Clam AntiVirus Toolkit 0.101.4

Clam AntiVirus is an anti-virus toolkit for Unix. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a command-line scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use in your own software.

Link: https://packetstormsecurity.com/files/154185/clamav-0.101.4.tar.gz

Red Hat Security Advisory 2019-2534-01

Red Hat Security Advisory 2019-2534-01 – Red Hat 3scale API Management delivers centralized API management features through a distributed, cloud-hosted layer. It includes built-in features to help in building a more successful API program, including access control, rate limits, payment gateway integration, and developer experience tools. This release of Red Hat 3scale API Management 2.6.0 replaces Red Hat 3scale API Management 2.5.1.

Link: https://packetstormsecurity.com/files/154169/RHSA-2019-2534-01.txt

FreeBSD Security Advisory – FreeBSD-SA-19:22.mbuf

FreeBSD Security Advisory – Due do a missing check in the code of m_pulldown(9) data returned may not be contiguous as requested by the caller. Extra checks in the IPv6 code catch the error condition and trigger a kernel panic leading to a remote DoS (denial-of-service) attack with certain Ethernet interfaces. At this point it is unknown if any other than the IPv6 code paths can trigger a similar condition.

Link: https://packetstormsecurity.com/files/154170/FreeBSD-SA-19.22.mbuf.txt

FreeBSD Security Advisory – FreeBSD-SA-19:23.midi

FreeBSD Security Advisory – The kernel driver for /dev/midistat implements a handler for read(2). This handler is not thread-safe, and a multi-threaded program can exploit races in the handler to cause it to copy out kernel memory outside the boundaries of midistat’s data buffer. The races allow a program to read kernel memory within a 4GB window centered at midistat’s data buffer. The buffer is allocated each time the device is opened, so an attacker is not limited to a static 4GB region of memory. On 32-bit platforms, an attempt to trigger the race may cause a page fault in kernel mode, leading to a panic.

Link: https://packetstormsecurity.com/files/154171/FreeBSD-SA-19.23.midi.txt

FreeBSD Security Advisory – FreeBSD-SA-19:24.mqueuefs

FreeBSD Security Advisory – System calls operating on file descriptors obtain a reference to relevant struct file which due to a programming error was not always put back, which in turn could be used to overflow the counter of affected struct file. A local user can use this flaw to obtain access to files, directories, sockets, etc., opened by processes owned by other users. If obtained struct file represents a directory from outside of user’s jail, it can be used to access files outside of the jail. If the user in question is a jailed root they can obtain root privileges on the host system.

Link: https://packetstormsecurity.com/files/154172/FreeBSD-SA-19.24.mqueuefs.txt