[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*


oval:org.secpod.oval:def:704005
libreoffice: Office productivity suite Details: USN-3579-1 fixed a vulnerability in LibreOffice. After upgrading, it was no longer possible for LibreOffice to open documents from certain locations outside of the user"s home directory. This update fixes the problem. We apologize for the inconvenience ...

oval:org.secpod.oval:def:42574
The host is installed with RunC on Ubuntu 16.04, 17.04 or 17.10 and is prone to a privilege escalation vulnerability. A flaw is present in the application, which fails to properly treat a numeric UID. Successful exploitation could allow attackers to to gain privileges via a numeric username in the p ...

oval:org.secpod.oval:def:703914
exim4: Exim is a mail transport agent Exim could be made to crash if it received specially crafted network traffic.

oval:org.secpod.oval:def:703909
exim4: Exim is a mail transport agent Exim could be made to crash or run programs if it received specially crafted network traffic.

oval:org.secpod.oval:def:703883
postgresql-common: PostgreSQL database-cluster manager postgresql-common could be made to overwrite files as the administrator.

oval:org.secpod.oval:def:703870
Ubuntu 17.10 is installed

oval:org.secpod.oval:def:703998
libreoffice: Office productivity suite Details: USN-3579-1 fixed a vulnerability in LibreOffice. After upgrading, it was no longer possible for LibreOffice to open documents from certain locations outside of the user"s home directory. This update fixes the problem. We apologize for the inconvenience ...

oval:org.secpod.oval:def:703874
quagga: BGP/OSPF/RIP routing daemon Several security issues were fixed in Quagga.

oval:org.secpod.oval:def:703983
erlang: Concurrent, real-time, distributed functional language Several security issues were fixed in Erlang.

oval:org.secpod.oval:def:703869
systemd: system and service manager systemd could be made to temporarily stop responding if it received specially crafted network traffic.

oval:org.secpod.oval:def:703974
squid3: Web proxy cache server Several security issues were fixed in Squid.

oval:org.secpod.oval:def:43675
openssh: secure shell for secure access to remote machines Several security issues were fixed in OpenSSH.

oval:org.secpod.oval:def:704202
wavpack: audio codec - encoder and decoder Several security issues were fixed in WavPack.

oval:org.secpod.oval:def:704078
dpdk: set of libraries for fast packet processing Details: USN-3642-1 fixed a vulnerability in DPDK. This update provides the corresponding update for Ubuntu 17.10. Original advisory DPDK could be made to expose sensitive information over the network.

oval:org.secpod.oval:def:704218
xapian-core: Development files for Xapian search engine library Xapian-core could be made to execute arbitrary code if it received a specially crafted file.

oval:org.secpod.oval:def:704226
devscripts: scripts to make the life of a Debian Package maintainer easier devscripts could be made to run arbitrary code if it received a specially crafted YAML file.

oval:org.secpod.oval:def:704055
packagekit: Provides a package management service PackageKit could be made to install or run programs as an administrator.

oval:org.secpod.oval:def:704154
curl: HTTP, HTTPS, and FTP client and client libraries curl could be made to crash or run programs if it received specially crafted network traffic.

oval:org.secpod.oval:def:704234
freetype: FreeType 2 is a font engine library FreeType could be made to crash if it opened a specially crafted file.

oval:org.secpod.oval:def:704171
wavpack: audio codec - encoder and decoder Several security issues were fixed in WavPackXXX-APP-XXX.

oval:org.secpod.oval:def:704206
python-django: High-level Python web development framework Several security issues were fixed in Django.

oval:org.secpod.oval:def:42573
The host is installed with RunC on Ubuntu 17.04 or 17.10 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to properly handle the container. Successful exploitation could allow attackers to gain access to file-descriptors of new processes duri ...

oval:org.secpod.oval:def:44760
GIT version 2.15.1 and earlier contains a Input Validation Error vulnerability in Client that can result in problems including messing up terminal configuration to RCE. This attack appear to be exploitable via The user must interact with a malicious git server, (or have their traffic modified in a M ...

oval:org.secpod.oval:def:44761
In the cron package through 3.0pl1-128 on Debian, and through 3.0pl1-128ubuntu2 on Ubuntu, the postinst maintainer script allows for group-crontab-to-root privilege escalation via symlink attacks against unsafe usage of the chown and chmod programs.

oval:org.secpod.oval:def:704079
curl: HTTP, HTTPS, and FTP client and client libraries Several security issues were fixed in curl.

oval:org.secpod.oval:def:45546
php7.2: HTML-embedded scripting language interpreter - php7.1: HTML-embedded scripting language interpreter - php7.0: HTML-embedded scripting language interpreter - php5: HTML-embedded scripting language interpreter Several security issues were fixed in PHP.

oval:org.secpod.oval:def:46457
policykit-1: framework for managing administrative policies and privileges Several security issues were fixed in PolicyKit.

oval:org.secpod.oval:def:703954
bind9: Internet Domain Name Server Bind could be made to crash if it received specially crafted network traffic.

oval:org.secpod.oval:def:703957
intel-microcode: Processor microcode for Intel CPUs Details: USN-3531-1 updated Intel microcode to the 20180108 release. Regressions were discovered in the microcode updates which could cause system instability on certain hardware platforms. At the request of Intel, we have reverted to the previous ...

oval:org.secpod.oval:def:703955
glibc: GNU C Library - eglibc: GNU C Library Several security issues were fixed in the GNU C library.

oval:org.secpod.oval:def:703946
irssi: terminal based IRC client Several security issues were fixed in Irssi.

oval:org.secpod.oval:def:703932
firefox: Mozilla Open Source web browser Details: USN-3477-1 fixed vulnerabilities in Firefox. The update introduced a crash reporting issue where background tab crash reports were sent to Mozilla without user opt-in. This update fixes the problem. We apologize for the inconvenience. Original adviso ...

oval:org.secpod.oval:def:703935
awstats: powerful and featureful web server log analyzer AWStats could be made to run programs if it received specially crafted network traffic.

oval:org.secpod.oval:def:703928
openssl: Secure Socket Layer cryptographic library and tools Several security issues were fixed in OpenSSL.

oval:org.secpod.oval:def:703918
linux-firmware: Firmware for Linux kernel drivers Several security issues were fixed in linux-firmware.

oval:org.secpod.oval:def:703916
thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird.

oval:org.secpod.oval:def:703915
firefox: Mozilla Open Source web browser Details: USN-3477-1 fixed vulnerabilities in Firefox. The update introduced various minor regressions. This update fixes the problems. We apologize for the inconvenience. Original advisory USN-3477-1 caused some minor regressions in Firefox.

oval:org.secpod.oval:def:703910
libxcursor: X11 cursor management library libxcursor could be made to crash or run programs if it opened a specially crafted file.

oval:org.secpod.oval:def:703913
libxfont: X11 font rasterisation library - libxfont1: X11 font rasterisation library - libxfont2: X11 font rasterisation library libXfont could be made to access arbitrary files, including special device files.

oval:org.secpod.oval:def:703907
firefox: Mozilla Open Source web browser Details: USN-3477-1 fixed vulnerabilities in Firefox. The update caused search suggestions to not be displayed when performing Google searches from the search bar. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-3477-1 ...

oval:org.secpod.oval:def:703906
libxml-libxml-perl: Perl interface to the libxml2 library XML::LibXML could be made to crash or run programs if it processed specially crafted input.

oval:org.secpod.oval:def:703908
optipng: advanced PNG optimizer OptiPNG could be made to crash or run programs as your login if it opened a specially crafted file.

oval:org.secpod.oval:def:703901
libraw: raw image decoder library LibRaw could be made to crash or run programs as your login if it opened a specially crafted file.

oval:org.secpod.oval:def:703900
ldns: ldns library for DNS programming Several security issues were fixed in ldns.

oval:org.secpod.oval:def:703891
samba: SMB/CIFS file, print, and login server for Unix Several security issues were fixed in Samba.

oval:org.secpod.oval:def:703890
apport: automatically generate crash reports for debugging Details: USN-3480-1 fixed vulnerabilities in Apport. The fix for CVE-2017-14177 introduced a regression in the ability to handle crashes for users that configured their systems to use the Upstart init system in Ubuntu 16.04 LTS and Ubuntu 17 ...

oval:org.secpod.oval:def:703888
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:703887
apport: automatically generate crash reports for debugging Apport could be tricked into creating files as an administrator, resulting in denial of service or privilege escalation.

oval:org.secpod.oval:def:703885
postgresql-9.6: Object-relational SQL database - postgresql-9.5: Object-relational SQL database - postgresql-9.3: Object-relational SQL database Several security issues were fixed in PostgreSQL.

oval:org.secpod.oval:def:703889
procmail: Versatile e-mail processor formail could be made to crash or run programs if it processed specially crafted mail.

oval:org.secpod.oval:def:703872
wget: retrieves files from the web Several security issues were fixed in Wget.

oval:org.secpod.oval:def:703871
irssi: terminal based IRC client Several security issues were fixed in Irssi.

oval:org.secpod.oval:def:44095
quagga: BGP/OSPF/RIP routing daemon Several security issues were fixed in Quagga.

oval:org.secpod.oval:def:703982
firefox: Mozilla Open Source web browser Details: USN-3544-1 fixed vulnerabilities in Firefox. The update caused a web compatibility regression and a tab crash during printing in some circumstances. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-3544-1 cause ...

oval:org.secpod.oval:def:703980
exim4: Exim is a mail transport agent Exim could be made to crash or run programs if it received specially crafted network traffic.

oval:org.secpod.oval:def:703984
advancecomp: collection of recompression utilities AdvanceCOMP could be made to crash or run programs if it opened a specially crafted file.

oval:org.secpod.oval:def:703971
clamav: Anti-virus utility for Unix Several security issues were fixed in ClamAV.

oval:org.secpod.oval:def:703970
thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird.

oval:org.secpod.oval:def:703976
miniupnpc: UPnP IGD client lightweight library MiniUPnP could be made to crash or run programs if it received specially crafted network traffic.

oval:org.secpod.oval:def:703973
firefox: Mozilla Open Source web browser Firefox could be made to run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:703961
mysql-5.7: MySQL database - mysql-5.5: MySQL database Several security issues were fixed in MySQL.

oval:org.secpod.oval:def:703965
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:703964
gcab: Microsoft Cabinet file manipulation tool gcab could be made to crash or run programs if it opened a specially crafted file.

oval:org.secpod.oval:def:704003
dovecot: IMAP and POP3 email server Several security issues were fixed in Dovecot.

oval:org.secpod.oval:def:704004
python-django: High-level Python web development framework Several security issues were fixed in Django.

oval:org.secpod.oval:def:704000
isc-dhcp: DHCP server and client Several security issues were fixed in DHCP.

oval:org.secpod.oval:def:704001
memcached: high-performance memory object caching system Several security issues were fixed in Memcached.

oval:org.secpod.oval:def:704006
clamav: Anti-virus utility for Unix Several security issues were fixed in ClamAV.

oval:org.secpod.oval:def:704127
webkit2gtk: Web content engine library for GTK+ Several security issues were fixed in WebKitGTK+.

oval:org.secpod.oval:def:704128
mozjs52: SpiderMonkey JavaScript library Several security issues were fixed in Spidermonkey.

oval:org.secpod.oval:def:704008
samba: SMB/CIFS file, print, and login server for Unix Several security issues were fixed in Samba.

oval:org.secpod.oval:def:704009
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:704111
gnupg2: GNU privacy guard - a free PGP replacement - gnupg: GNU privacy guard - a free PGP replacement Several security issues were fixed in GnuPG.

oval:org.secpod.oval:def:704119
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:704101
exempi: library to parse XMP metadata Exempi could be made to crash or run programs if it opened a specially crafted file.

oval:org.secpod.oval:def:704223
irssi: terminal based IRC client Several security issues were fixed in Irssi.

oval:org.secpod.oval:def:704108
unbound: validating, recursive, caching DNS resolver A security issue was fixed in Unbound.

oval:org.secpod.oval:def:704211
postgresql-9.6: Object-relational SQL database - postgresql-9.5: Object-relational SQL database - postgresql-9.3: Object-relational SQL database PostgreSQL could be made to expose sensitive information.

oval:org.secpod.oval:def:704213
mailman: Powerful, web-based mailing list manager Mailman could be made to run arbitrary code.

oval:org.secpod.oval:def:704209
patch: Apply a diff file to an original Several security issues were fixed in Patch.

oval:org.secpod.oval:def:704204
perl: Practical Extraction and Report Language Perl could be made to overwrite arbitrary files if it received a specially crafted archive file.

oval:org.secpod.oval:def:46447
cups: Common UNIX Printing System Several security issues were fixed in CUPS.

oval:org.secpod.oval:def:704095
thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird.

oval:org.secpod.oval:def:704096
nvidia-graphics-drivers-384: NVIDIA binary X.Org driver NVIDIA graphics drivers could be made to crash or run programs as an administrator.

oval:org.secpod.oval:def:704091
procps: /proc file system utilities Several security issues were fixed in procps-ng.

oval:org.secpod.oval:def:704082
firefox: Mozilla Open Source web browser Details: USN-3645-1 fixed vulnerabilities in Firefox. The update caused an issue where users experienced long UI pauses in some circumsances. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-3645-1 caused a regression i ...

oval:org.secpod.oval:def:704196
transmission: lightweight BitTorrent client Transmission could be made to run arbitraty code.

oval:org.secpod.oval:def:704198
rsync: fast, versatile, remote file-copying tool Several security issues were fixed in rsync.

oval:org.secpod.oval:def:704199
xdg-utils: desktop integration utilities from freedesktop.org xdg-utils could be made to run arbitrary code if it received a specially crafted input.

oval:org.secpod.oval:def:704071
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:704192
liblouis: Braille translation library - utilities Several security issues were fixed in Liblouis.

oval:org.secpod.oval:def:704072
openjdk-8: Open Source Java implementation Several security issues were fixed in OpenJDK 8.

oval:org.secpod.oval:def:704193
ruby2.3: Object-oriented scripting language - ruby1.9.1: Object-oriented scripting language - ruby2.0: Object-oriented scripting language Several security issues were fixed in Ruby.

oval:org.secpod.oval:def:704195
poppler: PDF rendering library Several security issues were fixed in poppler.

oval:org.secpod.oval:def:704190
libraw: raw image decoder library Several security issues were fixed in LibRaw.

oval:org.secpod.oval:def:704191
apport: automatically generate crash reports for debugging Details: USN-3480-2 fixed regressions in Apport. The update introduced a new regression in the container support. This update addresses the problem. We apologize for the inconvenience. Original advisory USN-3480-2 introduced regressions in A ...

oval:org.secpod.oval:def:704068
webkit2gtk: Web content engine library for GTK+ A security issue was fixed in WebKitGTK+.

oval:org.secpod.oval:def:704066
qpdf: tools for transforming and inspecting PDF files Several security issues were fixed in QPDF.

oval:org.secpod.oval:def:704188
ghostscript: PostScript and PDF interpreter Several security issues were fixed in Ghostscript.

oval:org.secpod.oval:def:704182
poppler: PDF rendering library poppler could be made to crash if it opened a specially crafted file.

oval:org.secpod.oval:def:704062
webkit2gtk: Web content engine library for GTK+ Several security issues were fixed in WebKitGTK+.

oval:org.secpod.oval:def:704184
poppler: PDF rendering library poppler could be made to crash if it opened a specially crafted PDF.

oval:org.secpod.oval:def:704179
dovecot: IMAP and POP3 email server Dovecot could be made to crash if it received specially crafted input.

oval:org.secpod.oval:def:704053
mysql-5.7: MySQL database - mysql-5.5: MySQL database Several security issues were fixed in MySQL.

oval:org.secpod.oval:def:704174
libvorbis: The Vorbis General Audio Compression Codec Several security issues were fixed in libvorbis.

oval:org.secpod.oval:def:704175
icu: International Components for Unicode library ICU could be made to crash or run arbitrary code as your login if it received specially crafted input.

oval:org.secpod.oval:def:704177
curl: HTTP, HTTPS, and FTP client and client libraries Several security issues were fixed in curl.

oval:org.secpod.oval:def:704172
rsync: fast, versatile, remote file-copying tool Several security issues were fixed in rsync.

oval:org.secpod.oval:def:704173
libarchive-zip-perl: Perl module for manipulation of ZIP archives Archive Zip module could be made to expose sensitive information if it received a specially crafted input.

oval:org.secpod.oval:def:703990
libreoffice: Office productivity suite LibreOffice would allow unintended access to files over the network.

oval:org.secpod.oval:def:704167
zsh: shell with lots of features Several security issues were fixed in Zsh.

oval:org.secpod.oval:def:704047
ubuntu-release-upgrader: manage release upgrades ubuntu-release-upgrader incorrectly opened as browser as an administrator.

oval:org.secpod.oval:def:704168
libxml2: GNOME XML library libxml2 could be made to crash if it opened a specially crafted file.

oval:org.secpod.oval:def:704048
wayland: Wayland compositor infrastructure Wayland could be made to crash or run programs if it opened a specially crafted file.

oval:org.secpod.oval:def:703997
sensible-utils: Utilities for sensible alternative selection sensible-utils could be made to run programs as your login if it opened a malicious URL.

oval:org.secpod.oval:def:704035
openjdk-8: Open Source Java implementation Several security issues were fixed in OpenJDK 8.

oval:org.secpod.oval:def:704037
libraw: raw image decoder library LibRaw could be made to crash or run programs as your login if it opened a specially crafted file.

oval:org.secpod.oval:def:704158
thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird.

oval:org.secpod.oval:def:704159
dns-root-data: DNS root data including root zone and DNSSEC key The list of trust anchors has been updated.

oval:org.secpod.oval:def:704031
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:704032
openssl: Secure Socket Layer cryptographic library and tools OpenSSL could be made to crash if it received specially crafted network traffic.

oval:org.secpod.oval:def:704153
firefox: Mozilla Open Source web browser Details: USN-3705-1 fixed vulnerabilities in Firefox. The update introduced various minor regressions. This update fixes the problems. We apologize for the inconvenience. Original advisory USN-3705-1 caused some minor regressions in Firefox.

oval:org.secpod.oval:def:704034
thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird.

oval:org.secpod.oval:def:704039
python-crypto: cryptographic algorithms and protocols for Python Python Crypto could expose sensitive information.

oval:org.secpod.oval:def:704024
libvorbis: The Vorbis General Audio Compression Codec libvorbis could be made to crash or run programs as your login if it opened a specially crafted file.

oval:org.secpod.oval:def:704145
zziplib: library providing read access on ZIP-archives - library zziplib could be made to crash or run programs as your login if it opened a specially crafted file.

oval:org.secpod.oval:def:704147
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:704027
screen-resolution-extra: Extension for the GNOME screen resolution applet Screen Resolution Extra could be tricked into bypassing PolicyKit authorizations.

oval:org.secpod.oval:def:704021
paramiko: Python SSH2 library Paramiko could be made to run programs if it received specially crafted network traffic.

oval:org.secpod.oval:def:704029
icu: International Components for Unicode library ICU could be made to crash if it received specially crafted input.

oval:org.secpod.oval:def:704013
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:704015
memcached: high-performance memory object caching system Memcached could be made to crash if it received specially crafted network traffic.

oval:org.secpod.oval:def:704012
curl: HTTP, HTTPS, and FTP client and client libraries Several security issues were fixed in curl.

oval:org.secpod.oval:def:704129
libgcrypt20: LGPL Crypto library - libgcrypt11: LGPL Crypto library Libgcrypt could be made to expose sensitive information.

oval:org.secpod.oval:def:704233
sharutils: shar, unshar, uuencode, uudecode Sharutils could be made to execute arbitrary code if it opened a specially crafted file.

oval:org.secpod.oval:def:704235
libtasn1-6: Library to manage ASN.1 structures Several security issues were fixed in Libtasn1.

oval:org.secpod.oval:def:704236
gdk-pixbuf: GDK Pixbuf library Several security issues were fixed in GDK-PixBuf.

oval:org.secpod.oval:def:704230
ruby2.3: Interpreter of object-oriented scripting language Ruby Several security issues were fixed in Ruby.

oval:org.secpod.oval:def:704232
zsh: shell with lots of features Several security issues were fixed in Zsh.

oval:org.secpod.oval:def:704224
wavpack: audio codec - encoder and decoder WavPack could be made to crash if it opened a specially crafted file.

oval:org.secpod.oval:def:704225
libsoup2.4: HTTP client/server library for GNOME libsoup could be made to crash if it received a specially crafted input.

oval:org.secpod.oval:def:704221
python-pysaml2: Pure python implementation of SAML2 PySAML2 could allow authentication without a password.

oval:org.secpod.oval:def:704229
liblouis: Braille translation library - utilities Several security issues were fixed in Liblouis.

oval:org.secpod.oval:def:704214
spice: SPICE protocol client and server library - spice-protocol: SPICE protocol headers Spice could be made to crash or run programs if it received specially crafted network traffic.

oval:org.secpod.oval:def:704219
libxml2: GNOME XML library libxml2 could be made to crash or run arbitrary code if it opened a specially crafted file.

oval:org.secpod.oval:def:704216
wget: retrieves files from the web Wget could be made to inject arbitrary cookie values.

oval:org.secpod.oval:def:704217
postgresql-9.6: Object-relational SQL database - postgresql-9.5: Object-relational SQL database - postgresql-9.3: Object-relational SQL database PostgreSQL could be made to execute arbitrary code.

oval:org.secpod.oval:def:704044
libvncserver: vnc server library LibVNCServer could be made to crash, expose sensitive information, or run programs if it received specially crafted network traffic.

oval:org.secpod.oval:def:703882
openjdk-8: Open Source Java implementation Several security issues were fixed in OpenJDK 8.

oval:org.secpod.oval:def:704026
tiff: Tag Image File Format library LibTIFF could be made to crash or run programs as your login if it opened a specially crafted file.

oval:org.secpod.oval:def:704220
w3m: WWW browsable pager with excellent tables/frames support Several security issues were fixed in w3m.

oval:org.secpod.oval:def:704215
ruby2.3: Interpreter of object-oriented scripting language Ruby - ruby1.9.1: Object-oriented scripting language - ruby2.0: Object-oriented scripting language Ruby could be made to execute arbitrary commands if opened a specially crafted file.

oval:org.secpod.oval:def:704205
ruby2.3: Interpreter of object-oriented scripting language Ruby - ruby1.9.1: Interpreter of object-oriented scripting language Ruby Several security issues were fixed in Ruby.

oval:org.secpod.oval:def:704180
ruby2.3: Object-oriented scripting language - ruby1.9.1: Object-oriented scripting language - ruby2.0: Object-oriented scripting language Several security issues were fixed in Ruby.

oval:org.secpod.oval:def:704176
ruby2.3: Object-oriented scripting language - ruby1.9.1: Object-oriented scripting language - ruby2.0: Object-oriented scripting language Several security issues were fixed in Ruby.

oval:org.secpod.oval:def:704052
apache2: Apache HTTP server Several security issues were fixed in the Apache HTTP Server.

oval:org.secpod.oval:def:45091
perl: Practical Extraction and Report Language Several security issues were fixed in Perl.

oval:org.secpod.oval:def:703944
linux-raspi2: Linux kernel for Raspberry Pi 2 Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:703931
webkit2gtk: Web content engine library for GTK+ Several security issues were fixed in WebKitGTK+.

oval:org.secpod.oval:def:704201
openssl: Secure Socket Layer cryptographic library and tools OpenSSL could allow access to sensitive information.

oval:org.secpod.oval:def:703912
curl: HTTP, HTTPS, and FTP client and client libraries Several security issues were fixed in curl.

oval:org.secpod.oval:def:46446
Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a speculative buffer overflow and side-channel analysis.

oval:org.secpod.oval:def:46321
ntp: Network Time Protocol daemon and utility programs Several security issues were fixed in NTP.

oval:org.secpod.oval:def:704087
linux-raspi2: Linux kernel for Raspberry Pi 2 Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:44100
qemu: Machine emulator and virtualizer Several security issues were fixed in QEMU.

oval:org.secpod.oval:def:704185
libpng1.6: PNG library - development - libpng: PNG file library Several security issues were fixed in libpng.

oval:org.secpod.oval:def:704059
linux: Linux kernel - linux-raspi2: Linux kernel for Raspberry Pi 2 The system could be made to crash under certain conditions.

oval:org.secpod.oval:def:703886
webkit2gtk: Web content engine library for GTK+ Several security issues were fixed in WebKitGTK+.

oval:org.secpod.oval:def:704151
libjpeg-turbo: library for handling JPEG files libjpeg-turbo could be made to crash or run programs as your login if it opened a specially crafted file.

oval:org.secpod.oval:def:703988
libvirt: Libvirt virtualization toolkit Several security issues were fixed in libvirt.

oval:org.secpod.oval:def:45754
Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis, aka Rogue System Register Read (RSRE), Variant 3a.

oval:org.secpod.oval:def:703972
webkit2gtk: Web content engine library for GTK+ Several security issues were fixed in WebKitGTK+.

oval:org.secpod.oval:def:704134
openssl: Secure Socket Layer cryptographic library and tools - openssl1.0: Secure Socket Layer cryptographic library and tools Several security issues were fixed in OpenSSL.

oval:org.secpod.oval:def:704155
imagemagick: Image manipulation programs and library Several security issues were fixed in ImageMagick.

oval:org.secpod.oval:def:45662
qemu: Machine emulator and virtualizer Several security issues were fixed in QEMU.

oval:org.secpod.oval:def:704122
imagemagick: Image manipulation programs and library Several security issues were fixed in ImageMagick.

oval:org.secpod.oval:def:704120
qemu: Machine emulator and virtualizer Side channel execution mitigations were added to QEMU.

oval:org.secpod.oval:def:704118
libvirt: Libvirt virtualization toolkit Side channel execution mitigations were added to libvirt.

oval:org.secpod.oval:def:704203
qemu: Machine emulator and virtualizer Side channel execution mitigations were added to QEMU.

oval:org.secpod.oval:def:704086
linux: Linux kernel Several security issues were addressed in the Linux kernel.

oval:org.secpod.oval:def:703940
nvidia-graphics-drivers-384: NVIDIA binary X.Org driver The system could be made to expose sensitive information.

oval:org.secpod.oval:def:703947
webkit2gtk: Web content engine library for GTK+ WebKitGTK+ could be made to expose sensitive information.

oval:org.secpod.oval:def:43415
It was discovered that a new class of side channel attacks impact most processors, including processors from Intel, AMD, and ARM. The attack allows malicious userspace processes to read kernel memory and malicious code in guests to read hypervisor memory. To address the issue, updates to the Ubuntu ...

oval:org.secpod.oval:def:703933
firefox: Mozilla Open Source web browser Firefox could be made to expose sensitive information.

oval:org.secpod.oval:def:704011
linux: Linux kernel - linux-raspi2: Linux kernel for Raspberry Pi 2 Details: USNS 3541-1 and 3523-1 provided mitigations for Spectre and Meltdown for the i386, amd64, and ppc64el architectures in Ubuntu 17.10. This update provides the corresponding mitigations for the arm64 architecture. Original a ...

oval:org.secpod.oval:def:703963
linux: Linux kernel Details: Jann Horn discovered that microprocessors utilizing speculative execution and branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Spectre. A local attacker could use this to expose sensitive information, including kernel m ...

oval:org.secpod.oval:def:45289
When using a VirtualDirContext with Apache Tomcat 7.0.0 to 7.0.80 it was possible to bypass security constraints and or view the source code of JSPs for resources served by the VirtualDirContext using a specially crafted request.

oval:org.secpod.oval:def:704181
exiv2: EXIF/IPTC/XMP metadata manipulation tool Several security issues were fixed in Exiv2.

oval:org.secpod.oval:def:704114
linux: Linux kernel - linux-raspi2: Linux kernel for Raspberry Pi 2 Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:704141
linux: Linux kernel - linux-raspi2: Linux kernel for Raspberry Pi 2 Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:703920
linux: Linux kernel - linux-raspi2: Linux kernel for Raspberry Pi 2 Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:704107
git: fast, scalable, distributed revision control system Several security issues were fixed in Git.

oval:org.secpod.oval:def:704231
intel-microcode: Processor microcode for Intel CPUs The system could be made to expose sensitive information.

oval:org.secpod.oval:def:703948
intel-microcode: Processor microcode for Intel CPUs The system could be made to expose sensitive information.

oval:org.secpod.oval:def:703938
linux: Linux kernel Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:703992
linux: Linux kernel Details: Mohamed Ghannam discovered that the IPv4 raw socket implementation in the Linux kernel contained a race condition leading to uninitialized pointer usage. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. ChunYu Wang discove ...

oval:org.secpod.oval:def:703995
linux-raspi2: Linux kernel for Raspberry Pi 2 Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:703978
libvirt: Libvirt virtualization toolkit Spectre mitigations were added to libvirt.

oval:org.secpod.oval:def:703977
qemu: Machine emulator and virtualizer Spectre mitigations were added to QEMU.

oval:org.secpod.oval:def:704131
amd64-microcode: Processor microcode firmware for AMD CPUs The system could be made to expose sensitive information.

oval:org.secpod.oval:def:704125
file: Tool to determine file types Several security issues were fixed in file.

oval:org.secpod.oval:def:704014
php7.1: HTML-embedded scripting language interpreter - php7.0: HTML-embedded scripting language interpreter - php5: HTML-embedded scripting language interpreter Several security issues were fixed in PHP.

oval:org.secpod.oval:def:703895
linux: Linux kernel - linux-raspi2: Linux kernel for Raspberry Pi 2 Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:704041
linux-raspi2: Linux kernel for Raspberry Pi 2 Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:704038
linux: Linux kernel Several security issues were fixed in the Linux kernel.

*CPE
cpe:/o:ubuntu:ubuntu_linux:17.10

© SecPod Technologies