Security News
AST-2019-002: Remote crash vulnerability with MESSAGE messages
Posted by Asterisk Security Team on Jul 12
Asterisk Project Security Advisory - AST-2019-002Product Asterisk
Summary Remote crash vulnerability with MESSAGE messages
Nature of Advisory Denial Of Service
Susceptibility Remote Authenticated Sessions
Severity Low...
[SECURITY] [DSA 4479-1] firefox-esr security update
Posted by Moritz Muehlenhoff on Jul 12
-------------------------------------------------------------------------Debian Security Advisory DSA-4479-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
July 11, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------
Package : firefox-esr
CVE ID : CVE-2019-9811 CVE-2019-11709...
[slackware-security] mozilla-firefox (SSA:2019-191-01)
Posted by Slackware Security Team on Jul 12
[slackware-security] mozilla-firefox (SSA:2019-191-01)New mozilla-firefox packages are available for Slackware 14.2 and -current to
fix security issues.
Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/mozilla-firefox-68.0esr-i686-1_slack14.2.txz: Upgraded.
This release contains security fixes and improvements. Some of the patched
flaws are considered critical, and could be used to run...
[SECURITY] [DSA 4478-1] dosbox security update
Posted by Moritz Muehlenhoff on Jul 12
-------------------------------------------------------------------------Debian Security Advisory DSA-4478-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
July 10, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------
Package : dosbox
CVE ID : CVE-2019-7165 CVE-2019-12594
Two...
Vuln: Foreman CVE-2019-10198 Authorization Bypass Vulnerability
Foreman CVE-2019-10198 Authorization Bypass Vulnerability
Vuln: McAfee Agent CVE-2019-3592 Local Privilege Escalation Vulnerability
McAfee Agent CVE-2019-3592 Local Privilege Escalation Vulnerability
Vuln: Xiaomi Mi6 Browser CVE-2019-13322 Remote Code Execution Vulnerability
Xiaomi Mi6 Browser CVE-2019-13322 Remote Code Execution Vulnerability
Vuln: Oracle July 2019 Critical Patch Update Multiple Vulnerabilities
Oracle July 2019 Critical Patch Update Multiple Vulnerabilities
Vuln: Symantec Messaging Gateway CVE-2019-12751 Privilege Escalation Vulnerability
Symantec Messaging Gateway CVE-2019-12751 Privilege Escalation Vulnerability
Vuln: Linux Kernel CVE-2019-11478 Denial of Service Vulnerability
Linux Kernel CVE-2019-11478 Denial of Service Vulnerability
Vuln: Linux Kernel CVE-2019-11477 Integer Overflow Vulnerability
Linux Kernel CVE-2019-11477 Integer Overflow Vulnerability
AST-2019-003: Remote Crash Vulnerability in chan_sip channel driver
Posted by Asterisk Security Team on Jul 11
Asterisk Project Security Advisory - AST-2019-003Product Asterisk
Summary Remote Crash Vulnerability in chan_sip channel
driver
Nature of Advisory Denial of Service
Susceptibility Remote Unauthenticated Sessions...
AST-2019-002: Remote crash vulnerability with MESSAGE messages
Posted by Asterisk Security Team on Jul 11
Asterisk Project Security Advisory - AST-2019-002Product Asterisk
Summary Remote crash vulnerability with MESSAGE messages
Nature of Advisory Denial Of Service
Susceptibility Remote Authenticated Sessions
Severity Low...
Vuln: Multiple F5 BIG-IP Products CVE-2019-6631 Denial of Service Vulnerability
Multiple F5 BIG-IP Products CVE-2019-6631 Denial of Service Vulnerability
Vuln: GitLab CVE-2018-19493 HTML Injection Vulnerability
GitLab CVE-2018-19493 HTML Injection Vulnerability
Vuln: GitLab CVE-2018-19575 Security Vulnerability
GitLab CVE-2018-19575 Security Vulnerability
Vuln: GitLab CVE-2018-19569 Unauthorized API Access Vulnerability
GitLab CVE-2018-19569 Unauthorized API Access Vulnerability
Vuln: Exiv2 CVE-2019-13504 Remote Denial of Service Vulnerability
Exiv2 CVE-2019-13504 Remote Denial of Service Vulnerability
Vuln: Nagios XI CVE-2018-17147 Cross-Site Scripting Vulnerability
Nagios XI CVE-2018-17147 Cross-Site Scripting Vulnerability
Mozilla's MSI installers: FUBAR (that's spelled "fucked-up beyond all repair")
Posted by Stefan Kanthak on Jul 09
Hi @ll,Mozilla finally provides MSI installers for their just released
Firefox 68 and Firefox 68 ESR for Windows:
<https://archive.mozilla.org/pub/firefox/releases/68.0/win32/de/Firefox%20Setup%2068.0.msi>
<https://archive.mozilla.org/pub/firefox/releases/68.0esr/win32/de/Firefox%20Setup%2068.0esr.msi>
These MSI installers are but DEFECTIVE, VULNERABLE and a bluff:
Mozilla just wrapped their (UPX-compressed) 7-zip self-extractors,...
