August 14, 2018—KB4343898 (Monthly Rollup)

August 14, 2018—KB4343898 Monthly Rollup Improvements and fixes This security update includes improvements and fixes that were a part of update KB4338831 released July 18, 2018 and addresses the following issues: Provides protections against a new speculative execution side-channel vulnerability...

August 14, 2018—KB4343909 (OS Build 17134.228)

August 14, 2018—KB4343909 OS Build 17134.228 Note This release also contains updates for Microsoft HoloLens OS Build 17134.228 released August 14, 2018. Improvements and fixes This update includes quality improvements. No new operating system features are being introduced in this update. Key...

Microsoft Excel CVE-2018-8382 Information Disclosure Vulnerability

Description Microsoft Excel is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in further attacks. Technologies Affected Microsoft Excel 2010 Service Pack 2 32-bit editions Microsoft Excel 2010 Service Pack 2 64-bit...

Security Updates for Microsoft Office Viewer Products / Office Compatibility Products (August 2018)

The Microsoft Office Viewer / Office Compatibility Products are missing security updates. It is, therefore, affected by multiple vulnerabilities : - A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker w...

Hcxdumptool - Small Tool To Capture Packets From Wlan Devices

Small tool to capture packets from wlan devices. After capturing, upload the "uncleaned" cap here https://wpa-sec.stanev.org/?submit to see if your ap or the client is vulnerable by using common wordlists. Convert the cap to hccapx and/or to WPA-PMKID-PBKDF2 hashline 16800 with hcxpcaptool hcxtoo...

Security Bulletin: Vulnerability in SSLv3 affects IBM Cloud Manager with OpenStack (CVE-2014-3566)

Summary SSLv3 contains a vulnerability that has been referred to as the Padding Oracle On Downgraded Legacy Encryption POODLE attack. SSLv3 is enabled in IBM SmartCloud Entry. Vulnerability Details CVE-ID: CVE-2014-3566 DESCRIPTION: Product could allow a remote attacker to obtain sensitive...

Security update for ovmf (moderate)

This update for ovmf provide the following fix: Security issues fixed: - CVE-2018-0739: Update openssl to 1.0.2o to limit ASN.1 constructed types recursive definition depth bsc1094290, bsc1094291. Bug fixes: - Only use SLES-UEFI-CA-Certificate-2048.crt for the SUSE flavor to provide the better...

SUSE-SU-2018:2243-1 Security update for enigmail

This update for enigmail to 2.0.7 fixes the following issues: These security issues were fixed: - CVE-2018-12020: Mitigation against GnuPG signature spoofing: Email signatures could be spoofed via an embedded '--filename' parameter in OpenPGP literal data packets. This update prevents this issue...

Security Bulletin: Vulnerability in RC4 stream cipher affects TXSeries for Multiplatforms. (CVE-2015-2808)

Summary The RC4 “Bar Mitzvah” Attack for SSL/TLS affects TXSeries for Multiplatforms. Vulnerability Details CVEID: CVE-2015-2808 DESCRIPTION: The RC4 algorithm, as used in the TLS protocol and SSL protocol, could allow a remote attacker to obtain sensitive information. An attacker could exploit...

SUSE SLES12 Security Update : ovmf (SUSE-SU-2018:2158-1)

This update for ovmf provide the following fix: Security issues fixed : - CVE-2018-0739: Update openssl to 1.0.2o to limit ASN.1 constructed types recursive definition depth bsc1094290, bsc1094291. Bug fixes : - Only use SLES-UEFI-CA-Certificate-2048.crt for the SUSE flavor to provide the better...

SUSE-SU-2018:2158-1 Security update for ovmf

This update for ovmf provide the following fix: Security issues fixed: - CVE-2018-0739: Update openssl to 1.0.2o to limit ASN.1 constructed types recursive definition depth bsc1094290, bsc1094291. Bug fixes: - Only use SLES-UEFI-CA-Certificate-2048.crt for the SUSE flavor to provide the better...

Fedora 27 : qutebrowser (2018-35325c9faf)

This update fix CVE-2018-10895 0 and a few minor bugs. 0 : Due to a CSRF vulnerability affecting the qute://settings page, it was possible for websites to modify qutebrowser settings. Via settings like editor.command, this possibly allowed websites to execute arbitrary code. ---- This version fix...

Security Updates for Microsoft Office Viewer Products / Office Compatibility Products (July 2018)

The Microsoft Office Products are missing security updates. It is, therefore, affected by multiple vulnerabilities : - A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploited the...

Moderate: Red Hat Security Advisory: Red Hat Ceph Storage 3.0 security and bug fix update

An update for ceph is now available for Red Hat Ceph Storage for Ubuntu 16.04. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

Security Update for Microsoft Office Viewers Microsoft Office Compatibility Pack (KB4011202)

A security vulnerability exists in Microsoft Office Viewers Microsoft Office Compatibility Pack that could allow arbitrary code to run when a maliciously modified file is opened. This update resolves that vulnerability...

July 10, 2018—KB4338825 (OS Build 16299.547)

July 10, 2018—KB4338825 OS Build 16299.547 Improvements and fixes This update includes quality improvements. No new operating system features are being introduced in this update. Key changes include: Addresses an issue that, in some cases, causes the wrong IME mode to be chosen on an IME-active...

Compatibility update for upgrading to Windows 10, Version 1709: July 10, 2018

Compatibility update for upgrading to Windows 10, Version 1709: July 10, 2018 Summary This update makes improvements to ease the upgrade experience to Windows 10, Version 1709. How to get this update This update is available through Windows Update. It will be downloaded and installed automaticall...

Code injection

In PyYAML before 5.1, the yaml.load API could execute arbitrary code if used with untrusted data. The load function has been deprecated in version 5.1 and the 'UnsafeLoader' has been introduced for backward compatibility with the function...

CVE-2017-18342

In PyYAML before 5.1, the yaml.load API could execute arbitrary code if used with untrusted data. The load function has been deprecated in version 5.1 and the 'UnsafeLoader' has been introduced for backward compatibility with the function...

DEBIAN-CVE-2017-18342

In PyYAML before 5.1, the yaml.load API could execute arbitrary code if used with untrusted data. The load function has been deprecated in version 5.1 and the 'UnsafeLoader' has been introduced for backward compatibility with the function...