tigervnc and fltk security, bug fix, and enhancement update

fltk 1.3.4-1 - Re-base to 1.3.4 + sync with Fedora tigervnc 1.8.0-1 - Update to 1.8.0 Resolves: bz1388620 1.7.90-2 - Make RandR callbacks optional Resolves: bz1444948 1.7.90-1 - Update to 1.7.90 Resolves: bz1388620 1.7.1-3 - Delete underlying ssecurity in SSecurityVeNCrypt CCVE-2017-7392 Resolves...

PT-2017-19088 · Infineon · Infineon S-Gold 2

Name of the Vulnerable Software and Affected Versions: Infineon S-Gold 2 PMB 8876 chipset versions used in various vehicle models produced between 2009-2016 Description: An issue with improper restriction of operations within the bounds of a memory buffer was found. This issue may allow an attack...

SUSE SLED12 / SLES12 Security Update : systemd (SUSE-SU-2017:2031-1)

This update for systemd provides several fixes and enhancements. Security issues fixed : - CVE-2017-9217: NULL pointer dereferencing that could lead to resolved aborting. bsc1040614 - CVE-2017-9445: Possible out-of-bounds write triggered by a specially crafted TCP payload from a DNS server...

Cisco Meeting Server Denial of Service Vulnerability (CNVD-2017-20383)

Cisco Meeting Server formerly known as Acano Conferencing Server, CMS is the United States Cisco Cisco company's set of audio and video conferencing server software. A denial of service vulnerability exists in the implementation of the H.264 protocol in CMS, which stems from the program failing t...

Continental TCU Stack Buffer Overflow Vulnerability

The TCU is a 2G modem commonly used in modern automobiles manufactured by Continental AG for transmitting data that enables communication between the car and remote management tools such as web panels and mobile applications. A stack buffer overflow vulnerability in the Continental TCU affects TC...

Cisco Meeting Server H.264 Protocol Denial of Service Vulnerability

A vulnerability in the implementation of the H.264 protocol in Cisco Meeting Server CMS could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected system. The vulnerability exists because the affected application does not properly validate...

DOJ Provides Organizations a Framework for Development of a Vulnerability Disclosure Program

The Department of Justice DOJ Criminal Division Cybersecurity Unit has developed a framework to assist organizations interested in creating a formal vulnerability disclosure program. US-CERT encourages users, administrators, and organizations to review the DOJ publication, A Framework for a...

UBUNTU-CVE-2017-11565

debian/tor.init in the Debian tor0.2.9.11-1deb9u1 package for Tor was designed to execute aa-exec from the standard system pathname if the apparmor package is installed, but implements this incorrectly with a wrong assumption that the specific pathname would remain the same forever, which allows...

DEBIAN-CVE-2017-11565

debian/tor.init in the Debian tor0.2.9.11-1deb9u1 package for Tor was designed to execute aa-exec from the standard system pathname if the apparmor package is installed, but implements this incorrectly with a wrong assumption that the specific pathname would remain the same forever, which allows...

July 18, 2017 – Morning Cyber Coffee Headlines – “Thomas Edison” Edition

Good morning! Sit with Carbon Black this morning over a cup of coffee or tea and browse a few industry headlines to get the day started. We’ve got just enough information below to get you through that first cup…enjoy! July 18, 2017 - Headlines U.S. House Panel to Consider Self-Driving Car...

Fedora 26 : tigervnc (2017-2d0066d567)

Security fix for CVE-2017-7392 CVE-2017-7393 CVE-2017-7394 CVE-2017-7395 CVE-2017-7396. Add systemd unit file for Xvnc. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and...

[SECURITY] Fedora 25 Update: jetty-test-helper-3.1-3.fc25

Unit Testing Support for Jetty common classes for some unit tests...

CVE-2017-1000082

systemd v233 and earlier fails to safely parse usernames starting with a numeric digit e.g. "0day", running the service in question with root privileges rather than the user intended...

Siemens SIMATIC Industrial PCs, SINUMERIK Panel Control Unit, and SIMOTION P320

CVSS v3 9.8 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Siemens Equipment: SIMATIC Industrial PCs, SINUMERIK Panel Control Unit PCU, SIMOTION P320 Vulnerability: Permissions, Privileges, and Access Controls AFFECTED PRODUCTS Siemens reports that the vulnerability affects...

ICSA-17-180-01A_Siemens SIMATIC Industrial PCs, SINUMERIK Panel Control Unit, and SIMOTION P320 (Update A)

CVSS v3 9.8 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Siemens Equipment: SIMATIC Industrial PCs, SINUMERIK Panel Control Unit PCU, SIMOTION P320 Vulnerability: Permissions, Privileges, and Access Controls UPDATED INFORMATION This updated advisory is a follow-up to the...

Huawei P7 and P8 Youth Edition GPU Driver Denial of Service Vulnerability

Huawei P7 and P8 Youth Edition are smartphone devices from Huawei, a Chinese company.GPU driver is one of the graphics drivers. A denial of service vulnerability exists in the GPU driver in the Huawei P7 and P8 Youth Edition. An attacker can exploit this vulnerability by tricking a user into...

Mozilla Firefox: Memory disclosure in ConvolvePixel(CVE-2017-5465)

Mozilla bug tracker link: https://bugzilla.mozilla.org/showbug.cgi?id=1347617 There is an out of bound read leading to memory disclosure in Firefox. The vulnerability was confirmed on the nightly ASan build. PoC: Preliminary analysis: The problem seems to be the negative krenel unit length. This...

テクニカル サポート詐欺との戦い

本記事は、Microsoft Digital Crimes Unit の Courtney Gregoire による投稿 "The fight against tech support scams" 2017 年 5 月 18 日 米国時間公開 を翻訳したも...

Mozilla Firefox 53 - ConvolvePixel Memory Disclosure

Mozilla Firefox 53 - ConvolvePixel Memory Disclosure /home/worker/workspace/build/src/gfx/2d/FilterNodeSoftware.cpp:2358 2 0x7f8d3fcd397d in alreadyAddRefedmozilla::gfx::Data...

North Korean Cyberwar Capabilities

Reuters has an article on North Korea's cyberwar capabilities, specifically "Unit 180." They're still not in the same league as the US, UK, Russia, China, and Israel. But they're getting better...