CVE-2024-1724 snapd allows $HOME/bin symlink

In snapd versions prior to 2.62, when using AppArmor for enforcement of sandbox permissions, snapd failed to restrict writes to the $HOME/bin path. In Ubuntu, when this path exists, it is automatically added to the users PATH. An attacker who could convince a user to install a malicious snap whic...

CVE-2024-27301 Privilege Escalation Abusing installer in SupportApp

Support App is an opensource application specialized in managing Apple devices. It's possible to abuse a vulnerability inside the postinstall installer script to make the installer execute arbitrary code as root. The cause of the vulnerability is the fact that the shebang !/bin/zsh is being used...

Security update for aaa_base (moderate)

openSUSE Security Update: Security update for aaabase Announcement ID: openSUSE-SU-2021:3899-1 Rating: moderate References: 1162581 1174504 1191563 1192248 Affected Products: openSUSE Leap 15.3 An update that contains security fixes can now be installed. Description: This update for aaabase fixes...

selinux-policy bug fix and enhancement update

The selinux-policy packages contain the rules that govern how confined processes run on the system. Bug Fixes and Enhancements: RFE: Grant rpc.gssd access to $HOME/.k5identity in selinux-policy BZ1995594...