jetlib.sec

« Expand/Collapse

January 25, 2018
19:31
Senator Demands FBI Director Explain His Encryption Backdoor Bullshit
» ‎ Packet Storm Security Headlines

Senator Demands FBI Director Explain His Encryption Backdoor Bullshit
Tags:

19:20
WebKitGTK+ Memory Corruption / Spoofing / Code Execution
» ‎ Packet Storm Security Advisories

WebKitGTK+ versions 2.18.x suffer from various memory corruption, user interface spoofing, and code execution vulnerabilities.
Tags:

19:17
AsusWRT Router Remote Code Execution
» ‎ Packet Storm Security Exploits

AsusWRT Router versions prior to 3.0.0.4.380.7743 suffer from an unauthenticated LAN remote code execution vulnerability.
Tags:

16:00
[webapps] Dodocool DC38 N300 - Cross-site Request Forgery
» ‎ Exploit-DB

has been added to
Tags:
16:00
[shellcode] Linux/x86 - Disable ASLR Security + Obfuscated Shellcode (23 bytes)
» ‎ Exploit-DB

has been added to
Tags:
16:00
[remote] BMC BladeLogic 8.3.00.64 - Remote Command Execution
» ‎ Exploit-DB

has been added to
Tags:
16:00
[webapps] WordPress Plugin Learning Management System - 'course_id' SQL Injection
» ‎ Exploit-DB

has been added to
Tags:

13:47
Red Hat Security Advisory 2018-0163-01
» ‎ Packet Storm Security Advisories

Red Hat Security Advisory 2018-0163-01 - 389 Directory Server is an LDAP version 3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. Security Fix: A stack buffer overflow flaw was found in the way 389-ds-base handled certain LDAP search filters. A remote, unauthenticated attacker could potentially use this flaw to make ns-slapd crash via a specially crafted LDAP request, thus resulting in denial of service.
Tags:
13:47
Red Hat Security Advisory 2018-0152-01
» ‎ Packet Storm Security Advisories

Red Hat Security Advisory 2018-0152-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix: A flaw was found in the Linux kernel's key management system where it was possible for an attacker to escalate privileges or crash the machine. If a user key gets negatively instantiated, an error code is cached in the payload area. A negatively instantiated key may be then be positively instantiated by updating it with valid data. However, the ->update key type method must be aware that the error code may be there.
Tags:
13:47
Red Hat Security Advisory 2018-0169-01
» ‎ Packet Storm Security Advisories

Red Hat Security Advisory 2018-0169-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: An integer overflow vulnerability in ip6_find_1stfragopt() function was found. A local attacker that has privileges to open raw socket can cause an infinite loop inside the ip6_find_1stfragopt() function. The IPv6 fragmentation implementation in the Linux kernel does not consider that the nexthdr field may be associated with an invalid option, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted socket and send system calls. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely.
Tags:
13:47
Red Hat Security Advisory 2018-0151-01
» ‎ Packet Storm Security Advisories

Red Hat Security Advisory 2018-0151-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions. There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Note: This issue is present in hardware and cannot be fully fixed via software update. The updated kernel packages provide software mitigation for this hardware issue at a cost of potential performance penalty. Please refer to References section for further information about this issue and the performance impact.
Tags:
13:47
Red Hat Security Advisory 2018-0180-01
» ‎ Packet Storm Security Advisories

Red Hat Security Advisory 2018-0180-01 - The kernel-alt packages provide the Linux kernel version 4.x. Security Fix: A flaw was found in the patches used to fix the 'dirtycow' vulnerability. An attacker, able to run local code, can exploit a race condition in transparent huge pages to modify usually read-only huge pages.
Tags:
13:47
Slackware Security Advisory - curl Updates
» ‎ Packet Storm Security Advisories

Slackware Security Advisory - New curl packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.
Tags:
13:46
Debian Security Advisory 4096-1
» ‎ Packet Storm Security Advisories

Debian Linux Security Advisory 4096-1 - Several security issues have been found in the Mozilla Firefox web overflows and other implementation errors may lead to the execution of arbitrary code, denial of service or URL spoofing.
Tags:
13:46
Debian Security Advisory 4095-1
» ‎ Packet Storm Security Advisories

Debian Linux Security Advisory 4095-1 - It was discovered that gcab, a Microsoft Cabinet file manipulation tool, is prone to a stack-based buffer overflow vulnerability when extracting .cab files. An attacker can take advantage of this flaw to cause a denial-of-service or, potentially the execution of arbitrary code with the privileges of the user running gcab, if a specially crafted .cab file is processed.
Tags:
13:46
Ubuntu Security Notice USN-3547-1
» ‎ Packet Storm Security Advisories

Ubuntu Security Notice 3547-1 - It was discovered that Libtasn1 incorrectly handled certain files. If a user were tricked into opening a crafted file, an attacker could possibly use this to cause a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. It was discovered that Libtasn1 incorrectly handled certain inputs. An attacker could possibly use this to cause Libtasn1 to hang, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 17.10. Various other issues were also addressed.
Tags:
13:46
Red Hat Security Advisory 2018-0223-01
» ‎ Packet Storm Security Advisories

Red Hat Security Advisory 2018-0223-01 - Nautilus is the file manager and graphical shell for the GNOME desktop. Security Fix: An untrusted .desktop file with executable permission set could choose its displayed name and icon, and execute commands without warning when opened by the user. An attacker could use this flaw to trick a user into opening a .desktop file disguised as a document, such as a PDF, and execute arbitrary commands. Note: This update will change the behavior of Nautilus. Nautilus will now prompt the user for confirmation when executing an untrusted .desktop file for the first time, and then add it to the trusted file list. Desktop files stored in the system directory, as specified by the XDG_DATA_DIRS environment variable, are always considered trusted and executed without prompt.
Tags:
13:45
Ubuntu Security Notice USN-3537-2
» ‎ Packet Storm Security Advisories

Ubuntu Security Notice 3537-2 - USN-3537-1 fixed vulnerabilities in MySQL. This update provides the corresponding update for Ubuntu 12.04 ESM. Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.5.59 in Ubuntu 12.04 ESM LTS. Various other issues were also addressed.
Tags:
13:43
Red Hat Security Advisory 2018-0182-01
» ‎ Packet Storm Security Advisories

Red Hat Security Advisory 2018-0182-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions. There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Note: This issue is present in hardware and cannot be fully fixed via software update. The updated kernel packages provide software mitigation for this hardware issue at a cost of potential performance penalty.
Tags:
13:43
Red Hat Security Advisory 2018-0181-01
» ‎ Packet Storm Security Advisories

Red Hat Security Advisory 2018-0181-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix: A flaw was found in the Linux kernel's key management system where it was possible for an attacker to escalate privileges or crash the machine. If a user key gets negatively instantiated, an error code is cached in the payload area. A negatively instantiated key may be then be positively instantiated by updating it with valid data. However, the ->update key type method must be aware that the error code may be there.
Tags:
13:43
Red Hat Security Advisory 2018-0158-01
» ‎ Packet Storm Security Advisories

Red Hat Security Advisory 2018-0158-01 - The Dynamic Host Configuration Protocol is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. The dhcp packages provide a relay agent and ISC DHCP service required to enable and administer DHCP on a network. Security Fix: It was found that the DHCP daemon did not properly clean up closed OMAPI connections in certain cases. A remote attacker able to connect to the OMAPI port could use this flaw to exhaust file descriptors in the DHCP daemon, leading to a denial of service in the OMAPI functionality.
Tags:

7:08
Bell Canada Got Hacked Again
» ‎ Packet Storm Security Headlines

Bell Canada Got Hacked Again
Tags:
7:08
Lawmakers Not Happy Chip Flaws Were Kept From Industry
» ‎ Packet Storm Security Headlines

Lawmakers Not Happy Chip Flaws Were Kept From Industry
Tags:
7:08
GDPR: Deadline Looms But Businesses Still Aren't Ready
» ‎ Packet Storm Security Headlines

GDPR: Deadline Looms But Businesses Still Aren't Ready
Tags:
7:08
Burger King Trolled Customers To Perfectly Explain Net Neutrality
» ‎ Packet Storm Security Headlines

Burger King Trolled Customers To Perfectly Explain Net Neutrality
Tags:

3:00
Bugtraq: [slackware-security] curl (SSA:2018-024-01)
» ‎ SecurityFocus Vulnerabilities

[slackware-security] curl (SSA:2018-024-01)
Tags:

1:38
[slackware-security] curl (SSA:2018-024-01)
» ‎ Bugtraq

Posted by Slackware Security Team on Jan 25
[slackware-security] curl (SSA:2018-024-01)

New curl packages are available for Slackware 14.0, 14.1, 14.2, and -current to
fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/curl-7.58.0-i586-1_slack14.2.txz: Upgraded.
This update fixes security issues:
HTTP authentication leak in redirects
HTTP/2 trailer out-of-bounds read
For more information, see:...

Tags:

0:00
Vuln: Multiple CPU Hardwares CVE-2017-5754 Information Disclosure Vulnerability
» ‎ SecurityFocus Vulnerabilities

Multiple CPU Hardwares CVE-2017-5754 Information Disclosure Vulnerability
Tags:
0:00
Vuln: cURL/libcURL CVE-2017-8817 Memory Corruption Vulnerability
» ‎ SecurityFocus Vulnerabilities

cURL/libcURL CVE-2017-8817 Memory Corruption Vulnerability
Tags:

← January 24 (42 items) January 26 (21 items) →

jetlib.sec » January 25, 2018

Feeds

Tags:

Tags:

Tags:

Tags:

Tags:

Tags:

Tags:

Tags:

Tags:

Tags:

Tags:

Tags:

Tags:

Tags:

Tags:

Tags:

Tags:

Tags:

Tags:

Tags:

Tags:

Tags:

Tags:

Tags:

Tags:

Tags:

Tags:

Tags:

Tags: