ALPINE-CVE-2024-25629

c-ares is a C library for asynchronous DNS requests. aresreadline is used to parse local configuration files such as /etc/resolv.conf, /etc/nsswitch.conf, the HOSTALIASES file, and if using a c-ares version prior to 1.27.0, the /etc/hosts file. If any of these configuration files has an embedded...

Design/Logic Flaw

c-ares is a C library for asynchronous DNS requests. aresreadline is used to parse local configuration files such as /etc/resolv.conf, /etc/nsswitch.conf, the HOSTALIASES file, and if using a c-ares version prior to 1.27.0, the /etc/hosts file. If any of these configuration files has an embedded...

CVE-2024-25629 c-ares out of bounds read in ares__read_line()

c-ares is a C library for asynchronous DNS requests. aresreadline is used to parse local configuration files such as /etc/resolv.conf, /etc/nsswitch.conf, the HOSTALIASES file, and if using a c-ares version prior to 1.27.0, the /etc/hosts file. If any of these configuration files has an embedded...

CVE-2024-25629 c-ares out of bounds read in ares__read_line()

c-ares is a C library for asynchronous DNS requests. aresreadline is used to parse local configuration files such as /etc/resolv.conf, /etc/nsswitch.conf, the HOSTALIASES file, and if using a c-ares version prior to 1.27.0, the /etc/hosts file. If any of these configuration files has an embedded...

SUSE CVE-2024-26582

In the Linux kernel, the following vulnerability has been resolved: net: tls: fix use-after-free with partial reads and async decrypt tlsdecryptsg doesn't take a reference on the pages from clearskb, so the putpage in tlsdecryptdone releases them, and we trigger a use-after-free in processrxlist...

Fedora: Security Advisory for rust-asyncgit (FEDORA-2024-993d3a78dd)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2024-25629

c-ares is a C library for asynchronous DNS requests. aresreadline is used to parse local configuration files such as /etc/resolv.conf, /etc/nsswitch.conf, the HOSTALIASES file, and if using a c-ares version prior to 1.27.0, the /etc/hosts file. If any of these configuration files has an embedded...

[SECURITY] Fedora 38 Update: rust-asyncgit-0.24.3-3.fc38

Allow using git2 in a asynchronous context...

DEBIAN-CVE-2024-26582

In the Linux kernel, the following vulnerability has been resolved: net: tls: fix use-after-free with partial reads and async decrypt tlsdecryptsg doesn't take a reference on the pages from clearskb, so the putpage in tlsdecryptdone releases them, and we trigger a use-after-free in processrxlist...

DEBIAN-CVE-2024-26584

In the Linux kernel, the following vulnerability has been resolved: net: tls: handle backlogging of crypto requests Since we're setting the CRYPTOTFMREQMAYBACKLOG flag on our requests to the crypto API, cryptoaeadencrypt,decrypt can return -EBUSY instead of -EINPROGRESS in valid situations. For...

AZL-35798 CVE-2024-26582 affecting package kernel for versions less than 6.6.22.1-2

In the Linux kernel, the following vulnerability has been resolved: net: tls: fix use-after-free with partial reads and async decrypt tlsdecryptsg doesn't take a reference on the pages from clearskb, so the putpage in tlsdecryptdone releases them, and we trigger a use-after-free in processrxlist...

AZL-35474 CVE-2024-26583 affecting package hyperv-daemons for versions less than 6.6.22.1-2

In the Linux kernel, the following vulnerability has been resolved: tls: fix race between async notify and socket close The submitting thread one which called recvmsg/sendmsg may exit as soon as the async crypto handler calls complete so any code past that point risks touching already freed data...

CVE-2024-26582

In the Linux kernel, the following vulnerability has been resolved: net: tls: fix use-after-free with partial reads and async decrypt tlsdecryptsg doesn't take a reference on the pages from clearskb, so the putpage in tlsdecryptdone releases them, and we trigger a use-after-free in processrxlist...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the net module calling asynchronous callbacks twice under certain circumstances. No details of the...

DEBIAN-CVE-2023-52433

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftsetrbtree: skip sync GC for new elements in this transaction New elements in this transaction might expired before such transaction ends. Skip sync GC for such elements otherwise commit path might walk over an alrea...

[SECURITY] Fedora 39 Update: rust-asyncgit-0.24.3-3.fc39

Allow using git2 in a asynchronous context...

Fedora: Security Advisory for rust-asyncgit (FEDORA-2024-8ba389815f)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Slackware Linux 15.0 / current libuv Vulnerability (SSA:2024-051-02)

The version of libuv installed on the remote host is prior to 1.48.0. It is, therefore, affected by a vulnerability as referenced in the SSA:2024-051-02 advisory. - libuv is a multi-platform support library with a focus on asynchronous I/O. The uvgetaddrinfo function in src/unix/getaddrinfo.c and...

Denial Of Service

Bind9 is vulnerable to denial of service. The vulnerability is due to asynchronous processes of named running as a recursive resolver component of BIND, when attempting to clean up its cache database which enables the list of queued cleanup events to grow infinitely large over time, allowing the...

SUSE CVE-2023-6516

To keep its cache database efficient, named running as a recursive resolver occasionally attempts to clean up the database. It uses several methods, including some that are asynchronous: a small chunk of memory pointing to the cache element that can be cleaned up is first allocated and then queue...