Ubuntu Security Notice 3329-1 - It was discovered that the stack guard page for processes in the Linux kernel was not sufficiently large enough to prevent overlapping with the heap. An attacker could leverage this with another vulnerability to execute arbitrary code and gain administrative privileges Roee Hay discovered that the parallel port printer driver in the Linux kernel did not properly bounds check passed arguments. A local attacker with write access to the kernel command line arguments could use this to execute arbitrary code. Various other issues were also addressed.
035f5397513469fc46fe35fc3228e636010806cb370496656d19713eb1f42714Ubuntu Security Notice 3328-1 - It was discovered that the stack guard page for processes in the Linux kernel was not sufficiently large enough to prevent overlapping with the heap. An attacker could leverage this with another vulnerability to execute arbitrary code and gain administrative privileges Roee Hay discovered that the parallel port printer driver in the Linux kernel did not properly bounds check passed arguments. A local attacker with write access to the kernel command line arguments could use this to execute arbitrary code. Various other issues were also addressed.
0b1eb015a833ea8a4dfab366e58e5ac3b87d72f7670b90113f19c11dec5ad22eUbuntu Security Notice 3327-1 - It was discovered that a use-after-free flaw existed in the filesystem encryption subsystem in the Linux kernel. A local attacker could use this to cause a denial of service. It was discovered that the stack guard page for processes in the Linux kernel was not sufficiently large enough to prevent overlapping with the heap. An attacker could leverage this with another vulnerability to execute arbitrary code and gain administrative privileges Various other issues were also addressed.
c8c82662c76f129144ea64a38a2922ced4fc5e2dd5cb6bd32a3b70e86b0a7190Ubuntu Security Notice 3326-1 - It was discovered that a use-after-free flaw existed in the filesystem encryption subsystem in the Linux kernel. A local attacker could use this to cause a denial of service. It was discovered that the stack guard page for processes in the Linux kernel was not sufficiently large enough to prevent overlapping with the heap. An attacker could leverage this with another vulnerability to execute arbitrary code and gain administrative privileges Various other issues were also addressed.
ad46e108752d84316d39abb27edf66eba2d2bdfab7dd2aa8588e99776a86620cUbuntu Security Notice 3324-1 - It was discovered that the stack guard page for processes in the Linux kernel was not sufficiently large enough to prevent overlapping with the heap. An attacker could leverage this with another vulnerability to execute arbitrary code and gain administrative privileges Roee Hay discovered that the parallel port printer driver in the Linux kernel did not properly bounds check passed arguments. A local attacker with write access to the kernel command line arguments could use this to execute arbitrary code. Various other issues were also addressed.
2c5ba59805eb07621c353113a2a21f38511aadfb5495a6ed18f4d144cfe959abRed Hat Security Advisory 2017-1546-01 - Red Hat OpenStack Platform director provides the facilities for deploying and monitoring a private or public infrastructure-as-a-service cloud based on Red Hat OpenStack Platform. Security Fix: A design flaw issue was found in the Red Hat OpenStack Platform director use of TripleO to enable libvirtd based live-migration. Libvirtd is deployed by default listening on 0.0.0.0 with no-authentication or encryption. Anyone able to make a TCP connection to any compute host IP address, including 127.0.0.1, other loopback interface addresses, or in some cases possibly addresses that have been exposed beyond the management interface, could use this to open a virsh session to the libvirtd instance and gain control of virtual machine instances or possibly take over the host.
fab4b6172b79f5f50813530a7ca29d52176b7695c884e682a8698db553cd4b8aRed Hat Security Advisory 2017-1537-01 - Red Hat OpenStack Platform director provides the facilities for deploying and monitoring a private or public infrastructure-as-a-service cloud based on Red Hat OpenStack Platform. Security Fix: A design flaw issue was found in the Red Hat OpenStack Platform director use of TripleO to enable libvirtd based live-migration. Libvirtd is deployed by default listening on 0.0.0.0 with no-authentication or encryption. Anyone able to make a TCP connection to any compute host IP address, including 127.0.0.1, other loopback interface addresses, or in some cases possibly addresses that have been exposed beyond the management interface, could use this to open a virsh session to the libvirtd instance and gain control of virtual machine instances or possibly take over the host.
b2dcd8548cb3fe0a6aa3543602d9ed497d55cc425f94e25eec8055d8cf8cde59Gentoo Linux Security Advisory 201706-20 - Multiple vulnerabilities have been found in the Chromium web browser, the worst of which allows remote attackers to execute arbitrary code. Versions less than 59.0.3071.104 are affected.
c0645a9732316e391127c00d049cd06c2ba8baca47477bef4c2255b61d478443Gentoo Linux Security Advisory 201706-19 - Multiple vulnerabilities have been found in the GNU C Library, the worst of which may allow execution of arbitrary code. Versions less than 2.23-r4 are affected.
b042a9fc410bfc48b07851567cd191a13e543080d34a0b9511fa8406a8e546b6Gentoo Linux Security Advisory 201706-18 - Multiple vulnerabilities have been found in mbed TLS, the worst of which could lead to the remote execution of arbitrary code. Versions less than 2.4.2 are affected.
139b319763ce14589220d31223be8b93b30461ac57aaf618d5d20ba6908dac87Ubuntu Security Notice 3325-1 - It was discovered that the stack guard page for processes in the Linux kernel was not sufficiently large enough to prevent overlapping with the heap. An attacker could leverage this with another vulnerability to execute arbitrary code and gain administrative privileges Roee Hay discovered that the parallel port printer driver in the Linux kernel did not properly bounds check passed arguments. A local attacker with write access to the kernel command line arguments could use this to execute arbitrary code. Various other issues were also addressed.
426ec316fe236e8d4959114127b40493159b960d73bfac790d20f2dc4485a012Red Hat Security Advisory 2017-1550-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release of Red Hat JBoss Enterprise Application Platform 6.4.16 serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.15, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix: It was found that the log file viewer in Red Hat JBoss Enterprise Application 6 and 7 allows arbitrary file read to authenticated user via path traversal.
b38fbb96686334c79c8089af92b83fa789abf61a11fe39f62cedebfd30371e13Red Hat Security Advisory 2017-1549-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release of Red Hat JBoss Enterprise Application Platform 6.4.16 serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.15, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix: It was found that the log file viewer in Red Hat JBoss Enterprise Application 6 and 7 allows arbitrary file read to authenticated user via path traversal.
b3dffaa5826ddeb437cf9ba3a3faa39e8d5ec3cc5e068c94abbc6ae858e349b2Gentoo Linux Security Advisory 201706-17 - Multiple vulnerabilities have been found in Kodi, the worst of which could allow remote attackers to execute arbitrary code. Versions less than 17.2 are affected.
8abb131ee92154274ecbc50b0b43d870cfc267ead7e67220164fde50bb1d459eRed Hat Security Advisory 2017-1548-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release of Red Hat JBoss Enterprise Application Platform 6.4.16 serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.15, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix: It was found that the log file viewer in Red Hat JBoss Enterprise Application 6 and 7 allows arbitrary file read to authenticated user via path traversal.
b43ee448088714f6cce26d0861def784b5d92b1a93e2fc8bd3b225096ea014f4Red Hat Security Advisory 2017-1552-01 - The jboss-ec2-eap packages provide scripts for Red Hat JBoss Enterprise Application Platform running on the Amazon Web Services Elastic Compute Cloud. With this update, the jboss-ec2-eap package has been updated to ensure compatibility with Red Hat JBoss Enterprise Application Platform 6.4.16. Security Fix: It was found that the log file viewer in Red Hat JBoss Enterprise Application 6 and 7 allows arbitrary file read to authenticated user via path traversal.
83999230d01a9c3bbbf6d3b2ee5723a712f6426c18d00dde9b46bcba4d48d1e0Gentoo Linux Security Advisory 201706-16 - A header injection vulnerability in GNU Wget might allow remote attackers to inject arbitrary HTTP headers. Versions less than 1.19.1-r1 are affected.
63ff0366622b0de8bac0c65a69ef7df6029f5b44dc41736d4dafce671f722a93Red Hat Security Advisory 2017-1551-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release of Red Hat JBoss Enterprise Application Platform 6.4.16 serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.15, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix: It was found that the log file viewer in Red Hat JBoss Enterprise Application 6 and 7 allows arbitrary file read to authenticated user via path traversal.
46737bfb65431c424d1b2db74165eb2d03dfe6e0fd5ab3cdb389c49ff61cd6d5Ubuntu Security Notice 3333-1 - It was discovered that a use-after-free flaw existed in the filesystem encryption subsystem in the Linux kernel. A local attacker could use this to cause a denial of service. It was discovered that the stack guard page for processes in the Linux kernel was not sufficiently large enough to prevent overlapping with the heap. An attacker could leverage this with another vulnerability to execute arbitrary code and gain administrative privileges Various other issues were also addressed.
4f09ff9dd0d89be7716f1de63c51f7fa6a9d6f67532e75235081f7aa9d16038eUbuntu Security Notice 3330-1 - It was discovered that the stack guard page for processes in the Linux kernel was not sufficiently large enough to prevent overlapping with the heap. An attacker could leverage this with another vulnerability to execute arbitrary code and gain administrative privileges Roee Hay discovered that the parallel port printer driver in the Linux kernel did not properly bounds check passed arguments. A local attacker with write access to the kernel command line arguments could use this to execute arbitrary code. Various other issues were also addressed.
561ba665a7c8f14f516368a687aefc2ebe5edf93a9e4bdf5d2c8abff837be886Ubuntu Security Notice 3331-1 - It was discovered that the stack guard page for processes in the Linux kernel was not sufficiently large enough to prevent overlapping with the heap. An attacker could leverage this with another vulnerability to execute arbitrary code and gain administrative privileges Roee Hay discovered that the parallel port printer driver in the Linux kernel did not properly bounds check passed arguments. A local attacker with write access to the kernel command line arguments could use this to execute arbitrary code. Various other issues were also addressed.
5360f2519114cf4b52118ed5761eecdee88d6b6f9f4e8f48aceb3b4dd94c7be3Ubuntu Security Notice 3332-1 - It was discovered that the stack guard page for processes in the Linux kernel was not sufficiently large enough to prevent overlapping with the heap. An attacker could leverage this with another vulnerability to execute arbitrary code and gain administrative privileges Roee Hay discovered that the parallel port printer driver in the Linux kernel did not properly bounds check passed arguments. A local attacker with write access to the kernel command line arguments could use this to execute arbitrary code. Various other issues were also addressed.
d86bb80f33e0989ed1392542782f2b74404af76ec716b844dd5b37b8a9521b5eRed Hat Security Advisory 2017-1484-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: A flaw was found in the way memory was being allocated on the stack for user space binaries. If heap and stack memory regions were adjacent to each other, an attacker could use this flaw to jump over the stack guard gap, cause controlled memory corruption on process stack or the adjacent memory region, and thus increase their privileges on the system. This is a kernel-side mitigation which increases the stack guard gap size from one page to 1 MiB to make successful exploitation of this issue more difficult.
70f2d03339adc94ba659898ee5ec2c30a159d8de22a306e7bfddacc3f37c63b2Ubuntu Security Notice 3335-1 - It was discovered that the stack guard page for processes in the Linux kernel was not sufficiently large enough to prevent overlapping with the heap. An attacker could leverage this with another vulnerability to execute arbitrary code and gain administrative privileges It was discovered that a use-after-free vulnerability in the core voltage regulator driver of the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
a18999a5900951e758b482057ceed33a0d89e8139f2125f11dd871bbd302fdfcUbuntu Security Notice 3334-1 - It was discovered that the stack guard page for processes in the Linux kernel was not sufficiently large enough to prevent overlapping with the heap. An attacker could leverage this with another vulnerability to execute arbitrary code and gain administrative privileges Roee Hay discovered that the parallel port printer driver in the Linux kernel did not properly bounds check passed arguments. A local attacker with write access to the kernel command line arguments could use this to execute arbitrary code. Various other issues were also addressed.
1b72b0433ffd0f73d5780bc3643d40413707b65705b1bea82d24d12c690f5e18
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed