SecurityFocus

[SECURITY] [DSA 4127-1] simplesamlphp security update 2018-03-02
Thijs Kinkhorst (thijs debian org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4127-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Thijs Kinkhorst
March 02, 2018

[ more ] [ reply ]

[Newsletter/Marketing] [slackware-security] ntp (SSA:2018-060-02) 2018-03-01
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] ntp (SSA:2018-060-02)

New ntp packages are available for Slackware 14.0, 14.1, 14.2, and -current to
fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/ntp

[ more ] [ reply ]

CVE-2017-12544 XSS on HPE System Management Homepage v7.6.0.11 and minor 2018-03-01
spinfoo (spinfoo protonmail com)

Product: HPE System Management Homepage
Versions: 7.6.0.11 and minor versions
Vulnerability: JavaScript Injection in file gsearch.php, parameter prod
OWASP TOP 10: A1 Injection
Type: Javascript Injection
Impact: Allows an attacker to perform an XSS (Cross-Site Scripting) attack, execute arbitrary Ja

[ more ] [ reply ]

[security bulletin] MFSBGN03794 rev.2 - Micro Focus Operations Agent Multiple vulnerabilities 2018-02-28
cyber-psrt microfocus com

Secunia Research: Linux Kernel "_sctp_make_chunk()" Denial of Service Vulnerability 2018-02-28
Secunia Research (remove-vuln secunia com)

======================================================================

Secunia Research 2018/02/28

Linux Kernel "_sctp_make_chunk()" Denial of Service Vulnerability

======================================================================
Table of Contents

Affected Software.

[ more ] [ reply ]

SEC Consult SA-20180228-0 :: Insecure Direct Object Reference vulnerability in TestLink Open Source Test Management 2018-02-28
SEC Consult Vulnerability Lab (research sec-consult com)

SEC Consult Vulnerability Lab Security Advisory < 20180228-0 >
=======================================================================
title: Insecure Direct Object Reference
product: TestLink Open Source Test Management
vulnerable version: <1.9.17
fixed version: 1.9

[ more ] [ reply ]

[SECURITY] [DSA 4124-1] lucene-solr security update 2018-02-27
Moritz Muehlenhoff (jmm debian org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4124-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
February 27, 2018

[ more ] [ reply ]

[security bulletin] HPESBHF03826 rev.1 - HPE Integrated Lights-Out 3 (iLO 3) Remote Denial of Service 2018-02-27
security-alert hpe com

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf
03826en_us

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: hpesbhf03826en_us

Version: 1

HP

[ more ] [ reply ]

SEC Consult SA-20180227-0 :: OS command injection, arbitrary file upload & SQL injection in ClipBucket 2018-02-27
SEC Consult Vulnerability Lab (research sec-consult com)

SEC Consult Vulnerability Lab Security Advisory < 20180227-0 >
=======================================================================
title: OS command injection, arbitrary file upload & SQL injection
product: ClipBucket
vulnerable version: <4.0.0 - Release 4902
fix

[ more ] [ reply ]

ES2018-03 Asterisk pjsip sdp invalid media format description segfault 2018-02-26
Sandro Gauci (sandro enablesecurity com)

# Segmentation fault occurs in Asterisk with an invalid SDP media format description

- Authors:
- Alfred Farrugia <alfred (at) enablesecurity (dot) com [email concealed]>
- Sandro Gauci <sandro (at) enablesecurity (dot) com [email concealed]>
- Latest vulnerable version: Asterisk 15.2.0 running `chan_pjsip`
- References: AST-2018-002
- Enable Secu

[ more ] [ reply ]

ES2018-04 Asterisk pjsip tcp segfault 2018-02-26
Sandro Gauci (sandro enablesecurity com)

# Crash occurs when sending a repeated number of INVITE messages over TCP or TLS transport

- Authors:
- Alfred Farrugia <alfred (at) enablesecurity (dot) com [email concealed]>
- Sandro Gauci <sandro (at) enablesecurity (dot) com [email concealed]>
- Latest vulnerable version: Asterisk 15.2.0 running `chan_pjsip` installed with `--with-pjproject-b

[ more ] [ reply ]

ES2018-02 Asterisk pjsip sdp invalid fmtp segfault 2018-02-26
Sandro Gauci (sandro enablesecurity com)

# Segmentation fault occurs in asterisk with an invalid SDP fmtp attribute

- Authors:
- Alfred Farrugia <alfred (at) enablesecurity (dot) com [email concealed]>
- Sandro Gauci <sandro (at) enablesecurity (dot) com [email concealed]>
- Latest vulnerable version: Asterisk 15.2.0 running `chan_pjsip`
- References: AST-2018-003
- Enable Security Advis

[ more ] [ reply ]

ES2018-01 Asterisk pjsip subscribe stack corruption 2018-02-26
Sandro Gauci (sandro enablesecurity com)

# SUBSCRIBE message with a large Accept value causes stack corruption

- Authors:
- Alfred Farrugia <alfred (at) enablesecurity (dot) com [email concealed]>
- Sandro Gauci <sandro (at) enablesecurity (dot) com [email concealed]>
- Latest vulnerable version: Asterisk 15.2.0 running `chan_pjsip`
- Tested vulnerable versions: 15.2.0, 13.19.0, 14.7.

[ more ] [ reply ]

CMS Made Simple 2.1.6 - Remote Code Execution 2018-02-26
displaymyname gmail con

# Exploit Title: CMS Made Simple 2.1.6 - Remote Code Execution
# Date: 2018-02-26
# Exploit Author: Keerati T.
# Vendor Homepage: http://www.cmsmadesimple.org/
# Software Link: http://s3.amazonaws.com/cmsms/downloads/13570/cmsms-2.1.6-install.zip
# Version: 2.1.6
# CVE: CVE-2018-7448
# Tested on: Li

[ more ] [ reply ]

[SECURITY] [DSA 4123-1] drupal7 security update 2018-02-24
Moritz Muehlenhoff (jmm debian org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4123-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
February 24, 2018

[ more ] [ reply ]

[security bulletin] MFSBGN03798 rev.1 - Micro Focus Universal CMDB, Apache Struts Instance 2018-02-22
cyber-psrt microfocus com

Re: [CVE-2018-1000088] Stored XSS vulnerability in Doorkeeper gem v2.1.0 - v4.2.5 2018-02-22
Justin Bull (me justinbull ca)

On Wed, Feb 21, 2018 at 5:17 PM, Justin Bull <me (at) justinbull (dot) ca [email concealed]> wrote:
> Solution:
> ---------
> Upgrade to Doorkeeper v4.2.6 or later
>

Apologies. This fails to account for a non-trivial scenario.

Any software using Doorkeeper that has generated its own custom
views[0] requires manual work to ver

[ more ] [ reply ]

[SECURITY] [DSA 4122-1] squid3 security update 2018-02-22
Salvatore Bonaccorso (carnil debian org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4122-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
February 23, 2018

[ more ] [ reply ]

[SECURITY] [DSA 4120-1] linux security update 2018-02-22
Yves-Alexis Perez (corsac debian org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4120-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Yves-Alexis Perez
February 22, 2018

[ more ] [ reply ]

[SECURITY] [DSA 4121-1] gcc-6 security update 2018-02-22
Moritz Muehlenhoff (jmm debian org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4121-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
February 22, 2018

[ more ] [ reply ]

[CORE-2017-0006] Trend Micro Email Encryption Gateway Multiple Vulnerabilities 2018-02-21
Core Security Advisories Team (advisories coresecurity com)

Core Security - Corelabs Advisory
http://corelabs.coresecurity.com/

Trend Micro Email Encryption Gateway Multiple Vulnerabilities

1. *Advisory Information*

Title: Trend Micro Email Encryption Gateway Multiple Vulnerabilities
Advisory ID: CORE-2017-0006
Advisory URL:
http://www.coresecurity.com/ad

[ more ] [ reply ]

DefenseCode Security Advisory: PureVPN Windows Privilege Escalation Vulnerability 2018-02-21
Defense Code (defensecode defensecode com)

DefenseCode Security Advisory
PureVPN Windows Privilege Escalation Vulnerability

Advisory ID: DC-2018-02-001
Advisory Title: PureVPN Windows Privilege Escalation Vulnerability
Advisory URL: http://www.defensecode.com/advisories.php
Software: PureVPN
Version: 5.19.4.0 and below (W

[ more ] [ reply ]

SEC Consult SA-20180221-0 :: Hijacking of arbitrary miSafes Mi-Cam video baby monitors 2018-02-21
SEC Consult Vulnerability Lab (research sec-consult com)

We have published an accompanying blog post to this technical advisory with
further information:

https://www.sec-consult.com/en/blog/2018/02/internet-of-babies-when-baby
-monitors-fail-to-be-smart/index.html

SEC Consult Vulnerability Lab Security Advisory < 20180221-0 >
===========================

[ more ] [ reply ]

Sharutils 4.15.2 Heap-Buffer-Overflow 2018-02-21
nafiez (nafiez skins gmail com) (1 replies)

Unshar scans the input files (typically email messages) looking for the

start of a shell archive. If no files are given, then standard input is

processed instead. Shipped along with Sharutils.

Bug was found with AFL.

=================================================================

==11164=

[ more ] [ reply ]

Sharutils 4.15.2 Heap-Buffer-Overflow 2018-02-21
nafiez (nafiez skins gmail com)

Multiple Persistent Cross-Site Scripting Vulnerabilities in Quarx CMS 2018-02-21
preethiknambiar gmail com

1. Introduction

Vendor : Yab
Affected Product : Quarx through 2.4.3
Fixed in : Quarx 2.4.5 and 2.4.6
Vendor Website : https://quarxcms.com/
Vulnerability Type : Persistent XSS
Remote Exploitable : Yes
CVE External Identifier : CVE-2018-727

[ more ] [ reply ]

Multiple Persistent XSS vulnerabilities in Radiant Content Management System 2018-02-20
suparna kachru gmail com

*1. Introduction*

Vendor : Radiant
Affected Product : Radiant CMS 1.1.4
Fixed in : NA
Vendor Website : http://radiantcms.org/
Vulnerability Type : Persistent XSS
Remote Exploitable : Yes
CVE External Identifier : CVE-2018-7261

*2. Overview*

Technical Description:

There are multiple P

[ more ] [ reply ]

APPLE-SA-2018-02-19-2 macOS High Sierra 10.13.3 Supplemental Update 2018-02-19
Apple Product Security (product-security-noreply lists apple com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2018-02-19-2 macOS High Sierra 10.13.3 Supplemental Update

macOS High Sierra 10.13.3 Supplemental Update is now available and
addresses the following:

CoreText
Available for: macOS High Sierra 10.13.3
Impact: Processing a maliciously crafte

[ more ] [ reply ]

APPLE-SA-2018-02-19-3 tvOS 11.2.6 2018-02-19
Apple Product Security (product-security-noreply lists apple com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2018-02-19-3 tvOS 11.2.6

tvOS 11.2.6 is now available and addresses the following:

CoreText
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: Processing a maliciously crafted string may lead to heap
corruption
Description: A

[ more ] [ reply ]

APPLE-SA-2018-02-19-1 iOS 11.2.6 2018-02-19
Apple Product Security (product-security-noreply lists apple com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2018-02-19-1 iOS 11.2.6

iOS 11.2.6 is now available and addresses the following:

CoreText
Available for: iPhone 5s and later, iPad Air and later, and
iPod touch 6th generation
Impact: Processing a maliciously crafted string may lead to heap

[ more ] [ reply ]