Security

[SECURITY] [DSA 4187-1] linux security update

Security Alerts - Tue, 05/01/2018 - 23:08

Posted by Ben Hutchings on May 01

-------------------------------------------------------------------------
Debian Security Advisory DSA-4187-1 security () debian org
https://www.debian.org/security/ Ben Hutchings
May 01, 2018 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : linux
CVE ID : CVE-2015-9016 CVE-2017-0861...
Categories: Security

[SECURITY] [DSA 4188-1] linux security update

Security Alerts - Tue, 05/01/2018 - 22:58

Posted by Salvatore Bonaccorso on May 01

-------------------------------------------------------------------------
Debian Security Advisory DSA-4188-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
May 01, 2018 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : linux
CVE ID : CVE-2017-5715 CVE-2017-5753...
Categories: Security

CA20180501-01: Security Notice for CA Spectrum

Security Alerts - Tue, 05/01/2018 - 22:58

Posted by Kotas, Kevin J on May 01

CA20180501-01: Security Notice for CA Spectrum

Issued: May 1st, 2018
Last Updated: May 1st, 2018

CA Technologies Support is alerting customers to a potential risk
with CA Spectrum. A vulnerability exists that can allow an
unauthenticated remote attacker to cause a denial of service. CA has
solutions to resolve the vulnerability.

The vulnerability, CVE-2018-6589, occurs due to how a Spectrum
network service handles invalid data. A remote...
Categories: Security

Trovebox <= 4.0.0-rc6 Authentication Bypass, SQLi, SSRF

Security Alerts - Tue, 05/01/2018 - 22:51

Posted by robin . verton on May 01

Telekom Security
security.telekom.com

Advisory: Trovebox - Authentication Bypass, SQLi, SSRF
Release Date: 2018/04/30
Author: Robin Verton (robin.verton () telekom de)
CVE: requested

Application: Trovebox <= 4.0.0-rc6
Risk: Critical
Vendor Status: A fix was released on github.

Overview:

"Trovebox is software that helps you manage, organize and share...
Categories: Security

CVE-2016-6811: Apache Hadoop Privilege escalation vulnerability

Security Alerts - Tue, 05/01/2018 - 02:03

Posted by Akira Ajisaka on Apr 30

CVE-2016-6811: Apache Hadoop Privilege escalation vulnerability

Severity: Critical

Vendor: The Apache Software Foundation

Versions Affected:
All the Apache Hadoop versions from 2.2.0 to 2.7.3

Description:
A user who can escalate to yarn user can possibly run arbitrary commands as root user.

Mitigation:
Users should upgrade to 2.7.4 or upper.
If you are using the affected version of Apache Hadoop and there are
any users who can escalate to...
Categories: Security

[slackware-security] libwmf (SSA:2018-120-01)

Security Alerts - Tue, 05/01/2018 - 01:58

Posted by Slackware Security Team on Apr 30

[slackware-security] libwmf (SSA:2018-120-01)

New libwmf packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
14.2, and -current to fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/libwmf-0.2.8.4-i586-7_slack14.1.txz: Rebuilt.
Patched denial of service and possible execution of arbitrary code
security issues.
For more information, see:...
Categories: Security

[slackware-security] mozilla-firefox (SSA:2018-120-02)

Security Alerts - Tue, 05/01/2018 - 01:51

Posted by Slackware Security Team on Apr 30

[slackware-security] mozilla-firefox (SSA:2018-120-02)

New mozilla-firefox packages are available for Slackware 14.2 and -current to
fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/mozilla-firefox-52.7.4esr-i586-1_slack14.2.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:...
Categories: Security

Advisory - Sourcetree for Windows - CVE-2018-5226

Security Alerts - Mon, 04/30/2018 - 03:57

Posted by Atlassian on Apr 30

This email refers to the advisory found at
https://confluence.atlassian.com/x/ERyUO .

CVE ID:

* CVE-2018-5226.

Product: Sourcetree for Windows.

Affected Sourcetree for Windows product versions:

version < 2.5.5.0

Fixed Sourcetree for Windows product versions:

* Sourcetree for Windows 2.5.5.0 has been released with a fix for this issue.

Summary:
This advisory discloses a critical severity security vulnerability. Versions of
Sourcetree...
Categories: Security

[SECURITY] [DSA 4185-1] openjdk-8 security update

Security Alerts - Mon, 04/30/2018 - 03:48

Posted by Moritz Muehlenhoff on Apr 30

-------------------------------------------------------------------------
Debian Security Advisory DSA-4185-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
April 28, 2018 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : openjdk-8
CVE ID : CVE-2018-2790 CVE-2018-2794...
Categories: Security

[SECURITY] [DSA 4186-1] gunicorn security update

Security Alerts - Mon, 04/30/2018 - 03:29

Posted by Moritz Muehlenhoff on Apr 30

-------------------------------------------------------------------------
Debian Security Advisory DSA-4186-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
April 28, 2018 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : gunicorn
CVE ID : CVE-2018-1000164

It was...
Categories: Security

[SECURITY] [DSA 4184-1] sdl-image1.2 security update

Security Alerts - Mon, 04/30/2018 - 03:29

Posted by Salvatore Bonaccorso on Apr 30

-------------------------------------------------------------------------
Debian Security Advisory DSA-4184-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
April 28, 2018 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : sdl-image1.2
CVE ID : CVE-2017-2887 CVE-2017-12122...
Categories: Security

[SECURITY] [DSA 4183-1] tor security update

Security Alerts - Mon, 04/30/2018 - 03:29

Posted by Salvatore Bonaccorso on Apr 30

-------------------------------------------------------------------------
Debian Security Advisory DSA-4183-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
April 28, 2018 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : tor
CVE ID : CVE-2018-0490

It has been discovered...
Categories: Security

[SECURITY] [DSA 4181-1] roundcube security update

Security Alerts - Mon, 04/30/2018 - 03:24

Posted by Salvatore Bonaccorso on Apr 30

-------------------------------------------------------------------------
Debian Security Advisory DSA-4181-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
April 28, 2018 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : roundcube
CVE ID : CVE-2018-9846
Debian Bug :...
Categories: Security

[SECURITY] [DSA 4182-1] chromium-browser security update

Security Alerts - Mon, 04/30/2018 - 03:22

Posted by Michael Gilbert on Apr 30

-------------------------------------------------------------------------
Debian Security Advisory DSA-4182-1 security () debian org
https://www.debian.org/security/ Michael Gilbert
April 28, 2018 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : chromium-browser
CVE ID : CVE-2018-6056...
Categories: Security

[slackware-security] openvpn (SSA:2018-116-01)

Security Alerts - Fri, 04/27/2018 - 05:32

Posted by Slackware Security Team on Apr 27

[slackware-security] openvpn (SSA:2018-116-01)

New openvpn packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
14.2, and -current to fix a security issue.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/openvpn-2.4.6-i586-1_slack14.2.txz: Upgraded.
This is a security update fixing a potential double-free() in Interactive
Service. This usually only leads to a process...
Categories: Security

Tor 0.2.1.29 is released (security patches)

Tor Releases - Mon, 01/17/2011 - 16:58
Tor 0.2.1.29 continues our recent code security audit work. The main fix resolves a remote heap overflow vulnerability that can allow remote code execution. Other fixes address a variety of assert and crash bugs, most of which we think are hard to exploit remotely. All Tor users should upgrade. https://www.torproject.org/download/download Changes in version 0.2.1.29 - 2011-01-15 o Major bugfixes (security): - Fix a heap overflow bug where an adversary could cause heap corruption. This bug probably allows remote code execution attacks. Reported by "debuger". Fixes CVE-2011-0427. Bugfix on 0.1.2.10-rc. - Prevent a denial-of-service attack by disallowing any zlib-compressed data whose compression factor is implausibly high. Fixes part of bug 2324; reported by "doorss". - Zero out a few more keys in memory before freeing them. Fixes bug 2384 and part of bug 2385. These key instances found by "cypherpunks", based on Andrew Case's report about being able
Categories: Security

Tor 0.2.1.28 is released (security patches)

Tor Releases - Mon, 12/20/2010 - 14:58
Tor 0.2.1.28 does some code cleanup to reduce the risk of remotely exploitable bugs. Thanks to Willem Pinckaers for notifying us of the issue. The Common Vulnerabilities and Exposures project has assigned CVE-2010-1676 to this issue. We also took this opportunity to change the IP address for one of our directory authorities, and to update the geoip database we ship. All Tor users should upgrade. https://www.torproject.org/download/download Changes in version 0.2.1.28 - 2010-12-17 o Major bugfixes: - Fix a remotely exploitable bug that could be used to crash instances of Tor remotely by overflowing on the heap. Remote-code execution hasn't been confirmed, but can't be ruled out. Everyone should upgrade. Bugfix on the 0.1.1 series and later. o Directory authority changes: - Change IP address and ports for gabelmoo (v3 directory authority). o Minor features: - Update to the December 1 2010 Maxmind GeoLite Country database. ----------------------------------------------
Categories: Security
Syndicate content