Security update for amavisd-new (moderate)

openSUSE Security Update: Security update for amavisd-new Announcement ID: openSUSE-SU-2019:0297-1 Rating: moderate References: 1123389 987887 Cross-References: CVE-2016-1238 Affected Products: openSUSE Leap 15.0 An update that solves one vulnerability and has one errata is now available...

SUSE-SU-2019:0505-1 Security update for amavisd-new

This update for amavisd-new fixes the following issues: wmavisd-new was updated to version 2.11.1 bsc1123389: removed a trailing dot element from @INC, as a workaround for a perl vulnerability CVE-2016-1238 bsc987887 amavis-services: bumping up syslog level from LOGNOTICE to LOGERR for a message...

SUSE SLED15 / SLES15 Security Update : amavisd-new (SUSE-SU-2019:0505-1)

This update for amavisd-new fixes the following issues : wmavisd-new was updated to version 2.11.1 bsc1123389 : removed a trailing dot element from @INC, as a workaround for a perl vulnerability CVE-2016-1238 bsc987887 amavis-services: bumping up syslog level from LOGNOTICE to LOGERR for a messag...

EulerOS 2.0 SP2 : systemd (EulerOS-SA-2019-1060)

According to the versions of the systemd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - systemd: Out-of-bounds heap write in systemd-networkd dhcpv6 option handling CVE-2018-15688 - systemd: stack overflow when calling syslog from ...

Security Bulletin: IBM Security Guardium is aware of a GnuTLS vulnerability

Summary IBM Security Guardium is aware of the following vulnerabilities Vulnerability Details CVE-2018-10846, CVE-2018-10845, CVE-2018-10844 Affected Products and Versions Affected IBM Security Guardium | Affected Versions ---|--- IBM Security Guardium | 9 - 9.5 IBM Security Guardium | 10 - 10.5...

systemd: stack overflow when calling syslog from a command with long cmdline

An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when a program with long command line arguments calls syslog. A local attacker may use this flaw to crash systemd-journald or escalate privileges...

EulerOS 2.0 SP5 : systemd (EulerOS-SA-2019-1045)

According to the versions of the systemd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - systemd: Out-of-bounds heap write in systemd-networkd dhcpv6 option handling CVE-2018-15688 - systemd: stack overflow when calling syslog from ...

systemd: stack overflow when calling syslog from a command with long cmdline

An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when a program with long command line arguments calls syslog. A local attacker may use this flaw to crash systemd-journald or escalate privileges...

systemd: stack overflow when calling syslog from a command with long cmdline

An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when a program with long command line arguments calls syslog. A local attacker may use this flaw to crash systemd-journald or escalate privileges...

Important: Red Hat Security Advisory: systemd security update

An update for systemd is now available for Red Hat Enterprise Linux 7.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

A vulnerability in the binary storage of systemd-journald in the Debian operating system, which allows a attacker to cause a service failure or increase privileges within the system.

The vulnerability in the binary storage of systemd-journald in the Debian operating system is related to the allocation of unlimited memory when accessing syslog. This can lead to a conflict between the stack and another memory area. Exploiting this vulnerability allows an attacker to cause servi...

systemd: stack overflow when calling syslog from a command with long cmdline

An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when a program with long command line arguments calls syslog. A local attacker may use this flaw to crash systemd-journald or escalate privileges...

Important: Red Hat Security Advisory: systemd security update

An update for systemd is now available for Red Hat Enterprise Linux 7.5 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

The vulnerability of Juniper Advanced Threat Prevention’s detection and prevention software lies in the fact that the secret password is stored publicly in /var/log/syslog. This allows attackers to gain access to the protected information.

The vulnerability of Juniper Advanced Threat Prevention’s detection and prevention software lies in the fact that the secret password is stored publicly in the /var/log/syslog file. Exploiting this vulnerability could allow an attacker to gain access to protected information...

Fedora 29 : syslog-ng (2019-e818eaa0ac)

Fix for use after free in affiledwreap Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. C Tenable...

[SECURITY] Fedora 29 Update: syslog-ng-3.17.2-2.fc29

syslog-ng is an enhanced log daemon, supporting a wide range of input and output methods: syslog, unstructured text, message queues, databases SQL and NoSQL alike and more. Key features: receive and send RFC3164 and RFC5424 style syslog messages work with any kind of unstructured data receive and...

Juniper ATP Information Disclosure Vulnerability (CNVD-2019-24380)

Juniper Advanced Threat Prevention ATP is a suite of advanced threat protection platforms from Juniper Networks. The product supports malware detection, file analysis, and malicious IP address and URL blocking. An information disclosure vulnerability exists in Juniper ATP version 5.0.3 prior to...

CVE-2019-0021

On Juniper ATP, secret passphrase CLI inputs, such as "set mcm", are logged to /var/log/syslog in clear text, allowing authenticated local user to be able to view these secret information. This issue affects Juniper ATP 5.0 versions prior to 5.0.4...

Information disclosure

On Juniper ATP, secret passphrase CLI inputs, such as "set mcm", are logged to /var/log/syslog in clear text, allowing authenticated local user to be able to view these secret information. This issue affects Juniper ATP 5.0 versions prior to 5.0.4...

CVE-2019-0021

Summary: Juniper ATP exposes secret CLI inputs (e.g., set mcm) by logging them in plaintext to /var/log/syslog, enabling a local authenticated user to view sensitive information. Affected versions: Juniper ATP 5.0 prior to 5.0.4. Root cause: sensitive command inputs are written to system logs ins...