BugTraq Latest Security Advisories

Syndicate content
The premier general security mailing list. Vulnerabilities are often announced here first, so check frequently!
Updated: 20 min 58 sec ago

March 2019 Sourcetree Advisory - Multiple Remote Code Execution Vulnerabilities

16 hours 1 min ago

Posted by Erin Jensby on Mar 20

This email refers to the advisory found at
https://confluence.atlassian.com/display/SOURCETREEKB/Sourcetree+Security+Advisory+2018-03-06
.

CVE ID:

* CVE-2018-17456.
* CVE-2018-20234.
* CVE-2018-20235.
* CVE-2018-20236.

Product: Sourcetree.

Affected Sourcetree product versions:

1.2 <= version < 3.1.1
0.5a <= version < 3.0.17

Fixed Sourcetree product versions:

* for macOS, Sourcetree 3.1.1 has been released with a fix for these...
Categories:

[SECURITY] [DSA 4412-1] drupal7 security update

March 20, 2019 - 10:37pm

Posted by Moritz Muehlenhoff on Mar 20

-------------------------------------------------------------------------
Debian Security Advisory DSA-4412-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
March 20, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : drupal7
CVE ID : not yet available

It was...
Categories:

[SECURITY] [DSA 4411-1] firefox-esr security update

March 20, 2019 - 10:36pm

Posted by Moritz Muehlenhoff on Mar 20

-------------------------------------------------------------------------
Debian Security Advisory DSA-4411-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
March 20, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : firefox-esr
CVE ID : CVE-2018-18506 CVE-2019-9788...
Categories:

[SECURITY] [DSA 4410-1] openjdk-8 security update

March 20, 2019 - 10:31pm

Posted by Moritz Muehlenhoff on Mar 20

-------------------------------------------------------------------------
Debian Security Advisory DSA-4410-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
March 20, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : openjdk-8
CVE ID : CVE-2019-2422

A memory...
Categories:

[SE-2019-01] Java Card vulnerabilities

March 20, 2019 - 10:28pm

Posted by Security Explorations on Mar 20

Hello All,

We discovered multiple security vulnerabilities in reference implementation
of Java Card technology [1] from Oracle used in financial, government,
transportation and telecommunication sectors among others.

According to Oracle, "Java Card technology provides a secured environment
for applications that run on smart cards and other trusted devices with
limited memory and processing capabilities. With close to six billion
Java...
Categories:

[slackware-security] libssh2 (SSA:2019-077-01)

March 19, 2019 - 4:41am

Posted by Slackware Security Team on Mar 19

[slackware-security] libssh2 (SSA:2019-077-01)

New libssh2 packages are available for Slackware 14.2 and -current to
fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/libssh2-1.8.1-i586-1_slack14.2.txz: Upgraded.
Fixed several security issues.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3855...
Categories:

[SECURITY] [DSA 4409-1] neutron security update

March 19, 2019 - 4:38am

Posted by Moritz Muehlenhoff on Mar 19

-------------------------------------------------------------------------
Debian Security Advisory DSA-4409-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
March 18, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : neutron
CVE ID : CVE-2019-9735

Erik Olof Gunnar...
Categories:

Gitea 1.7.3 stored HTML injection (XSS)

March 17, 2019 - 10:41pm

Posted by Anti Räis on Mar 17

Gitea 1.7.3 stored HTML injection (XSS)
#######################################

Information
===========

Name: Gitea 1.7.0 - 1.7.3 stored HTML injection
Software: Gitea - a self-hosted Git service
Homepage: https://gitea.io/
Vulnerability: stored HTML injection
Affected: 1.7.0 - 1.7.3
Tested: 1.7.2, 1.7.3
Fixed: 1.7.4
Prerequisites: edit repository settings
Severity: low
CVE: NA

Credit:...
Categories:

[SECURITY] [DSA 4408-1] liblivemedia security update

March 17, 2019 - 10:38pm

Posted by Moritz Muehlenhoff on Mar 17

-------------------------------------------------------------------------
Debian Security Advisory DSA-4408-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
March 17, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : liblivemedia
CVE ID : CVE-2019-6256 CVE-2019-7314...
Categories:

NEW: VMSA-2019-0003 - VMware Horizon update addresses Connection Server information disclosure vulnerability

March 15, 2019 - 6:07am

Posted by VMware Security Response Center on Mar 15

VMSA-2019-0003 - VMware Horizon update addresses Connection Server
information disclosure vulnerability

Please see the advisory here:
https://www.vmware.com/security/advisories/VMSA-2019-0003.html

Relevant Products:

- VMware Horizon

Change Log:

2019-03-14: VMSA-2019-0003
Initial security advisory in conjunction with the release of VMware Horizon
7.8 on 2019-03-14.
Categories:

NEW: VMSA-2019-0002 - VMware Workstation update addresses elevation of privilege issues.

March 15, 2019 - 6:04am

Posted by VMware Security Response Center on Mar 15

VMSA-2019-0002 - VMware Workstation update addresses elevation of privilege
issues.

Please see the advisory here:
https://www.vmware.com/security/advisories/VMSA-2019-0002.html

Relevant Products:

- VMware Workstation Pro / Player (Workstation)

Change Log:

2019-03-14: VMSA-2019-0002
Initial security advisory in conjunction with the release of VMware
Workstation 14.1.6 and 15.0.3 on 2019-03-14.
Categories:

[SYSS-2018-033]: Fujitsu Wireless Keyboard Set LX901 - Keystroke Injection Vulnerability

March 15, 2019 - 6:01am

Posted by matthias . deeg on Mar 15

Advisory ID: SYSS-2018-033
Product: Wireless Keyboard Set LX901
Manufacturer: Fujitsu
Affected Version(s): Model No. GK900
Tested Version(s): Model No. GK900
Vulnerability Type: Cryptographic Issues (CWE-310)
Keystroke Injection Vulnerability
Risk Level: High
Solution Status: Open
Manufacturer Notification: 2018-10-19
Solution Date: -
Public Disclosure: 2019-03-15
CVE Reference: Not yet assigned
Author of Advisory: Matthias...
Categories: