Colapse all |
Post message
[slackware-security] git (SSA:2018-152-01) 2018-06-01 Slackware Security Team (security slackware com) MachForm Multiple Vulnerabilities CVE-2018-6409/CVE-2018-6410/CVE-2018-6411 2018-05-30 Amine Taouirsa (taouirsa gmail com) Vendor: Appnitro Product webpage: https://www.machform.com/ Full-Disclose: https://metalamin.github.io/MachForm-not-0-day-EN/ Fix: https://www.machform.com/blog-machform-423-security-release/ Author: Amine Taouirsa Twitter: @metalamin Google dork examples: ---------------------- "machform" inurl:" [ more ] [ reply ] APPLE-SA-2018-06-01-5 watchOS 4.3.1 2018-06-01 Apple Product Security (product-security-noreply lists apple com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2018-06-01-5 watchOS 4.3.1 watchOS 4.3.1 addresses the following: Crash Reporter Available for: All Apple Watch models Impact: An application may be able to gain elevated privileges Description: A memory corruption issue was addressed with [ more ] [ reply ] CVE-2018-11552 AXON PBX 2.02 Cross Site Scripting Vulnerability 2018-05-30 mehta himanshu21 gmail com Ruckus (Brocade) ICX7450-48 Reflected Cross Site Scripting 2018-05-24 Yavuz Atlas (yavuz atlas biznet com tr) I. VULNERABILITY ------------------------- Ruckus (Brocade) ICX7450-48 Reflected Cross Site Scripting II. CVE REFERENCE ------------------------- CVE-2018-11027 III. VENDOR HOMEPAGE ------------------------- https://www.ruckuswireless.com IV. DESCRIPTION ------------------------- Ruckus (Broca [ more ] [ reply ] Android OS Didnt use FLAG_SECURE for Sensitive Settings [CVE-2017-13243] 2018-05-24 research nightwatchcybersecurity com [Blog post here: https://wwws.nightwatchcybersecurity.com/2018/05/24/android-os-didnt-use -flag_secure-for-sensitive-settings-cve-2017-13243/] SUMMARY Android OS did not use the FLAG_SECURE flag for sensitive settings, potentially exposing sensitive data to other applications on the same device wit [ more ] [ reply ] PHP Login & User Management <= 4.1.0 - Arbitrary File Upload (CVE-2018-11392) 2018-05-23 reggie dodd30 gmail com [Title] PHP Login & User Management <= 4.1.0 - Arbitrary File Upload (CVE-2018-11392) [Product] PHP Login & User Management https://codecanyon.net/item/php-login-user-management/49008 [CVE] CVE-2018-11392 [Credit] Reginald Dodd [Description] An arbitrary file upload vulnerability in /classes/pro [ more ] [ reply ] [security bulletin] MFSBGN03808 rev.1 - Micro Focus UCMDB, Cross-Site Scripting 2018-05-23 cyber-psrt microfocus com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Note: the current version of the following document is available here: https://softwaresupport.hpe.com/document/-/facetsearch/document/KM031647 78 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: KM03164778 Version: 1 MFSBGN03808 rev.1 [ more ] [ reply ] [CVE-2018-8013] Apache Batik information disclosure vulnerability 2018-05-23 Simon Steiner (simonsteiner1984 gmail com) K2 smartforms runtime application - 4.6.11 SSRF 2018-05-22 fuming22 gmail com # Vulnerability type: Server Side Request Forgery # Vendor: https://www.k2.com/ # Product: K2 Smartforms # Affected version: 4.6.11 # Credit: Foo Jong Meng # CVE ID: CVE-2018-9920 # DESCRIPTION: Server side request forgery exists in the runtime application in K2 smartforms 4.6.11 via a modified ho [ more ] [ reply ] [slackware-security] mozilla-thunderbird (SSA:2018-142-02) 2018-05-23 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] mozilla-thunderbird (SSA:2018-142-02) New mozilla-thunderbird packages are available for Slackware 14.2 and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ p [ more ] [ reply ] [slackware-security] Slackware 14.2 kernel (SSA:2018-142-01) 2018-05-23 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] Slackware 14.2 kernel (SSA:2018-142-01) New kernel packages are available for Slackware 14.2 to fix a regression in the getsockopt() function and to fix two denial-of-service security issues. Here are the details from the Slack [ more ] [ reply ] [slackware-security] procps-ng (SSA:2018-142-03) 2018-05-23 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] procps-ng (SSA:2018-142-03) New procps-ng packages are available for Slackware 14.2 and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/proc [ more ] [ reply ] [SECURITY] [DSA 4207-1] packagekit security update 2018-05-22 Salvatore Bonaccorso (carnil debian org) Qualys Security Advisory - Procps-ng Audit Report 2018-05-21 Qualys Security Advisory (qsa qualys com) Qualys Security Advisory Procps-ng Audit Report ======================================================================== Contents ======================================================================== Summary 1. FUSE-backed /proc/PID/cmdline 2. Unprivileged process hiding 3. Local Privilege E [ more ] [ reply ] [SECURITY] [DSA 4205-1] Advance notification for upcoming end-of-life for 2018-05-18 Moritz Muehlenhoff (jmm debian org) Debian oldstable -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------ - Debian Security Advisory DSA-4205-1 security (at) debian (dot) org [email concealed] https://www.debian.org/security/ Moritz Muehlenhoff May 18, 2 [ more ] [ reply ] [SYSS-2018-007] ILIAS e-Learning - Reflected Cross-Site-Scripting 2018-05-18 Moritz Bechler (moritz bechler syss de) Advisory ID: SYSS-2018-007 Product: ILIAS Affected Version(s): 5.3.2, 5.2.14, 5.1.25 Tested Version(s): 5.3.2, 5.2.12 Vulnerability Type: Reflected Cross-Site-Scripting Risk Level: MEDIUM Solution Status: Fixed Manufacturer Notification: 2018-03-29 Solution Date: 2018-04-25 Public Disclosure: 2018-0 [ more ] [ reply ] MagniComp SysInfo Information Exposure [CVE-2018-7268] 2018-05-18 Harry Sintonen (bugtraq kyber fi) MagniComp SysInfo Information Exposure [CVE-2018-7268] ====================================================== The latest version of this advisory is available at: https://sintonen.fi/advisories/magnicomp-sysinfo-information-exposure.tx t Overview -------- MagniComp SysInfo contains a information e [ more ] [ reply ] [slackware-security] curl (SSA:2018-136-01) 2018-05-17 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] curl (SSA:2018-136-01) New curl packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/c [ more ] [ reply ] [slackware-security] php (SSA:2018-136-02) 2018-05-17 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] php (SSA:2018-136-02) New php packages are available for Slackware 14.0, 14.1, and 14.2 to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/php-5.6.36-i5 [ more ] [ reply ] CVE-2018-11101: Signal-desktop HTML tag injection variant 2 2018-05-16 Alfredo Ortega (ortegaalfredo gmail com) Title: Signal-desktop HTML tag injection variant 2 Date Published: 2018-05-16 Last Update: 2018-05-16 CVE Name: CVE-2018-11101 Class: Code injection Remotely Exploitable: Yes Locally Exploitable: No Vendors contacted: Signal.org Vulnerability Description: Signal-desktop is the standalone d [ more ] [ reply ] SEC Consult SA-20180516-0 :: XXE & XSS vulnerabilities in RSA Authentication Manager 2018-05-16 SEC Consult Vulnerability Lab (research sec-consult com) CSNC-2018-002 totemomail Encryption Gateway - JSONP hijacking 2018-05-15 Advisories (advisories compass-security com) ######################################################################## ######## # # COMPASS SECURITY ADVISORY # https://www.compass-security.com/research/advisories/ # ######################################################################## ######## # # Product: totemomail Encryption Gateway # Vend [ more ] [ reply ] CSNC-2018-003 totemomail Encryption Gateway - Cross-Site Request Forgery 2018-05-15 Advisories (advisories compass-security com) ######################################################################## ######## # # COMPASS SECURITY ADVISORY # https://www.compass-security.com/research/advisories/ # ######################################################################## ######## # # Product: totemomail Encryption Gateway # Vend [ more ] [ reply ] CVE-2018-10994: HTML tag injection in Signal-desktop 2018-05-14 Alfredo Ortega (ortegaalfredo gmail com) Title: HTML tag injection in Signal-desktop Date Published: 14-05-2018 CVE Name: CVE-2018-10994 Class: Code injection Remotely Exploitable: Yes Locally Exploitable: No Vendors contacted: Signal.org Vulnerability Description: Signal-desktop is the standalone desktop version of the secure Sign [ more ] [ reply ] SEC Consult SA-20180514-0 :: Arbitrary File Upload & Cross-site scripting in MyBiz MyProcureNet 2018-05-14 SEC Consult Vulnerability Lab (research sec-consult com) (1 replies) SEC Consult Vulnerability Lab Security Advisory < 20180514-0 > ======================================================================= title: Arbitrary File Upload & Cross-site scripting product: MyBiz MyProcureNet vulnerable version: 5.0.0 fixed version: unknown [ more ] [ reply ] Re: SEC Consult SA-20180514-0 :: Arbitrary File Upload & Cross-site scripting in MyBiz MyProcureNet 2018-05-15 SEC Consult Vulnerability Lab (research sec-consult com) Vulnerabilities in IBMs Flashsystems and Storwize Products 2018-05-11 Sebastian Neuner (sneuner google com) Vulnerabilities in IBMs Flashsystems and Storwize Products ------------------------------------------------------------------------ - Introduction ============ Vulnerabilities were identified in the IBM Flashsystem 840, IBM Flashsystem 900 and IBM Storwize V7000. These were discovered during a black [ more ] [ reply ] [slackware-security] mariadb (SSA:2018-130-01) 2018-05-10 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] mariadb (SSA:2018-130-01) New mariadb packages are available for Slackware 14.1 and 14.2 to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/mariadb-10.0 [ more ] [ reply ] [security bulletin] MFSBGN03807 rev.1 - HP Service Manager Software, SQL Injection 2018-05-10 cyber-psrt microfocus com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Note: the current version of the following document is available here: https://softwaresupport.hpe.com/document/-/facetsearch/document/KM031586 56 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: KM03158656 Version: 1 MFSBGN03807 rev.1 [ more ] [ reply ] [security bulletin] MFSBGN03802 - Virtualization Performance Viewer (vPV) / Cloud Optimizer, Local Disclosure of Information 2018-05-10 cyber-psrt microfocus com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Note: the current version of the following document is available here: https://softwaresupport.hpe.com/document/-/facetsearch/document/KM031586 29 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: KM03158629 Version: 2 MFSBGN03802 - Vir [ more ] [ reply ] [security bulletin] MFSBGN03805 - HP Service Manager, Remote Disclosure of Information 2018-05-10 cyber-psrt microfocus com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Note: the current version of the following document is available here: https://softwaresupport.hpe.com/document/-/facetsearch/document/KM031586 13 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: KM03158613 Version: 1 MFSBGN03805 - HP [ more ] [ reply ] [slackware-security] mozilla-firefox (SSA:2018-129-01) 2018-05-10 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] mozilla-firefox (SSA:2018-129-01) New mozilla-firefox packages are available for Slackware 14.2 and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/p [ more ] [ reply ] [slackware-security] wget (SSA:2018-129-02) 2018-05-10 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] wget (SSA:2018-129-02) New wget packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix a security issue. Here are the details from the Slackware 14.2 ChangeLog: +-------------------------- [ more ] [ reply ] [security bulletin] MFSBGN03804 - HP Service Manager Software, Remote Disclosure of Information 2018-05-09 cyber-psrt microfocus com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Note: the current version of the following document is available here: https://softwaresupport.hpe.com/document/-/facetsearch/document/KM031580 61 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: KM03158061 Version: 1 MFSBGN03804 - HP [ more ] [ reply ] [security bulletin] MFSBGN03806 rev.1 - HP Network Automation Software, Network Operations Management (NOM) Suite, Multiple Vulnerabilities 2018-05-09 cyber-psrt microfocus com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Note: the current version of the following document is available here: https://softwaresupport.hpe.com/document/-/facetsearch/document/KM031580 14 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: KM03158014 Version: 1 MFSBGN03806 rev.1 [ more ] [ reply ] t2'18: Call For Papers 2018 (Helsinki, Finland) 2018-05-09 Tomi Tuominen (tomi tuominen t2 fi) # # t2'18 - Call For Papers (Helsinki, Finland) - October 25 - 26, 2018 # Join us for the 15th anniversary celebrations on Oct 25-26! CFP and ticket sales are now open. To truly appreciate the full spectrum of cyber, one simply needs to visit Helsinki. Sooner or later you need a break from the sun [ more ] [ reply ] [ADV170017] Defense in depth -- the Microsoft way (part 54): escalation of privilege during installation of Microsoft Office 20xy 2018-05-08 Stefan Kanthak (stefan kanthak nexgo de) Hi @ll, during installation of Microsoft Office 2003 and newer versions as well as single components of Microsoft Office products, the executable of the "Office Source Engine", ose.exe, is copied as "%TEMP%\ose00000.exe" and then executed with elevated privileges. %TEMP% is writable by unprivilege [ more ] [ reply ] FreeBSD Security Advisory FreeBSD-SA-18:06.debugreg 2018-05-08 FreeBSD Security Advisories (security-advisories freebsd org) APPLE-SA-2018-05-08-1 Additional information for APPLE-SA-2018-04-24-2 Security Update 2018-001 2018-05-08 Apple Product Security (product-security-noreply lists apple com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2018-05-08-1 Additional information for APPLE-SA-2018-04-24-2 Security Update 2018-001 Security Update 2018-001 addresses the following: Crash Reporter Available for: macOS High Sierra 10.13.4 Impact: An application may be able to gain elev [ more ] [ reply ] [SECURITY] [DSA 4193-1] wordpress security update 2018-05-05 Salvatore Bonaccorso (carnil debian org) CANADIAN JOB VACANCY!!! 2018-05-06 SUNCOR ENERGY (info suncor-recruitments com) SUNCOR ENERGY HEAD OFFICE ADDRESS CORPORATE LEGAL DEPARTMENT 150 - 6TH AVENUE S.W., P.O. BOX 38. CALGARY, ALBERTA T2P 3E3, CANADA. TELL: (816) 774-1034 FAX : (403) 724-3460 ATTN: JOB SEEKER. WE ARE USING THIS MEDIA TO ANNOUNCE THAT SUNCOR ENERGY CURRENTLY SEEKING AN EXPERIENCE AND ENTHUSIASTIC 13 [ more ] [ reply ] [slackware-security] python (SSA:2018-124-01) 2018-05-04 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] python (SSA:2018-124-01) New python packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packag [ more ] [ reply ] APPLE-SA-2018-05-04-1 Security Update 2018-001 Swift 4.1.1 for Ubuntu 14.04 2018-05-04 Apple Product Security (product-security-noreply lists apple com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2018-05-04-1 Security Update 2018-001 Swift 4.1.1 for Ubuntu 14.04 Security Update 2018-001 Swift 4.1.1 for Ubuntu 14.04 is now available and addresses the following: Swift for Ubuntu Available for: Ubuntu 14.04 Not impacted: Ubuntu 16.04 a [ more ] [ reply ] [slackware-security] seamonkey (SSA:2018-123-01) 2018-05-04 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] seamonkey (SSA:2018-123-01) New seamonkey packages are available for Slackware 14.2 and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/seam [ more ] [ reply ] Updated VMSA-2018-0007.3: VMware Virtual Appliance updates address side-channel analysis due to speculative execution 2018-05-04 VMware Security Response Center (security vmware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Changelog: 2018-05-03: VMSA-2018-0007.3 Updated in conjunction with the release of vSphere Data Protection (VDP) 6.1.5 on 2018-05-03. -----BEGIN PGP SIGNATURE----- Version: Encryption Desktop 10.4.1 (Build 490) Charset: utf-8 wj8DBQFa6wKlDE [ more ] [ reply ] [SECURITY] [DSA 4190-1] jackson-databind security update 2018-05-03 Sebastien Delafond (seb debian org) SEC Consult SA-20180503-0 :: Authentication Bypass in Oracle Access Manager (OAM) 2018-05-03 SEC Consult Vulnerability Lab (research sec-consult com) We have published an accompanying blog post to this technical advisory with further information: Blog: https://www.sec-consult.com/en/blog/2018/05/oracle-access-managers-ident ity-crisis/ Demo video: https://www.youtube.com/watch?v=YK7_1NozAwQ SEC Consult Vulnerability Lab Security Advisory < 20 [ more ] [ reply ] Command injections via USB upgrade in MSTAR Set-Top box products 2018-05-03 IM (ivanm security-net biz) While I was working on diagnostic device for some of my clients I found command injections in MSTAR Set-Top box products. Diagnostic device is not specialy target this vendor but we used it in development phase and for testing. Vulnerable functionality is in automatic USB upgrade process. It is pos [ more ] [ reply ] CA20180501-01: Security Notice for CA Spectrum 2018-05-02 Kotas, Kevin J (Kevin Kotas ca com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 CA20180501-01: Security Notice for CA Spectrum Issued: May 1st, 2018 Last Updated: May 1st, 2018 CA Technologies Support is alerting customers to a potential risk with CA Spectrum. A vulnerability exists that can allow an unauthenticated remote atta [ more ] [ reply ] CVE-2016-6811: Apache Hadoop Privilege escalation vulnerability 2018-05-01 Akira Ajisaka (aajisaka apache org) CVE-2016-6811: Apache Hadoop Privilege escalation vulnerability Severity: Critical Vendor: The Apache Software Foundation Versions Affected: All the Apache Hadoop versions from 2.2.0 to 2.7.3 Description: A user who can escalate to yarn user can possibly run arbitrary commands as root user. Mit [ more ] [ reply ] [slackware-security] mozilla-firefox (SSA:2018-120-02) 2018-05-01 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] mozilla-firefox (SSA:2018-120-02) New mozilla-firefox packages are available for Slackware 14.2 and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/p [ more ] [ reply ] [slackware-security] libwmf (SSA:2018-120-01) 2018-05-01 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] libwmf (SSA:2018-120-01) New libwmf packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +----------------------- [ more ] [ reply ] Advisory - Sourcetree for Windows - CVE-2018-5226 2018-04-30 Atlassian (security atlassian com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 This email refers to the advisory found at https://confluence.atlassian.com/x/ERyUO . CVE ID: * CVE-2018-5226. Product: Sourcetree for Windows. Affected Sourcetree for Windows product versions: version < 2.5.5.0 Fixed Sourcetree for Windows p [ more ] [ reply ] [SECURITY] [DSA 4184-1] sdl-image1.2 security update 2018-04-28 Salvatore Bonaccorso (carnil debian org) [SECURITY] [DSA 4181-1] roundcube security update 2018-04-28 Salvatore Bonaccorso (carnil debian org) [SECURITY] [DSA 4182-1] chromium-browser security update 2018-04-28 Michael Gilbert (mgilbert debian org) [slackware-security] openvpn (SSA:2018-116-01) 2018-04-27 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] openvpn (SSA:2018-116-01) New openvpn packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix a security issue. Here are the details from the Slackware 14.2 ChangeLog: +-------------------- [ more ] [ reply ] [HITB-Announce] HITBGSEC2018 CFP - Final Call 2018-04-26 Hafez Kamal (aphesz hackinthebox org) FINAL CALL!! The Call for Papers for the HITB GSEC 2018 Singapore is now open! Call for Papers: https://gsec.hitb.org/call-for-papers/ Event Website: https://gsec.hitb.org/sg2018/ HITB GSEC is a three-day security conference where attendees get to vote on the final agenda of talks. Attendees can [ more ] [ reply ] Secunia Research: Oracle Outside In Technology Use-After-Free Vulnerability 2018-04-25 Secunia Research (remove-vuln secunia com) APPLE-SA-2018-04-24-2 Security Update 2018-001 2018-04-24 Apple Product Security (product-security-noreply lists apple com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2018-04-24-2 Security Update 2018-001 Security Update 2018-001 is now available and addresses the following: Crash Reporter Available for: macOS High Sierra 10.13.4 Impact: An application may be able to gain elevated privileges Description: [ more ] [ reply ] APPLE-SA-2018-04-24-1 iOS 11.3.1 2018-04-24 Apple Product Security (product-security-noreply lists apple com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2018-04-24-1 iOS 11.3.1 iOS 11.3.1 is now available and addresses the following: Crash Reporter Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to gain elevated privil [ more ] [ reply ] APPLE-SA-2018-04-24-3 Safari 11.1 (v. 11605.1.33.1.4, 12605.1.33.1.4, and 13605.1.33.1.4) 2018-04-24 Apple Product Security (product-security-noreply lists apple com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2018-04-24-3 Safari 11.1 (v. 11605.1.33.1.4, 12605.1.33.1.4, and 13605.1.33.1.4) Safari 11.1 (v. 11605.1.33.1.4, 12605.1.33.1.4, and 13605.1.33.1.4) is now available and addresses the following: WebKit Available for: OS X El Capitan 10.11.6 [ more ] [ reply ] [SECURITY] [DSA 4179-1] linux-tools security update 2018-04-24 Salvatore Bonaccorso (carnil debian org) SEC Consult SA-20180424-0 :: Reflected Cross-Site Scripting in multiple Zyxel ZyWALL products 2018-04-24 SEC Consult Vulnerability Lab (research sec-consult com) SEC Consult SA-20180423-0 :: Multiple Stored XSS Vulnerabilities in WSO2 Carbon and Dashboard Server 2018-04-24 SEC Consult Vulnerability Lab (research sec-consult com) [SECURITY] [DSA 4176-1] mysql-5.5 security update 2018-04-20 Salvatore Bonaccorso (carnil debian org) Seagate Media Server path traversal vulnerability 2018-04-19 Summer of Pwnage (lists securify nl) ------------------------------------------------------------------------ Seagate Media Server path traversal vulnerability ------------------------------------------------------------------------ Yorick Koster, September 2017 ------------------------------------------------------------------------ [ more ] [ reply ] [SECURITY] [DSA 4175-1] freeplane security update 2018-04-18 Salvatore Bonaccorso (carnil debian org) [SE-2011-01] The origin and impact of vulnerabilities in ST chipsets 2018-04-21 Security Explorations (contact security-explorations com) Hello All, We have published an initial document describing the origin and impact of the vulnerabilities discovered in ST chipsets along some rationale indicating why it's worth to dig further into this case: http://www.security-explorations.com/materials/se-2011-01-st-impact.pdf This document i [ more ] [ reply ] [SECURITY] [DSA 4177-1] libsdl2-image security update 2018-04-20 Moritz Muehlenhoff (jmm debian org) Seagate Media Server stored Cross-Site Scripting vulnerability 2018-04-19 Summer of Pwnage (lists securify nl) ------------------------------------------------------------------------ Seagate Media Server stored Cross-Site Scripting vulnerability ------------------------------------------------------------------------ Yorick Koster, September 2017 ------------------------------------------------------------ [ more ] [ reply ] [slackware-security] gd (SSA:2018-108-01) 2018-04-19 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] gd (SSA:2018-108-01) New gd packages are available for Slackware 14.2 and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ This update fixes two security is [ more ] [ reply ] |
Privacy Statement |
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
[slackware-security] git (SSA:2018-152-01)
New git packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
14.2, and -current to fix security issues.
Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
p
[ more ] [ reply ]