Asterisk Project Security Advisory - When Asterisk makes an outgoing call, a very specific SDP protocol violation by the remote party can cause Asterisk to crash.
cfd552c580ab39cd59a7ced3f4275e11227e78524785c98e12870dd229702f7aUbuntu Security Notice 3900-1 - It was discovered that GD incorrectly handled memory when processing certain images. A remote attacker could use this issue with a specially crafted image file to cause GD to crash, resulting in a denial of service, or possibly execute arbitrary code.
46470680db6dfc7a7bf912eb15368330de552c69127de9ce9ce73617c85925f1Red Hat Security Advisory 2019-0436-01 - The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Issues addressed include a memory disclosure vulnerability.
3d13b627f0f2833454eaf6f13086748c3c9a3877f4f94f04f8d99ecfe0210f5fRed Hat Security Advisory 2019-0435-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Issues addressed include a memory disclosure vulnerability.
3d6158b003a3ef9b9c2b26b7622e9caa36763a0711f35e910235066370e3f0abRed Hat Security Advisory 2019-0431-01 - Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically. Issues addressed include a traversal vulnerability.
8f36e85cc59e193fe75cdbbe302b121b8a7d63456b829ae5ccbbc18d0bd92760Red Hat Security Advisory 2019-0430-01 - Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically. Issues addressed include a traversal vulnerability.
115db480d8acd284058dbc2b9f8f19d72753b76ee95bb06cf2139b85a0d858a1Red Hat Security Advisory 2019-0432-01 - Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically. Issues addressed include a traversal vulnerability.
25d262d0929ed26f3c9a8d083b219a9f9378a368566644c5f0b2ada87269adf7Red Hat Security Advisory 2019-0433-01 - Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically. Issues addressed include a traversal vulnerability.
f7e671e88c0039e80d7e4df094f3c1a998198cecc67f85642280355229761570Debian Linux Security Advisory 4395-2 - A regression was introduced in the previous chromium security update. The browser would always crash when launched in headless mode. This update fixes this problem.
89f054e653264588cb6a20adbe30c78ecdea038c752f2d8723fb77bbc234fc59Red Hat Security Advisory 2019-0416-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Issues addressed include a memory disclosure vulnerability.
8f3bac9eaeba235ec1f3f98932b1e31388533eb546af550ac0b44834cb5726aeUbuntu Security Notice 3898-2 - USN-3898-1 fixed a vulnerability in NSS. This update provides the corresponding update for Ubuntu 12.04 ESM. Hanno BAPck and Damian Poddebniak discovered that NSS incorrectly handled certain CMS functions. A remote attacker could possibly use this issue to cause NSS to crash, resulting in a denial of service. Various other issues were also addressed.
1d29daa586638d1687e2c77add0bb7c8b731fb2a215cc537c3825c522bfe4767Slackware Security Advisory - New openssl packages are available for Slackware 14.2 to fix a security issue.
5c1cdf9684c784e3419f4f62d1ea6abbe56bd1569166ff01ede23c6e0f9a6356Ubuntu Security Notice 3898-1 - Hanno BAPck and Damian Poddebniak discovered that NSS incorrectly handled certain CMS functions. A remote attacker could possibly use this issue to cause NSS to crash, resulting in a denial of service.
65d8d1d3213e311db3f67d9de307f4175536c1d87172fe22447aa6e2df8f42f3Ubuntu Security Notice 3899-1 - Juraj Somorovsky, Robert Merget, and Nimrod Aviram discovered that certain applications incorrectly used OpenSSL and could be exposed to a padding oracle attack. A remote attacker could possibly use this issue to decrypt data.
314dd057e4f3b505847675be956a215758d853b3d9060ea0c5c55356b5e867b6Ubuntu Security Notice 3895-1 - It was discovered that LDB incorrectly handled certain search expressions. A remote attacker could possibly use this issue to cause the Samba LDAP process to crash, resulting in a denial of service.
2b2e15be3d1d6bdd1eeb95b8e0be3f5ad3dc34c9b908b95f55d32d379fe55a61Ubuntu Security Notice 3896-1 - Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, bypass same origin protections, or execute arbitrary code.
a72423c41131d6f0eab08f80f97e7919e4ef553b52bff4b3bdc59fce70235de0Ubuntu Security Notice 3897-1 - A use-after-free was discovered in libical. If a user were tricked in to opening a specially crafted ICS calendar file, an attacker could potentially exploit this to cause a denial of service. Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit these to cause a denial of service, or execute arbitrary code. Various other issues were also addressed.
b874881641fd7509c472416c48d3b2ffe94626ff3840fa1538992148440c2484Red Hat Security Advisory 2019-0415-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a race condition vulnerability.
21480fe02116b1998f4a25a82c619e388937930d0a494affab02c1646b7ebe5bRed Hat Security Advisory 2019-0420-01 - The polkit packages provide a component for controlling system-wide privileges. This component provides a uniform and organized way for non-privileged processes to communicate with privileged ones. Issues addressed include an auth hijacking vulnerability.
9d215922debd8fb7cdfec01420ddbc6e0b621cb31a7eaaea23b02be171fb8e8dUbuntu Security Notice 3894-1 - It was discovered that GNOME Keyring incorrectly cleared out credentials supplied to the PAM module. A local attacker could possibly use this issue to discover login credentials.
a20948c7dee901d679f7307e7614b3e46af63d7076b753513dd72f2fc7cac6faRed Hat Security Advisory 2019-0408-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Issues addressed include a file descriptor handling issue in runc.
f242eb1bc1a662c6c05d8031be82a78052768334224c021465f22ec8423fba33Ubuntu Security Notice 3866-3 - USN-3866-2 fixed a regression in Ghostscript. The Ghostscript update introduced a new regression that resulted in certain pages being printed with a blue background. This update fixes the problem. Tavis Ormandy discovered that Ghostscript incorrectly handled certain PostScript files. If a user or automated system were tricked into processing a specially crafted file, a remote attacker could possibly use this issue to access arbitrary files, execute arbitrary code, or cause a denial of service. Various other issues were also addressed.
d69d2295984ccb007c24c8b395ba6bff41749e2b0e745bf4389a35e822f816efOpenSSL Security Advisory 20190226 - If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data.
7b85f385cb07ba1c0a0620e5de69b40ca553365965e5ac92f646e4272b637156Red Hat Security Advisory 2019-0401-01 - Red Hat Container Development Kit is a platform for developing containerized applications; a set of tools that enables developers to quickly and easily set up an environment for developing and testing containerized applications on the Red Hat Enterprise Linux platform. This update, Container Development Kit 3.7.0-1, includes an updated Red Hat Enterprise Linux ISO that contains fixes for the following security issues. Issues addressed include the execution of malicious containers.
759d2adf071aeaf6478fd33f86e690edde93f3c811abd79b79d7deb90e41debfUbuntu Security Notice 3893-2 - USN-3893-1 fixed a vulnerability in Bind. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that Bind incorrectly handled certain trust anchors when used with the "managed-keys" feature. A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service. Various other issues were also addressed.
5778c1cb4220b77f63b382b2f6f6fefc45a291726a7d9add67768de05ae881ab
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed