Archive for January, 2019

154 results.

Fedora 28: radare2 Security Update

Jan19
by Ike on January 19, 2019 at 6:59 am
Posted In: Uncategorized

(Jan 19) Security fix for CVE-2018-20455 CVE-2018-20456 CVE-2018-20457 CVE-2018-20458 CVE-2018-20459 CVE-2018-20460 CVE-2018-20461 through rebase to 3.2.0

 Comment 

Fedora 29: radare2 Security Update

Jan19
by Ike on January 19, 2019 at 6:34 am
Posted In: Uncategorized

(Jan 19) Security fix for CVE-2018-20455 CVE-2018-20456 CVE-2018-20457 CVE-2018-20458 CVE-2018-20459 CVE-2018-20460 CVE-2018-20461 through rebase to 3.2.0

 Comment 

Ubuntu 3858-1: HAProxy vulnerabilities

Jan19
by Ike on January 19, 2019 at 6:16 am
Posted In: Uncategorized

(Jan 15) Several security issues were fixed in HAProxy.

 Comment 

RedHat: RHSA-2019-0053:01 Moderate: openvswitch security and bug fix update

Jan19
by Ike on January 19, 2019 at 6:16 am
Posted In: Uncategorized

(Jan 16) An update for openvswitch is now available for Red Hat OpenStack Platform 10.0 (Newton). Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which

 Comment 

RedHat: RHSA-2019-0094:01 Moderate: redis security update

Jan19
by Ike on January 19, 2019 at 6:16 am
Posted In: Uncategorized

(Jan 16) An update for redis is now available for Red Hat OpenStack Platform 13.0 (Queens). Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which

 Comment 

Fedora 28: perl-Email-Address Security Update

Jan18
by Ike on January 18, 2019 at 6:51 am
Posted In: Uncategorized

(Jan 18) Update to 1.912, fixes CVE-2015-7686 and CVE-2018-12558.

 Comment 

Fedora 29: perl-Email-Address Security Update

Jan18
by Ike on January 18, 2019 at 6:49 am
Posted In: Uncategorized

(Jan 18) Update to 1.912, fixes CVE-2015-7686 and CVE-2018-12558.

 Comment 

Debian: DSA-4370-1: drupal7 security update

Jan18
by Ike on January 18, 2019 at 6:27 am
Posted In: Uncategorized

(Jan 17) Two vulnerabilities were found in Drupal, a fully-featured content management framework, which could result in arbitrary code execution. For additional information, please refer to the upstream advisories

 Comment 

Ubuntu 3859-1: libarchive vulnerabilities

Jan18
by Ike on January 18, 2019 at 6:14 am
Posted In: Uncategorized

(Jan 15) Several security issues were fixed in libarchive.

 Comment 

Ubuntu 3862-1: Irssi vulnerability

Jan18
by Ike on January 18, 2019 at 6:14 am
Posted In: Uncategorized

(Jan 17) Irssi could be made to crash or execute arbitrary code if it received a specially crafted input.

 Comment 

RedHat: RHSA-2019-0081:01 Moderate: openvswitch security and bug fix update

Jan18
by Ike on January 18, 2019 at 6:14 am
Posted In: Uncategorized

(Jan 16) An update for openvswitch is now available for Red Hat OpenStack Platform 13.0 (Queens). Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which

 Comment 

RedHat: RHSA-2019-0095:01 Low: Red Hat Enterprise Linux 6.7 EUS Final

Jan18
by Ike on January 18, 2019 at 6:14 am
Posted In: Uncategorized

(Jan 17) This is the final notification for the retirement of Red Hat Enterprise Linux 6.7 Extended Update Support (EUS). This notification applies only to those customers subscribed to the Extended Update Support (EUS) channel for Red Hat Enterprise Linux 6.7.

 Comment 

Fedora 28: php-horde-Horde-Form Security Update

Jan17
by Ike on January 17, 2019 at 6:44 am
Posted In: Uncategorized

(Jan 16) **Horde_Form 2.0.19** * [mjr] SECURITY: Prevent RCE vulnerability due to potential directory traversal in Image uploads (An independent security researcher has reported this vulnerability to SecuriTeam Secure Disclosure program).

 Comment 

Fedora 28: unrtf Security Update

Jan17
by Ike on January 17, 2019 at 6:41 am
Posted In: Uncategorized

(Jan 16) Patch for CVE-2016-10091

 Comment 

Ubuntu 3861-1: PolicyKit vulnerability

Jan17
by Ike on January 17, 2019 at 6:01 am
Posted In: Uncategorized

(Jan 16) PolicyKit could allow unintended access.

 Comment 

Ubuntu 3861-2: PolicyKit vulnerability

Jan17
by Ike on January 17, 2019 at 6:01 am
Posted In: Uncategorized

(Jan 16) PolicyKit could allow unintended access.

 Comment 

RedHat: RHSA-2019-0082:01 Moderate: python-django security update

Jan17
by Ike on January 17, 2019 at 6:01 am
Posted In: Uncategorized

(Jan 16) An update for python-django is now available for Red Hat OpenStack Platform 13.0 (Queens). Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which

 Comment 

RedHat: RHSA-2019-0085:01 Moderate: pyOpenSSL security and bug fix update

Jan17
by Ike on January 17, 2019 at 6:01 am
Posted In: Uncategorized

(Jan 16) An update for pyOpenSSL is now available for Red Hat OpenStack Platform 13.0 (Queens). Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which

 Comment 

Manufacturing.gov and White House security suffer under U.S. shutdown

Jan16
by Ike on January 16, 2019 at 1:51 pm
Posted In: Uncategorized

Dozens more U.S. government websites have become inaccessible since last week, when Netcraft highlighted the impact of security certificates expiring during the federal shutdown. As of today, more than 130 TLS certificates used by U.S. government websites have expired without being renewed. Some of these sites are now completely inaccessible in modern browsers due to […]

 Comment 

Effective server maintenance: Every step you need to take

Jan16
by Ike on January 16, 2019 at 7:30 am
Posted In: Uncategorized

The post Effective server maintenance: Every step you need to take appeared first on Plesk.

 Comment 

Fedora 29: openssh Security Update

Jan16
by Ike on January 16, 2019 at 6:44 am
Posted In: Uncategorized

(Jan 16) This update fixes CVE-2018-20685 (the first “variant”) and backports several fixes to unbreak ECDSA authentication from PKCS#11, certificate authentication and so on.

 Comment 

Debian: DSA-4367-2: systemd regression update

Jan16
by Ike on January 16, 2019 at 6:43 am
Posted In: Uncategorized

(Jan 15) The Qualys Research Labs reported that the backported security fixes shipped in DSA 4367-1 contained a memory leak in systemd-journald. This and an unrelated bug in systemd-coredump are corrected in this update.

 Comment 

Fedora 29: php-horde-Horde-Form Security Update

Jan16
by Ike on January 16, 2019 at 6:37 am
Posted In: Uncategorized

(Jan 16) **Horde_Form 2.0.19** * [mjr] SECURITY: Prevent RCE vulnerability due to potential directory traversal in Image uploads (An independent security researcher has reported this vulnerability to SecuriTeam Secure Disclosure program).

 Comment 

Ubuntu 3860-1: libcaca vulnerabilities

Jan16
by Ike on January 16, 2019 at 5:56 am
Posted In: Uncategorized

(Jan 15) Several security issues were fixed in libcaca.

 Comment 

Ubuntu 3860-2: libcaca vulnerabilities

Jan16
by Ike on January 16, 2019 at 5:56 am
Posted In: Uncategorized

(Jan 15) Several security issues were fixed in libcaca.

 Comment 

RedHat: RHSA-2019-0059:01 Important: libvncserver security update

Jan16
by Ike on January 16, 2019 at 5:56 am
Posted In: Uncategorized

(Jan 15) An update for libvncserver is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

 Comment 

Oracle Critical Patch Update Advisory – January 2019

Jan15
by Ike on January 15, 2019 at 7:30 pm
Posted In: Uncategorized
 Comment 

[20190104] – Core – Stored XSS issue in the Global Configuration help url

Jan15
by Ike on January 15, 2019 at 2:45 pm
Posted In: Uncategorized
  • Project: Joomla!
  • SubProject: CMS
  • Impact: Low
  • Severity: Low
  • Versions: 2.5.0 through 3.9.1
  • Exploit type: XSS
  • Reported Date: 2018-December-05
  • Fixed Date: 2019-January-15
  • CVE Number: CVE-2019-6262

Description

Inadequate checks at the Global Configuration helpurl settings allowed a stored XSS.

Affected Installs

Joomla! CMS versions 2.5.0 through 3.9.1

Solution

Upgrade to version 3.9.2

Contact

The JSST at the Joomla! Security Centre.

Reported By: Mario Korth, Hackmanit

 Comment 

[20190103] – Core – Stored XSS issue in the Global Configuration textfilter settings

Jan15
by Ike on January 15, 2019 at 2:45 pm
Posted In: Uncategorized
  • Project: Joomla!
  • SubProject: CMS
  • Impact: Low
  • Severity: Low
  • Versions: 2.5.0 through 3.9.1
  • Exploit type: XSS
  • Reported Date: 2018-November-29
  • Fixed Date: 2019-January-15
  • CVE Number: CVE-2019-6263

Description

Inadequate checks at the Global Configuration Text Filter settings allowed a stored XSS.

Affected Installs

Joomla! CMS versions 2.5.0 through 3.9.1

Solution

Upgrade to version 3.9.2

Contact

The JSST at the Joomla! Security Centre.

Reported By: Sébastien Poirier

 Comment 

[20190102] – Core – Stored XSS in com_contact

Jan15
by Ike on January 15, 2019 at 2:45 pm
Posted In: Uncategorized
  • Project: Joomla!
  • SubProject: CMS
  • Impact: Low
  • Severity: Low
  • Versions: 2.5.0 through 3.9.1
  • Exploit type: XSS
  • Reported Date: 2018-December-04
  • Fixed Date: 2019-January-15
  • CVE Number: CVE-2019-6261

Description

Inadequate escaping in com_contact leads to a stored XSS vulnerability

Affected Installs

Joomla! CMS versions 2.5.0 through 3.9.1

Solution

Upgrade to version 3.9.2

Contact

The JSST at the Joomla! Security Centre.

Reported By: Antonin Steinhauser

 Comment 

58 queries. 8.75 mb Memory usage. 0.646 seconds.