Bug Traq

Syndicate content
The premier general security mailing list. Vulnerabilities are often announced here first, so check frequently!
Updated: 12 min 52 sec ago

Jira Server - Template injection in various resources - CVE-2019-11581

14 hours 18 min ago

Posted by Anton Black on Jul 22

This email refers to the advisory found at
https://confluence.atlassian.com/x/AzoGOg .

CVE ID:

* CVE-2019-11581.

Product: Jira Server and Data Center.

Affected Jira Server and Data Center product versions:

4.0.0 <= version < 7.6.14
7.13.0 <= version < 7.13.5
8.0.0 <= version < 8.0.3
8.1.0 <= version < 8.1.2
8.2.0 <= version < 8.2.3

Fixed Jira Server and Data Center product versions:

* Jira Server and Data...

[slackware-security] Slackware 14.2 kernel (SSA:2019-202-01)

14 hours 22 min ago

Posted by Slackware Security Team on Jul 22

[slackware-security] Slackware 14.2 kernel (SSA:2019-202-01)

New kernel packages are available for Slackware 14.2 to fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/linux-4.4.182/*: Upgraded.
These updates fix various bugs and many minor security issues.
Be sure to upgrade your initrd after upgrading the kernel packages.
If you use lilo to boot your machine, be...

[SECURITY] [DSA 4486-1] openjdk-11 security update

14 hours 26 min ago

Posted by Moritz Muehlenhoff on Jul 22

-------------------------------------------------------------------------
Debian Security Advisory DSA-4486-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
July 21, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : openjdk-11
CVE ID : CVE-2019-2745 CVE-2019-2762...

[SECURITY] [DSA 4485-1] openjdk-8 security update

14 hours 29 min ago

Posted by Moritz Muehlenhoff on Jul 22

-------------------------------------------------------------------------
Debian Security Advisory DSA-4485-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
July 21, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : openjdk-8
CVE ID : CVE-2019-2745 CVE-2019-2762...

[SECURITY] [DSA 4484-1] linux security update

14 hours 33 min ago

Posted by Salvatore Bonaccorso on Jul 22

-------------------------------------------------------------------------
Debian Security Advisory DSA-4484-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
July 20, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : linux
CVE ID : CVE-2019-13272

Jann Horn discovered...

CVE-2019-13577 / MAPLE Computer WBT SNMP Administrator v2.0.195.15 / Unauthenticated Remote Buffer Overflow Code Execution 0day

18 July, 2019 - 04:01

Posted by apparitionsec on Jul 18

[+] Credits: John Page (aka hyp3rlinx)
[+] Website: hyp3rlinx.altervista.org
[+] Source:
http://hyp3rlinx.altervista.org/advisories/MAPLE-WBT-SNMP-ADMINISTRATOR-v2.0.195.15-REMOTE-BUFFER-OVERFLOW-CODE-EXECUTION-0DAY.txt
[+] ISR: Apparition Security

[Vendor]
www.computerlab.com

[Product]
MAPLE Computer WBT SNMP Administrator (Thin Client Administrator)
v2.0.195.15...

[SECURITY] [DSA 4483-1] libreoffice security update

16 July, 2019 - 19:44

Posted by Moritz Muehlenhoff on Jul 16

-------------------------------------------------------------------------
Debian Security Advisory DSA-4483-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
July 16, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : libreoffice
CVE ID : CVE-2019-9848 CVE-2019-9849...

Deutsche Telekom CERT Advisory [DTC-A-20170323-001]

16 July, 2019 - 03:15

Posted by cert on Jul 16

Deutsche Telekom CERT Advisory [DTC-A-20170323-001]

Summary:
Information leakage found in FRITZ!OS 6.83 & 6.80 (AVM DSL Router Fritz!Box 7490)

Recommendation:
Update to the newest Version of FRITZ!OS

Details:
a) application
b) problem
c) CVSS
d) detailed description
e) credits...

[**Fixed Typo] Microsoft Compiled HTML Help / Uncompiled .chm File XML External Entity

16 July, 2019 - 03:12

Posted by apparitionsec on Jul 16

[+] Credits: John Page (aka hyp3rlinx)
[+] Website: hyp3rlinx.altervista.org
[+] Source:
http://hyp3rlinx.altervista.org/advisories/MICROSOFT-WINDOWS-HTML-HELP-UNCOMPILED-CHM-FILE-XML-EXTERNAL-ENTITY-INJECTION.txt
[+] ISR: ApparitionSec

[Vendor]
www.microsoft.com

[Product]
Microsoft Compiled HTML Help "hh.exe"

Microsoft Compiled HTML Help is a Microsoft proprietary online help format, consisting of a collection...

