Feed aggregator

4.14.71: longterm

Linux Kernel Updates - September 19, 2018 - 3:43pm
Version:4.14.71 (longterm) Released:2018-09-19 Source:linux-4.14.71.tar.xz PGP Signature:linux-4.14.71.tar.sign Patch:full (incremental) ChangeLog:ChangeLog-4.14.71

4.18.9: stable

Linux Kernel Updates - September 19, 2018 - 3:41pm
Version:4.18.9 (stable) Released:2018-09-19 Source:linux-4.18.9.tar.xz PGP Signature:linux-4.18.9.tar.sign Patch:full (incremental) ChangeLog:ChangeLog-4.18.9

next-20180919: linux-next

Linux Kernel Updates - September 19, 2018 - 1:13am
Version:next-20180919 (linux-next) Released:2018-09-19

[SECURITY] [DSA 4297-1] chromium-browser security update

BugTraq Latest Security Advisories - September 19, 2018 - 12:53am

Posted by Michael Gilbert on Sep 18

-------------------------------------------------------------------------
Debian Security Advisory DSA-4297-1 security () debian org
https://www.debian.org/security/ Michael Gilbert
September 19, 2018 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : chromium-browser

Two vulnerabilities have been discovered...
Categories:

Vuln: Adobe Acrobat and Reader CVE-2018-12848 Arbitrary Code Execution Vulnerability

Security Focus Latest Security Advisories - September 18, 2018 - 11:00pm
Adobe Acrobat and Reader CVE-2018-12848 Arbitrary Code Execution Vulnerability
Categories:

Vuln: Western Digital My Cloud CVE-2018-17153 Authentication Bypass Vulnerability

Security Focus Latest Security Advisories - September 18, 2018 - 11:00pm
Western Digital My Cloud CVE-2018-17153 Authentication Bypass Vulnerability
Categories:

Vuln: Adobe Acrobat and Reader APSB18-34 Multiple Information Disclosure Vulnerabilities

Security Focus Latest Security Advisories - September 18, 2018 - 11:00pm
Adobe Acrobat and Reader APSB18-34 Multiple Information Disclosure Vulnerabilities
Categories:

Vuln: Symantec Messaging Gateway CVE-2018-12243 XML External Entity Injection Vulnerability

Security Focus Latest Security Advisories - September 18, 2018 - 11:00pm
Symantec Messaging Gateway CVE-2018-12243 XML External Entity Injection Vulnerability
Categories:

Vuln: Symantec Messaging Gateway CVE-2018-12242 Authentication Bypass Vulnerability

Security Focus Latest Security Advisories - September 18, 2018 - 11:00pm
Symantec Messaging Gateway CVE-2018-12242 Authentication Bypass Vulnerability
Categories:

Vuln: Adobe Flash Player CVE-2018-15967 Unspecified Information Disclosure Vulnerability

Security Focus Latest Security Advisories - September 18, 2018 - 11:00pm
Adobe Flash Player CVE-2018-15967 Unspecified Information Disclosure Vulnerability
Categories:

Authentication bypass vulnerability in Western Digital My Cloud allows escalation to admin privileges

BugTraq Latest Security Advisories - September 18, 2018 - 10:42pm

Posted by Securify B.V. on Sep 18

------------------------------------------------------------------------
Authentication bypass vulnerability in Western Digital My Cloud allows
escalation to admin privileges
------------------------------------------------------------------------
Remco Vermeulen, September 2018

------------------------------------------------------------------------
Abstract
------------------------------------------------------------------------
It was...
Categories:

SEC Consult SA-20180918-0 :: Remote Code Execution via PHP unserialize in Moodle open-source learning platform

BugTraq Latest Security Advisories - September 18, 2018 - 10:39pm

Posted by SEC Consult Vulnerability Lab on Sep 18

SEC Consult Vulnerability Lab Security Advisory < 20180918-0 >
=======================================================================
title: Remote Code Execution via PHP unserialize
product: Moodle - Open-source learning platform
vulnerable version: 3.5 to 3.5.1, 3.4 to 3.4.4, 3.1 to 3.1.13 and
earlier unsupported versions
fixed version: 3.5.2, 3.4.5, 3.3.8 and 3.1.14
CVE...
Categories:

next-20180918: linux-next

Linux Kernel Updates - September 18, 2018 - 12:10am
Version:next-20180918 (linux-next) Released:2018-09-18

APPLE-SA-2018-9-17-5 Apple Support 2.4 for iOS

BugTraq Latest Security Advisories - September 17, 2018 - 10:03pm

Posted by Apple Product Security on Sep 17

APPLE-SA-2018-9-17-5 Apple Support 2.4 for iOS

Apple Support 2.4 for iOS is now available and addresses the
following:

Analytics
Available for: iOS 11.0 and later
Impact: An attacker in a privileged network position may be able to
intercept analytics data sent to Apple
Description: Analytics data was sent using HTTP rather than HTTPS.
This was addressed by sending analytics data using HTTPS.
CVE-2018-4397: Yigit Can YILMAZ (@yilmazcanyigit)...
Categories:

race condition in .net core System.IO.Directory.Delete allowing deletion of entire drives

BugTraq Latest Security Advisories - September 17, 2018 - 9:59pm

Posted by Joshua Hudson on Sep 17

Here's a link to the original reporting of this class of bug:
https://seclists.org/bugtraq/2000/May/67

In looking for how to deal with this problem on Windows, I discovered
that .net core has
essentially the same security bug.

That file system node might have been a directory when FindNextFile
returned it, but it's a symlink to c:\users now. Goodbye half your
data (on average) before hitting a locked file....
Categories:

APPLE-SA-2018-9-17-3 tvOS 12

BugTraq Latest Security Advisories - September 17, 2018 - 9:54pm

Posted by Apple Product Security on Sep 17

APPLE-SA-2018-9-17-3 tvOS 12

tvOS 12 is now available and addresses the following:

Bluetooth
Available for: Apple TV (4th generation)
Impact: An attacker in a privileged network position may be able to
intercept Bluetooth traffic
Description: An input validation issue existed in Bluetooth. This
issue was addressed with improved input validation.
CVE-2018-5383: Lior Neumann and Eli Biham

iTunes Store
Available for: Apple TV 4K and Apple TV (4th...
Categories:

APPLE-SA-2018-9-17-4 Safari 12

BugTraq Latest Security Advisories - September 17, 2018 - 9:53pm

Posted by Apple Product Security on Sep 17

APPLE-SA-2018-9-17-4 Safari 12

Safari 12 is now available and addresses the following:

Safari
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS
Mojave 10.14
Impact: A malicious website may be able to exfiltrate autofilled data
in Safari
Description: A logic issue was addressed with improved state
management.
CVE-2018-4307: Rafay Baloch of Pakistan Telecommunications Authority

Safari
Available for: macOS Sierra 10.12.6,...
Categories:

APPLE-SA-2018-9-17-1 iOS 12

BugTraq Latest Security Advisories - September 17, 2018 - 9:48pm

Posted by Apple Product Security on Sep 17

APPLE-SA-2018-9-17-1 iOS 12

iOS 12 is now available and addresses the following:

Accounts
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A local app may be able to read a persistent account
identifier
Description: This issue was addressed with improved entitlements.
CVE-2018-4322: Min (Spark) Zheng, Xiaolong Bai of Alibaba Inc.

Bluetooth
Available for: iPhone SE, iPhone 6s, iPhone 6s Plus, iPhone...
Categories:

APPLE-SA-2018-9-17-2 watchOS 5

BugTraq Latest Security Advisories - September 17, 2018 - 9:45pm

Posted by Apple Product Security on Sep 17

APPLE-SA-2018-9-17-2 watchOS 5

watchOS 5 is now available and addresses the following:

iTunes Store
Available for: Apple Watch Series 1 and later
Impact: An attacker in a privileged network position may be able to
spoof password prompts in the iTunes Store
Description: An input validation issue was addressed with improved
input validation.
CVE-2018-4305: Jerry Decime

Kernel
Available for: Apple Watch Series 1 and later
Impact: An application...
Categories:

Disclose SSRF Vulnerability

BugTraq Latest Security Advisories - September 17, 2018 - 9:42pm

Posted by alphan yavaş on Sep 17

I. VULNERABILITY
-------------------------
Rollup 18 for Microsoft Exchange Server 2010 SP3 Server Side Request
Forgery (SSRF)

II. CVE REFERENCE
-------------------------
CVE-2018-16793

III. VENDOR
-------------------------
https://www.microsoft.com

IV. TIMELINE
------------------------
19/06/2018 Vulnerability discovered
22/06/2018 Vendor contacted
15/08/2018 Microsoft replay that Update rollup 18 is out of date.

V. CREDIT...
Categories: