Red Hat Security Advisory 2017-1483-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: A flaw was found in the way memory was being allocated on the stack for user space binaries. If heap and stack memory regions were adjacent to each other, an attacker could use this flaw to jump over the stack guard gap, cause controlled memory corruption on process stack or the adjacent memory region, and thus increase their privileges on the system. This is a kernel-side mitigation which increases the stack guard gap size from one page to 1 MiB to make successful exploitation of this issue more difficult.
3181537ab2fef2fdbf80c825362c999b435ab883fef40d070c726d763f7856c9Red Hat Security Advisory 2017-1485-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: A flaw was found in the way memory was being allocated on the stack for user space binaries. If heap and stack memory regions were adjacent to each other, an attacker could use this flaw to jump over the stack guard gap, cause controlled memory corruption on process stack or the adjacent memory region, and thus increase their privileges on the system. This is a kernel-side mitigation which increases the stack guard gap size from one page to 1 MiB to make successful exploitation of this issue more difficult.
3aa0ffb3bdd035c164ddce00a262dcf0f30a6e68fc4fca9ef30f6cd3868904bcRed Hat Security Advisory 2017-1480-01 - The glibc packages provide the standard C libraries, POSIX thread libraries, standard math libraries, and the name service cache daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fix: A flaw was found in the way memory was being allocated on the stack for user space binaries. If heap and stack memory regions were adjacent to each other, an attacker could use this flaw to jump over the stack guard gap, cause controlled memory corruption on process stack or the adjacent memory region, and thus increase their privileges on the system. This is glibc-side mitigation which blocks processing of LD_LIBRARY_PATH for programs running in secure-execution mode and reduces the number of allocations performed by the processing of LD_AUDIT, LD_PRELOAD, and LD_HWCAP_MASK, making successful exploitation of this issue more difficult.
57a82b609015a1e89b98104aa548a0f25d740e0c01f7d6e71ec5a95e1f8c454cRed Hat Security Advisory 2017-1486-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: A flaw was found in the way memory was being allocated on the stack for user space binaries. If heap and stack memory regions were adjacent to each other, an attacker could use this flaw to jump over the stack guard gap, cause controlled memory corruption on process stack or the adjacent memory region, and thus increase their privileges on the system. This is a kernel-side mitigation which increases the stack guard gap size from one page to 1 MiB to make successful exploitation of this issue more difficult.
48ee1a553d90454788ee1ead8ac0ca2f1775694c39df83680d3d8fd7fb5b46c1Red Hat Security Advisory 2017-1479-01 - The glibc packages provide the standard C libraries, POSIX thread libraries, standard math libraries, and the name service cache daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fix: A flaw was found in the way memory was being allocated on the stack for user space binaries. If heap and stack memory regions were adjacent to each other, an attacker could use this flaw to jump over the stack guard gap, cause controlled memory corruption on process stack or the adjacent memory region, and thus increase their privileges on the system. This is glibc-side mitigation which blocks processing of LD_LIBRARY_PATH for programs running in secure-execution mode and reduces the number of allocations performed by the processing of LD_AUDIT, LD_PRELOAD, and LD_HWCAP_MASK, making successful exploitation of this issue more difficult.
c96aacd26edf808674e2b3ef89e3fac87069c9ee982b3564a9ec6996c42facf2Red Hat Security Advisory 2017-1488-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: A flaw was found in the way memory was being allocated on the stack for user space binaries. If heap and stack memory regions were adjacent to each other, an attacker could use this flaw to jump over the stack guard gap, cause controlled memory corruption on process stack or the adjacent memory region, and thus increase their privileges on the system. This is a kernel-side mitigation which increases the stack guard gap size from one page to 1 MiB to make successful exploitation of this issue more difficult.
d200f04c568d729d5448215049930f1e4c7bd5aa37c53bc7a1ba6475781d6937Red Hat Security Advisory 2017-1487-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: A flaw was found in the way memory was being allocated on the stack for user space binaries. If heap and stack memory regions were adjacent to each other, an attacker could use this flaw to jump over the stack guard gap, cause controlled memory corruption on process stack or the adjacent memory region, and thus increase their privileges on the system. This is a kernel-side mitigation which increases the stack guard gap size from one page to 1 MiB to make successful exploitation of this issue more difficult.
56083218781579a6ba345baf8bd1ee832989805f1f187e23cf765dd8a47d68bcRed Hat Security Advisory 2017-1489-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: A flaw was found in the way memory was being allocated on the stack for user space binaries. If heap and stack memory regions were adjacent to each other, an attacker could use this flaw to jump over the stack guard gap, cause controlled memory corruption on process stack or the adjacent memory region, and thus increase their privileges on the system. This is a kernel-side mitigation which increases the stack guard gap size from one page to 1 MiB to make successful exploitation of this issue more difficult.
dadf9be94ba35c32644a67fd9110e959b239335802db88ab973ffca6f396bbe7Red Hat Security Advisory 2017-1490-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: A flaw was found in the way memory was being allocated on the stack for user space binaries. If heap and stack memory regions were adjacent to each other, an attacker could use this flaw to jump over the stack guard gap, cause controlled memory corruption on process stack or the adjacent memory region, and thus increase their privileges on the system. This is a kernel-side mitigation which increases the stack guard gap size from one page to 1 MiB to make successful exploitation of this issue more difficult.
9f6df615f25e35f5772cda26047be8b6512caa2f70f50844944d1157d3fcb423Red Hat Security Advisory 2017-1491-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: A flaw was found in the way memory was being allocated on the stack for user space binaries. If heap and stack memory regions were adjacent to each other, an attacker could use this flaw to jump over the stack guard gap, cause controlled memory corruption on process stack or the adjacent memory region, and thus increase their privileges on the system. This is a kernel-side mitigation which increases the stack guard gap size from one page to 1 MiB to make successful exploitation of this issue more difficult.
ae9ee71325b8023a672068b76c628e06fb0b938339e9aa9af9bad5b2e6f0bedeDebian Linux Security Advisory 3886-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.
eaaea7c322ad777f9581281a967dd44345471bc13a1d10f9d1bb0857fbdb1b1aDebian Linux Security Advisory 3887-1 - The Qualys Research Labs discovered various problems in the dynamic linker of the GNU C Library which allow local privilege escalation by clashing the stack.
a2098bb273eeb41931f1e45c4552d521cc4e885f957c2e26355dc62033540a70HPE Security Bulletin HPESBGN03758 2 - A potential security vulnerability has been identified in HPE UCMDB. The vulnerability could be remotely exploited to allow execution of code. Revision 2 of this advisory.
ab6b5836b62571bc059b984ff4a507076fc609ead23c5296bedd4094b58a797fUbuntu Security Notice 3323-1 - It was discovered that the GNU C library did not properly handle memory when processing environment variables for setuid programs. A local attacker could use this in combination with another vulnerability to gain administrative privileges.
4cd1bdc2b2a6bc265d6224514dbece5aad33d163546a74c5ce54f6630aef9408Ubuntu Security Notice 3322-1 - It was discovered that Exim did not properly deallocate memory when processing certain command line arguments. A local attacker could use this in conjunction with another vulnerability to possibly execute arbitrary code and gain administrative privileges.
91dac33c04bf4f77abf899743cfd413b34537fcac33053883f9d554f431ee119Red Hat Security Advisory 2017-1499-01 - Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically. Security Fix: An input validation vulnerability was found in Ansible's handling of data sent from client systems. An attacker with control over a client system being managed by Ansible, and the ability to send facts back to the Ansible server, could use this flaw to execute arbitrary code on the Ansible server using the Ansible server privileges.
6788a4ff37a6a4317c1e42833b8e68cb7790fa0e5931fb993ab75065da40c364Red Hat Security Advisory 2017-1495-01 - Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 59.0.3071.104. Security Fix: Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information when visited by the victim.
6d722d6acd3d5a9fc9b6fbc67d6f4ae2fc99c615fa370a37e6f5092e3d031837EMC VNX1 and VNX2 families suffers from privilege escalation and command injection vulnerabilities.
92bea80932ec25aa71a686858ebeba06efe78caf7eb0988f5b2ab4406792daeeRed Hat Security Advisory 2017-1476-01 - Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically. Security Fix: An input validation vulnerability was found in Ansible's handling of data sent from client systems. An attacker with control over a client system being managed by Ansible, and the ability to send facts back to the Ansible server, could use this flaw to execute arbitrary code on the Ansible server using the Ansible server privileges.
8b190ca2757ef3314dbc39727215cfa7703743a900d5f31e1bf88add625f85c0HPE Security Bulletin HPESBGN03761 1 - A security vulnerability in Linux kernel, also known as "Dirty COW", has been addressed in HPE Virtualization Performance Viewer (VPV)/ Cloud Optimizer Virtual appliance. This vulnerability could be exploited remotely to allow escalation of privilege. Revision 1 of this advisory.
0dd6f8226b7bbd3f4d24c1a42590e546556300125d345a6bba2fc7e16c1477d2Debian Linux Security Advisory 3882-1 - Multiple vulnerabilities have been discovered in Request Tracker, an extensible trouble-ticket tracking system.
636aea4e919cfca3726dc4e0daf39eec211c31193b5893c7bb8a7a1829928f52Bamboo versions prior to 5.15.7 and 6.0.1 suffer from an incorrect permission check.
f665db424dfe7878fbf9a2575c1b4a5604918b34c770adf075efc1af7356cc9eUbuntu Security Notice 3319-1 - It was discovered that libmwaw incorrectly handled certain malformed document files. If a user or automated system were tricked into opening a specially crafted file, a remote attacker could cause libmwaw to crash, resulting in a denial of service, or possibly execute arbitrary code.
02410207f1a1c046286ef45d4b382f157915ada9811a82e495016ae2ec9a86d7Ubuntu Security Notice 3320-1 - Agostino Sarubbo discovered that zziplib incorrectly handled certain malformed ZIP files. If a user or automated system were tricked into opening a specially crafted ZIP file, a remote attacker could cause zziplib to crash, resulting in a denial of service, or possibly execute arbitrary code.
0facb5b0b37d2060820bd2dd400ee2ce1e945252c53024bc8d841bf4a0392911SAP Successfactors release build b1702p5e.1190658 suffers from a stored cross site scripting vulnerability.
bfe454a46eb43bfcc1ec32a0016911e6ecb628b8d74b6e404a65df2517180493
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed