Gentoo Linux Security Advisory 201904-6 - Multiple vulnerabilities have been found in GlusterFS, the worst of which could result in the execution of arbitrary code. Versions less than 4.1.8 are affected.
043fd8e80fc0cf57260f877078d16e4c53b33b4af150e6f0c8c6dc52016164d4Red Hat Security Advisory 2018-3816-01 - Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller framework for web application development. Action Pack implements the controller and the view components. Issues addressed include memory disclosure and client-side security problems.
5babb9742f0b837b18016ae6e3fd236587c37fab6420f152508b801587269e6cRed Hat Security Advisory 2018-3470-01 - The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. Issues addressed include buffer overflow, denial of service, deserialization, and format string vulnerabilities.
9e8155ff0d32478283821315ef01b373ffb94a7f3e9c04679d7c9bfd1ff773d5Gentoo Linux Security Advisory 201810-8 - Multiple vulnerabilities have been found in PostgreSQL, the worst which could lead to privilege escalation. Versions less than 10.5 are affected.
debe17bd797552196004c1bd035d68c747b8acf9c1fd29e8fcd59615fb655e2cRed Hat Security Advisory 2018-2948-01 - The kernel-alt packages provide the Linux kernel version 4.x. Issues addressed include buffer overflow, bypass, denial of service, information leakage, null pointer, and use-after-free vulnerabilities.
b5ac1428b03d1ab918a3b26b7b8a361284bcfa618164f1b2afd1b27d505a0549Red Hat Security Advisory 2018-3083-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include buffer overflow, denial of service, information leakage, null pointer, and use-after-free vulnerabilities.
51bb55b468c741de6d34c15b15988a77197b07fcb781827141ad9999e1700fdcRed Hat Security Advisory 2018-3096-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include buffer overflow, denial of service, information leakage, null pointer, and use-after-free vulnerabilities.
7f59a96ea0227aec7452145ed2d1a67c0ed1e187e5b7fdd0814bef1fa260bd64Red Hat Security Advisory 2018-2607-01 - GlusterFS is a key building block of Red Hat Gluster Storage. It is based on a stackable user-space design and can deliver exceptional performance for diverse workloads. GlusterFS aggregates various storage servers over network interconnections into one large, parallel network file system. Issues addressed include buffer overflow, denial of service, deserialization, local file inclusion, and remote file inclusion vulnerabilities.
1869d3dbb0d19201b396114a7ac010439cd91183d33b11fbfc38ece6f506392aRed Hat Security Advisory 2018-2608-01 - GlusterFS is a key building block of Red Hat Gluster Storage. It is based on a stackable user-space design and can deliver exceptional performance for diverse workloads. GlusterFS aggregates various storage servers over network interconnections into one large, parallel network file system. Issues addressed include buffer overflow, denial of service, and deserialization vulnerabilities.
dbc1eee9743f4815426c0555b3ae9015f27350b74fb56d7d1bb32c22f9a3a6aeRed Hat Security Advisory 2018-2566-01 - PostgreSQL is an advanced object-relational database management system. Issues addressed include a client-side security defense vulnerability.
649f115a5ba63c8d907307cbe47bfc473e9c62f89295c50c0d2cf506f40c295dRed Hat Security Advisory 2018-2565-01 - PostgreSQL is an advanced object-relational database management system. Issues addressed include client-side defense vulnerabilities.
465541ea0c3b67ecdb7640e1849255b472b52b1d12a055c7a628fbee5ef23dc5Red Hat Security Advisory 2018-2511-01 - PostgreSQL is an advanced object-relational database management system. Issues addressed include a memory disclosure vulnerability.
4ca4c3db9cbd55205ea2c05acb3d63b066329838d8eabd3c12d93281db527f5fUbuntu Security Notice 3744-1 - Andrew Krasichkov discovered that the PostgreSQL client library incorrectly reset its internal state between connections. A remote attacker could possibly use this issue to bypass certain client-side connection security features. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. It was discovered that PostgreSQL incorrectly checked authorization on certain statements. A remote attacker could possibly use this issue to read arbitrary server memory or alter certain data. Various other issues were also addressed.
10c7a46516045ae2ad89d98e1e273b9ca69727a9da14ccba89173432684540aeWen Xu discovered that the ext4 filesystem implementation in the Linux kernel did not properly handle corrupted meta data in some situations. An attacker could use this to specially craft an ext4 file system that caused a denial of service (system crash) when mounted. It was discovered that an information leak vulnerability existed in the floppy driver in the Linux kernel. A local attacker could use this to expose sensitive information (kernel memory). Various other issues were also addressed.
d714af351ebe0661ff777dd209b5eddccb3e9cea04d0ba77486507fcb340f6d4Ubuntu Security Notice 3678-4 - Wen Xu discovered that the ext4 filesystem implementation in the Linux kernel did not properly handle corrupted meta data in some situations. An attacker could use this to specially craft an ext4 file system that caused a denial of service when mounted. It was discovered that the 802.11 software simulator implementation in the Linux kernel contained a memory leak when handling certain error conditions. A local attacker could possibly use this to cause a denial of service. Various other issues were also addressed.
70613b1dd8bebafbf47b8ff616c76fc30f6a92857dbf198e9f0fbe3db6e8e22fUbuntu Security Notice 3678-3 - Wen Xu discovered that the ext4 filesystem implementation in the Linux kernel did not properly handle corrupted meta data in some situations. An attacker could use this to specially craft an ext4 file system that caused a denial of service when mounted. It was discovered that the 802.11 software simulator implementation in the Linux kernel contained a memory leak when handling certain error conditions. A local attacker could possibly use this to cause a denial of service. Various other issues were also addressed.
cd986165b71b4e1378a506b88fdc3586bf913dc90d9ee4980df28a9ccdd51d32Ubuntu Security Notice 3678-2 - Wen Xu discovered that the ext4 filesystem implementation in the Linux kernel did not properly handle corrupted meta data in some situations. An attacker could use this to specially craft an ext4 file system that caused a denial of service when mounted. It was discovered that the 802.11 software simulator implementation in the Linux kernel contained a memory leak when handling certain error conditions. A local attacker could possibly use this to cause a denial of service. Various other issues were also addressed.
a861ba565ba75730506975483096a29474b6446046659bf6e8bc9e3df22fa857Ubuntu Security Notice 3678-1 - Wen Xu discovered that the ext4 filesystem implementation in the Linux kernel did not properly handle corrupted meta data in some situations. An attacker could use this to specially craft an ext4 file system that caused a denial of service when mounted. It was discovered that the 802.11 software simulator implementation in the Linux kernel contained a memory leak when handling certain error conditions. A local attacker could possibly use this to cause a denial of service. Various other issues were also addressed.
e57ad84d6b9ea0b9108c4cf7c2d832048db4d2b4aed6a99107c3c23eb19672edUbuntu Security Notice 3677-2 - USN-3677-1 fixed vulnerabilities in the Linux kernel for Ubuntu 17.10. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 17.10 for Ubuntu 16.04 LTS. It was discovered that the netfilter subsystem of the Linux kernel did not properly validate ebtables offsets. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
c1953b1b76f2fb20d0c04031dff7e5d9392ec2f294f04ffe2f9f4493d60089fcUbuntu Security Notice 3677-1 - It was discovered that the netfilter subsystem of the Linux kernel did not properly validate ebtables offsets. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Wen Xu discovered that the ext4 filesystem implementation in the Linux kernel did not properly handle corrupted meta data in some situations. An attacker could use this to specially craft an ext4 file system that caused a denial of service when mounted. Various other issues were also addressed.
b9917730793499eb901655a084ddb9a923d7d0df94773d6f89265ffa68e26866Ubuntu Security Notice 3676-2 - USN-3676-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. Wen Xu discovered that the ext4 filesystem implementation in the Linux kernel did not properly handle corrupted meta data in some situations. An attacker could use this to specially craft an ext4 file system that caused a denial of service when mounted. Various other issues were also addressed.
b4830110117fbba4ebcb3aed886d7a8ee5e4bde656c36861c7100ec0c951e607Ubuntu Security Notice 3676-1 - Wen Xu discovered that the ext4 filesystem implementation in the Linux kernel did not properly handle corrupted meta data in some situations. An attacker could use this to specially craft an ext4 file system that caused a denial of service when mounted. It was discovered that the cdrom driver in the Linux kernel contained an incorrect bounds check. A local attacker could use this to expose sensitive information. Various other issues were also addressed.
9eb8e7aa9a0d4aa6ddced7f3c8e17089dc358de41a491f619dde8e9fa99a51e9Alexei Starovoitov discovered that the Berkeley Packet Filter (BPF) implementation in the Linux kernel contained a branch-pruning logic issue around unreachable code. A local attacker could use this to cause a denial of service. The ext4_iget function in fs/ext4/inode.c in the Linux kernel through 4.15.15 mishandles the case of a root directory with a zero i_links_count, which allows attackers to cause a denial of service (ext4_process_freed_data NULL pointer dereference and OOPS) via a crafted ext4 image. Various other issues were also addressed.
0e3788ff5b92bdb81c16b39e96e620f55d7e00317265a10546173540afa06d71Slackware Security Advisory - New kernel packages are available for Slackware 14.2 to fix a regression in the getsockopt() function and to fix two denial-of-service security issues.
1256fc37bd7798ca0038f9ea2c63351eac1f24df934e86d4c82697a7436ab1e3Debian Linux Security Advisory 4188-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.
c04940bd4f6e00821a6373ebaafc1e5cd084607d9b3667203e468f8e5190068a
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed