BugTraq Latest Security Advisories

Syndicate content
The premier general security mailing list. Vulnerabilities are often announced here first, so check frequently!
Updated: 5 min 40 sec ago

[slackware-security] httpd (SSA:2018-199-01)

15 hours 58 min ago

Posted by Slackware Security Team on Jul 19

[slackware-security] httpd (SSA:2018-199-01)

New httpd packages are available for Slackware 14.0, 14.1, 14.2, and -current
to fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/httpd-2.4.34-i586-1_slack14.2.txz: Upgraded.
This update fixes two denial of service issues:
mod_md: DoS via Coredumps on specially crafted requests
mod_http2: DoS for HTTP/2 connections by...
Categories:

[SECURITY] [DSA 4252-1] znc security update

16 hours 3 min ago

Posted by Moritz Muehlenhoff on Jul 19

-------------------------------------------------------------------------
Debian Security Advisory DSA-4252-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
July 18, 2018 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : znc
CVE ID : CVE-2018-14055 CVE-2018-14056

Jeriko...
Categories:

GhostMail - (filename to link) POST Inject Web Vulnerability

16 hours 6 min ago

Posted by Vulnerability Lab on Jul 19

Document Title:
===============
GhostMail - (filename to link) POST Inject Web Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1471

Release Date:
=============
2018-06-26

Vulnerability Laboratory ID (VL-ID):
====================================
1471

Common Vulnerability Scoring System:
====================================
4.2

Vulnerability Class:
====================
Cross Site...
Categories:

[SECURITY] [DSA 4251-1] vlc security update

16 hours 15 min ago

Posted by Moritz Muehlenhoff on Jul 19

-------------------------------------------------------------------------
Debian Security Advisory DSA-4251-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
July 18, 2018 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : vlc
CVE ID : CVE-2018-11529

A use-after-free was...
Categories:

Binance v1.5.0 - Insecure File Permission Vulnerability

16 hours 19 min ago

Posted by Vulnerability Lab on Jul 19

Document Title:
===============
Binance v1.5.0 - Insecure File Permission Vulnerability

References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=2135

Release Date:
=============
2018-07-17

Vulnerability Laboratory ID (VL-ID):
====================================
2135

Common Vulnerability Scoring System:
====================================
2.5

Vulnerability Class:
====================
Access Permission...
Categories:

GhostMail - (Status Message) Persistent Web Vulnerability

16 hours 20 min ago

Posted by Vulnerability Lab on Jul 19

Document Title:
===============
GhostMail - (Status Message) Persistent Web Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1470

Release Date:
=============
2018-06-27

Vulnerability Laboratory ID (VL-ID):
====================================
1470

Common Vulnerability Scoring System:
====================================
4

Vulnerability Class:
====================
Script Code...
Categories:

Barracuda Cloud Control v3.020 - CS Cross Site Vulnerability

16 hours 22 min ago

Posted by Vulnerability Lab on Jul 19

Document Title:
===============
Barracuda Cloud Control v3.020 - CS Cross Site Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=662

Release Date:
=============
2018-07-18

Vulnerability Laboratory ID (VL-ID):
====================================
662

Common Vulnerability Scoring System:
====================================
3.3

Vulnerability Class:
====================
Cross Site...
Categories:

Defense in depth -- the Microsoft way (part 56): 10+ year old security update installers are susceptiblle to 20+ year old vulnerability

16 hours 29 min ago

Posted by Stefan Kanthak on Jul 19

Hi @ll,

Microsoft released <https://support.microsoft.com/en-us/help/4336919>
"Description of the security update for the remote code execution
vulnerability in Visual Studio 2010 Service Pack 1: July 10, 2018"
some days ago.

The executable installer VS10SP1-KB4336919-x86.exe offered for
download from <https://aka.ms/vs/10/release/4336919> alias
<...
Categories:

[SECURITY] [DSA 4250-1] wordpress security update

July 18, 2018 - 3:05am

Posted by Sebastien Delafond on Jul 18

-------------------------------------------------------------------------
Debian Security Advisory DSA-4250-1 security () debian org
https://www.debian.org/security/ Sebastien Delafond
July 18, 2018 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : wordpress
CVE ID : CVE-2018-12895
Debian Bug :...
Categories:

[SECURITY] [DSA 4248-1] blender security update

July 18, 2018 - 1:58am

Posted by Moritz Muehlenhoff on Jul 17

-------------------------------------------------------------------------
Debian Security Advisory DSA-4248-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
July 17, 2018 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : blender
CVE ID : CVE-2017-2899 CVE-2017-2900...
Categories:

[SECURITY] [DSA 4249-1] ffmpeg security update

July 18, 2018 - 1:55am

Posted by Moritz Muehlenhoff on Jul 17

-------------------------------------------------------------------------
Debian Security Advisory DSA-4249-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
July 17, 2018 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : ffmpeg
CVE ID : CVE-2018-6392 CVE-2018-6621...
Categories:

[slackware-security] mutt (SSA:2018-198-01)

July 18, 2018 - 1:54am

Posted by Slackware Security Team on Jul 17

[slackware-security] mutt (SSA:2018-198-01)

New mutt packages are available for Slackware 14.0, 14.1, 14.2, and -current to
fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/mutt-1.10.1-i586-1_slack14.2.txz: Upgraded.
This update fixes bugs and security issues. Upstream strongly recommends
that all IMAP and POP users upgrade as soon as possible.
(* Security fix *)...
Categories:

[CVE-2018-1000211] Public apps can't revoke OAuth access & refresh tokens in Doorkeeper

July 18, 2018 - 1:45am

Posted by Justin Bull on Jul 17

Good morning everyone,

A security bulletin for all of you.

Software:
--------
Doorkeeper (https://github.com/doorkeeper-gem/doorkeeper)

Description:
----------
Doorkeeper is an OAuth 2 provider for Rails written in Ruby.

Affected Versions:
---------------
4.2.0 - 4.3.2
5.0.0.rc1

Fixed Versions:
-------------
4.4.0
5.0.0.rc2

Problem:
--------

Any OAuth application that uses public/non-confidential authentication when
interacting with...
Categories:

Defense in depth -- the Microsoft way (part 55): new software built with 5.5 year old tool shows 20+ year old vulnerabilities

July 17, 2018 - 8:14am

Posted by Stefan Kanthak on Jul 17

Hi @ll,

Microsoft released <https://support.microsoft.com/en-us/help/4340040/>
"July 2018 servicing release for Microsoft Desktop Optimization Pack"
some days ago.

<https://www.microsoft.com/en-us/download/details.aspx?id=57157> offers
three executable installers to update existing installations:
MBAM2.5_Client_x64_KB4340040.exe, MBAM2.5_Client_x86_KB4340040.exe and
MBAM2.5_X64_Server_KB4340040.exe

1. All three executable...
Categories:

[SECURITY] [DSA 4247-1] ruby-rack-protection security update

July 17, 2018 - 2:19am

Posted by Moritz Muehlenhoff on Jul 17

-------------------------------------------------------------------------
Debian Security Advisory DSA-4247-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
July 16, 2018 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : ruby-rack-protection
CVE ID : CVE-2018-1000119

A...
Categories:

[SECURITY] [DSA 4246-1] mailman security update

July 16, 2018 - 4:41am

Posted by Salvatore Bonaccorso on Jul 16

-------------------------------------------------------------------------
Debian Security Advisory DSA-4246-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
July 15, 2018 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : mailman
CVE ID : CVE-2018-0618

Toshitsugu Yoneyama...
Categories:

[SECURITY] [DSA 4245-1] imagemagick security update

July 16, 2018 - 4:33am

Posted by Moritz Muehlenhoff on Jul 16

-------------------------------------------------------------------------
Debian Security Advisory DSA-4245-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
July 14, 2018 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : imagemagick
CVE ID : CVE-2018-5248 CVE-2018-11251...
Categories:

[SECURITY] [DSA 4244-1] thunderbird security update

July 16, 2018 - 4:30am

Posted by Moritz Muehlenhoff on Jul 16

-------------------------------------------------------------------------
Debian Security Advisory DSA-4244-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
July 13, 2018 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : thunderbird
CVE ID : CVE-2017-17689 CVE-2018-5188...
Categories:

Huawei eNSP v1 - Buffer Overflow (DoS) Vulnerability

July 16, 2018 - 4:27am

Posted by Vulnerability Lab on Jul 16

Document Title:
===============
Huawei eNSP v1 - Buffer Overflow (DoS) Vulnerability

References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=2132

Security ID: huawei-sa-20180309-01-ensp

https://nvd.nist.gov/vuln/detail/CVE-2017-17321
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17321

Acknowledgements:
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180309-01-ensp-en...
Categories:

Secunia Research: Clam AntiVirus "parsehwp3_paragraph()" Denial of Service Vulnerability

July 13, 2018 - 2:29am

Posted by Secunia Research on Jul 13

======================================================================

Secunia Research 2018/07/12

Clam AntiVirus "parsehwp3_paragraph()"
Denial of Service Vulnerability

======================================================================
Table of Contents

Affected Software....................................................1...
Categories: