Packet Storm ≈ Advisory Files

Packet Storm – Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers

OpenPGP.js versions 4.2.0 suffer from invalid curve attack, message signature bypass, and information trust vulnerabilities.
FreeBSD Security Advisory – The kernel driver for /dev/midistat implements a handler for read(2). This handler is not thread-safe, and a multi-threaded program can exploit races in the handler to cause it to copy out kernel memory outside the boundaries of midistat’s data buffer. The races allow a program to read kernel memory within a 4GB window centered at midistat’s data buffer. The buffer is allocated each time the device is opened, so an attacker is not limited to a static 4GB region of memory. On 32-bit platforms, an attempt to trigger the race may cause a page fault in kernel mode, leading to a panic.

Debian Security Advisory 4505-1

22 August 2019, 8:20 pm

Debian Linux Security Advisory 4505-1 – Three vulnerabilities were discovered in the HTTP/2 code of Nginx, a high-performance web and reverse proxy server, which could result in denial of service.
Red Hat Security Advisory 2019-2553-01 – KVM is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. Issues addressed include CPU related, buffer overflow, and information leakage vulnerabilities.
Red Hat Security Advisory 2019-2552-01 – Red Hat OpenShift Container Platform is Red Hat’s cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Issues addressed include a code execution vulnerability.
Red Hat Security Advisory 2019-2543-01 – Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically. A data disclosure vulnerability was addressed.
Red Hat Security Advisory 2019-2542-01 – Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically. A data disclosure vulnerability was addressed.
Red Hat Security Advisory 2019-2545-01 – Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically. A data disclosure vulnerability was addressed.
Red Hat Security Advisory 2019-2544-01 – Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically. A data disclosure vulnerability was addressed.
Ubuntu Security Notice 4109-1 – It was discovered that OpenJPEG incorrectly handled certain PGX files. An attacker could possibly use this issue to cause a denial of service or possibly remote code execution. It was discovered that OpenJPEG incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service. It was discovered that OpenJPEG incorrectly handled certain PNM files. An attacker could possibly use this issue to cause a denial of service. Various other issues were also addressed.
Red Hat Security Advisory 2019-2541-01 – Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment utilities, and support services.
Ubuntu Security Notice 4108-1 – It was discovered that Zstandard incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code.
Red Hat Security Advisory 2019-2538-01 – Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment utilities, and support services. Issues addressed include a bypass vulnerability.

Debian Security Advisory 4504-1

21 August 2019, 7:35 pm

Debian Linux Security Advisory 4504-1 – Multiple security issues were discovered in the VLC media player, which could result in the execution of arbitrary code or denial of service if a malformed file/stream is processed.
FreeBSD Security Advisory – System calls operating on file descriptors obtain a reference to relevant struct file which due to a programming error was not always put back, which in turn could be used to overflow the counter of affected struct file. A local user can use this flaw to obtain access to files, directories, sockets, etc., opened by processes owned by other users. If obtained struct file represents a directory from outside of user’s jail, it can be used to access files outside of the jail. If the user in question is a jailed root they can obtain root privileges on the host system.
FreeBSD Security Advisory – The kernel driver for /dev/midistat implements a handler for read(2). This handler is not thread-safe, and a multi-threaded program can exploit races in the handler to cause it to copy out kernel memory outside the boundaries of midistat’s data buffer. The races allow a program to read kernel memory within a 4GB window centered at midistat’s data buffer. The buffer is allocated each time the device is opened, so an attacker is not limited to a static 4GB region of memory. On 32-bit platforms, an attempt to trigger the race may cause a page fault in kernel mode, leading to a panic.
FreeBSD Security Advisory – Due do a missing check in the code of m_pulldown(9) data returned may not be contiguous as requested by the caller. Extra checks in the IPv6 code catch the error condition and trigger a kernel panic leading to a remote DoS (denial-of-service) attack with certain Ethernet interfaces. At this point it is unknown if any other than the IPv6 code paths can trigger a similar condition.
Red Hat Security Advisory 2019-2534-01 – Red Hat 3scale API Management delivers centralized API management features through a distributed, cloud-hosted layer. It includes built-in features to help in building a more successful API program, including access control, rate limits, payment gateway integration, and developer experience tools. This release of Red Hat 3scale API Management 2.6.0 replaces Red Hat 3scale API Management 2.5.1.

Ubuntu Security Notice USN-4107-1

20 August 2019, 10:04 pm

Ubuntu Security Notice 4107-1 – It was discovered that GIFLIB incorrectly handled certain GIF files. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 18.04 LTS. It was discovered that GIFLIB incorrectly handled certain GIF files. An attacker could possibly use this issue to cause a denial of service.

Ubuntu Security Notice USN-4106-1

20 August 2019, 10:04 pm

Ubuntu Security Notice 4106-1 – Mike Salvatore discovered that NLTK mishandled crafted ZIP archives during extraction. A remote attacker could use this vulnerability to write arbitrary files to the filesystem.

Ubuntu Security Notice USN-4105-1

20 August 2019, 10:04 pm

Ubuntu Security Notice 4105-1 – Stephan Zeisberg discovered that the CUPS SNMP backend incorrectly handled encoded ASN.1 inputs. A remote attacker could possibly use this issue to cause CUPS to crash by providing specially crafted network traffic. It was discovered that CUPS did not properly handle client disconnection events. A local attacker could possibly use this issue to cause a denial of service or disclose memory from the CUPS server. Various other issues were also addressed.

Ubuntu Security Notice USN-4104-1

20 August 2019, 10:04 pm

Ubuntu Security Notice 4104-1 – Donny Davis discovered that the Nova Compute service could return configuration or other information in response to a failed API request in some situations. A remote attacker could use this to expose sensitive information.

Ubuntu Security Notice USN-4103-2

20 August 2019, 10:04 pm

Ubuntu Security Notice 4103-2 – Jasiel Spelman discovered that a double free existed in the docker-credential- helpers dependency of Docker. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Jasiel Spelman discovered that a double free existed in docker-credential- helpers. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.

Ubuntu Security Notice USN-4103-1

20 August 2019, 10:03 pm

Ubuntu Security Notice 4103-1 – Jasiel Spelman discovered that a double free existed in docker-credential- helpers. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
MediaWiki OAuth2 Client version 0.3 suffers from a cross site request forgery vulnerability.