Security News

[SECURITY] [DSA 4361-1] libextractor security update

Bug Traq - 30 December, 2018 - 22:45

Posted by Moritz Muehlenhoff on Dec 30

-------------------------------------------------------------------------
Debian Security Advisory DSA-4361-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
December 28, 2018 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : libextractor
CVE ID : CVE-2018-20430 CVE-2018-20431...

Vuln: JasPer CVE-2018-20584 Denial of Service Vulnerability

Security Focus Vulnerabilities - 30 December, 2018 - 00:00
JasPer CVE-2018-20584 Denial of Service Vulnerability

Vuln: Apache NetBeans CVE-2018-17191 Remote Command Execution Vulnerability

Security Focus Vulnerabilities - 30 December, 2018 - 00:00
Apache NetBeans CVE-2018-17191 Remote Command Execution Vulnerability

[SECURITY] [DSA 4360-1] libarchive security update

Bug Traq - 28 December, 2018 - 03:19

Posted by Moritz Muehlenhoff on Dec 28

-------------------------------------------------------------------------
Debian Security Advisory DSA-4360-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
December 27, 2018 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : libarchive
CVE ID : CVE-2016-10209 CVE-2016-10349...

[SECURITY] [DSA 4359-1] wireshark security update

Bug Traq - 28 December, 2018 - 03:16

Posted by Moritz Muehlenhoff on Dec 28

-------------------------------------------------------------------------
Debian Security Advisory DSA-4359-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
December 27, 2018 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : wireshark
CVE ID : CVE-2018-12086 CVE-2018-18225...

[SECURITY] [DSA 4358-1] ruby-sanitize security update

Bug Traq - 28 December, 2018 - 03:12

Posted by Salvatore Bonaccorso on Dec 28

-------------------------------------------------------------------------
Debian Security Advisory DSA-4358-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
December 27, 2018 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : ruby-sanitize
CVE ID : CVE-2018-3740
Debian Bug...

Vuln: ZTE ZMAX Multiple Security Vulnerabilities

Security Focus Vulnerabilities - 28 December, 2018 - 00:00
ZTE ZMAX Multiple Security Vulnerabilities

Vuln: F5 BIG-IP APM CVE-2018-15335 Remote Denial of Service Vulnerability

Security Focus Vulnerabilities - 28 December, 2018 - 00:00
F5 BIG-IP APM CVE-2018-15335 Remote Denial of Service Vulnerability

Vuln: SAP BusinessObjects BI Platform Server Side Request Forgery Security Bypass Vulnerability

Security Focus Vulnerabilities - 28 December, 2018 - 00:00
SAP BusinessObjects BI Platform Server Side Request Forgery Security Bypass Vulnerability

Vuln: Linux Kernel 'drivers/net/appletalk/ipddp.c ' Local Information Disclosure Vulnerability

Security Focus Vulnerabilities - 27 December, 2018 - 00:00
Linux Kernel 'drivers/net/appletalk/ipddp.c ' Local Information Disclosure Vulnerability

Vuln: Kubernetes API Server of Gardener CVE-2018-2475 Unauthorized Access Vulnerability

Security Focus Vulnerabilities - 26 December, 2018 - 00:00
Kubernetes API Server of Gardener CVE-2018-2475 Unauthorized Access Vulnerability

Vuln: Poppler CVE-2018-20481 Denial of Service Vulnerability

Security Focus Vulnerabilities - 25 December, 2018 - 00:00
Poppler CVE-2018-20481 Denial of Service Vulnerability

[SECURITY] [DSA 4346-2] ghostscript regression update

Bug Traq - 24 December, 2018 - 02:57

Posted by Salvatore Bonaccorso on Dec 23

-------------------------------------------------------------------------
Debian Security Advisory DSA-4346-2 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
December 23, 2018 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : ghostscript
Debian Bug : 915832

The update for...

[slackware-security] netatalk (SSA:2018-355-01)

Bug Traq - 24 December, 2018 - 02:54

Posted by Slackware Security Team on Dec 23

[slackware-security] netatalk (SSA:2018-355-01)

New netatalk packages are available for Slackware 14.0, 14.1, 14.2,
and -current to fix a security issue.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/netatalk-3.1.12-i586-1_slack14.2.txz: Upgraded.
Netatalk before 3.1.12 is vulnerable to an out of bounds write in
dsi_opensess.c. This is due to lack of bounds checking on attacker...

Vuln: Foxit Quick PDF Library Multiple Security Vulnerabilities

Security Focus Vulnerabilities - 24 December, 2018 - 00:00
Foxit Quick PDF Library Multiple Security Vulnerabilities

Vuln: GNU Libextractor Multiple Security Vulnerabilities

Security Focus Vulnerabilities - 24 December, 2018 - 00:00
GNU Libextractor Multiple Security Vulnerabilities

Vuln: LibRAW 'libraw_cxx.cpp' Multiple Security Vulnerabilities

Security Focus Vulnerabilities - 22 December, 2018 - 00:00
LibRAW 'libraw_cxx.cpp' Multiple Security Vulnerabilities

Vuln: Apache Tika CVE-2018-17197 Denial of Service Vulnerability

Security Focus Vulnerabilities - 22 December, 2018 - 00:00
Apache Tika CVE-2018-17197 Denial of Service Vulnerability

Re: LibTIFF 4.0.8 has multiple memory leak vulnerabilities (CVE-2017-16232)

Full Disclosure - 21 December, 2018 - 14:42

Posted by Henri Salo on Dec 21

I'm curious why do you post about minor memory leak after over year from fix,
from old version and tool (not the library)? Also note that
http://www.libtiff.org/tools.html says "Many of them however are more intended
to serve as programming examples for using the TIFF library."

You might want to test the latest version of the library. Their git can be
found from https://gitlab.com/libtiff/libtiff.

Zoho ManageEngine OpManager 12.3 before build 123239 allows XSS in the Notes column of the Alarms section

Bug Traq - 21 December, 2018 - 05:05

Posted by Murat Aydemir on Dec 21

I. VULNERABILITY
-------------------------
Zoho ManageEngine OpManager 12.3 before build 123239 allows XSS in the
Notes column of the Alarms section

II. CVE REFERENCE
-------------------------
CVE-2018-20339

III. VENDOR
-------------------------
https://www.manageengine.com

IV. TIMELINE
-------------------------
20/11/18 Vulnerability discovered
20/11/18 Vendor contacted
20/12/2018 OPManager replay that they fixed

V. CREDIT...
Syndicate content