Security Updates from SECLISTS

Subscribe to Security Updates from SECLISTS feed
The premier general security mailing list. Vulnerabilities are often announced here first, so check frequently!
Updated: 54 min 36 sec ago

[SECURITY] [DSA 4505-1] nginx security update

Thu, 08/22/2019 - 15:59

Posted by Moritz Muehlenhoff on Aug 22

-------------------------------------------------------------------------
Debian Security Advisory DSA-4505-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
August 22, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : nginx
CVE ID : CVE-2019-9511 CVE-2019-9513...

FreeBSD Security Advisory FreeBSD-SA-19:23.midi [REVISED]

Thu, 08/22/2019 - 15:55

Posted by FreeBSD Security Advisories on Aug 22

=============================================================================
FreeBSD-SA-19:23.midi Security Advisory
The FreeBSD Project

Topic: kernel memory disclosure from /dev/midistat

Category: core
Module: sound
Announced: 2019-08-20
Credits: Peter Holm, Mark Johnston
Affects: All supported versions of...

SEC Consult SA-20190822-0 :: Multiple Vulnerabilities in OpenPGP.js

Thu, 08/22/2019 - 08:30

Posted by SEC Consult Vulnerability Lab on Aug 22

You owe me € 10

SEC Consult SA-20190821-0 :: Unauthenticated sensitive information leakage in Zoho Corporation ManageEngine ServiceDesk Plus

Wed, 08/21/2019 - 09:02

Posted by SEC Consult Vulnerability Lab on Aug 21

SEC Consult Vulnerability Lab Security Advisory < 20190821-0 >
=======================================================================
title: Unauthenticated sensitive information leakage
product: Zoho Corporation ManageEngine ServiceDesk Plus
vulnerable version: v10 <10509
fixed version: v10 >=10509
CVE number: CVE-2019-15045, CVE-2019-15046
impact: Critical
homepage:...

[SECURITY] [DSA 4504-1] vlc security update

Wed, 08/21/2019 - 09:02

Posted by Moritz Muehlenhoff on Aug 21

-------------------------------------------------------------------------
Debian Security Advisory DSA-4504-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
August 20, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : vlc
CVE ID : CVE-2019-13602 CVE-2019-13962...

FreeBSD Security Advisory FreeBSD-SA-19:24.mqueuefs

Wed, 08/21/2019 - 09:01

Posted by FreeBSD Security Advisories on Aug 21

=============================================================================
FreeBSD-SA-19:24.mqueuefs Security Advisory
The FreeBSD Project

Topic: Reference count overflow in mqueue filesystem 32-bit compat

Category: core
Module: kernel
Announced: 2019-08-20
Credits: Karsten König, Secfault Security
Affects:...

FreeBSD Security Advisory FreeBSD-SA-19:23.midi

Wed, 08/21/2019 - 08:55

Posted by FreeBSD Security Advisories on Aug 21

=============================================================================
FreeBSD-SA-19:23.midi Security Advisory
The FreeBSD Project

Topic: kernel memory disclosure from /dev/midistat

Category: core
Module: sound
Announced: 2019-08-20
Credits: Peter Holm, Mark Johnston
Affects: All supported versions of...

FreeBSD Security Advisory FreeBSD-SA-19:22.mbuf

Wed, 08/21/2019 - 08:51

Posted by FreeBSD Security Advisories on Aug 21

=============================================================================
FreeBSD-SA-19:22.mbuf Security Advisory
The FreeBSD Project

Topic: IPv6 remote Denial-of-Service

Category: kernel
Module: net
Announced: 2019-08-20
Credits: Clement Lecigne
Affects: All supported versions of FreeBSD.
Corrected:...

[CVE-2019-15150] CSRF in MediaWiki extension OAuth2 Client 0.3

Mon, 08/19/2019 - 03:39

Posted by Justin Bull on Aug 19

[CVE-2019-15150] CSRF in MediaWiki extension OAuth2 Client 0.3

Happy Sunday everyone.

A security bulletin for you all.

Software:
--------
MediaWiki OAuth2 Client (https://github.com/Schine/MW-OAuth2Client)

Description:
----------
MediaWiki implementation of the PHP League's OAuth2 Client, to allow MediaWiki
to act as a client to any OAuth2 server.

Not Affeted:
------------
0.2 and earlier.

Affected Versions:
---------------
0.3

Fixed...

[SECURITY] [DSA 4503-1] golang-1.11 security update

Mon, 08/19/2019 - 03:32

Posted by Moritz Muehlenhoff on Aug 19

-------------------------------------------------------------------------
Debian Security Advisory DSA-4503-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
August 18, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : golang-1.11
CVE ID : CVE-2019-9512 CVE-2019-9514...

[SECURITY] [DSA 4502-1] ffmpeg security update

Fri, 08/16/2019 - 17:55

Posted by Moritz Muehlenhoff on Aug 16

-------------------------------------------------------------------------
Debian Security Advisory DSA-4502-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
August 16, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : ffmpeg
CVE ID : CVE-2019-12730

Several...

Details about recent GNU patch vulnerabilities

Fri, 08/16/2019 - 06:21

Posted by Imre Rad on Aug 16

I identified several vulnerabilities in the GNU patch utility, some of
them making it possible to execute arbitrary code if the victim opens
a crafted patch file. It also turned out, some of these
vulnerabilities had been silently addressed by the maintainer back
then in 2018 when CVE-2018-1000156 was reported. Some Linux
distributions (like Debian, Ubuntu or Fedora) applied only the primary
patch and thus they remained vulnerable to the attack...

[SECURITY] [DSA 4501-1] libreoffice security update

Fri, 08/16/2019 - 02:22

Posted by Moritz Muehlenhoff on Aug 15

-------------------------------------------------------------------------
Debian Security Advisory DSA-4501-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
August 15, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : libreoffice
CVE ID : CVE-2019-9850 CVE-2019-9851...

[slackware-security] mozilla-firefox (SSA:2019-226-02)

Thu, 08/15/2019 - 06:37

Posted by Slackware Security Team on Aug 15

[slackware-security] mozilla-firefox (SSA:2019-226-02)

New mozilla-firefox packages are available for Slackware 14.2 and -current to
fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/mozilla-firefox-68.0.2esr-i686-1_slack14.2.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:...

[slackware-security] Slackware 14.2 kernel (SSA:2019-226-01)

Wed, 08/14/2019 - 06:01

Posted by Slackware Security Team on Aug 14

[slackware-security] Slackware 14.2 kernel (SSA:2019-226-01)

New kernel packages are available for Slackware 14.2 to fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/linux-4.4.189/*: Upgraded.
These updates fix various bugs and many security issues, and include the
Spectre v1 SWAPGS mitigations.
Be sure to upgrade your initrd after upgrading the kernel packages....

APPLE-SA-2019-8-13-2 Additional information for APPLE-SA-2019-7-22-1 iOS 12.4

Wed, 08/14/2019 - 06:01

Posted by Apple Product Security on Aug 14

APPLE-SA-2019-8-13-2 Additional information for
APPLE-SA-2019-7-22-1 iOS 12.4

iOS 12.4 addresses the following:

Bluetooth
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation and later
Impact: An attacker in a privileged network position may be able to
intercept Bluetooth traffic (Key Negotiation of Bluetooth - KNOB)
Description: An input validation issue existed in Bluetooth. This
issue was addressed with...

APPLE-SA-2019-08-13-5 SwiftNIO HTTP/2 1.5.0

Wed, 08/14/2019 - 05:58

Posted by Apple Product Security on Aug 14

APPLE-SA-2019-08-13-5 SwiftNIO HTTP/2 1.5.0

SwiftNIO HTTP/2 1.5.0 is now available and addresses the following:

SwiftNIO HTTP/2
Available for: SwiftNIO HTTP/2 1.0.0 through 1.4.0 on
macOS Sierra 10.12 and later and Ubuntu 14.04 and later
Impact: A HTTP/2 server may consume unbounded amounts of memory when
receiving certain traffic patterns and eventually suffer resource
exhaustion
Description: This issue was addressed with improved buffer size...

APPLE-SA-2019-8-13-4 Additional information for APPLE-SA-2019-7-22-5 tvOS 12.4

Wed, 08/14/2019 - 05:57

Posted by Apple Product Security on Aug 14

APPLE-SA-2019-8-13-4 Additional information for
APPLE-SA-2019-7-22-5 tvOS 12.4

tvOS 12.4 addresses the following:

Bluetooth
Available for: Apple TV 4K and Apple TV HD
Impact: An attacker in a privileged network position may be able to
intercept Bluetooth traffic (Key Negotiation of Bluetooth - KNOB)
Description: An input validation issue existed in Bluetooth. This
issue was addressed with improved input validation.
CVE-2019-9506: Daniele...

APPLE-SA-2019-8-13-3 Additional information for APPLE-SA-2019-7-22-4 watchOS 5.3

Wed, 08/14/2019 - 05:53

Posted by Apple Product Security on Aug 14

APPLE-SA-2019-8-13-3 Additional information for
APPLE-SA-2019-7-22-4 watchOS 5.3

watchOS 5.3 addresses the following:

Bluetooth
Available for: Apple Watch Series 1 and later
Impact: An attacker in a privileged network position may be able to
intercept Bluetooth traffic (Key Negotiation of Bluetooth - KNOB)
Description: An input validation issue existed in Bluetooth. This
issue was addressed with improved input validation.
CVE-2019-9506: Daniele...

APPLE-SA-2019-8-13-1 Additional information for APPLE-SA-2019-7-22-2 macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra

Wed, 08/14/2019 - 05:49

Posted by Apple Product Security on Aug 14

APPLE-SA-2019-8-13-1 Additional information for
APPLE-SA-2019-7-22-2 macOS Mojave 10.14.6, Security Update
2019-004 High Sierra, Security Update 2019-004 Sierra

macOS Mojave 10.14.6, Security Update 2019-004 High Sierra,
Security Update 2019-004 Sierra address the
following:

AppleGraphicsControl
Available for: macOS Mojave 10.14.5
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with...

Pages