VMware Security Advisory 2018-0031 - vRealize Operations updates address a local privilege escalation vulnerability.
f41524536e72c476e12712b7fba94223e3194bcd61922bab81d01d639ea618bc
Red Hat Security Advisory 2018-3852-01 - IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR5-FP25. Issues addressed include a denial of service vulnerability.
9d4f7bc666bf94a492aff063465bfd97a5d1aa5e574805c94c9ec1e09d2be252
Secunia Research has discovered a vulnerability in libexif, which can be exploited by malicious people to cause a DoS (Denial of Service). An error when processing the EXIF_IFD_INTEROPERABILITY and EXIF_IFD_EXIF tags can be exploited to exhaust available CPU resources. The vulnerability is confirmed in version 0.6.21. Other versions may also be affected.
a3e0bd35e18db8d27c9c10475a90db33972c41764401685daf843f8770832532
Secunia Research has discovered multiple vulnerabilities in LibRaw, which can be exploited by malicious people to cause a DoS (Denial of Service). A type confusion error within the "unpacked_load_raw()" function (internal/dcraw_common.cpp) can be exploited to trigger an infinite loop. An error within the "parse_rollei()" function (internal/dcraw_common.cpp) can be exploited to trigger an infinite loop. An error within the "parse_sinar_ia()" function (internal/dcraw_common.cpp) can be exploited to exhaust available CPU resources. The vulnerabilities are confirmed in version 0.19.0 and reported in versions prior to 0.19.1.
3db5c91bb6c24888166cacb845b1ca20edac2ec4797287c3534c7c75400e4192
Red Hat Security Advisory 2018-3843-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include denial of service and null pointer vulnerabilities.
24c105ddb0fdc5ca344569ee52fa527ba5e87cc14d0872695bdcd04d49254cdf
Red Hat Security Advisory 2018-3837-01 - Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically. Issues addressed include an information leakage vulnerability.
67b6c9709b4cc32ae29fa136f89639bdb330cd4a92370e48c6deb28ffbd5645d
Red Hat Security Advisory 2018-3838-01 - Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically. Issues addressed include an information leakage vulnerability.
216b698541f204cd77bbd73db491b87c343c3190e21eac68708424ddcd50df5f
Red Hat Security Advisory 2018-3835-01 - Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically. Issues addressed include an information leakage vulnerability.
2a94daecf51ca3dcddd8e0aedd95681c9f9b8f14a8ee04938db184638fb2648a
Red Hat Security Advisory 2018-3836-01 - Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically. Issues addressed include an information leakage vulnerability.
6088973fb3aff4c16c039efbc1c211150c71caee327c9cddb88887a4381c09f6
Red Hat Security Advisory 2018-3834-01 - The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Issues addressed include a bypass vulnerability.
f5f96e39e74386a862dbdf24dde2652838709fb7d29500c0d76bd6ebb2ae845e
Red Hat Security Advisory 2018-3833-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.4.0 ESR. Issues addressed include buffer overflow and use-after-free vulnerabilities.
abc39ad18277beaa29d946e69e22fe8100ab959716ff83f5434d7dad4b714ef1
Red Hat Security Advisory 2018-3831-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.4.0 ESR. Issues addressed include buffer overflow and use-after-free vulnerabilities.
fa4d0fb6edb9fcaa7acb22fc4880dbda65712b5a54c4433bd1aac71bf6472536
Red Hat Security Advisory 2018-3829-01 - Red Hat Gluster Storage Web Administration includes a fully automated setup based on Ansible and provides deep metrics and insights into active Gluster storage pools by using the Grafana platform. Red Hat Gluster Storage Web Administration provides a dashboard view which allows an administrator to get a view of overall gluster health in terms of hosts, volumes, bricks, and other components of GlusterFS. Issues addressed include a bypass vulnerability.
8459d9467a8d4f4ae1d43a3a10fdd1149e3bf9c0c7b5aca81ae4d54af0046db2
Gentoo Linux Security Advisory 201812-8 - A vulnerability in Scala could result in privilege escalation. Versions less than 2.12.4 are affected.
22d1c878cf3f86d4309101cfc5cc62eaef85f0bbe8e3dc3bdab52761ba7a7229
Gentoo Linux Security Advisory 201812-7 - Multiple vulnerabilities have been found in SpamAssassin, the worst of which may lead to remote code execution. Versions prior to 3.4.2-r2 are affected.
dba3bc0701b30e7316c68239dcb0b2c5d166d8e853ad177d8d8611f3d01fb659
Gentoo Linux Security Advisory 201812-6 - Multiple vulnerabilities have been found in CouchDB, the worst of which could lead to the remote execution of code. Versions less than or equal to 2.1.2 are affected.
e0f321bad719c25fba4a870aa7db419a011e19fd771faa66863daab3b0fd1ce7
WebKitGTK+ and WPE WebKit suffer from multiple memory corruption vulnerabilities that can lead to code execution.
a7ec001ae70f4424c933c3e526ad4f1f1edfb80ffe8e45ec92f1ffebddd58f71
Micro Focus Security Bulletin MFSBGN03835 1 - The SSC REST API contains Insecure Direct Object Reference (IDOR) vulnerabilities that allow authenticated users access to arbitrary details of the Local and LDAP users via POST method and to arbitrary details of other user's Fortify projects via GET method. Revision 1 of this advisory.
78602ef0efd0605008f1fbce59841d535c41dd7f6c75375c80f990b66f399b5c
Micro Focus Security Bulletin MFSBGN03837 1 - A vulnerabilities in Apache Tomcat was addressed by Micro Focus Network Node Manager i. The vulnerability could be exploited Remote Cross-Site Scripting (XSS) and Remote Disclosure of Information. Revision 1 of this advisory.
69bad3da3d6d506035ef6a4b85f35bec78121f1787146f7b5587ba63b5f9d04d
Red Hat Security Advisory 2018-3816-01 - Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller framework for web application development. Action Pack implements the controller and the view components. Issues addressed include memory disclosure and client-side security problems.
5babb9742f0b837b18016ae6e3fd236587c37fab6420f152508b801587269e6c
Debian Linux Security Advisory 4354-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code or bypass of the same-origin policy.
d4abe9fb775b7447462f9534ef3304643476701c50f56da8f4238dcf00de841b
Red Hat Security Advisory 2018-3822-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include an use-after-free vulnerability.
2c75e8a0c4daa00265bfac5900dda74d873669e6e611b64f788b2b86a15f96e7
Red Hat Security Advisory 2018-3823-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include an use-after-free vulnerability.
30befba6188da69a809e66cefa93e12c83bfc4f4ca6df6f16330d33155190dac
Slackware Security Advisory - New mozilla-firefox packages are available for Slackware 14.2 and -current to fix security issues.
c879ec048793b84c4086c75f0c15ae93fcef31d64fd372f00fe433ec923a50d8
Ubuntu Security Notice 3845-1 - Eyal Itkin discovered FreeRDP incorrectly handled certain stream encodings. A malicious server could use this issue to cause FreeRDP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only applies to Ubuntu 18.04 LTS and Ubuntu 18.10. Eyal Itkin discovered FreeRDP incorrectly handled bitmaps. A malicious server could use this issue to cause FreeRDP to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.
700e7cd7426950be3745ea829c1727c1dce803c11dbc707bc426e6d5df75b186