VMware Security Advisory 2018-0010 - Horizon DaaS update addresses a broken authentication issue.
11d8d9a67080b256bfa56d03bfafc293Foxit Reader versions 8.3.1.21155 and below suffer from a dll hijacking vulnerability.
eb22e505d49272a974ea0a09ea10533aRed Hat Security Advisory 2018-1191-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Issues addressed include a bypass vulnerability.
3cd3bc9fcfa92b962f6a92478cf0edfdRed Hat Security Advisory 2018-1188-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Issues addressed include a bypass vulnerability.
f9764bd5c107b479ad068a874853b922Ubuntu Security Notice 3628-2 - USN-3628-1 fixed a vulnerability in OpenSSL. This update provides the corresponding update for Ubuntu 12.04 ESM. Alejandro Cabrera Aldaya, Billy Brumley, Cesar Pereida Garcia and Luis Manuel Alvarez Tapia discovered that OpenSSL incorrectly handled RSA key generation. An attacker could possibly use this issue to perform a cache-timing attack and recover private RSA keys. Various other issues were also addressed.
d51441eb31e08b9b0e00243556d85ee3Ubuntu Security Notice 3628-1 - Alejandro Cabrera Aldaya, Billy Brumley, Cesar Pereida Garcia and Luis Manuel Alvarez Tapia discovered that OpenSSL incorrectly handled RSA key generation. An attacker could possibly use this issue to perform a cache-timing attack and recover private RSA keys.
ec6bd6ddad8ba2e58ccda93ef6aa7898Ubuntu Security Notice 3627-1 - Alex Nichols and Jakob Hirsch discovered that the Apache HTTP Server mod_authnz_ldap module incorrectly handled missing charset encoding headers. A remote attacker could possibly use this issue to cause the server to crash, resulting in a denial of service. Elar Lang discovered that the Apache HTTP Server incorrectly handled certain characters specified in <FilesMatch>. A remote attacker could possibly use this issue to upload certain files, contrary to expectations. Various other issues were also addressed.
e5a14b1abfb9798d648d23b33ff3cbf9This Microsoft bulletin summary holds CVE revision updates for CVE-2018-1037.
d17a5cb173cbe39d175a245a74306617Slackware Security Advisory - New gd packages are available for Slackware 14.2 and -current to fix security issues.
f906e2806ad6a3fec00ca1a8785fcc70This Microsoft bulletin summary holds CVE revision updates for CVE-2018-1035.
33f8a4211549c2f8b27c463c7c829a37Red Hat Security Advisory 2018-1136-01 - GlusterFS is a key building block of Red Hat Gluster Storage. It is based on a stackable user-space design and can deliver exceptional performance for diverse workloads. GlusterFS aggregates various storage servers over network interconnections into one large, parallel network file system. Issues addressed include a privilege escalation vulnerability.
4df7a95d1309059367a016d9bdb4bd08Red Hat Security Advisory 2018-1137-01 - GlusterFS is a key building block of Red Hat Gluster Storage. It is based on a stackable user-space design and can deliver exceptional performance for diverse workloads. GlusterFS aggregates various storage servers over network interconnections into one large, parallel network file system. Issues addressed include a privilege escalation vulnerability.
189b4c3c0ac4e28623b21e91da859e99Ubuntu Security Notice 3625-2 - USN-3625-1 fixed a vulnerability in Perl. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that Perl incorrectly handled certain regular expressions. An attacker could possibly use this issue to cause Perl to hang, resulting in a denial of service. Various other issues were also addressed.
d4a5fd0410568b65575aca4ff4090d65Gentoo Linux Security Advisory 201804-15 - A vulnerability has been found in Evince which may allow for arbitrary command execution. Versions less than 3.24.2-r1 are affected.
f4849138686e80d18054720e09bd265fGentoo Linux Security Advisory 201804-14 - A vulnerability has been found in GDK-PixBuf that may allow a remote attacker to execute arbitrary code. Versions less than 2.36.11 are affected.
12b164a736c8175bbc176525b0cc91deGentoo Linux Security Advisory 201804-13 - Multiple vulnerabilities have been found in ncurses, the worst of which allows remote attackers to execute arbitrary code. Versions less than 6.1:0 are affected.
097b2e0569db9b85784f2eaea36519c1Ubuntu Security Notice 3611-2 - USN-3611-1 fixed a vulnerability in OpenSSL. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that OpenSSL incorrectly parsed the IPAddressFamily extension in X.509 certificates, resulting in an erroneous display of the certificate in text format. Various other issues were also addressed.
5a55dc784c346e2d2354003510ee74ebRed Hat Security Advisory 2018-1130-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a use-after-free vulnerability.
7b02f5bfa1da938b42ff2a68dff05bd1Red Hat Security Advisory 2018-1169-01 - The corosync packages provide the Corosync Cluster Engine and C APIs for Red Hat Enterprise Linux cluster software. Issues addressed include an integer overflow vulnerability.
526f77be2de1cc0a0cc6e1e9db6e4adeRed Hat Security Advisory 2018-1129-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a speculative execution vulnerability.
9a6aa1fde038cd512fad8ce0a39090bcRed Hat Security Advisory 2018-1170-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include a use-after-free vulnerability.
4edffb5a052fe2901cccfe63aaa4b587WebKitGTK+ versions prior to 2.20.0 suffer from various memory corruption vulnerabilities.
69f9b7066a3558144e6084f87e6aebeeThe Microsoft compiler mspdbcore.dll suffers from a heap memory disclosure into output .pdb files. This affects Microsoft Symbol Server.
6b5273f7ccafef878397085ccbc182ddDebian Linux Security Advisory 4174-1 - The Citrix Security Response Team discovered that corosync, a cluster engine implementation, allowed an unauthenticated user to cause a denial-of-service by application crash.
5f23ac7a5ba39628411e6ab62fdeb422FromDocToPdf exposes browsing history to all websites.
a8432820a6f1a3e3079881f89fa100f9
© 2018 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed