This Microsoft bulletin summary holds information regarding Microsoft security updates for March, 2018.
bd8143cef695664844888e79093fb17425c862aba77d1287c5c7a4b62750ec8c
Ubuntu Security Notice 3595-2 - USN-3595-1 fix a vulnerability in Samba. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that Samba incorrectly validated inputs to the RPC spoolss service. An authenticated attacker could use this issue to cause the service to crash, resulting in a denial of service. Various other issues were also addressed.
68e2d5cf546d54e59c3c1ea3e42fca8fff8876f1a591c7739fa0f99e08f701cc
Android Bluetooth BNEP bnep_data_ind() remote heap disclosure proof of concept vulnerability.
bca48d1c32a6cf579a5ece90b87234274c98bed6401f1470ca5a6cdcba4d5b50
Android Bluetooth BNEP BNEP_SETUP_CONNECTION_REQUEST_MSG out-of-bounds read proof of concept vulnerability.
99eb32567c7340a388cd09922afb5a94b3797a234d4baf2ff8977aa03764df08
MyBB Last User's Threads in Profile plugin version 1.2 suffers from a persistent cross site scripting vulnerability.
e74748654b844156e0a5f78dc1cf3868c196a695841758e3e0dc5285d752d2f0
11 bytes small Linux/x86 egghunter shellcode.
7f349789d9f07a6fc8d0a749471ad2add38bcf72e27d6603d846f706b5f7d4a9
WM Recorder version 16.8.1 suffers from a denial of service vulnerability.
cbd3e22e186e4ce1db80286f150facddd6c551b0838217182dd78ad3126cbf1c
MIMEDefang is a flexible MIME email scanner designed to protect Windows clients from viruses. Includes the ability to do many other kinds of mail processing, such as replacing parts of messages with URLs. It can alter or delete various parts of a MIME message according to a very flexible configuration file. It can also bounce messages with unacceptable attachments. MIMEDefang works with the Sendmail 8.11 and newer "Milter" API, which makes it more flexible and efficient than procmail-based approaches.
6d1531c70a901fcddf9cb989d488beaf78ac0cc16d11beb981b99200146c4848
Debian Linux Security Advisory 4149-1 - Charles Duffy discovered that the Commandline class in the utilities for the Plexus framework performs insufficient quoting of double-encoded strings, which could result in the execution of arbitrary shell commands.
1c7389b0224ab4e18e59ca810fffad595ec7e444382dcfd5c7ca050d6ff9fe23
Debian Linux Security Advisory 4148-1 - Alfred Farrugia and Sandro Gauci discovered an off-by-one heap overflow in the Kamailio SIP server which could result in denial of service and potentially the execution of arbitrary code.
e87cddf537333c67b35c77df0b4654923385c58cacf82f01c14db41e505b9e61
Ubuntu Security Notice 3605-1 - It was discovered that Sharutils incorrectly handled certain files. An attacker could possibly use this to execute arbitrary code.
46da1fd9325cd2d43ed8dceeb1c58db4e6634c06ca6432748e4845c0ecab9a7c
Easy CD DVD Copy version 1.3.24 suffers from a local buffer overflow vulnerability.
af4cd9dc175f4d6e44a034f2c38317b533f3f93eb325533d511ebc5936edc685
Bomgar Remote Support Portal (RSP) suffers from a path traversal vulnerability.
198c0a663e903151778dba0bb70bdc8962d81bbecba75ce4118877f409e1811d
The ModSecurity for Nginx "non-release" version suffers from a use-after-free vulnerability.
d9207b29252240c7674a132fbfa13cc88942175716e3707ba61e89b39606af89
The Kaseya Virtual System Administrator (VSA) agent "AgentMon.exe" suffers from a local privilege escalation vulnerability.
ae389b3de0f2ff85eb73501729ef4cc6e3a1d36853d5c2a3572be96e3b97a4e0
Allok Quicktime to AVI MPEG DVD Converter version 4.6.1217 suffers from a stack-based buffer overflow vulnerability.
6d738f758b76780e760be1a5fe53c647f19ffdb922705b0359e252d722d281c8
XenForo 2 suffers from a CSS loader denial of service vulnerability.
f08a899f612b499b3a9aa1796d8fbaa32aad423a4aeac9610cc59c1f5b5c6e17
Ubuntu Security Notice 3604-1 - Richard Zhu discovered that libvorbis incorrectly handled certain sound files. An attacker could use this to cause libvorbis to crash, resulting in a denial or service, or possibly execute arbitrary code.
0f9ff2cdeecb8cc4d2a898709c8507ddce8da29f88a7fa316e533695fbe0ec36
Red Hat Security Advisory 2018-0577-01 - Red Hat JBoss BPM Suite is a business rules and processes management system for the management, storage, creation, modification, and deployment of JBoss rules and BPMN2-compliant business processes. This release of Red Hat JBoss BPM Suite 6.4.9 serves as a replacement for Red Hat JBoss BPM Suite 6.4.8, and includes bug fixes and enhancements. Issues addressed include an unsafe deserialization.
3cb20342e0b9efd7127480a6a4332fc2b3ca035d5ff90a465ff02df3041ccdcf
Red Hat Security Advisory 2018-0574-01 - MariaDB is a multi-user, multi-threaded SQL database server. For all practical purposes, MariaDB is binary-compatible with MySQL. The following packages have been upgraded to a later upstream version: rh-mariadb101-mariadb. Issues addressed include a use-after-free vulnerability.
4811f7e8cd18589d5a9575a92358807bab59dcc849440d463cfcb0318d3f1686