|
|
Colapse all |
Post message
[TZO-15-2020] - F-SECURE Generic Malformed Container bypass (RAR) 2020-02-14 Thierry Zoller (thierry zoller lu) WebKitGTK and WPE WebKit Security Advisory WSA-2020-0002 2020-02-14 Carlos Alberto Lopez Perez (clopez igalia com) [slackware-security] libarchive (SSA:2020-043-01) 2020-02-12 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] libarchive (SSA:2020-043-01) New libarchive packages are available for Slackware 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/pack [ more ] [ reply ] CVE-2020-0728: Windows Modules Installer Service Information Disclosure Vulnerability 2020-02-14 Imre Rad (radimre83 gmail com) The TrustedInstaller service running on the Windows operating system hosts a COM service called Sxs Store Class; its ISxsStore interface provides methods to install/uninstall assemblies via application manifests files into the WinSxS store. These API methods were meant to be available for users with [ more ] [ reply ] [TZO-11-2020] - ESET Generic Malformed Archive Bypass (BZ2 Checksum) 2020-02-13 Thierry Zoller (thierry zoller lu) [EnumJavaLibs]_ Remote Java classpath enumerator 2020-02-13 RedTimmy Security (redazione segfault it) Hi, we have just released EnumJavaLibs to perform java classes enumeration against java services. To discover a deserialization vulnerability is often easy. When source code is available, it comes down to finding calls to readObject() and finding a way for user input to reach that function. In case [ more ] [ reply ] [SECURITY] [DSA 4623-1] postgresql-11 security update 2020-02-13 Moritz Muehlenhoff (jmm debian org) [slackware-security] mozilla-firefox (SSA:2020-042-01) 2020-02-12 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] mozilla-firefox (SSA:2020-042-01) New mozilla-firefox packages are available for Slackware 14.2 and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/p [ more ] [ reply ] [SECURITY] [DSA 4622-1] postgresql-9.6 security update 2020-02-13 Moritz Muehlenhoff (jmm debian org) [slackware-security] mozilla-thunderbird (SSA:2020-042-02) 2020-02-12 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] mozilla-thunderbird (SSA:2020-042-02) New mozilla-thunderbird packages are available for Slackware 14.2 and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ p [ more ] [ reply ] [SECURITY] [DSA 4269-1] postgresql-9.6 security update 2018-08-10 Moritz Muehlenhoff (jmm debian org) [SECURITY] [DSA 4267-1] kamailio security update 2018-08-08 Salvatore Bonaccorso (carnil debian org) [CVE-2018-12584] Heap overflow vulnerability in reSIProcate through 1.10.2 2018-08-08 Joachim De Zutter (dezutterjoachim gmail com) CA20180802-01: Security Notice for CA API Developer Portal 2018-08-08 Kotas, Kevin J (Kevin Kotas ca com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 CA20180802-01: Security Notice for CA API Developer Portal Issued: August 2, 2018 Last Updated: August 2, 2018 CA Technologies Support is alerting customers to a potential risk with CA API Developer Portal. A medium risk vulnerability exists that ca [ more ] [ reply ] [CVE-2018-14429] man-cgi < 1.16 Local File Include 2018-08-08 eL_Bart0 (eL_Bart0 protonmail ch) man-cgi before 1.16 allows Local File Inclusion via absolute path traversal. If an Attacker provides a Filename as a Parameter (e.g. https://example.org/cgi-bin/man-cgi?/etc/passwd) the Script will read and return the local file. This is happening because of the way the Script calls the "man" comm [ more ] [ reply ] WebKitGTK+ and WPE WebKit Security Advisory WSA-2018-0006 2018-08-08 Michael Catanzaro (mcatanzaro igalia com) New VMSA-2018-0019 - Horizon 6, 7, and Horizon Client for Windows updates address an out-of-bounds read vulnerability 2018-08-07 VMware Security Response Center (security vmware com) RE: [FD] Executable installers are vulnerable^WEVIL (case 56):arbitrary code execution WITH escalation of privilege via rufus*.exe 2018-08-06 Andrius Duksta (duk danskebank lt) Sorry, but the viable/practical attack vector on this one is practically non-existent. I really can't see anyone actually using this as a real-life attack. The circumstances required to succeed are such that if this attack works, it's waaay too late to blame Rufus as your system was obviously alread [ more ] [ reply ] FreeBSD Security Advisory FreeBSD-SA-18:08.tcp 2018-08-06 FreeBSD Security Advisories (security-advisories freebsd org) [SECURITY] [DSA 4265-1] xml-security-c security update 2018-08-05 Moritz Muehlenhoff (jmm debian org) [slackware-security] lftp (SSA:2018-214-01) 2018-08-02 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] lftp (SSA:2018-214-01) New lftp packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix a security issue. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/ [ more ] [ reply ] [SECURITY] [DSA 4260-1] libmspack security update 2018-08-02 Salvatore Bonaccorso (carnil debian org) Executable installers are vulnerable^WEVIL (case 55): escalation of privilege with VMware Player 12.5.9 2018-08-02 Stefan Kanthak (stefan kanthak nexgo de) Hi @ll, the executable installer of VMware Player 12.5.9, published in January 2018, available from <https://download3.vmware.com/software/player/file/VMware-player-12.5.9- 7535481.exe>, is vulnerable. JFTR: VMware Player 12.5.9 is the last version which runs on 32-bit Windows, and the last t [ more ] [ reply ] |
|
Privacy Statement |
Hash: SHA512
- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4620-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
February 12, 2020
[ more ] [ reply ]