Ubuntu Security Notice 3691-1 - It was discovered that the Security component of OpenJDK did not correctly perform merging of multiple sections for the same file listed in JAR archive file manifests. An attacker could possibly use this to modify attributes in a manifest without invalidating the signature. Francesco Palmarini, Marco Squarcina, Mauro Tempesta, and Riccardo Focardi discovered that the Security component of OpenJDK did not restrict which classes could be used when deserializing keys from the JCEKS key stores. An attacker could use this to specially craft a JCEKS key store to execute arbitrary code. Various other issues were also addressed.
ae063cd3b9c6e04321f83b5de454d2e7Orchid Core VMS is vulnerable to a directory traversal attack. This affects Linux and Windows operating systems. This allows a remote, unauthenticated attacker to send crafted GET requests to the application, which results in the ability to read arbitrary files outside of the applications web directory. This issue is further compounded as the Linux version of Orchid Core VMS application is running in context of a user in the sudoers group. As such, any file on the underlying system, for which the location is known, can be read. This Metasploit module was tested against 2.0.5. This has been fixed in 2.0.6.
3e04a3dc073e0a19729151e34ab842cbSlackware Security Advisory - New gnupg packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix a security issue.
5f95b683f49143b20ca8b521cb2f50ceDebian Linux Security Advisory 4232-1 - This update provides mitigations for the "lazy FPU" vulnerability affecting a range of Intel CPUs, which could result in leaking CPU register states belonging to another vCPU previously scheduled on the same CPU.
a6b4e2a3380dbefdaab3f2a5274ae52bRed Hat Security Advisory 2018-1954-01 - GlusterFS is a key building block of Red Hat Gluster Storage. It is based on a stackable user-space design and can deliver exceptional performance for diverse workloads. GlusterFS aggregates various storage servers over network interconnections into one large, parallel network file system. Issues addressed include an access control issue.
1b453287b8ed5413c82d29332576df5cRed Hat Security Advisory 2018-1955-01 - GlusterFS is a key building block of Red Hat Gluster Storage. It is based on a stackable user-space design and can deliver exceptional performance for diverse workloads. GlusterFS aggregates various storage servers over network interconnections into one large, parallel network file system. Issues addressed include an access control issue.
41b04df9b4a1d1057bf67e2f8a47b7bbUbuntu Security Notice 3690-1 - Jann Horn discovered that microprocessors utilizing speculative execution and branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Spectre. A local attacker could use this to expose sensitive information, including kernel memory. This update provides the microcode updates for AMD 17H family processors required for the corresponding Linux kernel updates.
ae1e073f1e15a74b2954bb007e352225Red Hat Security Advisory 2018-1957-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection. Issues addressed include a code execution vulnerability.
03093ce363c16c56dca16dd051bcd79dRed Hat Security Advisory 2018-1932-01 - The zsh shell is a command interpreter usable as an interactive login shell and as a shell script command processor. Zsh resembles the ksh shell, but includes many enhancements. Zsh supports command-line editing, built-in spelling correction, programmable command completion, shell functions, a history mechanism, and more. Issues addressed include buffer overflow and code execution vulnerabilities.
7df45b65507cdbd916c317251f366d7aRed Hat Security Advisory 2018-1927-01 - The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Issues addressed include a bypass vulnerability.
7112e04c59ef87b6bbc3e302c9a1745bRed Hat Security Advisory 2018-1877-01 - The System Security Services Daemon service provides a set of daemons to manage access to remote directories and authentication mechanisms. It also provides the Name Service Switch and the Pluggable Authentication Modules interfaces toward the system, and a pluggable back-end system to connect to multiple different account sources. The ding-libs packages contain a set of libraries used by the System Security Services Daemon as well as other projects, and provide functions to manipulate file system path names, a hash table to manage storage and access time properties, a data type to collect data in a hierarchical structure, a dynamically growing, reference-counted array, and a library to process configuration files in initialization format into a library collection data structure . Issues addressed include an unsanitized input vulnerability.
2b40fc9db63ce60127ed3d67d1de2764Red Hat Security Advisory 2018-1883-01 - Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. Issues addressed include a null pointer vulnerability.
8269e528e88ef49981186fb4fe4be9adRed Hat Security Advisory 2018-1860-01 - Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. Issues addressed include a null pointer vulnerability.
4146ca026b00f147624a854db7da7ed8Red Hat Security Advisory 2018-1929-01 - The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. Issues addressed include a resource exhaustion vulnerability.
6e803921daea584644384a9628e7c288Red Hat Security Advisory 2018-1933-01 - Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 67.0.3396.87. Issues addressed include an out of bounds write vulnerability.
05538d185f22d9fbeac4321c4128a5e9Ubuntu Security Notice 3689-2 - USN-3689-1 fixed a vulnerability in Libgcrypt. This update provides the corresponding update for Ubuntu 12.04 ESM. Keegan Ryan discovered that Libgcrypt was susceptible to a side- channel attack. A local attacker could possibly use this attack to recover ECDSA private keys. Various other issues were also addressed.
1bcad9aa93b3aefd025d12f27a5427a7Ubuntu Security Notice 3689-1 - Keegan Ryan discovered that Libgcrypt was susceptible to a side-channel attack. A local attacker could possibly use this attack to recover ECDSA private keys.
669d8760bbc286c2aa34f3be000a22d7Ubuntu Security Notice 3688-1 - Multiple memory safety issues were fixed in Spidermonkey. An attacker could potentially exploit these to cause a denial of service, or execute arbitrary code.
b4b407d424d805cebd29041d02ce7436Gentoo Linux Security Advisory 201806-7 - A vulnerability in Transmission could allow a remote attacker to execute arbitrary RPC commands. Versions less than 2.93 are affected.
363e09752d7859a754f442f0d640b45bGentoo Linux Security Advisory 201806-6 - A vulnerability has been found in Chromium and Chrome that could allow a remote attacker to execute arbitrary code. Versions less than 67.0.3396.87 are affected.
ef6f587086f28528b08b9773711c82e6Gentoo Linux Security Advisory 201806-5 - Multiple vulnerabilities have been found in cURL, the worst of which could result in a Denial of Service condition. Versions less than 7.60.0 are affected.
bb6b32c72590b5a3d9811a12c1d7386bRed Hat Security Advisory 2018-1854-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include bypass, denial of service, and null pointer vulnerabilities.
735a86a96b8c149318b97e23daba46beRed Hat Security Advisory 2018-1944-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include an information leakage vulnerability.
769c10853b79201fff02e005e12ff082Red Hat Security Advisory 2018-1879-01 - The glibc packages provide the standard C libraries, POSIX thread libraries, standard math libraries, and the name service cache daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Issues addressed include a buffer overflow vulnerability.
a1b7d783fcf7377a59aeaeab82f4881dRed Hat Security Advisory 2018-1949-01 - Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically. Issues addressed include an information leakage vulnerability.
d387dece9bedeed11922b58ec59682ee
© 2018 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed