TiEmu versions 2.08 and below suffer from a stack-based buffer overflow vulnerability.
d7f63f6b109c64688cd679a3e23d920c4c59ac4ddeda65c96a0c42ccd281e329Red Hat Security Advisory 2017-1382-01 - The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Security Fix: A flaw was found in the way sudo parsed tty information from the process status file in the proc filesystem. A local user with privileges to execute commands via sudo could use this flaw to escalate their privileges to root.
4bfed0c75e7c025ce32520f5663dbc0de3d0ef88afa1aaa16196eab5dab9b4aaRed Hat Security Advisory 2017-1381-01 - The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Security Fix: A flaw was found in the way sudo parsed tty information from the process status file in the proc filesystem. A local user with privileges to execute commands via sudo could use this flaw to escalate their privileges to root.
72f511ffde80862ec8f67125ada6591bad83b2aaac109f5da2a4c4ccf814eed9Ubuntu Security Notice 3304-1 - It was discovered that Sudo did not properly parse the contents of /proc/[pid]/stat when attempting to determine its controlling tty. A local attacker in some configurations could possibly use this to overwrite any file on the filesystem, bypassing intended permissions.
bde0e222f88f678398a9f46fc30b62d5feca8f52856f50ad72c463b9643345fbDebian Linux Security Advisory 3867-1 - The Qualys Security team discovered that sudo, a program designed to provide limited super user privileges to specific users, does not properly parse "/proc/[pid]/stat" to read the device number of the tty from field 7 (tty_nr). A sudoers user can take advantage of this flaw on an SELinux-enabled system to obtain full root privileges.
923fef1347ec646736c7f71cf0bec169c3fbd5045ba1dcad1c306f7f9bab4e59Gentoo Linux Security Advisory 201705-15 - A vulnerability in sudo allows local users to gain root privileges. Versions less than 1.8.20_p1 are affected.
50553170e4ac24d9b95a7682d1a6accf3564f42794383c1bb9d50b93ff735bfeUbuntu Security Notice 3212-2 - USN-3212-1 fixed vulnerabilities in LibTIFF. Unfortunately, some of the security patches were misapplied, which caused a regression when processing certain images. This update fixes the problem. It was discovered that LibTIFF incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges. Various other issues were also addressed.
ce55b77df5a9ebdd947e8b8315854972bb32225267968fde15170ea18997b6faUbuntu Security Notice 3302-1 - It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the program.
f065aa2d93ab8f719748b85c35a2d0b93dd11a8a965c4b540ae4b52e5c7568e2Ubuntu Security Notice 3303-1 - A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.
2ad1438bf3be9f522e788a30b869a2a2ead1606496105fe04e5bd735a609ecabUbuntu Security Notice 3301-1 - It was discovered that the strongSwan gmp plugin incorrectly validated RSA public keys. A remote attacker could use this issue to cause strongSwan to crash, resulting in a denial of service. It was discovered that strongSwan incorrectly parsed ASN.1 CHOICE types. A remote attacker could use this issue to cause strongSwan to hang, resulting in a denial of service.
e908fe38ec2c00f57c43d5e90f17c1e0d4f22da2366f1f1fb98fbd6a4d93b915Debian Linux Security Advisory 3866-1 - Two denial of service vulnerabilities were identified in strongSwan, an IKE/IPsec suite, using Google's OSS-Fuzz fuzzing project.
9660ac76f6d140f0800e4c3f26cbe2a343f66c6f59b7291d794f1f9a15a19ac1Red Hat Security Advisory 2017-1364-01 - Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Security Fix: A null pointer dereference flaw was found in the way NSS handled empty SSLv2 messages. An attacker could use this flaw to crash a server application compiled against the NSS library.
0bd9c0cb15c7d46b2c6a83f4bb82b1446e11e276f590b32967c7dddc33e3093fRed Hat Security Advisory 2017-1365-03 - Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Security Fix: A null pointer dereference flaw was found in the way NSS handled empty SSLv2 messages. An attacker could use this flaw to crash a server application compiled against the NSS library.
94ede444f9d41f60514e1540d3ddedfff1ad01f42727f9ba0efa58ae36d94cbbDebian Linux Security Advisory 3865-1 - It was discovered that pattern-based ACLs in the Mosquitto MQTT broker could be bypassed.
b0ee54493db9d752898ab19cd019cec6efa0ed4e5efaa517975ebc1b9b259a3fRed Hat Security Advisory 2017-1363-01 - In accordance with the Red Hat Directory Server Life Cycle policy, Red Hat Directory Server 9 will be retired as of June 10, 2017 and support will no longer be provided. Accordingly, Red Hat will not provide extended support for this product, including critical impact security patches or urgent priority bug fixes, after this date.
3ef53be8cde307c3ad719b1423ff8edc655d951510cab7236399349e7f801386
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Subscribe to an RSS Feed