Microsoft Compiled HTML Help / Uncompiled .chm File XML External Entity

16 July, 2019 - 03:09

Posted by apparitionsec on Jul 16

[+] Credits: John Page (aka hyp3rlinx)
[+] Website: hyp3rlinx.altervista.org
[+] Source:
http://hyp3rlinx.altervista.org/advisories/MICROSOFT-WINDOWS-HTML-HELP-UNCOMPILED-CHM-FILE-XML-EXTERNAL-ENTITY-INJECTION.txt
[+] ISR: ApparitionSec

[Vendor]
www.microsoft.com

[Product]
Microsoft Compiled HTML Help "hh.exe"

Microsoft Compiled HTML Help is a Microsoft proprietary online help format, consisting of a collection...

[SYSS-2019-024] FANUC Robotics Virtual Robot Controller - Stack-based Buffer Overflow (CWE-121)

15 July, 2019 - 12:51

Posted by Sebastian Hamann on Jul 15

Advisory ID: SYSS-2019-024
Product: FANUC Robotics Virtual Robot Controller
Manufacturer: FANUC Robotics America, Inc.
Affected Version(s): V8.23
Tested Version(s): V8.23
Vulnerability Type: Stack-based Buffer Overflow (CWE-121)
Risk Level: High
Solution Status: Open
Manufacturer Notification: 2019-05-22
Solution Date: ?
Public Disclosure: 2019-07-15
CVE Reference: CVE-2019-13585
Author of Advisory: Sebastian Hamann, SySS GmbH...

[SYSS-2019-025] FANUC Robotics Virtual Robot Controller - Path Traversal (CWE-22)

15 July, 2019 - 12:47

Posted by Sebastian Hamann on Jul 15

Advisory ID: SYSS-2019-025
Product: FANUC Robotics Virtual Robot Controller
Manufacturer: FANUC Robotics America, Inc.
Affected Version(s): V8.23
Tested Version(s): V8.23
Vulnerability Type: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22)
Risk Level: Low
Solution Status: Open
Manufacturer Notification: 2019-05-22
Solution Date: ?
Public Disclosure: 2019-07-15
CVE Reference: CVE-2019-13584
Author...

[slackware-security] bzip2 (SSA:2019-195-01)

15 July, 2019 - 02:45

Posted by Slackware Security Team on Jul 15

[slackware-security] bzip2 (SSA:2019-195-01)

New bzip2 packages are available for Slackware 14.0, 14.1, 14.2, and -current
to fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/bzip2-1.0.8-i586-1_slack14.2.txz: Upgraded.
Fixes security issues:
bzip2recover: Fix use after free issue with outFile.
Make sure nSelectors is not out of range.
For more information, see:...

[SECURITY] [DSA 4482-1] thunderbird security update

15 July, 2019 - 02:42

Posted by Moritz Muehlenhoff on Jul 15

-------------------------------------------------------------------------
Debian Security Advisory DSA-4482-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
July 14, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : thunderbird
CVE ID : CVE-2019-9811 CVE-2019-11709...

[SECURITY] [DSA 4481-1] ruby-mini-magick security update

15 July, 2019 - 02:38

Posted by Salvatore Bonaccorso on Jul 15

-------------------------------------------------------------------------
Debian Security Advisory DSA-4481-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
July 13, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : ruby-mini-magick
CVE ID : CVE-2019-13574
Debian Bug...

[SECURITY] [DSA 4480-1] redis security update

12 July, 2019 - 03:39

Posted by Moritz Muehlenhoff on Jul 12

-------------------------------------------------------------------------
Debian Security Advisory DSA-4480-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
July 11, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : redis
CVE ID : CVE-2019-10192 CVE-2019-10193...

AST-2019-003: Remote Crash Vulnerability in chan_sip channel driver

12 July, 2019 - 03:36

Posted by Asterisk Security Team on Jul 12

Asterisk Project Security Advisory - AST-2019-003

Product Asterisk
Summary Remote Crash Vulnerability in chan_sip channel
driver
Nature of Advisory Denial of Service
Susceptibility Remote Unauthenticated Sessions...

AST-2019-002: Remote crash vulnerability with MESSAGE messages

12 July, 2019 - 03:35

Posted by Asterisk Security Team on Jul 12

Asterisk Project Security Advisory - AST-2019-002

Product Asterisk
Summary Remote crash vulnerability with MESSAGE messages
Nature of Advisory Denial Of Service
Susceptibility Remote Authenticated Sessions
Severity Low...

[SECURITY] [DSA 4479-1] firefox-esr security update

12 July, 2019 - 03:30

Posted by Moritz Muehlenhoff on Jul 12

-------------------------------------------------------------------------
Debian Security Advisory DSA-4479-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
July 11, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : firefox-esr
CVE ID : CVE-2019-9811 CVE-2019-11709...

[slackware-security] mozilla-firefox (SSA:2019-191-01)

12 July, 2019 - 03:27

Posted by Slackware Security Team on Jul 12

[slackware-security] mozilla-firefox (SSA:2019-191-01)

New mozilla-firefox packages are available for Slackware 14.2 and -current to
fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/mozilla-firefox-68.0esr-i686-1_slack14.2.txz: Upgraded.
This release contains security fixes and improvements. Some of the patched
flaws are considered critical, and could be used to run...