Gentoo Linux Security Advisory 201811-20 - A vulnerability in spice-gtk could allow an attacker to remotely execute arbitrary code. Versions less than 0.34 are affected.
a0571e767665bc8d0dd8fe0e6199f284Gentoo Linux Security Advisory 201811-19 - Multiple vulnerabilities have been found in Libav, the worst of which may allow a Denial of Service condition. Versions less than 12.3 are affected.
bd854710a74492af81414b741424dc83Gentoo Linux Security Advisory 201811-18 - A vulnerability in Tablib might allow remote attackers to execute arbitrary python commands. Versions less than 0.12.1 are affected.
d9a6cdcf3c4a406bdabbbb976a3e95ebGentoo Linux Security Advisory 201811-17 - Multiple vulnerabilities have been found in Binutils, the worst of which may allow remote attackers to cause a Denial of Service condition. Versions less than 2.30-r2 are affected.
d8e8baa92ebfb2bb81facc138d90d25eRed Hat Security Advisory 2018-3666-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include buffer overflow, denial of service, and null pointer vulnerabilities.
e2ca62529c03a74b642860ad9fede87eRed Hat Security Advisory 2018-3665-01 - NetworkManager is a system network service that manages network devices and connections, attempting to keep active network connectivity when available. Its capabilities include managing Ethernet, wireless, mobile broadband, and PPPoE devices, as well as providing VPN integration with a variety of different VPN services. Issues addressed include an out-of-bounds heap write.
6a59b2ba4ec00a530cd731ffe9fa760aRed Hat Security Advisory 2018-3663-01 - sos-collector is a utility that gathers sosreports from multi-node environments. sos-collector facilitates data collection for support cases and it can be run from either a node or from an administrator's local workstation that has network access to the environment. Issues addressed include incorrect permissions.
d9a740fb6ff099162e4bba7aa39641f1Red Hat Security Advisory 2018-3651-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include buffer overflow, denial of service, and null pointer vulnerabilities.
64b13d003c3622e75f9798ff85218583Red Hat Security Advisory 2018-3650-01 - The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Issues addressed include a file permission vulnerability.
ee56fbb790b92d78e1e45c3e9800e117Gentoo Linux Security Advisory 201811-16 - Multiple vulnerabilities have been found in strongSwan, the worst of which could lead to a Denial of Service condition. Versions less than 5.7.1 are affected.
f0812b132a970063b6aa457aa950cf4fRed Hat Security Advisory 2018-3656-01 - The kernel-alt packages provide the Linux kernel version 4.x. Issues addressed include an use-after-free vulnerability.
513600c8ce4902b46138d1c8a60bbcceRed Hat Security Advisory 2018-3655-01 - MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon, mysqld, and many client programs. Issues addressed include a ridiculous amount of unspecified vulnerabilities.
ff4036efcb3f269858015663ddf6e8f3Red Hat Security Advisory 2018-3671-01 - IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 7 to version 7R1 SR4-FP35. Issues addressed include a denial of service vulnerability.
fe6f9414bf4ab895768bcd1e8f0b9d91Red Hat Security Advisory 2018-3672-01 - IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 7 to version 7R1 SR4-FP35. Issues addressed include a denial of service vulnerability.
17f58753e3b45b49ca392288b39e377fUbuntu Security Notice 3826-1 - Daniel Shapira and Arash Tohidi discovered that QEMU incorrectly handled NE2000 device emulation. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. It was discovered that QEMU incorrectly handled the Slirp networking back-end. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code on the host. In the default installation, when QEMU is used with libvirt, attackers would be isolated by the libvirt AppArmor profile. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Various other issues were also addressed.
8120b466efeaad94515a93eb4970a034Gentoo Linux Security Advisory 201811-15 - Multiple vulnerabilities have been found in MuPDF, the worst of which could allow the remote execution of arbitrary code. Versions less than 1.13.0 are affected.
d99ae59c335b49929df51daf1bcd909bRed Hat Security Advisory 2018-3653-01 - nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Issues addressed include a denial of service vulnerability.
a1d306890f536f0ec9b20b7707331568Debian Linux Security Advisory 4344-1 - Aidan Marlin discovered that roundcube, a skinnable AJAX based webmail solution for IMAP servers, is prone to a cross-site scripting vulnerability in handling invalid style tag content.
f68d455c966d385dd7b379b30855d484Red Hat Security Advisory 2018-3652-01 - nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Issues addressed include a denial of service vulnerability.
bb7255ffb6b17af87adb544063bf044fRed Hat Security Advisory 2018-3648-01 - Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 70.0.3538.110. Issues addressed include an use-after-free vulnerability.
d92acb446d98a4d670018ba2eb5b5e01Debian Linux Security Advisory 4343-1 - It was discovered that a buffer overflow in liveMedia, a set of C++ libraries for multimedia streaming could result in the execution of arbitrary code when parsing a malformed RTSP stream.
a08125685f26d25e8fd841c631aa35c9This Metasploit module attempts to gain root privileges with SUID Xorg X11 server versions 1.19.0 up to 1.20.3. A permission check flaw exists for -modulepath and -logfile options when starting Xorg. This allows unprivileged users that can start the server the ability to elevate privileges and run arbitrary code under root privileges. This Metasploit module has been tested with OpenBSD 6.3, 6.4, and CentOS 7 (1708). CentOS default install will require console auth for the users session. Cron launches the payload so if Selinux is enforcing exploitation may still be possible, but the module will bail. Xorg must have SUID permissions and may not start if running. On exploitation a crontab.old backup file will be created by Xorg. This Metasploit module will remove the .old file and restore crontab after successful exploitation. Failed exploitation may result in a corrupted crontab. On successful exploitation artifacts will be created consistent with starting Xorg and running a cron.
3bc1656931b4d8bbac2d3b28656c2582Gentoo Linux Security Advisory 201811-14 - Multiple vulnerabilities have been found in Exiv2, the worst of which could result in a Denial of Service condition. Versions less than 0.26_p20180811-r3 are affected.
023dbb50bd8ff7c00d31aa2fd55f3b56Gentoo Linux Security Advisory 201811-11 - Multiple vulnerabilities have been found in Asterisk, the worst of which could result in a Denial of Service condition. Versions less than 13.23.1 are affected.
a2021f8e6c449d50f4e1d02b2054578aGentoo Linux Security Advisory 201811-13 - Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could lead to the execution of arbitrary code. Versions less than 60.3.0 are affected.
cb3a08958b6999e989e4f477c4399834
© 2018 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed