Day: 21 agosto, 2018

Drupal 8.3.7 is a maintenance release which contain fixes for security vulnerabilities.Download Drupal 8.3.7Updating your existing Drupal 8 sites is strongly recommended (see instructions for Drupal 8). This release fixes security issues only; there are no new features nor non-security-related bug fixes in this release. See the 8.3.7 release notes for details on important changes and known issues affecting this release. Read on for details of the security vulnerabilities that were fixed in this More info: https://www.drupal.org/forum/newsletters/security-advisories-for-drupal-core/2017-08-16/drupal-core-multiple

Red Hat Enterprise Linux: An update for rh-postgresql95-postgresql is now available for Red Hat SoftwareCollections.Red Hat Product Security has rated this update as having a security impact ofImportant. A Common Vulnerability Scoring System (CVSS) base score, which givesa detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. CVE-2017-15098, CVE-2017-15099, CVE-2018-1053, CVE-2018-1058, CVE-2018-10915, CVE-2018-10925 More info: http://rhn.redhat.com/errata/RHSA-2018-2511.html

Linux kernel vulnerability (FragmentSmack) CVE-2018-5391. Security Advisory. Security Advisory Description. ** RESERVED ... More info: https://support.f5.com/csp/article/K74374841

Red Hat Enterprise Linux: An update for mutt is now available for Red Hat Enterprise Linux 6 and Red HatEnterprise Linux 7.Red Hat Product Security has rated this update as having a security impact ofImportant. A Common Vulnerability Scoring System (CVSS) base score, which givesa detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. CVE-2018-14354, CVE-2018-14357, CVE-2018-14362 More info: http://rhn.redhat.com/errata/RHSA-2018-2526.html

BIG-IP BIND vulnerability CVE-2018-5740. Security Advisory. Security Advisory Description. A flaw in the "deny-answer-aliases ... More info: https://support.f5.com/csp/article/K98528405

Multiple researchers have discovered a vulnerability in the way theIntel processor designs have implemented speculative execution ofinstructions in combination with handling of page-faults. This flawcould allow an attacker controlling an unprivileged process to readmemory from arbitrary (non-user controlled) addresses, including fromthe kernel and all other processes running on the system or crossguest/host boundaries to read host memory. More info: https://www.debian.org/security/2018/dsa-4279

Multiple vulnerabilities were discovered in Jetty, a Java servlet engineand webserver which could result in HTTP request smuggling. More info: https://www.debian.org/security/2018/dsa-4278