Several vulnerabilities were discovered in jruby, a Javaimplementation of the Ruby programming language. They would allow anattacker to use specially crafted gem files to mount cross-sitescripting attacks, cause denial of service through an infinite loop,write arbitrary files, or run malicious code.
More info:
https://www.debian.org/security/2018/dsa-4219
Marcus Brinkmann discovered that GnuPG performed insufficientsanitisation of file names displayed in status messages, which could beabused to fake the verification status of a signed email.
More info:
https://www.debian.org/security/2018/dsa-4222
https://blog.threatpress.com/check-sensitive-information-leakage/WordPress is a robust content management system that is simple to install. Anyone can have a new WordPress website up-and-running in a few minutes. The incredible ease-of-use of WordPress is one of the reasons why it is the most popular CMS in the world. Unfortunately, the simplicity of installing WordPress also means there are millions […]
More info:
https://blog.threatpress.com/check-sensitive-information-leakage/
Red Hat Enterprise Linux: An update for chromium-browser is now available for Red Hat Enterprise Linux 6Supplementary.Red Hat Product Security has rated this update as having a security impact ofImportant. A Common Vulnerability Scoring System (CVSS) base score, which givesa detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. CVE-2018-6123, CVE-2018-6124, CVE-2018-6125, CVE-2018-6126, CVE-2018-6127, CVE-2018-6129, CVE-2018-6130,
More info:
http://rhn.redhat.com/errata/RHSA-2018-1815.html
A Security Bulletin (APSB18-19) has been published regarding security updates for Adobe Flash Player. These updates address critical vulnerabilities that could lead to arbitrary code execution in the context of the current user, and Adobe recommends users update their product … Continue reading →
More info:
http://blogs.adobe.com/psirt/?p=1572
Several vulnerabilities were discovered in memcached, a high-performancememory object caching system. The Common Vulnerabilities and Exposuresproject identifies the following problems:
More info:
https://www.debian.org/security/2018/dsa-4218
RHN Satellite and Proxy: An update for java-1.7.1-ibm is now available for Red Hat Satellite 5.6 and RedHat Satellite 5.7.Red Hat Product Security has rated this update as having a security impact ofImportant. A Common Vulnerability Scoring System (CVSS) base score, which givesa detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. CVE-2018-2579, CVE-2018-2581, CVE-2018-2588, CVE-2018-2599, CVE-2018-2602, CVE-2018-2603, CVE-2018-2618,
More info:
http://rhn.redhat.com/errata/RHSA-2018-1812.html
https://blog.threatpress.com/protect-site-malware-upload/Statistics show that file upload vulnerabilities are WordPress’s third most common vulnerability type. Hackers will often use file upload vulnerabilities to spread malware, gain access to web servers, perform attacks on visitors to a website, host illegal files and much more. This guide will identify the risk factors of having unrestricted file uploads before explaining […]
More info:
https://blog.threatpress.com/protect-site-malware-upload/
The docker-latest package has been deprecated in the Red Hat Enterprise Linux 7Extras channel.
More info:
http://rhn.redhat.com/errata/RHSA-2018-1427.html
Several vulnerabilities were discovered in memcached, a high-performancememory object caching system. The Common Vulnerabilities and Exposuresproject identifies the following problems:
More info:
https://www.debian.org/security/2018/dsa-4218
