Security Alerts

Syndicate content
The premier general security mailing list. Vulnerabilities are often announced here first, so check frequently!
Updated: 6 weeks 5 days ago

[SECURITY] [DSA 4187-1] linux security update

Tue, 05/01/2018 - 23:08

Posted by Ben Hutchings on May 01

-------------------------------------------------------------------------
Debian Security Advisory DSA-4187-1 security () debian org
https://www.debian.org/security/ Ben Hutchings
May 01, 2018 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : linux
CVE ID : CVE-2015-9016 CVE-2017-0861...
Categories: Security

[SECURITY] [DSA 4188-1] linux security update

Tue, 05/01/2018 - 22:58

Posted by Salvatore Bonaccorso on May 01

-------------------------------------------------------------------------
Debian Security Advisory DSA-4188-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
May 01, 2018 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : linux
CVE ID : CVE-2017-5715 CVE-2017-5753...
Categories: Security

CA20180501-01: Security Notice for CA Spectrum

Tue, 05/01/2018 - 22:58

Posted by Kotas, Kevin J on May 01

CA20180501-01: Security Notice for CA Spectrum

Issued: May 1st, 2018
Last Updated: May 1st, 2018

CA Technologies Support is alerting customers to a potential risk
with CA Spectrum. A vulnerability exists that can allow an
unauthenticated remote attacker to cause a denial of service. CA has
solutions to resolve the vulnerability.

The vulnerability, CVE-2018-6589, occurs due to how a Spectrum
network service handles invalid data. A remote...
Categories: Security

Trovebox <= 4.0.0-rc6 Authentication Bypass, SQLi, SSRF

Tue, 05/01/2018 - 22:51

Posted by robin . verton on May 01

Telekom Security
security.telekom.com

Advisory: Trovebox - Authentication Bypass, SQLi, SSRF
Release Date: 2018/04/30
Author: Robin Verton (robin.verton () telekom de)
CVE: requested

Application: Trovebox <= 4.0.0-rc6
Risk: Critical
Vendor Status: A fix was released on github.

Overview:

"Trovebox is software that helps you manage, organize and share...
Categories: Security

CVE-2016-6811: Apache Hadoop Privilege escalation vulnerability

Tue, 05/01/2018 - 02:03

Posted by Akira Ajisaka on Apr 30

CVE-2016-6811: Apache Hadoop Privilege escalation vulnerability

Severity: Critical

Vendor: The Apache Software Foundation

Versions Affected:
All the Apache Hadoop versions from 2.2.0 to 2.7.3

Description:
A user who can escalate to yarn user can possibly run arbitrary commands as root user.

Mitigation:
Users should upgrade to 2.7.4 or upper.
If you are using the affected version of Apache Hadoop and there are
any users who can escalate to...
Categories: Security

[slackware-security] libwmf (SSA:2018-120-01)

Tue, 05/01/2018 - 01:58

Posted by Slackware Security Team on Apr 30

[slackware-security] libwmf (SSA:2018-120-01)

New libwmf packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
14.2, and -current to fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/libwmf-0.2.8.4-i586-7_slack14.1.txz: Rebuilt.
Patched denial of service and possible execution of arbitrary code
security issues.
For more information, see:...
Categories: Security

[slackware-security] mozilla-firefox (SSA:2018-120-02)

Tue, 05/01/2018 - 01:51

Posted by Slackware Security Team on Apr 30

[slackware-security] mozilla-firefox (SSA:2018-120-02)

New mozilla-firefox packages are available for Slackware 14.2 and -current to
fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/mozilla-firefox-52.7.4esr-i586-1_slack14.2.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:...
Categories: Security

Advisory - Sourcetree for Windows - CVE-2018-5226

Mon, 04/30/2018 - 03:57

Posted by Atlassian on Apr 30

This email refers to the advisory found at
https://confluence.atlassian.com/x/ERyUO .

CVE ID:

* CVE-2018-5226.

Product: Sourcetree for Windows.

Affected Sourcetree for Windows product versions:

version < 2.5.5.0

Fixed Sourcetree for Windows product versions:

* Sourcetree for Windows 2.5.5.0 has been released with a fix for this issue.

Summary:
This advisory discloses a critical severity security vulnerability. Versions of
Sourcetree...
Categories: Security

[SECURITY] [DSA 4185-1] openjdk-8 security update

Mon, 04/30/2018 - 03:48

Posted by Moritz Muehlenhoff on Apr 30

-------------------------------------------------------------------------
Debian Security Advisory DSA-4185-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
April 28, 2018 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : openjdk-8
CVE ID : CVE-2018-2790 CVE-2018-2794...
Categories: Security

[SECURITY] [DSA 4186-1] gunicorn security update

Mon, 04/30/2018 - 03:29

Posted by Moritz Muehlenhoff on Apr 30

-------------------------------------------------------------------------
Debian Security Advisory DSA-4186-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
April 28, 2018 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : gunicorn
CVE ID : CVE-2018-1000164

It was...
Categories: Security

[SECURITY] [DSA 4184-1] sdl-image1.2 security update

Mon, 04/30/2018 - 03:29

Posted by Salvatore Bonaccorso on Apr 30

-------------------------------------------------------------------------
Debian Security Advisory DSA-4184-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
April 28, 2018 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : sdl-image1.2
CVE ID : CVE-2017-2887 CVE-2017-12122...
Categories: Security

[SECURITY] [DSA 4183-1] tor security update

Mon, 04/30/2018 - 03:29

Posted by Salvatore Bonaccorso on Apr 30

-------------------------------------------------------------------------
Debian Security Advisory DSA-4183-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
April 28, 2018 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : tor
CVE ID : CVE-2018-0490

It has been discovered...
Categories: Security

[SECURITY] [DSA 4181-1] roundcube security update

Mon, 04/30/2018 - 03:24

Posted by Salvatore Bonaccorso on Apr 30

-------------------------------------------------------------------------
Debian Security Advisory DSA-4181-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
April 28, 2018 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : roundcube
CVE ID : CVE-2018-9846
Debian Bug :...
Categories: Security

[SECURITY] [DSA 4182-1] chromium-browser security update

Mon, 04/30/2018 - 03:22

Posted by Michael Gilbert on Apr 30

-------------------------------------------------------------------------
Debian Security Advisory DSA-4182-1 security () debian org
https://www.debian.org/security/ Michael Gilbert
April 28, 2018 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : chromium-browser
CVE ID : CVE-2018-6056...
Categories: Security

[slackware-security] openvpn (SSA:2018-116-01)

Fri, 04/27/2018 - 05:32

Posted by Slackware Security Team on Apr 27

[slackware-security] openvpn (SSA:2018-116-01)

New openvpn packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
14.2, and -current to fix a security issue.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/openvpn-2.4.6-i586-1_slack14.2.txz: Upgraded.
This is a security update fixing a potential double-free() in Interactive
Service. This usually only leads to a process...
Categories: Security