Debian Linux Security Advisory 4392-1 - Multiple security issues have been found in the Thunderbird mail client, which could lead to the execution of arbitrary code, denial of service or spoofing of S/MIME signatures.
4c871fbac5c3ba2c4e1350c97e650c929c2ea4bcb6654865928a2d98f8192768
VMware Security Advisory 2019-0001 - VMware product updates resolve a mishandled file descriptor vulnerability in the runc container runtime.
182b2d347dd43689d08de951414f38dec6cbfee1283ab2a56d93675d7c162451
Slackware Security Advisory - New mozilla-thunderbird packages are available for Slackware 14.2 and -current to fix security issues.
006848bd6810778587f1dfb945b267c5ee4f028ed5244b7838e4036cd4a9af35
Debian Linux Security Advisory 4391-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code.
c5d854d28214e916fde06c4fe7c3e5dbeafb40d4233bd867469f94e51d926af2
Slackware Security Advisory - New mozilla-firefox packages are available for Slackware 14.2 and -current to fix security issues.
b403749713f97fe3b9dc43f66b09aa7dbed8b094166246ace60165cd9bba0b22
Red Hat Security Advisory 2019-0349-01 - .NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET Core that address security vulnerabilities are now available. The updated versions are .NET Core 1.0.14, 1.1.11, 2.1.8, and 2.2.2. Issues addressed include a domain spoofing vulnerability.
1059da3cac221dc7efafa4d980ec015650a680ab7786bc3972bb08c357a791ae
Red Hat Security Advisory 2019-0348-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update upgrades Flash Player to version 32.0.0.142. Issues addressed include an information leakage vulnerability.
39bf81c10851dec9b6e50698dc1fcef0983a3dbcddc1194ce40423009032061e
CA Technologies Support is alerting customers to a potential risk with CA Privileged Access Manager. A vulnerability exists that can allow a remote attacker to access sensitive information or modify configuration. CA published solutions to address the vulnerabilities. CVE-2019-7392 describes a vulnerability resulting from inadequate access controls for the components jk-manager and jk-status web service allowing a remote attacker to access the CA PAM Web-UI without authentication. Affected versions include 3.2.1 and below, 3.1.2 and below, and 3.0.x releases.
9c5a5f6ca2aa8a6ce81a83bde72cb11f97523d34decd86e6c4c47a10af0cb17a
Red Hat Security Advisory 2019-0342-01 - The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. Issues addressed include stack overflow vulnerabilities.
5592009185b8f2475f7dbf638898a17554a141582bcb0a280f2b2ccb019188a1
Ubuntu Security Notice 3889-1 - A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.
dda1787f0dbfd98283d7284bdc4f36afc988fdec66d6832930b9aeff1f276394
Ubuntu Security Notice 3890-1 - It was discovered that Django incorrectly handled formatting certain numbers. A remote attacker could possibly use this issue to cause Django to consume resources, leading to a denial of service.
6a9ddeb0d8050182dcbf58c517074dc7932f8a78f1922ff4d59ae8f466c11875
Slackware Security Advisory - New lxc packages are available for Slackware 14.2 and -current to fix a security issue.
ba294a2305875c8a4e1604c8e41c7fa338799684c95c173cfb718806e4c207e6
Debian Linux Security Advisory 4390-1 - It was discovered that Flatpak, an application deployment framework for desktop apps, insufficiently restricted the execution of "apply_extra" scripts which could potentially result in privilege escalation.
07aae12fced57e1688a59c95ea4a77bd9cd170611dac207f050e3c18e2aa294b
Ubuntu Security Notice 3888-1 - It was discovered that GVfs incorrectly handled certain inputs. An attacker could possibly use this issue to access sensitive information.
afa4e465692d53d2ed4f9d41bb9be2201e4594674cfafc14c35965f9ae78c5cd
Ubuntu Security Notice 3887-1 - Chris Moberly discovered that snapd versions 2.28 through 2.37 incorrectly validated and parsed the remote socket address when performing access controls on its UNIX socket. A local attacker could use this to access privileged socket APIs and obtain administrator privileges. On Ubuntu systems with snaps installed, snapd typically will have already automatically refreshed itself to snapd 2.37.1 which is unaffected.
108b24a0da7384b87372197169bd65dc91c58a776947dcdbab22a5dcd8c8063a
Red Hat Security Advisory 2019-0324-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a bypass vulnerability.
eb4166c50e12a48a55f375462457cc665acf1c2f7589037a65eb5ae947f94e0c
Red Hat Security Advisory 2019-0315-01 - Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller framework for web application development. Action Pack implements the controller and the view components. Issues addressed include a cross site scripting vulnerability.
dbe3bdd9fb25b0f8e7112aad117c48847fd8f9f967a4b076ee5b40dfcc7e2918
Debian Linux Security Advisory 4377-2 - The update for rssh issued as DSA 4377-1 introduced a regression that blocked scp of multiple files from a server using rssh. Updated packages are now available to correct this issue.
04ea79421a23915574a69671fc8a387fa5815474d3fc32adfb1a5a4e1e85de75
Debian Linux Security Advisory 4389-1 - Christian Reitter discovered that libu2f-host, a library implementing the host-side of the U2F protocol, failed to properly check for a buffer overflow. This would allow an attacker with a custom made malicious USB device masquerading as a security key, and physical access to a computer where PAM U2F or an application with libu2f-host integrated, to potentially execute arbitrary code on that computer.
e958c3e439087b235f321d5e3fda54438a4a239199a038e5a4b8cfcb3ef24ec8
Red Hat Security Advisory 2019-0309-01 - Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 72.0.3626.81. Issues addressed include a buffer overflow vulnerability.
8f26567dfa4d0164a43053fdca5810d33726f8f908f97343f76c13a13ea0c8da
Ubuntu Security Notice 3886-1 - It was discovered that poppler incorrectly handled certain PDF files. An attacker could possibly use this issue to cause a denial of service.
e89a4a1068eddaf0a9c361aefd4eed39c426e285e7ae7a8cb93215fa4c371e0e
Debian Linux Security Advisory 4388-1 - Three vulnerabilities were discovered in the Mosquitto MQTT broker, which could result in authentication bypass.
41bc3a5a4d1300c705acf98facd1d98003e98611aeceab7a0a851c2fe2340a84
Red Hat Security Advisory 2019-0304-01 - Docker is an open-source engine that automates the deployment of any application as a lightweight, portable, self-sufficient container that runs virtually anywhere. Issues addressed include an overwrite vulnerability.
581a1305c7a081ecdf9695e54daa99bafd4246f49cec1a80ccaefbf6eb34bbd8
Red Hat Security Advisory 2019-0303-01 - The runC tool is a lightweight, portable implementation of the Open Container Format that provides container runtime. Issues addressed include an overwrite vulnerability.
aaa2d1b7c5e79ab037789efaa9ce871476609fd4528b344eaff16402594e3064
Debian Linux Security Advisory 4387-1 - Harry Sintonen from F-Secure Corporation discovered multiple vulnerabilities in OpenSSH, an implementation of the SSH protocol suite. All the vulnerabilities are in found in the scp client implementing the SCP protocol.
6c0fb736b4beddde6c918aa8b4223d25be2803590c6188c24970d558ae469ec0