Slackware Security Advisory - New php packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.
5f3e62dec417873d80984702db0e07efUbuntu Security Notice 3765-2 - USN-3765-1 fixed a vulnerability in curl. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that curl incorrectly handled certain inputs. An attacker could possibly use this to execute arbitrary code.
046498323331b3221476fc8637909661Ubuntu Security Notice 3765-1 - It was discovered that curl incorrectly handled certain inputs. An attacker could possibly use this to execute arbitrary code.
a456fd55f32a80ce8985878450202aa9Debian Linux Security Advisory 4295-1 - safety errors and use-after-frees may lead to the execution of arbitrary code or denial of service.
c01b31084c3ffcfaf809a853f36ca1f8Ubuntu Security Notice 3761-3 - USN-3761-1 fixed vulnerabilities in Firefox. The update caused several regressions affecting spellchecker dictionaries and search engines, which were partially fixed by USN-3761-2. This update contains the remaining fix. Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, or execute arbitrary code. It was discovered that if a user saved passwords before Firefox 58 and then later set a master password, an unencrypted copy of these passwords would still be accessible. A local user could exploit this to obtain sensitive information. Various other issues were also addressed.
6d86615e6427f6c484cd9030a34da1d7Debian Linux Security Advisory 4294-1 - Tavis Ormandy discovered multiple vulnerabilites in Ghostscript, an interpreter for the PostScript language, which could result in the execution of arbitrary code if a malformed Postscript file is processed (despite the dSAFER sandbox being enabled).
5536e1e864054d6f82660441d74f9e19Debian Linux Security Advisory 4293-1 - Several heap buffer overflows were found in discount, an implementation of the Markdown markup language, that could be triggered witth specially crafted Markdown data and would cause discount to read past the end of internal buffers.
4421b9685d73866006c16d1c98ab0cb1Debian Linux Security Advisory 4273-2 - This update ships updated CPU microcode for additional models of Intel CPUs which were not yet covered by the Intel microcode update released as DSA-4273-1 (and thus provides SSBD support (needed to address "Spectre v4") and fixes for "Spectre v3a")).
8d3bff6c7eba959568a9bbd92b2ec137Slackware Security Advisory - New ghostscript packages are available for Slackware 14.2 and -current to fix security issues.
c7cf1534fe66bdfbfa621895e3534502Red Hat Security Advisory 2018-2707-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update upgrades Flash Player to version 31.0.0.108. Issues addressed include an information leakage vulnerability.
34118cbfe8ebbee97aa46dfbadbd9e1754 bytes small Linux/x86 random bytewise XOR + insertion encoder shellcode.
06349f5063d609d0069f113064a877b799 bytes small Linux/x86 file modification (/etc/hosts) polymorphic shellcode.
b6b68473df8cea8e32cab90f6a2fb2df61 bytes small Linux/x86 read file (/etc/passwd) MSF optimized shellcode.
774bb96e53da0cf6170ece1a360e3be1103 bytes small Linux/x86 add user (r00t/blank) polymorphic shellcode.
688f6c9dd5bbf7d04ce90d82048badffUbuntu Security Notice 3747-2 - USN-3747-1 fixed vulnerabilities in OpenJDK 10 for Ubuntu 18.04 LTS. Unfortunately, that update introduced a regression around accessability support that prevented some Java applications from starting. This update fixes the problem. Various other issues were also addressed.
67a9c4972cb887b4f256e30f4bdf6d68Ubuntu Security Notice 3747-2 - USN-3747-1 fixed vulnerabilities in OpenJDK 10 for Ubuntu 18.04 LTS. Unfortunately, that update introduced a regression around accessibility support that prevented some Java applications from starting. This update fixes the problem. Various other issues were also addressed.
67a9c4972cb887b4f256e30f4bdf6d68Red Hat Security Advisory 2018-2701-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector, JBoss HTTP Connector, Hibernate, and the Tomcat Native library. This release of Red Hat JBoss Web Server 3.1 Service Pack 5 serves as a replacement for Red Hat JBoss Web Server 3.1, and includes bug fixes, which are documented in the Release Notes document linked to in the References. Issues addressed include a denial of service vulnerability.
c1ec2a452487dc0b8e2d9f2a129a2558Linux suffers from an arbitrary kernel read into dmesg via a missing address check in the segfault handler.
06e9283f3dd8c10929847de0f7b403d2Red Hat Security Advisory 2018-2700-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector, JBoss HTTP Connector, Hibernate, and the Tomcat Native library. This release of Red Hat JBoss Web Server 3.1 Service Pack 5 serves as a replacement for Red Hat JBoss Web Server 3.1, and includes bug fixes, which are documented in the Release Notes document linked to in the References. Issues addressed include a denial of service vulnerability.
630cabf1a1c0aa7715f1511ab0c02a93Red Hat Security Advisory 2018-2693-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.2.0 ESR. Issues addressed include bypass and use-after-free vulnerabilities.
ba202b454b0aa867d68b359535603f85Ubuntu Security Notice 3764-1 - It was discovered that Zsh incorrectly handled certain scripts. An attacker could possibly use this issue to execute arbitrary code. Richard Maciel Costa discovered that Zsh incorrectly handled certain scripts. An attacker could possibly use this issue to execute arbitrary code.
96d2efb770040fbb9f4157fad27c0c2eRed Hat Security Advisory 2018-2692-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.2.0 ESR. Issues addressed include bypass and use-after-free vulnerabilities.
174a341e1a9432fb9bf9abde31e54dfaRed Hat Security Advisory 2018-2684-01 - .NET Core is a managed software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. A new version of .NET Core that addresses several security vulnerabilities is now available. The updated version of the runtime is 2.1.4. The updated version of the SDK is 2.1.402. These versions correspond to the September 2018 security release by .NET Core upstream projects.
daa05cbc1fd8bb4138ff1edf62c3b8eeDebian Linux Security Advisory 4292-1 - Henning Westerholt discovered a flaw related to the Via header processing in kamailio, a very fast, dynamic and configurable SIP server. An unauthenticated attacker can take advantage of this flaw to mount a denial of service attack via a specially crafted SIP message with an invalid Via header.
07fdefb37bbfd74dba449492e9ff5d87Debian Linux Security Advisory 4291-1 - Two input sanitization failures have been found in the faxrunq and faxq binaries in mgetty, a smart modem getty replacement. An attacker could leverage them to insert commands via shell metacharacters in jobs id and have them executed with the privilege of the faxrunq/faxq user.
be0cb8e6db32850d296d214e389adee1
© 2018 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed