Project: Drupal coreVersion: 8.4.x-dev7.x-devDate: 2018-February-21Security risk: Critical 16∕25 AC:Basic/A:User/CI:Some/II:Some/E:Exploit/TD:DefaultVulnerability: Multiple Vulnerabilities Description: Comment reply form allows access to restricted content - Critical - Drupal 8Users with permission to post comments are able to view content and comments they do not have access to, and are also able to add comments to this content.This vulnerability is mitigated by the fact that the
More info:
https://www.drupal.org/sa-core-2018-001
More info:
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10843&actp=RSS
Linux kernel vulnerability CVE-2017-17450. Security Advisory. Security Advisory Description. net/netfilter/xt_osf.c in the Linux ...
More info:
https://support.f5.com/csp/article/K94730263
Red Hat Enterprise Linux: An update for chromium-browser is now available for Red Hat Enterprise Linux 6Supplementary.Red Hat Product Security has rated this update as having a security impact ofImportant. A Common Vulnerability Scoring System (CVSS) base score, which givesa detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. CVE-2018-6056
More info:
http://rhn.redhat.com/errata/RHSA-2018-0334.html
Linux kernel vulnerability CVE-2018-1000028. Security Advisory. Security Advisory Description. Linux kernel version after ...
More info:
https://support.f5.com/csp/article/K05087544
Several security issues have been corrected in multiple demuxers anddecoders of the libav multimedia library. A full list of the changes isavailable athttps://git.libav.org/?p=libav.git;a=blob;f=Changelog;hb=refs/tags/v11.12
More info:
https://www.debian.org/security/2018/dsa-4119
Krzysztof Sieluzycki discovered that the notifier for removable devicesin the KDE Plasma workspace performed insufficient sanitisation ofFAT/VFAT volume labels, which could result in the execution of arbitraryshell commands if a removable device with a malformed disk label ismounted.
More info:
https://www.debian.org/security/2018/dsa-4116
Concerning: CVE-2017-5715, CVE-2017-5753, CVE-2017-5754 Update As Of: 2018/02/05 4:30 PM PST This is an update for this issue. An updated kernel for Amazon Linux is available within the Amazon Linux repositories. EC2 instances launched with the default Amazon Linux configuration on or after January 13th, 2018 will automatically include the updated package, which incorporates the latest stable open source Linux security improvements to address CVE-2017-5715 within the kernel and builds upon
More info:
https://aws.amazon.com/security/security-bulletins/AWS-2018-013/
Jonas Klempel reported that tomcat-native, a library giving Tomcataccess to the Apache Portable Runtime (APR) librarys network connection(socket) implementation and random-number generator, does not properlyhandle fields longer than 127 bytes when parsing the AIA-Extension fieldof a client certificate. If OCSP checks are used, this could result inclient certificates that should have been rejected to be accepted.
More info:
https://www.debian.org/security/2018/dsa-4118
This update doesnt fix a vulnerability in GCC itself, but insteadprovides support for building retpoline-enabled Linux kernel updates.
More info:
https://www.debian.org/security/2018/dsa-4117
