Feed aggregator

FreeBSD Security Advisory FreeBSD-SA-18:10.ip

BugTraq Latest Security Advisories - August 15, 2018 - 1:00am

Posted by FreeBSD Security Advisories on Aug 14

=============================================================================
FreeBSD-SA-18:10.ip Security Advisory
The FreeBSD Project

Topic: Resource exhaustion in IP fragment reassembly

Category: core
Module: inet
Announced: 2018-08-14
Credits: Juha-Matti Tilli <juha-matti.tilli () iki fi> from...
Categories:

FreeBSD Security Advisory FreeBSD-SA-18:09.l1tf

BugTraq Latest Security Advisories - August 15, 2018 - 12:57am

Posted by FreeBSD Security Advisories on Aug 14

=============================================================================
FreeBSD-SA-18:09.l1tf Security Advisory
The FreeBSD Project

Topic: L1 Terminal Fault (L1TF) Kernel Information Disclosure

Category: core
Module: Kernel
Announced: 2018-08-14
Affects: All supported versions of FreeBSD.
Corrected:...
Categories:

FreeBSD Security Advisory FreeBSD-SA-18:08.tcp

BugTraq Latest Security Advisories - August 15, 2018 - 12:53am

Posted by FreeBSD Security Advisories on Aug 14

=============================================================================
FreeBSD-SA-18:08.tcp Security Advisory
The FreeBSD Project

Topic: Resource exhaustion in TCP reassembly

Category: core
Module: inet
Announced: 2018-08-06
Credits: Juha-Matti Tilli <juha-matti.tilli () iki fi> from...
Categories:

[slackware-security] openssl (SSA:2018-226-01)

BugTraq Latest Security Advisories - August 15, 2018 - 12:31am

Posted by Slackware Security Team on Aug 14

[slackware-security] openssl (SSA:2018-226-01)

New openssl packages are available for Slackware 14.2 and -current to
fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/openssl-1.0.2p-i586-1_slack14.2.txz: Upgraded.
This update fixes two low severity security issues:
Client DoS due to large DH parameter.
Cache timing vulnerability in RSA Key Generation.
For more...
Categories:

[SECURITY] [DSA 4272-1] linux security update

BugTraq Latest Security Advisories - August 15, 2018 - 12:27am

Posted by Salvatore Bonaccorso on Aug 14

-------------------------------------------------------------------------
Debian Security Advisory DSA-4272-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
August 14, 2018 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : linux
CVE ID : CVE-2018-5391

CVE-2018-5391...
Categories:

Vuln: NTP CVE-2018-7185 Denial of Service Vulnerability

Security Focus Latest Security Advisories - August 14, 2018 - 11:00pm
NTP CVE-2018-7185 Denial of Service Vulnerability
Categories:

Vuln: NTP CVE-2018-7184 Denial of Service Vulnerability

Security Focus Latest Security Advisories - August 14, 2018 - 11:00pm
NTP CVE-2018-7184 Denial of Service Vulnerability
Categories:

Vuln: NTP CVE-2018-7170 Incomplete Fix Remote Security Vulnerability

Security Focus Latest Security Advisories - August 14, 2018 - 11:00pm
NTP CVE-2018-7170 Incomplete Fix Remote Security Vulnerability
Categories:

Vuln: Multiple SAP Products Multiple Unspecified Security Vulnerabilities

Security Focus Latest Security Advisories - August 14, 2018 - 11:00pm
Multiple SAP Products Multiple Unspecified Security Vulnerabilities
Categories:

Vuln: NTP CVE-2016-1549 Remote Security Vulnerability

Security Focus Latest Security Advisories - August 14, 2018 - 11:00pm
NTP CVE-2016-1549 Remote Security Vulnerability
Categories:

Vuln: NTP CVE-2018-12327 Stack Buffer Overflow Vulnerability

Security Focus Latest Security Advisories - August 14, 2018 - 11:00pm
NTP CVE-2018-12327 Stack Buffer Overflow Vulnerability
Categories:

Defense in depth -- the Microsoft way (part 57): all the latest MSVCRT installers allow escalation of privilege

BugTraq Latest Security Advisories - August 14, 2018 - 11:11am

Posted by Stefan Kanthak on Aug 14

Hi @ll,

about 6 weeks ago, Microsoft updated their MSKB article
<https://support.microsoft.com/en-us/help/2977003/the-latest-supported-visual-c-downloads>,
listing the current/lastest downloads of their MSVCRT alias
Microsoft Visual C++ Redistributable for Visual Studio 201x

Guess what Microsoft used to build the executable installers
offered on that page: COMPLETELY outdated versions 3.7.3813.0
(and before) of Wix Toolset, which NOBODY...
Categories:

X41 D-Sec GmbH Security Advisory X41-2018-005: Multiple Vulnerabilities in Apple smartcardservices

BugTraq Latest Security Advisories - August 14, 2018 - 9:41am

Posted by X41 D-Sec GmbH Advisories on Aug 14

X41 D-Sec GmbH Security Advisory: X41-2018-005

Multiple Vulnerabilities in Apple smartcardservices
===================================================

Overview
--------
Confirmed Affected Versions: e3eb96a6eff9d02497a51b3c155a10fa5989021f
Confirmed Patched Versions: 8eef01a5e218ae78cc358de32213b50a601662de
Vendor: Apple
Vendor URL: https://smartcardservices.github.io/
Credit: X41 D-Sec GmbH, Eric Sesterhenn
Status: Public
Advisory-URL:...
Categories:

X41 D-Sec GmbH Security Advisory X41-2018-002: Multiple Vulnerabilities in OpenSC

BugTraq Latest Security Advisories - August 14, 2018 - 9:40am

Posted by X41 D-Sec GmbH Advisories on Aug 14

X41 D-Sec GmbH Security Advisory: X41-2018-002

Multiple Vulnerabilities in OpenSC
==================================

Overview
--------
Confirmed Affected Versions: 0.18.0
Confirmed Patched Versions: possibly 0.19.0
Vendor: OpenSC
Vendor URL: https://github.com/OpenSC/OpenSC
Credit: X41 D-Sec GmbH, Eric Sesterhenn
Status: Public
Advisory-URL: https://www.x41-dsec.de/lab/advisories/x41-2018-002-OpenSC/

Summary and Impact
------------------...
Categories:

X41 D-Sec GmbH Security Advisory X41-2018-003: Multiple Vulnerabilities in pam_pkcs11

BugTraq Latest Security Advisories - August 14, 2018 - 9:38am

Posted by X41 D-Sec GmbH Advisories on Aug 14

X41 D-Sec GmbH Security Advisory: X41-2018-003

Multiple Vulnerabilities in pam_pkcs11
======================================

Overview
--------
Confirmed Affected Versions: 0.6.9
Confirmed Patched Versions: -
Vendor: Unmaintained
Vendor URL: https://github.com/OpenSC/pampkcs11
Credit: X41 D-Sec GmbH, Eric Sesterhenn
Status: Public
Advisory-URL:
https://www.x41-dsec.de/lab/advisories/x41-2018-003-pampkcs11/

Summary and Impact
------------------...
Categories:

X41 D-Sec GmbH Security Advisory X41-2018-004: Multiple Vulnerabilities in Yubico libykneomgr

BugTraq Latest Security Advisories - August 14, 2018 - 9:37am

Posted by X41 D-Sec GmbH Advisories on Aug 14

X41 D-Sec GmbH Security Advisory: X41-2018-004

Multiple Vulnerabilities in Yubico libykneomgr
==============================================

Overview
--------
Confirmed Affected Versions: 0.1.9
Confirmed Patched Versions: -
Vendor: Yubico / Depreciated
Vendor URL: https://www.yubico.com/
Credit: X41 D-Sec GmbH, Eric Sesterhenn
Status: Public
Advisory-URL:
https://www.x41-dsec.de/lab/advisories/x41-2018-004-libykneomgr/

Summary and Impact...
Categories:

X41 D-Sec GmbH Security Advisory X41-2018-001: Multiple Vulnerabilities in Yubico Piv

BugTraq Latest Security Advisories - August 14, 2018 - 9:31am

Posted by X41 D-Sec GmbH Advisories on Aug 14

X41 D-Sec GmbH Security Advisory: X41-2018-001

Multiple Vulnerabilities in Yubico Piv
======================================

Overview
--------
Confirmed Affected Versions: 1.5.0
Confirmed Patched Versions: 1.6.0
Vendor: Yubico
Vendor URL: https://www.yubico.com/
Vendor Advisory URL: https://www.yubico.com/support/security-advisories
Credit: X41 D-Sec GmbH, Eric Sesterhenn
Status: Public
Advisory-URL:...
Categories:

[SECURITY] [DSA 4271-1] samba security update

BugTraq Latest Security Advisories - August 14, 2018 - 9:27am

Posted by Salvatore Bonaccorso on Aug 14

-------------------------------------------------------------------------
Debian Security Advisory DSA-4271-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
August 14, 2018 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : samba
CVE ID : CVE-2018-10858 CVE-2018-10919...
Categories:

ASUSTOR NAS ADM - 3.1.0 Remote Command Execution, SQL Injections

BugTraq Latest Security Advisories - August 14, 2018 - 3:48am

Posted by kyle Lovett on Aug 14

Product - ASUSTOR ADM - 3.1.0.RFQ3 and all previous builds
Vendor - https://www.asustor.com/
Patch Notes - http://download.asustor.com/download/docs/releasenotes/RN_ADM_3.1.3.RHU2.pdf

Issue: The Asustor NAS appliance on ADM 3.1.0 and before suffer from
multiple critical vulnerabilities. The vulnerabilities were submitted
to Asustor in January and February 2018. Several follow-up requests
were made in an attempt to obtain vendor acknowledgement,...
Categories:

next-20180814: linux-next

Linux Kernel Updates - August 14, 2018 - 3:09am
Version:next-20180814 (linux-next) Released:2018-08-14