Red Hat Security Advisory 2018-0336-01 - Red Hat Satellite is a systems management tool for Linux-based infrastructure. It allows for provisioning, remote management, and monitoring of multiple Linux deployments with a single centralized tool. This update provides Satellite 6.3 packages for Red Hat Enterprise Linux 7 Satellite server. For the full list of new features provided by Satellite 6.3, see the Release Notes linked to in the references section. See the Satellite 6 Installation Guide for detailed instructions on how to install a new Satellite 6.3 environment, or the Satellite 6 Upgrading and Updating guide for detailed instructions on how to upgrade from prior versions of Satellite 6.
f33fdbb9f17a9910f6bb8747cd69b73e5a65222f0d44324a839bac58722b9798
Ubuntu Security Notice 3577-1 - Jann Horn discovered that CUPS permitted HTTP requests with the Host header set to "localhost.localdomain" from the loopback interface. If a user were tricked in to opening a specially crafted website in their web browser, an attacker could potentially exploit this to obtain sensitive information or control printers, via a DNS rebinding attack.
df2c2a365476e5ab3300528c58be0fd9fc0ebd53e18d182bb67578d8076a5932
Red Hat Security Advisory 2018-0334-01 - Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 64.0.3282.167. Security Fix: chromium-browser: incorrect derived class instantiation in v8.
5055cae290c2dd58f5f325a276f0e772eb32720d091ad7ef5ce1b5d737448872
Ubuntu Security Notice 3576-1 - Vivian Zhang and Christoph Anton Mitterer discovered that libvirt incorrectly disabled password authentication when the VNC password was set to an empty string. A remote attacker could possibly use this issue to bypass authentication, contrary to expectations. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. Daniel P. Berrange discovered that libvirt incorrectly handled validating SSL/TLS certificates. A remote attacker could possibly use this issue to obtain sensitive information. This issue only affected Ubuntu 17.10. Various other issues were also addressed.
90c6d4cdd362e55904c6d76f4118ef039e8e85b0aab04a6669ee178da97eb658
Windows suffers from NPFS Symlink security feature bypass and privilege escalation vulnerabilities.
241a41e7b4c34606c5b8c38997e3a9919b21068375867365bd1daf381cc4f5dc
Ubuntu Security Notice 3575-1 - It was discovered that QEMU incorrectly handled guest ram. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. David Buchanan discovered that QEMU incorrectly handled the VGA device. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. This issue was only addressed in Ubuntu 17.10. Various other issues were also addressed.
9216cd38d1a355f9c315588c2a43b7eb0867dc1c8b82f16c2edab968fb6683e4
Windows suffer from Global Reparse Point security feature bypass and privilege escalation vulnerabilities.
817479ced9c55750d45cb5a0bd0abe3a085b6eb1f5c6e5bafd694e7961cbeb11
The Windows kernel suffers from a nt!RtlpCopyLegacyContextX86 stack memory disclosure vulnerability.
199235f1e50c783934bc089610c17d71c6e7359a26462fdd0048024c134ddbae
StorSvc SvcMoveFileInheritSecurity suffers from an arbitrary file creation vulnerability that allows for privilege escalation.
da3cf612ba7cedad78f1b652e836abe760eadee6b6d179778393eb87b95624a5
This Metasploit module attempts to gain root privileges on systems running MagniComp SysInfo versions prior to 10-H64. The .mcsiwrapper suid executable allows loading a config file using the '--configfile' argument. The 'ExecPath' config directive is used to set the executable load path. This Metasploit module abuses this functionality to set the load path resulting in execution of arbitrary code as root. This Metasploit module has been tested successfully with SysInfo version 10-H63 on Fedora 20 x86_64, 10-H32 on Fedora 27 x86_64, 10-H10 on Debian 8 x86_64, and 10-GA on Solaris 10u11 x86.
809ebb68ed1aab5bb488f6d63c6c587cf594c965eb2d13367633fdff06cc093e
Radiant CMS version 1.1.4 suffers from a persistent cross site scripting vulnerability.
94d9e7767b64e9f32c9c0292fe312b8b61b280f6a8bb0532ebeb9be8be39ef01
Gentoo Linux Security Advisory 201802-6 - A vulnerability in LibreOffice might allow remote attackers to read arbitrary files. Versions less than 5.4.5.1 are affected.
e52783ecbf3d0aed53e821478a194b9d1227605de0ca88ff8d978517facdc9c9
Gentoo Linux Security Advisory 201802-5 - A vulnerability has been found in Ruby which may allow for arbitrary command execution. Versions less than 2.2.9:2.2 are affected.
cef946c6cb0cfc9ef3f929b43b4dedbca821675979bd69edd5fb661f0d0a954a
Gentoo Linux Security Advisory 201802-4 - Multiple vulnerabilities were found in MySQL, the worst of which may allow remote execution of arbitrary code. Versions less than 5.6.39 are affected.
682e0b61aa43e86f7d5c80a68000e54a4ce775a285fbe79431d38e00abfa3ec1
Gentoo Linux Security Advisory 201802-3 - Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which may allow execution of arbitrary code. Versions less than 52.6.0 are affected.
9c755436dabdfb3e7a966a0901e80d5c8a7a16dfd36c2bb6664051a1013932d3
Mozilla's executable installers are vulnerable to dll hijacking.
667fb44cb2aa120fbd61c8117b32b9ec85ae2bc46b83d6b9d112e9bfb4199dc9