Security News

AST-2019-002: Remote crash vulnerability with MESSAGE messages

Bug Traq - 12 July, 2019 - 03:35

Posted by Asterisk Security Team on Jul 12

Asterisk Project Security Advisory - AST-2019-002

Product Asterisk
Summary Remote crash vulnerability with MESSAGE messages
Nature of Advisory Denial Of Service
Susceptibility Remote Authenticated Sessions
Severity Low...

[SECURITY] [DSA 4479-1] firefox-esr security update

Bug Traq - 12 July, 2019 - 03:30

Posted by Moritz Muehlenhoff on Jul 12

-------------------------------------------------------------------------
Debian Security Advisory DSA-4479-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
July 11, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : firefox-esr
CVE ID : CVE-2019-9811 CVE-2019-11709...

[slackware-security] mozilla-firefox (SSA:2019-191-01)

Bug Traq - 12 July, 2019 - 03:27

Posted by Slackware Security Team on Jul 12

[slackware-security] mozilla-firefox (SSA:2019-191-01)

New mozilla-firefox packages are available for Slackware 14.2 and -current to
fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/mozilla-firefox-68.0esr-i686-1_slack14.2.txz: Upgraded.
This release contains security fixes and improvements. Some of the patched
flaws are considered critical, and could be used to run...

[SECURITY] [DSA 4478-1] dosbox security update

Bug Traq - 12 July, 2019 - 03:23

Posted by Moritz Muehlenhoff on Jul 12

-------------------------------------------------------------------------
Debian Security Advisory DSA-4478-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
July 10, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : dosbox
CVE ID : CVE-2019-7165 CVE-2019-12594

Two...

Vuln: Foreman CVE-2019-10198 Authorization Bypass Vulnerability

Security Focus Vulnerabilities - 11 July, 2019 - 23:00
Foreman CVE-2019-10198 Authorization Bypass Vulnerability

Vuln: McAfee Agent CVE-2019-3592 Local Privilege Escalation Vulnerability

Security Focus Vulnerabilities - 11 July, 2019 - 23:00
McAfee Agent CVE-2019-3592 Local Privilege Escalation Vulnerability

Vuln: Xiaomi Mi6 Browser CVE-2019-13322 Remote Code Execution Vulnerability

Security Focus Vulnerabilities - 11 July, 2019 - 23:00
Xiaomi Mi6 Browser CVE-2019-13322 Remote Code Execution Vulnerability

Vuln: Oracle July 2019 Critical Patch Update Multiple Vulnerabilities

Security Focus Vulnerabilities - 11 July, 2019 - 23:00
Oracle July 2019 Critical Patch Update Multiple Vulnerabilities

Vuln: Symantec Messaging Gateway CVE-2019-12751 Privilege Escalation Vulnerability

Security Focus Vulnerabilities - 11 July, 2019 - 23:00
Symantec Messaging Gateway CVE-2019-12751 Privilege Escalation Vulnerability

Vuln: Linux Kernel CVE-2019-11478 Denial of Service Vulnerability

Security Focus Vulnerabilities - 11 July, 2019 - 23:00
Linux Kernel CVE-2019-11478 Denial of Service Vulnerability

Vuln: Linux Kernel CVE-2019-11477 Integer Overflow Vulnerability

Security Focus Vulnerabilities - 11 July, 2019 - 23:00
Linux Kernel CVE-2019-11477 Integer Overflow Vulnerability

AST-2019-003: Remote Crash Vulnerability in chan_sip channel driver

Full Disclosure - 11 July, 2019 - 16:47

Posted by Asterisk Security Team on Jul 11

Asterisk Project Security Advisory - AST-2019-003

Product Asterisk
Summary Remote Crash Vulnerability in chan_sip channel
driver
Nature of Advisory Denial of Service
Susceptibility Remote Unauthenticated Sessions...

AST-2019-002: Remote crash vulnerability with MESSAGE messages

Full Disclosure - 11 July, 2019 - 16:47

Posted by Asterisk Security Team on Jul 11

Asterisk Project Security Advisory - AST-2019-002

Product Asterisk
Summary Remote crash vulnerability with MESSAGE messages
Nature of Advisory Denial Of Service
Susceptibility Remote Authenticated Sessions
Severity Low...

Vuln: Multiple F5 BIG-IP Products CVE-2019-6631 Denial of Service Vulnerability

Security Focus Vulnerabilities - 10 July, 2019 - 23:00
Multiple F5 BIG-IP Products CVE-2019-6631 Denial of Service Vulnerability

Vuln: GitLab CVE-2018-19493 HTML Injection Vulnerability

Security Focus Vulnerabilities - 9 July, 2019 - 23:00
GitLab CVE-2018-19493 HTML Injection Vulnerability

Vuln: GitLab CVE-2018-19575 Security Vulnerability

Security Focus Vulnerabilities - 9 July, 2019 - 23:00
GitLab CVE-2018-19575 Security Vulnerability

Vuln: GitLab CVE-2018-19569 Unauthorized API Access Vulnerability

Security Focus Vulnerabilities - 9 July, 2019 - 23:00
GitLab CVE-2018-19569 Unauthorized API Access Vulnerability

Vuln: Exiv2 CVE-2019-13504 Remote Denial of Service Vulnerability

Security Focus Vulnerabilities - 9 July, 2019 - 23:00
Exiv2 CVE-2019-13504 Remote Denial of Service Vulnerability

Vuln: Nagios XI CVE-2018-17147 Cross-Site Scripting Vulnerability

Security Focus Vulnerabilities - 9 July, 2019 - 23:00
Nagios XI CVE-2018-17147 Cross-Site Scripting Vulnerability

Mozilla's MSI installers: FUBAR (that's spelled "fucked-up beyond all repair")

Full Disclosure - 9 July, 2019 - 18:16

Posted by Stefan Kanthak on Jul 09

Hi @ll,

Mozilla finally provides MSI installers for their just released
Firefox 68 and Firefox 68 ESR for Windows:
<https://archive.mozilla.org/pub/firefox/releases/68.0/win32/de/Firefox%20Setup%2068.0.msi>
<https://archive.mozilla.org/pub/firefox/releases/68.0esr/win32/de/Firefox%20Setup%2068.0esr.msi>

These MSI installers are but DEFECTIVE, VULNERABLE and a bluff:
Mozilla just wrapped their (UPX-compressed) 7-zip self-extractors,...
Syndicate content