Security News

[slackware-security] mozilla-firefox (SSA:2019-226-02)

Bug Traq - 15 August, 2019 - 05:37

Posted by Slackware Security Team on Aug 15

[slackware-security] mozilla-firefox (SSA:2019-226-02)

New mozilla-firefox packages are available for Slackware 14.2 and -current to
fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/mozilla-firefox-68.0.2esr-i686-1_slack14.2.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:...

[slackware-security] Slackware 14.2 kernel (SSA:2019-226-01)

Bug Traq - 14 August, 2019 - 05:01

Posted by Slackware Security Team on Aug 14

[slackware-security] Slackware 14.2 kernel (SSA:2019-226-01)

New kernel packages are available for Slackware 14.2 to fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/linux-4.4.189/*: Upgraded.
These updates fix various bugs and many security issues, and include the
Spectre v1 SWAPGS mitigations.
Be sure to upgrade your initrd after upgrading the kernel packages....

APPLE-SA-2019-8-13-2 Additional information for APPLE-SA-2019-7-22-1 iOS 12.4

Bug Traq - 14 August, 2019 - 05:01

Posted by Apple Product Security on Aug 14

APPLE-SA-2019-8-13-2 Additional information for
APPLE-SA-2019-7-22-1 iOS 12.4

iOS 12.4 addresses the following:

Bluetooth
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation and later
Impact: An attacker in a privileged network position may be able to
intercept Bluetooth traffic (Key Negotiation of Bluetooth - KNOB)
Description: An input validation issue existed in Bluetooth. This
issue was addressed with...

APPLE-SA-2019-08-13-5 SwiftNIO HTTP/2 1.5.0

Bug Traq - 14 August, 2019 - 04:58

Posted by Apple Product Security on Aug 14

APPLE-SA-2019-08-13-5 SwiftNIO HTTP/2 1.5.0

SwiftNIO HTTP/2 1.5.0 is now available and addresses the following:

SwiftNIO HTTP/2
Available for: SwiftNIO HTTP/2 1.0.0 through 1.4.0 on
macOS Sierra 10.12 and later and Ubuntu 14.04 and later
Impact: A HTTP/2 server may consume unbounded amounts of memory when
receiving certain traffic patterns and eventually suffer resource
exhaustion
Description: This issue was addressed with improved buffer size...

APPLE-SA-2019-8-13-4 Additional information for APPLE-SA-2019-7-22-5 tvOS 12.4

Bug Traq - 14 August, 2019 - 04:57

Posted by Apple Product Security on Aug 14

APPLE-SA-2019-8-13-4 Additional information for
APPLE-SA-2019-7-22-5 tvOS 12.4

tvOS 12.4 addresses the following:

Bluetooth
Available for: Apple TV 4K and Apple TV HD
Impact: An attacker in a privileged network position may be able to
intercept Bluetooth traffic (Key Negotiation of Bluetooth - KNOB)
Description: An input validation issue existed in Bluetooth. This
issue was addressed with improved input validation.
CVE-2019-9506: Daniele...

APPLE-SA-2019-8-13-3 Additional information for APPLE-SA-2019-7-22-4 watchOS 5.3

Bug Traq - 14 August, 2019 - 04:53

Posted by Apple Product Security on Aug 14

APPLE-SA-2019-8-13-3 Additional information for
APPLE-SA-2019-7-22-4 watchOS 5.3

watchOS 5.3 addresses the following:

Bluetooth
Available for: Apple Watch Series 1 and later
Impact: An attacker in a privileged network position may be able to
intercept Bluetooth traffic (Key Negotiation of Bluetooth - KNOB)
Description: An input validation issue existed in Bluetooth. This
issue was addressed with improved input validation.
CVE-2019-9506: Daniele...

APPLE-SA-2019-8-13-1 Additional information for APPLE-SA-2019-7-22-2 macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra

Bug Traq - 14 August, 2019 - 04:49

Posted by Apple Product Security on Aug 14

APPLE-SA-2019-8-13-1 Additional information for
APPLE-SA-2019-7-22-2 macOS Mojave 10.14.6, Security Update
2019-004 High Sierra, Security Update 2019-004 Sierra

macOS Mojave 10.14.6, Security Update 2019-004 High Sierra,
Security Update 2019-004 Sierra address the
following:

AppleGraphicsControl
Available for: macOS Mojave 10.14.5
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with...

TortoiseSVN v1.12.1 - Remote Code Execution Vulnerability

Bug Traq - 13 August, 2019 - 16:15

Posted by Vulnerability Lab on Aug 13

Document Title:
===============
TortoiseSVN v1.12.1 - Remote Code Execution Vulnerability

References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=2188

Product:
https://osdn.net/projects/tortoisesvn/storage/1.12.1/Application/TortoiseSVN-1.12.1.28628-x64-svn-1.12.2.msi/

Ticket: https://groups.google.com/forum/#!forum/tortoisesvn

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-14422

CVE-ID:...

[SECURITY] [DSA 4500-1] chromium security update

Bug Traq - 13 August, 2019 - 16:11

Posted by Salvatore Bonaccorso on Aug 13

-------------------------------------------------------------------------
Debian Security Advisory DSA-4500-1 security () debian org
https://www.debian.org/security/ Michael Gilbert
August 12, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : chromium
CVE ID : CVE-2019-5805 CVE-2019-5806...

[SECURITY] [DSA 4497-1] linux security update

Bug Traq - 13 August, 2019 - 16:08

Posted by Salvatore Bonaccorso on Aug 13

-------------------------------------------------------------------------
Debian Security Advisory DSA-4497-1 security () debian org
https://www.debian.org/security/ Ben Hutchings
August 13, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : linux
CVE ID : CVE-2015-8553 CVE-2018-5995...

Dlink-CVE-2019-13101

Bug Traq - 13 August, 2019 - 16:04

Posted by Devendra Solanki on Aug 13

A remote vulnerability was discovered on D-Link DIR-600M Wireless N
150 Home Router in multiple respective firmware versions.
The vulnerability provides unauthenticated remote access to the
router's WAN configuration page i.e. "wan.htm", which leads to
disclosure of sensitive user information including but not limited to
PPPoE, DNS configuration etc, also allowing to change
the configuration settings as well.

A metasploit script...

Some interesting facts about gitlab runners

Full Disclosure - 13 August, 2019 - 12:25

Posted by John Doe on Aug 13

So generally when you create a docker container, you specify what network
you want to create it on right? Well due to historical reasons if you don't
the container is created on the default "bridge0" network.

This network doesn't have service discovery in the proper sense. To have
containers talk to each other by name you need to "link" them, in the
legacy docker sense. But in fact it's possible for any...

[SECURITY] [DSA 4499-1] ghostscript security update

Bug Traq - 12 August, 2019 - 16:21

Posted by Salvatore Bonaccorso on Aug 12

-------------------------------------------------------------------------
Debian Security Advisory DSA-4499-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
August 12, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : ghostscript
CVE ID : CVE-2019-10216
Debian Bug...

[SECURITY] [DSA 4498-1] python-django security update

Bug Traq - 12 August, 2019 - 09:23

Posted by Sebastien Delafond on Aug 12

-------------------------------------------------------------------------
Debian Security Advisory DSA-4498-1 security () debian org
https://www.debian.org/security/ Sebastien Delafond
August 12, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : python-django
CVE ID : CVE-2019-14232...

[SECURITY] [DSA 4496-1] pango1.0 security update

Bug Traq - 12 August, 2019 - 09:19

Posted by Salvatore Bonaccorso on Aug 12

-------------------------------------------------------------------------
Debian Security Advisory DSA-4496-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
August 11, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : pango1.0
CVE ID : CVE-2019-1010238
Debian Bug :...

[SECURITY] [DSA 4495-1] linux security update

Bug Traq - 12 August, 2019 - 09:16

Posted by Salvatore Bonaccorso on Aug 12

-------------------------------------------------------------------------
Debian Security Advisory DSA-4495-1 security () debian org
https://www.debian.org/security/ Ben Hutchings
August 10, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : linux
CVE ID : CVE-2018-20836 CVE-2019-1125...

[SECURITY] [DSA 4494-1] kconfig security update

Bug Traq - 12 August, 2019 - 09:13

Posted by Moritz Muehlenhoff on Aug 12

-------------------------------------------------------------------------
Debian Security Advisory DSA-4494-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
August 09, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : kconfig
CVE ID : CVE-2019-14744

Dominik Penner...

Multiple banks - potential risk of an inconsequent client separation

Full Disclosure - 9 August, 2019 - 17:37

Posted by Tim Schughart on Aug 09

Hello together,

as many of you already know some german banks are sharing the same hoster.

Via google dorking it is possible to determine some customers of one of those hosters (Fiducia & GAD IT AG).

The hoster uses a GET parameter called „bankid“ to identify its customers.

For example:
https://mobilebanking.gad.de/inm/mobilgad////ptlweb/WebPortal?
<https://mobilebanking.gad.de/inm/mobilgad////ptlweb/WebPortal?bankid=8008...

Dlink-CVE-2019-13101

Full Disclosure - 9 August, 2019 - 17:32

Posted by Devendra Solanki on Aug 09

A remote vulnerability was discovered on D-Link DIR-600M Wireless N 150
Home Router in multiple respective firmware versions.
The vulnerability provides unauthenticated remote access to the router's
WAN configuration page i.e. "wan.htm", which leads to
disclosure of sensitive user information including but not limited to
PPPoE, DNS configuration etc, also allowing to change
the configuration settings as well.

A Nmap nse script to...
Syndicate content