Asterisk Project Security Advisory - When Asterisk makes an outgoing call, a very specific SDP protocol violation by the remote party can cause Asterisk to crash.
cfd552c580ab39cd59a7ced3f4275e11227e78524785c98e12870dd229702f7a
Ubuntu Security Notice 3900-1 - It was discovered that GD incorrectly handled memory when processing certain images. A remote attacker could use this issue with a specially crafted image file to cause GD to crash, resulting in a denial of service, or possibly execute arbitrary code.
46470680db6dfc7a7bf912eb15368330de552c69127de9ce9ce73617c85925f1
Red Hat Security Advisory 2019-0436-01 - The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Issues addressed include a memory disclosure vulnerability.
3d13b627f0f2833454eaf6f13086748c3c9a3877f4f94f04f8d99ecfe0210f5f
Red Hat Security Advisory 2019-0435-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Issues addressed include a memory disclosure vulnerability.
3d6158b003a3ef9b9c2b26b7622e9caa36763a0711f35e910235066370e3f0ab
Red Hat Security Advisory 2019-0431-01 - Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically. Issues addressed include a traversal vulnerability.
8f36e85cc59e193fe75cdbbe302b121b8a7d63456b829ae5ccbbc18d0bd92760
Red Hat Security Advisory 2019-0430-01 - Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically. Issues addressed include a traversal vulnerability.
115db480d8acd284058dbc2b9f8f19d72753b76ee95bb06cf2139b85a0d858a1
Red Hat Security Advisory 2019-0432-01 - Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically. Issues addressed include a traversal vulnerability.
25d262d0929ed26f3c9a8d083b219a9f9378a368566644c5f0b2ada87269adf7
Red Hat Security Advisory 2019-0433-01 - Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically. Issues addressed include a traversal vulnerability.
f7e671e88c0039e80d7e4df094f3c1a998198cecc67f85642280355229761570
Debian Linux Security Advisory 4395-2 - A regression was introduced in the previous chromium security update. The browser would always crash when launched in headless mode. This update fixes this problem.
89f054e653264588cb6a20adbe30c78ecdea038c752f2d8723fb77bbc234fc59
Red Hat Security Advisory 2019-0416-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Issues addressed include a memory disclosure vulnerability.
8f3bac9eaeba235ec1f3f98932b1e31388533eb546af550ac0b44834cb5726ae
Ubuntu Security Notice 3898-2 - USN-3898-1 fixed a vulnerability in NSS. This update provides the corresponding update for Ubuntu 12.04 ESM. Hanno BAPck and Damian Poddebniak discovered that NSS incorrectly handled certain CMS functions. A remote attacker could possibly use this issue to cause NSS to crash, resulting in a denial of service. Various other issues were also addressed.
1d29daa586638d1687e2c77add0bb7c8b731fb2a215cc537c3825c522bfe4767
Slackware Security Advisory - New openssl packages are available for Slackware 14.2 to fix a security issue.
5c1cdf9684c784e3419f4f62d1ea6abbe56bd1569166ff01ede23c6e0f9a6356
Ubuntu Security Notice 3898-1 - Hanno BAPck and Damian Poddebniak discovered that NSS incorrectly handled certain CMS functions. A remote attacker could possibly use this issue to cause NSS to crash, resulting in a denial of service.
65d8d1d3213e311db3f67d9de307f4175536c1d87172fe22447aa6e2df8f42f3
Ubuntu Security Notice 3899-1 - Juraj Somorovsky, Robert Merget, and Nimrod Aviram discovered that certain applications incorrectly used OpenSSL and could be exposed to a padding oracle attack. A remote attacker could possibly use this issue to decrypt data.
314dd057e4f3b505847675be956a215758d853b3d9060ea0c5c55356b5e867b6
Ubuntu Security Notice 3895-1 - It was discovered that LDB incorrectly handled certain search expressions. A remote attacker could possibly use this issue to cause the Samba LDAP process to crash, resulting in a denial of service.
2b2e15be3d1d6bdd1eeb95b8e0be3f5ad3dc34c9b908b95f55d32d379fe55a61
Ubuntu Security Notice 3896-1 - Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, bypass same origin protections, or execute arbitrary code.
a72423c41131d6f0eab08f80f97e7919e4ef553b52bff4b3bdc59fce70235de0
Ubuntu Security Notice 3897-1 - A use-after-free was discovered in libical. If a user were tricked in to opening a specially crafted ICS calendar file, an attacker could potentially exploit this to cause a denial of service. Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit these to cause a denial of service, or execute arbitrary code. Various other issues were also addressed.
b874881641fd7509c472416c48d3b2ffe94626ff3840fa1538992148440c2484
Red Hat Security Advisory 2019-0415-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a race condition vulnerability.
21480fe02116b1998f4a25a82c619e388937930d0a494affab02c1646b7ebe5b
Red Hat Security Advisory 2019-0420-01 - The polkit packages provide a component for controlling system-wide privileges. This component provides a uniform and organized way for non-privileged processes to communicate with privileged ones. Issues addressed include an auth hijacking vulnerability.
9d215922debd8fb7cdfec01420ddbc6e0b621cb31a7eaaea23b02be171fb8e8d
Ubuntu Security Notice 3894-1 - It was discovered that GNOME Keyring incorrectly cleared out credentials supplied to the PAM module. A local attacker could possibly use this issue to discover login credentials.
a20948c7dee901d679f7307e7614b3e46af63d7076b753513dd72f2fc7cac6fa
Red Hat Security Advisory 2019-0408-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Issues addressed include a file descriptor handling issue in runc.
f242eb1bc1a662c6c05d8031be82a78052768334224c021465f22ec8423fba33
Ubuntu Security Notice 3866-3 - USN-3866-2 fixed a regression in Ghostscript. The Ghostscript update introduced a new regression that resulted in certain pages being printed with a blue background. This update fixes the problem. Tavis Ormandy discovered that Ghostscript incorrectly handled certain PostScript files. If a user or automated system were tricked into processing a specially crafted file, a remote attacker could possibly use this issue to access arbitrary files, execute arbitrary code, or cause a denial of service. Various other issues were also addressed.
d69d2295984ccb007c24c8b395ba6bff41749e2b0e745bf4389a35e822f816ef
OpenSSL Security Advisory 20190226 - If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data.
7b85f385cb07ba1c0a0620e5de69b40ca553365965e5ac92f646e4272b637156
Red Hat Security Advisory 2019-0401-01 - Red Hat Container Development Kit is a platform for developing containerized applications; a set of tools that enables developers to quickly and easily set up an environment for developing and testing containerized applications on the Red Hat Enterprise Linux platform. This update, Container Development Kit 3.7.0-1, includes an updated Red Hat Enterprise Linux ISO that contains fixes for the following security issues. Issues addressed include the execution of malicious containers.
759d2adf071aeaf6478fd33f86e690edde93f3c811abd79b79d7deb90e41debf
Ubuntu Security Notice 3893-2 - USN-3893-1 fixed a vulnerability in Bind. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that Bind incorrectly handled certain trust anchors when used with the "managed-keys" feature. A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service. Various other issues were also addressed.
5778c1cb4220b77f63b382b2f6f6fefc45a291726a7d9add67768de05ae881ab