Asterisk Project Security Advisory - A carefully crafted URI in a From, To or Contact header could cause Asterisk to crash.
3aaf55f2e7edf3194ca408a6b81cebdb27229d2dd95377a0d81498fe1ed9affdAsterisk Project Security Advisory - The app_minivm module has an externnotify program configuration option that is executed by the MinivmNotify dialplan application. The application uses the caller-id name and number as part of a built string passed to the OS shell for interpretation and execution. Since the caller-id name and number can come from an untrusted source, a crafted caller-id name or number allows an arbitrary shell command injection.
f609d7792da894fb6c1fb0ade8daec8f16def1711e4528d9c0115ae784979027Asterisk Project Security Advisory - The "strictrtp" option in rtp.conf enables a feature of the RTP stack that learns the source address of media for a session and drops any packets that do not originate from the expected address. This option is enabled by default in Asterisk 11 and above. The "nat" and "rtp_symmetric" options for chan_sip and chan_pjsip respectively enable symmetric RTP support in the RTP stack. This uses the source address of incoming media as the target address of any sent media. This option is not enabled by default but is commonly enabled to handle devices behind NAT. A change was made to the strict RTP support in the RTP stack to better tolerate late media when a reinvite occurs. When combined with the symmetric RTP support this introduced an avenue where media could be hijacked. Instead of only learning a new address when expected the new code allowed a new source address to be learned at all times. If a flood of RTP traffic was received the strict RTP support would allow the new address to provide media and with symmetric RTP enabled outgoing traffic would be sent to this new address, allowing the media to be hijacked. Provided the attacker continued to send traffic they would continue to receive traffic as well.
dc5c0fb3ca5feec836d616e3705c5e6f1fe136bb73fc595a8c84c639da8487a1HPE Security Bulletin HPESBGN03765 2 - A security vulnerability in the DES/3DES block ciphers used in the TLS protocol could potentially impact HPE LoadRunner and HPE Performance Center resulting in remote disclosure of information. This is also known as the SWEET32 attack. Revision 2 of this advisory.
948d29ad7d087b66e32a4c02373d48f779582beea0bda6a1bd420ce52660e466HPE Security Bulletin HPESBGN03767 1 - A potential security vulnerability has been identified in HPE Operations Orchestration product. The vulnerability could be exploited remotely to allow execution of code. Revision 1 of this advisory.
4b17d418b655fd4fe6b152730a774cede78fd9a61ada68f04893915f466f72bdRed Hat Security Advisory 2017-2561-01 - In accordance with the Red Hat Virtualization 3.x Support Life Cycle Policy, support will end on September 30, 2017. Red Hat will not provide extended support for the Red Hat Virtualization Manager and Red Hat Virtualization Host. Customers are requested to migrate to the newer Red Hat Virtualization product prior to the end of the life cycle for Red Hat Virtualization 3.x. After September 30, 2017, technical support through Red Hatas Global Support Services will no longer be provided, other than assisting in upgrades. We encourage customers to plan their migration from Red Hat Virtualization 3.x to the latest version of Red Hat Virtualization. Please contact your Red Hat account representative if you have questions and/or concerns on this matter.
5b114bd7dd14cc284504b01336be22854bf97593bdc99b359bb38bd0c83ebcf7Red Hat Security Advisory 2017-2563-01 - OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Security Fix: A covert timing channel flaw was found in the way OpenSSH handled authentication of non-existent users. A remote unauthenticated attacker could possibly use this flaw to determine valid user names by measuring the timing of server responses.
