An arbitrary file read vulnerability was discovered in passenger, a web application server. A local user allowed to deploy an application to passenger, can take advantage of this flaw by creating a symlink from the REVISION file to an arbitrary file on the system and have its
Archive for March, 2019
Several issues have been discovered in Apache module auth_mellon, which provides SAML 2.0 authentication. CVE-2019-3877
This update addresses various overflow conditions that could result in possible memory read/write out of bounds errors or zero byte allocations when connected to a malicious server.
**Version 2.7.2** (2019-03-12) * added TemplateWrapper::getTemplateName() —- **Version 2.7.1** (2019-03-12) * fixed class aliases —- **Version 2.7.0** (2019-03-12) * fixed sandbox security issue (under some circumstances, calling the __toString() method on an object was possible even if not allowed by the security policy) * fixed batch filter clobbers array keys when fill
**Version 1.38.2** (2019-03-12) * added TemplateWrapper::getTemplateName() —- **Version 1.38.1** (2019-03-12) * fixed class aliases —- **Version 1.38.0** (2019-03-12) * fixed sandbox security issue (under some circumstances, calling the __toString() method on an object was possible even if not allowed by the security policy) * fixed batch filter clobbers array
Backport a security fix from PuTTY 0.71 affecting SFTP connections: Fix an integer overflow in the RSA key exchange preceeding host key verification
Libzip could be made to crash if it received specially crafted input.
Update tcpflow to 1.5.2 tag at github, fixing a security issue.
**Version 1.5.2** * Fix bug in AES encryption affecting certain file sizes * Keep file permissions when modifying zip archives * Support systems with small stack size. * Add nullability annotations.
An intended access restriction in snapd could be bypassed by strict modesnaps on 64 bit architectures.
Several security issues were fixed in Firefox.
A heap-based buffer overflow was discovered in NTFS-3G, a read-write NTFS driver for FUSE. A local user can take advantage of this flaw for local root privilege escalation.
p7zip could be made to crash or run programs as your login if it opened a specially crafted file.
“Eating your own dog food” is a popular practice amongst companies where the employees are encouraged, and often do, use their own product in real life scenarios. The phrase “eating your own dog food” was purported to have been coined in the 1970s when television advertisements for Alpo Dog Food. Spokesman Lorne Greene pointed out that he had fed Alpo to his own dogs. Another possibility, even stranger, was a story of the president of …
Several security issues were fixed in Ghostscript.
NTFS-3G could be made to crash or potentially run programs as anadministrator if executed with specially crafted arguments.
A memory disclosure vulnerability was discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in information disclosure or bypass of sandbox restrictions.
It was discovered that missing input sanitising in the file module of Drupal, a fully-featured content management framework, could result in cross-site scripting.
Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code.
This release fixes a buffer overflow when processing RIFF/WAV files with in invalid MS ADPCM predictor.
GDK-PixBuf could be made to crash or run programs as your login if it opened a specially crafted file.
In 2018, cPanel, with their longterm partner CloudLinux, began offering Imunify360 as a featured security product. With cPanel & WHM Version s82 or 84, we are integrating ImunifyAV into all cPanel & WHM servers. Imunify360 is a product set from our industry partner CloudLinux and will provide all customers with the most effective malware detection solution in the industry. We have spent years working extensively with the development teams at CloudLinux on a variety of …
How to Secure Nginx Against Malicious Bots
The post How to Secure Nginx Against Malicious Bots appeared first on Plesk.
Erik Olof Gunnar Andersson discovered that incorrect validation of port settings in the iptables security group driver of Neutron, the OpenStack virtual network service, could result in denial of service in a multi tenant setup.
LibTIFF could be made to crash or run programs as your login if it opened a specially crafted file.
Several security issues were fixed in file.
Install Plesk on Alibaba Cloud in Minutes
The post Install Plesk on Alibaba Cloud in Minutes appeared first on Plesk.
Multiple security issues were discovered in liveMedia, a set of C++ libraries for multimedia streaming which could result in the execution of arbitrary code or denial of service when parsing a malformed RTSP stream.
Security fix CVE-2019-9210
Several security issues were fixed in the Linux kernel.