Security News

Vuln: Multiple Intel Processors Side Channel Attack Multiple Information Disclosure Vulnerabilities

Security Focus Vulnerabilities - 24 January, 2019 - 00:00
Multiple Intel Processors Side Channel Attack Multiple Information Disclosure Vulnerabilities

[slackware-security] httpd (SSA:2019-022-01)

Bug Traq - 23 January, 2019 - 02:40

Posted by Slackware Security Team on Jan 22

[slackware-security] httpd (SSA:2019-022-01)

New httpd packages are available for Slackware 14.0, 14.1, 14.2, and -current to
fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/httpd-2.4.38-i586-1_slack14.2.txz: Upgraded.
This release contains security fixes and improvements.
mod_session: mod_session_cookie does not respect expiry time allowing
sessions to be...

CVE-2018-13042 - 1Password Android < 7.0 - Denial Of Service

Bug Traq - 23 January, 2019 - 01:14

Posted by Valerio Brussani on Jan 22

############
Description
############

The 1Password application < 7.0 for Android is affected by a Denial Of
Service vulnerability. By starting the activity
com.agilebits.onepassword.filling.openyolo.OpenYoloDeleteActivity or
com.agilebits.onepassword.filling.openyolo.OpenYoloRetrieveActivity from an
external application (since they are exported), it is possible to crash the
1Password instance.

############
Poc
############

To invoke the...

APPLE-SA-2019-1-22-4 tvOS 12.1.2

Bug Traq - 23 January, 2019 - 01:09

Posted by Apple Product Security on Jan 22

APPLE-SA-2019-1-22-4 tvOS 12.1.2

tvOS 12.1.2 is now available and addresses the following:

AppleKeyStore
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: A sandboxed process may be able to circumvent sandbox
restrictions
Description: A memory corruption issue was addressed with improved
validation.
CVE-2019-6235: Brandon Azad

CoreAnimation
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: A malicious application...

APPLE-SA-2019-1-22-3 watchOS 5.1.3

Bug Traq - 23 January, 2019 - 01:09

Posted by Apple Product Security on Jan 22

APPLE-SA-2019-1-22-3 watchOS 5.1.3

watchOS 5.1.3 is now available and addresses the following:

AppleKeyStore
Available for: All Apple Watch models
Impact: A sandboxed process may be able to circumvent sandbox
restrictions
Description: A memory corruption issue was addressed with improved
validation.
CVE-2019-6235: Brandon Azad

Core Media
Available for: All Apple Watch models
Impact: A malicious application may be able to elevate privileges...

APPLE-SA-2019-1-22-2 macOS Mojave 10.14.3, Security Update 2019-001 High Sierra, Security Update 2019-001 Sierra

Bug Traq - 23 January, 2019 - 01:08

Posted by Apple Product Security on Jan 22

APPLE-SA-2019-1-22-2 macOS Mojave 10.14.3,
Security Update 2019-001 High Sierra, Security Update 2019-001 Sierra

macOS Mojave 10.14.3, Security Update 2019-001 High Sierra,
Security Update 2019-001 Sierra are now available
and addresses the following:

AppleKeyStore
Available for: macOS Mojave 10.14.2
Impact: A sandboxed process may be able to circumvent sandbox
restrictions
Description: A memory corruption issue was addressed with improved...

APPLE-SA-2019-1-22-5 Safari 12.0.3

Bug Traq - 23 January, 2019 - 01:03

Posted by Apple Product Security on Jan 22

APPLE-SA-2019-1-22-5 Safari 12.0.3

Safari 12.0.3 is now available and addresses the following:

Safari Reader
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, and
macOS Mojave 10.14.3
Impact: Processing maliciously crafted web content may lead to a
cross site scripting attack
Description: A cross-site scripting issue existed in Safari. This
issue was addressed with improved URL validation.
CVE-2019-6228: Ryan Pickren...

APPLE-SA-2019-1-22-6 iCloud for Windows 7.10

Bug Traq - 23 January, 2019 - 00:58

Posted by Apple Product Security on Jan 22

APPLE-SA-2019-1-22-6 iCloud for Windows 7.10

iCloud for Windows 7.10 is now available and addresses the following:

SQLite
Available for: Windows 7 and later
Impact: A maliciously crafted SQL query may lead to arbitrary code
execution
Description: Multiple memory corruption issues were addressed with
improved input validation.
CVE-2018-20346: Tencent Blade Team
CVE-2018-20505: Tencent Blade Team
CVE-2018-20506: Tencent Blade Team

WebKit...

APPLE-SA-2019-1-22-1 iOS 12.1.3

Bug Traq - 23 January, 2019 - 00:54

Posted by Apple Product Security on Jan 22

APPLE-SA-2019-1-22-1 iOS 12.1.3

iOS 12.1.3 is now available and addresses the following:

AppleKeyStore
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A sandboxed process may be able to circumvent sandbox
restrictions
Description: A memory corruption issue was addressed with improved
validation.
CVE-2019-6235: Brandon Azad

Bluetooth
Available for: iPhone 5s and later, iPad Air and later, and iPod...

Vuln: Tridium Niagara Directory Traversal and Authentication-Bypass Vulnerabilities

Security Focus Vulnerabilities - 23 January, 2019 - 00:00
Tridium Niagara Directory Traversal and Authentication-Bypass Vulnerabilities

Vuln: Oracle Java SE CVE-2019-2426 Information Disclosure Vulnerability

Security Focus Vulnerabilities - 23 January, 2019 - 00:00
Oracle Java SE CVE-2019-2426 Information Disclosure Vulnerability

INFILTRATE talk announcement: Marco Ivaldi, The Story of a Solaris 0day

Daily Dave - 22 January, 2019 - 13:05

Posted by Dave Aitel on Jan 22

[cid:2f7cd9e5-b7e5-402e-8627-97751f587af5]

I don't want to talk too much about the talk, but I do want to talk a bit about INFILTRATE and what it was like in the
2000's to be a Unix hacker. Because almost everyone wrote _some_ exploits. These days, the supply chain is as vertical
as a glowworm's saliva lure, and equally sticky. You could specialize in blockchain security and literally never even
venture off the particular...

[SECURITY] [DSA 4371-1] apt security update

Bug Traq - 22 January, 2019 - 09:33

Posted by Yves-Alexis Perez on Jan 22

-------------------------------------------------------------------------
Debian Security Advisory DSA-4371-1 security () debian org
https://www.debian.org/security/ Yves-Alexis Perez
January 22, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : apt
CVE ID : CVE-2019-3462

Max Justicz discovered...

[SRP-2018-02] Security of NC+ SAT TV platform and ST chipsets

Bug Traq - 22 January, 2019 - 05:40

Posted by Security Explorations on Jan 22

Hello All,

The report presenting the results of our SRP-2018-02 research
into security of a digital satellite TV platform NC+ [1] is
now available to general public from the following location:

http://www.security-explorations.com/ncplus_sat_general_info.html

In 2017 / 2018, we tried to obtain information regarding the
impact and addressing of security weaknesses of STMicroelectronics
chipsets [2]. We asked for the information at the chipset...

Vuln: Microsoft Internet Explorer CVE-2018-8373 Remote Memory Corruption Vulnerability

Security Focus Vulnerabilities - 22 January, 2019 - 00:00
Microsoft Internet Explorer CVE-2018-8373 Remote Memory Corruption Vulnerability

Vuln: Microsoft Internet Explorer VBScript Engine CVE-2018-8174 Arbitrary Code Execution Vulnerability

Security Focus Vulnerabilities - 22 January, 2019 - 00:00
Microsoft Internet Explorer VBScript Engine CVE-2018-8174 Arbitrary Code Execution Vulnerability

Vuln: Adobe Flash Player CVE-2018-4878 Use After Free Remote Code Execution Vulnerability

Security Focus Vulnerabilities - 22 January, 2019 - 00:00
Adobe Flash Player CVE-2018-4878 Use After Free Remote Code Execution Vulnerability

Vuln: Adobe Flash Player CVE-2018-15982 Use After Free Remote Code Execution Vulnerability

Security Focus Vulnerabilities - 22 January, 2019 - 00:00
Adobe Flash Player CVE-2018-15982 Use After Free Remote Code Execution Vulnerability

Vuln: Drupal Core Arbitrary PHP Code Execution Vulnerability

Security Focus Vulnerabilities - 21 January, 2019 - 00:00
Drupal Core Arbitrary PHP Code Execution Vulnerability

Vuln: Mozilla Firefox and Firefox ESR Multiple Security Vulnerabilities

Security Focus Vulnerabilities - 21 January, 2019 - 00:00
Mozilla Firefox and Firefox ESR Multiple Security Vulnerabilities
Syndicate content