[Forgot Password]
Login  Register Subscribe












Paid content will be excluded from the download.

Matches : 3297 Download | Alert*

This update provides mitigations for the Spectre v4 variant in x86-based micro processors. On Intel CPUs this requires updated microcode which is currently not released publicly . For servers with AMD CPUs no microcode update is needed, please refer to https://xenbits.xen.org/xsa/advisory-263.html for further information.

This update ships updated CPU microcode for some types of Intel CPUs and provides SSBD support and fixes for "Spectre v3a".

This update ships updated CPU microcode for additional models of Intel CPUs which were not yet covered by the Intel microcode update released as DSA-4273-1

Magnus Klaaborg Stubman discovered a NULL pointer dereference bug in net-snmp, a suite of Simple Network Management Protocol applications, allowing a remote, authenticated attacker to crash the snmpd process .

Chris Coulson discovered a use-after-free flaw in the GNOME Display Manager, triggerable by an unprivileged user via a specially crafted sequence of D-Bus method calls, leading to denial of service or potentially the execution of arbitrary code.

Two vulnerabilities have been found in the PostgreSQL database system: CVE-2018-10915 Andrew Krasichkov discovered that libpq did not reset all its connection state during reconnects. CVE-2018-10925 It was discovered that some "CREATE TABLE" statements could disclose server memory. For additional information please refer to the upstream announcement at https://www.postgresql.org/about/ne ...

James Davis discovered two issues in Django, a high-level Python web development framework, that can lead to a denial-of-service attack. An attacker with control on the input of the django.utils.html.urlize function or django.utils.text.Truncator"s chars and words methods could craft a string that might stuck the execution of the application.

It was discovered that jackson-databind, a Java library used to parse JSON and other data formats, improperly validated user input prior to deserializing because of an incomplete fix for CVE-2017-7525.

It was discovered that mpv, a media player, was vulnerable to remote code execution attacks. An attacker could craft a malicious web page that, when used as an argument in mpv, could execute arbitrary code in the host of the mpv user.

A regression was detected in the previously issued fix for CVE-2018-6360. The patch released with DSA 4105-1 broke the feature of invoking mpv with raw YouTube ids. This update fixes this functionality issue. For reference, the relevant part of the original advisory text follows. It was discovered that mpv, a media player, was vulnerable to remote code execution attacks. An attacker could craft a ...

Pages:      Start    4    5    6    7    8    9    10    11    12    13    14    15    16    17    ..   329

© SecPod Technologies