Debian Linux Security Advisory 4392-1 - Multiple security issues have been found in the Thunderbird mail client, which could lead to the execution of arbitrary code, denial of service or spoofing of S/MIME signatures.
4c871fbac5c3ba2c4e1350c97e650c929c2ea4bcb6654865928a2d98f8192768VMware Security Advisory 2019-0001 - VMware product updates resolve a mishandled file descriptor vulnerability in the runc container runtime.
182b2d347dd43689d08de951414f38dec6cbfee1283ab2a56d93675d7c162451Slackware Security Advisory - New mozilla-thunderbird packages are available for Slackware 14.2 and -current to fix security issues.
006848bd6810778587f1dfb945b267c5ee4f028ed5244b7838e4036cd4a9af35Debian Linux Security Advisory 4391-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code.
c5d854d28214e916fde06c4fe7c3e5dbeafb40d4233bd867469f94e51d926af2Slackware Security Advisory - New mozilla-firefox packages are available for Slackware 14.2 and -current to fix security issues.
b403749713f97fe3b9dc43f66b09aa7dbed8b094166246ace60165cd9bba0b22Red Hat Security Advisory 2019-0349-01 - .NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET Core that address security vulnerabilities are now available. The updated versions are .NET Core 1.0.14, 1.1.11, 2.1.8, and 2.2.2. Issues addressed include a domain spoofing vulnerability.
1059da3cac221dc7efafa4d980ec015650a680ab7786bc3972bb08c357a791aeRed Hat Security Advisory 2019-0348-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update upgrades Flash Player to version 32.0.0.142. Issues addressed include an information leakage vulnerability.
39bf81c10851dec9b6e50698dc1fcef0983a3dbcddc1194ce40423009032061eCA Technologies Support is alerting customers to a potential risk with CA Privileged Access Manager. A vulnerability exists that can allow a remote attacker to access sensitive information or modify configuration. CA published solutions to address the vulnerabilities. CVE-2019-7392 describes a vulnerability resulting from inadequate access controls for the components jk-manager and jk-status web service allowing a remote attacker to access the CA PAM Web-UI without authentication. Affected versions include 3.2.1 and below, 3.1.2 and below, and 3.0.x releases.
9c5a5f6ca2aa8a6ce81a83bde72cb11f97523d34decd86e6c4c47a10af0cb17aRed Hat Security Advisory 2019-0342-01 - The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. Issues addressed include stack overflow vulnerabilities.
5592009185b8f2475f7dbf638898a17554a141582bcb0a280f2b2ccb019188a1Ubuntu Security Notice 3889-1 - A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.
dda1787f0dbfd98283d7284bdc4f36afc988fdec66d6832930b9aeff1f276394Ubuntu Security Notice 3890-1 - It was discovered that Django incorrectly handled formatting certain numbers. A remote attacker could possibly use this issue to cause Django to consume resources, leading to a denial of service.
6a9ddeb0d8050182dcbf58c517074dc7932f8a78f1922ff4d59ae8f466c11875Slackware Security Advisory - New lxc packages are available for Slackware 14.2 and -current to fix a security issue.
ba294a2305875c8a4e1604c8e41c7fa338799684c95c173cfb718806e4c207e6Debian Linux Security Advisory 4390-1 - It was discovered that Flatpak, an application deployment framework for desktop apps, insufficiently restricted the execution of "apply_extra" scripts which could potentially result in privilege escalation.
07aae12fced57e1688a59c95ea4a77bd9cd170611dac207f050e3c18e2aa294bUbuntu Security Notice 3888-1 - It was discovered that GVfs incorrectly handled certain inputs. An attacker could possibly use this issue to access sensitive information.
afa4e465692d53d2ed4f9d41bb9be2201e4594674cfafc14c35965f9ae78c5cdUbuntu Security Notice 3887-1 - Chris Moberly discovered that snapd versions 2.28 through 2.37 incorrectly validated and parsed the remote socket address when performing access controls on its UNIX socket. A local attacker could use this to access privileged socket APIs and obtain administrator privileges. On Ubuntu systems with snaps installed, snapd typically will have already automatically refreshed itself to snapd 2.37.1 which is unaffected.
108b24a0da7384b87372197169bd65dc91c58a776947dcdbab22a5dcd8c8063aRed Hat Security Advisory 2019-0324-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a bypass vulnerability.
eb4166c50e12a48a55f375462457cc665acf1c2f7589037a65eb5ae947f94e0cRed Hat Security Advisory 2019-0315-01 - Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller framework for web application development. Action Pack implements the controller and the view components. Issues addressed include a cross site scripting vulnerability.
dbe3bdd9fb25b0f8e7112aad117c48847fd8f9f967a4b076ee5b40dfcc7e2918Debian Linux Security Advisory 4377-2 - The update for rssh issued as DSA 4377-1 introduced a regression that blocked scp of multiple files from a server using rssh. Updated packages are now available to correct this issue.
04ea79421a23915574a69671fc8a387fa5815474d3fc32adfb1a5a4e1e85de75Debian Linux Security Advisory 4389-1 - Christian Reitter discovered that libu2f-host, a library implementing the host-side of the U2F protocol, failed to properly check for a buffer overflow. This would allow an attacker with a custom made malicious USB device masquerading as a security key, and physical access to a computer where PAM U2F or an application with libu2f-host integrated, to potentially execute arbitrary code on that computer.
e958c3e439087b235f321d5e3fda54438a4a239199a038e5a4b8cfcb3ef24ec8Red Hat Security Advisory 2019-0309-01 - Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 72.0.3626.81. Issues addressed include a buffer overflow vulnerability.
8f26567dfa4d0164a43053fdca5810d33726f8f908f97343f76c13a13ea0c8daUbuntu Security Notice 3886-1 - It was discovered that poppler incorrectly handled certain PDF files. An attacker could possibly use this issue to cause a denial of service.
e89a4a1068eddaf0a9c361aefd4eed39c426e285e7ae7a8cb93215fa4c371e0eDebian Linux Security Advisory 4388-1 - Three vulnerabilities were discovered in the Mosquitto MQTT broker, which could result in authentication bypass.
41bc3a5a4d1300c705acf98facd1d98003e98611aeceab7a0a851c2fe2340a84Red Hat Security Advisory 2019-0304-01 - Docker is an open-source engine that automates the deployment of any application as a lightweight, portable, self-sufficient container that runs virtually anywhere. Issues addressed include an overwrite vulnerability.
581a1305c7a081ecdf9695e54daa99bafd4246f49cec1a80ccaefbf6eb34bbd8Red Hat Security Advisory 2019-0303-01 - The runC tool is a lightweight, portable implementation of the Open Container Format that provides container runtime. Issues addressed include an overwrite vulnerability.
aaa2d1b7c5e79ab037789efaa9ce871476609fd4528b344eaff16402594e3064Debian Linux Security Advisory 4387-1 - Harry Sintonen from F-Secure Corporation discovered multiple vulnerabilities in OpenSSH, an implementation of the SSH protocol suite. All the vulnerabilities are in found in the scp client implementing the SCP protocol.
6c0fb736b4beddde6c918aa8b4223d25be2803590c6188c24970d558ae469ec0
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed