Security
[SECURITY] [DSA 4187-1] linux security update
Posted by Ben Hutchings on May 01
-------------------------------------------------------------------------Debian Security Advisory DSA-4187-1 security () debian org
https://www.debian.org/security/ Ben Hutchings
May 01, 2018 https://www.debian.org/security/faq
-------------------------------------------------------------------------
Package : linux
CVE ID : CVE-2015-9016 CVE-2017-0861...
Categories: Security
[SECURITY] [DSA 4188-1] linux security update
Posted by Salvatore Bonaccorso on May 01
-------------------------------------------------------------------------Debian Security Advisory DSA-4188-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
May 01, 2018 https://www.debian.org/security/faq
-------------------------------------------------------------------------
Package : linux
CVE ID : CVE-2017-5715 CVE-2017-5753...
Categories: Security
CA20180501-01: Security Notice for CA Spectrum
Posted by Kotas, Kevin J on May 01
CA20180501-01: Security Notice for CA SpectrumIssued: May 1st, 2018
Last Updated: May 1st, 2018
CA Technologies Support is alerting customers to a potential risk
with CA Spectrum. A vulnerability exists that can allow an
unauthenticated remote attacker to cause a denial of service. CA has
solutions to resolve the vulnerability.
The vulnerability, CVE-2018-6589, occurs due to how a Spectrum
network service handles invalid data. A remote...
Categories: Security
Trovebox <= 4.0.0-rc6 Authentication Bypass, SQLi, SSRF
Posted by robin . verton on May 01
Telekom Securitysecurity.telekom.com
Advisory: Trovebox - Authentication Bypass, SQLi, SSRF
Release Date: 2018/04/30
Author: Robin Verton (robin.verton () telekom de)
CVE: requested
Application: Trovebox <= 4.0.0-rc6
Risk: Critical
Vendor Status: A fix was released on github.
Overview:
"Trovebox is software that helps you manage, organize and share...
Categories: Security
CVE-2016-6811: Apache Hadoop Privilege escalation vulnerability
Posted by Akira Ajisaka on Apr 30
CVE-2016-6811: Apache Hadoop Privilege escalation vulnerabilitySeverity: Critical
Vendor: The Apache Software Foundation
Versions Affected:
All the Apache Hadoop versions from 2.2.0 to 2.7.3
Description:
A user who can escalate to yarn user can possibly run arbitrary commands as root user.
Mitigation:
Users should upgrade to 2.7.4 or upper.
If you are using the affected version of Apache Hadoop and there are
any users who can escalate to...
Categories: Security
[slackware-security] libwmf (SSA:2018-120-01)
Posted by Slackware Security Team on Apr 30
[slackware-security] libwmf (SSA:2018-120-01)New libwmf packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
14.2, and -current to fix security issues.
Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/libwmf-0.2.8.4-i586-7_slack14.1.txz: Rebuilt.
Patched denial of service and possible execution of arbitrary code
security issues.
For more information, see:...
Categories: Security
[slackware-security] mozilla-firefox (SSA:2018-120-02)
Posted by Slackware Security Team on Apr 30
[slackware-security] mozilla-firefox (SSA:2018-120-02)New mozilla-firefox packages are available for Slackware 14.2 and -current to
fix security issues.
Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/mozilla-firefox-52.7.4esr-i586-1_slack14.2.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:...
Categories: Security
Advisory - Sourcetree for Windows - CVE-2018-5226
Posted by Atlassian on Apr 30
This email refers to the advisory found athttps://confluence.atlassian.com/x/ERyUO .
CVE ID:
* CVE-2018-5226.
Product: Sourcetree for Windows.
Affected Sourcetree for Windows product versions:
version < 2.5.5.0
Fixed Sourcetree for Windows product versions:
* Sourcetree for Windows 2.5.5.0 has been released with a fix for this issue.
Summary:
This advisory discloses a critical severity security vulnerability. Versions of
Sourcetree...
Categories: Security
[SECURITY] [DSA 4185-1] openjdk-8 security update
Posted by Moritz Muehlenhoff on Apr 30
-------------------------------------------------------------------------Debian Security Advisory DSA-4185-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
April 28, 2018 https://www.debian.org/security/faq
-------------------------------------------------------------------------
Package : openjdk-8
CVE ID : CVE-2018-2790 CVE-2018-2794...
Categories: Security
[SECURITY] [DSA 4186-1] gunicorn security update
Posted by Moritz Muehlenhoff on Apr 30
-------------------------------------------------------------------------Debian Security Advisory DSA-4186-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
April 28, 2018 https://www.debian.org/security/faq
-------------------------------------------------------------------------
Package : gunicorn
CVE ID : CVE-2018-1000164
It was...
Categories: Security
[SECURITY] [DSA 4184-1] sdl-image1.2 security update
Posted by Salvatore Bonaccorso on Apr 30
-------------------------------------------------------------------------Debian Security Advisory DSA-4184-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
April 28, 2018 https://www.debian.org/security/faq
-------------------------------------------------------------------------
Package : sdl-image1.2
CVE ID : CVE-2017-2887 CVE-2017-12122...
Categories: Security
[SECURITY] [DSA 4183-1] tor security update
Posted by Salvatore Bonaccorso on Apr 30
-------------------------------------------------------------------------Debian Security Advisory DSA-4183-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
April 28, 2018 https://www.debian.org/security/faq
-------------------------------------------------------------------------
Package : tor
CVE ID : CVE-2018-0490
It has been discovered...
Categories: Security
[SECURITY] [DSA 4181-1] roundcube security update
Posted by Salvatore Bonaccorso on Apr 30
-------------------------------------------------------------------------Debian Security Advisory DSA-4181-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
April 28, 2018 https://www.debian.org/security/faq
-------------------------------------------------------------------------
Package : roundcube
CVE ID : CVE-2018-9846
Debian Bug :...
Categories: Security
[SECURITY] [DSA 4182-1] chromium-browser security update
Posted by Michael Gilbert on Apr 30
-------------------------------------------------------------------------Debian Security Advisory DSA-4182-1 security () debian org
https://www.debian.org/security/ Michael Gilbert
April 28, 2018 https://www.debian.org/security/faq
-------------------------------------------------------------------------
Package : chromium-browser
CVE ID : CVE-2018-6056...
Categories: Security
[slackware-security] openvpn (SSA:2018-116-01)
Posted by Slackware Security Team on Apr 27
[slackware-security] openvpn (SSA:2018-116-01)New openvpn packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
14.2, and -current to fix a security issue.
Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/openvpn-2.4.6-i586-1_slack14.2.txz: Upgraded.
This is a security update fixing a potential double-free() in Interactive
Service. This usually only leads to a process...
Categories: Security
Tor 0.2.1.29 is released (security patches)
Tor 0.2.1.29 continues our recent code security audit work. The main
fix resolves a remote heap overflow vulnerability that can allow remote
code execution. Other fixes address a variety of assert and crash bugs,
most of which we think are hard to exploit remotely.
All Tor users should upgrade.
https://www.torproject.org/download/download
Changes in version 0.2.1.29 - 2011-01-15
o Major bugfixes (security):
- Fix a heap overflow bug where an adversary could cause heap
corruption. This bug probably allows remote code execution
attacks. Reported by "debuger". Fixes CVE-2011-0427. Bugfix on
0.1.2.10-rc.
- Prevent a denial-of-service attack by disallowing any
zlib-compressed data whose compression factor is implausibly
high. Fixes part of bug 2324; reported by "doorss".
- Zero out a few more keys in memory before freeing them. Fixes
bug 2384 and part of bug 2385. These key instances found by
"cypherpunks", based on Andrew Case's report about being able
Categories: Security
Tor 0.2.1.28 is released (security patches)
Tor 0.2.1.28 does some code cleanup to reduce the risk of remotely
exploitable bugs. Thanks to Willem Pinckaers for notifying us of the
issue. The Common Vulnerabilities and Exposures project has assigned
CVE-2010-1676 to this issue.
We also took this opportunity to change the IP address for one of our
directory authorities, and to update the geoip database we ship.
All Tor users should upgrade.
https://www.torproject.org/download/download
Changes in version 0.2.1.28 - 2010-12-17
o Major bugfixes:
- Fix a remotely exploitable bug that could be used to crash instances
of Tor remotely by overflowing on the heap. Remote-code execution
hasn't been confirmed, but can't be ruled out. Everyone should
upgrade. Bugfix on the 0.1.1 series and later.
o Directory authority changes:
- Change IP address and ports for gabelmoo (v3 directory authority).
o Minor features:
- Update to the December 1 2010 Maxmind GeoLite Country database.
----------------------------------------------
Categories: Security
