Twenty Year Anniversary
Showing 1 - 25 of 33,579 RSS Feed

Operating System: Linux

Ubuntu Security Notice USN-3675-3
Posted Jun 18, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3675-3 - USN-3675-1 fixed a vulnerability in GnuPG. This update provides the corresponding update for Ubuntu 12.04 ESM. Marcus Brinkmann discovered that during decryption or verification, GnuPG did not properly filter out terminal sequences when reporting the original filename. An attacker could use this to specially craft a file that would cause an application parsing GnuPG output to incorrectly interpret the status of the cryptographic operation reported by GnuPG. Various other issues were also addressed.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2018-12020
MD5 | 563a9a928ab29560f4bcb9624b999abd
Ubuntu Security Notice USN-3687-1
Posted Jun 18, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3687-1 - A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

tags | advisory, remote, web, denial of service, arbitrary, javascript, code execution, xss
systems | linux, ubuntu
advisories | CVE-2018-12293, CVE-2018-4190, CVE-2018-4199, CVE-2018-4218, CVE-2018-4222, CVE-2018-4232, CVE-2018-4233
MD5 | 55bf9fa9e7a0502036a4c6a0c0d90f46
Debian Security Advisory 4231-1
Posted Jun 18, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4231-1 - It was discovered that Libgcrypt is prone to a local side-channel attack allowing recovery of ECDSA private keys.

tags | advisory, local
systems | linux, debian
advisories | CVE-2018-0495
MD5 | 8b7597b32fc2a2f158d2624d6e507119
Debian Security Advisory 4230-1
Posted Jun 18, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4230-1 - Multiple vulnerabilities were discovered in the Lua subsystem of Redis, a persistent key-value database, which could result in denial of service.

tags | advisory, denial of service, vulnerability
systems | linux, debian
advisories | CVE-2018-11218, CVE-2018-11219
MD5 | d712eead66cabe92230211edff8d985f
Debian Security Advisory 4229-1
Posted Jun 17, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4229-1 - Two vulnerabilities were discovered in strongSwan, an IKE/IPsec suite.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2018-10811, CVE-2018-5388
MD5 | 48499d9b1cf9d650d7f3c59cd956f760
Debian Security Advisory 4228-1
Posted Jun 14, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4228-1 - Several vulnerabilities were found in SPIP, a website engine for publishing, resulting in cross-site scripting and PHP injection.

tags | advisory, php, vulnerability, xss
systems | linux, debian
advisories | CVE-2017-15736
MD5 | 34b2e7462bfa056a0c19bbce40b04c29
Ubuntu Security Notice USN-3678-4
Posted Jun 14, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3678-4 - Wen Xu discovered that the ext4 filesystem implementation in the Linux kernel did not properly handle corrupted meta data in some situations. An attacker could use this to specially craft an ext4 file system that caused a denial of service when mounted. It was discovered that the 802.11 software simulator implementation in the Linux kernel contained a memory leak when handling certain error conditions. A local attacker could possibly use this to cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local, memory leak
systems | linux, ubuntu
advisories | CVE-2018-10021, CVE-2018-1092, CVE-2018-8087
MD5 | 1d46e12aafc6190fd589563e09f2bb8a
Red Hat Security Advisory 2018-1852-01
Posted Jun 14, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-1852-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include an information leakage vulnerability.

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2018-3665
MD5 | 48e4d3e34658a90f7f139e487e3927cd
Ubuntu Security Notice USN-3675-2
Posted Jun 14, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3675-2 - USN-3675-1 fixed a vulnerability in GnuPG 2 for Ubuntu 18.04 LTS and Ubuntu 17.10. This update provides the corresponding update for GnuPG 2 in Ubuntu 16.04 LTS and Ubuntu 14.04 LTS. Marcus Brinkmann discovered that during decryption or verification, GnuPG did not properly filter out terminal sequences when reporting the original filename. An attacker could use this to specially craft a file that would cause an application parsing GnuPG output to incorrectly interpret the status of the cryptographic operation reported by GnuPG. Various other issues were also addressed.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2018-12020
MD5 | 7bb33630cd3b5d2a623f796ae002ea14
Ubuntu Security Notice USN-3685-1
Posted Jun 14, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3685-1 - Some of these CVEs were already addressed in previous USN: 3439-1, 3553-1, 3528-1. It was discovered that Ruby incorrectly handled certain inputs. An attacker could use this to cause a buffer overrun. It was discovered that Ruby incorrectly handled certain files. An attacker could use this to overwrite any file on the filesystem. Various other issues were also addressed.

