BugTraq Latest Security Advisories

Syndicate content
The premier general security mailing list. Vulnerabilities are often announced here first, so check frequently!
Updated: 1 hour 54 min ago

APPLE-SA-2017-12-13-1 iOS 11.2.1

December 14, 2017 - 10:35pm

Posted by Apple Product Security on Dec 14

APPLE-SA-2017-12-13-1 iOS 11.2.1

iOS 11.2.1 is now available and addresses the following:

HomeKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A remote attacker may be able to unexpectedly alter
application state
Description: A message handling issue was addressed with improved
input validation.
CVE-2017-13903: Tian Zhang

Installation note:

This update is available through iTunes and Software...
Categories:

APPLE-SA-2017-12-13-2 tvOS 11.2.1

December 14, 2017 - 10:29pm

Posted by Apple Product Security on Dec 14

APPLE-SA-2017-12-13-2 tvOS 11.2.1

tvOS 11.2.1 is now available and addresses the following:

HomeKit
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: A remote attacker may be able to unexpectedly alter
application state
Description: A message handling issue was addressed with improved
input validation.
CVE-2017-13903: Tian Zhang

Installation note:

Apple TV will periodically check for software updates. Alternatively,
you may...
Categories:

AST-2017-012: Remote Crash Vulnerability in RTCP Stack

December 14, 2017 - 10:22pm

Posted by Asterisk Security Team on Dec 14

Asterisk Project Security Advisory - AST-2017-012

Product Asterisk
Summary Remote Crash Vulnerability in RTCP Stack
Nature of Advisory Denial of Service
Susceptibility Remote Unauthenticated Sessions
Severity Moderate...
Categories:

APPLE-SA-2017-12-13-7 Additional information for APPLE-SA-2017-12-6-4 tvOS 11.2

December 14, 2017 - 10:15pm

Posted by Apple Product Security on Dec 14

APPLE-SA-2017-12-13-7 Additional information for
APPLE-SA-2017-12-6-4 tvOS 11.2

tvOS 11.2 addresses the following:

IOSurface
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-13861: Ian Beer of Google Project Zero

Kernel
Available for: Apple TV 4K and Apple TV...
Categories:

ADVISORY - Kemp Load Balancers - Module Application Firewall Pack (AFP) - Web Application Firewall (WAF) does not inspect HTTP POST data - CVE-2017-15524

December 14, 2017 - 10:09pm

Posted by tim . kretschmann on Dec 14

1. ADVISORY SUMMARY

Kemp Load Balancers - Module Application Firewall Pack (AFP) - Web Application Firewall (WAF) does not inspect HTTP
POST data

Risk: high

Application: Kemp Load Balancers - Module Application Firewall Pack (AFP)
Versions Affected: 7.1.30 (Nov 2015) to 7.2.40 (Oct 2017) // Older versions are probably affected too, but they were
not checked
Vendor: KEMP Technologies
Vendor URL: https://kemptechnologies.com/

Sent to...
Categories:

APPLE-SA-2017-12-13-5 Safari 11.0.2

December 14, 2017 - 10:04pm

Posted by Apple Product Security on Dec 14

APPLE-SA-2017-12-13-5 Safari 11.0.2

Safari 11.0.2 addresses the following:

WebKit
Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and
macOS High Sierra 10.13.2
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2017-7156: an anonymous researcher
CVE-2017-7157: an anonymous researcher
CVE-2017-13856:...
Categories:

[SECURITY] [DSA 4064-1] chromium-browser security update

December 13, 2017 - 10:22pm

Posted by Michael Gilbert on Dec 13

-------------------------------------------------------------------------
Debian Security Advisory DSA-4064-1 security () debian org
https://www.debian.org/security/ Michael Gilbert
December 12, 2017 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : chromium-browser
CVE ID : CVE-2017-15407...
Categories:

Advisory - Fisheye and Crucible - CVE-2017-14591

December 11, 2017 - 8:52pm

Posted by Atlassian on Dec 11

This email refers to the advisory found at
https://confluence.atlassian.com/x/qVcGO and
https://confluence.atlassian.com/x/plcGO .

CVE ID:

* CVE-2017-14591.

Product: Fisheye and Crucible.

Affected Fisheye and Crucible product versions:

version < 4.4.3
4.5.0 <= version < 4.5.1

Fixed Fisheye and Crucible product versions:

* for 4.4.x, Fisheye 4.4.3 has been released with a fix for this issue.
* for 4.4.x, Crucible 4.4.3 has been...
Categories:

[SECURITY] [DSA 4062-1] firefox-esr security update

December 11, 2017 - 8:47pm

Posted by Moritz Muehlenhoff on Dec 11

-------------------------------------------------------------------------
Debian Security Advisory DSA-4062-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
December 10, 2017 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : firefox-esr
CVE ID : CVE-2017-7843

It discovered...
Categories:

[SECURITY] [DSA 4061-1] thunderbird security update

December 11, 2017 - 8:42pm

Posted by Moritz Muehlenhoff on Dec 11

-------------------------------------------------------------------------
Debian Security Advisory DSA-4061-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
December 10, 2017 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : thunderbird
CVE ID : CVE-2017-7826 CVE-2017-7828...
Categories:

[SECURITY] [DSA 4060-1] wireshark security update

December 11, 2017 - 8:35pm

Posted by Moritz Muehlenhoff on Dec 11

-------------------------------------------------------------------------
Debian Security Advisory DSA-4060-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
December 09, 2017 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : wireshark
CVE ID : CVE-2017-11408 CVE-2017-13766...
Categories:

[slackware-security] openssl (SSA:2017-342-01)

December 11, 2017 - 8:29pm

Posted by Slackware Security Team on Dec 11

[slackware-security] openssl (SSA:2017-342-01)

New openssl packages are available for Slackware 14.2 and -current to
fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/openssl-1.0.2n-i586-1_slack14.2.txz: Upgraded.
This update fixes security issues:
Read/write after SSL object in error state
rsaz_1024_mul_avx2 overflow bug on x86_64
For more information, see:...
Categories:

FreeBSD Security Advisory FreeBSD-SA-17:12.openssl

December 11, 2017 - 8:22pm

Posted by FreeBSD Security Advisories on Dec 11

=============================================================================
FreeBSD-SA-17:12.openssl Security Advisory
The FreeBSD Project

Topic: OpenSSL multiple vulnerabilities

Category: contrib
Module: openssl
Announced: 2017-12-09
Affects: All supported versions of FreeBSD.
Corrected: 2017-12-07 18:04:48 UTC...
Categories:

CISTI'2018 -- Doctoral Symposium -- Call for contributions

December 11, 2017 - 7:48pm

Posted by ML on Dec 11

------------------------------------------------------------------
Doctoral Symposium of CISTI'2018
13th Iberian Conference on Information Systems and Technologies
13 - 16 June 2018, Caceres, Spain
http://www.cisti.eu/
---------------------------------------------------------------------------

The purpose of CISTI'2018’s Doctoral Symposium is to provide graduate students a setting where they can, informally,
expose and discuss their...
Categories:

[SECURITY] [DSA 4059-1] libxcursor security update

December 11, 2017 - 7:44pm

Posted by Salvatore Bonaccorso on Dec 11

-------------------------------------------------------------------------
Debian Security Advisory DSA-4059-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
December 08, 2017 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : libxcursor
CVE ID : CVE-2017-16612
Debian Bug :...
Categories:

Secunia Research: LibRaw Multiple Denial of Service Vulnerabilities

December 11, 2017 - 7:38pm

Posted by Secunia Research on Dec 11

======================================================================

Secunia Research 2017/12/08

LibRaw Multiple Denial of Service Vulnerabilities

======================================================================
Table of Contents

Affected Software....................................................1...
Categories:

[SECURITY] [DSA 4058-1] optipng security update

December 11, 2017 - 7:32pm

Posted by Salvatore Bonaccorso on Dec 11

-------------------------------------------------------------------------
Debian Security Advisory DSA-4058-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
December 08, 2017 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : optipng
CVE ID : CVE-2017-16938 CVE-2017-1000229...
Categories:

[SECURITY] [DSA 4057-1] erlang security update

December 8, 2017 - 2:50am

Posted by Moritz Muehlenhoff on Dec 07

-------------------------------------------------------------------------
Debian Security Advisory DSA-4057-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
December 08, 2017 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : erlang
CVE ID : CVE-2017-1000385

It was discovered...
Categories:

[SECURITY] [DSA 4056-1] nova security update

December 7, 2017 - 11:36pm

Posted by Sebastien Delafond on Dec 07

-------------------------------------------------------------------------
Debian Security Advisory DSA-4056-1 security () debian org
https://www.debian.org/security/ Sebastien Delafond
December 07, 2017 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : nova
CVE ID : CVE-2017-16239
Debian Bug :...
Categories: