DSA-4145 gitlab – security update
Several vulnerabilities have been discovered in Gitlab, a softwareplatform to collaborate on code:
More info:
https://www.debian.org/security/2018/dsa-4145
RHSA-2018:0549-1: Critical: firefox security update
Red Hat Enterprise Linux: An update for firefox is now available for Red Hat Enterprise Linux 6 and RedHat Enterprise Linux 7.Red Hat Product Security has rated this update as having a security impact ofCritical. A Common Vulnerability Scoring System (CVSS) base score, which gives adetailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. CVE-2018-5146
More info:
http://rhn.redhat.com/errata/RHSA-2018-0549.html
Daves WordPress Live Search <= 4.5 – Reflected Cross-Site Scripting (XSS)
More info:
https://wpvulndb.com/vulnerabilities/9045
Site Editor <= 1.1.1 – Local File Inclusion (LFI)
More info:
https://wpvulndb.com/vulnerabilities/9044
WP Site Protect 1.0 – Cross-Site Scripting (XSS)
More info:
https://wpvulndb.com/vulnerabilities/9046
DSA-4142 uwsgi – security update
Marios Nicolaides discovered that the PHP plugin in uWSGI, a fast,self-healing application container server, does not properly handle aDOCUMENT_ROOT check during use of the --php-docroot option, allowing aremote attacker to mount a directory traversal attack and gainunauthorized read access to sensitive files located outside of the webroot directory.
More info:
https://www.debian.org/security/2018/dsa-4142
DSA-4144 openjdk-8 – security update
Several vulnerabilities have been discovered in OpenJDK, animplementation of the Oracle Java platform, resulting in denial ofservice, sandbox bypass, execution of arbitrary code, incorrectLDAP/GSS authentication, insecure use of cryptography or bypass ofdeserialisation restrictions.
More info:
https://www.debian.org/security/2018/dsa-4144
DSA-4143 firefox-esr – security update
Richard Zhu and Huzaifa Sidhpurwala discovered that an out-of-boundsmemory write when playing Vorbis media files could result in theexecution of arbitrary code.
More info:
https://www.debian.org/security/2018/dsa-4143
DSA-4139 firefox-esr – security update
Several security issues have been found in the Mozilla Firefox webbrowser: Multiple memory safety errors and other implementation errorsmay lead to the execution of arbitrary code, denial of service orinformation disclosure.
More info:
https://www.debian.org/security/2018/dsa-4139
DSA-4141 libvorbisidec – security update
Huzaifa Sidhpurwala discovered that an out-of-bounds memory write in thecodebook parsing code of the Libtremor multimedia library could resultin the execution of arbitrary code if a malformed Vorbis file is opened.
More info:
https://www.debian.org/security/2018/dsa-4141