6772db3539ac28058a8dcd85adcd01f09d836815a6d2fd1a69ba5c6d44438755Ubuntu Security Notice 3407-1 - It was discovered that a vulnerability in PyJWT doesn't check invalid_strings properly for some public keys. A remote attacker could take advantage of a key confusion to craft JWTs from scratch.
e3e01befa15d7f06ef941139b36fa41772cafde88db23d227c8322291d44e7efIt was discovered that the Linux kernel did not honor the UEFI secure boot mode when performing a kexec operation. A local attacker could use this to bypass secure boot restrictions. Huang Weller discovered that the ext4 filesystem implementation in the Linux kernel mishandled a needs-flushing-before-commit list. A local attacker could use this to expose sensitive information.
c7df1f4aa0c771c693ab5cdc029c2592e8150b9b8545e98b1a33e436c816e1b2Red Hat Security Advisory 2017-2560-01 - Red Hat Certificate System is a complete implementation of an enterprise software system designed to manage enterprise public key infrastructure deployments. Security Fix: An input validation error was found in Red Hat Certificate System's handling of client provided certificates. If the certreq field is not present in a certificate an assertion error is triggered causing a denial of service.
2d5e6910c074eef9529b80d25596e174c146febd35f90ff2325b0df303b172c6Red Hat Security Advisory 2017-2550-01 - Poppler is a Portable Document Format rendering library, used by applications such as Evince. Security Fix: An integer overflow leading to heap-based buffer overflow was found in the poppler library. An attacker could create a malicious PDF file that would cause applications that use poppler to crash, or potentially execute arbitrary code when opened.
30fdfed1c4eb00dafa9a5feb388b038bd737ddb981a4bf137483e157cd0b076cRed Hat Security Advisory 2017-2551-01 - Poppler is a Portable Document Format rendering library, used by applications such as Evince. Security Fix: A stack-based buffer overflow was found in the poppler library. An attacker could create a malicious PDF file that would cause applications that use poppler to crash, or potentially execute arbitrary code when opened. An integer overflow leading to heap-based buffer overflow was found in the poppler library. An attacker could create a malicious PDF file that would cause applications that use poppler to crash, or potentially execute arbitrary code when opened.
40c08e6162faea24c09e05a6cf44985ab8e36c79bc0204d551d2415ef949d805Red Hat Security Advisory 2017-2553-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic. Security Fix: An unsigned int wrap around leading to a buffer over-read was found when parsing OFPT_QUEUE_GET_CONFIG_REPLY messages in Open vSwitch. An attacker could use this flaw to cause a remote DoS. In Open vSwitch, while parsing an OpenFlow role status message there is a call to the abort() function for undefined role status reasons in the function `ofp_print_role_status_message` in `lib/ofp-print.c` that may be leveraged toward a remote DoS attack by a malicious switch.
56936320101a5b922f34ab434526419eab4c9e3ba19796ee3ceb3cb4ad530d0eRed Hat Security Advisory 2017-2557-01 - instack-undercloud provides a collection of scripts and elements that can be used to install an OpenStack undercloud. Security Fix: A flaw was found in instack-undercloud where pre-install and security policy scripts used insecure temporary files. A local user could exploit this flaw to conduct a symbolic-link attack, allowing them to overwrite the contents of arbitrary files. This issue was discovered by Matthew Booth .
d8d742bba2be07ffe66985713f1cfdc96b7b75bf4fe441ffceeacbea010127a4Ubuntu Security Notice 3406-2 - USN-3406-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 ESM. It was discovered that an out of bounds read vulnerability existed in the associative array implementation in the Linux kernel. A local attacker could use this to cause a denial of service or expose sensitive information. Various other issues were also addressed.
758596ce904dfa2889ac9b02c30f0768fa707b455b39326bcb94ddd33a26005dRed Hat Security Advisory 2017-2546-01 - Red Hat JBoss BPM Suite is a business rules and processes management system for the management, storage, creation, modification, and deployment of JBoss rules and BPMN2-compliant business processes. This release of Red Hat JBoss BPM Suite 6.4.5 serves as a replacement for Red Hat JBoss BPM Suite 6.4.4, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Multiple security issues have been addressed.
f93c793451958d740348f9745b1ba97fbeb875988cbf60a8db15b87fc17e9809Red Hat Security Advisory 2017-2547-01 - Red Hat JBoss BRMS is a business rules management system for the management, storage, creation, modification, and deployment of JBoss Rules. This release of Red Hat JBoss BRMS 6.4.5 serves as a replacement for Red Hat JBoss BRMS 6.4.4, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix: A deserialization flaw was discovered in the jackson-databind which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper.
2c948ef159b1b3489ab627d5ae835bf6a411055a848f97674b6c0b4796177655Debian Linux Security Advisory 3956-1 - Security consultants in NRI Secure Technologies discovered a stack overflow vulnerability in ConnMan, a network manager for embedded devices. An attacker with control of the DNS responses to the DNS proxy in ConnMan might crash the service and, in same cases, remotely execute arbitrary commands in the host running the service.
1c6dc41641177aab4fc2b9b58a615a854bef0b0a67b8e258359e3e8ec855a6e4Debian Linux Security Advisory 3957-1 - Several vulnerabilities have been discovered in FFmpeg, a multimedia player, server and encoder. These issues could lead to Denial-of-Service and, in some situation, the execution of arbitrary code.
61083a45d9c0376a31be684fe8b36ad5076bd28860de87aa85fec64e5bb7effbRed Hat Security Advisory 2017-2538-01 - Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and IMAP protocols, with a strong focus on high concurrency, performance and low memory usage. Security Fix: A flaw within the processing of ranged HTTP requests has been discovered in the range filter module of nginx. A remote attacker could possibly exploit this flaw to disclose parts of the cache file header, or, if used in combination with third party modules, disclose potentially sensitive memory by sending specially crafted HTTP requests.
79ce5cdcbe0cbbc085c98d66b45bb72a7aa104db74a886fb9fc2df65ea217b15Ubuntu Security Notice 3403-1 - Kamil Frankowicz discovered that Ghostscript mishandles references. A remote attacker could use this to cause a denial of service. Kim Gwan Yeong discovered that Ghostscript could allow a heap-based buffer over-read and application crash. A remote attacker could use a crafted document to cause a denial of service. Various other issues were also addressed.
6dd983d679492b9318efe888eca4eb9bab8194da18e90f8b337f86dad6d87e3dHPE Security Bulletin HPESBHF03770 1 - A potential security vulnerability has been identified in Comware 7 MSR Routers using PHP, Go, Apache Http Server, and Tomcat. The vulnerability known as "httpoxy" could be remotely exploited to execute arbitrary code. Revision 1 of this advisory.
2af8ae566d18e3cd782b2353bc2bd160ea874bc5b28f246c238fe9f009bc5455Ubuntu Security Notice 3199-3 - USN-3199-1 fixed a vulnerability in Python Crypto. This update provides the corresponding update for Ubuntu 12.04 ESM. A It was discovered that the ALGnew function in block_templace.c in the A Python Cryptography Toolkit contained a heap-based buffer overflow A vulnerability. A remote attacker could use this flaw to execute A arbitrary code by using a crafted initialization vector parameter. Various other issues were also addressed.
1428af321c89f55dc7b12672634207a5aca4471a323e200ab47ff1cf2abb4b37MISP (Malware Information Sharing Platform and Threat Sharing) versions 2.4.79 and below suffer from a cross site scripting vulnerability.
d5d95664a334a528dd6612f67991bd576886442c2f66af94f4b6396b958b356cUbuntu Security Notice 3406-1 - It was discovered that an out of bounds read vulnerability existed in the associative array implementation in the Linux kernel. A local attacker could use this to cause a denial of service or expose sensitive information. It was discovered that a NULL pointer dereference existed in the Direct Rendering Manager driver for VMWare devices in the Linux kernel. A local attacker could use this to cause a denial of service. Various other issues were also addressed.
713a8ec2966db4dfb7a60eb6aba6c8abc38cb940925a7a8602735cf1998e3b56
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed