Debian Bug report logs -
#939394
expat: CVE-2019-15903
Package:
src:expat;
Maintainer for src:expat is Laszlo Boszormenyi (GCS) <gcs@debianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Wed, 4 Sep 2019 13:03:01 UTC
Severity: important
Tags: security, upstream
Found in version expat/227-1
Fo ...
It was discovered that Expat, an XML parsing C library, did not properly
handled internal entities closing the doctype, potentially resulting in
denial of service or information disclosure if a malformed XML file is
processed
For the oldstable distribution (stretch), this problem has been fixed
in version 220-2+deb9u3
For the stable distributio ...
Multiple security issues have been found in the Mozilla Firefox web
browser, which could potentially result in the execution of arbitrary
code, information disclosure, cross-site scripting or denial of service
Debian follows the extended support releases (ESR) of Firefox Support
for the 60x series has ended, so starting with this update we're no ...
Multiple security issues have been found in Thunderbird which could
potentially result in the execution of arbitrary code or denial of
service
Debian follows the Thunderbird upstream releases Support for the 60x
series has ended, so starting with this update we're now following the
68x releases
For the oldstable distribution (stretch), this pr ...
USN-4202-1 caused a regression in Thunderbird ...
Firefox could be made to crash or run programs as your login if it
opened a malicious website ...
Expat could be made to expose sensitive information if it received a
specially crafted XML file ...
Several security issues were fixed in Thunderbird ...
Expat could be made to expose sensitive information if it received
a specially crafted XML file ...
Several security issues were fixed in Thunderbird ...
It was discovered that the "setElementTypePrefix()" function incorrectly extracted XML namespace prefixes By tricking an application into processing a specially crafted XML file, an attacker could cause unusually high consumption of memory resources and possibly lead to a denial of service (CVE-2018-20843)
In libexpat before 228, crafted XML in ...
It was discovered that the "setElementTypePrefix()" function incorrectly extracted XML namespace prefixes By tricking an application into processing a specially crafted XML file, an attacker could cause unusually high consumption of memory resources and possibly lead to a denial of service (CVE-2018-20843)
In libexpat before 228, crafted XML in ...
Several memory safety bugs were discovered in Mozilla Firefox and Thunderbird Memory corruption and arbitrary code execution are possible with these vulnerabilities These bugs can be exploited over the network(CVE-2019-11764)
A flaw was discovered in both Firefox and Thunderbird where 4 bytes of a HMAC output could be written past the end of a b ...
Synopsis
Moderate: expat security update
Type/Severity
Security Advisory: Moderate
Topic
An update for expat is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score, which ...
Synopsis
Important: thunderbird security update
Type/Severity
Security Advisory: Important
Topic
An update for thunderbird is now available for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) bas ...
Synopsis
Important: thunderbird security update
Type/Severity
Security Advisory: Important
Topic
An update for thunderbird is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) bas ...
Synopsis
Moderate: expat security update
Type/Severity
Security Advisory: Moderate
Topic
An update for expat is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score, which ...
Synopsis
Important: thunderbird security update
Type/Severity
Security Advisory: Important
Topic
An update for thunderbird is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) bas ...
Synopsis
Low: OpenShift Container Platform 4340 security and bug fix update
Type/Severity
Security Advisory: Low
Topic
An update is now available for Red Hat OpenShift Container Platform 43Red Hat Product Security has rated this update as having a security impact of Low A Common Vulnerability Scoring S ...
Synopsis
Moderate: security update - Red Hat Ansible Tower 36 runner release (CVE-2019-18874)
Type/Severity
Security Advisory: Moderate
Topic
Red Hat Ansible Tower 36 runner release (CVE-2019-18874)
Description
Updated python-psutil version to 566 inside ansible-runner container(CVE-20 ...
Synopsis
Important: Red Hat JBoss Core Services Apache HTTP Server 2437 SP3 security update
Type/Severity
Security Advisory: Important
Topic
Red Hat JBoss Core Services Pack Apache Server 2437 Service Pack 3 zip release for RHEL 6, RHEL 7 and Microsoft Windows is availableRed Hat Product Security has r ...
Synopsis
Important: Red Hat JBoss Core Services Apache HTTP Server 2437 SP3 security update
Type/Severity
Security Advisory: Important
Topic
Updated packages that provide Red Hat JBoss Core Services Pack Apache Server 2437 and fix several bugs, and add various enhancements are now available for Red Hat ...
Synopsis
Moderate: Release of OpenShift Serverless 1110
Type/Severity
Security Advisory: Moderate
Topic
Release of OpenShift Serverless 1110
Description
Red Hat OpenShift Serverless 1110 is a generally available release of theOpenShift Serverless Operator This version of the OpenShif ...
Synopsis
Moderate: OpenShift Container Platform 46 compliance-operator security and bug fix update
Type/Severity
Security Advisory: Moderate
Topic
An update for compliance-content-container, ose-compliance-openscap-container, ose-compliance-operator-container, and ose-compliance-operator-metadata-container ...
Synopsis
Moderate: Release of OpenShift Serverless 1120
Type/Severity
Security Advisory: Moderate
Topic
Release of OpenShift Serverless 1120Red Hat Product Security has rated this update as having a security impactof Moderate A Common Vulnerability Scoring System (CVSS) base score,which gives a detaile ...
Synopsis
Moderate: Red Hat Quay v333 bug fix and security update
Type/Severity
Security Advisory: Moderate
Topic
Red Hat Quay v333 is now available with bug fixes and security updatesRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring S ...
Synopsis
Moderate: OpenShift Container Platform 46 compliance-operator security and bug fix update
Type/Severity
Security Advisory: Moderate
Topic
An update for compliance-content-container, ose-compliance-openscap-container, ose-compliance-operator-container, and ose-compliance-operator-metadata-container ...
Synopsis
Moderate: OpenShift Container Platform 4103 security update
Type/Severity
Security Advisory: Moderate
Topic
Red Hat OpenShift Container Platform release 4103 is now available withupdates to packages and images that fix several bugs and add enhancementsRed Hat Product Security has rated this update as having a security impact of ...
Synopsis
Moderate: Red Hat OpenShift Container Storage 460 security, bug fix, enhancement update
Type/Severity
Security Advisory: Moderate
Topic
Updated images are now available for Red Hat OpenShift Container Storage 460 on Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as ha ...
Synopsis
Moderate: security update - Red Hat Ansible Tower 37 runner release (CVE-2019-18874)
Type/Severity
Security Advisory: Moderate
Topic
Red Hat Ansible Tower 37 runner release (CVE-2019-18874)
Description
Updated python-psutil version to 566 inside ansible-runner container (CVE-2 ...
Impact:
Moderate
Public Date:
2019-09-04
CWE:
(CWE-122|CWE-125)
Bugzilla:
1752592:
CVE-2019-15903 expat ...
Severity
Unknown
Remote
Unknown
Type
Unknown
Description
AVG-1053
chromium
7703865120-1
780390470-1
Unknown
Fixed ...
Mozilla Foundation Security Advisory 2019-34
Security vulnerabilities fixed in - Firefox 70
Announced
October 22, 2019
Impact
critical
Products
Firefox
Fixed in
Firefox 70
...
Mozilla Foundation Security Advisory 2019-33
Security vulnerabilities fixed in - Firefox ESR 682
Announced
October 22, 2019
Impact
critical
Products
Firefox ESR
Fixed in
Firefox ESR 682
...
Mozilla Foundation Security Advisory 2019-35
Security vulnerabilities fixed in - Thunderbird 682
Announced
October 22, 2019
Impact
critical
Products
Thunderbird
Fixed in
Thunderbird 682
...
The Chrome team is delighted to announce the promotion of Chrome 78 to the stable channel for Windows, Mac and Linux This will roll out over the coming days/weeks
Chrome 780390470 contains a number of fixes and improvements -- a list of changes is available in the log Watch out for upcoming Chrome and Chromium blog po ...
Nessus versions 8140 and earlier for Windows were found to contain multiple local privilege escalation vulnerabilities which could allow an authenticated, local administrator to run specific Windows executables as the Nessus host
Additionally, two third-party components (expat, sqlite) were found to contain vulnerabilities, and updated versions ...