Packet Storm ≈ Advisory Files

Packet Storm – Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers

Red Hat Security Advisory 2019-3024-01 – The ovirt-web-ui package provides the web interface for Red Hat Virtualization. Issues addressed include code execution, cross site scripting, and denial of service vulnerabilities.
Red Hat Security Advisory 2019-3011-01 – The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, redhat-virtualization-host, and ovirt-node-ng. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host’s resources and performing administrative tasks.
Red Hat Security Advisory 2019-3023-01 – The ovirt-engine-ui-extensions package contains UI plugins that provide various extensions to the oVirt administration UI. Issues addressed include code execution, cross site scripting, and denial of service vulnerabilities.
SySS GmbH found out that the embedded flash memory of the Bluetooth LE Microsoft Surface Mouse can be read and written via the SWD (Serial Wire Debug) interface of the used nRF51822 Bluetooth SoC as the flash memory is not protected by the offered readback protection feature.
SySS GmbH found out that the embedded flash memory of the Bluetooth LE Microsoft Surface Keyboard can be read and written via the SWD (Serial Wire Debug) interface of the used nRF51822 Bluetooth SoC as the flash memory is not protected by the offered readback protection feature.
SySS GmbH found out that the embedded flash memory of the Microsoft Designer Bluetooth Desktop keyboard can be read and written via the SWD (Serial Wire Debug) interface of the used nRF51822 Bluetooth SoC as the flash memory is not protected by the offered readback protection feature.

Ubuntu Security Notice USN-4151-2

10 October 2019, 2:47 pm

Ubuntu Security Notice 4151-2 – USN-4151-1 fixed several vulnerabilities in Python. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. It was discovered that Python incorrectly parsed certain email addresses. A remote attacker could possibly use this issue to trick Python applications into accepting email addresses that should be denied. Various other issues were also addressed.

Ubuntu Security Notice USN-4153-1

10 October 2019, 2:46 pm

Ubuntu Security Notice 4153-1 – Daniel Preussker discovered that Octavia incorrectly handled client certificate checking. A remote attacker on the management network could possibly use this issue to perform configuration changes and obtain sensitive information.
Red Hat Security Advisory 2019-3002-01 – Red Hat Fuse Integration Services provides a set of tools and containerized xPaaS images that enable development, deployment, and management of integration microservices within OpenShift. Issues addressed include code execution and deserialization vulnerabilities.
Red Hat Security Advisory 2019-2998-01 – Red Hat OpenShift Application Runtimes provides an application platform that reduces the complexity of developing and operating applications for OpenShift as a containerized platform. This release of RHOAR Thorntail 2.5.0 serves as a replacement for RHOAR Thorntail 2.4.0, and includes security and bug fixes and enhancements. Issues addressed include code execution and deserialization vulnerabilities.
Red Hat Security Advisory 2019-2995-01 – AMQ Broker is a high-performance messaging implementation based on ActiveMQ Artemis. It uses an asynchronous journal for fast message persistence, and supports multiple languages, protocols, and platforms. This release of Red Hat A-MQ Broker 7.5.0 serves as a replacement for Red Hat A-MQ Broker 7.4.1, and includes security and bug fixes, and enhancements. A Class Loader manipulation vulnerability was addressed.

Ubuntu Security Notice USN-4152-1

10 October 2019, 2:43 pm

Ubuntu Security Notice 4152-1 – It was discovered that libsoup incorrectly handled parsing certain NTLM messages. If a user or automated system were tricked into connecting to a malicious server, a remote attacker could possibly use this issue to cause a denial of service.
Ubuntu Security Notice 4151-1 – It was discovered that Python incorrectly parsed certain email addresses. A remote attacker could possibly use this issue to trick Python applications into accepting email addresses that should be denied. It was discovered that the Python documentation XML-RPC server incorrectly handled certain fields. A remote attacker could use this issue to execute a cross-site scripting attack.
Ubuntu Security Notice 4149-1 – It was discovered that Unbound incorrectly handled certain NOTIFY queries. An attacker could possibly use this issue to cause a denial of service.
Apple Security Advisory 2019-10-07-4 – iCloud for Windows 7.14 is now available and addresses buffer overflow, code execution, and cross site scripting vulnerabilities.
Red Hat Security Advisory 2019-2975-01 – The kernel packages contain the Linux kernel, the core of any Linux operating system. Bluetooth BR/EDR encryption key negotiation attacks were addressed.
Red Hat Security Advisory 2019-2980-01 – Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Issues addressed include an information leakage vulnerability.
Apple Security Advisory 2019-10-07-3 – iCloud for Windows 10.7 is now available and addresses buffer overflow, code execution, and cross site scripting vulnerabilities.
Red Hat Security Advisory 2019-2978-01 – The polkit packages provide a component for controlling system-wide privileges. This component provides a uniform and organized way for non-privileged processes to communicate with privileged ones. An auth hijacking issue has been addressed.
Apple Security Advisory 2019-10-07-2 – iTunes for Windows 12.10.1 is now available and addresses buffer overflow, code execution, and cross site scripting vulnerabilities.
Apple Security Advisory 2019-10-07-1 – macOS Catalina 10.15 is now available and addresses buffer overflow and code execution vulnerabilities.
Red Hat Security Advisory 2019-2977-01 – The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. A rate limiting issue has been addressed.
Red Hat Security Advisory 2019-2979-01 – The wget packages provide the GNU Wget file retrieval utility for HTTP, HTTPS, and FTP protocols. Issues addressed include a buffer overflow vulnerability.

Debian Security Advisory 4539-2

8 October 2019, 7:57 pm

Debian Linux Security Advisory 4539-2 – A change introduced in openssl 1.1.1d (which got released as DSA 4539-1) requires sandboxing features which are not available in Linux kernels before 3.19, resulting in OpenSSH rejecting connection attempts if running on an old kernel. This does not affect Linux kernels shipped in Debian oldstable/stable, but may affect buster systems which are running on an older kernel.

OmniCenter 12.1.1 SQL Injection

8 October 2019, 7:54 pm

OmniCenter version 12.1.1 suffers from a remote SQL injection vulnerability.