SecurityFocus

[slackware-security] mozilla-firefox (SSA:2018-072-01) 2018-03-13
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] mozilla-firefox (SSA:2018-072-01)

New mozilla-firefox packages are available for Slackware 14.2 and -current to
fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/p

[ more ] [ reply ]

[slackware-security] samba (SSA:2018-072-02) 2018-03-13
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] samba (SSA:2018-072-02)

New samba packages are available for Slackware 14.0, 14.1, 14.2, and -current
to fix security a issue.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/package

[ more ] [ reply ]

[RT-SA-2017-012] Shopware Cart Accessible by Third-Party Websites 2018-03-13
RedTeam Pentesting GmbH (release redteam-pentesting de)

Advisory: Shopware Cart Accessible by Third-Party Websites

RedTeam Pentesting discovered that the shopping cart implemented by Shopware
offers an insecure API. Malicious, third-party websites may abuse this API to
list, add or remove products from a user's cart.

Details
=======

Product: Shopware

[ more ] [ reply ]

[SECURITY] [DSA 4135-1] samba security update 2018-03-13
Salvatore Bonaccorso (carnil debian org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4135-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
March 13, 2018

[ more ] [ reply ]

SEC Consult SA-20180312-0 :: Multiple Critical Vulnerabilities in SecurEnvoy SecurMail 2018-03-12
SEC Consult Vulnerability Lab (research sec-consult com)

SEC Consult Vulnerability Lab Security Advisory < 20180312-0 >
=======================================================================
title: Multiple Critical Vulnerabilities
product: SecurEnvoy SecurMail
vulnerable version: 9.1.501
fixed version: 9.2.501 or hotfix

[ more ] [ reply ]

[SECURITY] [DSA 4134-1] util-linux security update 2018-03-10
Salvatore Bonaccorso (carnil debian org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4134-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
March 10, 2018

[ more ] [ reply ]

[RT-SA-2018-001] Arbitrary Redirect in Tuleap 2018-03-08
RedTeam Pentesting GmbH (release redteam-pentesting de)

Advisory: Arbitrary Redirect in Tuleap

RedTeam Pentesting discovered an arbitrary redirect vulnerability in the
redirect mechanism of the application lifecycle management platform
Tuleap.

Details
=======

Product: Tuleap
Affected Versions: > 9.17.99.93
Fixed Versions: >= 9.17.99.93
Vulnerability

[ more ] [ reply ]

FreeBSD Security Advisory FreeBSD-SA-18:01.ipsec [REVISED] 2018-03-08
FreeBSD Security Advisories (security-advisories freebsd org)

[SECURITY] [DSA 4133-1] isc-dhcp security update 2018-03-07
Salvatore Bonaccorso (carnil debian org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4133-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
March 07, 2018

[ more ] [ reply ]

FreeBSD Security Advisory FreeBSD-SA-18:01.ipsec 2018-03-07
FreeBSD Security Advisories (security-advisories freebsd org)

[SECURITY] [DSA 4128-1] trafficserver security update 2018-03-02
Sebastien Delafond (seb debian org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

-
------------------------------------------------------------------------
-
Debian Security Advisory DSA-4128-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Sebastien Delafond
March 02, 2018

[ more ] [ reply ]

DefenseCode Security Advisory: Magento Backups Cross-Site Request Forgery 2018-03-06
Defense Code (defensecode defensecode com)

DefenseCode Security Advisory
Magento Backups Cross-Site Request Forgery

Advisory ID: DC-2018-03-001
Advisory Title: Magento Backups Cross-Site Request Forgery
Advisory URL: http://www.defensecode.com/advisories.php
Software: Magento
Version: Magento Open Source prior to 1.9.3.8,

[ more ] [ reply ]

KL-001-2018-007 : Sophos UTM 9 loginuser Privilege Escalation via confd Service 2018-03-02
KoreLogic Disclosures (disclosures korelogic com)

KL-001-2018-007 : Sophos UTM 9 loginuser Privilege Escalation via confd Service

Title: Sophos UTM 9 loginuser Privilege Escalation via confd Service
Advisory ID: KL-001-2018-007
Publication Date: 2018.03.02
Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2018-007.txt

1. Vul

[ more ] [ reply ]

[SECURITY] [DSA 4131-1] xen security update 2018-03-04
Moritz Muehlenhoff (jmm debian org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

-
------------------------------------------------------------------------
-
Debian Security Advisory DSA-4131-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
March 04, 2018

[ more ] [ reply ]

[SECURITY] [DSA 4129-1] freexl security update 2018-03-02
Moritz Muehlenhoff (jmm debian org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

-
------------------------------------------------------------------------
-
Debian Security Advisory DSA-4129-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
March 02, 2018

[ more ] [ reply ]

DefenseCode Security Advisory: Magento Multiple Stored Cross-Site Scripting Vulnerabilities 2018-03-06
Defense Code (defensecode defensecode com)

DefenseCode Security Advisory
Magento Multiple Stored Cross-Site Scripting Vulnerabilities

Advisory ID: DC-2018-03-002
Advisory Title: Magento Multiple Stored Cross-Site Scripting Vulnerabilities
Advisory URL: http://www.defensecode.com/advisories.php
Software: Magento
Version: M

[ more ] [ reply ]

DefenseCode Security Advisory: Magento Stored Cross-Site Scripting â?? Product Attributes 2018-03-06
Defense Code (defensecode defensecode com)

DefenseCode Security Advisory
Magento Stored Cross-Site Scripting â?? Product Attributes

Advisory ID: DC-2018-03-004
Advisory Title: Magento Stored Cross-Site Scripting â?? Product Attributes
Advisory URL: http://www.defensecode.com/advisories.php
Software: Magento
Version: Magen

[ more ] [ reply ]

DefenseCode Security Advisory: Magento Stored Cross-Site Scripting â?? Downloadable Products 2018-03-06
Defense Code (defensecode defensecode com)

DefenseCode Security Advisory
Magento Stored Cross-Site Scripting â?? Downloadable Products

Advisory ID: DC-2018-03-003
Advisory Title: Magento Stored Cross-Site Scripting â?? Downloadable Products
Advisory URL: http://www.defensecode.com/advisories.php
Software: Magento
Version:

[ more ] [ reply ]

DefenseCode Security Advisory: Magento Backups Cross-Site Request Forgery 2018-03-06
Defense Code (defensecode defensecode com)

DefenseCode Security Advisory
Magento Backups Cross-Site Request Forgery

Advisory ID: DC-2018-03-001
Advisory Title: Magento Backups Cross-Site Request Forgery
Advisory URL: http://www.defensecode.com/advisories.php
Software: Magento
Version: Magento Open Source prior to 1.9.3.8,

[ more ] [ reply ]

[SECURITY] [DSA 4127-1] simplesamlphp security update 2018-03-02
Thijs Kinkhorst (thijs debian org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

-
------------------------------------------------------------------------
-
Debian Security Advisory DSA-4127-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Thijs Kinkhorst
March 02, 2018

[ more ] [ reply ]

CVE-2017-12544 XSS on HPE System Management Homepage v7.6.0.11 and minor 2018-03-01
spinfoo (spinfoo protonmail com)

Product: HPE System Management Homepage
Versions: 7.6.0.11 and minor versions
Vulnerability: JavaScript Injection in file gsearch.php, parameter prod
OWASP TOP 10: A1 Injection
Type: Javascript Injection
Impact: Allows an attacker to perform an XSS (Cross-Site Scripting) attack,
execute arbitrary J

[ more ] [ reply ]

[SECURITY] [DSA 4129-1] freexl security update 2018-03-02
Moritz Muehlenhoff (jmm debian org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4129-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
March 02, 2018

[ more ] [ reply ]

[SECURITY] [DSA 4130-1] dovecot security update 2018-03-02
Salvatore Bonaccorso (carnil debian org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4130-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
March 02, 2018

[ more ] [ reply ]

[SECURITY] [DSA 4120-2] linux regression update 2018-03-03
Salvatore Bonaccorso (carnil debian org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4120-2 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
March 03, 2018

[ more ] [ reply ]

KL-001-2018-007 : Sophos UTM 9 loginuser Privilege Escalation via confd Service 2018-03-02
KoreLogic Disclosures (disclosures korelogic com)

KL-001-2018-007 : Sophos UTM 9 loginuser Privilege Escalation via confd Service

Title: Sophos UTM 9 loginuser Privilege Escalation via confd Service
Advisory ID: KL-001-2018-007
Publication Date: 2018.03.02
Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2018-007.txt

1. Vul

[ more ] [ reply ]

[SECURITY] [DSA 4131-1] xen security update 2018-03-04
Moritz Muehlenhoff (jmm debian org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4131-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
March 04, 2018

[ more ] [ reply ]

[SECURITY] [DSA 4132-1] libvpx security update 2018-03-04
Moritz Muehlenhoff (jmm debian org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4132-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
March 04, 2018

[ more ] [ reply ]

[SECURITY] [DSA 4128-1] trafficserver security update 2018-03-02
Sebastien Delafond (seb debian org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4128-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Sebastien Delafond
March 02, 2018

[ more ] [ reply ]

[security bulletin] MFSBGN03801 rev.1 - Micro Focus Operations Orchestration, Remote Denial of Service (DoS) 2018-03-01
cyber-psrt microfocus com

[Newsletter/Marketing] [slackware-security] dhcp (SSA:2018-060-01) 2018-03-01
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] dhcp (SSA:2018-060-01)

New dhcp packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
14.2, and -current to fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+

[ more ] [ reply ]