OPENSUSE-SU-2019:2654-1 Security update for calamares

This update for calamares fixes the following issues: - Launch with 'pkexec calamares' in openSUSE Tumbleweed, but launch with 'xdg-su -c calamares' in openSUSE Leap 15. Update to Calamares 3.2.15: - 'displaymanager' module now treats 'sysconfig' as a regular entry in the 'displaymanagers' list,...

Crestron Multiple Products CTP Console LAUNCH Command Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary commands on vulnerable installations of Crestron Crestron's WindowCE-based products. Authentication is required to exploit this vulnerability. The specific flaw exists within the engineer built-in account that enables a hidden 'LAUNC...

Critical PDF Reader Patch Fixes '/Launch' Command Attack Vector

Adobe today shipped a critical Reader/Acrobat patch to cover a total of 17 documented vulnerabilities that expose Windows, Mac and UNIX users to malicious hacker attacks. The update, which affects Adobe Reader/Acrobat 9.3.2 and earlier versions, includes a fix for the outstanding PDF “/Launch”...

Didier Stevens on PDF Hacking and Security

Dennis Fisher talks with Didier Stevens, the security researcher who developed the innovative method for using the /launch command in PDF readers to execute code on remote machines. Stevens discusses the ramifications of the discovery, the security of PDFs in general and the user behavior that...