered that libarchive incorrectly handled certain 7zip files. An attacker could possibly use this issue to cause a denial of service.
b7f40e2deafea3896a92d15326d375475a4087695f4a9f74337c025802fe1394
Slackware Security Advisory - New curl packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.
55bfd78a791cb07eb86d9eb4ab83a37d47182932d30e450c37338132fe078005
Debian Linux Security Advisory 4386-1 - Multiple vulnerabilities were discovered in cURL, an URL transfer library.
389920e5b0a54ae3c59ca15c0208b0912c4ae38e63794ae0abf9317bbce73127