SecurityFocus

[slackware-security] mozilla-thunderbird (SSA:2018-186-01) 2018-07-05
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] mozilla-thunderbird (SSA:2018-186-01)

New mozilla-thunderbird packages are available for Slackware 14.2 and -current
to fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
p

[ more ] [ reply ]

[SECURITY] [DSA 4241-1] libsoup2.4 security update 2018-07-05
Moritz Muehlenhoff (jmm debian org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4241-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
July 05, 2018

[ more ] [ reply ]

APPLE-SA-2018-7-05-1 Wi-Fi Update for Boot Camp 6.4.0 2018-07-05
Apple Product Security (product-security-noreply lists apple com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-2018-7-05-1 Wi-Fi Update for Boot Camp 6.4.0

Wi-Fi Update for Boot Camp 6.4.0 is now available and addresses the
following:

Wi-Fi
Available for the following machines while running Boot Camp:
MacBook (Late 2009 and later), MacBook Pro (Mid

[ more ] [ reply ]

[SECURITY] [DSA 4240-1] php7.0 security update 2018-07-05
Moritz Muehlenhoff (jmm debian org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4240-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
July 05, 2018

[ more ] [ reply ]

SEC Consult SA-20180704-1 :: Authorization Bypass in all ADB Broadband Gateways / Routers 2018-07-04
SEC Consult Vulnerability Lab (research sec-consult com)

Also see our other two advisories regarding critical ADB vulnerabilities
as they have been split up for better readability:

Local root:
https://www.sec-consult.com/en/blog/advisories/local-root-jailbreak-via-
network-file-sharing-flaw-in-all-adb-broadband-gateways-routers/

Privilege escalation:
htt

[ more ] [ reply ]

SEC Consult SA-20180704-2 :: Privilege escalation via linux group manipulation in all ADB Broadband Gateways / Routers 2018-07-04
SEC Consult Vulnerability Lab (research sec-consult com)

Also see our other two advisories regarding critical ADB vulnerabilities
as they have been split up for better readability:

Local root:
https://www.sec-consult.com/en/blog/advisories/local-root-jailbreak-via-
network-file-sharing-flaw-in-all-adb-broadband-gateways-routers/

Authorization bypass:
htt

[ more ] [ reply ]

SEC Consult SA-20180704-0 :: Local root jailbreak via network file sharing flaw in all ADB Broadband Gateways / Routers 2018-07-04
SEC Consult Vulnerability Lab (research sec-consult com)

Also see our other two advisories regarding critical ADB vulnerabilities
as they have been split up for better readability:

Authorization bypass:
https://www.sec-consult.com/en/blog/advisories/authorization-bypass-in-a
ll-adb-broadband-gateways-routers/

Privilege escalation:
https://www.sec-consult

[ more ] [ reply ]

[CVE-2018-3667, CVE-2018-3668] Escalation of priviilege via executable installer of Intel Processor Diagnostic Tool 2018-07-04
Stefan Kanthak (stefan kanthak nexgo de)

Hi @ll,

the executable installers of Intel's Processor Diagnostic Tool
(IPDT) before v4.1.0.27 have three vulnerabilities^Wbeginner's
errors which all allow arbitrary code execution with escalation
of privilege, plus a fourth which allows denial of service.

Intel published advisory SA-00140
<https

[ more ] [ reply ]

[SECURITY] [DSA 4239-1] gosa security update 2018-07-03
Moritz Muehlenhoff (jmm debian org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4239-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
July 03, 2018

[ more ] [ reply ]

[SECURITY] [DSA 4238-1] exiv2 security update 2018-07-03
Moritz Muehlenhoff (jmm debian org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4238-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
July 03, 2018

[ more ] [ reply ]

[CVE-2018-8036] DoS (OOM) Vulnerability in Apache PDFBox's AFMParser 2018-06-29
Andreas Lehmkuehler (lehmi apache org)

[CVE-2018-8036] DoS (OOM) Vulnerability in Apache PDFBox's AFMParser

Severity: Important

Vendor:
The Apache Software Foundation

Versions Affected:
Apache PDFBox 1.8.0 to 1.8.14
Apache PDFBox 2.0.0 to 2.0.10
Earlier, unsupported Apache PDFBox versions may be affected as well

Description:
A carefu

[ more ] [ reply ]

[SECURITY] [DSA 4237-1] chromium-browser security update 2018-07-01
Michael Gilbert (mgilbert debian org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4237-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Michael Gilbert
June 30, 2018

[ more ] [ reply ]

[CVE-2018-8036] DoS (OOM) Vulnerability in Apache PDFBox's AFMParser 2018-06-29
Andreas Lehmkuehler (lehmi apache org)

[CVE-2018-8036] DoS (OOM) Vulnerability in Apache PDFBox's AFMParser

Severity: Important

Vendor:
The Apache Software Foundation

Versions Affected:
Apache PDFBox 1.8.0 to 1.8.14
Apache PDFBox 2.0.0 to 2.0.10
Earlier, unsupported Apache PDFBox versions may be affected as well

Description:
A carefu

[ more ] [ reply ]

TP-Link TL-WR841N v13: Broken Authentication (CVE-2018-12575) 2018-06-27
Tim Coen (tc coen gmail com)

* Vulnerability: Broken Authentication
* Affected Software: TP-Link TL-WR841N v13
* Affected Version: 0.9.1 4.16 v0001.0 Build 171019 Rel.55346n
* Patched Version: 0.9.1 4.16 v0001.0 Build 180119 Rel.65243n
* Risk: High
* Vendor Contacted: 05/20/2018
* Vendor Fix: Issue was independent

[ more ] [ reply ]

TP-Link TL-WR841N v13: Authenticated Blind Command Injection (CVE-2018-12577) 2018-06-27
Tim Coen (tc coen gmail com)

* Vulnerability: Authenticated Blind Command Injection
* Affected Software: TP-Link TL-WR841N v13
* Affected Version: 0.9.1 4.16 v0001.0 Build 180119 Rel.65243n
* Patched Version: None
* Risk: High
* Vendor Contacted: 05/20/2018
* Vendor Fix: None
* Public Disclosure: 06/27/2018

###

[ more ] [ reply ]

APPLE-SA-2018-06-27-1 SwiftNIO 1.8.0 2018-06-27
Apple Product Security (product-security-noreply lists apple com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-2018-06-27-1 SwiftNIO 1.8.0

SwiftNIO 1.8.0 is now available and addresses the following:

SwiftNIO
Available for: macOS Sierra 10.12 and later, Ubuntu 14.04 and later
Impact: A remote attacker may be able to overwrite arbitrary memory
Descri

[ more ] [ reply ]

[SECURITY] [DSA 4236-1] xen security update 2018-06-27
Moritz Muehlenhoff (jmm debian org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4236-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
June 27, 2018

[ more ] [ reply ]

[SECURITY] [DSA 4235-1] firefox-esr security update 2018-06-27
Moritz Muehlenhoff (jmm debian org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4235-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
June 27, 2018

[ more ] [ reply ]

TP-Link TL-WR841N v13: CSRF (CVE-2018-12574) 2018-06-27
Tim Coen (tc coen gmail com)

* Vulnerability: Cross-Site Request Forgery
* Affected Software: TP-Link TL-WR841N v13
* Affected Version: 0.9.1 4.16 v0001.0 Build 180119 Rel.65243n
* Patched Version: None
* Risk: High
* Vendor Contacted: 05/20/2018
* Vendor Fix: None
* Public Disclosure: 06/27/2018

##### Overview

[ more ] [ reply ]

PRTG < 18.2.39 Command Injection 2018-06-26
Josh Berry (josh berry codewatch org)

Bugtraq,

I (Josh Berry) discovered an authenticated command injection vulnerability
in the ?Demo? PowerShell notification script provided by versions of PRTG
Network Monitor prior to 18.2.39. The PowerShell notifications demo script
on versions of the application prior to 18.2.39 do not properly s

[ more ] [ reply ]

[slackware-security] mozilla-firefox (SSA:2018-176-01) 2018-06-25
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] mozilla-firefox (SSA:2018-176-01)

New mozilla-firefox packages are available for Slackware 14.2 and -current to
fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/p

[ more ] [ reply ]

KL-001-2018-008 : HPE VAN SDN Unauthenticated Remote Root Vulnerability 2018-06-25
KoreLogic Disclosures (disclosures korelogic com)

KL-001-2018-008 : HPE VAN SDN Unauthenticated Remote Root Vulnerability

Title: HPE VAN SDN Unauthenticated Remote Root Vulnerability
Advisory ID: KL-001-2018-008
Publication Date: 2018.06.25
Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2018-008.txt

1. Vulnerability Details

[ more ] [ reply ]

[SECURITY] [DSA 4234-1] lava-server security update 2018-06-22
Moritz Muehlenhoff (jmm debian org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4234-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
June 22, 2018

[ more ] [ reply ]

[SECURITY] [DSA 4233-1] bouncycastle security update 2018-06-22
Moritz Muehlenhoff (jmm debian org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4233-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
June 22, 2018

[ more ] [ reply ]

FreeBSD Security Advisory FreeBSD-SA-18:07.lazyfpu 2018-06-21
FreeBSD Security Advisories (security-advisories freebsd org)

[SECURITY] [DSA 4232-1] xen security update 2018-06-20
Moritz Muehlenhoff (jmm debian org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4232-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
June 20, 2018

[ more ] [ reply ]

[slackware-security] gnupg (SSA:2018-170-01) 2018-06-19
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] gnupg (SSA:2018-170-01)

New gnupg packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
14.2, and -current to fix a security issue.

Here are the details from the Slackware 14.2 ChangeLog:
+------------------------

[ more ] [ reply ]

XSS in Canopy login page 2018-06-19
RYT (me ryantzj com)

[Title]

XSS in Canopy login page

------------------------------------------

[Description]

CheckSec Canopy 3.x before 3.0.7 has stored XSS via the Login Page Disclaimer,

allowing attacks by low-privileged users against higher-privileged users.This

instance of stored cross-site scripting (XSS) v

[ more ] [ reply ]

[SECURITY] [DSA 4231-1] libgcrypt20 security update 2018-06-17
Salvatore Bonaccorso (carnil debian org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4231-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
June 17, 2018

[ more ] [ reply ]

[security bulletin] MFSBGN03810 rev.1 - Universal CMDB, Deserialization Java Objects and CSRF 2018-06-15
cyber-psrt microfocus com