| Debian: DSA-4167-1: sharutils security update (Apr 5) |
| A buffer-overflow vulnerability was discovered in Sharutils, a set of utilities handle Shell Archives. An attacker with control on the input of the unshar command, could crash the application or execute arbitrary code in the its context.
|
| Debian: DSA-4165-1: ldap-account-manager security update (Apr 4) |
| Michal Kedzior found two vulnerabilities in LDAP Account Manager, a web front-end for LDAP directories. CVE-2018-8763
|
| Debian: DSA-4164-1: apache2 security update (Apr 3) |
| Several vulnerabilities have been found in the Apache HTTPD server. CVE-2017-15710
|
| Debian: DSA-4163-1: beep security update (Apr 2) |
| It was discovered that a race condition in beep (if configured as setuid via debconf) allows local privilege escalation. For the oldstable distribution (jessie), this problem has been fixed
|
| Debian: DSA-4162-1: irssi security update (Apr 1) |
| Multiple vulnerabilities have been discovered in Irssi, a terminal-based IRC client which can result in denial of service. For the stable distribution (stretch), these problems have been fixed in
|
| Debian: DSA-4160-1: libevt security update (Apr 1) |
| It was discovered that insufficient input sanitising in libevt, a library to access the Windows Event Log (EVT) format, could result in denial of service or the execution of arbitrary code if a malformed EVT file is processed.
|
| Debian: DSA-4159-1: remctl security update (Apr 1) |
| Santosh Ananthakrishnan discovered a use-after-free in remctl, a server for Kerberos-authenticated command execution. If the command is configured with the sudo option, this could potentially result in the execution of arbitrary code.
|
| Debian: DSA-4161-1: python-django security update (Apr 1) |
| James Davis discovered two issues in Django, a high-level Python web development framework, that can lead to a denial-of-service attack. An attacker with control on the input of the django.utils.html.urlize() function or django.utils.text.Truncator's chars() and words() methods
|
| Debian: DSA-4158-1: openssl1.0 security update (Mar 29) |
| It was discovered that constructed ASN.1 types with a recursive definition could exceed the stack, potentially leading to a denial of service.
|
|
|
| Fedora 28: libidn Security Update (Apr 6) |
| Update to the latest upstream release, which fixes CVE-2017-14062.
|
| Fedora 28: koji Security Update (Apr 6) |
| Fixes for CVE-2018-1002150.
|
| Fedora 28: bchunk Security Update (Apr 6) |
| - spec cleanup, silent rpmlint - remove upstreamed patches, fixes rhbz #1507577 - update to 1.2.2
|
| Fedora 28: python3 Security Update (Apr 6) |
| Update to 3.6.5
|
| Fedora 27: httpd Security Update (Apr 5) |
| This update includes the latest upstream release of the Apache HTTP Server, version 2.4.33. A number of security vulnerabilities are fixed in this release: * *Low*: Possible out of bound read in mod_cache_socache (CVE-2018-1303) * *Low*: Possible out of bound access after failure in reading the HTTP request (CVE-2018-1301) * *Low*: Weak Digest auth nonce generation in mod_auth_digest
|
| Fedora 27: mod_http2 Security Update (Apr 5) |
| This update includes the latest upstream release of mod_http2, version 1.10.16. This includes a security fix (CVE-2018-1302): When an HTTP/2 stream was destroyed after being handled, mod_http2 could have written a NULL pointer potentially to an already freed memory. The memory pools maintained by the server make this vulnerabilty hard to trigger in usual configurations, the
|
|
|
| Gentoo: GLSA-201804-02: glibc: Multiple vulnerabilities (Apr 4) |
| Multiple vulnerabilities have been found in glibc, the worst of which could allow remote attackers to execute arbitrary code.
|
| Gentoo: GLSA-201804-01: libxslt: Multiple vulnerabilities (Apr 4) |
| Multiple vulnerabilities were discovered in libxslt, the worst of which may allow a remote attacker to execute arbitrary code.
|
|
|
| RedHat: RHSA-2018-0647:01 Important: thunderbird security update (Apr 5) |
| An update for thunderbird is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
|
| RedHat: RHSA-2018-0648:01 Important: thunderbird security update (Apr 5) |
| An update for thunderbird is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
|
| RedHat: RHSA-2018-0649:01 Important: libvorbis security update (Apr 5) |
| An update for libvorbis is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
|
| RedHat: RHSA-2018-0646:01 Low: python-paramiko security update (Apr 5) |
| An update for python-paramiko is now available for Red Hat Ansible Engine 2 for RHEL 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which
|
| RedHat: RHSA-2018-0627:01 Important: Red Hat JBoss Enterprise Application (Apr 3) |
| An update is now available for Red Hat JBoss Enterprise Application Platform 6.4 for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact
|
| RedHat: RHSA-2018-0628:01 Important: Red Hat JBoss Enterprise Application (Apr 3) |
| An update is now available for Red Hat JBoss Enterprise Application Platform 7.1 for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| RedHat: RHSA-2018-0630:01 Important: Red Hat JBoss Enterprise Application (Apr 3) |
| Updated packages that provide Red Hat JBoss Enterprise Application Platform 6.4 and fix three security issues, several bugs, and add various enhancements are now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having a security impact
|
| RedHat: RHSA-2018-0629:01 Important: Red Hat JBoss Enterprise Application (Apr 3) |
| An update is now available for Red Hat JBoss Enterprise Application Platform 7.1 for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
|
|
| SUSE: 2018:0879-1: important: apache2 (Apr 5) |
| An update that solves 6 vulnerabilities and has one errata is now available.
|
| SUSE: 2018:0873-1: important: python-paramiko (Apr 4) |
| An update that fixes one vulnerability is now available.
|
| SUSE: 2018:0866-1: important: coreutils (Apr 4) |
| An update that fixes one vulnerability is now available.
|
| SUSE: 2018:0863-1: important: clamav (Apr 3) |
| An update that fixes 5 vulnerabilities is now available.
|
| SUSE: 2018:0861-1: important: libvirt (Apr 3) |
| An update that solves three vulnerabilities and has two fixes is now available.
|
| openSUSE: 2018:0855-1: important: memcached (Mar 30) |
| An update that fixes one vulnerability is now available.
|
| openSUSE: 2018:0851-1: important: LibVNCServer (Mar 30) |
| An update that fixes three vulnerabilities is now available.
|
| SUSE: 2018:0848-1: important: the Linux Kernel (Mar 29) |
| An update that solves 19 vulnerabilities and has 16 fixes is now available.
|
| SUSE: 2018:0844-1: important: python-paramiko (Mar 29) |
| An update that fixes one vulnerability is now available.
|
| SUSE: 2018:0841-1: important: the Linux Kernel (Mar 29) |
| An update that solves 9 vulnerabilities and has 41 fixes is now available.
|
| SUSE: 2018:0839-1: important: memcached (Mar 29) |
| An update that fixes one vulnerability is now available.
|
| SUSE: 2018:0838-1: important: libvirt (Mar 29) |
| An update that solves three vulnerabilities and has two fixes is now available.
|
|
|
| Ubuntu 3619-2: Linux kernel (Xenial HWE) vulnerabilities (Apr 5) |
| Several security issues were fixed in the Linux kernel.
|
| Ubuntu 3621-1: Ruby vulnerabilities (Apr 5) |
| Several security issues were fixed in Ruby.
|
| Ubuntu 3620-2: Linux kernel (Trusty HWE) vulnerabilities (Apr 5) |
| Several security issues were fixed in the Linux kernel.
|
| Ubuntu 3617-3: Linux kernel (Raspberry Pi 2) vulnerabilities (Apr 4) |
| Several security issues were fixed in the Linux kernel.
|
| Ubuntu 3619-1: Linux kernel vulnerabilities (Apr 4) |
| Several security issues were fixed in the Linux kernel.
|
| Ubuntu 3620-1: Linux kernel vulnerabilities (Apr 4) |
| Several security issues were fixed in the Linux kernel.
|
| Ubuntu 3617-2: Linux (HWE) vulnerabilities (Apr 3) |
| Several security issues were fixed in the Linux kernel.
|
| Ubuntu 3617-1: Linux kernel vulnerabilities (Apr 3) |
| Several security issues were fixed in the Linux kernel.
|
| Ubuntu 3613-1: OpenJDK 8 vulnerabilities (Apr 2) |
| Several security issues were fixed in OpenJDK 8.
|
| Ubuntu 3614-1: OpenJDK 7 vulnerabilities (Apr 2) |
| Several security issues were fixed in OpenJDK 7.
|
| Ubuntu 0036-1: Linux kernel vulnerability (Apr 2) |
| Several security issues were fixed in the kernel.
|
| Ubuntu 3587-2: Dovecot vulnerabilities (Apr 2) |
| Several security issues were fixed in Dovecot.
|
| Ubuntu 3531-3: intel-microcode update (Mar 29) |
| The system could be made to expose sensitive information.
|
|
|
| ArchLinux: 201804-1: drupal: arbitrary code execution (Apr 4) |
| The package drupal before version 8.5.1-1 is vulnerable to arbitrary code execution.
|
|
|
| SciLinux: Important: thunderbird on SL7.x x86_64 (Apr 6) |
| This update upgrades Thunderbird to version 52.7.0. * Mozilla: Memory safety bugs fixed in Firefox 59 and Firefox ESR 52.7 (MFSA 2018-07) (CVE-2018-5125) * Mozilla: Memory safety bugs fixed in Firefox ESR 52.7 (MFSA 2018-07) (CVE-2018-5145) * Mozilla: Vorbis audio processing out of bounds write (MFSA 2018-08) (CVE-2018-5146) * Mozilla: Buffer overflow manipulating SVG animatedPathSegList (MF [More...]
|
| SciLinux: Important: thunderbird on SL6.x i386/x86_64 (Apr 6) |
| This update upgrades Thunderbird to version 52.7.0. * Mozilla: Memory safety bugs fixed in Firefox 59 and Firefox ESR 52.7 (MFSA 2018-07) (CVE-2018-5125) * Mozilla: Memory safety bugs fixed in Firefox ESR 52.7 (MFSA 2018-07) (CVE-2018-5145) * Mozilla: Vorbis audio processing out of bounds write (MFSA 2018-08) (CVE-2018-5146) * Mozilla: Buffer overflow manipulating SVG animatedPathSegList (MF [More...]
|
| SciLinux: Important: libvorbis on SL6.x i386/x86_64 (Apr 5) |
| Mozilla: Vorbis audio processing out of bounds write (MFSA 2018-08) (CVE-2018-5146) SL6 x86_64 libvorbis-1.2.3-5.el6_9.1.i686.rpm libvorbis-1.2.3-5.el6_9.1.x86_64.rpm libvorbis-debuginfo-1.2.3-5.el6_9.1.i686.rpm libvorbis-debuginfo-1.2.3-5.el6_9.1.x86_64.rpm libvorbis-devel-1.2.3-5.el6_9.1.i686.rpm libvorbis-devel-1.2.3-5.el6_9.1.x86_64.rpm i386 libvorbis-1.2.3 [More...]
|
|
|
| Debian LTS: DLA-1339-1: openjdk-7 security update (Apr 3) |
| Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in denial of service, unauthorized access, sandbox bypass or HTTP header injection.
|
| Debian LTS: DLA-1338-1: beep security update (Apr 3) |
| It was discovered that there was a local privilege escalation vulnerability in beep, an "advanced PC speaker beeper". For Debian 7 "Wheezy", this issue has been fixed in beep version
|
| Debian LTS: DLA-1337-1: jruby security update (Apr 2) |
| Multiple vulnerabilities were found in the rubygems package management framework, embedded in JRuby, a pure-Java implementation of the Ruby programming language.
|
| Debian LTS: DLA-1336-1: rubygems security update (Apr 1) |
| Multiple vulnerabilities were found in rubygems, a package management framework for Ruby. CVE-2018-1000075
|
| Debian LTS: DLA-1335-1: zsh security update (Apr 1) |
| Two security vulnerabilities were discovered in the Z shell. CVE-2018-1071 Stack-based buffer overflow in the exec.c:hashcmd() function.
|
| Debian LTS: DLA-1334-1: mosquitto security update (Mar 31) |
| CVE-2017-7651 A crafted CONNECT packet from an unauthenticated client could result in extraordinary memory consumption.
|
| Debian LTS: DLA-1333-1: dovecot security update (Mar 31) |
| Several vulnerabilities have been discovered in the Dovecot email server. The Common Vulnerabilities and Exposures project identifies the following issues:
|
| Debian LTS: DLA-1332-1: libvncserver security update (Mar 31) |
| libvncserver version through 0.9.11. does not sanitize msg.cct.length which may result in access to uninitialized and potentially sensitive data or possibly unspecified other impact (e.g., an integer overflow) via specially crafted VNC packets.
|
| Debian LTS: DLA-1331-1: mercurial security update (Mar 30) |
| Mercurial version 4.5 and earlier contains a Incorrect Access Control (CWE-285) vulnerability in Protocol server that can result in Unauthorized data access. This attack appear to be exploitable via network connectivity. This vulnerability appears to have been fixed in
|
| Debian LTS: DLA-1330-1: openssl security update (Mar 30) |
| It was discovered that constructed ASN.1 types with a recursive definition could exceed the stack, potentially leading to a denial of service.
|
| Debian LTS: DLA-1328-1: xerces-c security update (Mar 29) |
| Alberto Garcia, Francisco Oca and Suleman Ali of Offensive Research discovered that the Xerces-C XML parser mishandles certain kinds of external DTD references, resulting in dereference of a NULL pointer while processing the path to the DTD. The bug allows for a denial of
|
| Debian LTS: DLA-1326-1: php5 security update (Mar 29) |
| Wei Lei and Liu Yang of Nanyang Technological University discovered a stack-based buffer overflow in PHP5 when parsing a malformed HTTP response which can be exploited to cause a denial-of-service.
|
| Debian LTS: DLA-1329-1: memcached security update (Mar 29) |
| memcached version prior to 1.4.37 contains an Integer Overflow vulnerability that can result in data corruption and deadlocks. This attack is exploitable via network connectivity to the memcached service.
|
| Debian LTS: DLA-1327-1: thunderbird security update (Mar 29) |
| Multiple security issues have been found in Thunderbird, which may lead to the execution of arbitrary code, denial of service or information disclosure.
|
| Debian LTS: DLA-1325-1: drupal7 security update (Mar 29) |
| Jasper Mattsson found a remote code execution vulnerability in the Drupal content management system. This potentially allows attackers to exploit multiple attack vectors on a Drupal site, which could result in the site being completely compromised.
|
Comments powered by CComment