Ubuntu Security Notice 4083-1 - It was discovered that OpenJDK did not sufficiently validate serial streams before deserializing suppressed exceptions in some situations. An attacker could use this to specially craft an object that, when deserialized, would cause a denial of service. It was discovered that in some situations OpenJDK did not properly bound the amount of memory allocated during object deserialization. An attacker could use this to specially craft an object that, when deserialized, would cause a denial of service. Various other issues were also addressed.
1a9a516552f67cc0818e16bae226fc402cc11e761ed01697738ead45cac2a35fThe Mandos system allows computers to have encrypted root file systems and at the same time be capable of remote or unattended reboots. The computers run a small client program in the initial RAM disk environment which will communicate with a server over a network. All network communication is encrypted using TLS. The clients are identified by the server using an OpenPGP key that is unique to each client. The server sends the clients an encrypted password. The encrypted password is decrypted by the clients using the same OpenPGP key, and the password is then used to unlock the root file system.
847b500d2a207f4899962fb9aac405d20d72d06b40dcfc8dc719c69a373a52d8Red Hat Security Advisory 2019-2003-01 - The IcedTea-Web project provides a Java web browser plug-in and an implementation of Java Web Start, which is based on the Netx project. It also contains a configuration tool for managing deployment settings for the plug-in and Web Start implementations. IcedTea-Web now also contains PolicyEditor - a simple tool to configure Java policies. Issues addressed include a traversal vulnerability.
d8e98478c8d2690406b779748b74d3a565d823ed352eb2f15de8fb277ea717deVeritas Resiliency Platform (VRP) suffers from cross site scripting, command execution, and directory traversal vulnerabilities. Versions prior to VRP 3.3.2 HF14 are affected.
19b3557291834e8c0ffcc8ed02b5d8ede660703088173b45e8a1ff7cfc4db3efOracle Hyperion Planning version 11.1.2.3 suffer from an XML external entity injection vulnerability.
0d39d0644d09bb4d3dfa4a22cb5642fb82abaeb26cae5531a648ce129b94e1a3D-Link 6600-AP suffers from cross site scripting, key extraction, shell escape, config file disclosure, and denial of service vulnerabilities.
f580de2e06dbdc5921970071619ee06bb483b9211619861239ad47358475cfa6Ubuntu Security Notice 4082-1 - Ace Olszowka discovered that Subversion incorrectly handled certain svnserve requests. A remote attacker could possibly use this issue to cause svnserver to crash, resulting in a denial of service. Tomas Bortoli discovered that Subversion incorrectly handled certain svnserve requests. A remote attacker could possibly use this issue to cause svnserver to crash, resulting in a denial of service. Various other issues were also addressed.
f792f8f6c36dd990215647da4b85291524bddd77054b466a5c5f6f04894ca86bUbuntu Security Notice 4081-1 - It was discovered that Pango incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code.
6662946c18846080bdcfe5c514dc4625a2ec3b2e1b340561f7c4394f3ba068a1Red Hat Security Advisory 2019-2004-01 - The IcedTea-Web project provides a Java web browser plug-in and an implementation of Java Web Start, which is based on the Netx project. It also contains a configuration tool for managing deployment settings for the plug-in and Web Start implementations. IcedTea-Web now also contains PolicyEditor - a simple tool to configure Java policies. Issues addressed include a traversal vulnerability.
49e3cfcdfd475964093f1e7bc4acd679300fcbb074c6c285aaa7d131311e155eUbuntu Security Notice 4069-2 - USN-4069-1 fixed vulnerabilities in the Linux kernel for Ubuntu 19.04. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 19.04 for Ubuntu 18.04 LTS. It was discovered that an integer overflow existed in the Linux kernel when reference counting pages, leading to potential use-after-free issues. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
7b71c12f3bd388a0828bab337fa728612d93c06a585502533286dc5568d2b0eaDebian Linux Security Advisory 4490-1 - Several vulnerabilities were discovered in Subversion, a version control system.
42ed7120dbb6d3c3bf007db295129dbf4f9b6192f4c0dd8fed115283ddf79900Ubuntu Security Notice 4080-1 - Keegan Ryan discovered that the ECC implementation in OpenJDK was not sufficiently resilient to side-channel attacks. An attacker could possibly use this to expose sensitive information. It was discovered that OpenJDK did not sufficiently validate serial streams before deserializing suppressed exceptions in some situations. An attacker could use this to specially craft an object that, when deserialized, would cause a denial of service. Various other issues were also addressed.
b2f8d3392cdd91986b9855643afae96bc0a7988a22f7cd705a4412588de93bef
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed