Ubuntu Security Notice 3871-1 - Wen Xu discovered that a use-after-free vulnerability existed in the ext4 filesystem implementation in the Linux kernel. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service or possibly execute arbitrary code. Wen Xu discovered that a buffer overflow existed in the ext4 filesystem implementation in the Linux kernel. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
b01424a9823358e3f9c7c3303574d6b6Ubuntu Security Notice 3870-1 - Christophe Fergeau discovered that Spice incorrectly handled memory. A remote attacker could use this to cause Spice to crash, resulting in a denial of service, or possibly execute arbitrary code.
15ab4e725f9b2a15d5ffae3b7b902407Debian Linux Security Advisory 4374-1 - Several issues were discovered in qtbase-opensource-src, a cross-platform C++ application framework, which could lead to denial-of-service via application crash. Additionally, this update fixes a problem affecting vlc, where it would start without a GUI.
8a65b04a22935f518f692580efbf6c85Debian Linux Security Advisory 4373-1 - Multiple vulnerabilities were discovered in coTURN, a TURN and STUN server for VoIP.
9ad43a28a336045808ae90e845afa65eDebian Linux Security Advisory 4372-1 - Tavis Ormandy discovered a vulnerability in Ghostscript, the GPL PostScript/PDF interpreter, which may result in denial of service or the execution of arbitrary code if a malformed Postscript file is processed (despite the -dSAFER sandbox being enabled).
3327d9657dff6df36e220be7da51df47Apple Security Advisory 2019-1-24-1 - iTunes 12.9.3 for Windows is now available and addresses code execution and cross site scripting vulnerabilities.
f89b50f56fffdb5c4ded7a32cf3242c8CA Technologies Support is alerting customers to a potential risk with CA Automic Workload Automation Automic Web Interface (AWI). A vulnerability exists that can allow an attacker to potentially conduct persistent cross site scripting (XSS) attacks. The vulnerability has a medium risk rating and concerns insufficient output sanitization, which can allow an attacker to potentially conduct persistent cross site scripting (XSS) attacks. Versions 12.0, 12.1 and 12.2 are affected.
7a2927d39fb28bb1d5fe04e9edcc54d3Red Hat Security Advisory 2019-0160-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 60.4.0. Issues addressed include buffer overflow and use-after-free vulnerabilities.
49c00b833d5e8cf655b80ed6818a5106Ubuntu Security Notice 3868-1 - Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, bypass same-origin restrictions, or execute arbitrary code.
156bb1a970deaa330fff2d0b171db985Ubuntu Security Notice 3869-1 - Ivan Zhakov discovered that Subversion incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service.
f90e3a252894342f01a7b009c6d08279Red Hat Security Advisory 2019-0159-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 60.4.0. Issues addressed include buffer overflow and use-after-free vulnerabilities.
6a3e2900334fea71f52a89062ddf4b5cUbuntu Security Notice 3866-1 - Tavis Ormandy discovered that Ghostscript incorrectly handled certain PostScript files. If a user or automated system were tricked into processing a specially crafted file, a remote attacker could possibly use this issue to access arbitrary files, execute arbitrary code, or cause a denial of service.
2e5dbb4b6ecaaeecf3f96464df517e02Ubuntu Security Notice 3867-1 - Multiple security issues were discovered in MySQL and this update includes a new upstream MySQL version to fix these issues. Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 18.10 have been updated to MySQL 5.7.25. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Various other issues were also addressed.
0422364ea08e4894d513b80f6cc6b6b3Red Hat Security Advisory 2019-0148-01 - KVM is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. Issues addressed include a bypass vulnerability.
0fda3561dea8fdd3daf9111ad9608801Ubuntu Security Notice 3707-2 - USN-3707-1 and USN-3349-1 fixed several vulnerabilities in NTP. This update provides the corresponding update for Ubuntu 12.04 ESM. Miroslav Lichvar discovered that NTP incorrectly handled certain spoofed addresses when performing rate limiting. A remote attacker could possibly use this issue to perform a denial of service. Various other issues were also addressed.
2f54f1b535f2b9e7d16c597307f59f6dSlackware Security Advisory - New httpd packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.
c0546cf2a4b81e7d6bd50bc69c8fa452Apple Security Advisory 2019-1-22-3 - watchOS 5.1.3 is now available and addresses buffer overflow, code execution, and denial of service vulnerabilities.
50905e395166c271226117beb88b0067Apple Security Advisory 2019-1-22-2 - macOS Mojave 10.14.3, Security Update 2019-001 High Sierra, Security Update 2019-001 Sierra are now available and addresses buffer overflow, code execution, and denial of service vulnerabilities.
cae67bf4c690937155c39a1c52919589Apple Security Advisory 2019-1-22-4 - tvOS 12.1.2 is now available and addresses buffer overflow, code execution, and cross site scripting vulnerabilities.
2db6b97ccc1959b9d75c1b7dda8babf0Apple Security Advisory 2019-1-22-5 - Safari 12.0.3 is now available and addresses code execution and cross site scripting vulnerabilities.
f58c80e2a116ecc6eb080f2f98fb7a3cApple Security Advisory 2019-1-22-6 - iCloud for Windows 7.10 is now available and addresses code execution and cross site scripting vulnerabilities.
b0d0f9d052deb479899f3c8c28becb98Apple Security Advisory 2019-1-22-1 - iOS 12.1.3 is now available and addresses buffer overflow, code execution, cross site scripting, and denial of service vulnerabilities.
cef74c03163f07af6eff63d9b039b7b2Red Hat Security Advisory 2019-0137-01 - This enhancement adds the new Red Hat JBoss Enterprise Application Platform 7.2.0 packages to Red Hat Enterprise Linux 7. This release serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.1, and includes bug fixes and enhancements. Issues addressed include a broken CVE fix.
46f2369c58d8c475071df24fa0b1f02fRed Hat Security Advisory 2019-0136-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release of Red Hat JBoss Enterprise Application Platform 7.2 on Red Hat Enterprise Linux 6 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.1, and includes bug fixes and enhancements, which are documented in the Release Notes, linked to in the References. Issues addressed include a SAML issue.
6123eb0ecb847598dbf3001e59236474Red Hat Security Advisory 2019-0139-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.1, and includes bug fixes and enhancements. Issues addressed include a SAML issue.
8229a591c95e33342894b50574ec02b2
© 2019 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed