Feed aggregator

SEC Consult SA-20180918-0 :: Remote Code Execution via PHP unserialize in Moodle open-source learning platform

BugTraq Latest Security Advisories - September 18, 2018 - 10:39pm

Posted by SEC Consult Vulnerability Lab on Sep 18

SEC Consult Vulnerability Lab Security Advisory < 20180918-0 >
=======================================================================
title: Remote Code Execution via PHP unserialize
product: Moodle - Open-source learning platform
vulnerable version: 3.5 to 3.5.1, 3.4 to 3.4.4, 3.1 to 3.1.13 and
earlier unsupported versions
fixed version: 3.5.2, 3.4.5, 3.3.8 and 3.1.14
CVE...
Categories:

next-20180918: linux-next

Linux Kernel Updates - September 18, 2018 - 12:10am
Version:next-20180918 (linux-next) Released:2018-09-18

APPLE-SA-2018-9-17-5 Apple Support 2.4 for iOS

BugTraq Latest Security Advisories - September 17, 2018 - 10:03pm

Posted by Apple Product Security on Sep 17

APPLE-SA-2018-9-17-5 Apple Support 2.4 for iOS

Apple Support 2.4 for iOS is now available and addresses the
following:

Analytics
Available for: iOS 11.0 and later
Impact: An attacker in a privileged network position may be able to
intercept analytics data sent to Apple
Description: Analytics data was sent using HTTP rather than HTTPS.
This was addressed by sending analytics data using HTTPS.
CVE-2018-4397: Yigit Can YILMAZ (@yilmazcanyigit)...
Categories:

race condition in .net core System.IO.Directory.Delete allowing deletion of entire drives

BugTraq Latest Security Advisories - September 17, 2018 - 9:59pm

Posted by Joshua Hudson on Sep 17

Here's a link to the original reporting of this class of bug:
https://seclists.org/bugtraq/2000/May/67

In looking for how to deal with this problem on Windows, I discovered
that .net core has
essentially the same security bug.

That file system node might have been a directory when FindNextFile
returned it, but it's a symlink to c:\users now. Goodbye half your
data (on average) before hitting a locked file....
Categories:

APPLE-SA-2018-9-17-3 tvOS 12

BugTraq Latest Security Advisories - September 17, 2018 - 9:54pm

Posted by Apple Product Security on Sep 17

APPLE-SA-2018-9-17-3 tvOS 12

tvOS 12 is now available and addresses the following:

Bluetooth
Available for: Apple TV (4th generation)
Impact: An attacker in a privileged network position may be able to
intercept Bluetooth traffic
Description: An input validation issue existed in Bluetooth. This
issue was addressed with improved input validation.
CVE-2018-5383: Lior Neumann and Eli Biham

iTunes Store
Available for: Apple TV 4K and Apple TV (4th...
Categories:

APPLE-SA-2018-9-17-4 Safari 12

BugTraq Latest Security Advisories - September 17, 2018 - 9:53pm

Posted by Apple Product Security on Sep 17

APPLE-SA-2018-9-17-4 Safari 12

Safari 12 is now available and addresses the following:

Safari
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS
Mojave 10.14
Impact: A malicious website may be able to exfiltrate autofilled data
in Safari
Description: A logic issue was addressed with improved state
management.
CVE-2018-4307: Rafay Baloch of Pakistan Telecommunications Authority

Safari
Available for: macOS Sierra 10.12.6,...
Categories:

APPLE-SA-2018-9-17-1 iOS 12

BugTraq Latest Security Advisories - September 17, 2018 - 9:48pm

Posted by Apple Product Security on Sep 17

APPLE-SA-2018-9-17-1 iOS 12

iOS 12 is now available and addresses the following:

Accounts
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A local app may be able to read a persistent account
identifier
Description: This issue was addressed with improved entitlements.
CVE-2018-4322: Min (Spark) Zheng, Xiaolong Bai of Alibaba Inc.

Bluetooth
Available for: iPhone SE, iPhone 6s, iPhone 6s Plus, iPhone...
Categories:

APPLE-SA-2018-9-17-2 watchOS 5

BugTraq Latest Security Advisories - September 17, 2018 - 9:45pm

Posted by Apple Product Security on Sep 17

APPLE-SA-2018-9-17-2 watchOS 5

watchOS 5 is now available and addresses the following:

iTunes Store
Available for: Apple Watch Series 1 and later
Impact: An attacker in a privileged network position may be able to
spoof password prompts in the iTunes Store
Description: An input validation issue was addressed with improved
input validation.
CVE-2018-4305: Jerry Decime

Kernel
Available for: Apple Watch Series 1 and later
Impact: An application...
Categories:

Disclose SSRF Vulnerability

BugTraq Latest Security Advisories - September 17, 2018 - 9:42pm

Posted by alphan yavaş on Sep 17

I. VULNERABILITY
-------------------------
Rollup 18 for Microsoft Exchange Server 2010 SP3 Server Side Request
Forgery (SSRF)

II. CVE REFERENCE
-------------------------
CVE-2018-16793

III. VENDOR
-------------------------
https://www.microsoft.com

IV. TIMELINE
------------------------
19/06/2018 Vulnerability discovered
22/06/2018 Vendor contacted
15/08/2018 Microsoft replay that Update rollup 18 is out of date.

V. CREDIT...
Categories:

[SECURITY] [DSA 4296-1] mbedtls security update

BugTraq Latest Security Advisories - September 17, 2018 - 3:31am

Posted by Moritz Muehlenhoff on Sep 17

-------------------------------------------------------------------------
Debian Security Advisory DSA-4296-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
September 16, 2018 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : mbedtls
CVE ID : CVE-2018-0497 CVE-2018-0498

Two...
Categories:

[SECURITY] [DSA 4295-1] thunderbird security update

BugTraq Latest Security Advisories - September 17, 2018 - 3:28am

Posted by Moritz Muehlenhoff on Sep 17

-------------------------------------------------------------------------
Debian Security Advisory DSA-4295-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
September 16, 2018 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : thunderbird
CVE ID : CVE-2018-5156 CVE-2018-5187...
Categories:

[SECURITY] [DSA 4294-1] ghostscript security update

BugTraq Latest Security Advisories - September 17, 2018 - 3:27am

Posted by Moritz Muehlenhoff on Sep 17

-------------------------------------------------------------------------
Debian Security Advisory DSA-4294-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
September 16, 2018 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : ghostscript
CVE ID : CVE-2018-16509 CVE-2018-16802...
Categories:

[SECURITY] [DSA 4273-2] intel-microcode security update

BugTraq Latest Security Advisories - September 17, 2018 - 3:24am

Posted by Moritz Muehlenhoff on Sep 17

-------------------------------------------------------------------------
Debian Security Advisory DSA-4273-2 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
September 16, 2018 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : intel-microcode
CVE ID : CVE-2018-3639...
Categories:

[slackware-security] php (SSA:2018-257-01)

BugTraq Latest Security Advisories - September 17, 2018 - 3:17am

Posted by Slackware Security Team on Sep 17

[slackware-security] php (SSA:2018-257-01)

New php packages are available for Slackware 14.0, 14.1, 14.2, and -current to
fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/php-5.6.38-i586-1_slack14.2.txz: Upgraded.
One security bug has been fixed in this release:
Apache2: XSS due to the header Transfer-Encoding: chunked
For more information, see:...
Categories:

[SECURITY] [DSA 4293-1] discount security update

BugTraq Latest Security Advisories - September 17, 2018 - 3:13am

Posted by Alessandro Ghedini on Sep 17

-------------------------------------------------------------------------
Debian Security Advisory DSA-4293-1 security () debian org
https://www.debian.org/security/ Alessandro Ghedini
September 14, 2018 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : discount
CVE ID : CVE-2018-11468 CVE-2018-11503...
Categories: