Ubuntu Security Notice 4036-1 - Erik Olof Gunnar Andersson discovered that OpenStack Neutron incorrectly handled certain security group rules in the iptables firewall module. An authenticated attacker could possibly use this issue to block further application of security group rules for other instances.
e4e59fbad634306202b9b1275923fc716c0b615791f01c6e7aa73e2b89177a0b
Ubuntu Security Notice 4034-1 - It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the program. Due to a large number of issues discovered in GhostScript that prevent it from being used by ImageMagick safely, the update for Ubuntu 18.10 and Ubuntu 19.04 includes a default policy change that disables support for the Postscript and PDF formats in ImageMagick. This policy can be overridden if necessary by using an alternate ImageMagick policy configuration. Various other issues were also addressed.
ecf3a57b2183bd65d70fdbbe614267c9c6cd7c405ee6f4ce6e0d3d339ad01411
Ubuntu Security Notice 4037-1 - The policykit-desktop-privileges Startup Disk Creator policy allowed administrative users to overwrite disks. As a security improvement, this operation now requires authentication.
c5f3ca2d62880c10f006e915b63814648747d70ea633f8c5229865fda1477d3e
Red Hat Security Advisory 2019-1594-01 - The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. Issues addressed include a denial of service vulnerability.
42cc94d32edd63d60d4201b04d197d324050b9d1d3c45b0f2c6a12cc47a4bf7f
Ubuntu Security Notice 4033-1 - It was discovered that a libmysofa component does not properly validate multiplications and additions, and may crash with some specific input.
09c6ad3c40f1db2d8e16728433af45b79bd7368acb7ca9b9293a6890e680a595
Ubuntu Security Notice 4032-1 - It was discovered that a sandboxed child process could open arbitrary web content in the parent process via the Prompt:Open IPC message. When combined with another vulnerability, an attacker could potentially exploit this to execute arbitrary code.
cd8ca7fe3ccaf00cdf3dfc9530b3270fc8e08916ef3075cbfc3c15f9bdf7a79f
Ubuntu Security Notice 4031-1 - It was discovered that the Linux kernel did not properly separate certain memory mappings when creating new userspace processes on 64-bit Power systems. A local attacker could use this to access memory contents or cause memory corruption of other processes on the system.
c29a8b0fea956d911595a73c3f67d6fdbc5407536f94826edbbc54f9d5c4a7da
Apple Security Advisory 2019-6-20-1 - AirPort Base Station Firmware Update 7.8.1 is now available and addresses denial of service and null pointer vulnerabilities.
2950ca97cab531b3e2e2e4562a29b089f3150156b9d3f50c8474c0dfa28ab883
Ubuntu Security Notice 4030-1 - It was discovered that web2py does not properly check denied hosts before verifying passwords. An attacker could possibly use this issue to perform brute-force attacks. It was discovered that web2py allows remote attackers to obtain environment variable values. An attacker could possibly use this issue to gain administrative access. It was discovered that web2py uses a hardcoded encryption key. An attacker could possibly use this issue to execute arbitrary code. Various other issues were also addressed.
a99087702bd4f64f9a186902fa43b09a473e58c2c4153bcd31bfc5a32d36a29e
Debian Linux Security Advisory 4467-2 - The update for vim released as DSA 4467-1 introduced a regression which broke syntax highlighting in some circumstances. Updated vim packages are now available to correct this issue.
7ffecaca630e2663a76860238eae9cac1f5902a80bef104d2e2fbb7bf4e233f8
Slackware Security Advisory - New mozilla-thunderbird packages are available for Slackware 14.2 and -current to fix a security issue.
b47d7df6556725e46113ce7a9f4050b612e0a4f0d34456f40e8a05665685954a
Slackware Security Advisory - New mozilla-firefox packages are available for Slackware 14.2 and -current to fix a security issue.
add5ad3d3c6c79a4ce2b1532f6867b86792f90cc9a71d0b6e4f832b2af955b62
Quarking Password Manager version 3.1.84 suffers from a clickjacking vulnerability.
2eb040e7b84001af8f775088b15f1c372884013e577cbf592a2d990759f1d7aa
Debian Linux Security Advisory 4470-1 - Two vulnerabilities have been discovered in pdns, an authoritative DNS server which may result in denial of service via malformed zone records and excessive NOTIFY packets in a master/slave setup.
54503060a7cace881585fb8d8ed4c053ed482cb9a175cd954b394f883ed56501
Debian Linux Security Advisory 4469-1 - Two vulnerabilities were discovered in Libvirt, a virtualisation abstraction library, allowing an API client with read-only permissions to execute arbitrary commands via the virConnectGetDomainCapabilities API, or read or execute arbitrary files via the virDomainSaveImageGetXMLDesc API.
f317c18ff7cf94b2090ee036440e15b8ca405088d3e480e1e607c181d98807a0
Debian Linux Security Advisory 4468-1 - A path traversal vulnerability due to an unsanitized POST parameter was discovered in php-horde-form, a package providing form rendering, validation, and other functionality for the Horde Application Framework. An attacker can take advantage of this flaw for remote code execution.
0bc3d0e5e086d57acdd3bcc99ace1c5c1b9bfdf676e0a52c87360b551e12969b
Debian Linux Security Advisory 4447-2 - DSA 4447-1 shipped updated CPU microcode for most types of Intel CPUs as mitigations for the MSBDS, MFBDS, MLPDS and MDSUM hardware vulnerabilities.
a5902e9935ec54ff69e6f1affec6dc016f6d0b7266bea6bb48e254b1709dfc50
FreeBSD Security Advisory - While processing acknowledgements, the RACK code uses several linked lists to maintain state entries. A malicious attacker can cause the lists to grow unbounded. This can cause an expensive list traversal on every packet being processed, leading to resource exhaustion and a denial of service. An attacker with the ability to send specially crafted TCP traffic to a victim system can degrade network performance and/or consume excessive CPU by exploiting the inefficiency of traversing the potentially very large RACK linked lists with relatively small bandwidth cost.
85f2ffcf89eae31c9b0babd62b1d66ae80b60a35fc0e3d2f7a258259db7a0aff
The affected ABB components implement hidden administrative accounts used during the provisioning phase of the HMI interface. These credentials allow the provisioning tool "Panel Builder 600" to flash a new interface and Tags (MODBUS coils) mapping to the HMI.
641a46252f672912e5381d2076081a87e7c263f215b0495b1012cb8757b1ddd0
Ubuntu Security Notice 3977-3 - USN-3977-1 and USN-3977-2 provided mitigations for Microarchitectural Data Sampling vulnerabilities in Intel Microcode for a large number of Intel processor families. This update provides the corresponding updated microcode mitigations for the Intel Sandy Bridge processor family Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Giorgi Maisuradze, Dan Horea Lutas, Andrei Lutas, Volodymyr Pikhur, Stephan van Schaik, Alyssa Milburn, Sebastian Ă–sterlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Moritz Lipp, Michael Schwarz, and Daniel Gruss discovered that memory previously stored in microarchitectural fill buffers of an Intel CPU core may be exposed to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. Various other issues were also addressed.
ed317ae7b7c572f26093fb0c8c309ac718b0e8bf9fb78afb3394a3f341283421
Red Hat Security Advisory 2019-1587-01 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.
987b58ef43f8bd96d39fc5779df1da0b6731fee650e8d6f95fdac81291447c8d
ABB HMI uses outdated software components that are statically linked into the firmware files and service binaries. These components have documented vulnerabilities and should be updated and replaced. It was possible to identify severally outdated OpenSSL (version 0.9.8g) and ABYSS HTTP (version 0.4) server components.
cad7c2fbbae341fd60776b4bb48d4026c7c1d00b91347c7ecd5ebdd509988332
Slackware Security Advisory - New bind packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix a denial-of-service security issue.
c55130c9e5f99421d294ecdbfe9ae5d293d376a1e44de2a7c87a8cdbb44d7f1c
Ubuntu Security Notice 4023-1 - It was discovered that Mosquitto broker incorrectly handled certain specially crafted input and network packets. A remote attacker could use this to cause a denial of service.
c97693cd1012a8b7453e4c74bb72ca3bcf0b9eb43c05d0823464bb754158ece0
Red Hat Security Advisory 2019-1580-01 - The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. File read and write along with command execution vulnerabilities were addressed.
d64cc56e08dc53f31c705bb755468d2fe24eff552c6255d61cbb86dece94ee74