openSUSE Security Update : google-compute-engine (openSUSE-2020-996)

This update for google-compute-engine fixes the following issues : - Don't enable and start google-network-daemon.service when it's already installed bsc1169978 + Do not add the created user to the adm CVE-2020-8903, docker CVE-2020-8907, or lxd CVE-2020-8933 groups if they exist bsc1173258 This...

OPENSUSE-SU-2020:1014-1 Security update for google-compute-engine

This update for google-compute-engine fixes the following issues: - Don't enable and start google-network-daemon.service when it's already installed bsc1169978 + Do not add the created user to the adm CVE-2020-8903, docker CVE-2020-8907, or lxd CVE-2020-8933 groups if they exist bsc1173258...

openSUSE: Security Advisory for google-compute-engine (openSUSE-SU-2020:0996-1)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Security update for google-compute-engine (important)

openSUSE Security Update: Security update for google-compute-engine Announcement ID: openSUSE-SU-2020:1014-1 Rating: important References: 1169978 1173258 Cross-References: CVE-2020-8903 CVE-2020-8907 CVE-2020-8933 Affected Products: openSUSE Leap 15.2 An update that fixes three vulnerabilities i...

OPENSUSE-SU-2020:0996-1 Security update for google-compute-engine

This update for google-compute-engine fixes the following issues: - Don't enable and start google-network-daemon.service when it's already installed bsc1169978 + Do not add the created user to the adm CVE-2020-8903, docker CVE-2020-8907, or lxd CVE-2020-8933 groups if they exist bsc1173258 This...

Security update for google-compute-engine (important)

openSUSE Security Update: Security update for google-compute-engine Announcement ID: openSUSE-SU-2020:0996-1 Rating: important References: 1169978 1173258 Cross-References: CVE-2020-8903 CVE-2020-8907 CVE-2020-8933 Affected Products: openSUSE Leap 15.1 An update that fixes three vulnerabilities i...

SUSE-SU-2020:1934-1 Security update for google-compute-engine

This update for google-compute-engine fixes the following issues: - Don't enable and start google-network-daemon.service when it's already installed bsc1169978 + Do not add the created user to the adm CVE-2020-8903, docker CVE-2020-8907, or lxd CVE-2020-8933 groups if they exist bsc1173258...

openstack-keystone: EC2 and credential endpoints are not protected from a scoped context

A vulnerability was found in Keystone's EC2 credentials API. This flaw allows any user authenticated within a limited scope trust/OAuth/application credential to create an EC2 credential with escalated permissions, for example, obtaining an "admin" role, while the user is on a limited "viewer" ro...

openstack-keystone: Credentials endpoint policy logic allows changing credential owner and target project ID

A vulnerability was found in Keystone's EC2 credentials API. This flaw allows any authenticated user to create an EC2 credential for themselves for a project that they have a specified role, and then perform an update to the credential user and project, allowing them to masquerade as another user...

CVE-2020-3662

Buffer overflow can occur while parsing eac3 header while playing the clip which is nonstandard in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ801...

CVE-2020-3626

Any application can bind to it and exercise the APIs due to no protection for AIDL uimlpaservice in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in APQ8053, APQ8096AU, APQ8098, MSM8905, MSM8909W, MSM8917, MSM8920,...

Code injection

kernel writes to user passed address without any checks can lead to arbitrary memory write in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in IPQ6018, IPQ8074, MSM8996, MSM8996AU, Nicobar,...

Race condition

Double free issue in NPU due to lack of resource locking mechanism to avoid race condition in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in MDM9607, QCS405, Rennell, Saipan, SC8180X, SDX55, SM8150, SM8250,...

CVE-2020-3663

CVE-2020-3663 affects Qualcomm Snapdragon platforms (multiple Snapdragon Auto/Compute/Connectivity/IoT/Wearables generations) where buffer over-run can occur while fetching track decoder information if the decode- cb size exceeds the allocated buffer. The issue’s root cause is a buffer overflow i...

CVE-2020-3635

CVE-2020-3635 is a stack-based overflow affecting Qualcomm/Snapdragon components where the maximum number of arguments per request in perflock can exceed limits across numerous Snapdragon SKUs (Auto, Compute, Consumer IOT, Industrial IOT, Mobile, Wearables) including APQ8053, APQ8096AU, APQ8098, ...

CVE-2020-3635

Stack based overflow If the maximum number of arguments allowed per request in perflock exceeds in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in APQ8053, APQ8096AU, APQ8098, MSM8909W, MSM8917, MSM8920, MSM8937,...

CVE-2020-3626

Any application can bind to it and exercise the APIs due to no protection for AIDL uimlpaservice in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in APQ8053, APQ8096AU, APQ8098, MSM8905, MSM8909W, MSM8917, MSM8920,...

CVE-2020-3614

CVE-2020-3614 is a buffer-overflow risk reported for Qualcomm Snapdragon firmware. The description in multiple sources specifies a lack of length check before copying a frame into a local buffer, affecting a broad set of Snapdragon products (Auto, Compute, Connectivity, IoT variants, Wearables, a...

CVE-2020-3626

CVE-2020-3626 affects Qualcomm closed‑source components on various Snapdragon platforms (e.g., APQ8053, SDM/SM variants). The underlying issue is reported as an authentication flaw where the AIDL uimlpaservice has insufficient protection, allowing any application to bind to the service and exerci...

CVE-2020-3613

Double free issue in kernel memory mapping due to lack of memory protection mechanism in Snapdragon Compute, Snapdragon Mobile, Snapdragon Voice & Music in SM8150...