Security News

[SECURITY] [DSA 4622-1] postgresql-9.6 security update

Bug Traq - 14 February, 2020 - 06:46

Posted by Moritz Muehlenhoff on Feb 14

-------------------------------------------------------------------------
Debian Security Advisory DSA-4622-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
February 13, 2020 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : postgresql-9.6
CVE ID : CVE-2020-1720

Tom Lane...

[slackware-security] mozilla-thunderbird (SSA:2020-042-02)

Bug Traq - 14 February, 2020 - 06:43

Posted by Slackware Security Team on Feb 14

[slackware-security] mozilla-thunderbird (SSA:2020-042-02)

New mozilla-thunderbird packages are available for Slackware 14.2 and -current
to fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/mozilla-thunderbird-68.5.0-i686-1_slack14.2.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:...

[SECURITY] [DSA 4618-1] libexif security update

Bug Traq - 10 February, 2020 - 12:03

Posted by Salvatore Bonaccorso on Feb 10

-------------------------------------------------------------------------
Debian Security Advisory DSA-4618-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
February 06, 2020 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : libexif
CVE ID : CVE-2019-9278
Debian Bug :...

[SECURITY] [DSA 4619-1] libxmlrpc3-java security update

Bug Traq - 10 February, 2020 - 12:00

Posted by Salvatore Bonaccorso on Feb 10

-------------------------------------------------------------------------
Debian Security Advisory DSA-4619-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
February 06, 2020 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : libxmlrpc3-java
CVE ID : CVE-2019-17570
Debian Bug...

xglance-bin exploit (CVE-2014-2630)

Bug Traq - 10 February, 2020 - 11:56

Posted by redazione on Feb 10

In one of our recent penetration tests we have abused a vulnerability affecting a suid binary called “xglance-bin“.
Part of HP Performance Monitoring solution, it allowed us to escalate our local unprivileged sessions on some Linux
RHEL 6.x/7.x/8.x systems to root. To be very honest, it was not the first time we leveraged that specific vulnerability
as we abused it frequently on many HP servers with RHEL installed since 2014.

There has...

[SECURITY] [DSA 4617-1] qtbase-opensource-src security update

Bug Traq - 4 February, 2020 - 06:04

Posted by Moritz Muehlenhoff on Feb 04

-------------------------------------------------------------------------
Debian Security Advisory DSA-4617-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
February 03, 2020 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : qtbase-opensource-src
CVE ID : CVE-2020-0569...

[SECURITY] [DSA 4612-1] prosody-modules security update

Bug Traq - 3 February, 2020 - 04:38

Posted by Moritz Muehlenhoff on Feb 03

-------------------------------------------------------------------------
Debian Security Advisory DSA-4612-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
January 31, 2020 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : prosody-modules
CVE ID : CVE-2020-8086

It was...

[SECURITY] [DSA 4613-1] libidn2 security update

Bug Traq - 3 February, 2020 - 04:34

Posted by Salvatore Bonaccorso on Feb 03

-------------------------------------------------------------------------
Debian Security Advisory DSA-4613-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
February 01, 2020 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : libidn2
CVE ID : CVE-2019-18224
Debian Bug :...

[slackware-security] sudo (SSA:2020-031-01)

Bug Traq - 3 February, 2020 - 04:33

Posted by Slackware Security Team on Feb 03

[slackware-security] sudo (SSA:2020-031-01)

New sudo packages are available for Slackware 14.0, 14.1, 14.2,
and -current to fix a security issue.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/sudo-1.8.31-i586-1_slack14.2.txz: Upgraded.
This update fixes a security issue:
In Sudo before 1.8.31, if pwfeedback is enabled in /etc/sudoers, users can
trigger a stack-based buffer overflow...

[SECURITY] [DSA 4614-1] sudo security update

Bug Traq - 3 February, 2020 - 04:32

Posted by Salvatore Bonaccorso on Feb 03

-------------------------------------------------------------------------
Debian Security Advisory DSA-4614-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
February 01, 2020 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : sudo
CVE ID : CVE-2019-18634
Debian Bug :...

[SECURITY] [DSA 4615-1] spamassassin security update

Bug Traq - 3 February, 2020 - 04:24

Posted by Salvatore Bonaccorso on Feb 03

-------------------------------------------------------------------------
Debian Security Advisory DSA-4615-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
February 01, 2020 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : spamassassin
CVE ID : CVE-2020-1930 CVE-2020-1931...

[SECURITY] [DSA 4616-1] qemu security update

Bug Traq - 3 February, 2020 - 04:20

Posted by Moritz Muehlenhoff on Feb 03

-------------------------------------------------------------------------
Debian Security Advisory DSA-4616-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
February 02, 2020 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : qemu
CVE ID : CVE-2019-15890 CVE-2020-7039...

Executable installers are vulnerable^WEVIL (case 58): Intel® Processor Identification Utility - Windows* Version - arbitrary code execution with escalation of privilege

Bug Traq - 31 January, 2020 - 05:10

Posted by Stefan Kanthak on Jan 31

Hi @ll,

Intel® Processor Identification Utility - Windows* Version,
version 6.0.0211 from 2019-02-11, available from
<https://downloadmirror.intel.com/28539/a08/Intel(R)%20Processor%20Identification%20Utility.exe>
via <https://downloadcenter.intel.com/download/28539>, and
earlier versions 6.0.* are vulnerable: in default installations
of all supported versions of Windows (really: Windows Vista and
later), they allows arbitrary code...

[CVE-2019-20358] CVE-2019-9491 in Trend Micro Anti-Threat Toolkit (ATTK) was NOT properly FIXED

Bug Traq - 30 January, 2020 - 08:14

Posted by Stefan Kanthak on Jan 30

Hi @ll,

on September 29, 2019, John Page reported a remote code execution
with escalation of privilege in TrendMicro's Anti-Threat Toolkit
to its vendor.
TrendMicro assigned CVE-2019-9491 to this vulnerability and told
the reporter, his dog and the world on October 18, 2019, that they
had fixed the vulnerable product.

See <https://success.trendmicro.com/solution/000149878>,
<https://seclists.org/fulldisclosure/2019/Oct/42> and...

[SECURITY] [DSA 4610-1] webkit2gtk security update

Bug Traq - 30 January, 2020 - 02:20

Posted by Moritz Muehlenhoff on Jan 29

-------------------------------------------------------------------------
Debian Security Advisory DSA-4610-1 security () debian org
https://www.debian.org/security/ Alberto Garcia
January 29, 2020 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : webkit2gtk
CVE ID : CVE-2019-8835 CVE-2019-8844...

APPLE-SA-2020-1-29-1 iCloud for Windows 7.17

Bug Traq - 30 January, 2020 - 02:17

Posted by Apple Product Security on Jan 29

APPLE-SA-2020-1-29-1 iCloud for Windows 7.17

iCloud for Windows 7.17 addresses the following:

ImageIO
Available for: Windows 7 and later
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2020-3826: Samuel Groß of Google Project Zero

libxml2
Available for: Windows 7 and later
Impact: Processing maliciously crafted XML may lead...

APPLE-SA-2020-1-29-2 iCloud for Windows 10.9.2

Bug Traq - 30 January, 2020 - 02:12

Posted by Apple Product Security on Jan 29

APPLE-SA-2020-1-29-2 iCloud for Windows 10.9.2

iCloud for Windows 10.9.2 is now available and addresses the
following:

ImageIO
Available for: Windows 10 and later via the Microsoft Store
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2020-3826: Samuel Groß of Google Project Zero

libxml2
Available for: Windows 10 and later...

[SECURITY] [DSA 4611-1] opensmtpd security update

Bug Traq - 30 January, 2020 - 02:08

Posted by Moritz Muehlenhoff on Jan 29

-------------------------------------------------------------------------
Debian Security Advisory DSA-4611-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
January 29, 2020 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : opensmtpd
CVE ID : CVE-2020-7247
Debian Bug :...

FreeBSD Security Advisory FreeBSD-SA-20:02.ipsec

Bug Traq - 29 January, 2020 - 05:00

Posted by FreeBSD Security Advisories on Jan 29

=============================================================================
FreeBSD-SA-20:02.ipsec Security Advisory
The FreeBSD Project

Topic: Missing IPsec anti-replay window check

Category: core
Module: kernel
Announced: 2020-01-28
Credits: Jean-Francois HREN
Affects: FreeBSD 12.0 only
Corrected:...

APPLE-SA-2020-1-28-1 iOS 13.3.1 and iPadOS 13.3.1

Bug Traq - 29 January, 2020 - 05:00

Posted by Apple Product Security on Jan 29

APPLE-SA-2020-1-28-1 iOS 13.3.1 and iPadOS 13.3.1

iOS 13.3.1 and iPadOS 13.3.1 are now available and address the
following:

Audio
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2020-3857: Zhuo Liang of Qihoo 360...
Syndicate content