Red Hat Security Advisory 2024-4352-03 - An update for kernel-rt is now available for Red Hat Enterprise Linux 8. Issues addressed include double free, memory leak, null pointer, spoofing, and use-after-free vulnerabilities.
6753d1ede114a88a701f57d325732b54425b4efd7136a2e309ec55415143e4d5Red Hat Security Advisory 2024-4211-03 - An update for kernel is now available for Red Hat Enterprise Linux 8. Issues addressed include double free, memory leak, null pointer, spoofing, and use-after-free vulnerabilities.
1371ac36bc148dc61e35201a09acf72512a7984de48d7d6416e8beed509acffaRed Hat Security Advisory 2024-2394-03 - An update for kernel is now available for Red Hat Enterprise Linux 9. Issues addressed include code execution, double free, integer overflow, memory exhaustion, memory leak, null pointer, out of bounds access, out of bounds read, out of bounds write, privilege escalation, and use-after-free vulnerabilities.
86435dbd1e42e1cb6babcb7c70863a0ed35c27cc178b52ec0cd6a1f94cb358cdGentoo Linux Security Advisory 202209-16 - Multiple vulnerabilities have been discovered in BlueZ, the worst of which could result in arbitrary code execution. Versions less than 5.63 are affected.
665e641a5e8b1bb883f56bf358f09daf4066682c626f4aaf8eea49daf5ff2361Ubuntu Security Notice 5343-1 - Yiqi Sun and Kevin Wang discovered that the cgroups implementation in the Linux kernel did not properly restrict access to the cgroups v1 release_agent feature. A local attacker could use this to gain administrative privileges. It was discovered that the aufs file system in the Linux kernel did not properly restrict mount namespaces, when mounted with the non-default allow_userns option set. A local attacker could use this to gain administrative privileges.
f52b839ff13c30e863d5be66f515f639c4bbf6c3ac1911f54911c3a1db6abad1Red Hat Security Advisory 2021-4432-03 - The bluez packages contain the following utilities for use in Bluetooth applications: hcitool, hciattach, hciconfig, bluetoothd, l2ping, start scripts, and pcmcia configuration files.
6eca52b6194bbf394e7c5bf9b7c89b2b330a1affb01866344f9db229f21dc236Debian Linux Security Advisory 4951-1 - Several vulnerabilities were discovered in Bluez, the Linux Bluetooth protocol stack.
431d311d6156400aa4dd4fd7ef9b5e86f90421e808c0e7e5aa7f6a4c7ef192feUbuntu Security Notice 5050-1 - It was discovered that the bluetooth subsystem in the Linux kernel did not properly perform access control. An authenticated attacker could possibly use this to expose sensitive information. Michael Brown discovered that the Xen netback driver in the Linux kernel did not properly handle malformed packets from a network PV frontend, leading to a use-after-free vulnerability. An attacker in a guest VM could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
15f18b4a1645df7896d1474336043a68629898f3145352b2946dd200efd3f028Ubuntu Security Notice 5046-1 - It was discovered that the bluetooth subsystem in the Linux kernel did not properly perform access control. An authenticated attacker could possibly use this to expose sensitive information. Michael Brown discovered that the Xen netback driver in the Linux kernel did not properly handle malformed packets from a network PV frontend, leading to a use-after-free vulnerability. An attacker in a guest VM could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
911bcc859f7a0c9a9d1bae83c2f53e3ca1b9840869a5229252148bb51ba89399Ubuntu Security Notice 5018-1 - It was discovered that the virtual file system implementation in the Linux kernel contained an unsigned to signed integer conversion error. A local attacker could use this to cause a denial of service or execute arbitrary code. Piotr Krysiuk discovered that the eBPF implementation in the Linux kernel did not properly enforce limits for pointer operations. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
4c1acb01997501488d94e4f295f9a8b096b13216c5f32c0bc98642127cd2ea8aUbuntu Security Notice 5017-1 - It was discovered that the virtual file system implementation in the Linux kernel contained an unsigned to signed integer conversion error. A local attacker could use this to cause a denial of service or execute arbitrary code. It was discovered that the bluetooth subsystem in the Linux kernel did not properly perform access control. An authenticated attacker could possibly use this to expose sensitive information. Various other issues were also addressed.
2eeefb31a25b77fe7591b7712630bbf4e79e970217c6805c3eafc7c444d44c09Ubuntu Security Notice 4989-2 - USN-4989-1 fixed several vulnerabilities in BlueZ. This update provides the corresponding update for Ubuntu 16.04 ESM. It was discovered that BlueZ incorrectly checked certain permissions when pairing. A local attacker could possibly use this issue to impersonate devices. Various other issues were also addressed.
8720c245ff9d32e615ac12072fd408a3b7ff8626c06e4a6d72353f5814177f3aUbuntu Security Notice 4989-1 - It was discovered that BlueZ incorrectly checked certain permissions when pairing. A local attacker could possibly use this issue to impersonate devices. Jay LV discovered that BlueZ incorrectly handled redundant disconnect MGMT events. A local attacker could use this issue to cause BlueZ to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. Various other issues were also addressed.
9ce6d46d00d0a483d4190324ad1b23e72ff227a846328a5bacca58006f043db1MailDepot version 2033 (2.3.3022) suffers from a cross site scripting vulnerability.
f82776b6e406fc3d421c55e64c73955573843831dc5dcd361b30f289b3c99402Ubuntu Security Notice 4257-1 - It was discovered that OpenJDK incorrectly handled exceptions during deserialization in BeanContextSupport. An attacker could possibly use this issue to cause a denial of service or other unspecified impact. It was discovered that OpenJDK incorrectly validated properties of SASL messages included in Kerberos GSSAPI. An unauthenticated remote attacker with network access via Kerberos could possibly use this issue to insert, modify or obtain sensitive information. Various other issues were also addressed.
6ff75ec4f2760a95daaed763e796bf97b21dbc327f79938f280f8cf9600b8e58Red Hat Security Advisory 2020-0232-01 - The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Issues addressed include a deserialization vulnerability.
dcaf913ddc62f88e450aedd0e102887694a3fddde090c49c4b56264136114ab6Debian Linux Security Advisory 4605-1 - Several vulnerabilities have been discovered in the OpenJDK Java runtime, resulting in denial of service, incorrect implementation of Kerberos GSSAPI and TGS requests or incorrect TLS handshakes.
81ae3831a6c6b68ea22139b22950515a537562ba94ed1d25737ae9682d223bdcRed Hat Security Advisory 2020-0122-01 - The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Issues addressed include a deserialization vulnerability.
bdab1bfe4a84d3390eb90e48e33251d4b03b5a8842fcbd0f79be5056b303984fRed Hat Security Advisory 2020-0128-01 - The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Issues addressed include a deserialization vulnerability.
5617d29628ffce51248eb0b2e505408cf48cbd53d7e49c4947c1db6e437c17a5
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed