Security Updates from SECLISTS

Subscribe to Security Updates from SECLISTS feed
The premier general security mailing list. Vulnerabilities are often announced here first, so check frequently!
Updated: 2 hours 55 min ago

FreeBSD Security Advisory FreeBSD-SA-18:07.lazyfpu

10 hours 22 min ago

Posted by FreeBSD Security Advisories on Jun 21

=============================================================================
FreeBSD-SA-18:07.lazyfpu Security Advisory
The FreeBSD Project

Topic: Lazy FPU State Restore Information Disclosure

Category: core
Module: kernel
Announced: 2018-06-21
Credits: Julian Stecklina from Amazon Germany
Thomas...

[SECURITY] [DSA 4232-1] xen security update

10 hours 27 min ago

Posted by Moritz Muehlenhoff on Jun 21

-------------------------------------------------------------------------
Debian Security Advisory DSA-4232-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
June 20, 2018 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : xen
CVE ID : CVE-2018-3665

This update provides...

[slackware-security] gnupg (SSA:2018-170-01)

10 hours 31 min ago

Posted by Slackware Security Team on Jun 21

[slackware-security] gnupg (SSA:2018-170-01)

New gnupg packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
14.2, and -current to fix a security issue.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/gnupg-1.4.23-i586-1_slack14.2.txz: Upgraded.
Sanitize the diagnostic output of the original file name in verbose mode.
By using a made up file name in the message it was...

XSS in Canopy login page

10 hours 34 min ago

Posted by RYT on Jun 21

[Title]

XSS in Canopy login page

------------------------------------------

[Description]

CheckSec Canopy 3.x before 3.0.7 has stored XSS via the Login Page Disclaimer,

allowing attacks by low-privileged users against higher-privileged users.This

instance of stored cross-site scripting (XSS) vulnerability could

allow any users with administrator rights to inject malicious scripts

to compromise any users that visit the login page....

[SECURITY] [DSA 4229-1] strongswan security update

Mon, 06/18/2018 - 01:23

Posted by Yves-Alexis Perez on Jun 17

-------------------------------------------------------------------------
Debian Security Advisory DSA-4229-1 security () debian org
https://www.debian.org/security/ Yves-Alexis Perez
June 14, 2018 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : strongswan
CVE ID : CVE-2018-5388 CVE-2018-10811...

[security bulletin] MFSBGN03810 rev.1 - Universal CMDB, Deserialization Java Objects and CSRF

Mon, 06/18/2018 - 01:18

Posted by cyber-psrt on Jun 17

Note: the current version of the following document is available here:
https://softwaresupport.hpe.com/document/-/facetsearch/document/KM03180069

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: KM03180069
Version: 1

MFSBGN03810 rev.1 - Universal CMDB, Deserialization Java Objects and CSRF

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release Date: 2018-06-15
Last Updated: 2018-06-15...

[SECURITY] [DSA 4230-1] redis security update

Mon, 06/18/2018 - 01:14

Posted by Moritz Muehlenhoff on Jun 17

-------------------------------------------------------------------------
Debian Security Advisory DSA-4230-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
June 17, 2018 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : redis
CVE ID : CVE-2018-11218 CVE-2018-11219...

[SECURITY] [DSA 4231-1] libgcrypt20 security update

Mon, 06/18/2018 - 01:12

Posted by Salvatore Bonaccorso on Jun 17

-------------------------------------------------------------------------
Debian Security Advisory DSA-4231-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
June 17, 2018 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : libgcrypt20
CVE ID : CVE-2018-0495

It was...

[security bulletin] MFSBGN03809 rev.1 - Universal CMDB, Deserialization Java Objects and CSRF

Mon, 06/18/2018 - 01:06

Posted by cyber-psrt on Jun 17

Note: the current version of the following document is available here:
https://softwaresupport.hpe.com/document/-/facetsearch/document/KM03180066

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: KM03180066
Version: 1

MFSBGN03809 rev.1 - Universal CMDB, Deserialization Java Objects and CSRF

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release Date: 2018-06-15
Last Updated: 2018-06-15...

CA20180614-01: Security Notice for CA Privileged Access Manager

Thu, 06/14/2018 - 22:32

Posted by Williams, Ken on Jun 14

CA20180614-01: Security Notice for CA Privileged Access Manager

Issued: June 14th, 2018
Last Updated: June 14th, 2018

CA Technologies Support is alerting customers to multiple potential
risks with CA Privileged Access Manager. Multiple vulnerabilities
exist that can allow a remote attacker to conduct a variety of attacks.
These risks include seven vulnerabilities privately reported within
the past year to CA Technologies by security...

CALL FOR PAPERS - INTEL SECURITY CONFERENCE (iSecCon) 2018

Thu, 06/14/2018 - 22:29

Posted by Branco, Rodrigo on Jun 14

<<< application/pkcs7-mime: EXCLUDED >>>

WebKitGTK+ and WPE WebKit Security Advisory WSA-2018-0005

Thu, 06/14/2018 - 22:26

Posted by Michael Catanzaro on Jun 14

------------------------------------------------------------------------
WebKitGTK+ and WPE WebKit Security Advisory WSA-2018-0005
------------------------------------------------------------------------

Date reported : June 13, 2018
Advisory ID : WSA-2018-0005
WebKitGTK+ Advisory URL :
https://webkitgtk.org/security/WSA-2018-0005.html
WPE WebKit Advisory URL :...

[SECURITY] [DSA 4228-1] spip security update

Thu, 06/14/2018 - 22:20

Posted by Sebastien Delafond on Jun 14

-------------------------------------------------------------------------
Debian Security Advisory DSA-4228-1 security () debian org
https://www.debian.org/security/ Sebastien Delafond
June 14, 2018 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : spip
CVE ID : CVE-2017-15736
Debian Bug :...

APPLE-SA-2018-06-13-01 Xcode 9.4.1

Thu, 06/14/2018 - 22:16

Posted by Apple Product Security on Jun 14

APPLE-SA-2018-06-13-01 Xcode 9.4.1

Xcode 9.4.1 is now available and addresses the following:

Git
Available for: macOS High Sierra 10.13.2 or later
Impact: Multiple issues in git, the most significant of which may
lead to arbitrary code execution
Description: Multiple issues existed in git. These issues were
addressed by updating git to version 2.15.2.
CVE-2018-11235: Etienne Stalmans
CVE-2018-11233

Installation note:

Xcode 9.4.1 may be...

Multiple Security Issues in Ecos Secure Boot Stick (SBS)

Wed, 06/13/2018 - 10:58

Posted by Michael Rossberg on Jun 13

MULTIPLE SECURITY ISSUES IN ECOS SECURE BOOT STICK (SBS)

- Software: Ecos Secure Boot Stick
- Version: Stick Version 5.6.5, System Management Version 5.2.68
- Vendor Status: Vendor informed
- Release Date: 13/06/2018

The latest version of this document may be downloaded from
https://telematik.prakinf.tu-ilmenau.de/ecos-sbs/advisory.html. A German version
may be found below.

1. General Overview

The Ecos Secure Boot Stick shall provide...

Samsung Web Viewer for Samsung DVR Reflected Cross Site Scripting (XSS) CVE-2018-11689

Wed, 06/13/2018 - 07:22

Posted by yavuz atlas on Jun 13

I. VULNERABILITY
-------------------------
Samsung Web Viewer for Samsung DVR Reflected Cross Site Scripting (XSS)

II. CVE REFERENCE
-------------------------
CVE-2018-11689

III. REFERENCES
-------------------------
https://vulmon.com/vulnerabilitydetails?qid=CVE-2018-11689

IV. CREDIT
-------------------------
Yavuz Atlas - Biznet Bilisim
http://www.biznet.com.tr/biznet-guvenlik-duyurulari

V. DESCRIPTION
-------------------------
Samsung Web...

CSNC-2018-021 - Vert.x - HTTP Header Injection

Wed, 06/13/2018 - 04:11

Posted by Advisories on Jun 13

#############################################################
#
# COMPASS SECURITY ADVISORY
# https://www.compass-security.com/research/advisories/
#
#############################################################
#
# Product: Vert.x [1]
# CSNC ID: CSNC-2018-021
# Subject: HTTP Header Injection
# Risk: Medium
# Effect: Remotely exploitable
# Author: Lukasz D. (advisories () compass-security com)
# Date: 12.06.2018
#...

[SECURITY] [DSA 4227-1] plexus-archiver security update

Tue, 06/12/2018 - 16:55

Posted by Salvatore Bonaccorso on Jun 12

-------------------------------------------------------------------------
Debian Security Advisory DSA-4227-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
June 12, 2018 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : plexus-archiver
CVE ID : CVE-2018-1002200
Debian...

DefenseCode ThunderScan SAST Advisory: WordPress WP Google Map Plugin Multiple SQL injection Security Vulnerabilities

Tue, 06/12/2018 - 08:49

Posted by Defense Code on Jun 12

DefenseCode ThunderScan SAST Advisory: WordPress WP Google Map Plugin
Multiple SQL injection Security Vulnerabilities

Advisory ID: DC-2018-05-002
Advisory Title: WordPress WP Google Map Plugin Multiple SQL injection
Vulnerabilities
Advisory URL: http://www.defensecode.com/advisories.php
Software: WordPress WP Google Map plugin
Language: PHP
Version: 4.0.4 and below
Vendor Status: Vendor contacted, no response
Release...

DefenseCode ThunderScan SAST Advisory: WordPress Ultimate Form Builder Lite Plugin Multiple Vulnerabilities (XSS and SQLi)

Tue, 06/12/2018 - 08:41

Posted by Defense Code on Jun 12

DefenseCode ThunderScan SAST Advisory: WordPress Ultimate Form Builder
Lite Plugin Multiple Vulnerabilities (XSS and SQLi)

Advisory ID: DC-2018-05-009
Advisory Title: WordPress Ultimate Form Builder Lite Plugin Multiple
Vulnerabilities (XSS and SQLi)
Advisory URL: http://www.defensecode.com/advisories.php
Software: WordPress Ultimate Form Builder Lite plugin
Language: PHP
Version: 1.3.7 and below
Vendor Status: Vendor...

Pages