Ubuntu Security Notice 3816-3 - USN-3816-1 fixed vulnerabilities in systemd. The fix for CVE-2018-6954 caused a regression in systemd-tmpfiles when running Ubuntu inside a container on some older kernels. This issue only affected Ubuntu 16.04 LTS. In order to continue to support this configuration, the fixes for CVE-2018-6954 have been reverted. Various other issues were also addressed.
be578aeb1bec867e87d540b182304d00Ubuntu Security Notice 3828-1 - A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.
13478beb3613d4567fa039a37fb38d4fUbuntu Security Notice 3827-1 - Florian Stuelpner discovered that Samba incorrectly handled CNAME records. A remote attacker could use this issue to cause Samba to crash, resulting in a denial of service. Alex MacCuish discovered that Samba incorrectly handled memory when configured to accept smart-card authentication. A remote attacker could possibly use this issue to cause Samba to crash, resulting in a denial of service. Various other issues were also addressed.
8e7c628327d7df9c22630a679f5edc93Red Hat Security Advisory 2018-3681-01 - nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Issues addressed include a denial of service vulnerability.
263002306102967706f7eaedc82cf0aaRed Hat Security Advisory 2018-3680-01 - nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Issues addressed include a denial of service vulnerability.
1a24f8d7ab9c467cebd45181175f01d5Red Hat Security Advisory 2018-3676-01 - .NET Core is a managed software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. A new version of .NET Core that addresses a security vulnerability is now available. The updated version is .NET Core 2.1.5. Issues addressed include arbitrary file read and directory creation vulnerabilities.
e981ce78e4a0afd6cf2cbabf1c48e2e0Gentoo Linux Security Advisory 201811-20 - A vulnerability in spice-gtk could allow an attacker to remotely execute arbitrary code. Versions less than 0.34 are affected.
a0571e767665bc8d0dd8fe0e6199f284Gentoo Linux Security Advisory 201811-19 - Multiple vulnerabilities have been found in Libav, the worst of which may allow a Denial of Service condition. Versions less than 12.3 are affected.
bd854710a74492af81414b741424dc83Gentoo Linux Security Advisory 201811-18 - A vulnerability in Tablib might allow remote attackers to execute arbitrary python commands. Versions less than 0.12.1 are affected.
d9a6cdcf3c4a406bdabbbb976a3e95ebGentoo Linux Security Advisory 201811-17 - Multiple vulnerabilities have been found in Binutils, the worst of which may allow remote attackers to cause a Denial of Service condition. Versions less than 2.30-r2 are affected.
d8e8baa92ebfb2bb81facc138d90d25eRed Hat Security Advisory 2018-3666-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include buffer overflow, denial of service, and null pointer vulnerabilities.
e2ca62529c03a74b642860ad9fede87eRed Hat Security Advisory 2018-3665-01 - NetworkManager is a system network service that manages network devices and connections, attempting to keep active network connectivity when available. Its capabilities include managing Ethernet, wireless, mobile broadband, and PPPoE devices, as well as providing VPN integration with a variety of different VPN services. Issues addressed include an out-of-bounds heap write.
6a59b2ba4ec00a530cd731ffe9fa760aRed Hat Security Advisory 2018-3663-01 - sos-collector is a utility that gathers sosreports from multi-node environments. sos-collector facilitates data collection for support cases and it can be run from either a node or from an administrator's local workstation that has network access to the environment. Issues addressed include incorrect permissions.
d9a740fb6ff099162e4bba7aa39641f1Red Hat Security Advisory 2018-3651-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include buffer overflow, denial of service, and null pointer vulnerabilities.
64b13d003c3622e75f9798ff85218583Red Hat Security Advisory 2018-3650-01 - The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Issues addressed include a file permission vulnerability.
ee56fbb790b92d78e1e45c3e9800e117Gentoo Linux Security Advisory 201811-16 - Multiple vulnerabilities have been found in strongSwan, the worst of which could lead to a Denial of Service condition. Versions less than 5.7.1 are affected.
f0812b132a970063b6aa457aa950cf4fRed Hat Security Advisory 2018-3656-01 - The kernel-alt packages provide the Linux kernel version 4.x. Issues addressed include an use-after-free vulnerability.
513600c8ce4902b46138d1c8a60bbcceRed Hat Security Advisory 2018-3655-01 - MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon, mysqld, and many client programs. Issues addressed include a ridiculous amount of unspecified vulnerabilities.
ff4036efcb3f269858015663ddf6e8f3Red Hat Security Advisory 2018-3671-01 - IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 7 to version 7R1 SR4-FP35. Issues addressed include a denial of service vulnerability.
fe6f9414bf4ab895768bcd1e8f0b9d91Red Hat Security Advisory 2018-3672-01 - IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 7 to version 7R1 SR4-FP35. Issues addressed include a denial of service vulnerability.
17f58753e3b45b49ca392288b39e377fUbuntu Security Notice 3826-1 - Daniel Shapira and Arash Tohidi discovered that QEMU incorrectly handled NE2000 device emulation. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. It was discovered that QEMU incorrectly handled the Slirp networking back-end. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code on the host. In the default installation, when QEMU is used with libvirt, attackers would be isolated by the libvirt AppArmor profile. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Various other issues were also addressed.
8120b466efeaad94515a93eb4970a034Gentoo Linux Security Advisory 201811-15 - Multiple vulnerabilities have been found in MuPDF, the worst of which could allow the remote execution of arbitrary code. Versions less than 1.13.0 are affected.
d99ae59c335b49929df51daf1bcd909bRed Hat Security Advisory 2018-3653-01 - nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Issues addressed include a denial of service vulnerability.
a1d306890f536f0ec9b20b7707331568Debian Linux Security Advisory 4344-1 - Aidan Marlin discovered that roundcube, a skinnable AJAX based webmail solution for IMAP servers, is prone to a cross-site scripting vulnerability in handling invalid style tag content.
f68d455c966d385dd7b379b30855d484Red Hat Security Advisory 2018-3652-01 - nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Issues addressed include a denial of service vulnerability.
bb7255ffb6b17af87adb544063bf044f
© 2018 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed