Security Updates from SECLISTS

Subscribe to Security Updates from SECLISTS feed
The premier general security mailing list. Vulnerabilities are often announced here first, so check frequently!
Updated: 2 hours 54 min ago

APPLE-SA-2018-9-17-5 Apple Support 2.4 for iOS

Mon, 09/17/2018 - 23:03

Posted by Apple Product Security on Sep 17

APPLE-SA-2018-9-17-5 Apple Support 2.4 for iOS

Apple Support 2.4 for iOS is now available and addresses the
following:

Analytics
Available for: iOS 11.0 and later
Impact: An attacker in a privileged network position may be able to
intercept analytics data sent to Apple
Description: Analytics data was sent using HTTP rather than HTTPS.
This was addressed by sending analytics data using HTTPS.
CVE-2018-4397: Yigit Can YILMAZ (@yilmazcanyigit)...

race condition in .net core System.IO.Directory.Delete allowing deletion of entire drives

Mon, 09/17/2018 - 22:59

Posted by Joshua Hudson on Sep 17

Here's a link to the original reporting of this class of bug:
https://seclists.org/bugtraq/2000/May/67

In looking for how to deal with this problem on Windows, I discovered
that .net core has
essentially the same security bug.

That file system node might have been a directory when FindNextFile
returned it, but it's a symlink to c:\users now. Goodbye half your
data (on average) before hitting a locked file....

APPLE-SA-2018-9-17-3 tvOS 12

Mon, 09/17/2018 - 22:54

Posted by Apple Product Security on Sep 17

APPLE-SA-2018-9-17-3 tvOS 12

tvOS 12 is now available and addresses the following:

Bluetooth
Available for: Apple TV (4th generation)
Impact: An attacker in a privileged network position may be able to
intercept Bluetooth traffic
Description: An input validation issue existed in Bluetooth. This
issue was addressed with improved input validation.
CVE-2018-5383: Lior Neumann and Eli Biham

iTunes Store
Available for: Apple TV 4K and Apple TV (4th...

APPLE-SA-2018-9-17-4 Safari 12

Mon, 09/17/2018 - 22:53

Posted by Apple Product Security on Sep 17

APPLE-SA-2018-9-17-4 Safari 12

Safari 12 is now available and addresses the following:

Safari
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS
Mojave 10.14
Impact: A malicious website may be able to exfiltrate autofilled data
in Safari
Description: A logic issue was addressed with improved state
management.
CVE-2018-4307: Rafay Baloch of Pakistan Telecommunications Authority

Safari
Available for: macOS Sierra 10.12.6,...

APPLE-SA-2018-9-17-1 iOS 12

Mon, 09/17/2018 - 22:48

Posted by Apple Product Security on Sep 17

APPLE-SA-2018-9-17-1 iOS 12

iOS 12 is now available and addresses the following:

Accounts
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A local app may be able to read a persistent account
identifier
Description: This issue was addressed with improved entitlements.
CVE-2018-4322: Min (Spark) Zheng, Xiaolong Bai of Alibaba Inc.

Bluetooth
Available for: iPhone SE, iPhone 6s, iPhone 6s Plus, iPhone...

APPLE-SA-2018-9-17-2 watchOS 5

Mon, 09/17/2018 - 22:45

Posted by Apple Product Security on Sep 17

APPLE-SA-2018-9-17-2 watchOS 5

watchOS 5 is now available and addresses the following:

iTunes Store
Available for: Apple Watch Series 1 and later
Impact: An attacker in a privileged network position may be able to
spoof password prompts in the iTunes Store
Description: An input validation issue was addressed with improved
input validation.
CVE-2018-4305: Jerry Decime

Kernel
Available for: Apple Watch Series 1 and later
Impact: An application...

Disclose SSRF Vulnerability

Mon, 09/17/2018 - 22:42

Posted by alphan yavaş on Sep 17

I. VULNERABILITY
-------------------------
Rollup 18 for Microsoft Exchange Server 2010 SP3 Server Side Request
Forgery (SSRF)

II. CVE REFERENCE
-------------------------
CVE-2018-16793

III. VENDOR
-------------------------
https://www.microsoft.com

IV. TIMELINE
------------------------
19/06/2018 Vulnerability discovered
22/06/2018 Vendor contacted
15/08/2018 Microsoft replay that Update rollup 18 is out of date.

V. CREDIT...

[SECURITY] [DSA 4296-1] mbedtls security update

Mon, 09/17/2018 - 04:31

Posted by Moritz Muehlenhoff on Sep 17

-------------------------------------------------------------------------
Debian Security Advisory DSA-4296-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
September 16, 2018 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : mbedtls
CVE ID : CVE-2018-0497 CVE-2018-0498

Two...

[SECURITY] [DSA 4295-1] thunderbird security update

Mon, 09/17/2018 - 04:28

Posted by Moritz Muehlenhoff on Sep 17

-------------------------------------------------------------------------
Debian Security Advisory DSA-4295-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
September 16, 2018 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : thunderbird
CVE ID : CVE-2018-5156 CVE-2018-5187...

[SECURITY] [DSA 4294-1] ghostscript security update

Mon, 09/17/2018 - 04:27

Posted by Moritz Muehlenhoff on Sep 17

-------------------------------------------------------------------------
Debian Security Advisory DSA-4294-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
September 16, 2018 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : ghostscript
CVE ID : CVE-2018-16509 CVE-2018-16802...

[SECURITY] [DSA 4273-2] intel-microcode security update

Mon, 09/17/2018 - 04:24

Posted by Moritz Muehlenhoff on Sep 17

-------------------------------------------------------------------------
Debian Security Advisory DSA-4273-2 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
September 16, 2018 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : intel-microcode
CVE ID : CVE-2018-3639...

[slackware-security] php (SSA:2018-257-01)

Mon, 09/17/2018 - 04:17

Posted by Slackware Security Team on Sep 17

[slackware-security] php (SSA:2018-257-01)

New php packages are available for Slackware 14.0, 14.1, 14.2, and -current to
fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/php-5.6.38-i586-1_slack14.2.txz: Upgraded.
One security bug has been fixed in this release:
Apache2: XSS due to the header Transfer-Encoding: chunked
For more information, see:...

[SECURITY] [DSA 4293-1] discount security update

Mon, 09/17/2018 - 04:13

Posted by Alessandro Ghedini on Sep 17

-------------------------------------------------------------------------
Debian Security Advisory DSA-4293-1 security () debian org
https://www.debian.org/security/ Alessandro Ghedini
September 14, 2018 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : discount
CVE ID : CVE-2018-11468 CVE-2018-11503...

[slackware-security] ghostscript (SSA:2018-256-01)

Fri, 09/14/2018 - 01:40

Posted by Slackware Security Team on Sep 13

[slackware-security] ghostscript (SSA:2018-256-01)

New ghostscript packages are available for Slackware 14.2 and -current to
fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/ghostscript-9.25-i586-1_slack14.2.txz: Upgraded.
This release fixes problems with argument handling, some unintended
results of the security fixes to the SAFER file access restrictions...

CVE-2018-16242 - oBike Electronic Lock Bypass

Thu, 09/13/2018 - 07:02

Posted by Antoine Neuenschwander on Sep 13

################################################################################
# #
# CVE-2018-16242 - oBike Electronic Lock Bypass #
# #
################################################################################
#...

CVE-2017-16639 - Tor Browser Deanonymization With SMB

Wed, 09/12/2018 - 12:07

Posted by Filippo Cavallarin on Sep 12

Advisory ID: SGMA18-002
Title: Tor Browser Deanonymization With SMB
Product: Tor Browser < 8.0, Firefox < 62 / < 60.2.0esr
Vendor: torproject.org, mozilla.org
Type: Information Disclosure
Risk level: 4 / 5
Credits: filippo.cavallarin () wearesegment com
CVE: CVE-2017-16639
Vendor notification: 2017-11-02
Vendor fix:...

Seagate Personal Cloud multiple information disclosure vulnerabilities

Wed, 09/12/2018 - 12:05

Posted by Summer of Pwnage on Sep 12

------------------------------------------------------------------------
Seagate Personal Cloud multiple information disclosure vulnerabilities
------------------------------------------------------------------------
Yorick Koster, September 2017

------------------------------------------------------------------------
Abstract
------------------------------------------------------------------------
Seagate Personal Cloud is a consumer-grade...

[SYSS-2018-015] HiScout GRC Suite < 3.1.5 - Unrestricted Upload of File with Dangerous Type

Wed, 09/12/2018 - 12:02

Posted by sebastian . auwaerter on Sep 12

Advisory ID: SYSS-2018-015
Product: HiScout GRC Suite
Manufacturer: HiScout GmbH
Affected Version(s): < 3.1.5
Tested Version(s): 3.1.3.12
Vulnerability Type: Unrestricted Upload of File with Dangerous Type
Risk Level: High
Solution Status: Fixed
Manufacturer Notification: 2018-07-26
Solution Date: 2018-09-03
Public Disclosure: 2018-09-12
CVE Reference: CVE-2018-16796
Author of Advisory: Sebastian Auwaerter, SySS GmbH...

Disclose SSRF Vulnerability

Wed, 09/12/2018 - 04:26

Posted by Alphan Yavaş on Sep 12

I. VULNERABILITY
-------------------------
Microsoft ADFS 4.0 Windows Server 2016 and previous (Active Directory
Federation Services) Server Side Request Forgery (SSRF)

II. CVE REFERENCE
-------------------------
CVE-2018-16794

III. VENDOR
-------------------------
https://www.microsoft.com
https://msdn.microsoft.com/en-us/library/bb897402.aspx

IV. TIMELINE
-------------------------
15/08/2018 Vulnerability discovered
18/08/2018 Vendor...

FreeBSD Security Advisory FreeBSD-SA-18:12.elf

Wed, 09/12/2018 - 04:23

Posted by FreeBSD Security Advisories on Sep 12

=============================================================================
FreeBSD-SA-18:12.elf Security Advisory
The FreeBSD Project

Topic: Improper ELF header parsing

Category: core
Module: kernel
Announced: 2018-09-12
Credits: Thomas Barabosch, Fraunhofer FKIE; Mark Johnston
Affects: All supported...

Pages