accept no compromises
Showing 101 - 125 of 66,463 RSS Feed

Advisory Files

Red Hat Security Advisory 2017-2418-01
Posted Aug 4, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-2418-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic. The following packages have been upgraded to a later upstream version: openvswitch. Security Fix: An unsigned int wrap around leading to a buffer over-read was found when parsing OFPT_QUEUE_GET_CONFIG_REPLY messages in Open vSwitch. An attacker could use this flaw to cause a remote DoS.

tags | advisory, remote, protocol
systems | linux, redhat
advisories | CVE-2017-9214, CVE-2017-9263, CVE-2017-9264, CVE-2017-9265
MD5 | e5fa7cc9b84728344ca7051c4b544620
Ubuntu Security Notice USN-3375-1
Posted Aug 3, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3375-1 - It was discovered that LXC incorrectly handled the TIOCSTI ioctl. An attacker could possibly use this issue to escape LXC containers.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2016-10124
MD5 | 77f4dfd619f9d84568e605b517a744a9
Ubuntu Security Notice USN-3376-1
Posted Aug 3, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3376-1 - A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

tags | advisory, remote, web, denial of service, arbitrary, javascript, code execution, xss
systems | linux, ubuntu
advisories | CVE-2017-2538, CVE-2017-7018, CVE-2017-7030, CVE-2017-7034, CVE-2017-7037, CVE-2017-7039, CVE-2017-7046, CVE-2017-7048, CVE-2017-7052, CVE-2017-7055, CVE-2017-7056, CVE-2017-7061, CVE-2017-7064
MD5 | e387fcf37251d265cc71556e68ff7b81
Debian Security Advisory 3924-1
Posted Aug 3, 2017
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3924-1 - A denial of service vulnerability was discovered in Varnish, a state of the art, high-performance web accelerator. Specially crafted HTTP requests can cause the Varnish daemon to assert and restart, clearing the cache in the process.

tags | advisory, web, denial of service
systems | linux, debian
MD5 | 08e209f2df7bb0fe9ec85372eed8d17d
Red Hat Security Advisory 2017-2412-01
Posted Aug 3, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-2412-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: The NFSv2 and NFSv3 server implementations in the Linux kernel through 4.10.13 lacked certain checks for the end of a buffer. A remote attacker could trigger a pointer-arithmetic error or possibly cause other unspecified impacts using crafted requests related to fs/nfsd/nfs3xdr.c and fs/nfsd/nfsxdr.c.

tags | advisory, remote, kernel
systems | linux, redhat
advisories | CVE-2017-7895
MD5 | b05b56c2dbff79dc133eeb269529aa8a
Slackware Security Advisory - gnupg Updates
Posted Aug 3, 2017
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New gnupg packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix a security issue.

tags | advisory
systems | linux, slackware
advisories | CVE-2017-7526
MD5 | 4caa75ea2ec51b16d20510989f5b4c0a
HP Security Bulletin HPESBHF03763 1
Posted Aug 3, 2017
Authored by HP | Site hp.com

HP Security Bulletin HPESBHF03763 1 - A potential security vulnerability has been identified in Comware 7, IMC, VCX products using OpenSSL. The vulnerability could be remotely exploited to allow a denial of service. Revision 1 of this advisory.

tags | advisory, denial of service
advisories | CVE-2016-2177
MD5 | 9280bc75189500cf6d819899228b178b
Red Hat Security Advisory 2017-1758-01
Posted Aug 3, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1758-01 - Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically. Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller framework for web application development. Action Pack implements the controller and the view components.

tags | advisory, remote, web, ruby
systems | linux, redhat
advisories | CVE-2016-7047, CVE-2017-2664, CVE-2017-7497, CVE-2017-7530
MD5 | fe93f01d1cd8e7ef560224b2f2389d9a
HP Security Bulletin HPESBGN03766 1
Posted Aug 3, 2017
Authored by HP | Site hp.com

HP Security Bulletin HPESBGN03766 1 - A potential security vulnerability has been identified in HPE Project and Portfolio Management(PPM) product. The vulnerability could be exploited to allow remote cross-site scripting (XSS). Revision 1 of this advisory.

tags | advisory, remote, xss
advisories | CVE-2017-8993
MD5 | c9555033805ad9202d914926cc16041c
Ubuntu Security Notice USN-3370-2
Posted Aug 2, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3370-2 - USN-3370-1 fixed a vulnerability in Apache HTTP Server. This update provides the corresponding update for Ubuntu 12.04 ESM. Robert Swiecki discovered that the Apache HTTP Server mod_auth_digest module incorrectly cleared values when processing certain requests. A remote attacker could use this issue to cause the server to crash, resulting in a denial or service, or possibly obtain sensitive information. Various other issues were also addressed.

tags | advisory, remote, web
systems | linux, ubuntu
advisories | CVE-2017-9788
MD5 | 15d9431a8cf8d33b94e704a5818841c1
Red Hat Security Advisory 2017-1859-01
Posted Aug 2, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1859-01 - The golang packages provide the Go programming language compiler. The following packages have been upgraded to a later upstream version: golang. Security Fix: A carry propagation flaw was found in the implementation of the P-256 elliptic curve in golang. An attacker could possibly use this flaw to extract private keys when static ECDH was used.

tags | advisory
systems | linux, redhat
advisories | CVE-2017-8932
MD5 | 3379674371ed63bfcb04089c4dacef8a
Red Hat Security Advisory 2017-1842-01
Posted Aug 2, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1842-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: An use-after-free flaw was found in the Linux kernel which enables a race condition in the L2TPv3 IP Encapsulation feature. A local user could use this flaw to escalate their privileges or crash the system. A flaw was found that can be triggered in keyring_search_iterator in keyring.c if type->match is NULL. A local user could use this flaw to crash the system or, potentially, escalate their privileges.

tags | advisory, kernel, local
systems | linux, redhat
advisories | CVE-2014-7970, CVE-2014-7975, CVE-2015-8839, CVE-2015-8970, CVE-2016-10088, CVE-2016-10147, CVE-2016-10200, CVE-2016-6213, CVE-2016-7042, CVE-2016-7097, CVE-2016-8645, CVE-2016-9576, CVE-2016-9588, CVE-2016-9604, CVE-2016-9685, CVE-2016-9806, CVE-2017-2596, CVE-2017-2647, CVE-2017-2671, CVE-2017-5970, CVE-2017-6001, CVE-2017-6951, CVE-2017-7187, CVE-2017-7616, CVE-2017-7889, CVE-2017-8797, CVE-2017-8890, CVE-2017-9074
MD5 | e79dcd340ec8fd5ccd78d062d54ebf21
Red Hat Security Advisory 2017-2258-01
Posted Aug 2, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-2258-01 - The gtk-vnc packages provide a VNC viewer widget for GTK. The gtk-vnc widget is built by using co-routines, which allows the widget to be completely asynchronous while remaining single-threaded. The following packages have been upgraded to a later upstream version: gtk-vnc. Security Fix: It was found that gtk-vnc lacked proper bounds checking while processing messages using RRE, hextile, or copyrect encodings. A remote malicious VNC server could use this flaw to crash VNC viewers which are based on the gtk-vnc library.

tags | advisory, remote
systems | linux, redhat
advisories | CVE-2017-5884, CVE-2017-5885
MD5 | 7af0cacdb76cc8065076bf19996488b5
Red Hat Security Advisory 2017-2192-01
Posted Aug 2, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-2192-01 - MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. The following packages have been upgraded to a later upstream version: mariadb. Security Fix: It was discovered that the mysql and mysqldump tools did not correctly handle database and table names containing newline characters. A database user with privileges to create databases or tables could cause the mysql command to execute arbitrary shell or SQL commands while restoring database backup created using the mysqldump tool.

tags | advisory, arbitrary, shell
systems | linux, redhat
advisories | CVE-2016-5483, CVE-2016-5617, CVE-2016-6664, CVE-2017-3238, CVE-2017-3243, CVE-2017-3244, CVE-2017-3258, CVE-2017-3265, CVE-2017-3291, CVE-2017-3302, CVE-2017-3308, CVE-2017-3309, CVE-2017-3312, CVE-2017-3313, CVE-2017-3317, CVE-2017-3318, CVE-2017-3453, CVE-2017-3456, CVE-2017-3464, CVE-2017-3600
MD5 | a4a97ca54fc208d44a4850aa2b445a15
Red Hat Security Advisory 2017-2077-01
Posted Aug 2, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-2077-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix: An use-after-free flaw was found in the Linux kernel which enables a race condition in the L2TPv3 IP Encapsulation feature. A local user could use this flaw to escalate their privileges or crash the system. A flaw was found that can be triggered in keyring_search_iterator in keyring.c if type->match is NULL. A local user could use this flaw to crash the system or, potentially, escalate their privileges.

tags | advisory, kernel, local
systems | linux, redhat
advisories | CVE-2014-7970, CVE-2014-7975, CVE-2015-8839, CVE-2015-8970, CVE-2016-10088, CVE-2016-10147, CVE-2016-10200, CVE-2016-6213, CVE-2016-7042, CVE-2016-7097, CVE-2016-8645, CVE-2016-9576, CVE-2016-9588, CVE-2016-9604, CVE-2016-9685, CVE-2016-9806, CVE-2017-2596, CVE-2017-2647, CVE-2017-2671, CVE-2017-5970, CVE-2017-6001, CVE-2017-6951, CVE-2017-7187, CVE-2017-7616, CVE-2017-7889, CVE-2017-8797, CVE-2017-8890, CVE-2017-9074
MD5 | 06777be13da445d34278d3bd85082db2
Red Hat Security Advisory 2017-2029-01
Posted Aug 2, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-2029-01 - OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. The following packages have been upgraded to a later upstream version: openssh. Security Fix: A covert timing channel flaw was found in the way OpenSSH handled authentication of non-existent users. A remote unauthenticated attacker could possibly use this flaw to determine valid user names by measuring the timing of server responses.

tags | advisory, remote, protocol
systems | linux, redhat, unix
advisories | CVE-2016-10009, CVE-2016-10011, CVE-2016-10012, CVE-2016-6210, CVE-2016-6515
MD5 | 4f8a28af393580faadbb14af7cbc682c
Red Hat Security Advisory 2017-2247-01
Posted Aug 2, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-2247-01 - Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. The following packages have been upgraded to a later upstream version: tomcat. Security Fix: The Realm implementations did not process the supplied password if the supplied user name did not exist. This made a timing attack possible to determine valid user names. Note that the default configuration includes the LockOutRealm which makes exploitation of this vulnerability harder.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2016-0762, CVE-2016-5018, CVE-2016-6794, CVE-2016-6796, CVE-2016-6797
MD5 | 1c6b9fc1ac652f33012ae3a0fdc74411
Red Hat Security Advisory 2017-2180-01
Posted Aug 2, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-2180-01 - The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fix: A NULL pointer dereference flaw was found in ghostscript's mem_get_bits_rectangle function. A specially crafted postscript document could cause a crash in the context of the gs process.

tags | advisory
systems | linux, redhat
advisories | CVE-2017-7207
MD5 | 4ed991bdbfe9c8dce05dd069825f313f
Red Hat Security Advisory 2017-2390-01
Posted Aug 2, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-2390-01 - KVM is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. Security Fix: Quick Emulator built with the Network Block Device Server support is vulnerable to a crash via a SIGPIPE signal. The crash can occur if a client aborts a connection due to any failure during negotiation or read operation. A remote user/process could use this flaw to crash the qemu-nbd server resulting in a DoS.

tags | advisory, remote
systems | linux, redhat
advisories | CVE-2017-10664
MD5 | 8aab5ea1f68a65768fc18c83c87fde07
Red Hat Security Advisory 2017-2408-01
Posted Aug 2, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-2408-01 - KVM is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. Security Fix: Quick Emulator built with Network Block Device Server support was vulnerable to a null-pointer dereference issue. The flaw could occur when releasing a client that was not initialized due to failed negotiation. A remote user or process could exploit this flaw to crash the qemu-nbd server.

tags | advisory, remote
systems | linux, redhat
advisories | CVE-2016-10155, CVE-2016-4020, CVE-2016-6888, CVE-2016-7422, CVE-2016-7466, CVE-2016-8576, CVE-2016-8669, CVE-2016-8909, CVE-2016-8910, CVE-2016-9907, CVE-2016-9911, CVE-2016-9921, CVE-2016-9922, CVE-2017-5579, CVE-2017-5973, CVE-2017-6414, CVE-2017-8309, CVE-2017-8379, CVE-2017-9310, CVE-2017-9373, CVE-2017-9374, CVE-2017-9375, CVE-2017-9524
MD5 | 43453dd199302989251381bee4c45dba
Red Hat Security Advisory 2017-2389-01
Posted Aug 2, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-2389-01 - FreeRADIUS is a high-performance and highly configurable free Remote Authentication Dial In User Service server, designed to allow centralized authentication and authorization for a network. Security Fix: An out-of-bounds write flaw was found in the way FreeRADIUS server handled certain attributes in request packets. A remote attacker could use this flaw to crash the FreeRADIUS server or to execute arbitrary code in the context of the FreeRADIUS server process by sending a specially crafted request packet.

tags | advisory, remote, arbitrary
systems | linux, redhat
advisories | CVE-2017-10978, CVE-2017-10983, CVE-2017-10984, CVE-2017-10985, CVE-2017-10986, CVE-2017-10987
MD5 | f30c2c13e471c522cdfb6fd3bb12850f
Red Hat Security Advisory 2017-2388-01
Posted Aug 2, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-2388-01 - The evince packages provide a simple multi-page document viewer for Portable Document Format, PostScript, Encapsulated PostScript files, and, with additional back-ends, also the Device Independent File format files. Security Fix: It was found that evince did not properly sanitize the command line which is run to untar Comic Book Tar files, thereby allowing command injection. A specially crafted CBT file, when opened by evince or evince-thumbnailer, could execute arbitrary commands in the context of the evince program.

tags | advisory, arbitrary
systems | linux, redhat
advisories | CVE-2017-1000083
MD5 | 42079e105c703d64e6611c09b7e1b7a8
Red Hat Security Advisory 2017-1950-01
Posted Aug 2, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1950-01 - Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. The following packages have been upgraded to a later upstream version: samba. Security Fix: A flaw was found in the way Samba handled dangling symlinks. An authenticated malicious Samba client could use this flaw to cause the smbd daemon to enter an infinite loop and use an excessive amount of CPU and memory.

tags | advisory, protocol
systems | linux, redhat
advisories | CVE-2017-9461
MD5 | e4e1f3c302f47d7da4ed5417d186123d
Red Hat Security Advisory 2017-2392-01
Posted Aug 2, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-2392-01 - KVM is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. The following packages have been upgraded to a later upstream version: qemu-kvm-rhev. Security Fix: A stack buffer overflow flaw was found in the Quick Emulator built with the Network Block Device client support. The flaw could occur while processing server's response to a 'NBD_OPT_LIST' request. A malicious NBD server could use this issue to crash a remote NBD client resulting in DoS or potentially execute arbitrary code on client host with privileges of the QEMU process.

tags | advisory, remote, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2016-10155, CVE-2016-4020, CVE-2016-6835, CVE-2016-6888, CVE-2016-7422, CVE-2016-7466, CVE-2016-8576, CVE-2016-8669, CVE-2016-8909, CVE-2016-8910, CVE-2016-9907, CVE-2016-9911, CVE-2016-9921, CVE-2016-9922, CVE-2017-2630, CVE-2017-5579, CVE-2017-5898, CVE-2017-5973, CVE-2017-9310, CVE-2017-9373, CVE-2017-9374, CVE-2017-9375
MD5 | 7b9de3483b6b1af562846fd2a740e94b
Red Hat Security Advisory 2017-2128-01
Posted Aug 2, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-2128-01 - The GNOME Display Manager provides the graphical login screen shown shortly after boot up, log out, and when user-switching. The following packages have been upgraded to a later upstream version: gdm, gnome-session. Security Fix: It was found that gdm could crash due to a signal handler dispatched to an invalid conversation. An attacker could crash gdm by holding the escape key when the screen is locked, possibly bypassing the locked screen.

tags | advisory
systems | linux, redhat
advisories | CVE-2015-7496
MD5 | 47b73a24420baa39c0ac38317388c0ee
Page 5 of 2,659
Back34567Next

File Archive:

August 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    20 Files
  • 2
    Aug 2nd
    30 Files
  • 3
    Aug 3rd
    20 Files
  • 4
    Aug 4th
    17 Files
  • 5
    Aug 5th
    4 Files
  • 6
    Aug 6th
    2 Files
  • 7
    Aug 7th
    15 Files
  • 8
    Aug 8th
    18 Files
  • 9
    Aug 9th
    10 Files
  • 10
    Aug 10th
    24 Files
  • 11
    Aug 11th
    10 Files
  • 12
    Aug 12th
    3 Files
  • 13
    Aug 13th
    3 Files
  • 14
    Aug 14th
    10 Files
  • 15
    Aug 15th
    16 Files
  • 16
    Aug 16th
    18 Files
  • 17
    Aug 17th
    15 Files
  • 18
    Aug 18th
    4 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close