Debian Linux Security Advisory 4473-1 - Multiple security issues were found in the rdesktop RDP client, which could result in denial of service and the execution of arbitrary code.
8c78b2006612b15ce35e2d55613451e342d36505cf13b9c7af35b24a67225bf2Ubuntu Security Notice 4041-1 - USN-4017-1 fixed vulnerabilities in the Linux kernel for Ubuntu. Unfortunately, the update introduced a regression that interfered with networking applications that setup very low SO_SNDBUF values. This update fixes the problem. Jonathan Looney discovered that the Linux kernel could be coerced into segmenting responses into multiple TCP segments. A remote attacker could construct an ongoing sequence of requests to cause a denial of service. Various other issues were also addressed.
38c17aacbb7b32c138b118b5a4022a5ed59168bcf511fb1f084a35b7d0a6e202Ubuntu Security Notice 4041-2 - USN-4041-1 provided updates for the Linux kernel in Ubuntu. This update provides the corresponding updates for the Linux kernel for Ubuntu 16.04 ESM. USN-4017-2 fixed vulnerabilities in the Linux kernel. Unfortunately, the update introduced a regression that interfered with networking applications that setup very low SO_SNDBUF values. This update fixes the problem. Various other issues were also addressed.
c7d4a3aaf64ac902122bdf9096c8ee39c4b00b7f851ae0fa3d01c3b2b30e7b7bDebian Linux Security Advisory 4472-1 - It was discovered that Expat, an XML parsing C library, did not properly handled XML input including XML names that contain a large number of colons, potentially resulting in denial of service.
fdaf8b352e1a0724c793ebdb3d309b230cc30c98f3b6142e34bb3151eafef9a5There is a security issue where Google Chrome's PDF plugin is allowed to use the Pepper Socket API. Patches are included in this archive.
ad0eefb7789dc829f60df188dd516da0493ea392c5b128c25d5466f89a05305fRed Hat Security Advisory 2019-1626-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 60.7.2. Issues addressed include a buffer overflow vulnerability.
8b9b8d6cf3822cc19ee197bca2a176146e339b89f859f9e5e5358cb75d1c8c64Ubuntu Security Notice 4042-1 - It was discovered that poppler incorrectly handled certain files. If a user or automated system were tricked into opening a crafted PDF file, an attacker could cause a denial of service, or possibly execute arbitrary code
8c42095fc6d39595d3a76ea8338a85836c2746512cdbb94767ed708fe9698766Red Hat Security Advisory 2019-1623-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 60.7.2. Issues addressed include a buffer overflow vulnerability.
a862b1d7e05af64177914350e809feb8d4aba2124b6e1b3bbfc12c843966458eRed Hat Security Advisory 2019-1632-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Issues addressed include an arbitrary file write vulnerability.
226035287bcd1c0d5089dd0ac15a540d945caf292909d2017b8aa39d1aa1fd1dRed Hat Security Advisory 2019-1633-01 - Red Hat OpenShift Container Platform is the company's cloud computing Platform-as-a-Service solution designed for on-premise or private cloud deployments. All OpenShift Container Platform 3.11 users are advised to upgrade to these updated packages and images. Issues addressed include an arbitrary file write vulnerability.
e6e8443c43325cc60b6222e6c7230d0d41b7cf0326abd29df0ecf5a18961512cRed Hat Security Advisory 2019-1624-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 60.7.2. Issues addressed include a buffer overflow vulnerability.
a32ac12e95b7d4d2133ede322d4ddb074852b0bb68a2a054b2117624ff9845bbRed Hat Security Advisory 2019-1619-01 - Vim is an updated and improved version of the vi editor. An arbitrary command execution vulnerability was addressed.
9f78b10b162715918d81c097d8a31392be9856d214d5b08414c63816c9ec453dUbuntu Security Notice 4040-1 - It was discovered that Expat incorrectly handled certain XML files. An attacker could possibly use this issue to cause a denial of service.
251b85a8c68321ea23a55c52e49629c8a3a25fa86fb47f440c3f071922997ed6Ubuntu Security Notice 4040-2 - USN-4040-1 fixed a vulnerability in expat. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. It was discovered that Expat incorrectly handled certain XML files. An attacker could possibly use this issue to cause a denial of service.
f1885e6f06f6f2c730d8efe155ac5f1c76f1b005205c7c8535cdc2920730fa9fRed Hat Security Advisory 2019-1591-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. An issue was addressed where OAuth access tokens were written in plaintext to the API server audit logs.
875ed960bd02e2d6da0aadd2d47f0640ff931c963517d678060c39a77a556906Coldfusion versions 2016 and 2018 along with all current versions of JNBridge suffer from a remote code execution vulnerability.
f87b353777ae773d0c72b225ac02ae458075bc752b4b21bb6aaa070c2db3e58dUbuntu Security Notice 4038-2 - USN-4038-1 fixed several vulnerabilities in bzip2. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Aladdin Mubaied discovered that bzip2 incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service. Various other issues were also addressed.
5af3e4ba4c76321d949ac85669ff8c915024913a50dfa3112a979a45608c3dbeUbuntu Security Notice 4038-1 - Aladdin Mubaied discovered that bzip2 incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 LTS. It was discovered that bzip2 incorrectly handled certain files. An attacker could possibly use this issue to execute arbitrary code.
674256554b4a99a71c6d4e0f37049b77acba8fba7440b2a3d70deab7378c171bAMD Secure Encrypted Virtualization (SEV) is a hardware memory encryption feature. SEV protects guest virtual machines from the hypervisor, provides confidentiality guarantees at runtime and remote attestation at launch time. The SEV elliptic-curve (ECC) implementation was found to be vulnerable to an invalid curve attack. At launch-start command, an attacker can send small order ECC points not on the official NIST curves, and force the SEV firmware to multiply a small order point by the firmware's private DH scalar. By collecting enough modular residues, an attacker can recover the complete PDH private key. With the PDH, an attacker can recover the session key and the VM's launch secret. This breaks the confidentiality guarantees offered by SEV.
54e8e560ed6f2e12e8bd0223096ce8c586842a0a89aebf2c3ac2adafd44af784WebEx appears to suffer from man-in-the-middle attacks due to accepting any TLS certificates as valid.
22e3cd7a64dcb66910ad59f0e79c228bad57d0d9720924bbaa649a7da3e814a8Red Hat Security Advisory 2019-1603-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.7.2 ESR.
1c3f2ab92856bea753598266e0cc7112742e48a1357ca4f5bcdf1245036a66c2Red Hat Security Advisory 2019-1604-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.7.2 ESR.
efd19650a5c49f811bbd4c75bac4c43febd3026a5a92342fc9aa1c76b748f966Red Hat Security Advisory 2019-1602-01 - The kernel-alt packages provide the Linux kernel version 4.x. Issues addressed include a denial of service vulnerability.
44681c017f6cb6453545b8a6d66047878734200ddb425c65cba895080004b65aDebian Linux Security Advisory 4471-1 - Multiple security issues have been found in Thunderbird which may lead to the execution of arbitrary code if malformed email messages are read.
4efa717e1288d15a4d933ab0a6403d42fc7d8662286f3a6e0d8b5818ccf16912Ubuntu Security Notice 4035-1 - It was discovered that Ceph incorrectly handled read only permissions. An authenticated attacker could use this issue to obtain dm-crypt encryption keys. This issue only affected Ubuntu 16.04 LTS. It was discovered that Ceph incorrectly handled certain OMAPs holding bucket indices. An authenticated attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 LTS. Various other issues were also addressed.
85436c925c63103095d0ad444af8d9ef4922926097f5c1fdde3ab59dcf521e93
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed