Debian Linux Security Advisory 4309-1 - Google's OSS-Fuzz revealed an exploitable bug in the gmp plugin caused by the patch that fixes CVE-2018-16151 and CVE-2018-16151 (DSA-4305-1).
96ebef4ace5410d2453a7d17547810711deec7bc04cbe57c3f6d17da73bd9d81Gentoo Linux Security Advisory 201810-1 - Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which may allow execution of arbitrary code. Versions less than 60.2.2 are affected.
0691ae8021da4956449e6d4f9c1fdd0355496e51bc68aa1daaad0d960ac3e310Ubuntu Security Notice 3780-1 - It was discovered that HAProxy incorrectly handled certain requests. An attacker could possibly use this issue to cause a denial of service.
54b43a338330fb5fb2db4b7966f2e8b48d217eb1003f1a376587dcd3bc0da99bUbuntu Security Notice 3779-1 - It was discovered that an integer overflow vulnerability existed in the Linux kernel when loading an executable to run. A local attacker could use this to gain administrative privileges. It was discovered that a stack-based buffer overflow existed in the iSCSI target implementation of the Linux kernel. A remote attacker could use this to cause a denial of service.
2842029570cb4ccce9acc40a082a95ea8e9b0fcd7b58823bb3b51d8bfa1fe13aRed Hat Security Advisory 2018-2840-01 - Red Hat Fuse provides a small-footprint, flexible, open source enterprise service bus and integration platform. This patch is an update to Red Hat JBoss Fuse 6.3 and Red Hat JBoss A-MQ 6.3. It includes bug fixes, which are documented in the patch notes accompanying the package on the download page. See the download link given in the References section below. Security fix: A-MQ Console: HTTPOnly and Secure attributes not set on cookies.
8735df1f61cd6ae60fc3090ee0c3d7924d8fa12402440b96d2f7ffe54e0a60f3Red Hat Security Advisory 2018-2855-01 - OpenStack Compute launches and schedules large networks of virtual machines, creating a redundant and scalable cloud computing platform. Compute provides the software, control panels, and APIs required to orchestrate a cloud, including running virtual machine instances and controlling access through users and projects. Issues addressed include a denial of service vulnerability.
f93a630a998691f0f5b98271f411ae23d7ebe50dfcaf140dba5a6ec12bae35abRed Hat Security Advisory 2018-2857-01 - memcached is a high-performance, distributed memory object caching system, generic in nature, but intended for use in speeding up dynamic web applications by alleviating database load. instack-undercloud provides a collection of scripts and elements that can be used to install an OpenStack undercloud. openstack-tripleo-heat-templates is a collection of OpenStack Orchestration templates and tools, which can be used to help deploy OpenStack. Issues addressed include a denial of service vulnerability.
20f4e70192199d5b54e327312863c372163f797d9884ecf4f4d69819726d7f94Ubuntu Security Notice 3777-2 - USN-3777-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 18.04 LTS for Ubuntu 16.04 LTS. Jann Horn discovered that the vmacache subsystem did not properly handle sequence number overflows, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or execute arbitrary code. Various other issues were also addressed.
19e56ea426f696a74aa692607d87804e67eeaa6dfd9e083466313919a494c760Ubuntu Security Notice 3777-1 - Jann Horn discovered that the vmacache subsystem did not properly handle sequence number overflows, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or execute arbitrary code. It was discovered that the paravirtualization implementation in the Linux kernel did not properly handle some indirect calls, reducing the effectiveness of Spectre v2 mitigations for paravirtual guests. A local attacker could use this to expose sensitive information. Various other issues were also addressed.
5db6c7887e9651017faced7ba733531733f1515003351691c185c6a854134435Ubuntu Security Notice 3776-2 - USN-3776-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. Jann Horn discovered that the vmacache subsystem did not properly handle sequence number overflows, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or execute arbitrary code. Various other issues were also addressed.
3a7694cf511ebdcdcfdc1bb423fdbbd2d78e78e72dc14abdc3a315a6c014c11aUbuntu Security Notice 3776-1 - Jann Horn discovered that the vmacache subsystem did not properly handle sequence number overflows, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or execute arbitrary code. It was discovered that the paravirtualization implementation in the Linux kernel did not properly handle some indirect calls, reducing the effectiveness of Spectre v2 mitigations for paravirtual guests. A local attacker could use this to expose sensitive information. Various other issues were also addressed.
85a539d4dc80cce6215faa6eb351b7170e2643d3239efab5fc20f75531b26f35Ubuntu Security Notice 3775-2 - USN-3775-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 ESM. It was discovered that the paravirtualization implementation in the Linux kernel did not properly handle some indirect calls, reducing the effectiveness of Spectre v2 mitigations for paravirtual guests. A local attacker could use this to expose sensitive information. Various other issues were also addressed.
090ca3870bdaa06b0dc62fb8798c12a1ee9c47b196699f9a0203a88188b067b6Ubuntu Security Notice 3775-1 - It was discovered that the paravirtualization implementation in the Linux kernel did not properly handle some indirect calls, reducing the effectiveness of Spectre v2 mitigations for paravirtual guests. A local attacker could use this to expose sensitive information. It was discovered that microprocessors utilizing speculative execution and prediction of return addresses via Return Stack Buffer may allow unauthorized memory reads via sidechannel attacks. An attacker could use this to expose sensitive information. Various other issues were also addressed.
0671659edb76aef4d781ef70d4b7152b4ea5931d8e8225a5b32f8742a0383eceUbuntu Security Notice 3774-1 - It was discovered that strongSwan incorrectly handled signature validation in the gmp plugin. A remote attacker could use this issue to cause strongSwan to crash, resulting in a denial of service, or possibly execute arbitrary code.
8407e614d53a212524c32b943e2189bbdb434577f187148d748ebbe9f9f456c1Debian Linux Security Advisory 4308-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.
a9488a1ec49d402caeb675f06f2c3bfc5c6485d76c3af54ee57d369cf63de403
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed