The Mandos system allows computers to have encrypted root file systems and at the same time be capable of remote or unattended reboots. The computers run a small client program in the initial RAM disk environment which will communicate with a server over a network. All network communication is encrypted using TLS. The clients are identified by the server using an OpenPGP key that is unique to each client. The server sends the clients an encrypted password. The encrypted password is decrypted by the clients using the same OpenPGP key, and the password is then used to unlock the root file system.
708b91f4a26f055ca2063c2aaee58a6f
Chrome suffers from a heap use-after-free condition in blink::PresentationAvailabilityState::UpdateAvailability.
10b023c0de6d6dc1fd2061aec8927a97
FreeBSD Security Advisory - The e1000 network adapters permit a variety of modifications to an Ethernet packet when it is being transmitted. These include the insertion of IP and TCP checksums, insertion of an Ethernet VLAN header, and TCP segmentation offload ("TSO"). The e1000 device model uses an on-stack buffer to generate the modified packet header when simulating these modifications on transmitted packets. When TCP segmentation offload is requested for a transmitted packet, the e1000 device model used a guest-provided value to determine the size of the on-stack buffer without validation. The subsequent header generation could overflow an incorrectly sized buffer or indirect a pointer composed of stack garbage. A misbehaving bhyve guest could overwrite memory in the bhyve process on the host.
26840b488f085103047559c3820eb233
FreeBSD Security Advisory - A function extracting the length from type-length-value encoding is not properly validating the submitted length. A remote user could cause, for example, an out-of-bounds read, decoding of unrelated data, or trigger a crash of the software such as bsnmpd resulting in a denial of service.
6ef4969cfc02cf46cf589e659797306b
FreeBSD Security Advisory - The ICMPv6 input path incorrectly handles cases where an MLDv2 listener query packet is internally fragmented across multiple mbufs. A remote attacker may be able to cause an out-of-bounds read or write that may cause the kernel to attempt to access an unmapped page and subsequently panic.
3dc4e82e186f7e320d7d6c4dfbf5493c
FreeBSD Security Advisory - The decompressor used in bzip2 contains a bug which can lead to an out-of-bounds write when processing a specially crafted bzip2(1) file. bzip2recover contains a heap use-after-free bug which can be triggered when processing a specially crafted bzip2(1) file. An attacker who can cause maliciously crafted input to be processed may trigger either of these bugs. The bzip2recover bug may cause a crash, permitting a denial-of-service. The bzip2 decompressor bug could potentially be exploited to execute arbitrary code. Note that some utilities, including the tar(1) archiver and the bspatch(1) binary patching utility (used in portsnap(8) and freebsd-update(8)) decompress bzip2(1)-compressed data internally; system administrators should assume that their systems will at some point decompress bzip2(1)-compressed data even if they never explicitly invoke the bunzip2(1) utility.
76087cf6669372fbf8909cd8f5d7ed6d
Ubuntu Security Notice 4087-1 - It was discovered that Burrows-Wheeler Aligner mishandled certain crafted .alt files. An attacker could use this vulnerability to cause a denial of service or possibly execute arbitrary code.
4405d282bde1cb380a615aae03593dac
Ubuntu Security Notice 4086-1 - It was discovered that Mercurial mishandled symlinks in subrepositories. An attacker could use this vulnerability to write arbitrary files to the target's filesystem.
229dedb36ae397d0831e6fcd1828c176
Red Hat Security Advisory 2019-2053-01 - The libtiff packages contain a library of functions for manipulating Tagged Image File Format files. Issues addressed include buffer overflow, code execution, denial of service, and null pointer vulnerabilities.
4c0aa03c9fdb09907dd7d5a529e5b7dd
Red Hat Security Advisory 2019-2101-01 - The exiv2 packages provide a command line utility which can display and manipulate image metadata such as EXIF, LPTC, and JPEG comments. Issues addressed include denial of service, heap overflow, and null pointer vulnerabilities.
b48a8fb599269fd3b4f89cae92e38d67
Red Hat Security Advisory 2019-2078-01 - Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Issues addressed include an information leakage vulnerability.
fb632dfb54b94ad96afd89dbde196961
Red Hat Security Advisory 2019-2281-01 - The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed.
96c0b71eb15953cbbd4c5a58ce4a80ea
Red Hat Security Advisory 2019-2166-01 - Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-ma packages provide the user-space component for running virtual machines that use KVM on the IBM z Systems, IBM Power, and 64-bit ARM architectures. An out-of-bounds access vulnerability was addressed.
51f7702450ffae0307e4c45847725f58
Red Hat Security Advisory 2019-2130-01 - LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and extended office suite.
6efc9935bdfd1a055ba1e34b6c402b0b
Red Hat Security Advisory 2019-2308-01 - The libguestfs-winsupport package adds support for Windows guests to libguestfs, a set of tools and libraries allowing users to access and modify virtual machine disk images. Issues addressed include a buffer overflow vulnerability.
8b1f0b2bc530e9bb97d5fa7ef2412f8d
Red Hat Security Advisory 2019-2060-01 - The Dynamic Host Configuration Protocol is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. The dhcp packages provide a relay agent and ISC DHCP service required to enable and administer DHCP on a network. Issues addressed include a denial of service vulnerability.
6df6debc8ebc18232b86e9e58520cc63
Red Hat Security Advisory 2019-2169-01 - The linux-firmware packages contain all of the firmware files that are required by various devices to operate. An insufficient validation vulnerability was addressed.
94f6dc2dd86b96bbcd54254f9979aed8
Red Hat Security Advisory 2019-2110-01 - The rsyslog packages provide an enhanced, multi-threaded syslog daemon. It supports MySQL, syslog/TCP, RFC 3195, permitted sender lists, filtering on any message part, and fine-grained control over output format. Issues addressed include a buffer overflow vulnerability.
57b8b6292d978091bce5375e11953451
Red Hat Security Advisory 2019-2112-01 - mod_auth_openidc enables an Apache 2.x web server to operate as an OpenID Connect Relying Party and/or OAuth 2.0 Resource Server.
e35d8b53150fc787e9884194a094b189
Red Hat Security Advisory 2019-2057-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly.
27315d8659bfc94427a0b68e35815455
Red Hat Security Advisory 2019-2332-01 - AdvanceCOMP is a set of recompression utilities for .PNG, .MNG and .ZIP files. Issues addressed include denial of service and null pointer vulnerabilities.
5783402b7a3aae9daa342c51a880de64
Red Hat Security Advisory 2019-2022-01 - Poppler is a Portable Document Format rendering library, used by applications such as Evince or Okular. Issues addressed include buffer overflow and null pointer vulnerabilities.
c12b432c8ed9fcf1f0ae12201266f499
Red Hat Security Advisory 2019-2290-01 - The libsolv packages provide a library for resolving package dependencies using a satisfiability algorithm. Issues addressed include a null pointer vulnerability.
ebc13656be7e51a7f638aa6d413f0172
Red Hat Security Advisory 2019-2097-01 - The Archive::Tar module provides a mechanism for Perl scripts to manipulate tar archive files. Issues addressed include a traversal vulnerability.
0bdc642b7fdc1454e881cb9d1b1a1110
Red Hat Security Advisory 2019-2043-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include buffer overflow, denial of service, information leakage, null pointer, and use-after-free vulnerabilities.
396c021234e85bd85be4ed53ce333c58