Gentoo Linux Security Advisory 202401-28 - Multiple vulnerabilities have been discovered in GOCR, the worst of which could lead to arbitrary code execution. Versions below or equal to 0.52-r1 are affected.
6fc7dddef1557df666bc93f37aa520ad50514ef1ce878fb8642ee85c979fe0edOX App Suite and OX Documents suffer from cross site scripting, code injection, path traversal, and input validation vulnerabilities. Most of these issues affect 7.10.5 and below with one affecting 7.10.4 and below.
8ee4a4656fa2949ce351598464b1ce8aca906f19ee6d4f991c80fc45a41c8c4bUbuntu Security Notice 4909-1 - Loris Reiff discovered that the BPF implementation in the Linux kernel did not properly validate attributes in the getsockopt BPF hook. A local attacker could possibly use this to cause a denial of service. Olivier Benjamin, Norbert Manthey, Martin Mazein, and Jan H. Schoenherr discovered that the Xen paravirtualization backend in the Linux kernel did not properly propagate errors to frontend drivers in some situations. An attacker in a guest VM could possibly use this to cause a denial of service. Various other issues were also addressed.
30e20c1b500ac0d72714420edfc6e37a2004db1fe98dcc4cd43e0d45b976cd86Ubuntu Security Notice 4910-1 - Ryota Shiga discovered that the sockopt BPF hooks in the Linux kernel could allow a user space program to probe for valid kernel addresses. A local attacker could use this to ease exploitation of another kernel vulnerability. It was discovered that the BPF verifier in the Linux kernel did not properly handle signed add32 and sub integer overflows. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
8e4b3413e5d7c506ac25a3356a8b323420a5e989c73ed5936ead133c16473039Ubuntu Security Notice 4907-1 - Wen Xu discovered that the xfs file system implementation in the Linux kernel did not properly validate the number of extents in an inode. An attacker could use this to construct a malicious xfs image that, when mounted, could cause a denial of service. It was discovered that the priority inheritance futex implementation in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
e6f271c53250cd85b58ae0a960ce36cdd2bc77de858312b8626819778dc8771aUbuntu Security Notice 4884-1 - Loris Reiff discovered that the BPF implementation in the Linux kernel did not properly validate attributes in the getsockopt BPF hook. A local attacker could possibly use this to cause a denial of service. It was discovered that the priority inheritance futex implementation in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
6489a0321e388e395c9abf2af0d1e25ed8126a432c304b1773a5b533cb22c005
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed