Ubuntu Security Notice 4063-1 - Nils Emmerich discovered that LibreOffice incorrectly handled LibreLogo scripts. If a user were tricked into opening a specially crafted document, a remote attacker could cause LibreOffice to execute arbitrary code. Matei "Mal" Badanoiu discovered that LibreOffice incorrectly handled stealth mode. Contrary to expectations, bullet graphics could be retrieved from remote locations when running in stealth mode. Various other issues were also addressed.
5c4a3cb496c551255388e2750ed2e624Ubuntu Security Notice 4059-2 - USN-4059-1 and USN-3557-1 fixed several vulnerabilities in Squid. This update provides the corresponding update for Ubuntu 12.04 ESM. Louis Dion-Marcil discovered that Squid incorrectly handled certain Edge Side Includes responses. A malicious remote server could possibly cause Squid to crash, resulting in a denial of service. Various other issues were also addressed.
d94434b55f2ed5a67ffc830571769e16Debian Linux Security Advisory 4483-1 - Two security issues have been discovered in LibreOffice.
8a8647cc7bb2c4ae00c94ccdad86b50eRed Hat Security Advisory 2019-1799-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 60.8.0. Issues addressed include cross site scripting and use-after-free vulnerabilities.
66afec75bd27379d2d7ca11719a3c33bLinux suffers from broken permission and object lifetime handling for PTRACE_TRACEME.
91c78e7e5a824d9c7ed235f47eecb190Ubuntu Security Notice 4062-1 - Rohan Padhye discovered that WavPack incorrectly handled certain WAV files. An attacker could possibly use this issue to cause a denial of service.
37295b20aa73d5bf2ca6f49f1b81c87aUbuntu Security Notice 4060-2 - USN-4060-1 fixed several vulnerabilities in nss. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Henry Corrigan-Gibbs discovered that NSS incorrectly handled importing certain curve25519 private keys. An attacker could use this issue to cause NSS to crash, resulting in a denial of service, or possibly obtain sensitive information. Various other issues were also addressed.
f36f42a446af8c0537c1e6f353b38dc2Red Hat Security Advisory 2019-1797-01 - Red Hat JBoss BPM Suite is a business rules and processes management system for the management, storage, creation, modification, and deployment of JBoss rules and BPMN2-compliant business processes. This release of Red Hat JBoss BPM Suite 6.4.12 serves as a replacement for Red Hat JBoss BPM Suite 6.4.11, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include code execution and deserialization vulnerabilities.
38682b36915cf05dcfcb491c3edfc161Ubuntu Security Notice 4061-1 - It was discovered that Redis incorrectly handled the hyperloglog data structure. An attacker could use this issue to cause Redis to crash, resulting in a denial of service, or possibly execute arbitrary code.
8b3193b03bab1bc31716f1268177203eRed Hat Security Advisory 2019-1793-01 - Vim is an updated and improved version of the vi editor. Issues addressed include a command execution vulnerability.
0e4a06f043e09e448fc10b9f8efe4535Red Hat Security Advisory 2019-1791-01 - The libssh2 packages provide a library that implements the SSH2 protocol. Issues addressed include an out of bounds write vulnerability.
069b0013cb2714eb78933e51a27be507Red Hat Security Advisory 2019-1792-01 - The keepalived utility provides simple and robust facilities for load balancing and high availability. The load balancing framework relies on the well-known and widely used IP Virtual Server kernel module providing layer-4 load balancing. Keepalived implements a set of checkers to dynamically and adaptively maintain and manage a load balanced server pool according to the health of the servers. Keepalived also implements the Virtual Router Redundancy Protocol to achieve high availability with director failover. Issues addressed include buffer overflow, code execution, and denial of service vulnerabilities.
3765b627b8b5a8ed2405b60ec92ee43aRed Hat Security Advisory 2019-1790-01 - Perl is a high-level programming language that is commonly used for system administration utilities and web programming. Issues addressed include a buffer overflow vulnerability.
a298004fd012ab317d6dcdc6bd10d9eaRed Hat Security Advisory 2019-1789-01 - 389 Directory Server is an LDAP version 3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. Issues addressed include a denial of service vulnerability.
a4d1c2ed74cf3fc0f7504c844341174eUbuntu Security Notice 4060-1 - Henry Corrigan-Gibbs discovered that NSS incorrectly handled importing certain curve25519 private keys. An attacker could use this issue to cause NSS to crash, resulting in a denial of service, or possibly obtain sensitive information. Hubert Kario discovered that NSS incorrectly handled PKCS#1 v1.5 signatures when using TLSv1.3. An attacker could possibly use this issue to trick NSS into using PKCS#1 v1.5 signatures, contrary to expectations. This issue only applied to Ubuntu 19.04. Various other issues were also addressed.
acf4fb5b8ce93a4b59ab3ef1e3ef1c1bRed Hat Security Advisory 2019-1782-01 - Red Hat JBoss BRMS is a business rules management system for the management, storage, creation, modification, and deployment of JBoss Rules. This release of Red Hat JBoss BRMS 6.4.11 serves as a replacement for Red Hat JBoss BRMS 6.4.10, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include code execution and deserialization vulnerabilities.
624a99aaa45367d01cece19d79ab8005Ubuntu Security Notice 4059-1 - It was discovered that Squid incorrectly handled certain SNMP packets. A remote attacker could possibly use this issue to cause memory consumption, leading to a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. It was discovered that Squid incorrectly handled the cachemgr.cgi web module. A remote attacker could possibly use this issue to conduct cross-site scripting attacks. Various other issues were also addressed.
bf7b4c06d599e5f9a96a8cba60efc48bUbuntu Security Notice 4058-1 - It was discovered that Bash incorrectly handled the restricted shell. An attacker could possibly use this issue to escape restrictions and execute any command.
7fb315e3b1d5e09fee1ed9f654e88e7aCentOS Control Web Panel version 0.9.8.838 suffers from a user enumeration vulnerability.
c0097370579f6ba471afee6e2a345e0bCentOS Control Web Panel version 0.9.8.836 suffers from an authentication bypass vulnerability.
010e4c768075759ac870b22afd37ce05CentOS Control Web Panel version 0.9.8.836 suffers from a privilege escalation vulnerability.
a9210bf1e43adfc4a34316bfb77c32edUbuntu Security Notice 4057-1 - Mike Salvatore discovered that Zipios mishandled certain malformed ZIP files. An attacker could use this vulnerability to cause a denial of service or consume system resources.
dae36d4c344d8686ae8d52665972276aSlackware Security Advisory - New bzip2 packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.
529e61d54f5a81c0fcc0113d9dbe7905Ubuntu Security Notice 4056-1 - It was discovered that Exiv2 incorrectly handled certain PSD files. An attacker could possibly use this issue to cause a denial of service. It was discovered that Exiv2 incorrectly handled certain PNG files. An attacker could possibly use this issue to cause a denial of service. It was discovered that Exiv2 incorrectly handled certain CRW files. An attacker could possibly use this issue to cause a denial of service. Various other issues were also addressed.
ce37372e3ab8d7f50784568bdf00538aDebian Linux Security Advisory 4482-1 - Multiple security issues have been found in Thunderbird which could potentially result in the execution of arbitrary code, cross-site scripting, spoofing, information disclosure, denial of service or cross-site request forgery.
98a6d07eeef8d662beb2fa0f236cb9d3
© 2019 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed