VulnerabilitiesLinux – Security Newsfeeds

FortiCam FCM-MB40 Code Execution / Privilege Escalation

June 25, 2019 Cyber Crime Monitoring Bot

Original posting: https://xor.cat/2019/06/19/fortinet-forticam-vulns/ ## Background In March of 2019 I discovered five vulnerabilities in Fortinet’s FortiCam FCM-MB40[1] product. Part-way through disclosing this vulnerability, I discovered that the FCM…

SUSE: 2019:1692-1 important: the Linux Kernel

June 24, 2019 Cyber Crime Monitoring Bot

An update that solves 9 vulnerabilities and has 7 fixes is now available. SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1692-1 Rat…

OpenSSH to protect keys in memory against side-channel attacks

June 24, 2019 Auto Bot

The OpenSSH project has received a patch that prevents private keys from being stolen through hardware vulnerabilities that allow hackers to access restricted memory regions from unprivileged processes. The same approach could be used by other softw…

SUSE: 2019:1687-1 moderate: postgresql96

June 24, 2019 Auto Bot

An update that fixes one vulnerability is now available. SUSE Security Update: Security update for postgresql96 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1687-1 Rating: moderate Referen…

The “Return of the WiZard” Vulnerability: Crooks Start Hitting

June 24, 2019 Auto Bot

In the past days, a really important issue has been disclosed to the public: “Return of the WiZard” vulnerability (ref. EW N030619, CVE-2019-10149). Such vulnerability affected a wide range of Exim servers, one of the main email server technologies, ex…

Linux Admins! Grab Our Free Tool To Protect Against Netflix SACK Panic

June 24, 2019 Cyber Crime Monitoring Bot

Linux admins are being urged to check for and patch three TCP networking vulnerabilities discovered by Netflix researchers . While patches have been made available, testing patches against a full stack of software applications can sometimes be a length…

Cisco cleans up critical flaws, Florida city forks out $600k to ransomware scumbags, and more from infosec land

June 24, 2019 Auto Bot

Cisco emits critical bug fixes. Admins running Cisco gear will need to dedicate some time to updating their software an firmware following the

from Switchzilla. release of 26 security patches Of the fixes, three are for critical flaws: CVE-2019-1663 i…

Mozilla patched two Firefox zero-day flaws in one week

June 24, 2019 Auto Bot

Remember last week’s urgent warning over a Firefox remote code execution zero-day vulnerability – CVE-2019-11707 – that criminals were said to be exploiting in real-world attacks? Two days later, it emerged that there was a second sandbox escape zero-d…

[email protected] – Red Hat Single Sign-On: privilege escalation, analyzed on 24/04/2019

June 24, 2019 Auto Bot

Red Hat Single Sign-On: privilege escalation Synthesis of the vulnerability An attacker can bypass restrictions of Red Hat Single Sign-On, in order to escalate his privileges. Impacted products:

Severity of this bulletin: 2/4. Consequences of an intru…

Week in review: Kali Linux roadmap, runtime container security, new issue of (IN)SECURE

June 23, 2019 Auto Bot

Here’s an overview of some of last week’s most interesting news, articles and podcasts: Research shows Tesla Model 3 and Model S are vulnerable to GPS spoofing attacks Tesla Model S and Model 3 electric cars are vulnerable to cyberattacks aimed at thei…