Ubuntu Security Notice 3675-3 - USN-3675-1 fixed a vulnerability in GnuPG. This update provides the corresponding update for Ubuntu 12.04 ESM. Marcus Brinkmann discovered that during decryption or verification, GnuPG did not properly filter out terminal sequences when reporting the original filename. An attacker could use this to specially craft a file that would cause an application parsing GnuPG output to incorrectly interpret the status of the cryptographic operation reported by GnuPG. Various other issues were also addressed.
563a9a928ab29560f4bcb9624b999abdUbuntu Security Notice 3687-1 - A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.
55bf9fa9e7a0502036a4c6a0c0d90f46Debian Linux Security Advisory 4231-1 - It was discovered that Libgcrypt is prone to a local side-channel attack allowing recovery of ECDSA private keys.
8b7597b32fc2a2f158d2624d6e507119Debian Linux Security Advisory 4230-1 - Multiple vulnerabilities were discovered in the Lua subsystem of Redis, a persistent key-value database, which could result in denial of service.
d712eead66cabe92230211edff8d985fDebian Linux Security Advisory 4229-1 - Two vulnerabilities were discovered in strongSwan, an IKE/IPsec suite.
48499d9b1cf9d650d7f3c59cd956f760HP Security Bulletin MFSBGN03810 1 - A potential vulnerability has been identified in UCMDB Server. This vulnerability could be exploited to Deserialization and Cross-site Request forgery (CSRF). Revision 1 of this advisory.
401451e2b46f27bd2ce0918118bdb5bfHP Security Bulletin MFSBGN03809 1 - A potential vulnerability has been identified in UCMDB Browser. This vulnerability could be exploited to Deserialization and Cross-site Request forgery (CSRF). Revision 1 of this advisory.
66558359d6f0bfb3dd80a367dc1ac61cCA Technologies Support is alerting customers to multiple potential risks with CA Privileged Access Manager. Multiple vulnerabilities exist that can allow a remote attacker to conduct a variety of attacks. These risks include seven vulnerabilities privately reported within the past year to CA Technologies by security researchers, and nine vulnerabilities for Xceedium Xsuite that were publicly disclosed in July 2015. CA Technologies acquired Xceedium in August 2015, and Xceedium products were renamed and became part of Privileged Access Management solutions from CA Technologies. Sixteen vulnerabilities are outlined in this advisory.
8793d6b4fbbc8bb4ec067277c966101bApple Security Advisory 2018-06-13-01 - Xcode 9.4.1 is now available and addresses code execution vulnerabilities.
ffe9f4622f84c7332012056b2dc02b44RSA Authentication Manager versions prior to 8.3 P1 suffer from a cross site scripting vulnerability.
46241792fd7f8c49f67ec795a56182edDebian Linux Security Advisory 4228-1 - Several vulnerabilities were found in SPIP, a website engine for publishing, resulting in cross-site scripting and PHP injection.
34b2e7462bfa056a0c19bbce40b04c29Ubuntu Security Notice 3678-4 - Wen Xu discovered that the ext4 filesystem implementation in the Linux kernel did not properly handle corrupted meta data in some situations. An attacker could use this to specially craft an ext4 file system that caused a denial of service when mounted. It was discovered that the 802.11 software simulator implementation in the Linux kernel contained a memory leak when handling certain error conditions. A local attacker could possibly use this to cause a denial of service. Various other issues were also addressed.
1d46e12aafc6190fd589563e09f2bb8aRed Hat Security Advisory 2018-1852-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include an information leakage vulnerability.
48e4d3e34658a90f7f139e487e3927cdUbuntu Security Notice 3675-2 - USN-3675-1 fixed a vulnerability in GnuPG 2 for Ubuntu 18.04 LTS and Ubuntu 17.10. This update provides the corresponding update for GnuPG 2 in Ubuntu 16.04 LTS and Ubuntu 14.04 LTS. Marcus Brinkmann discovered that during decryption or verification, GnuPG did not properly filter out terminal sequences when reporting the original filename. An attacker could use this to specially craft a file that would cause an application parsing GnuPG output to incorrectly interpret the status of the cryptographic operation reported by GnuPG. Various other issues were also addressed.
7bb33630cd3b5d2a623f796ae002ea14Several vulnerabilities were discovered in WebKitGTK+ and WPE WebKit that can lead to leaking of sensitive data, code execution, and more. Various 2.20.x versions are affected.
53a674f30dc7d752aaae7c783ff1240cUbuntu Security Notice 3685-1 - Some of these CVEs were already addressed in previous USN: 3439-1, 3553-1, 3528-1. It was discovered that Ruby incorrectly handled certain inputs. An attacker could use this to cause a buffer overrun. It was discovered that Ruby incorrectly handled certain files. An attacker could use this to overwrite any file on the filesystem. Various other issues were also addressed.
8e3eaae5e55f5657e198a4d0014a7723Gentoo Linux Security Advisory 201806-4 - Multiple vulnerabilities have been found in Quassel, the worst of which could allow remote attackers to execute arbitrary code. Versions less than 0.12.5 are affected.
91ace9408ba723aeae4ed05c0edaab3aUbuntu Security Notice 3686-1 - Alexander Cherepanov discovered that file incorrectly handled a large number of notes. An attacker could use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS. Alexander Cherepanov discovered that file incorrectly handled certain long strings. An attacker could use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS. Alexander Cherepanov discovered that file incorrectly handled certain malformed ELF files. An attacker could use this issue to cause a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS. Various other issues were also addressed.
d461c5706afdf66b380cf8a86deaf4f6This Microsoft advisory notification includes advisories released or updated on June 13, 2018.
10c0352213464f7767cfc73f05156756Ubuntu Security Notice 3684-1 - It was discovered that Perl incorrectly handled certain archive files. An attacker could possibly use this to overwrite arbitrary files.
682ba37fc142ec50b37e732a6884afaeGentoo Linux Security Advisory 201806-2 - Multiple vulnerabilities have been found in Adobe Flash Player, the worst of which allows remote attackers to execute arbitrary code. Versions less than 30.0.0.113 are affected.
22791d9866b7d08fbdc78e485cbcd7fcUbuntu Security Notice 3684-2 - USN-3684-1 fixed a vulnerability in perl. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that Perl incorrectly handled certain archive files. An attacker could possibly use this to overwrite arbitrary files.
00c9c5a21a48d1c5060750b8a91b2e86Gentoo Linux Security Advisory 201806-3 - Multiple vulnerabilities were discovered in BURP's Gentoo ebuild, the worst of which could lead to root privilege escalation. Versions less than 2.1.32 are affected.
34f3d723a1b598e50cf92fbe98bfad58Red Hat Security Advisory 2018-1843-01 - Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. Issues addressed include an exposure of application resources.
9cc4bf2fe044b480587b031eee255c25Ubuntu Security Notice 3683-1 - Andrew Skalski discovered that Bind could incorrectly enable recursion when the "allow-recursion" setting wasn't specified. This issue could improperly permit recursion to all clients, contrary to expectations.
3119f1d5bde8d9933e7039d7ece9575d
© 2018 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed