SOLDIERX.COM Nobody Can Stop Information Insemination

Posted by Moritz Muehlenhoff on Feb 16

-------------------------------------------------------------------------
Debian Security Advisory DSA-4620-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
February 12, 2020 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : firefox-esr
CVE ID : CVE-2020-6796 CVE-2020-6798...

Posted by Moritz Muehlenhoff on Feb 16

-------------------------------------------------------------------------
Debian Security Advisory DSA-4621-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
February 12, 2020 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : openjdk-8
CVE ID : CVE-2020-2583 CVE-2020-2590...

Posted by Imre Rad on Feb 16

The TrustedInstaller service running on the Windows operating system
hosts a COM service called Sxs Store Class; its ISxsStore interface
provides methods to install/uninstall assemblies via application
manifests files into the WinSxS store. These API methods were meant to
be available for users with administrative privileges only, but the
logic was unintentionally exposed to anyone on the system due to
improper implementation of the authorization...

Posted by Slackware Security Team on Feb 16

[slackware-security] libarchive (SSA:2020-043-01)

New libarchive packages are available for Slackware 14.1, 14.2, and -current to
fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/libarchive-3.4.2-i586-1_slack14.2.txz: Upgraded.
This update includes security fixes in the RAR5 reader.
(* Security fix *)
+--------------------------+

Where to find the new packages:...

Posted by Thierry Zoller on Feb 16

Posted by Salvatore Bonaccorso on Feb 16

-------------------------------------------------------------------------
Debian Security Advisory DSA-4624-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
February 14, 2020 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : evince
CVE ID : CVE-2017-1000159 CVE-2019-11459...

Posted by Moritz Muehlenhoff on Feb 16

-------------------------------------------------------------------------
Debian Security Advisory DSA-4625-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
February 15, 2020 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : thunderbird
CVE ID : CVE-2020-6792 CVE-2020-6793...

Posted by Thierry Zoller on Feb 14

Posted by Thierry Zoller on Feb 14

Posted by RedTimmy Security on Feb 14

Hi,
we have just released EnumJavaLibs to perform java classes enumeration against java services.

To discover a deserialization vulnerability is often easy. When source code is available, it comes down to finding
calls to readObject() and finding a way for user input to reach that function. In case we don’t have source code
available, we can spot serialized objects on the wire by looking for binary blobs or base64 encoded objects (recognized...

Posted by Moritz Muehlenhoff on Feb 14

-------------------------------------------------------------------------
Debian Security Advisory DSA-4623-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
February 13, 2020 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : postgresql-11
CVE ID : CVE-2020-1720

Tom Lane...

Posted by Slackware Security Team on Feb 14

[slackware-security] mozilla-firefox (SSA:2020-042-01)

New mozilla-firefox packages are available for Slackware 14.2 and -current to
fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/mozilla-firefox-68.5.0esr-i686-1_slack14.2.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:...

Posted by Moritz Muehlenhoff on Feb 14

-------------------------------------------------------------------------
Debian Security Advisory DSA-4622-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
February 13, 2020 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : postgresql-9.6
CVE ID : CVE-2020-1720

Tom Lane...

Posted by Slackware Security Team on Feb 14

[slackware-security] mozilla-thunderbird (SSA:2020-042-02)

New mozilla-thunderbird packages are available for Slackware 14.2 and -current
to fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/mozilla-thunderbird-68.5.0-i686-1_slack14.2.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:...

Posted by Salvatore Bonaccorso on Feb 10

-------------------------------------------------------------------------
Debian Security Advisory DSA-4618-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
February 06, 2020 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : libexif
CVE ID : CVE-2019-9278
Debian Bug :...

Posted by Salvatore Bonaccorso on Feb 10

-------------------------------------------------------------------------
Debian Security Advisory DSA-4619-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
February 06, 2020 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : libxmlrpc3-java
CVE ID : CVE-2019-17570
Debian Bug...

Posted by redazione on Feb 10

In one of our recent penetration tests we have abused a vulnerability affecting a suid binary called “xglance-bin“.
Part of HP Performance Monitoring solution, it allowed us to escalate our local unprivileged sessions on some Linux
RHEL 6.x/7.x/8.x systems to root. To be very honest, it was not the first time we leveraged that specific vulnerability
as we abused it frequently on many HP servers with RHEL installed since 2014.

There has...

Posted by Moritz Muehlenhoff on Feb 04

-------------------------------------------------------------------------
Debian Security Advisory DSA-4617-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
February 03, 2020 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : qtbase-opensource-src
CVE ID : CVE-2020-0569...

Posted by Moritz Muehlenhoff on Feb 03

-------------------------------------------------------------------------
Debian Security Advisory DSA-4612-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
January 31, 2020 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : prosody-modules
CVE ID : CVE-2020-8086

It was...

Posted by Salvatore Bonaccorso on Feb 03

-------------------------------------------------------------------------
Debian Security Advisory DSA-4613-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
February 01, 2020 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : libidn2
CVE ID : CVE-2019-18224
Debian Bug :...