Ubuntu Security Notice 3916-1 - It was discovered that libsolv incorrectly handled certain malformed input. If a user or automated system were tricked into opening a specially crafted file, applications that rely on libsolv could be made to crash, resulting in a denial of service.
70fe4f30d8440aca23ca45dae788f1c5Debian Linux Security Advisory 4413-1 - A heap-based buffer overflow was discovered in NTFS-3G, a read-write NTFS driver for FUSE. A local user can take advantage of this flaw for local root privilege escalation.
87d1656a3dc5ceefc787a3b290b7ab3cUbuntu Security Notice 3917-1 - The snapd default seccomp filter for strict mode snaps blocks the use of the ioctl system call when used with TIOCSTI as the second argument to the system call. Jann Horn discovered that this restriction could be circumvented on 64 bit architectures. A malicious snap could exploit this to bypass intended access restrictions to insert characters into the terminal's input queue. On Ubuntu, snapd typically will have already automatically refreshed itself to snapd 2.37.4 which is unaffected.
9673787b73f906be9d48ecf914106030Ubuntu Security Notice 3918-1 - Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, denial of service via successive FTP authorization prompts or modal alerts, trick the user with confusing permission request prompts, obtain sensitive information, conduct social engineering attacks, or execute arbitrary code. Various other issues were also addressed.
7a027189c82bdc87f59c8d573a89c651Ubuntu Security Notice 3913-1 - It was discovered that p7zip did not correctly handle certain malformed archives. If a user or automated system were tricked into processing a specially crafted archive with p7zip, then p7zip could be made to crash, possibly leading to arbitrary code execution.
a222fa1199b772b4af03fd82ced01935Ubuntu Security Notice 3915-1 - It was discovered that Ghostscript incorrectly handled certain PostScript files. If a user or automated system were tricked into processing a specially crafted file, a remote attacker could possibly use this issue to access arbitrary files, execute arbitrary code, or cause a denial of service.
51af7b4abfe723103eb813857d63f1b1Ubuntu Security Notice 3914-1 - A heap buffer overflow was discovered in NTFS-3G when executing it with a relative mount point path that is too long. A local attacker could potentially exploit this to execute arbitrary code as the administrator.
0d6118cd73ef057e584a045b065f72bcRed Hat Security Advisory 2019-0633-01 - The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Multiple vulnerabilities have been addressed.
d0f663d65f22a212becfbc13b6c307ceSourcetree for macOS versions below 3.1.1 to 1.2 and Sourcetree for Windows versions below 3.0.17 to 0.5a suffer from code execution vulnerabilities related to the inclusion of git, a Mercurial hooks argument injection vulnerability, and a URI handling vulnerability.
8c11e1db6b9aa505af1b9078fb0fe02fDebian Linux Security Advisory 4412-1 - It was discovered that missing input sanitizing in the file module of Drupal, a fully-featured content management framework, could result in cross-site scripting.
0a566185c33547dba31527fbb757d9a7Debian Linux Security Advisory 4411-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code.
a55828919dc149d864f25e35999b7b7dDebian Linux Security Advisory 4410-1 - A memory disclosure vulnerability was discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in information disclosure or bypass of sandbox restrictions.
af0bbc978eb4febdb797ea24debe908cUbuntu Security Notice 3912-1 - It was discovered that the GDK-PixBuf library did not properly handle certain BMP images. If an user or automated system were tricked into opening a specially crafted BMP file, a remote attacker could use this flaw to cause GDK-PixBuf to crash, resulting in a denial of service, or possibly execute arbitrary code.
6148b2880eeab129f7f0943d1cac0eb5Security Explorations has discovered multiple security vulnerabilities in the reference implementation of Java Card technology from Oracle used in financial, government, transportation and telecommunication sectors among others. As for the impact, the vulnerabilities found make it possible to break memory safety of the underlying Java Card VM. As a result, full access to smartcard memory could be achieved, applet firewall could be broken or native code execution could be gained.
a257c47765f8cfe63cbbecdf5b803bd5Red Hat Security Advisory 2019-0623-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.6.0 ESR. Issues addressed include a use-after-free vulnerability.
ff510861267b5328f8b5c0f5348eb1edRed Hat Security Advisory 2019-0622-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.6.0 ESR. Issues addressed include a use-after-free vulnerability.
3c1f530646d87e122ac4fe44de5a8ce6Gentoo Linux Security Advisory 201903-16 - Multiple vulnerabilities have been found in OpenSSH, the worst of which could allow a remote attacker to gain unauthorized access. Versions less than 7.9_p1-r4 are affected.
87bd4d4026e3b8a5385b4e39b0a9bafcSlackware Security Advisory - New libssh2 packages are available for Slackware 14.2 and -current to fix security issues.
75dc61143a842e32ab8500f75ed4d9ecDebian Linux Security Advisory 4409-1 - Erik Olof Gunnar Andersson discovered that incorrect validation of port settings in the iptables security group driver of Neutron, the OpenStack virtual network service, could result in denial of service in a multi tenant setup.
d3a948ca8507d7cb3d99637b37eb392bRed Hat Security Advisory 2019-0600-01 - Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller framework for web application development. Action Pack implements the controller and the view components. Issues addressed include a deserialization vulnerability.
1851ff3f967e78cafa8097e80c42894dGentoo Linux Security Advisory 201903-15 - Multiple vulnerabilities have been found in NTP, the worst of which could result in the remote execution of arbitrary code. Versions less than 4.2.8_p13 are affected.
8df860a16344eea891017b2ab32a71efThe Password Manager Extension in Abine Blur versions 7.8.24x allows attackers to bypass the multi-factor authentication and macOS disk-encryption protection mechanisms, and consequently exfiltrate secured data, because the right-click context menu is not secured. NOTE: this vulnerability exists because of a CVE-2018-7213 regression.
3f9130ef2411e972988a7ce52ef65e0bUbuntu Security Notice 3906-2 - USN-3906-1 and USN-3864-1 fixed several vulnerabilities in LibTIFF. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that LibTIFF incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges. Various other issues were also addressed.
d6332636e5ade7508bf28fbcac3c59ccRed Hat Security Advisory 2019-0597-01 - The cloud-init packages provide a set of init scripts for cloud instances. Cloud instances need special scripts to run during initialization to retrieve and install SSH keys, and to let the user run various scripts. An issue with extra ssh keys being added has been addressed.
da441056e75d3ece906330c44e187adeDebian Linux Security Advisory 4408-1 - Multiple security issues were discovered in liveMedia, a set of C++ libraries for multimedia streaming which could result in the execution of arbitrary code or denial of service when parsing a malformed RTSP stream.
425b2b589d0ad63f13c2c1d76cedbb9e
© 2019 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed