SECURITY

No Image

USN-4091-1: poppler vulnerability

2019-08-12 KENNETH 0

USN-4091-1: poppler vulnerability poppler vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Ubuntu 18.04 LTS Summary poppler could be made to crash if it received specially crafted PDF. Software Description poppler – PDF rendering library Details It was discovered that poppler incorrectly handled certain PDF files. An attacker could possibly use this issue to cause a denial of service. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.04 libpoppler85 – 0.74.0-0ubuntu1.3 poppler-utils – 0.74.0-0ubuntu1.3 Ubuntu 18.04 LTS libpoppler73 – 0.62.0-2ubuntu2.10 poppler-utils – 0.62.0-2ubuntu2.10 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2019-14494 Source: USN-4091-1: poppler vulnerability

No Image

Microsoft Announces Top Three Contributing Partners in the Microsoft Active Protections Program (MAPP)

2019-08-09 KENNETH 0

Microsoft Announces Top Three Contributing Partners in the Microsoft Active Protections Program (MAPP) Today Microsoft announced the MAPP program Top Vulnerability Contributors, Top Threat Indicator Submitters, and Top Zero-Day Reporting for the period of July 1, 2018 – June 30, 2019. The Microsoft Active Protections Program provides security and protection to customers through cooperation and collaboration with industry leading partners. While all MAPP partners have made a significant … Microsoft Announces Top Three Contributing Partners in the Microsoft Active Protections Program (MAPP) Read More » Source: Microsoft Announces Top Three Contributing Partners in the Microsoft Active Protections Program (MAPP)

No Image

USN-4090-1: PostgreSQL vulnerabilities

2019-08-09 KENNETH 0

USN-4090-1: PostgreSQL vulnerabilities postgresql-10, postgresql-11, postgresql-9.5 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Several security issues were fixed in PostgreSQL. Software Description postgresql-11 – Object-relational SQL database postgresql-10 – Object-relational SQL database postgresql-9.5 – Object-relational SQL database Details Tom Lane discovered that PostgreSQL did not properly restrict functions declared as "SECURITY DEFINER". An attacker could use this to execute arbitrary SQL with the permissions of the function owner. (CVE-2019-10208) Andreas Seltenreich discovered that PostgreSQL did not properly handle user-defined hash equality operators. An attacker could use this to expose sensitive information (arbitrary PostgreSQL server memory). This issue only affected Ubuntu 19.04. (CVE-2019-10209) Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.04 postgresql-11 – 11.5-0ubuntu0.19.04.1 Ubuntu 18.04 LTS [ more… ]

No Image

Announcing 2019 MSRC Most Valuable Security Researchers

2019-08-08 KENNETH 0

Announcing 2019 MSRC Most Valuable Security Researchers Earlier today we announced MSRC’s 2018-2019 Most Valuable Security Researchers at Black Hat. The following 75 researchers hail from all corners of the world and possess varied experience and skills, yet all of them have contributed to securing the Microsoft’s customers and the broader ecosystem. For over a decade, one of Microsoft’s partners in vulnerability … Announcing 2019 MSRC Most Valuable Security Researchers Read More » Source: Announcing 2019 MSRC Most Valuable Security Researchers

No Image

USN-4089-1: Rack vulnerability

2019-08-08 KENNETH 0

USN-4089-1: Rack vulnerability ruby-rack vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Rack could allow cross-site scripting (XSS) attacks. Software Description ruby-rack – modular Ruby webserver interface Details It was discovered that Rack incorrectly handled carefully crafted requests. A remote attacker could use this issue to execute a cross-site scripting (XSS) attack. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS ruby-rack – 1.6.4-4ubuntu0.1 Ubuntu 16.04 LTS ruby-rack – 1.6.4-3ubuntu0.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2018-16471 Source: USN-4089-1: Rack vulnerability