tags | advisory, overflow, ruby
systems | linux, ubuntu
advisories | CVE-2017-0898, CVE-2017-0901, CVE-2017-0902, CVE-2017-0903, CVE-2017-10784, CVE-2017-14064, CVE-2017-17742, CVE-2018-1000074, CVE-2018-8777
MD5 | 8e3eaae5e55f5657e198a4d0014a7723
Gentoo Linux Security Advisory 201806-04
Posted Jun 14, 2018
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201806-4 - Multiple vulnerabilities have been found in Quassel, the worst of which could allow remote attackers to execute arbitrary code. Versions less than 0.12.5 are affected.

tags | advisory, remote, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2018-1000178, CVE-2018-1000179
MD5 | 91ace9408ba723aeae4ed05c0edaab3a
Ubuntu Security Notice USN-3686-1
Posted Jun 14, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3686-1 - Alexander Cherepanov discovered that file incorrectly handled a large number of notes. An attacker could use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS. Alexander Cherepanov discovered that file incorrectly handled certain long strings. An attacker could use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS. Alexander Cherepanov discovered that file incorrectly handled certain malformed ELF files. An attacker could use this issue to cause a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2014-9620, CVE-2014-9621, CVE-2014-9653, CVE-2015-8865, CVE-2018-10360
MD5 | d461c5706afdf66b380cf8a86deaf4f6
Ubuntu Security Notice USN-3684-1
Posted Jun 13, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3684-1 - It was discovered that Perl incorrectly handled certain archive files. An attacker could possibly use this to overwrite arbitrary files.

tags | advisory, arbitrary, perl
systems | linux, ubuntu
advisories | CVE-2018-12015
MD5 | 682ba37fc142ec50b37e732a6884afae
Gentoo Linux Security Advisory 201806-02
Posted Jun 13, 2018
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201806-2 - Multiple vulnerabilities have been found in Adobe Flash Player, the worst of which allows remote attackers to execute arbitrary code. Versions less than 30.0.0.113 are affected.

tags | advisory, remote, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2018-4944, CVE-2018-4945, CVE-2018-5000, CVE-2018-5001, CVE-2018-5002
MD5 | 22791d9866b7d08fbdc78e485cbcd7fc
Ubuntu Security Notice USN-3684-2
Posted Jun 13, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3684-2 - USN-3684-1 fixed a vulnerability in perl. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that Perl incorrectly handled certain archive files. An attacker could possibly use this to overwrite arbitrary files.

tags | advisory, arbitrary, perl
systems | linux, ubuntu
advisories | CVE-2018-12015
MD5 | 00c9c5a21a48d1c5060750b8a91b2e86
Gentoo Linux Security Advisory 201806-03
Posted Jun 13, 2018
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201806-3 - Multiple vulnerabilities were discovered in BURP's Gentoo ebuild, the worst of which could lead to root privilege escalation. Versions less than 2.1.32 are affected.

tags | advisory, root, vulnerability
systems | linux, gentoo
advisories | CVE-2017-18284, CVE-2017-18285
MD5 | 34f3d723a1b598e50cf92fbe98bfad58
Red Hat Security Advisory 2018-1843-01
Posted Jun 13, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-1843-01 - Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. Issues addressed include an exposure of application resources.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2018-1323
MD5 | 9cc4bf2fe044b480587b031eee255c25
Ubuntu Security Notice USN-3683-1
Posted Jun 13, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3683-1 - Andrew Skalski discovered that Bind could incorrectly enable recursion when the "allow-recursion" setting wasn't specified. This issue could improperly permit recursion to all clients, contrary to expectations.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2018-5738
MD5 | 3119f1d5bde8d9933e7039d7ece9575d
Gentoo Linux Security Advisory 201806-01
Posted Jun 13, 2018
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201806-1 - A vulnerability in GNU Wget could allow arbitrary cookies to be injected. Versions less than 1.19.5 are affected.

tags | advisory, arbitrary
systems | linux, gentoo
advisories | CVE-2018-0494
MD5 | ad4dbfd3990efbe661009dfe20b19e68
glibc 'realpath()' Privilege Escalation
Posted Jun 12, 2018
Authored by halfdog, Brendan Coles | Site metasploit.com

This Metasploit module attempts to gain root privileges on Linux systems by abusing a vulnerability in GNU C Library (glibc) version 2.26 and prior. This Metasploit module uses halfdog's RationalLove exploit to exploit a buffer underflow in glibc realpath() and create a SUID root shell. The exploit has offsets for glibc versions 2.23-0ubuntu9 and 2.24-11+deb9u1. The target system must have unprivileged user namespaces enabled. This Metasploit module has been tested successfully on Ubuntu Linux 16.04.3 (x86_64) with glibc version 2.23-0ubuntu9; and Debian 9.0 (x86_64) with glibc version 2.24-11+deb9u1.

tags | exploit, shell, root
systems | linux, debian, ubuntu
advisories | CVE-2018-1000001
MD5 | fdde72feb2388aee3f2e93395c3c6363
DHCP Client Command Injection (DynoRoot)
Posted Jun 12, 2018
Authored by Felix Wilhelm | Site metasploit.com

This Metasploit module exploits the DynoRoot vulnerability, a flaw in how the NetworkManager integration script included in the DHCP client in Red Hat Enterprise Linux 6 and 7, Fedora 28, and earlier processes DHCP options. A malicious DHCP server, or an attacker on the local network able to spoof DHCP responses, could use this flaw to execute arbitrary commands with root privileges on systems using NetworkManager and configured to obtain network configuration using the DHCP protocol.

tags | exploit, arbitrary, local, root, spoof, protocol
systems | linux, redhat, fedora
advisories | CVE-2018-1111
MD5 | 5260d2ef5bb8f8bbc5edbc0ec7cb7c67
Ubuntu Security Notice USN-3682-1
Posted Jun 12, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3682-1 - A heap buffer overflow was discovered in Skia. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service, or execute arbitrary code.

tags | advisory, denial of service, overflow, arbitrary
systems | linux, ubuntu
advisories | CVE-2018-6126
MD5 | 9d8d0a4e3481a5f69358902a80dbe817
Debian Security Advisory 4227-1
Posted Jun 12, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4227-1 - Danny Grander discovered a directory traversal flaw in plexus-archiver, an Archiver plugin for the Plexus compiler system, allowing an attacker to overwrite any file writable by the extracting user via a specially crafted Zip archive.

tags | advisory
systems | linux, debian
advisories | CVE-2018-1002200
MD5 | 3e6c7e4c336db858ce3c343012428294
Ubuntu Security Notice USN-3678-3
Posted Jun 12, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3678-3 - Wen Xu discovered that the ext4 filesystem implementation in the Linux kernel did not properly handle corrupted meta data in some situations. An attacker could use this to specially craft an ext4 file system that caused a denial of service when mounted. It was discovered that the 802.11 software simulator implementation in the Linux kernel contained a memory leak when handling certain error conditions. A local attacker could possibly use this to cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local, memory leak
systems | linux, ubuntu
advisories | CVE-2018-10021, CVE-2018-1092, CVE-2018-8087
MD5 | b71a6729238f35ec13634f2c220c34d3
Debian Security Advisory 4226-1
Posted Jun 12, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4226-1 - Jakub Wilk discovered a directory traversal flaw in the Archive::Tar module, allowing an attacker to overwrite any file writable by the extracting user via a specially crafted tar archive.

tags | advisory
systems | linux, debian
advisories | CVE-2018-12015
MD5 | fa2765272a509416ac08b9def96b1f3d
Page 1 of 1,344
Back12345Next

Want To Donate?


Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

File Archive:

June 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    14 Files
  • 2
    Jun 2nd
    1 Files
  • 3
    Jun 3rd
    3 Files
  • 4
    Jun 4th
    18 Files
  • 5
    Jun 5th
    21 Files
  • 6
    Jun 6th
    9 Files
  • 7
    Jun 7th
    16 Files
  • 8
    Jun 8th
    18 Files
  • 9
    Jun 9th
    5 Files
  • 10
    Jun 10th
    2 Files
  • 11
    Jun 11th
    21 Files
  • 12
    Jun 12th
    34 Files
  • 13
    Jun 13th
    15 Files
  • 14
    Jun 14th
    16 Files
  • 15
    Jun 15th
    4 Files
  • 16
    Jun 16th
    1 Files
  • 17
    Jun 17th
    2 Files
  • 18
    Jun 18th
    13 Files
  • 19
    Jun 19th
    0 Files
  • 20
    Jun 20th
    0 Files
  • 21
    Jun 21st
    0 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    0 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close