No Image

USN-4064-1: Thunderbird vulnerabilities

2019-07-18 KENNETH 0

USN-4064-1: Thunderbird vulnerabilities thunderbird vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Ubuntu 18.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Several security issues were fixed in Thunderbird. Software Description thunderbird – Mozilla Open Source mail and newsgroup client Details A sandbox escape was discovered in Thunderbird. If a user were tricked in to installing a malicious language pack, an attacker could exploit this to gain additional privileges. (CVE-2019-9811) Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, bypass same origin restrictions, conduct cross-site scripting (XSS) attacks, spoof origin attributes, or execute arbitrary code. (CVE-2019-11709, CVE-2019-11711, CVE-2019-11712, CVE-2019-11713, CVE-2019-11715, CVE-2019-11717) It was discovered that NSS incorrectly handled importing [ more… ]

No Image

Announcing the Microsoft Dynamics 365 Bounty program

2019-07-18 KENNETH 0

Announcing the Microsoft Dynamics 365 Bounty program One of Microsoft’s many security investments to protect customers is in the partnerships we build with the external security research community. We are excited to announce the launch of the Dynamics 365 Bounty program and welcome researchers to seek out and disclose any high impact vulnerabilities they may find in Dynamics 365. Rewards up to … Announcing the Microsoft Dynamics 365 Bounty program Read More » Source: Announcing the Microsoft Dynamics 365 Bounty program

No Image

USN-4063-1: LibreOffice vulnerabilities

2019-07-18 KENNETH 0

USN-4063-1: LibreOffice vulnerabilities libreoffice vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Several security issues were fixed in LibreOffice. Software Description libreoffice – Office productivity suite Details Nils Emmerich discovered that LibreOffice incorrectly handled LibreLogo scripts. If a user were tricked into opening a specially crafted document, a remote attacker could cause LibreOffice to execute arbitrary code. (CVE-2019-9848) Matei "Mal" Badanoiu discovered that LibreOffice incorrectly handled stealth mode. Contrary to expectations, bullet graphics could be retrieved from remote locations when running in stealth mode. (CVE-2019-9849) Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.04 libreoffice-core – 1:6.2.5-0ubuntu0.19.04.1 Ubuntu 18.04 LTS libreoffice-core – 1:6.0.7-0ubuntu0.18.04.8 Ubuntu 16.04 LTS libreoffice-core – 1:5.1.6~rc2-0ubuntu1~xenial8 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. [ more… ]

No Image

USN-4059-2: Squid vulnerabilities

2019-07-17 KENNETH 0

USN-4059-2: Squid vulnerabilities squid3 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 ESM Summary Several security issues were fixed in Squid. Software Description squid3 – Web proxy cache server Details USN-4059-1 and USN-3557-1 fixed several vulnerabilities in Squid. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: Louis Dion-Marcil discovered that Squid incorrectly handled certain Edge Side Includes (ESI) responses. A malicious remote server could possibly cause Squid to crash, resulting in a denial of service. (CVE-2018-1000024) Louis Dion-Marcil discovered that Squid incorrectly handled certain Edge Side Includes (ESI) responses. A malicious remote server could possibly cause Squid to crash, resulting in a denial of service. (CVE-2018-1000027) It was discovered that Squid incorrectly handled the cachemgr.cgi web module. A remote attacker could possibly use this issue to conduct cross-site scripting [ more… ]

No Image

A proactive approach to more secure code

2019-07-17 KENNETH 0

A proactive approach to more secure code What if we could eliminate an entire class of vulnerabilities before they ever happened? Since 2004, the Microsoft Security Response Centre (MSRC) has triaged every reported Microsoft security vulnerability. From all that triage one astonishing fact sticks out: as Matt Miller discussed in his 2019 presentation at BlueHat IL, the majority of vulnerabilities fixed and … A proactive approach to more secure code Read More » Source: A proactive approach to more secure code