Debian Linux Security Advisory 4350-1 - It was discovered that incorrect processing of very high UIDs in Policykit, a framework for managing administrative policies and privileges, could result in authentication bypass.
f77c7575733e7e18b3953cef1e1c78a2Debian Linux Security Advisory 4349-1 - Multiple vulnerabilities have been discovered in the libtiff library and the included tools, which may result in denial of service or the execution of arbitrary code if malformed image files are processed.
6897f1ef190f40a3af0d27ad61263ffcDebian Linux Security Advisory 4348-1 - Several local side channel attacks and a denial of service via large Diffie-Hellman parameters were discovered in OpenSSL, a Secure Sockets Layer toolkit.
9f26279cb338cd2494304ede9e253c79Debian Linux Security Advisory 4347-1 - Multiple vulnerabilities were discovered in the implementation of the Perl programming language.
55b5f8a7009fa232b7fe40ce3b498a47Debian Linux Security Advisory 4346-1 - Several vulnerabilities were discovered in Ghostscript, the GPL PostScript/PDF interpreter, which may result in denial of service or the execution of arbitrary code if a malformed Postscript file is processed (despite the -dSAFER sandbox being enabled).
f89266c182d9b77cb78d4b9d1bb90820Debian Linux Security Advisory 4345-1 - Several vulnerabilities have been discovered in Samba, a SMB/CIFS file, print, and login server for Unix.
f3606a59eb6ee66c892dcf8acffd50a7The imap_open function within PHP, if called without the /norsh flag, will attempt to preauthenticate an IMAP session. On Debian based systems, including Ubuntu, rsh is mapped to the ssh binary. Ssh's ProxyCommand option can be passed from imap_open to execute arbitrary commands. While many custom applications may use imap_open, this exploit works against the following applications: e107 v2, prestashop, SuiteCRM, as well as Custom, which simply prints the exploit strings for use. Prestashop exploitation requires the admin URI, and administrator credentials. suiteCRM/e107/hostcms require administrator credentials.
d4da49f1f3382fe81325e51853a7fcc3Debian Linux Security Advisory 4344-1 - Aidan Marlin discovered that roundcube, a skinnable AJAX based webmail solution for IMAP servers, is prone to a cross-site scripting vulnerability in handling invalid style tag content.
f68d455c966d385dd7b379b30855d484Debian Linux Security Advisory 4343-1 - It was discovered that a buffer overflow in liveMedia, a set of C++ libraries for multimedia streaming could result in the execution of arbitrary code when parsing a malformed RTSP stream.
a08125685f26d25e8fd841c631aa35c9Debian Linux Security Advisory 4339-2 - The update for ceph issued as DSA-4339-1 caused a build regression for the i386 builds. Updated packages are now available to address this issue.
1bc141ce23b515cfc492a8a92b1f010bDebian Linux Security Advisory 4341-1 - Several issues have been discovered in the MariaDB database server. The vulnerabilities are addressed by upgrading MariaDB to the new upstream version 10.1.37.
fc306a198a645996743e5878aaf89086Debian Linux Security Advisory 4340-1 - An out-of-bounds bounds memory access issue was discovered in chromium's v8 javascript library by cloudfuzzer.
bfd24298c65684c48f7dfd5a9793a54eDebian Linux Security Advisory 4339-1 - Multiple vulnerabilities were discovered in Ceph, a distributed storage replay attacks and calculated signatures incorrectly, "ceph mon" did not validate capabilities for pool operations (resulting in potential corruption or deletion of snapshot images) and a format string vulnerability in libradosstriper could result in denial of service.
7d33268d994527eabee05d8428f919cbPHP version 5.2.3 (Debian) suffers from an imap imap_open disable functions bypass vulnerability.
aa9bfde85a72aab2622a5ce32e492d2aDebian Linux Security Advisory 4338-1 - Integer overflows in the processing of packets in network cards emulated by QEMU, a fast processor emulator, could result in denial of service.
15d509051fcf2fb66ea41acb025d14f0Debian Linux Security Advisory 4337-1 - safety errors may lead to the execution of arbitrary code or denial of service.
84df8a853d0cd691f2c1c1877e3e51a8Debian Linux Security Advisory 4336-1 - Several vulnerabilities were discovered in Ghostscript, the GPL PostScript/PDF interpreter, which may result in denial of service, disclosure of existence and size of arbitrary files, or the execution of arbitrary code if a malformed Postscript file is processed (despite the dSAFER sandbox being enabled).
5272b35e98151ec03cae17c1cae7ca73Debian Linux Security Advisory 4335-1 - Three vulnerabilities were discovered in Nginx, a high-performance web and reverse proxy server, which could in denial of service in processing HTTP/2 (via excessive memory/CPU usage) or server memory disclosure in the ngx_http_mp4_module module (used for server-side MP4 streaming).
4d4bf37877010a706d4c0cec4789a57bDebian Linux Security Advisory 4334-1 - Multiple vulnerabilities were discovered in MuPDF, a PDF, XPS, and e-book viewer which could result in denial of service or the execution of arbitrary code if malformed documents are opened.
0d4bb0b6144acb743c6577accc5c3e20Debian Linux Security Advisory 4333-1 - Nick Rolfe discovered multiple buffer overflows in the Icecast multimedia streaming server which could result in the execution of arbitrary code.
a1bafaabade89c2cdb1b4dbed96a1cc8Debian Linux Security Advisory 4332-1 - Several vulnerabilities have been discovered in the interpreter for the Ruby language.
e9c4818aa6963d8109d3854620683e24Debian Linux Security Advisory 4331-1 - Two vulnerabilities were discovered in cURL, an URL transfer library.
e8fcc8f27143451b9ef99f43058db435Debian Linux Security Advisory 4330-1 - Several vulnerabilities have been discovered in the chromium web browser.
274f4b9bed0ab00b97cda6b9faf28b97Debian Linux Security Advisory 4329-1 - It was discovered that incorrect connection setup in the server for Teeworlds, an online multi-player platform 2D shooter, could result in denial of service via forged connection packets (rendering all game server slots occupied).
037c269942e30b2051e7265dd555f60fDebian Linux Security Advisory 4321-2 - The update of Graphicsmagick in DSA-4321-1 introduced a change in the handling of case-sensitivity in an internal API function which could affect some code built against the GraphicsMagick libraries. This update restores the previous behaviour.
d87fe6eb77217ab097495ad5a68ce443
© 2018 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed