Debian Linux Security Advisory 4454-1 - Multiple security issues were discovered in QEMU, a fast processor emulator, which could result in denial of service, the execution of arbitrary code or information disclosure.
cba000ba6722bbd7ea6515d914172a949427ee73bb4a672c4b7065b7f6df2144Red Hat Security Advisory 2019-1301-01 - In accordance with the Red Hat Enterprise Linux Errata Support Policy, Update Services for SAP Solutions and Telecommunications Update Service for Red Hat Enterprise Linux 7.2 will retire as of November 30, 2019, and active support will no longer be provided. Accordingly, Red Hat will no longer provide updated packages, including Critical Impact security patches or Urgent Priority bug fixes, for Red Hat Enterprise Linux 7.2 E4S/TUS after November 30, 2019.
759b4037201532950516a35b8ca30f4471a3018e586e9b5a6350034e5afb51c2Ubuntu Security Notice 4001-2 - USN-4001-1 fixed a vulnerability in libseccomp. This update provides the corresponding update for Ubuntu 14.04 ESM. Jann Horn discovered that libseccomp did not correctly generate 64-bit syscall argument comparisons with arithmetic operators. An attacker could use this to bypass intended access restrictions for argument-filtered system calls. Various other issues were also addressed.
3783ae85bece13ddc1bd387465ffc67476ccb3ef43cf43c7d11db72875308e08Ubuntu Security Notice 4001-1 - Jann Horn discovered that libseccomp did not correctly generate 64-bit syscall argument comparisons with arithmetic operators. An attacker could use this to bypass intended access restrictions for argument-filtered system calls.
23b5565883c626d654d99f5b47bd16b675b6316293fe57bab66ec2f2bf383ccfApple Security Advisory 2019-5-30-1 - AirPort Base Station Firmware Update 7.9.1 is now available and addresses denial of service and null pointer vulnerabilities.
ead3e64a1df5a23dbae0304aa37b171e1b4cd8638f201614e6039b89d97eb71cRed Hat Security Advisory 2019-1300-01 - The golang packages provide the Go programming language compiler. A CRLF injection vulnerability was addressed.
fcfb9b11e754de6acde5f5711738b28db0b8c980db8ae55a1bed6f1751c95b3dRed Hat Security Advisory 2019-1297-01 - Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.29 Service Pack 2 serves as an update to Red Hat JBoss Core Services Apache HTTP Server 2.4.29, and includes bug fixes for CVEs which are linked to in the References section. It addresses denial of service and privilege escalation vulnerabilities.
1d3819c3a795696655f8712247c8df410655f69b1a073bb7b1b32d9271562472Ubuntu Security Notice 3999-1 - Eyal Ronen, Kenneth G. Paterson, and Adi Shamir discovered that GnuTLS was vulnerable to a timing side-channel attack known as the "Lucky Thirteen" issue. A remote attacker could possibly use this issue to perform plaintext-recovery attacks via analysis of timing data. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Tavis Ormandy discovered that GnuTLS incorrectly handled memory when verifying certain X.509 certificates. A remote attacker could use this issue to cause GnuTLS to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 LTS, Ubuntu 18.10, and Ubuntu 19.04. Various other issues were also addressed.
b8834a0c4a4415f7835754310e5da31860dabee4b26c193e7e1297853870b1e3Ubuntu Security Notice 3998-1 - Marcus Brinkmann discovered that Evolution Data Server did not correctly interpret the output from GPG when decrypting encrypted messages. Under certain circumstances, this could result in displaying clear-text portions of encrypted messages as though they were encrypted.
a09e5bf9ba77f79e2d94d072ce94f1565e935907c3b4ee8590c752d4ac31390aRed Hat Security Advisory 2019-1294-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. A rate limiting control is bind has been addressed.
00804d19c6027ea6b15b335ac6ef1890c2ac42d72398e97a5a536f4bdaf742abUbuntu Security Notice 3968-2 - USN-3968-1 fixed a vulnerability in Sudo. This update provides the corresponding update for Ubuntu 14.04 ESM. It was discovered that Sudo did not properly parse the contents of /proc/[pid]/stat when attempting to determine its controlling tty. A local attacker in some configurations could possibly use this to overwrite any file on the filesystem, bypassing intended permissions. Various other issues were also addressed.
0093bfbeb408adc4537ce742a490ea2bd368c94a73c936eeb203d7ba7b8ad128Ubuntu Security Notice 4000-1 - It was discovered that Corosync incorrectly handled certain requests. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code.
ce5d4a0577521ada333b48609c10e67b091710bd990d956eb5d017d136689042Debian Linux Security Advisory 4453-1 - Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in denial of service or sandbox bypass.
3b1d45ee7bed0b1843338b8c5affa7db9159c74e5f49693308722e8631ba1213Red Hat Security Advisory 2019-1296-01 - Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. This release adds the new Apache HTTP Server 2.4.29 Service Pack 2 packages that are part of the JBoss Core Services offering. It serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.29 SP1, and includes bug fixes and enhancements. It addresses denial of service and privilege escalation vulnerabilities.
5ed148ee5c1aa1a8483ec13ffbf8a1df403d3b3e5e5aa321f31d0c7e9dc09b53Ubuntu Security Notice 3996-1 - Kuang-che Wu discovered that GNU Screen improperly handled certain input. An attacker could use this issue to cause GNU Screen to crash, resulting in a denial of service or the execution of arbitrary code.
7b9320a5e5a4b7de01fa3fdcf0fb52e7d67debc5a6b5cb03939a66b67a68318dRed Hat Security Advisory 2019-1289-01 - Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller framework for web application development. Action Pack implements the controller and the view components. Issues addressed include denial of service and traversal vulnerabilities.
295e04ff44625fe2b1afd775f67a1695a4c5c80d13c93f4b05ff3c6cc820a505Ubuntu Security Notice 3997-1 - Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, bypass same-origin protections, or execute arbitrary code. Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit these to cause a denial of service, or execute arbitrary code. Various other issues were also addressed.
b764bdd9b19cdcfafdbccefdf2eb5c2ed724329c12fa5941a2657ae46e5e37f6Ubuntu Security Notice 3845-2 - USN-3845-1 fixed several vulnerabilities in FreeRDP. This update provides the corresponding update for Ubuntu 18.04 LTS and Ubuntu 18.10. Eyal Itkin discovered FreeRDP incorrectly handled certain stream encodings. A malicious server could use this issue to cause FreeRDP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only applies to Ubuntu 18.04 LTS and Ubuntu 18.10. Eyal Itkin discovered FreeRDP incorrectly handled bitmaps. A malicious server could use this issue to cause FreeRDP to crash, resulting in a denial of service, or possibly execute arbitrary code. Eyal Itkin discovered FreeRDP incorrectly handled certain stream encodings. A malicious server could use this issue to cause FreeRDP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only applies to Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 18.10. Eyal Itkin discovered FreeRDP incorrectly handled NTLM authentication. A malicious server could use this issue to cause FreeRDP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only applies to Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 18.10. Various other issues were also addressed.
03e0f2b0386c71326f3ec2373603df509289258f73ad85d03b0eb3bd88fa9b0eUbuntu Security Notice 3995-2 - USN-3995-1 fixed a vulnerability in keepalived. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. It was discovered that Keepalived incorrectly handled certain HTTP status response codes. A remote attacker could use this issue to cause Keepalived to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.
4f93c2c4c34be89ed55ee6d2a814d652253d98f3a1900c1ee4ac0f6b9dd09556Apple Security Advisory 2019-5-28-1 - iTunes for Windows 12.9.5 is now available and addresses code execution vulnerabilities.
a8cf3707208972e2c01ab0be87b5f8b46d4589494882930c1bde0e5d27962e38Apple Security Advisory 2019-5-28-2 - iCloud for Windows 7.12 is now available and addresses code execution vulnerabilities.
7a79e52f2785aa6d771b3218d0126c9cd1cf4aa23fb826e3656bc0117dd41406Ubuntu Security Notice 3995-1 - It was discovered that Keepalived incorrectly handled certain HTTP status response codes. A remote attacker could use this issue to cause Keepalived to crash, resulting in a denial of service, or possibly execute arbitrary code.
c0dc9161b56ac48d55fb115a08e9b77ff54c8e156710a2d28f705f1b9214d473Ubuntu Security Notice 3994-1 - It was discovered that gnome-desktop incorrectly confined thumbnailers. If a user were tricked into downloading a malicious image file, a remote attacker could possibly combine this issue with another vulnerability to escape the sandbox and execute arbitrary code.
1018f3ae838baa4f9ba594a0b9922da811a898b5eaaf8c3eec81bdfd8ba76ec9Ubuntu Security Notice 3976-3 - USN-3976-1 fixed a vulnerability in Samba. The update introduced a regression causing Samba to occasionally crash. This update fixes the problem. Isaac Boukris and Andrew Bartlett discovered that Samba incorrectly checked S4U2Self packets. In certain environments, a remote attacker could possibly use this issue to escalate privileges. Various other issues were also addressed.
2a6abbec95c2938afeecb24ee0db16ac0d47ad6913da4ca13ae8d7aedadaaf4aJavaScript V8 Turbofan may read a Map pointer out-of-bounds when optimizing Reflect.construct.
d311bfc7e073e0c75b323b15851c846fd853b8cc1624285339ab7bbf990ab06e
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed