Ubuntu Security Notice 1341-1 - Peter Huewe discovered an information leak in the handling of reading security-related TPM data. A local, unprivileged user could read the results of a previous TPM command. Clement Lecigne discovered a bug in the HFS filesystem. A local attacker could exploit this to cause a kernel oops. A flaw was found in how the Linux kernel handles user-defined key types. An unprivileged local user could exploit this to crash the system. Various other issues were also addressed.
c5e15d1a1490c2a544efeba97eb79d785ded8e5de052cecaa286cd70092930cbUbuntu Security Notice 1340-1 - Clement Lecigne discovered a bug in the HFS filesystem. A local attacker could exploit this to cause a kernel oops. A bug was discovered in the XFS filesystem's handling of pathnames. A local attacker could exploit this to crash the system, leading to a denial of service, or gain root privileges. A flaw was found in how the Linux kernel handles user-defined key types. An unprivileged local user could exploit this to crash the system. Various other issues were also addressed.
53b7beba816a72a2e2ea1ad4ce906bde15a2f14e658ba30e18a94a7b9bc365dcGentoo Linux Security Advisory 201201-13 - Multiple vulnerabilities have been found in MIT Kerberos 5, the most severe of which may allow remote execution of arbitrary code. Versions less than 1.9.2-r1 are affected.
5fe5b981b497ad572aa4e53428ce29f2dcd53be74dc124715f4b3cff09100dd9Red Hat Security Advisory 2012-0052-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issue: It was found that permissions were not checked properly in the Linux kernel when handling the /proc/[pid]/mem writing functionality. A local, unprivileged user could use this flaw to escalate their privileges. Refer to Red Hat Knowledgebase article DOC-69129, linked to in the References, for further information.
7b09a709dfaabd6a54c5cc5a4bb13a43f501209835b52b7ca3f7ef9ed74c7dc1Gentoo Linux Security Advisory 201201-12 - Multiple vulnerabilities have been found in Tor, the most severe of which may allow a remote attacker to execute arbitrary code. Versions less than 0.2.2.35 are affected.
943ff2286887d1ad7d1647d5bebba8ac436407869da417fc7f1de689f9ecd0bfUbuntu Security Notice 1338-1 - Peter Eisentraut discovered that Rsyslog would not properly perform input validation when configured to use imfile. If an attacker were able to craft messages in a file that Rsyslog monitored, an attacker could cause a denial of service. The imfile module is disabled by default in Ubuntu.
6264f07026f2ba1f45c37662a5f12cb7b5059c2d86077a34f78fb276df4673e8Red Hat Security Advisory 2012-0051-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. KVM is a Linux kernel module built for the standard Red Hat Enterprise Linux kernel. A heap overflow flaw was found in the way QEMU-KVM emulated the e1000 network interface card. A privileged guest user in a virtual machine whose network interface is configured to use the e1000 emulated driver could use this flaw to crash the host or, possibly, escalate their privileges on the host. A flaw was found in the way the KVM subsystem of a Linux kernel handled PIT IRQs when there was no virtual interrupt controller set up. A malicious user in the kvm group on the host could force this situation to occur, resulting in the host crashing.
af8fd4be7e42bf124fb681cde41eac8c1e8720966aaaa8352148ac44a7f78499Red Hat Security Advisory 2012-0050-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. qemu-kvm is the user-space component for running virtual machines using KVM. A heap overflow flaw was found in the way QEMU-KVM emulated the e1000 network interface card. A privileged guest user in a virtual machine whose network interface is configured to use the e1000 emulated driver could use this flaw to crash the host or, possibly, escalate their privileges on the host.
ce73b66e824e61ff1bf3fb0a2cb446e6c9f12a33b93affe61893723c8a11f002Debian Linux Security Advisory 2392-1 - Antonio Martin discovered a denial-of-service vulnerability in OpenSSL, an implementation of TLS and related protocols. A malicious client can cause the DTLS server implementation to crash. Regular, TCP-based TLS is not affected by this issue.
afac160955e83c1b70219fa47c4c99378cf5dc92f6d40882d5dc31e23864116cGentoo Linux Security Advisory 201201-14 - Multiple vulnerabilities have been found in MIT Kerberos 5 Applications, the most severe of which may allow execution of arbitrary code. Versions less than 1.0.2-r1 are affected.
135efe09c96ca20d9d7663d923e21a56811a5e27a66d4ef706f14ced5d977da9Gentoo Linux Security Advisory 201201-11 - Insecure temporary file usage in Firewall Builder could allow attackers to overwrite arbitrary files. Versions less than 3.0.7 are affected.
2dffa049c73e42db5dfdcd207859e05ccd0ef642aefeb6df023eaeade3a27534Secunia Security Advisory - Red Hat has issued an update for qemu-kvm. This fixes a vulnerability, which can be exploited by malicious, local users in a guest virtual machine to potentially gain escalated privileges.
2854d3a7648e3fb373aee51caf22dcbe9fc9d9544510dab89f25ec53b3b69880Secunia Security Advisory - A vulnerability has been reported in KVM qemu-kvm, which can be exploited by malicious, local users in a guest virtual machine to potentially gain escalated privileges.
35e23d39e2f318077da6a93bf3ef337cf990c9b337abd2aae294e1d9540e0b9aSecunia Security Advisory - Ubuntu has issued an update for linux-lts-backport-oneiric. This fixes multiple vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service) and potentially gain escalated privileges.
3347cf1cd98861a9c0abf1219310bb2fcfd60c82e1e1afaac408b56277225ac0Secunia Security Advisory - dw IT-Security has discovered a vulnerability in Bigware Shop, which can be exploited by malicious users to conduct SQL injection attacks.
e31774e99fead2db427663163a84f90d5826b16c6b506ebf7efdada941690cdeSecunia Security Advisory - Vulnerability Lab has reported a vulnerability in Parallels H-Sphere, which can be exploited by malicious people to conduct cross-site request forgery attacks.
fa1f99859f31e7abff9b284b322343b2b379e010fc8c9358255b54041a0ad26e
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed