SECURITY

No Image

RHSA-2018:3803-1: Important: chromium-browser security update

2018-12-10 KENNETH 0

RHSA-2018:3803-1: Important: chromium-browser security update Red Hat Enterprise Linux: An update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. CVE-2018-17480, CVE-2018-17481, CVE-2018-18335, CVE-2018-18336, CVE-2018-18337, CVE-2018-18338, CVE-2018-18339, CVE-2018-18340, CVE-2018-18341, CVE-2018-18342, CVE-2018-18343, CVE-2018-18344, CVE-2018-18345, CVE-2018-18346, CVE-2018-18347, CVE-2018-18348, CVE-2018-18349, CVE-2018-18350, CVE-2018-18351, CVE-2018-18352, CVE-2018-18353, CVE-2018-18354, CVE-2018-18355, CVE-2018-18356, CVE-2018-18357, CVE-2018-18358, CVE-2018-18359 Source: RHSA-2018:3803-1: Important: chromium-browser security update

No Image

RHSA-2018:3800-1: Important: rh-git218-git security update

2018-12-10 KENNETH 0

RHSA-2018:3800-1: Important: rh-git218-git security update Red Hat Enterprise Linux: An update for rh-git218-git is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. CVE-2018-19486 Source: RHSA-2018:3800-1: Important: rh-git218-git security update

No Image

RHBA-2018:3796-1: docker bug fix update

2018-12-07 KENNETH 0

RHBA-2018:3796-1: docker bug fix update Red Hat Enterprise Linux: Updated docker package that fixes one bug is now available for Red Hat Enterprise Linux 7 Extras. Source: RHBA-2018:3796-1: docker bug fix update

No Image

USN-3831-2: Ghostscript regression

2018-12-07 KENNETH 0

USN-3831-2: Ghostscript regression ghostscript regression A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary USN-3831-1 introduced a regression in Ghostscript. Software Description ghostscript – PostScript and PDF interpreter Details USN-3831-1 fixed vulnerabilities in Ghostscript. Ghostscript 9.26 introduced a regression when used with certain options. This update fixes the problem. Original advisory details: It was discovered that Ghostscript contained multiple security issues. If a user or automated system were tricked into processing a specially crafted file, a remote attacker could possibly use these issues to access arbitrary files, execute arbitrary code, or cause a denial of service. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 18.10 ghostscript – 9.26~dfsg+0-0ubuntu0.18.10.3 libgs9 – 9.26~dfsg+0-0ubuntu0.18.10.3 Ubuntu 18.04 LTS ghostscript – 9.26~dfsg+0-0ubuntu0.18.04.3 [ more… ]

No Image

USN-3840-1: OpenSSL vulnerabilities

2018-12-07 KENNETH 0

USN-3840-1: OpenSSL vulnerabilities openssl, openssl1.0 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Several security issues were fixed in OpenSSL. Software Description openssl – Secure Socket Layer (SSL) cryptographic library and tools openssl1.0 – Secure Socket Layer (SSL) cryptographic library and tools Details Samuel Weiser discovered that OpenSSL incorrectly handled DSA signing. An attacker could possibly use this issue to perform a timing side-channel attack and recover private DSA keys. (CVE-2018-0734) Samuel Weiser discovered that OpenSSL incorrectly handled ECDSA signing. An attacker could possibly use this issue to perform a timing side-channel attack and recover private ECDSA keys. This issue only affected Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-0735) Billy Bob Brumley, Cesar Pereida Garcia, Sohaib ul Hassan, Nicola Tuveri, and Alejandro Cabrera Aldaya [ more… ]