Feed aggregator

Bugtraq: [SECURITY] [DSA 4269-1] postgresql-9.6 security update

[SECURITY] [DSA 4269-1] postgresql-9.6 security update
Categories:

Bugtraq: [SECURITY] [DSA 4268-1] openjdk-8 security update

[SECURITY] [DSA 4268-1] openjdk-8 security update
Categories:

Bugtraq: [SECURITY] [DSA 4267-1] kamailio security update

[SECURITY] [DSA 4267-1] kamailio security update
Categories:

Bugtraq: [CVE-2018-12584] Heap overflow vulnerability in reSIProcate through 1.10.2

[CVE-2018-12584] Heap overflow vulnerability in reSIProcate through 1.10.2
Categories:

More rss feeds from SecurityFocus

News, Infocus, Columns, Vulnerabilities, Bugtraq ...
Categories:

[slackware-security] httpd (SSA:2019-022-01)

BugTraq Latest Security Advisories - 5 hours 44 min ago

Posted by Slackware Security Team on Jan 22

[slackware-security] httpd (SSA:2019-022-01)

New httpd packages are available for Slackware 14.0, 14.1, 14.2, and -current to
fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/httpd-2.4.38-i586-1_slack14.2.txz: Upgraded.
This release contains security fixes and improvements.
mod_session: mod_session_cookie does not respect expiry time allowing
sessions to be...
Categories:

4.9.152: longterm

Linux Kernel Updates - 6 hours 14 min ago
Version:4.9.152 (longterm) Released:2019-01-23 Source:linux-4.9.152.tar.xz PGP Signature:linux-4.9.152.tar.sign Patch:full (incremental) ChangeLog:ChangeLog-4.9.152

4.14.95: longterm

Linux Kernel Updates - 6 hours 15 min ago
Version:4.14.95 (longterm) Released:2019-01-23 Source:linux-4.14.95.tar.xz PGP Signature:linux-4.14.95.tar.sign Patch:full (incremental) ChangeLog:ChangeLog-4.14.95

CVE-2018-13042 - 1Password Android < 7.0 - Denial Of Service

BugTraq Latest Security Advisories - 7 hours 11 min ago

Posted by Valerio Brussani on Jan 22

############
Description
############

The 1Password application < 7.0 for Android is affected by a Denial Of
Service vulnerability. By starting the activity
com.agilebits.onepassword.filling.openyolo.OpenYoloDeleteActivity or
com.agilebits.onepassword.filling.openyolo.OpenYoloRetrieveActivity from an
external application (since they are exported), it is possible to crash the
1Password instance.

############
Poc
############

To invoke the...
Categories:

APPLE-SA-2019-1-22-4 tvOS 12.1.2

BugTraq Latest Security Advisories - 7 hours 15 min ago

Posted by Apple Product Security on Jan 22

APPLE-SA-2019-1-22-4 tvOS 12.1.2

tvOS 12.1.2 is now available and addresses the following:

AppleKeyStore
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: A sandboxed process may be able to circumvent sandbox
restrictions
Description: A memory corruption issue was addressed with improved
validation.
CVE-2019-6235: Brandon Azad

CoreAnimation
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: A malicious application...
Categories:

APPLE-SA-2019-1-22-3 watchOS 5.1.3

BugTraq Latest Security Advisories - 7 hours 16 min ago

Posted by Apple Product Security on Jan 22

APPLE-SA-2019-1-22-3 watchOS 5.1.3

watchOS 5.1.3 is now available and addresses the following:

AppleKeyStore
Available for: All Apple Watch models
Impact: A sandboxed process may be able to circumvent sandbox
restrictions
Description: A memory corruption issue was addressed with improved
validation.
CVE-2019-6235: Brandon Azad

Core Media
Available for: All Apple Watch models
Impact: A malicious application may be able to elevate privileges...
Categories:

APPLE-SA-2019-1-22-2 macOS Mojave 10.14.3, Security Update 2019-001 High Sierra, Security Update 2019-001 Sierra

BugTraq Latest Security Advisories - 7 hours 17 min ago

Posted by Apple Product Security on Jan 22

APPLE-SA-2019-1-22-2 macOS Mojave 10.14.3,
Security Update 2019-001 High Sierra, Security Update 2019-001 Sierra

macOS Mojave 10.14.3, Security Update 2019-001 High Sierra,
Security Update 2019-001 Sierra are now available
and addresses the following:

AppleKeyStore
Available for: macOS Mojave 10.14.2
Impact: A sandboxed process may be able to circumvent sandbox
restrictions
Description: A memory corruption issue was addressed with improved...
Categories:

APPLE-SA-2019-1-22-5 Safari 12.0.3

BugTraq Latest Security Advisories - 7 hours 21 min ago

Posted by Apple Product Security on Jan 22

APPLE-SA-2019-1-22-5 Safari 12.0.3

Safari 12.0.3 is now available and addresses the following:

Safari Reader
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, and
macOS Mojave 10.14.3
Impact: Processing maliciously crafted web content may lead to a
cross site scripting attack
Description: A cross-site scripting issue existed in Safari. This
issue was addressed with improved URL validation.
CVE-2019-6228: Ryan Pickren...
Categories:

APPLE-SA-2019-1-22-6 iCloud for Windows 7.10

BugTraq Latest Security Advisories - 7 hours 27 min ago

Posted by Apple Product Security on Jan 22

APPLE-SA-2019-1-22-6 iCloud for Windows 7.10

iCloud for Windows 7.10 is now available and addresses the following:

SQLite
Available for: Windows 7 and later
Impact: A maliciously crafted SQL query may lead to arbitrary code
execution
Description: Multiple memory corruption issues were addressed with
improved input validation.
CVE-2018-20346: Tencent Blade Team
CVE-2018-20505: Tencent Blade Team
CVE-2018-20506: Tencent Blade Team

WebKit...
Categories:

APPLE-SA-2019-1-22-1 iOS 12.1.3

BugTraq Latest Security Advisories - 7 hours 31 min ago

Posted by Apple Product Security on Jan 22

APPLE-SA-2019-1-22-1 iOS 12.1.3

iOS 12.1.3 is now available and addresses the following:

AppleKeyStore
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A sandboxed process may be able to circumvent sandbox
restrictions
Description: A memory corruption issue was addressed with improved
validation.
CVE-2019-6235: Brandon Azad

Bluetooth
Available for: iPhone 5s and later, iPad Air and later, and iPod...
Categories:

next-20190123: linux-next

Linux Kernel Updates - 8 hours 2 min ago
Version:next-20190123 (linux-next) Released:2019-01-23

Vuln: Tridium Niagara Directory Traversal and Authentication-Bypass Vulnerabilities

Tridium Niagara Directory Traversal and Authentication-Bypass Vulnerabilities
Categories:

Vuln: Oracle Java SE CVE-2019-2426 Information Disclosure Vulnerability

Oracle Java SE CVE-2019-2426 Information Disclosure Vulnerability
Categories:

Vuln: Oracle Java SE CVE-2019-2422 Information Disclosure Vulnerability

Oracle Java SE CVE-2019-2422 Information Disclosure Vulnerability
Categories:

4.19.17: longterm

Linux Kernel Updates - January 22, 2019 - 3:40pm
Version:4.19.17 (longterm) Released:2019-01-22 Source:linux-4.19.17.tar.xz PGP Signature:linux-4.19.17.tar.sign Patch:full (incremental) ChangeLog:ChangeLog-4.19.17