Espace 7910; Espace 7950; Espace 8950 Security Vulnerabilities

RHEL 6 : kernel (RHSA-2017:0892)

An update for kernel is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from...

Unbreakable Enterprise kernel security update

kernel-uek [4.1.12-61.1.34] - uek-rpm: enable CONFIG_KSPLICE. (Jamie Iles) [Orabug: 25698171] - ksplice: add sysctls for determining Ksplice features. (Jamie Iles) [Orabug: 25698171] - signal: protect SIGNAL_UNKILLABLE from unintentional clearing. (Jamie Iles) [Orabug: 25698171] - KVM: x86:...

Unbreakable Enterprise kernel security update

kernel-uek [3.8.13-118.17.5] - block: fix use-after-free in seq file (Vegard Nossum) [Orabug: 25877530] ...

Unbreakable Enterprise kernel security update

[2.6.39-400.294.7] - udp: properly support MSG_PEEK with truncated buffers (Eric Dumazet) [Orabug: 25874741] {CVE-2016-10229} - block: fix use-after-free in seq file (Vegard Nossum) [Orabug: 25877531] ...

kernel, perf, python security update

CentOS Errata and Security Advisory CESA-2017:0892 The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): A race condition flaw was found in the N_HLDC Linux kernel driver when accessing n_hdlc.tbuf list that can lead to double free. A local,...

Oracle Linux 6 : kernel (ELSA-2017-0892)

The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2017-0892 advisory. Race condition in drivers/tty/n_hdlc.c in the Linux kernel through 4.10.1 allows local users to gain privileges or cause a denial of service...

Scientific Linux Security Update : kernel on SL6.x i386/x86_64 (20170411)

Security Fix(es) : A race condition flaw was found in the N_HLDC Linux kernel driver when accessing n_hdlc.tbuf list that can lead to double free. A local, unprivileged user able to set the HDLC line discipline on the tty device could use this flaw to increase their privileges on...

RedHat Update for kernel RHSA-2017:0892-01

The remote host is missing an update for...

(RHSA-2017:0892) Important: kernel security and bug fix update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): A race condition flaw was found in the N_HLDC Linux kernel driver when accessing n_hdlc.tbuf list that can lead to double free. A local, unprivileged user able to set the HDLC line discipline...

GLSA-201704-03 : X.Org: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-201704-03 (X.Org: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in X.Org server and libraries. Please review the CVE identifiers referenced below for details. Impact : A local or remote users...

kernel security and bug fix update

[2.6.32-696.1.1] - [block] fix use-after-free in seq file (Denys Vlasenko) [1418548 1418549] {CVE-2016-7910} - [firmware] Replacing the chelsio firmware (t4,t5)fw-1.15.37.0 (Sai Vemuri) [1433865 1425749] - [kernel] genirq: Avoid taking sparse_irq_lock for non-existent irqs (Dave Wysochanski)...

X.Org: Multiple vulnerabilities

Background X.Org X servers Description Multiple vulnerabilities have been discovered in X.Org server and libraries. Please review the CVE identifiers referenced below for details. Impact A local or remote users can utilize the vulnerabilities to attach to the X.Org session as a user and execute...

Tech support scams persist with increasingly crafty techniques

(Note: Our Tech support scams FAQ page has the latest info on this type of threat, including scammer tactics, fake error messages, and the latest scammer hotlines. You can also read our latest blog, New tech support scam launches communication or phone call app.) Millions of users continue to...

CVE-2016-8789

Huawei eSpace Integrated Access Device (IAD) with software V300R001C03, V300R001C04, V300R001C06, V300R001C20, and V300R001C07 allows an attacker to trick a user into clicking a URL containing malicious scripts to obtain user information or hijack the session, aka...

CVE-2016-8789

Huawei eSpace Integrated Access Device (IAD) with software V300R001C03, V300R001C04, V300R001C06, V300R001C20, and V300R001C07 allows an attacker to trick a user into clicking a URL containing malicious scripts to obtain user information or hijack the session, aka...

Cross site scripting

Huawei eSpace Integrated Access Device (IAD) with software V300R001C03, V300R001C04, V300R001C06, V300R001C20, and V300R001C07 allows an attacker to trick a user into clicking a URL containing malicious scripts to obtain user information or hijack the session, aka...

CVE-2016-8271

Huawei eSpace IAD V300R002C01SPC100 and earlier versions have an information leak vulnerability; an attacker can check and download the fault information by accessing a special...

Information disclosure

Huawei eSpace IAD V300R002C01SPC100 and earlier versions have an information leak vulnerability; an attacker can check and download the fault information by accessing a special...

CVE-2016-8271

Huawei eSpace IAD V300R002C01SPC100 and earlier versions have an information leak vulnerability; an attacker can check and download the fault information by accessing a special...

Design/Logic Flaw

In Huawei eSpace Meeting with software V100R001C03SPC201 and the earlier versions, attackers that obtain the permissions assigned to common users can elevate privileges to access and set specific key...

CVE-2014-3222

In Huawei eSpace Meeting with software V100R001C03SPC201 and the earlier versions, attackers that obtain the permissions assigned to common users can elevate privileges to access and set specific key...

CVE-2014-3222

In Huawei eSpace Meeting with software V100R001C03SPC201 and the earlier versions, attackers that obtain the permissions assigned to common users can elevate privileges to access and set specific key...

CVE-2014-3222

In Huawei eSpace Meeting with software V100R001C03SPC201 and the earlier versions, attackers that obtain the permissions assigned to common users can elevate privileges to access and set specific key...

CVE-2016-8789

Huawei eSpace Integrated Access Device (IAD) with software V300R001C03, V300R001C04, V300R001C06, V300R001C20, and V300R001C07 allows an attacker to trick a user into clicking a URL containing malicious scripts to obtain user information or hijack the session, aka...

CVE-2016-8271

Huawei eSpace IAD V300R002C01SPC100 and earlier versions have an information leak vulnerability; an attacker can check and download the fault information by accessing a special...

Security Advisory - Sixteen OpenSSL Vulnerabilities on Some Huawei products

Statem/statem.c in OpenSSL 1.1.0a does not consider memory-block movement after a realloc call, which allows remote attackers to cause a denial of service (use-after-free) or possibly execute arbitrary code via a crafted TLS session. (Vulnerability ID: HWPSIRT-2016-09065) This vulnerability has...

jdc.fr XSS vulnerability

Vulnerable URL: https://www.jdc.fr/espace-partenaires/?part=%3C/script%3E%3Cscript%3Ealert(/OPENBUGBOUNTY/)%3C/script%3E Details: Description| Value ---|--- Patched:| Yes, at 05.12.2017 Latest check for patch:| 05.12.2017 21:54 GMT Vulnerability type:| XSS Vulnerability status:| Publicly...

Security Advisory - Apache Struts2 Remote Code Execution Vulnerability in Huawei Products

Apache Struts2 released a remote code execution vulnerability in S2-045 on the official website. An attacker is possible to perform a RCE (Remote Code Execution) attack with a malicious Content-Type value. (Vulnerability ID: HWPSIRT-2017-03094) This vulnerability has been assigned a CVE ID:...

Ubuntu 12.04 LTS : linux-lts-trusty vulnerabilities (USN-3207-2)

USN-3207-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 LTS. It was discovered that a use-after-free vulnerability existed in the block device...

Ubuntu: Security Advisory (USN-3207-1)

The remote host is missing an update for...

Ubuntu 12.04 LTS : linux, linux-ti-omap4 vulnerabilities (USN-3206-1)

It was discovered that a use-after-free vulnerability existed in the block device layer of the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly gain administrative privileges. (CVE-2016-7910) Dmitry Vyukov discovered a use-after-free...

Linux kernel vulnerabilities

Releases Ubuntu 14.04 ESM Packages linux - Linux kernel Details It was discovered that a use-after-free vulnerability existed in the block device layer of the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly gain administrative privileges....

Ubuntu: Security Advisory (USN-3207-2)

The remote host is missing an update for...

Linux kernel vulnerabilities

Releases Ubuntu 12.04 Packages linux - Linux kernel linux-ti-omap4 - Linux kernel for OMAP4 Details It was discovered that a use-after-free vulnerability existed in the block device layer of the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or...

Ubuntu: Security Advisory (USN-3206-1)

The remote host is missing an update for...

Ubuntu 14.04 LTS : Linux kernel vulnerabilities (USN-3207-1)

The remote Ubuntu 14.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-3207-1 advisory. Use-after-free vulnerability in the disk_seqf_stop function in block/genhd.c in the Linux kernel before 4.7.1 allows local users to gain privileges...

Linux kernel (Trusty HWE) vulnerabilities

Releases Ubuntu 12.04 Packages linux-lts-trusty - Linux hardware enablement kernel from Trusty for Precise Details USN-3207-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from...

SUSE SLES11 Security Update : kernel (SUSE-SU-2017:0494-1)

The SUSE Linux Enterprise 11 SP3 LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed : CVE-2015-8970: crypto/algif_skcipher.c in the Linux kernel did not verify that a setkey operation has been performed on an AF_ALG socket before an...

Security update for the Linux Kernel (important)

The SUSE Linux Enterprise 11 SP3 LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed: CVE-2015-8970: crypto/algif_skcipher.c in the Linux kernel did not verify that a setkey operation has been performed on an AF_ALG socket before...

SUSE SLES12 Security Update : kernel (SUSE-SU-2017:0471-1)

The SUSE Linux Enterprise 12 GA LTSS kernel was updated to 3.12.61 to receive various security and bugfixes. The following feature was implemented : The ext2 filesystem got reenabled and supported to allow support for 'XIP' (Execute In Place) (FATE#320805). The following security bugs...

Security update for the Linux Kernel (important)

The SUSE Linux Enterprise 12 GA LTSS kernel was updated to 3.12.61 to receive various security and bugfixes. The following feature was implemented: The ext2 filesystem got reenabled and supported to allow support for "XIP" (Execute In Place) (FATE#320805). The following security bugs...

Security update for the Linux Kernel (important)

The SUSE Linux Enterprise 12 SP1 kernel was updated to 3.12.69 to receive various security and bugfixes. The following security bugs were fixed: CVE-2015-8962: Double free vulnerability in the sg_common_write function in drivers/scsi/sg.c in the Linux kernel allowed local users to...

SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2017:0464-1)

The SUSE Linux Enterprise 12 SP1 kernel was updated to 3.12.69 to receive various security and bugfixes. The following security bugs were fixed : CVE-2015-8962: Double free vulnerability in the sg_common_write function in drivers/scsi/sg.c in the Linux kernel allowed local users to gain...

SUSE SLES11 Security Update : kernel (SUSE-SU-2017:0437-1)

The SUSE Linux Enterprise 11 SP4 kernel was updated to 3.0.101-94 to receive various security and bugfixes. The following security bugs were fixed : CVE-2017-5551: tmpfs: clear S_ISGID when setting posix ACLs (bsc#1021258). CVE-2016-10088: The sg implementation in the Linux kernel did...

Security update for the Linux Kernel (important)

The SUSE Linux Enterprise 11 SP4 kernel was updated to 3.0.101-94 to receive various security and bugfixes. The following security bugs were fixed: CVE-2017-5551: tmpfs: clear S_ISGID when setting posix ACLs (bsc#1021258). CVE-2016-10088: The sg implementation in the Linux kernel did...

Security update for the Linux Kernel (important)

The SUSE Linux Enterprise 12 rt-kernel was updated to 3.12.69 to receive various security and bugfixes. The following security bugs were fixed: CVE-2015-8962: Fixed a double free vulnerability in the SCSI subsystem that allowed local users to gain privileges or cause a denial of...

SUSE SLES11 Security Update : kernel (SUSE-SU-2017:0333-1)

The SUSE Linux Enterprise 11 SP2 LTSS kernel was updated to receive various security and bugfixes. This is the last planned LTSS kernel update for the SUSE Linux Enterprise Server 11 SP2 LTSS. The following security bugs were fixed : CVE-2016-10088: The sg implementation in the Linux kernel...

Security update for the Linux Kernel (important)

The SUSE Linux Enterprise 11 SP2 LTSS kernel was updated to receive various security and bugfixes. This is the last planned LTSS kernel update for the SUSE Linux Enterprise Server 11 SP2 LTSS. The following security bugs were fixed: CVE-2016-10088: The sg implementation in the Linux kernel...

Security Advisory - DoS Vulnerability in Multiple Huawei Products

There is an denial of service (DoS) vulnerability in multiple Huawei products. An attacker with specific permission can craft a file containing malicious data and upload it to the device to exhaust memory, causing a DoS condition. (Vulnerability ID: HWPSIRT-2016-07088) This vulnerability has been.....

Debian DLA-772-1 : linux security update

Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2012-6704, CVE-2016-9793 Eric Dumazet found that a local user with CAP_NET_ADMIN capability could set a socket's buffer size to be negative, leading....