Ubuntu Security Notice 4168-1 - It was discovered that Libidn2 incorrectly handled certain inputs. A attacker could possibly use this issue to impersonate domains. It was discovered that Libidn2 incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code.
cf79bda79ca9397f2b33a211436016b37be02011ced052fcfc31479870124c25
Red Hat Security Advisory 2019-3231-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. BR/EDR encryption key negotiation attacks were addressed.
0b33abbdc0dd8f4ec7681bafd3c911f22d3a31437bc7b269d62e13b0d0acac22
Red Hat Security Advisory 2019-3222-01 - The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides aggressive parallelism capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, and keeps track of processes using Linux cgroups. Out-of-bounds read and state injection vulnerabilities have been addressed.
577451cf310db1a48ba0a694b200718a00ae7476608a14cab9a14f1716ea0098
Red Hat Security Advisory 2019-3225-01 - Java Security Services provides an interface between Java Virtual Machine and Network Security Services. It supports most of the security standards and encryption technologies supported by NSS including communication through SSL/TLS network protocols. JSS is primarily utilized by the Certificate Server as a part of the Identity Management System. The OCSP policy Leaf and Chain implicitly trusts the root certificate.
92309c773d0f38d49d3989c3f56a76f97d63d4f27ca885241749a73dccceafaf
Ubuntu Security Notice 4167-1 - Michael Hanselmann discovered that the Samba client code incorrectly handled path separators. If a user were tricked into connecting to a malicious server, a remote attacker could use this issue to cause the client to access local pathnames instead of network pathnames. Simon Fonteneau and Bjoern Baumbach discovered that Samba incorrectly handled the check password script. This issue could possibly bypass custom password complexity checks, contrary to expectations. This issue only affected Ubuntu 18.04 LTS, Ubuntu 19.04, and Ubuntu 19.10. Various other issues were also addressed.
ef19bb6d0495cb9e8b6742c4abe83117b6c43a9bc24e0152f873865b854071c3
Ubuntu Security Notice 4166-2 - USN-4166-1 fixed a vulnerability in PHP. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. It was discovered that PHP incorrectly handled certain paths when being used in FastCGI configurations. A remote attacker could possibly use this issue to execute arbitrary code. Various other issues were also addressed.
22ce5d9536099a62be238f172d1aa7be1a8a0dd24d9ff596e34568e558b800ad
Craft CMS versions up to 3.1.7 are missing rate limiting on password validations.
e26079a4a65a4669c9d8c5046a323f66dfea3ad1774ae2ef65e4b26a2599bda8
WordPress version 5.2.4 fails to validate an origin header.
3221b6e70ffc3ec1c88a8712fb1a47505186d32fb600ff75143ab8214bae1b44
Red Hat Security Advisory 2019-3232-01 - The polkit packages provide a component for controlling system-wide privileges. This component provides a uniform and organized way for non-privileged processes to communicate with privileged ones. Issues addressed include a bypass vulnerability.
9257b343607816b0b98f99e027b4fe3185a66876aedc5f1ee5ce31a4b6ae9211
Red Hat Security Advisory 2019-3234-01 - Pango is a library for laying out and rendering of text, with an emphasis on internationalization. Pango forms the core of text and font handling for the GTK+ widget toolkit. Issues addressed include a buffer overflow vulnerability.
ac7a20f11a20a1798eee870151f6baf04fd5bbfdfb5e9e678f2d475ee11dc027
Red Hat Security Advisory 2019-3237-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 68.2.0. Issues addressed include buffer overflow, bypass, cross site scripting, and use-after-free vulnerabilities.
6e152cb6de1e407aa24b73531b0f86c2b267e661039302e9f7cebbccf0d21018
Microsoft Windows Server 2012 suffers from a Group Policy security feature bypass vulnerability.
42e75c649b3a34baa9f25a162f0d99b56d845c88939bbbb7777ef5180b69b4c1
Red Hat Security Advisory 2019-3220-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a denial of service vulnerability.
2578a5db7e8d03d5428ff917444edb67a1c35cb51d29dbc5fc018051d5aefd6c
Red Hat Security Advisory 2019-3217-01 - The kernel-alt packages provide the Linux kernel version 4.x. Issues addressed include buffer overflow, denial of service, null pointer, and use-after-free vulnerabilities.
e72ee12fb3f5c4cd584a9fc7d93f5b552bb25f83f3adabd54be890f793989a90
Red Hat Security Advisory 2019-3218-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. BR/EDR encryption key negotiation attacks were addressed.
22ebf4e3d38bd96c01f93fad3ae8bcac3a7d2354d2c6450f3816d75c0766980f
Red Hat Security Advisory 2019-3219-01 - The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. A privilege escalation vulnerability has been addressed.
4082fd26b7cd4262eee9bdbf158b2eb849ea751c589dc89854060c94b75cad42
Microsoft Windows Server 2012 suffers from a Group Policy remote code execution vulnerability.
ccee66c4da6a5faeef607aa1f1de3ca83459c118bc6de48ff5ae4627c94bc717
Red Hat Security Advisory 2019-3210-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 68.2.0. Issues addressed include buffer overflow, bypass, cross site scripting, and use-after-free vulnerabilities.
eab73ea98afa2e510f2453560cb7938674b64634ab997ecd098678cd1b3c6421
rConfig version 3.9.2 suffers from a remote code execution vulnerability.
b12301a0ed841ed2491b8a64294909e610a8429eb92ca588af2b200c19495a88
Red Hat Security Advisory 2019-3211-01 - Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 77.0.3865.120. Issues addressed include bypass, cross site request forgery, file download, heap overflow, out of bounds access, and use-after-free vulnerabilities.
870a00fa7aec2a4120964485f8903dd1d6bc55035d71956fc7a0308de59c411d
Win10 MailCarrier version 2.51 POP3 User remote buffer overflow exploit.
13098e760a816ccb94607e0bf00c0b7ce7100d3be40e32babf503a1307f8b8a4
Intelligent Security System SecurOS Enterprise version 10.2 suffers from a SecurosCtrlService unquoted service path vulnerability.
e428c23c2cb0567738fb62cfe8f548064e641f605aefd572c01794d88da88d84