BugTraq Latest Security Advisories

Syndicate content
The premier general security mailing list. Vulnerabilities are often announced here first, so check frequently!
Updated: 1 hour 51 min ago

[SECURITY] [DSA 4206-1] gitlab security update

16 hours 16 min ago

Posted by Moritz Muehlenhoff on May 21

-------------------------------------------------------------------------
Debian Security Advisory DSA-4206-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
May 21, 2018 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : gitlab
CVE ID : CVE-2017-0920 CVE-2018-8971...
Categories:

Qualys Security Advisory - Procps-ng Audit Report

May 21, 2018 - 8:30am

Posted by Qualys Security Advisory on May 21

Qualys Security Advisory

Procps-ng Audit Report

========================================================================
Contents
========================================================================

Summary
1. FUSE-backed /proc/PID/cmdline
2. Unprivileged process hiding
3. Local Privilege Escalation in top (Low Impact)
4. Denial of Service in ps
5. Local Privilege Escalation in libprocps (High Impact)
5.1. Vulnerability
5.2....
Categories:

[SECURITY] [DSA 4205-1] Advance notification for upcoming end-of-life for

May 21, 2018 - 5:11am

Posted by Moritz Muehlenhoff on May 21

-------------------------------------------------------------------------
Debian Security Advisory DSA-4205-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
May 18, 2018 https://www.debian.org/security/faq
-------------------------------------------------------------------------

This is an advance notice that regular security support for Debian
GNU/Linux...
Categories:

[SECURITY] [DSA 4204-1] imagemagick security update

May 21, 2018 - 4:38am

Posted by Sebastien Delafond on May 21

-------------------------------------------------------------------------
Debian Security Advisory DSA-4204-1 security () debian org
https://www.debian.org/security/ Sebastien Delafond
May 18, 2018 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : imagemagick
CVE ID : CVE-2017-10995 CVE-2017-11533...
Categories:

[SYSS-2018-007] ILIAS e-Learning - Reflected Cross-Site-Scripting

May 21, 2018 - 4:34am

Posted by Moritz Bechler on May 21

Advisory ID: SYSS-2018-007
Product: ILIAS
Affected Version(s): 5.3.2, 5.2.14, 5.1.25
Tested Version(s): 5.3.2, 5.2.12
Vulnerability Type: Reflected Cross-Site-Scripting
Risk Level: MEDIUM
Solution Status: Fixed
Manufacturer Notification: 2018-03-29
Solution Date: 2018-04-25
Public Disclosure: 2018-05-18
CVE Reference: CVE-2018-10428
Author of Advisory: Moritz Bechler, SySS GmbH...
Categories:

MagniComp SysInfo Information Exposure [CVE-2018-7268]

May 18, 2018 - 2:18am

Posted by Harry Sintonen on May 18

MagniComp SysInfo Information Exposure [CVE-2018-7268]
======================================================
The latest version of this advisory is available at:
https://sintonen.fi/advisories/magnicomp-sysinfo-information-exposure.txt

Overview
--------

MagniComp SysInfo contains a information exposure vulnerability through debug
functionality.

Description
-----------

Due to a combination of setuid binary and verbose debugging, MagniComp...
Categories:

[SECURITY] [DSA 4203-1] vlc security update

May 18, 2018 - 2:12am

Posted by Moritz Muehlenhoff on May 18

-------------------------------------------------------------------------
Debian Security Advisory DSA-4203-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
May 17, 2018 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : vlc
CVE ID : CVE-2017-17670

Hans Jerry Illikainen...
Categories:

[slackware-security] curl (SSA:2018-136-01)

May 17, 2018 - 4:46am

Posted by Slackware Security Team on May 17

[slackware-security] curl (SSA:2018-136-01)

New curl packages are available for Slackware 14.0, 14.1, 14.2, and -current to
fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/curl-7.60.0-i586-1_slack14.2.txz: Upgraded.
This release contains security fixes:
FTP: shutdown response buffer overflow
RTSP: bad headers buffer over-read
For more information, see:...
Categories:

[slackware-security] php (SSA:2018-136-02)

May 17, 2018 - 4:38am

Posted by Slackware Security Team on May 17

[slackware-security] php (SSA:2018-136-02)

New php packages are available for Slackware 14.0, 14.1, and 14.2 to
fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/php-5.6.36-i586-1_slack14.2.txz: Upgraded.
This fixes many bugs, including some security issues:
Heap Buffer Overflow (READ: 1786) in exif_iif_add_value
stream filter convert.iconv leads to infinite loop...
Categories:

[SECURITY] [DSA 4202-1] curl security update

May 16, 2018 - 9:28pm

Posted by Alessandro Ghedini on May 16

-------------------------------------------------------------------------
Debian Security Advisory DSA-4202-1 security () debian org
https://www.debian.org/security/ Alessandro Ghedini
May 16, 2018 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : curl
CVE ID : CVE-2018-1000301
Debian Bug :...
Categories:

CVE-2018-11101: Signal-desktop HTML tag injection variant 2

May 16, 2018 - 9:27pm

Posted by Alfredo Ortega on May 16

Title: Signal-desktop HTML tag injection variant 2

Date Published: 2018-05-16

Last Update: 2018-05-16

CVE Name: CVE-2018-11101

Class: Code injection

Remotely Exploitable: Yes

Locally Exploitable: No

Vendors contacted: Signal.org

Vulnerability Description:

Signal-desktop is the standalone desktop version of the secure
Signal messenger. This software is vulnerable to remote code execution
from a malicious contact, by sending a specially...
Categories:

SEC Consult SA-20180516-0 :: XXE & XSS vulnerabilities in RSA Authentication Manager

May 16, 2018 - 9:18pm

Posted by SEC Consult Vulnerability Lab on May 16

SEC Consult Vulnerability Lab Security Advisory < 20180516-0 >
=======================================================================
title: XXE & XSS vulnerabilities
product: RSA Authentication Manager
vulnerable version: 8.2.1.4.0-build1394922, < 8.3 P1
fixed version: 8.3 P1 and later
CVE number: CVE-2018-1247
impact: High
homepage: https://www.rsa.com...
Categories:

[SECURITY] [DSA 4201-1] xen security update

May 15, 2018 - 11:04pm

Posted by Moritz Muehlenhoff on May 15

-------------------------------------------------------------------------
Debian Security Advisory DSA-4201-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
May 15, 2018 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : xen
CVE ID : CVE-2018-8897 CVE-2018-10471...
Categories:

CSNC-2018-003 totemomail Encryption Gateway - Cross-Site Request Forgery

May 15, 2018 - 5:12am

Posted by Advisories on May 15

################################################################################
#
# COMPASS SECURITY ADVISORY
# https://www.compass-security.com/research/advisories/
#
################################################################################
#
# Product: totemomail Encryption Gateway
# Vendor: totemo AG
# CSNC ID: CSNC-2018-003
# CVE ID: CVE-2018-6563
# Subject: Cross-Site Request Forgery
# Risk: High
# Effect: Remotely...
Categories:

CSNC-2018-002 totemomail Encryption Gateway - JSONP hijacking

May 15, 2018 - 5:11am

Posted by Advisories on May 15

################################################################################
#
# COMPASS SECURITY ADVISORY
# https://www.compass-security.com/research/advisories/
#
################################################################################
#
# Product: totemomail Encryption Gateway
# Vendor: totemo AG
# CSNC ID: CSNC-2018-002
# CVE ID: CVE-2018-6562
# Subject: JSONP hijacking
# Risk: High
# Effect: Remotely exploitable
#...
Categories:

Re: SEC Consult SA-20180514-0 :: Arbitrary File Upload & Cross-site scripting in MyBiz MyProcureNet

May 15, 2018 - 5:00am

Posted by SEC Consult Vulnerability Lab on May 15

The following CVE numbers have been assigned now:
XSS issue: CVE-2018-11090
Arbitrary File Upload: CVE-2018-11091
Categories: