Download
| Alert*
oval:org.secpod.oval:def:704005
libreoffice: Office productivity suite Details: USN-3579-1 fixed a vulnerability in LibreOffice. After upgrading, it was no longer possible for LibreOffice to open documents from certain locations outside of the user"s home directory. This update fixes the problem. We apologize for the inconvenience ... oval:org.secpod.oval:def:42574 The host is installed with RunC on Ubuntu 16.04, 17.04 or 17.10 and is prone to a privilege escalation vulnerability. A flaw is present in the application, which fails to properly treat a numeric UID. Successful exploitation could allow attackers to to gain privileges via a numeric username in the p ... oval:org.secpod.oval:def:703914 exim4: Exim is a mail transport agent Exim could be made to crash if it received specially crafted network traffic. oval:org.secpod.oval:def:703909 exim4: Exim is a mail transport agent Exim could be made to crash or run programs if it received specially crafted network traffic. oval:org.secpod.oval:def:703883 postgresql-common: PostgreSQL database-cluster manager postgresql-common could be made to overwrite files as the administrator. oval:org.secpod.oval:def:703870 Ubuntu 17.10 is installed oval:org.secpod.oval:def:703998 libreoffice: Office productivity suite Details: USN-3579-1 fixed a vulnerability in LibreOffice. After upgrading, it was no longer possible for LibreOffice to open documents from certain locations outside of the user"s home directory. This update fixes the problem. We apologize for the inconvenience ... oval:org.secpod.oval:def:703874 quagga: BGP/OSPF/RIP routing daemon Several security issues were fixed in Quagga. oval:org.secpod.oval:def:703983 erlang: Concurrent, real-time, distributed functional language Several security issues were fixed in Erlang. oval:org.secpod.oval:def:703869 systemd: system and service manager systemd could be made to temporarily stop responding if it received specially crafted network traffic. oval:org.secpod.oval:def:703974 squid3: Web proxy cache server Several security issues were fixed in Squid. oval:org.secpod.oval:def:43675 openssh: secure shell for secure access to remote machines Several security issues were fixed in OpenSSH. oval:org.secpod.oval:def:704202 wavpack: audio codec - encoder and decoder Several security issues were fixed in WavPack. oval:org.secpod.oval:def:704078 dpdk: set of libraries for fast packet processing Details: USN-3642-1 fixed a vulnerability in DPDK. This update provides the corresponding update for Ubuntu 17.10. Original advisory DPDK could be made to expose sensitive information over the network. oval:org.secpod.oval:def:704218 xapian-core: Development files for Xapian search engine library Xapian-core could be made to execute arbitrary code if it received a specially crafted file. oval:org.secpod.oval:def:704226 devscripts: scripts to make the life of a Debian Package maintainer easier devscripts could be made to run arbitrary code if it received a specially crafted YAML file. oval:org.secpod.oval:def:704055 packagekit: Provides a package management service PackageKit could be made to install or run programs as an administrator. oval:org.secpod.oval:def:704154 curl: HTTP, HTTPS, and FTP client and client libraries curl could be made to crash or run programs if it received specially crafted network traffic. oval:org.secpod.oval:def:704234 freetype: FreeType 2 is a font engine library FreeType could be made to crash if it opened a specially crafted file. oval:org.secpod.oval:def:704171 wavpack: audio codec - encoder and decoder Several security issues were fixed in WavPackXXX-APP-XXX. oval:org.secpod.oval:def:704206 python-django: High-level Python web development framework Several security issues were fixed in Django. oval:org.secpod.oval:def:42573 The host is installed with RunC on Ubuntu 17.04 or 17.10 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to properly handle the container. Successful exploitation could allow attackers to gain access to file-descriptors of new processes duri ... oval:org.secpod.oval:def:44760 GIT version 2.15.1 and earlier contains a Input Validation Error vulnerability in Client that can result in problems including messing up terminal configuration to RCE. This attack appear to be exploitable via The user must interact with a malicious git server, (or have their traffic modified in a M ... oval:org.secpod.oval:def:44761 In the cron package through 3.0pl1-128 on Debian, and through 3.0pl1-128ubuntu2 on Ubuntu, the postinst maintainer script allows for group-crontab-to-root privilege escalation via symlink attacks against unsafe usage of the chown and chmod programs. oval:org.secpod.oval:def:704079 curl: HTTP, HTTPS, and FTP client and client libraries Several security issues were fixed in curl. oval:org.secpod.oval:def:45546 php7.2: HTML-embedded scripting language interpreter - php7.1: HTML-embedded scripting language interpreter - php7.0: HTML-embedded scripting language interpreter - php5: HTML-embedded scripting language interpreter Several security issues were fixed in PHP. oval:org.secpod.oval:def:46457 policykit-1: framework for managing administrative policies and privileges Several security issues were fixed in PolicyKit. oval:org.secpod.oval:def:703954 bind9: Internet Domain Name Server Bind could be made to crash if it received specially crafted network traffic. oval:org.secpod.oval:def:703957 intel-microcode: Processor microcode for Intel CPUs Details: USN-3531-1 updated Intel microcode to the 20180108 release. Regressions were discovered in the microcode updates which could cause system instability on certain hardware platforms. At the request of Intel, we have reverted to the previous ... oval:org.secpod.oval:def:703955 glibc: GNU C Library - eglibc: GNU C Library Several security issues were fixed in the GNU C library. oval:org.secpod.oval:def:703946 irssi: terminal based IRC client Several security issues were fixed in Irssi. oval:org.secpod.oval:def:703932 firefox: Mozilla Open Source web browser Details: USN-3477-1 fixed vulnerabilities in Firefox. The update introduced a crash reporting issue where background tab crash reports were sent to Mozilla without user opt-in. This update fixes the problem. We apologize for the inconvenience. Original adviso ... oval:org.secpod.oval:def:703935 awstats: powerful and featureful web server log analyzer AWStats could be made to run programs if it received specially crafted network traffic. oval:org.secpod.oval:def:703928 openssl: Secure Socket Layer cryptographic library and tools Several security issues were fixed in OpenSSL. oval:org.secpod.oval:def:703918 linux-firmware: Firmware for Linux kernel drivers Several security issues were fixed in linux-firmware. oval:org.secpod.oval:def:703916 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:703915 firefox: Mozilla Open Source web browser Details: USN-3477-1 fixed vulnerabilities in Firefox. The update introduced various minor regressions. This update fixes the problems. We apologize for the inconvenience. Original advisory USN-3477-1 caused some minor regressions in Firefox. oval:org.secpod.oval:def:703910 libxcursor: X11 cursor management library libxcursor could be made to crash or run programs if it opened a specially crafted file. oval:org.secpod.oval:def:703913 libxfont: X11 font rasterisation library - libxfont1: X11 font rasterisation library - libxfont2: X11 font rasterisation library libXfont could be made to access arbitrary files, including special device files. oval:org.secpod.oval:def:703907 firefox: Mozilla Open Source web browser Details: USN-3477-1 fixed vulnerabilities in Firefox. The update caused search suggestions to not be displayed when performing Google searches from the search bar. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-3477-1 ... oval:org.secpod.oval:def:703906 libxml-libxml-perl: Perl interface to the libxml2 library XML::LibXML could be made to crash or run programs if it processed specially crafted input. oval:org.secpod.oval:def:703908 optipng: advanced PNG optimizer OptiPNG could be made to crash or run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:703901 libraw: raw image decoder library LibRaw could be made to crash or run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:703900 ldns: ldns library for DNS programming Several security issues were fixed in ldns. oval:org.secpod.oval:def:703891 samba: SMB/CIFS file, print, and login server for Unix Several security issues were fixed in Samba. oval:org.secpod.oval:def:703890 apport: automatically generate crash reports for debugging Details: USN-3480-1 fixed vulnerabilities in Apport. The fix for CVE-2017-14177 introduced a regression in the ability to handle crashes for users that configured their systems to use the Upstart init system in Ubuntu 16.04 LTS and Ubuntu 17 ... oval:org.secpod.oval:def:703888 firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website. oval:org.secpod.oval:def:703887 apport: automatically generate crash reports for debugging Apport could be tricked into creating files as an administrator, resulting in denial of service or privilege escalation. oval:org.secpod.oval:def:703885 postgresql-9.6: Object-relational SQL database - postgresql-9.5: Object-relational SQL database - postgresql-9.3: Object-relational SQL database Several security issues were fixed in PostgreSQL. oval:org.secpod.oval:def:703889 procmail: Versatile e-mail processor formail could be made to crash or run programs if it processed specially crafted mail. oval:org.secpod.oval:def:703872 wget: retrieves files from the web Several security issues were fixed in Wget. oval:org.secpod.oval:def:703871 irssi: terminal based IRC client Several security issues were fixed in Irssi. oval:org.secpod.oval:def:44095 quagga: BGP/OSPF/RIP routing daemon Several security issues were fixed in Quagga. oval:org.secpod.oval:def:703982 firefox: Mozilla Open Source web browser Details: USN-3544-1 fixed vulnerabilities in Firefox. The update caused a web compatibility regression and a tab crash during printing in some circumstances. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-3544-1 cause ... oval:org.secpod.oval:def:703980 exim4: Exim is a mail transport agent Exim could be made to crash or run programs if it received specially crafted network traffic. oval:org.secpod.oval:def:703984 advancecomp: collection of recompression utilities AdvanceCOMP could be made to crash or run programs if it opened a specially crafted file. oval:org.secpod.oval:def:703971 clamav: Anti-virus utility for Unix Several security issues were fixed in ClamAV. oval:org.secpod.oval:def:703970 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:703976 miniupnpc: UPnP IGD client lightweight library MiniUPnP could be made to crash or run programs if it received specially crafted network traffic. oval:org.secpod.oval:def:703973 firefox: Mozilla Open Source web browser Firefox could be made to run programs as your login if it opened a malicious website. oval:org.secpod.oval:def:703961 mysql-5.7: MySQL database - mysql-5.5: MySQL database Several security issues were fixed in MySQL. oval:org.secpod.oval:def:703965 firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website. oval:org.secpod.oval:def:703964 gcab: Microsoft Cabinet file manipulation tool gcab could be made to crash or run programs if it opened a specially crafted file. oval:org.secpod.oval:def:704003 dovecot: IMAP and POP3 email server Several security issues were fixed in Dovecot. oval:org.secpod.oval:def:704004 python-django: High-level Python web development framework Several security issues were fixed in Django. oval:org.secpod.oval:def:704000 isc-dhcp: DHCP server and client Several security issues were fixed in DHCP. oval:org.secpod.oval:def:704001 memcached: high-performance memory object caching system Several security issues were fixed in Memcached. oval:org.secpod.oval:def:704006 clamav: Anti-virus utility for Unix Several security issues were fixed in ClamAV. oval:org.secpod.oval:def:704127 webkit2gtk: Web content engine library for GTK+ Several security issues were fixed in WebKitGTK+. oval:org.secpod.oval:def:704128 mozjs52: SpiderMonkey JavaScript library Several security issues were fixed in Spidermonkey. oval:org.secpod.oval:def:704008 samba: SMB/CIFS file, print, and login server for Unix Several security issues were fixed in Samba. oval:org.secpod.oval:def:704009 firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website. oval:org.secpod.oval:def:704111 gnupg2: GNU privacy guard - a free PGP replacement - gnupg: GNU privacy guard - a free PGP replacement Several security issues were fixed in GnuPG. oval:org.secpod.oval:def:704119 firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website. oval:org.secpod.oval:def:704101 exempi: library to parse XMP metadata Exempi could be made to crash or run programs if it opened a specially crafted file. oval:org.secpod.oval:def:704223 irssi: terminal based IRC client Several security issues were fixed in Irssi. oval:org.secpod.oval:def:704108 unbound: validating, recursive, caching DNS resolver A security issue was fixed in Unbound. oval:org.secpod.oval:def:704211 postgresql-9.6: Object-relational SQL database - postgresql-9.5: Object-relational SQL database - postgresql-9.3: Object-relational SQL database PostgreSQL could be made to expose sensitive information. oval:org.secpod.oval:def:704213 mailman: Powerful, web-based mailing list manager Mailman could be made to run arbitrary code. oval:org.secpod.oval:def:704209 patch: Apply a diff file to an original Several security issues were fixed in Patch. oval:org.secpod.oval:def:704204 perl: Practical Extraction and Report Language Perl could be made to overwrite arbitrary files if it received a specially crafted archive file. oval:org.secpod.oval:def:46447 cups: Common UNIX Printing System Several security issues were fixed in CUPS. oval:org.secpod.oval:def:704095 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:704096 nvidia-graphics-drivers-384: NVIDIA binary X.Org driver NVIDIA graphics drivers could be made to crash or run programs as an administrator. oval:org.secpod.oval:def:704091 procps: /proc file system utilities Several security issues were fixed in procps-ng. oval:org.secpod.oval:def:704082 firefox: Mozilla Open Source web browser Details: USN-3645-1 fixed vulnerabilities in Firefox. The update caused an issue where users experienced long UI pauses in some circumsances. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-3645-1 caused a regression i ... oval:org.secpod.oval:def:704196 transmission: lightweight BitTorrent client Transmission could be made to run arbitraty code. oval:org.secpod.oval:def:704198 rsync: fast, versatile, remote file-copying tool Several security issues were fixed in rsync. oval:org.secpod.oval:def:704199 xdg-utils: desktop integration utilities from freedesktop.org xdg-utils could be made to run arbitrary code if it received a specially crafted input. oval:org.secpod.oval:def:704071 firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website. oval:org.secpod.oval:def:704192 liblouis: Braille translation library - utilities Several security issues were fixed in Liblouis. oval:org.secpod.oval:def:704072 openjdk-8: Open Source Java implementation Several security issues were fixed in OpenJDK 8. oval:org.secpod.oval:def:704193 ruby2.3: Object-oriented scripting language - ruby1.9.1: Object-oriented scripting language - ruby2.0: Object-oriented scripting language Several security issues were fixed in Ruby. oval:org.secpod.oval:def:704195 poppler: PDF rendering library Several security issues were fixed in poppler. oval:org.secpod.oval:def:704190 libraw: raw image decoder library Several security issues were fixed in LibRaw. oval:org.secpod.oval:def:704191 apport: automatically generate crash reports for debugging Details: USN-3480-2 fixed regressions in Apport. The update introduced a new regression in the container support. This update addresses the problem. We apologize for the inconvenience. Original advisory USN-3480-2 introduced regressions in A ... oval:org.secpod.oval:def:704068 webkit2gtk: Web content engine library for GTK+ A security issue was fixed in WebKitGTK+. oval:org.secpod.oval:def:704066 qpdf: tools for transforming and inspecting PDF files Several security issues were fixed in QPDF. oval:org.secpod.oval:def:704188 ghostscript: PostScript and PDF interpreter Several security issues were fixed in Ghostscript. oval:org.secpod.oval:def:704182 poppler: PDF rendering library poppler could be made to crash if it opened a specially crafted file. oval:org.secpod.oval:def:704062 webkit2gtk: Web content engine library for GTK+ Several security issues were fixed in WebKitGTK+. oval:org.secpod.oval:def:704184 poppler: PDF rendering library poppler could be made to crash if it opened a specially crafted PDF. oval:org.secpod.oval:def:704179 dovecot: IMAP and POP3 email server Dovecot could be made to crash if it received specially crafted input. oval:org.secpod.oval:def:704053 mysql-5.7: MySQL database - mysql-5.5: MySQL database Several security issues were fixed in MySQL. oval:org.secpod.oval:def:704174 libvorbis: The Vorbis General Audio Compression Codec Several security issues were fixed in libvorbis. oval:org.secpod.oval:def:704175 icu: International Components for Unicode library ICU could be made to crash or run arbitrary code as your login if it received specially crafted input. oval:org.secpod.oval:def:704177 curl: HTTP, HTTPS, and FTP client and client libraries Several security issues were fixed in curl. oval:org.secpod.oval:def:704172 rsync: fast, versatile, remote file-copying tool Several security issues were fixed in rsync. oval:org.secpod.oval:def:704173 libarchive-zip-perl: Perl module for manipulation of ZIP archives Archive Zip module could be made to expose sensitive information if it received a specially crafted input. oval:org.secpod.oval:def:703990 libreoffice: Office productivity suite LibreOffice would allow unintended access to files over the network. oval:org.secpod.oval:def:704167 zsh: shell with lots of features Several security issues were fixed in Zsh. oval:org.secpod.oval:def:704047 ubuntu-release-upgrader: manage release upgrades ubuntu-release-upgrader incorrectly opened as browser as an administrator. oval:org.secpod.oval:def:704168 libxml2: GNOME XML library libxml2 could be made to crash if it opened a specially crafted file. oval:org.secpod.oval:def:704048 wayland: Wayland compositor infrastructure Wayland could be made to crash or run programs if it opened a specially crafted file. oval:org.secpod.oval:def:703997 sensible-utils: Utilities for sensible alternative selection sensible-utils could be made to run programs as your login if it opened a malicious URL. oval:org.secpod.oval:def:704035 openjdk-8: Open Source Java implementation Several security issues were fixed in OpenJDK 8. oval:org.secpod.oval:def:704037 libraw: raw image decoder library LibRaw could be made to crash or run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:704158 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:704159 dns-root-data: DNS root data including root zone and DNSSEC key The list of trust anchors has been updated. oval:org.secpod.oval:def:704031 firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website. oval:org.secpod.oval:def:704032 openssl: Secure Socket Layer cryptographic library and tools OpenSSL could be made to crash if it received specially crafted network traffic. oval:org.secpod.oval:def:704153 firefox: Mozilla Open Source web browser Details: USN-3705-1 fixed vulnerabilities in Firefox. The update introduced various minor regressions. This update fixes the problems. We apologize for the inconvenience. Original advisory USN-3705-1 caused some minor regressions in Firefox. oval:org.secpod.oval:def:704034 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:704039 python-crypto: cryptographic algorithms and protocols for Python Python Crypto could expose sensitive information. oval:org.secpod.oval:def:704024 libvorbis: The Vorbis General Audio Compression Codec libvorbis could be made to crash or run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:704145 zziplib: library providing read access on ZIP-archives - library zziplib could be made to crash or run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:704147 firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website. oval:org.secpod.oval:def:704027 screen-resolution-extra: Extension for the GNOME screen resolution applet Screen Resolution Extra could be tricked into bypassing PolicyKit authorizations. oval:org.secpod.oval:def:704021 paramiko: Python SSH2 library Paramiko could be made to run programs if it received specially crafted network traffic. oval:org.secpod.oval:def:704029 icu: International Components for Unicode library ICU could be made to crash if it received specially crafted input. oval:org.secpod.oval:def:704013 firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website. oval:org.secpod.oval:def:704015 memcached: high-performance memory object caching system Memcached could be made to crash if it received specially crafted network traffic. oval:org.secpod.oval:def:704012 curl: HTTP, HTTPS, and FTP client and client libraries Several security issues were fixed in curl. oval:org.secpod.oval:def:704129 libgcrypt20: LGPL Crypto library - libgcrypt11: LGPL Crypto library Libgcrypt could be made to expose sensitive information. oval:org.secpod.oval:def:704233 sharutils: shar, unshar, uuencode, uudecode Sharutils could be made to execute arbitrary code if it opened a specially crafted file. oval:org.secpod.oval:def:704235 libtasn1-6: Library to manage ASN.1 structures Several security issues were fixed in Libtasn1. oval:org.secpod.oval:def:704236 gdk-pixbuf: GDK Pixbuf library Several security issues were fixed in GDK-PixBuf. oval:org.secpod.oval:def:704230 ruby2.3: Interpreter of object-oriented scripting language Ruby Several security issues were fixed in Ruby. oval:org.secpod.oval:def:704232 zsh: shell with lots of features Several security issues were fixed in Zsh. oval:org.secpod.oval:def:704224 wavpack: audio codec - encoder and decoder WavPack could be made to crash if it opened a specially crafted file. oval:org.secpod.oval:def:704225 libsoup2.4: HTTP client/server library for GNOME libsoup could be made to crash if it received a specially crafted input. oval:org.secpod.oval:def:704221 python-pysaml2: Pure python implementation of SAML2 PySAML2 could allow authentication without a password. oval:org.secpod.oval:def:704229 liblouis: Braille translation library - utilities Several security issues were fixed in Liblouis. oval:org.secpod.oval:def:704214 spice: SPICE protocol client and server library - spice-protocol: SPICE protocol headers Spice could be made to crash or run programs if it received specially crafted network traffic. oval:org.secpod.oval:def:704219 libxml2: GNOME XML library libxml2 could be made to crash or run arbitrary code if it opened a specially crafted file. oval:org.secpod.oval:def:704216 wget: retrieves files from the web Wget could be made to inject arbitrary cookie values. oval:org.secpod.oval:def:704217 postgresql-9.6: Object-relational SQL database - postgresql-9.5: Object-relational SQL database - postgresql-9.3: Object-relational SQL database PostgreSQL could be made to execute arbitrary code. oval:org.secpod.oval:def:704044 libvncserver: vnc server library LibVNCServer could be made to crash, expose sensitive information, or run programs if it received specially crafted network traffic. oval:org.secpod.oval:def:703882 openjdk-8: Open Source Java implementation Several security issues were fixed in OpenJDK 8. oval:org.secpod.oval:def:704026 tiff: Tag Image File Format library LibTIFF could be made to crash or run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:704220 w3m: WWW browsable pager with excellent tables/frames support Several security issues were fixed in w3m. oval:org.secpod.oval:def:704215 ruby2.3: Interpreter of object-oriented scripting language Ruby - ruby1.9.1: Object-oriented scripting language - ruby2.0: Object-oriented scripting language Ruby could be made to execute arbitrary commands if opened a specially crafted file. oval:org.secpod.oval:def:704205 ruby2.3: Interpreter of object-oriented scripting language Ruby - ruby1.9.1: Interpreter of object-oriented scripting language Ruby Several security issues were fixed in Ruby. oval:org.secpod.oval:def:704180 ruby2.3: Object-oriented scripting language - ruby1.9.1: Object-oriented scripting language - ruby2.0: Object-oriented scripting language Several security issues were fixed in Ruby. oval:org.secpod.oval:def:704176 ruby2.3: Object-oriented scripting language - ruby1.9.1: Object-oriented scripting language - ruby2.0: Object-oriented scripting language Several security issues were fixed in Ruby. oval:org.secpod.oval:def:704052 apache2: Apache HTTP server Several security issues were fixed in the Apache HTTP Server. oval:org.secpod.oval:def:45091 perl: Practical Extraction and Report Language Several security issues were fixed in Perl. oval:org.secpod.oval:def:703944 linux-raspi2: Linux kernel for Raspberry Pi 2 Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:703931 webkit2gtk: Web content engine library for GTK+ Several security issues were fixed in WebKitGTK+. oval:org.secpod.oval:def:704201 openssl: Secure Socket Layer cryptographic library and tools OpenSSL could allow access to sensitive information. oval:org.secpod.oval:def:703912 curl: HTTP, HTTPS, and FTP client and client libraries Several security issues were fixed in curl. oval:org.secpod.oval:def:46446 Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a speculative buffer overflow and side-channel analysis. oval:org.secpod.oval:def:46321 ntp: Network Time Protocol daemon and utility programs Several security issues were fixed in NTP. oval:org.secpod.oval:def:704087 linux-raspi2: Linux kernel for Raspberry Pi 2 Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:44100 qemu: Machine emulator and virtualizer Several security issues were fixed in QEMU. oval:org.secpod.oval:def:704185 libpng1.6: PNG library - development - libpng: PNG file library Several security issues were fixed in libpng. oval:org.secpod.oval:def:704059 linux: Linux kernel - linux-raspi2: Linux kernel for Raspberry Pi 2 The system could be made to crash under certain conditions. oval:org.secpod.oval:def:703886 webkit2gtk: Web content engine library for GTK+ Several security issues were fixed in WebKitGTK+. oval:org.secpod.oval:def:704151 libjpeg-turbo: library for handling JPEG files libjpeg-turbo could be made to crash or run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:703988 libvirt: Libvirt virtualization toolkit Several security issues were fixed in libvirt. oval:org.secpod.oval:def:45754 Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis, aka Rogue System Register Read (RSRE), Variant 3a. oval:org.secpod.oval:def:703972 webkit2gtk: Web content engine library for GTK+ Several security issues were fixed in WebKitGTK+. oval:org.secpod.oval:def:704134 openssl: Secure Socket Layer cryptographic library and tools - openssl1.0: Secure Socket Layer cryptographic library and tools Several security issues were fixed in OpenSSL. oval:org.secpod.oval:def:704155 imagemagick: Image manipulation programs and library Several security issues were fixed in ImageMagick. oval:org.secpod.oval:def:45662 qemu: Machine emulator and virtualizer Several security issues were fixed in QEMU. oval:org.secpod.oval:def:704122 imagemagick: Image manipulation programs and library Several security issues were fixed in ImageMagick. oval:org.secpod.oval:def:704120 qemu: Machine emulator and virtualizer Side channel execution mitigations were added to QEMU. oval:org.secpod.oval:def:704118 libvirt: Libvirt virtualization toolkit Side channel execution mitigations were added to libvirt. oval:org.secpod.oval:def:704203 qemu: Machine emulator and virtualizer Side channel execution mitigations were added to QEMU. oval:org.secpod.oval:def:704086 linux: Linux kernel Several security issues were addressed in the Linux kernel. oval:org.secpod.oval:def:703940 nvidia-graphics-drivers-384: NVIDIA binary X.Org driver The system could be made to expose sensitive information. oval:org.secpod.oval:def:703947 webkit2gtk: Web content engine library for GTK+ WebKitGTK+ could be made to expose sensitive information. oval:org.secpod.oval:def:43415 It was discovered that a new class of side channel attacks impact most processors, including processors from Intel, AMD, and ARM. The attack allows malicious userspace processes to read kernel memory and malicious code in guests to read hypervisor memory. To address the issue, updates to the Ubuntu ... oval:org.secpod.oval:def:703933 firefox: Mozilla Open Source web browser Firefox could be made to expose sensitive information. oval:org.secpod.oval:def:704011 linux: Linux kernel - linux-raspi2: Linux kernel for Raspberry Pi 2 Details: USNS 3541-1 and 3523-1 provided mitigations for Spectre and Meltdown for the i386, amd64, and ppc64el architectures in Ubuntu 17.10. This update provides the corresponding mitigations for the arm64 architecture. Original a ... oval:org.secpod.oval:def:703963 linux: Linux kernel Details: Jann Horn discovered that microprocessors utilizing speculative execution and branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Spectre. A local attacker could use this to expose sensitive information, including kernel m ... oval:org.secpod.oval:def:45289 When using a VirtualDirContext with Apache Tomcat 7.0.0 to 7.0.80 it was possible to bypass security constraints and or view the source code of JSPs for resources served by the VirtualDirContext using a specially crafted request. oval:org.secpod.oval:def:704181 exiv2: EXIF/IPTC/XMP metadata manipulation tool Several security issues were fixed in Exiv2. oval:org.secpod.oval:def:704114 linux: Linux kernel - linux-raspi2: Linux kernel for Raspberry Pi 2 Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:704141 linux: Linux kernel - linux-raspi2: Linux kernel for Raspberry Pi 2 Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:703920 linux: Linux kernel - linux-raspi2: Linux kernel for Raspberry Pi 2 Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:704107 git: fast, scalable, distributed revision control system Several security issues were fixed in Git. oval:org.secpod.oval:def:704231 intel-microcode: Processor microcode for Intel CPUs The system could be made to expose sensitive information. oval:org.secpod.oval:def:703948 intel-microcode: Processor microcode for Intel CPUs The system could be made to expose sensitive information. oval:org.secpod.oval:def:703938 linux: Linux kernel Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:703992 linux: Linux kernel Details: Mohamed Ghannam discovered that the IPv4 raw socket implementation in the Linux kernel contained a race condition leading to uninitialized pointer usage. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. ChunYu Wang discove ... oval:org.secpod.oval:def:703995 linux-raspi2: Linux kernel for Raspberry Pi 2 Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:703978 libvirt: Libvirt virtualization toolkit Spectre mitigations were added to libvirt. oval:org.secpod.oval:def:703977 qemu: Machine emulator and virtualizer Spectre mitigations were added to QEMU. oval:org.secpod.oval:def:704131 amd64-microcode: Processor microcode firmware for AMD CPUs The system could be made to expose sensitive information. oval:org.secpod.oval:def:704125 file: Tool to determine file types Several security issues were fixed in file. oval:org.secpod.oval:def:704014 php7.1: HTML-embedded scripting language interpreter - php7.0: HTML-embedded scripting language interpreter - php5: HTML-embedded scripting language interpreter Several security issues were fixed in PHP. oval:org.secpod.oval:def:703895 linux: Linux kernel - linux-raspi2: Linux kernel for Raspberry Pi 2 Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:704041 linux-raspi2: Linux kernel for Raspberry Pi 2 Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:704038 linux: Linux kernel Several security issues were fixed in the Linux kernel. |