Ubuntu Security Notice 4051-2 - USN-4051-1 fixed a vulnerability in apport. This update provides the corresponding update for Ubuntu 14.04 ESM. Kevin Backhouse discovered a race-condition when reading the user's local Apport configuration. This could be used by a local attacker to cause Apport to include arbitrary files in a resulting crash report. Various other issues were also addressed.
b118b73a3e70bc75b2761814734a137b7fc3d5482fda00d698c2f0483d75154fAn issue has been discovered where the Microsoft Font Subsetting DLL (fontsub.dll) suffers from a heap-based out-of-bounds read vulnerability in MergeFonts.
59bdcf0c53bae14944835fcc600e7d18a2f131991f8e5f86054a589716d13344In Spidermonkey, definite properties are incorrectly computed in some cases, leading to uninitialized memory access when unboxed objects are enabled.
d5e57b45335987c57a60c695f2a40c77e9067f21be0de63eebb043e2659b8b6cRed Hat Security Advisory 2019-1712-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector, JBoss HTTP Connector, Hibernate, and the Tomcat Native library. This release of Red Hat JBoss Web Server 3.1 Service Pack 7 serves as a replacement for Red Hat JBoss Web Server 3.1, and includes bug fixes, which are documented in the Release Notes document linked to in the References. Issues addressed include code execution and denial of service vulnerabilities.
4863f920f3b15dcdcec2d0dd562734f9518f6cac4d59c8e78c18998b08e334e5Red Hat Security Advisory 2019-1711-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector, JBoss HTTP Connector, Hibernate, and the Tomcat Native library. This release of Red Hat JBoss Web Server 3.1 Service Pack 7 serves as a replacement for Red Hat JBoss Web Server 3.1, and includes bug fixes, which are documented in the Release Notes document linked to in the References. Issues addressed include a denial of service vulnerability.
53a9a53c28c53d5b01a5461af1d1995d97e4ad3f033abc3082746a9be5191238Ubuntu Security Notice 4053-1 - It was discovered that GVfs incorrectly handled the admin backend. Files created or moved by the admin backend could end up with the wrong ownership information, contrary to expectations. This issue only affected Ubuntu 18.04 LTS, Ubuntu 18.10, and Ubuntu 19.04. It was discovered that GVfs incorrectly handled authentication on its private D-Bus socket. A local attacker could possibly connect to this socket and issue D-Bus calls. Various other issues were also addressed.
6fb8899856cc7b80a25db9c4fd55febd0ffbea35c9c31286b54370071f7ab7f2Red Hat Security Advisory 2019-1707-01 - Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically. Issues addressed include an information leakage vulnerability.
d2d340b8f33db9a26a1f1a975019abdf644038e3c5525032c848794775f1ad0bRed Hat Security Advisory 2019-1708-01 - Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically. Issues addressed include an information leakage vulnerability.
57a847fc6a8b35e919b74b88de4f8cbe46882f89a4436455399d3ad8c6664790Red Hat Security Advisory 2019-1706-01 - Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically. Issues addressed include an information leakage vulnerability.
7d1a35aa4fb2820bc00bf384f587e5755de53b50bc2c423cdcb6932afec5635aRed Hat Security Advisory 2019-1705-01 - Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically. Issues addressed include an information leakage vulnerability.
5e637e5f1ceee288a70ecd2eed5cb096336f105a9d84e897401aa9c0642b7accUbuntu Security Notice 4051-1 - Kevin Backhouse discovered a race-condition when reading the user's local Apport configuration. This could be used by a local attacker to cause Apport to include arbitrary files in a resulting crash report.
d330a041cc9d074219ac46e063d908460812f0c7b37bbe6dca395bc146806de0Ubuntu Security Notice 4052-1 - Kevin Backhouse discovered Whoopsie incorrectly handled very large crash reports. A local attacker could possibly use this issue to cause a denial of service or expose sensitive information.
3e796f9ad44b762fa85ee67a3defe93c4f1f810a50926f702705ce1d73fa0c74Firefox version 67.0.4 suffers from a denial of service vulnerability.
91ab3bcbea11a79ea6cb6a6c8e3b1620d9b67ea7bbda8f49ca09e7f7907d603eKarenderia CMS version 5.3 suffers from a cross site scripting vulnerability.
1cb156c421355ea283a36414c464338fe3d08fde96818f8947474d93dd76784aThe Razer Chroma SDK installs with a root certificate that also includes its private key. This flaw impacts Razer Synapse 3 versions 1.0.103.136 build 3.4.0415.04181, and may impact older versions.
7361a034148b9f05e64fd2bf8d6ee5ee1f3466efe8ad487e174465ccbcb181e4
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed