Feed aggregator

[SECURITY] [DSA 4393-1] systemd security update

BugTraq Latest Security Advisories - February 18, 2019 - 9:30pm

Posted by Salvatore Bonaccorso on Feb 18

-------------------------------------------------------------------------
Debian Security Advisory DSA-4393-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
February 18, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : systemd
CVE ID : CVE-2019-6454

Chris Coulson...
Categories:

next-20190218: linux-next

Linux Kernel Updates - February 18, 2019 - 2:33am
Version:next-20190218 (linux-next) Released:2019-02-18

Vuln: QEMU CVE-2019-3812 Out-Of-Bounds Read Local Information Disclosure Vulnerability

Security Focus Latest Security Advisories - February 18, 2019 - 12:00am
QEMU CVE-2019-3812 Out-Of-Bounds Read Local Information Disclosure Vulnerability
Categories:

Vuln: SolarWinds Orion Network Performance Monitor (NPM) CVE-2019-8917 Remote Code Execution Vulnerability

Security Focus Latest Security Advisories - February 18, 2019 - 12:00am
SolarWinds Orion Network Performance Monitor (NPM) CVE-2019-8917 Remote Code Execution Vulnerability
Categories:

Vuln: Multiple Dasan GPON Routers Command Injection and Authentication Bypass Vulnerabilities

Security Focus Latest Security Advisories - February 18, 2019 - 12:00am
Multiple Dasan GPON Routers Command Injection and Authentication Bypass Vulnerabilities
Categories:

Vuln: Multiple F5 BIG-IP Products CVE-2018-15319 Denial of Service Vulnerability

Security Focus Latest Security Advisories - February 18, 2019 - 12:00am
Multiple F5 BIG-IP Products CVE-2018-15319 Denial of Service Vulnerability
Categories:

[SECURITY] [DSA 4388-2] mosquitto regression update

BugTraq Latest Security Advisories - February 17, 2019 - 11:13pm

Posted by Salvatore Bonaccorso on Feb 17

-------------------------------------------------------------------------
Debian Security Advisory DSA-4388-2 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
February 17, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : mosquitto
Debian Bug : 922071

Kushal Kumaran reported...
Categories:

CVE-2018-20162: Digi TransPort LR54 Restricted Shell Escape

BugTraq Latest Security Advisories - February 17, 2019 - 11:09pm

Posted by Stig Palmquist on Feb 17

CVE-2018-20162: Digi TransPort LR54 Restricted Shell Escape
===========================================================

The Digi TransPort LR54 is a high speed LTE router commonly used by industry,
infrastructure, retail and public transportation.

It supports running python scripts in a restricted sandbox, and has a custom
shell accessible over SSH which is subjected to the same restrictions. The
underlying OS is inaccessible to the...
Categories:

[SECURITY] [DSA 4392-1] thunderbird security update

BugTraq Latest Security Advisories - February 17, 2019 - 11:06pm

Posted by Moritz Muehlenhoff on Feb 17

-------------------------------------------------------------------------
Debian Security Advisory DSA-4392-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
February 16, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : thunderbird
CVE ID : CVE-2018-18356 CVE-2018-18500...
Categories:

DASAN H665 has vendor backdoor built into BusyBox’s /bin/login

BugTraq Latest Security Advisories - February 17, 2019 - 10:17pm

Posted by Krzysztof Burghardt on Feb 17

Hi!

DASAN H665 has vendor backdoor built into BusyBox /bin/login. Account
named "dnsekakf2$$" gives access to admin (uid 0) account over telnet
without any password, at least for administration interface documented
in H665 Quick Guide (subnet 192.168.55.0/24 on LAN interface).

$ telnet 192.168.55.1
Trying 192.168.55.1...
Connected to 192.168.55.1.
Escape character is '^]'.
tc login: dnsekakf2$$
# uname -a
Linux tc 2.6.36 #1...
Categories:

5.0-rc7: mainline

Linux Kernel Updates - February 17, 2019 - 9:46pm
Version:5.0-rc7 (mainline) Released:2019-02-18 Source:linux-5.0-rc7.tar.gz Patch:full (incremental)

4.20.10: stable

Linux Kernel Updates - February 15, 2019 - 3:10am
Version:4.20.10 (stable) Released:2019-02-15 Source:linux-4.20.10.tar.xz PGP Signature:linux-4.20.10.tar.sign Patch:full (incremental) ChangeLog:ChangeLog-4.20.10

4.19.23: longterm

Linux Kernel Updates - February 15, 2019 - 3:09am
Version:4.19.23 (longterm) Released:2019-02-15 Source:linux-4.19.23.tar.xz PGP Signature:linux-4.19.23.tar.sign Patch:full (incremental) ChangeLog:ChangeLog-4.19.23

4.14.101: longterm

Linux Kernel Updates - February 15, 2019 - 3:08am
Version:4.14.101 (longterm) Released:2019-02-15 Source:linux-4.14.101.tar.xz PGP Signature:linux-4.14.101.tar.sign Patch:full (incremental) ChangeLog:ChangeLog-4.14.101

4.9.158: longterm

Linux Kernel Updates - February 15, 2019 - 3:07am
Version:4.9.158 (longterm) Released:2019-02-15 Source:linux-4.9.158.tar.xz PGP Signature:linux-4.9.158.tar.sign Patch:full (incremental) ChangeLog:ChangeLog-4.9.158

next-20190215: linux-next

Linux Kernel Updates - February 15, 2019 - 12:56am
Version:next-20190215 (linux-next) Released:2019-02-15

[slackware-security] mozilla-thunderbird (SSA:2019-045-01)

BugTraq Latest Security Advisories - February 15, 2019 - 12:16am

Posted by Slackware Security Team on Feb 14

[slackware-security] mozilla-thunderbird (SSA:2019-045-01)

New mozilla-thunderbird packages are available for Slackware 14.2 and -current
to fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/mozilla-thunderbird-60.5.1-i686-1_slack14.2.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:...
Categories:

[SECURITY] [DSA 4391-1] firefox-esr security update

BugTraq Latest Security Advisories - February 15, 2019 - 12:12am

Posted by Moritz Muehlenhoff on Feb 14

-------------------------------------------------------------------------
Debian Security Advisory DSA-4391-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
February 14, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : firefox-esr
CVE ID : CVE-2018-18356 CVE-2019-5785...
Categories:

Vuln: Linux Kernel CVE-2018-5391 Remote Denial of Service Vulnerability

Security Focus Latest Security Advisories - February 15, 2019 - 12:00am
Linux Kernel CVE-2018-5391 Remote Denial of Service Vulnerability
Categories:

Vuln: Mozilla Firefox and Firefox ESR CVE-2019-5785 Integer Overflow Vulnerability

Security Focus Latest Security Advisories - February 15, 2019 - 12:00am
Mozilla Firefox and Firefox ESR CVE-2019-5785 Integer Overflow Vulnerability
Categories: