Gentoo Linux Security Advisory 201904-6 - Multiple vulnerabilities have been found in GlusterFS, the worst of which could result in the execution of arbitrary code. Versions less than 4.1.8 are affected.
4f7bf045fe625a82e45fe0a5e297deeeUbuntu Security Notice 3871-5 - Wen Xu discovered that a use-after-free vulnerability existed in the ext4 filesystem implementation in the Linux kernel. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service or possibly execute arbitrary code. Wen Xu discovered that a buffer overflow existed in the ext4 filesystem implementation in the Linux kernel. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
4b4d0eac27f8b493efdf43f83d8596ccUbuntu Security Notice 3871-3 - Wen Xu discovered that a use-after-free vulnerability existed in the ext4 filesystem implementation in the Linux kernel. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service or possibly execute arbitrary code. Wen Xu discovered that a buffer overflow existed in the ext4 filesystem implementation in the Linux kernel. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
a61ce6346050754f5ddbc713c1f79084Ubuntu Security Notice 3879-1 - Wen Xu discovered that the ext4 file system implementation in the Linux kernel could possibly perform an out of bounds write when updating the journal for an inline file. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service. Vasily Averin and Pavel Tikhomirov discovered that the cleancache subsystem of the Linux kernel did not properly initialize new files in some situations. A local attacker could use this to expose sensitive information. Various other issues were also addressed.
de715ed77a7448afa809105bbb07f753Ubuntu Security Notice 3879-2 - USN-3879-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. Wen Xu discovered that the ext4 file system implementation in the Linux kernel could possibly perform an out of bounds write when updating the journal for an inline file. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service. Various other issues were also addressed.
7d67540e48e386ac0d76ffd1bd9f7fbeUbuntu Security Notice 3871-4 - USN-3871-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 18.04 LTS for Ubuntu 16.04 LTS. Wen Xu discovered that a use-after-free vulnerability existed in the ext4 filesystem implementation in the Linux kernel. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
36d11c033b19812d05a44d2b48c6688bUbuntu Security Notice 3871-2 - USN-3871-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 LTS. Unfortunately, that update introduced regressions with docking station displays and mounting ext4 file systems with the meta_bg option enabled. This update fixes the problems. Various other issues were also addressed.
d3ca658be731003b0ef82d34ce144c18Slackware Security Advisory - New kernel packages are available for Slackware 14.2 to fix security issues.
8236617ae0607e51011029f4f742813eUbuntu Security Notice 3871-1 - Wen Xu discovered that a use-after-free vulnerability existed in the ext4 filesystem implementation in the Linux kernel. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service or possibly execute arbitrary code. Wen Xu discovered that a buffer overflow existed in the ext4 filesystem implementation in the Linux kernel. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
b01424a9823358e3f9c7c3303574d6b6It was discovered that an integer overflow vulnerability existed in the CDRom driver of the Linux kernel. A local attacker could use this to expose sensitive information (kernel memory). It was discovered that a race condition existed in the raw MIDI driver for the Linux kernel, leading to a double free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. Various other issues were also addressed.
62b6f4b7e6e1fd65e163f970baba56dcIt was discovered that the generic SCSI driver in the Linux kernel did not properly enforce permissions on kernel memory access. A local attacker could use this to expose sensitive information or possibly elevate privileges. Wen Xu discovered that the ext4 filesystem implementation in the Linux kernel did not properly ensure that xattr information remained in inode bodies. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service (system crash). Various other issues were also addressed.
87ee31d5637610e40009faa55f769c6dUbuntu Security Notice 3821-2 - USN-3821-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. Wen Xu discovered that the ext4 filesystem implementation in the Linux kernel did not properly ensure that xattr information remained in inode bodies. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service. Various other issues were also addressed.
aec00b068e6349d4d19761befac301e0Ubuntu Security Notice 3821-1 - Wen Xu discovered that the ext4 filesystem implementation in the Linux kernel did not properly ensure that xattr information remained in inode bodies. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service. It was discovered that the alarmtimer implementation in the Linux kernel contained an integer overflow vulnerability. A local attacker could use this to cause a denial of service. Various other issues were also addressed.
a90659bad625eafc560423ef26975554Red Hat Security Advisory 2018-2948-01 - The kernel-alt packages provide the Linux kernel version 4.x. Issues addressed include buffer overflow, bypass, denial of service, information leakage, null pointer, and use-after-free vulnerabilities.
2a082c96c14fb8589f9da34adecaa49dRed Hat Security Advisory 2018-3083-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include buffer overflow, denial of service, information leakage, null pointer, and use-after-free vulnerabilities.
a6d84db31a182b168784c89134030a6bRed Hat Security Advisory 2018-3096-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include buffer overflow, denial of service, information leakage, null pointer, and use-after-free vulnerabilities.
394199cc489bc6f17933c36959a1a58aUbuntu Security Notice 3752-3 - It was discovered that, when attempting to handle an out-of-memory situation, a null pointer dereference could be triggered in the Linux kernel in some circumstances. A local attacker could use this to cause a denial of service. Wen Xu discovered that the XFS filesystem implementation in the Linux kernel did not properly validate meta-data information. An attacker could use this to construct a malicious xfs image that, when mounted, could cause a denial of service. Various other issues were also addressed.
20c040051bfb9ac9dcc779b4d308caefUbuntu Security Notice 3753-1 - It was discovered that the generic SCSI driver in the Linux kernel did not properly enforce permissions on kernel memory access. A local attacker could use this to expose sensitive information or possibly elevate privileges. Wen Xu discovered that a use-after-free vulnerability existed in the ext4 filesystem implementation in the Linux kernel. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
cf3741f7e3e80b17a174f1f6f5ad3137Ubuntu Security Notice 3752-2 - USN-3752-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 18.04 LTS for Ubuntu 16.04 LTS. It was discovered that, when attempting to handle an out-of-memory situation, a null pointer dereference could be triggered in the Linux kernel in some circumstances. A local attacker could use this to cause a denial of service. Various other issues were also addressed.
91c44e956ab995ed6b9251ca5ef384c1Ubuntu Security Notice 3752-1 - It was discovered that, when attempting to handle an out-of-memory situation, a null pointer dereference could be triggered in the Linux kernel in some circumstances. A local attacker could use this to cause a denial of service. Wen Xu discovered that the XFS filesystem implementation in the Linux kernel did not properly validate meta-data information. An attacker could use this to construct a malicious xfs image that, when mounted, could cause a denial of service. Various other issues were also addressed.
87777064ee88c75fe68909aa01bf4c16Ubuntu Security Notice 3753-2 - USN-3753-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. It was discovered that the generic SCSI driver in the Linux kernel did not properly enforce permissions on kernel memory access. A local attacker could use this to expose sensitive information or possibly elevate privileges. Various other issues were also addressed.
234bbf68693ec95d96dfc20c3d73c2deDebian Linux Security Advisory 4255-1 - Danny Grander reported that the unzip and untar tasks in ant, a Java based build tool like make, allow the extraction of files outside a target directory. An attacker can take advantage of this flaw by submitting a specially crafted Zip or Tar archive to an ant build to overwrite any file writable by the user running ant.
64f1c6d350ab11afe9ff34bd9841624dUbuntu Security Notice 3721-1 - Danny Grander discovered that Apache Ant incorrectly handled certain compressed files. If a user or automated system were tricked into processing a specially crafted file, a remote attacker could use this issue to overwrite arbitrary files.
f25a54a8ba88bf7f8a99db826cdbf15cRed Hat Security Advisory 2018-1523-01 - The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. Includes GlusterFS fixes for CVE-2018-1088, dhcp fixes for CVE-2018-1111, kernel fixes for CVE-2018-1087, and kernel fixes for CVE-2018-8897. Issues addressed include code execution and denial of service vulnerabilities.
7a5512991eb1a7076173fd951d1ada6fRed Hat Security Advisory 2018-1275-01 - The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. The ovirt-node-ng packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. Issues addressed include a privilege escalation vulnerability.
9361512dcfbfe820d3b6334c2a03755a
© 2020 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed