Security News

[SECURITY] [DSA 4620-1] firefox-esr security update

Bug Traq - 16 February, 2020 - 23:53

Posted by Moritz Muehlenhoff on Feb 16

-------------------------------------------------------------------------
Debian Security Advisory DSA-4620-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
February 12, 2020 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : firefox-esr
CVE ID : CVE-2020-6796 CVE-2020-6798...

[SECURITY] [DSA 4621-1] openjdk-8 security update

Bug Traq - 16 February, 2020 - 23:47

Posted by Moritz Muehlenhoff on Feb 16

-------------------------------------------------------------------------
Debian Security Advisory DSA-4621-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
February 12, 2020 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : openjdk-8
CVE ID : CVE-2020-2583 CVE-2020-2590...

CVE-2020-0728: Windows Modules Installer Service Information Disclosure Vulnerability

Bug Traq - 16 February, 2020 - 23:41

Posted by Imre Rad on Feb 16

The TrustedInstaller service running on the Windows operating system
hosts a COM service called Sxs Store Class; its ISxsStore interface
provides methods to install/uninstall assemblies via application
manifests files into the WinSxS store. These API methods were meant to
be available for users with administrative privileges only, but the
logic was unintentionally exposed to anyone on the system due to
improper implementation of the authorization...

[slackware-security] libarchive (SSA:2020-043-01)

Bug Traq - 16 February, 2020 - 23:41

Posted by Slackware Security Team on Feb 16

[slackware-security] libarchive (SSA:2020-043-01)

New libarchive packages are available for Slackware 14.1, 14.2, and -current to
fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/libarchive-3.4.2-i586-1_slack14.2.txz: Upgraded.
This update includes security fixes in the RAR5 reader.
(* Security fix *)
+--------------------------+

Where to find the new packages:...

[TZO-15-2020] - F-SECURE Generic Malformed Container bypass (RAR)

Bug Traq - 16 February, 2020 - 23:37

Posted by Thierry Zoller on Feb 16


[SECURITY] [DSA 4624-1] evince security update

Bug Traq - 16 February, 2020 - 23:33

Posted by Salvatore Bonaccorso on Feb 16

-------------------------------------------------------------------------
Debian Security Advisory DSA-4624-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
February 14, 2020 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : evince
CVE ID : CVE-2017-1000159 CVE-2019-11459...

[SECURITY] [DSA 4625-1] thunderbird security update

Bug Traq - 16 February, 2020 - 23:30

Posted by Moritz Muehlenhoff on Feb 16

-------------------------------------------------------------------------
Debian Security Advisory DSA-4625-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
February 15, 2020 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : thunderbird
CVE ID : CVE-2020-6792 CVE-2020-6793...

[TZO-13-2020] - AVIRA Generic AV Bypass (ZIP GPFLAG)

Bug Traq - 14 February, 2020 - 07:04

Posted by Thierry Zoller on Feb 14


[TZO-11-2020] - ESET Generic Malformed Archive Bypass (BZ2 Checksum)

Bug Traq - 14 February, 2020 - 07:03

Posted by Thierry Zoller on Feb 14


[EnumJavaLibs]_ Remote Java classpath enumerator

Bug Traq - 14 February, 2020 - 06:54

Posted by RedTimmy Security on Feb 14

Hi,
we have just released EnumJavaLibs to perform java classes enumeration against java services.

To discover a deserialization vulnerability is often easy. When source code is available, it comes down to finding
calls to readObject() and finding a way for user input to reach that function. In case we don’t have source code
available, we can spot serialized objects on the wire by looking for binary blobs or base64 encoded objects (recognized...

[SECURITY] [DSA 4623-1] postgresql-11 security update

Bug Traq - 14 February, 2020 - 06:50

Posted by Moritz Muehlenhoff on Feb 14

-------------------------------------------------------------------------
Debian Security Advisory DSA-4623-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
February 13, 2020 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : postgresql-11
CVE ID : CVE-2020-1720

Tom Lane...

[slackware-security] mozilla-firefox (SSA:2020-042-01)

Bug Traq - 14 February, 2020 - 06:50

Posted by Slackware Security Team on Feb 14

[slackware-security] mozilla-firefox (SSA:2020-042-01)

New mozilla-firefox packages are available for Slackware 14.2 and -current to
fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/mozilla-firefox-68.5.0esr-i686-1_slack14.2.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:...

[SECURITY] [DSA 4622-1] postgresql-9.6 security update

Bug Traq - 14 February, 2020 - 06:46

Posted by Moritz Muehlenhoff on Feb 14

-------------------------------------------------------------------------
Debian Security Advisory DSA-4622-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
February 13, 2020 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : postgresql-9.6
CVE ID : CVE-2020-1720

Tom Lane...

[slackware-security] mozilla-thunderbird (SSA:2020-042-02)

Bug Traq - 14 February, 2020 - 06:43

Posted by Slackware Security Team on Feb 14

[slackware-security] mozilla-thunderbird (SSA:2020-042-02)

New mozilla-thunderbird packages are available for Slackware 14.2 and -current
to fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/mozilla-thunderbird-68.5.0-i686-1_slack14.2.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:...

[SECURITY] [DSA 4618-1] libexif security update

Bug Traq - 10 February, 2020 - 12:03

Posted by Salvatore Bonaccorso on Feb 10

-------------------------------------------------------------------------
Debian Security Advisory DSA-4618-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
February 06, 2020 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : libexif
CVE ID : CVE-2019-9278
Debian Bug :...

[SECURITY] [DSA 4619-1] libxmlrpc3-java security update

Bug Traq - 10 February, 2020 - 12:00

Posted by Salvatore Bonaccorso on Feb 10

-------------------------------------------------------------------------
Debian Security Advisory DSA-4619-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
February 06, 2020 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : libxmlrpc3-java
CVE ID : CVE-2019-17570
Debian Bug...

xglance-bin exploit (CVE-2014-2630)

Bug Traq - 10 February, 2020 - 11:56

Posted by redazione on Feb 10

In one of our recent penetration tests we have abused a vulnerability affecting a suid binary called “xglance-bin“.
Part of HP Performance Monitoring solution, it allowed us to escalate our local unprivileged sessions on some Linux
RHEL 6.x/7.x/8.x systems to root. To be very honest, it was not the first time we leveraged that specific vulnerability
as we abused it frequently on many HP servers with RHEL installed since 2014.

There has...

[SECURITY] [DSA 4617-1] qtbase-opensource-src security update

Bug Traq - 4 February, 2020 - 06:04

Posted by Moritz Muehlenhoff on Feb 04

-------------------------------------------------------------------------
Debian Security Advisory DSA-4617-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
February 03, 2020 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : qtbase-opensource-src
CVE ID : CVE-2020-0569...

[SECURITY] [DSA 4612-1] prosody-modules security update

Bug Traq - 3 February, 2020 - 04:38

Posted by Moritz Muehlenhoff on Feb 03

-------------------------------------------------------------------------
Debian Security Advisory DSA-4612-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
January 31, 2020 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : prosody-modules
CVE ID : CVE-2020-8086

It was...

[SECURITY] [DSA 4613-1] libidn2 security update

Bug Traq - 3 February, 2020 - 04:34

Posted by Salvatore Bonaccorso on Feb 03

-------------------------------------------------------------------------
Debian Security Advisory DSA-4613-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
February 01, 2020 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : libidn2
CVE ID : CVE-2019-18224
Debian Bug :...
Syndicate content