Security Updates from SECLISTS

Subscribe to Security Updates from SECLISTS feed
The premier general security mailing list. Vulnerabilities are often announced here first, so check frequently!
Updated: 1 hour 17 min ago

[SECURITY] [DSA 4471-1] thunderbird security update

Tue, 06/25/2019 - 09:47

Posted by Moritz Muehlenhoff on Jun 25

-------------------------------------------------------------------------
Debian Security Advisory DSA-4471-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
June 24, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : thunderbird
CVE ID : CVE-2019-11707 CVE-2019-11708...

[SECURITY] [DSA 4469-1] libvirt security update

Mon, 06/24/2019 - 03:42

Posted by Salvatore Bonaccorso on Jun 24

-------------------------------------------------------------------------
Debian Security Advisory DSA-4469-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
June 22, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : libvirt
CVE ID : CVE-2019-10161 CVE-2019-10167

Two...

[SECURITY] [DSA 4470-1] pdns security update

Mon, 06/24/2019 - 03:40

Posted by Moritz Muehlenhoff on Jun 24

-------------------------------------------------------------------------
Debian Security Advisory DSA-4470-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
June 23, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : pdns
CVE ID : CVE-2019-10162 CVE-2019-10163

Two...

[slackware-security] mozilla-firefox (SSA:2019-172-01)

Mon, 06/24/2019 - 03:39

Posted by Slackware Security Team on Jun 24

[slackware-security] mozilla-firefox (SSA:2019-172-01)

New mozilla-firefox packages are available for Slackware 14.2 and -current to
fix a security issue.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/mozilla-firefox-60.7.2esr-i686-1_slack14.2.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:...

[SECURITY] [DSA 4467-2] vim regression update

Mon, 06/24/2019 - 03:32

Posted by Moritz Muehlenhoff on Jun 24

-------------------------------------------------------------------------
Debian Security Advisory DSA-4467-2 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
June 23, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : vim
CVE ID : CVE-2019-12735

The update for vim...

APPLE-SA-2019-6-20-1 AirPort Base Station Firmware Update 7.8.1

Mon, 06/24/2019 - 03:29

Posted by Apple Product Security on Jun 24

APPLE-SA-2019-6-20-1 AirPort Base Station Firmware Update 7.8.1

AirPort Base Station Firmware Update 7.8.1 is now available and
addresses the following:

AirPort Base Station Firmware
Available for: AirPort Express, AirPort Extreme, and AirPort Time
Capsule base stations with 802.11n
Impact: A remote attacker may be able to leak memory
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2019-8581: Lucio Albornoz...

[SECURITY] [DSA 4468-1] php-horde-form security update

Mon, 06/24/2019 - 03:29

Posted by Salvatore Bonaccorso on Jun 24

-------------------------------------------------------------------------
Debian Security Advisory DSA-4468-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
June 21, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : php-horde-form
CVE ID : CVE-2019-9858
Debian Bug...

[slackware-security] mozilla-thunderbird (SSA:2019-172-02)

Mon, 06/24/2019 - 03:26

Posted by Slackware Security Team on Jun 24

[slackware-security] mozilla-thunderbird (SSA:2019-172-02)

New mozilla-thunderbird packages are available for Slackware 14.2 and -current
to fix a security issue.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/mozilla-thunderbird-60.7.2-i686-1_slack14.2.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:...

[slackware-security] bind (SSA:2019-171-01)

Mon, 06/24/2019 - 03:21

Posted by Slackware Security Team on Jun 24

[slackware-security] bind (SSA:2019-171-01)

New bind packages are available for Slackware 14.0, 14.1, 14.2, and -current to
fix a denial-of-service security issue.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/bind-9.11.8-i586-1_slack14.2.txz: Upgraded.
Fixed a race condition in dns_dispatch_getnext() that could cause an
assertion failure if a significant number of incoming packets...

[SECURITY] [DSA 4447-2] intel-microcode security update

Mon, 06/24/2019 - 03:18

Posted by Moritz Muehlenhoff on Jun 24

-------------------------------------------------------------------------
Debian Security Advisory DSA-4447-2 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
Jun 20, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : intel-microcode
CVE ID : CVE-2018-12126...

FreeBSD Security Advisory FreeBSD-SA-19:08.rack

Mon, 06/24/2019 - 03:14

Posted by FreeBSD Security Advisories on Jun 24

=============================================================================
FreeBSD-SA-19:08.rack Security Advisory
The FreeBSD Project

Topic: Resource exhaustion in non-default RACK TCP stack

Category: core
Module: inet
Announced: 2019-06-19
Credits: Jonathan Looney (Netflix)
Peter Lei (Netflix)...

[SECURITY] [DSA 4465-1] linux security update

Tue, 06/18/2019 - 13:12

Posted by Salvatore Bonaccorso on Jun 18

-------------------------------------------------------------------------
Debian Security Advisory DSA-4465-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
June 17, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : linux
CVE ID : CVE-2019-3846 CVE-2019-5489...

[SECURITY] [DSA 4464-1] thunderbird security update

Mon, 06/17/2019 - 05:44

Posted by Moritz Muehlenhoff on Jun 17

-------------------------------------------------------------------------
Debian Security Advisory DSA-4464-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
June 15, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : thunderbird
CVE ID : CVE-2019-11703 CVE-2019-11704...

Microsoft Word (2016) Deceptive File Reference ZDI-CAN-7949

Mon, 06/17/2019 - 05:44

Posted by apparitionsec on Jun 17

[+] Credits: John Page (aka hyp3rlinx)
[+] Website: hyp3rlinx.altervista.org
[+] Source: http://hyp3rlinx.altervista.org/advisories/MICROSOFT-WORD-DECEPTIVE-FILE-REFERENCE.txt
[+] ISR: ApparitionSec
[+] Zero Day Initiative Program

[Vendor]
www.microsoft.com

[Product]
Microsoft Word 2016

[Vulnerability Type]
Deceptive File Reference

[References]
ZDI-CAN-7949

[Security Issue]
When a MS Word ".docx" File contains a...

[SECURITY] [DSA 4463-1] znc security update

Mon, 06/17/2019 - 05:39

Posted by Salvatore Bonaccorso on Jun 17

-------------------------------------------------------------------------
Debian Security Advisory DSA-4463-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
June 14, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : znc
CVE ID : CVE-2019-9917 CVE-2019-12816
Debian...

[SE-2019-01] Java Card vulnerabilities (post shutdown release)

Mon, 06/17/2019 - 05:36

Posted by Adam Gowdiak on Jun 17

Hello All,

Original reports that were submitted to Oracle and Gemalto have been
posted to Security Explorations website:

http://www.security-explorations.com/javacard_details.html

This should help all interested parties to proceed with an independent
evaluation of the issues, but also judge Oracle and Gemalto stance with
respect to them.

Thank you.

Best Regards,
adam gowdiak

X41 D-Sec GmbH Security Advisory X41-2019-004: Type confusion in Thunderbird

Fri, 06/14/2019 - 02:13

Posted by X41 D-Sec GmbH Advisories on Jun 13

X41 D-Sec GmbH Security Advisory: X41-2019-004

Type confusion in Thunderbird
=============================
Severity Rating: Medium
Confirmed Affected Versions: All versions affected
Confirmed Patched Versions: Thunderbird ESR 60.7.XXX
Vendor: Thunderbird
Vendor URL: https://www.thunderbird.net/
Vendor Reference: https://bugzilla.mozilla.org/show_bug.cgi?id=1555646
Vector: Incoming mail with calendar attachment
Credit: X41 D-SEC GmbH, Luis Merino...

[slackware-security] mozilla-thunderbird (SSA:2019-164-01)

Fri, 06/14/2019 - 02:13

Posted by Slackware Security Team on Jun 13

[slackware-security] mozilla-thunderbird (SSA:2019-164-01)

New mozilla-thunderbird packages are available for Slackware 14.2 and -current
to fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/mozilla-thunderbird-60.7.1-i686-1_slack14.2.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:...

X41 D-Sec GmbH Security Advisory X41-2019-003: Stack-based buffer overflow in Thunderbird

Fri, 06/14/2019 - 02:12

Posted by X41 D-Sec GmbH Advisories on Jun 13

X41 D-Sec GmbH Security Advisory: X41-2019-003

Stack-based buffer overflow in Thunderbird
==========================================
Severity Rating: High
Confirmed Affected Versions: All versions affected
Confirmed Patched Versions: Thunderbird ESR 60.7.XXX
Vendor: Thunderbird
Vendor URL: https://www.thunderbird.net/
Vendor Reference: https://bugzilla.mozilla.org/show_bug.cgi?id=1553808
Vector: Incoming mail with calendar attachment
Credit: X41...

X41 D-Sec GmbH Security Advisory X41-2019-002: Heap-based buffer overflow in Thunderbird

Fri, 06/14/2019 - 02:09

Posted by X41 D-Sec GmbH Advisories on Jun 13

X41 D-Sec GmbH Security Advisory: X41-2019-002

Heap-based buffer overflow in Thunderbird
=========================================
Severity Rating: High
Confirmed Affected Versions: All versions affected
Confirmed Patched Versions: Thunderbird ESR 60.7.XXX
Vendor: Thunderbird
Vendor URL: https://www.thunderbird.net/
Vendor Reference: https://bugzilla.mozilla.org/show_bug.cgi?id=1553820
Vector: Incoming mail with calendar attachment
Credit: X41...

Pages