Red Hat Security Advisory 2018-2707-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update upgrades Flash Player to version 31.0.0.108. Issues addressed include an information leakage vulnerability.
34118cbfe8ebbee97aa46dfbadbd9e1754 bytes small Linux/x86 random bytewise XOR + insertion encoder shellcode.
06349f5063d609d0069f113064a877b799 bytes small Linux/x86 file modification (/etc/hosts) polymorphic shellcode.
b6b68473df8cea8e32cab90f6a2fb2df61 bytes small Linux/x86 read file (/etc/passwd) MSF optimized shellcode.
774bb96e53da0cf6170ece1a360e3be1103 bytes small Linux/x86 add user (r00t/blank) polymorphic shellcode.
688f6c9dd5bbf7d04ce90d82048badffUbuntu Security Notice 3747-2 - USN-3747-1 fixed vulnerabilities in OpenJDK 10 for Ubuntu 18.04 LTS. Unfortunately, that update introduced a regression around accessability support that prevented some Java applications from starting. This update fixes the problem. Various other issues were also addressed.
67a9c4972cb887b4f256e30f4bdf6d68Ubuntu Security Notice 3747-2 - USN-3747-1 fixed vulnerabilities in OpenJDK 10 for Ubuntu 18.04 LTS. Unfortunately, that update introduced a regression around accessibility support that prevented some Java applications from starting. This update fixes the problem. Various other issues were also addressed.
67a9c4972cb887b4f256e30f4bdf6d68Red Hat Security Advisory 2018-2701-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector, JBoss HTTP Connector, Hibernate, and the Tomcat Native library. This release of Red Hat JBoss Web Server 3.1 Service Pack 5 serves as a replacement for Red Hat JBoss Web Server 3.1, and includes bug fixes, which are documented in the Release Notes document linked to in the References. Issues addressed include a denial of service vulnerability.
c1ec2a452487dc0b8e2d9f2a129a2558Linux suffers from an arbitrary kernel read into dmesg via a missing address check in the segfault handler.
06e9283f3dd8c10929847de0f7b403d2Red Hat Security Advisory 2018-2700-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector, JBoss HTTP Connector, Hibernate, and the Tomcat Native library. This release of Red Hat JBoss Web Server 3.1 Service Pack 5 serves as a replacement for Red Hat JBoss Web Server 3.1, and includes bug fixes, which are documented in the Release Notes document linked to in the References. Issues addressed include a denial of service vulnerability.
630cabf1a1c0aa7715f1511ab0c02a93Red Hat Security Advisory 2018-2693-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.2.0 ESR. Issues addressed include bypass and use-after-free vulnerabilities.
ba202b454b0aa867d68b359535603f85Ubuntu Security Notice 3764-1 - It was discovered that Zsh incorrectly handled certain scripts. An attacker could possibly use this issue to execute arbitrary code. Richard Maciel Costa discovered that Zsh incorrectly handled certain scripts. An attacker could possibly use this issue to execute arbitrary code.
96d2efb770040fbb9f4157fad27c0c2eRed Hat Security Advisory 2018-2692-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.2.0 ESR. Issues addressed include bypass and use-after-free vulnerabilities.
174a341e1a9432fb9bf9abde31e54dfaRed Hat Security Advisory 2018-2684-01 - .NET Core is a managed software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. A new version of .NET Core that addresses several security vulnerabilities is now available. The updated version of the runtime is 2.1.4. The updated version of the SDK is 2.1.402. These versions correspond to the September 2018 security release by .NET Core upstream projects.
daa05cbc1fd8bb4138ff1edf62c3b8eeDebian Linux Security Advisory 4292-1 - Henning Westerholt discovered a flaw related to the Via header processing in kamailio, a very fast, dynamic and configurable SIP server. An unauthenticated attacker can take advantage of this flaw to mount a denial of service attack via a specially crafted SIP message with an invalid Via header.
07fdefb37bbfd74dba449492e9ff5d87Debian Linux Security Advisory 4291-1 - Two input sanitization failures have been found in the faxrunq and faxq binaries in mgetty, a smart modem getty replacement. An attacker could leverage them to insert commands via shell metacharacters in jobs id and have them executed with the privilege of the faxrunq/faxq user.
be0cb8e6db32850d296d214e389adee1Piotr Gabriel Kosinski and Daniel Shapira discovered a stack-based buffer overflow in the CDROM driver implementation of the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. Jann Horn discovered that the ext4 filesystem implementation in the Linux kernel did not properly keep xattr information consistent in some situations. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service (system crash) or possibly execute arbitrary code. Various other issues have also been addressed.
15d9cf4ac6ec9024e548bcb059849043Debian Linux Security Advisory 4290-1 - Several vulnerabilities were discovered in libextractor, a library to extract arbitrary meta-data from files, which may lead to denial of service or the execution of arbitrary code if a specially crafted file is opened.
95ada67ea55021facccf6ed6bd2c100dRed Hat Security Advisory 2018-2669-01 - Red Hat Fuse, based on Apache ServiceMix, provides a small-footprint, flexible, open source enterprise service bus and integration platform. This release of Red Hat Fuse 7.1 serves as a replacement for Red Hat Fuse 7.0, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include code execution, cross site scripting, denial of service, path sanitization, and traversal vulnerabilities.
e2467e2f9a34b5dd740776d2a5621843Ubuntu Security Notice 3763-1 - Juha-Matti Tilli discovered that the TCP implementation in the Linux kernel performed algorithmically expensive operations in some situations when handling incoming packets. A remote attacker could use this to cause a denial of service.
67c8344e6ac27fd52905ff9715d385a4Ubuntu Security Notice 3762-2 - USN-3762-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 18.04 LTS for Ubuntu 16.04 LTS. It was discovered that the VirtIO subsystem in the Linux kernel did not properly initialize memory in some situations. A local attacker could use this to possibly expose sensitive information. Various other issues were also addressed.
b3f8831743a64c024a52601e55681af9Ubuntu Security Notice 3762-1 - It was discovered that the VirtIO subsystem in the Linux kernel did not properly initialize memory in some situations. A local attacker could use this to possibly expose sensitive information. Seunghun Han discovered an information leak in the ACPI handling code in the Linux kernel when handling early termination of ACPI table loading. A local attacker could use this to expose sensitive informal. Various other issues were also addressed.
94a6d9e84ad7294c473bb90ede0c6625Red Hat Security Advisory 2018-2666-01 - Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 69.0.3497.81. Issues addressed include buffer overflow, bypass, and out of bounds write vulnerabilities.
641dc5403658aa3dd26200b59b29ed6aRed Hat Security Advisory 2018-2664-01 - Red Hat JBoss Enterprise Application Platform 5.2 is a platform for Java applications based on jbossas. This asynchronous patch is a security update for RichFaces and Apache CXF packages in Red Hat JBoss Enterprise Application Platform 5.2. Issues addressed include a code execution vulnerability.
e1bb61b7e2e9d8169b49fa70b1d52216Red Hat Security Advisory 2018-2663-01 - Red Hat JBoss Enterprise Application Platform 5.2 is a platform for Java applications based on jbossas. This asynchronous patch is a security update for RichFaces and Apache CXF packages in Red Hat JBoss Enterprise Application Platform 5.2. Issues addressed include a code execution vulnerability.
5fa5e5bb477b2aeec9d49266d87c707f
© 2018 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed