(Jul 29) Fix for CVE-2018-13785: the libpng10 library was vulnerable to an integer overflow and resultant divide-by-zero in the pngrutil.c:png_check_chunk_length() function. An attacker could exploit this to cause a denial of service via a crafted PNG file.
Archive for Other
Debian: DSA-4258-1: ffmpeg security update
(Jul 29) Several vulnerabilities have been discovered in the FFmpeg multimedia framework, which could result in denial of service or potentially the execution of arbitrary code if malformed files/streams are processed.
(Jul 29) Fix for CVE-2018-13785: the libpng10 library was vulnerable to an integer overflow and resultant divide-by-zero in the pngrutil.c:png_check_chunk_length() function. An attacker could exploit this to cause a denial of service via a crafted PNG file.
Fedora 28: java-1.8.0-openjdk Security Update
(Jul 29) Security critical patch update for OpenJDK (July CPU). See http://www.oracle.com/technetwork/security- advisory/cpujul2018-4258247.html#AppendixJAVA
RedHat: RHSA-2018-2274:01 Moderate: Red Hat Ceph Storage 2.5 security,
(Jul 26) An update for ceph is now available for Red Hat Ceph Storage 2.5 for Ubuntu 16.04. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
RedHat: RHSA-2018-2268:01 Important: procps security update
(Jul 26) An update for procps is now available for Red Hat Enterprise Linux 6.6 Advanced Update Support and Red Hat Enterprise Linux 6.6 Telco Extended Update Support. Red Hat Product Security has rated this update as having a security impact
Debian: DSA-4257-1: fuse security update
(Jul 28) Jann Horn discovered that FUSE, a Filesystem in USErspace, allows the bypass of the ‘user_allow_other’ restriction when SELinux is active (including in permissive mode). A local user can take advantage of this flaw in the fusermount utility to bypass the system configuration and
(Jul 27) Security critical patch update for OpenJDK (July CPU). See http://www.oracle.com/technetwork/security- advisory/cpujul2018-4258247.html#AppendixJAVA
RedHat: RHSA-2018-2279:01 Important: Red Hat Single Sign-On 7.2 security
(Jul 26) A security update is now available for Red Hat Single Sign-On 7.2 from the Customer Portal. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
RedHat: RHSA-2018-2277:01 Important: Red Hat JBoss Enterprise Application
(Jul 26) A security update is now available for Red Hat JBoss Enterprise Application Platform from the Customer Portal. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
(Jul 27) Fixes **CVE-2017-11332**, **CVE-2017-11358**, and **CVE-2017-11359**. —- **Prevents division by zero in `src/ao.c`** This bug is hard to reproduce, depending on the HW configuration or installed OS parts. For me, it can be reproduced only in `mock`. In this update, error message should be displayed instead of SIGFPE.
Fedora 27: NetworkManager-vpnc Security Update
(Jul 26) Update to 1.2.6 to fix a local authenticated privilege escalation bug (CVE-2018-10900). The issue has been discovered and responsibly disclosed by Denis Andzakovic: https://pulsesecurity.co.nz/advisories/NM-VPNC-Privesc
(Jul 26) USN-3722-1 introduced a regression in ClamAV.
RedHat: RHSA-2018-2261:01 Moderate: Red Hat Ceph Storage 2.5 security,
(Jul 26) An update for ceph is now available for Red Hat Ceph Storage 2.5 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
RedHat: RHSA-2018-2276:01 Important: Red Hat JBoss Enterprise Application
(Jul 26) A security update is now available for Red Hat JBoss Enterprise Application Platform from the Customer Portal. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
Debian: DSA-4256-1: chromium-browser security update
(Jul 27) Several vulnerabilities have been discovered in the chromium web browser. CVE-2018-4117
(Jul 25) This update includes the latest upstream release, **httpd 2.4.34**, with multiple bug fixes and enhancements. See http://www.apache.org/dist/httpd/CHANGES_2.4.34 for more information on the changes in this version. A security vulnerability is addressed in this update: * `mod_md`: DoS via Coredumps on specially crafted requests (CVE-2018-8011)
(Jul 25) New version of dcraw is available 9.28.0 Security fix for CVE-2018-5801
(Jul 25) ClamAV could be made to hang if it opened a specially crafted file.
(Jul 23) Several security issues were fixed in Mutt.
RedHat: RHSA-2018-2267:01 Important: procps security update
(Jul 26) An update for procps is now available for Red Hat Enterprise Linux 6.7 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
RedHat: RHSA-2018-2258:01 Important: qemu-kvm-rhev security update
(Jul 25) An update for qemu-kvm-rhev is now available for Red Hat OpenStack Platform 12. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
The Guardian Gateway: Unrivaled Protection Against Today’s Most Dangerous Threats
(Jul 24) Russian cyber criminals were able to hack the DNC despite its security defenses and very high level of intelligence. Small and medium sized businesses are at a much greater risk of experiencing an email-related attack. Is your company prepared? …
(Jul 21) A regression that caused boot failures was fixed in the Linux kernel.
(Jul 23) Several security issues were fixed in Mutt.
RedHat: RHSA-2018-2251:01 Important: thunderbird security update
(Jul 24) An update for thunderbird is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
RedHat: RHSA-2018-2252:01 Important: thunderbird security update
(Jul 24) An update for thunderbird is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
(Jul 24) Danny Grander reported that the unzip and untar tasks in ant, a Java based build tool like make, allow the extraction of files outside a target directory. An attacker can take advantage of this flaw by submitting a specially crafted Zip or Tar archive to an ant build to
(Jul 23) Add fix for CVE-2018-0618 (#1596459) —- Add fix for CVE-2018-0618 (#1596460)
Fedora 28: NetworkManager-vpnc Security Update
(Jul 23) Update to 1.2.6 to fix a local authenticated privilege escalation bug (CVE-2018-10900). The issue has been discovered and responsibly disclosed by Denis Andzakovic: https://pulsesecurity.co.nz/advisories/NM-VPNC-Privesc