Ubuntu Security Notice 3619-1 - Jann Horn discovered that the Berkeley Packet Filter implementation in the Linux kernel improperly performed sign extension in some situations. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that a race condition leading to a use-after-free vulnerability existed in the ALSA PCM subsystem of the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
4b540e0a4bb9cc36651e6f4f0e104441Ubuntu Security Notice 3617-3 - It was discovered that a race condition leading to a use-after-free vulnerability existed in the ALSA PCM subsystem of the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that a use-after-free vulnerability existed in the network namespaces implementation in the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
ed5fa39c4b9b0eef37fe4bb6bca68670Ubuntu Security Notice 3618-1 - It was discovered that LibVNCServer incorrectly handled certain packet lengths. A remote attacker able to connect to a LibVNCServer could possibly use this issue to obtain sensitive information, cause a denial of service, or execute arbitrary code.
2737863066439e52d3e9ef732a321ce1FreeBSD Security Advisory - The length field of the option header does not count the size of the option header itself. This causes a problem when the length is zero, the count is then incremented by zero, which causes an infinite loop. In addition there are pointer/offset mistakes in the handling of IPv4 options. A remote attacker who is able to send an arbitrary packet, could cause the remote target machine to crash.
d7bfefe5e014e4d4be99e8fd294dc2dcFreeBSD Security Advisory - Insufficient validation of user-provided font parameters can result in an integer overflow, leading to the use of arbitrary kernel memory as glyph data. Characters that reference this data can be displayed on the screen, effectively disclosing kernel memory. Unprivileged users may be able to access privileged kernel data. Such memory might contain sensitive information, such as portions of the file cache or terminal buffers. This information might be directly useful, or it might be leveraged to obtain elevated privileges in some way; for example, a terminal buffer might include a user-entered password.
95dfa2586849e8c84b5f22b2340cdc03Debian Linux Security Advisory 4165-1 - Michal Kedzior found two vulnerabilities in LDAP Account Manager, a web front-end for LDAP directories.
a66e7ec3056ac8043de009300dea5eecDebian Linux Security Advisory 4164-1 - Several vulnerabilities have been found in the Apache HTTPD server.
fb946d3e3116932e603a89dd798a5449Red Hat Security Advisory 2018-0627-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This asynchronous patch is a security update for slf4j package in Red Hat JBoss Enterprise Application Platform 6.4. Issues addressed include a code execution vulnerability.
428bcf1a0a010f5a3ead3ec63c5029a5Red Hat Security Advisory 2018-0628-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on WildFly. This asynchronous patch is a security update for slf4j package in Red Hat JBoss Enterprise Application Platform 7.1. Issues addressed include a code execution vulnerability.
e1d67fdcd01f4ba9fb1c3c5049f971c3Red Hat Security Advisory 2018-0630-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This asynchronous patch is a security update for slf4j package in Red Hat JBoss Enterprise Application Platform 6.4. Issues addressed include a code execution vulnerability.
e3e4359b66403d866b5f8acee8ca0e16Red Hat Security Advisory 2018-0629-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on WildFly. This asynchronous patch is a security update for slf4j package in Red Hat JBoss Enterprise Application Platform 7.1. Issues addressed include a code execution vulnerability.
e4524e76320f4a722ea9570e595d4473This Microsoft bulletin summary holds information regarding Microsoft security updates for April, 2018.
2f1c187b289f25e33566ef2b461faa50Ubuntu Security Notice 3616-1 - It was discovered that Python Crypto incorrectly generated ElGamal key parameters. A remote attacker could possibly use this issue to obtain sensitive information.
fcedecfcc4487ed429b56fae81f791b6Ubuntu Security Notice 3615-1 - It was discovered that LibRaw incorrectly handled photo files. If a user or automated system were tricked into processing a specially crafted photo file, a remote attacker could cause applications linked against LibRaw to crash, resulting in a denial of service, or possibly execute arbitrary code.
5632eb975bdc2dae1ab1ca3907a9c2f3Debian Linux Security Advisory 4163-1 - It was discovered that a race condition in beep (if configured as setuid via debconf) allows local privilege escalation.
5c516dc597f2f23c07f27afaa1ff77d1Ubuntu Security Notice 3614-1 - It was discovered that a race condition existed in the cryptography implementation in OpenJDK. An attacker could possibly use this to expose sensitive information. It was discovered that the LDAP implementation in OpenJDK did not properly encode login names. A remote attacker could possibly use this to expose sensitive information. It was discovered that the DNS client implementation in OpenJDK did not properly randomize source ports. A remote attacker could use this to spoof responses to DNS queries made by Java applications. Various other issues were also addressed.
1eb05c541d1ecdd0ca635e9bf8042111Ubuntu Security Notice 3613-1 - It was discovered that a race condition existed in the cryptography implementation in OpenJDK. An attacker could possibly use this to expose sensitive information. It was discovered that the Hotspot component of OpenJDK did not properly validate uses of the invokeinterface JVM instruction. An attacker could possibly use this to access unauthorized resources. It was discovered that the LDAP implementation in OpenJDK did not properly encode login names. A remote attacker could possibly use this to expose sensitive information. Various other issues were also addressed.
b74e4fe8101363c9917ff4bc56307115Wi-Fi Protected Access (WPA and WPA2) allows re-installation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients. Jann Horn discovered that the Berkeley Packet Filter (BPF) implementation in the Linux kernel improperly performed sign extension in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
5db75445369ea25794ef7fbcfd8160c8Ubuntu Security Notice 3587-2 - USN-3587-1 fixed a vulnerability in Dovecot. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that Dovecot incorrectly handled parsing certain email addresses. A remote attacker could use this issue to cause Dovecot to crash, resulting in a denial of service, or possibly obtain sensitive information. Various other issues were also addressed.
963da2871bf71ac3e836e99dde64e83fDebian Linux Security Advisory 4160-1 - It was discovered that insufficient input sanitising in libevt, a library to access the Windows Event Log (EVT) format, could result in denial of service or the execution of arbitrary code if a malformed EVT file is processed.
56083155a69e5261367f558feae2ff21Debian Linux Security Advisory 4162-1 - Multiple vulnerabilities have been discovered in Irssi, a terminal-based IRC client which can result in denial of service.
fc1da0680dcfee8f43466552ff2db13eDebian Linux Security Advisory 4159-1 - Santosh Ananthakrishnan discovered a use-after-free in remctl, a server for Kerberos-authenticated command execution. If the command is configured with the sudo option, this could potentially result in the execution of arbitrary code.
7d46391018b49422e0fef964bb7462d1Debian Linux Security Advisory 4161-1 - James Davis discovered two issues in Django, a high-level Python web development framework, that can lead to a denial-of-service attack. An attacker with control on the input of the django.utils.html.urlize() function or django.utils.text.Truncator's chars() and words() methods could craft a string that might stuck the execution of the application.
baa4d30e80f46f295485a3b682c445a0Slackware Security Advisory - New php packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.
a7016e23d3beb38a24d8e1e1f0708b2bKingsoft Internet Security 9+ suffers from a denial of service vulnerability.
6cf0f45d53867f39a856713cfb7542d9
© 2018 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed