Security Updates from SECLISTS

Subscribe to Security Updates from SECLISTS feed
The premier general security mailing list. Vulnerabilities are often announced here first, so check frequently!
Updated: 2 hours 49 min ago

[SRP-2018-02] Details of a vulnerability in STMicroelectronics' chipset

16 hours 50 min ago

Posted by Adam Gowdiak on Feb 20

Hello All,

Technical details of ST chipset vulnerability has been released
and are now included in our technical report pertaining to the
security of NC+ SAT TV platform.

As indicated last week, the release is made as a direct result
of no interest in this research.

Updated version of the report, associated Proof of Concept codes
and tools can be downloaded from SRP-2018-02 project location:...

[SAUTH-2019-0001] - Micro Focus Filr Multiple Vulnerabilities

Wed, 02/20/2019 - 23:02

Posted by advisories on Feb 20

SecureAuth - SecureAuth Labs Advisory
http://www.secureauth.com/

Micro Focus Filr Multiple Vulnerabilities

1. *Advisory Information*

Title: Micro Focus Filr Multiple Vulnerabilities
Advisory ID: SAUTH-2019-0001
Advisory URL:
https://www.secureauth.com/labs/advisories/micro-focus-filr-multiple-vulnerabilities
Date published: 2019-02-20
Date of last update: 2019-02-20
Vendors contacted: Micro Focus
Release mode: Coordinated release

2....

[SECURITY] [DSA 4396-1] ansible security update

Wed, 02/20/2019 - 03:15

Posted by Moritz Muehlenhoff on Feb 20

-------------------------------------------------------------------------
Debian Security Advisory DSA-4396-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
February 19, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : ansible
CVE ID : CVE-2018-10855 CVE-2018-10875...

[SECURITY] [DSA 4395-1] chromium security update

Mon, 02/18/2019 - 23:27

Posted by Michael Gilbert on Feb 18

-------------------------------------------------------------------------
Debian Security Advisory DSA-4395-1 security () debian org
https://www.debian.org/security/ Michael Gilbert
February 18, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : chromium
CVE ID : CVE-2018-17481 CVE-2019-5754...

[SECURITY] [DSA 4394-1] rdesktop security update

Mon, 02/18/2019 - 21:34

Posted by Moritz Muehlenhoff on Feb 18

-------------------------------------------------------------------------
Debian Security Advisory DSA-4394-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
February 18, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : rdesktop
CVE ID : CVE-2018-8791 CVE-2018-8792...

[SECURITY] [DSA 4393-1] systemd security update

Mon, 02/18/2019 - 21:30

Posted by Salvatore Bonaccorso on Feb 18

-------------------------------------------------------------------------
Debian Security Advisory DSA-4393-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
February 18, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : systemd
CVE ID : CVE-2019-6454

Chris Coulson...

[SECURITY] [DSA 4388-2] mosquitto regression update

Sun, 02/17/2019 - 23:13

Posted by Salvatore Bonaccorso on Feb 17

-------------------------------------------------------------------------
Debian Security Advisory DSA-4388-2 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
February 17, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : mosquitto
Debian Bug : 922071

Kushal Kumaran reported...

CVE-2018-20162: Digi TransPort LR54 Restricted Shell Escape

Sun, 02/17/2019 - 23:09

Posted by Stig Palmquist on Feb 17

CVE-2018-20162: Digi TransPort LR54 Restricted Shell Escape
===========================================================

The Digi TransPort LR54 is a high speed LTE router commonly used by industry,
infrastructure, retail and public transportation.

It supports running python scripts in a restricted sandbox, and has a custom
shell accessible over SSH which is subjected to the same restrictions. The
underlying OS is inaccessible to the...

[SECURITY] [DSA 4392-1] thunderbird security update

Sun, 02/17/2019 - 23:06

Posted by Moritz Muehlenhoff on Feb 17

-------------------------------------------------------------------------
Debian Security Advisory DSA-4392-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
February 16, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : thunderbird
CVE ID : CVE-2018-18356 CVE-2018-18500...

DASAN H665 has vendor backdoor built into BusyBox’s /bin/login

Sun, 02/17/2019 - 22:17

Posted by Krzysztof Burghardt on Feb 17

Hi!

DASAN H665 has vendor backdoor built into BusyBox /bin/login. Account
named "dnsekakf2$$" gives access to admin (uid 0) account over telnet
without any password, at least for administration interface documented
in H665 Quick Guide (subnet 192.168.55.0/24 on LAN interface).

$ telnet 192.168.55.1
Trying 192.168.55.1...
Connected to 192.168.55.1.
Escape character is '^]'.
tc login: dnsekakf2$$
# uname -a
Linux tc 2.6.36 #1...

[slackware-security] mozilla-thunderbird (SSA:2019-045-01)

Fri, 02/15/2019 - 00:16

Posted by Slackware Security Team on Feb 14

[slackware-security] mozilla-thunderbird (SSA:2019-045-01)

New mozilla-thunderbird packages are available for Slackware 14.2 and -current
to fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/mozilla-thunderbird-60.5.1-i686-1_slack14.2.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:...

[SECURITY] [DSA 4391-1] firefox-esr security update

Fri, 02/15/2019 - 00:12

Posted by Moritz Muehlenhoff on Feb 14

-------------------------------------------------------------------------
Debian Security Advisory DSA-4391-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
February 14, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : firefox-esr
CVE ID : CVE-2018-18356 CVE-2019-5785...

[slackware-security] mozilla-firefox (SSA:2019-044-01)

Thu, 02/14/2019 - 02:45

Posted by Slackware Security Team on Feb 13

[slackware-security] mozilla-firefox (SSA:2019-044-01)

New mozilla-firefox packages are available for Slackware 14.2 and -current to
fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/mozilla-firefox-60.5.1esr-i686-1_slack14.2.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:...

Qkr! with MasterPass iOS Application - MITM SSL Certificate Vulnerability (CVE-2019-6702)

Thu, 02/14/2019 - 02:42

Posted by David Coomber on Feb 13

Qkr! with MasterPass iOS Application - MITM SSL Certificate
Vulnerability (CVE-2019-6702)

[slackware-security] lxc (SSA:2019-043-01)

Wed, 02/13/2019 - 08:49

Posted by Slackware Security Team on Feb 13

[slackware-security] lxc (SSA:2019-043-01)

New lxc packages are available for Slackware 14.2 and -current to
fix a security issue.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/lxc-2.0.9_d3a03247-i586-1_slack14.2.txz: Upgraded.
This update fixes a security issue where a malicious privileged container
could overwrite the host binary and thus gain root-level code execution on
the...

CA20190212-01: Security Notice for CA Privileged Access Manager

Wed, 02/13/2019 - 08:45

Posted by Kevin Kotas on Feb 13

CA20190212-01: Security Notice for CA Privileged Access Manager

Issued: February 12, 2019
Last Updated: February 12, 2019

CA Technologies Support is alerting customers to a potential risk
with CA Privileged Access Manager. A vulnerability exists that can
allow a remote attacker to access sensitive information or modify
configuration. CA published solutions to address the vulnerabilities.

CVE-2019-7392 describes a vulnerability resulting from...

[SECURITY] [DSA 4390-1] flatpak security update

Wed, 02/13/2019 - 08:42

Posted by Moritz Muehlenhoff on Feb 13

-------------------------------------------------------------------------
Debian Security Advisory DSA-4390-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
February 12, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : flatpak
CVE ID : not yet available
Debian Bug :...

[SECURITY] [DSA 4377-2] rssh regression update

Tue, 02/12/2019 - 07:02

Posted by Salvatore Bonaccorso on Feb 12

-------------------------------------------------------------------------
Debian Security Advisory DSA-4377-2 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
February 11, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : rssh
Debian Bug : 921655

The update for rssh issued as...

[SECURITY] [DSA 4389-1] libu2f-host security update

Tue, 02/12/2019 - 06:59

Posted by Sebastien Delafond on Feb 12

-------------------------------------------------------------------------
Debian Security Advisory DSA-4389-1 security () debian org
https://www.debian.org/security/ Sebastien Delafond
February 11, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : libu2f-host
CVE ID : CVE-2018-20340
Debian Bug...

[SECURITY] [DSA 4388-1] mosquitto security update

Mon, 02/11/2019 - 00:12

Posted by Moritz Muehlenhoff on Feb 10

-------------------------------------------------------------------------
Debian Security Advisory DSA-4388-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
February 10, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : mosquitto
CVE ID : CVE-2018-12546 CVE-2018-12550...

Pages