Ubuntu Security Notice 3926-1 - It was discovered that the GPAC MP4Box utility incorrectly handled certain memory operations. If an user or automated system were tricked into opening a specially crafted MP4 file, a remote attacker could use this issue to cause MP4Box to crash, resulting in a denial of service, or possibly execute arbitrary code.
058b55176716e6cd63fcb744b4f43c0a317967eb921aab15c4951d57ebbc973c
Debian Linux Security Advisory 4418-1 - A vulnerability was discovered in the Dovecot email server. When reading FTS or POP3-UIDL headers from the Dovecot index, the input buffer size is not bounds-checked. An attacker with the ability to modify dovecot indexes, can take advantage of this flaw for privilege escalation or the execution of arbitrary code with the permissions of the dovecot user. Only installations using the FTS or pop3 migration plugins are affected.
5f7320a4f99efebe154199569271623544e4fc88c4a732369e2428dacd8a05c9
VMware Security Advisory 2019-0005 - VMware ESXi, Workstation and Fusion updates address multiple security issues.
8846e044c3eed0221d88be8cdf98de3845c9cff19055a8dc95a159383a861134
VMware Security Advisory 2019-0004 - VMware vCloud Director for Service Providers update resolves a Remote Session Hijack vulnerability.
85cb5465c8927563ed06436a1dd5e042011b7033eb7f1a051de35e22a380d9d1
Ubuntu Security Notice 3927-1 - It was discovered that Thunderbird allowed PAC files to specify that requests to localhost are sent through the proxy to another server. If proxy auto-detection is enabled, an attacker could potentially exploit this to conduct attacks on local services and tools. Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, or execute arbitrary code. Various other issues were also addressed.
31f9c116262cfb79aaf7ecac00f1cfd19e6694e7443bd751ab7e498952c674a7
Ubuntu Security Notice 3918-3 - USN-3918-1 fixed vulnerabilities in Firefox. The update caused web compatibility issues with some websites. This update fixes the problem. Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, denial of service via successive FTP authorization prompts or modal alerts, trick the user with confusing permission request prompts, obtain sensitive information, conduct social engineering attacks, or execute arbitrary code. A mechanism was discovered that removes some bounds checking for string, array, or typed array accesses if Spectre mitigations have been disabled. If a user were tricked in to opening a specially crafted website with Spectre mitigations disabled, an attacker could potentially exploit this to cause a denial of service, or execute arbitrary code. It was discovered that Upgrade-Insecure-Requests was incorrectly enforced for same-origin navigation. An attacker could potentially exploit this to conduct man-in-the-middle attacks. Various other issues were also addressed.
c8fd9d8ab5cd95e9687bd37b17543aed9f243feba6dac966b7dd30515278f573
Ubuntu Security Notice 3925-1 - It was discovered that an out-of-bounds write vulnerability existed in the XMP Image handling functionality of the FreeImage library. If a user or automated system were tricked into opening a specially crafted image, a remote attacker could overwrite arbitrary memory, resulting in code execution.
1d188fb314c0e123be9abaa5d788cc11655fffa20b40841bd5227b7ee61b1747
Red Hat Security Advisory 2019-0679-01 - The libssh2 packages provide a library that implements the SSH2 protocol. Issues addressed include an out of bounds write vulnerability.
a2414a1b44f340e0d42d5ef05c0f4d89a21cbf21917cf010b7b0c5334dfd227b
Ubuntu Security Notice 3924-1 - It was discovered that mod_auth_mellon incorrectly handled certain requests. An attacker could possibly use this issue to redirect a user to a malicious URL. It was discovered that mod_auth_mellon incorrectly handled certain requests. An attacker could possibly use this issue to access sensitive information.
050440098b7905b5366401174e130c5f5be982facf561860a0ad8199296d78ed
Red Hat Security Advisory 2019-0681-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 60.6.1. Issues addressed include a use-after-free vulnerability.
a1486c6e1fe457cdd37294b00bcfd9666818f80098ec3078a42437a5b36b64b0
Red Hat Security Advisory 2019-0680-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 60.6.1. Issues addressed include a use-after-free vulnerability.
a3960d8852a7b0389942bc12f66d26ac8c372453dd98cd9423aa0334c3c9745a
Slackware Security Advisory - New gnutls packages are available for Slackware 14.2 and -current to fix security issues.
301402e890f45c8fe4cae41b2db75126717ea85d95be8f3658c5fe2c36832ba8
Apple Security Advisory 2019-3-27-1 - watchOS 5.2 is now available and addresses buffer overflow and code execution vulnerabilities.
32ea7665f2a5f3668f2773fefd23845585f60b71ea1ca19d105a134a768c7b44
Gentoo Linux Security Advisory 201903-23 - Multiple vulnerabilities have been found in Chromium, the worst of which could result in the remote execution of code. Versions less than 73.0.3683.75 are affected.
0d758e392119bc08e7cd6fc9d8eb0febf9dc6149e7e5fd26f8a4b2a5e96d918f
Gentoo Linux Security Advisory 201903-22 - An overflow was discovered in ZeroMQ which could lead to arbitrary code execution. Versions less than 4.3.1 are affected.
369fd084812b4a33195bab4ed061f4af8ecfca25a6f5c4e5d440330adf785501
Gentoo Linux Security Advisory 201903-21 - Multiple vulnerabilities have been found in Apache Web Server, the worst of which could result in a Denial of Service condition. Versions less than 2.4.38-r1 are affected.
3369fcf2fa83fa333a273a54c49a32700989b254b926ea600e23ca5cfd2463c4
Gentoo Linux Security Advisory 201903-20 - Multiple vulnerabilities have been found in cabextract and libmspack, the worst of which could result in a Denial of Service. Versions less than 1.8 are affected.
f6cc6c4509246d480adeaa1577b14cf69fbde2f3438f43221621f90493f9137a
Gentoo Linux Security Advisory 201903-19 - Multiple vulnerabilities have been found in NASM, the worst of which could result in the remote execution of arbitrary code. Versions less than 2.14.02 are affected.
5169c28e2886caf3cf570b40fff2a4af5a5f2a94b75b57715fb66994435e9c20
Gentoo Linux Security Advisory 201903-18 - Multiple vulnerabilities have been found in GD, the worst of which could result in the remote execution of arbitrary code. Versions less than 2.2.5-r2 are affected.
1d37ab9ca2e7fff5ccebddafafb28ae0b10fe4c7a72c0a7ba6a91459db606e08
Gentoo Linux Security Advisory 201903-17 - Multiple vulnerabilities have been found in the image loading library for Simple DirectMedia Layer, the worst of which could result in the remote execution of arbitrary code. Versions less than 2.0.4 are affected.
5cb36cfcb59a08e2b10834307d984823deaeb727c2f5b6ca3f78cfe7dd717c50
Ubuntu Security Notice 3923-1 - Michael Hanselmann discovered that QEMU incorrectly handled the Media Transfer Protocol. An attacker inside the guest could use this issue to read or write arbitrary files and cause a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.10. Michael Hanselmann discovered that QEMU incorrectly handled the Media Transfer Protocol. An attacker inside the guest could use this issue to read arbitrary files, contrary to expectations. This issue only affected Ubuntu 18.04 LTS and Ubuntu 18.10. Various other issues were also addressed.
bd50cf4e3724dde4eca89acd01b984093f41b59050ef6cddd19b55a916c3b163
Red Hat Security Advisory 2019-0672-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.6.1 ESR.
a66e07d0056a772de65564f6604eb67706b5f09c2226b7789a271c9c481ea630
Red Hat Security Advisory 2019-0671-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.6.1 ESR.
5384e9fcb533149326a741c9c1a106aee3dd186a89e17054dc29950e438e6d53
Razer laptops ship with SPI flash set to full read/write and the Intel CPU is left in ME Manufacturing Mode.
7d678619ab5a9fdf0463c198c9e4b917336b325215c49776175af01fad3b75d0
EMC NetWorker may potentially be vulnerable to an unauthenticated remote code execution vulnerability in the Networker Client execution service (nsrexecd) when oldauth authentication method is used. An unauthenticated remote attacker could send arbitrary commands via RPC service to be executed on the host system with the privileges of the nsrexecd service, which runs with administrative privileges. Affected includes EMC NetWorker versions 8.2.x, versions 9.0.x, versions prior to 9.1.1.5, and versions prior to 9.2.1.
66870bbfcda2e853c60f884ceb3c02b01afe04b67bf39ddb8d2eae51ae0edfb0