Security Bulletin: Linux Kernel vulnerability may affect IBM Elastic Storage System (CVE-2021-4083)

Summary There are security vulnerabilities in versions of Linux Kernel that are shipped with versions of IBM Elastic Storage System. A fix for these vulnerabilities is available. Vulnerability Details CVEID: CVE-2021-4083 DESCRIPTION: Linux Kernel could allow a local attacker to gain elevated...

CVE-2022-29178

Cilium is open source software for providing and securing network connectivity and loadbalancing between application workloads. Cilium prior to versions 1.9.16, 1.10.11, and 1.11.15 contains an incorrect default permissions vulnerability. Operating Systems with users belonging to the group ID 100...

Design/Logic Flaw

Cilium is open source software for providing and securing network connectivity and loadbalancing between application workloads. Cilium prior to versions 1.9.16, 1.10.11, and 1.11.15 contains an incorrect default permissions vulnerability. Operating Systems with users belonging to the group ID 100...

CVE-2022-29178

CVE-2022-29178 affects Cilium prior to versions 1.9.16, 1.10.11, and 1.11.15, which contain an incorrect default permissions vulnerability. Users in group ID 1000 could access Cilium’s API via the host Unix domain socket, potentially impacting integrity and availability. A fix is available in ver...

CVE-2022-29178 Incorrect Default Permissions in Cilium

Cilium is open source software for providing and securing network connectivity and loadbalancing between application workloads. Cilium prior to versions 1.9.16, 1.10.11, and 1.11.15 contains an incorrect default permissions vulnerability. Operating Systems with users belonging to the group ID 100...

Oracle Linux 8 : kernel (ELSA-2022-1988)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-1988 advisory. - netfilter: nftablesoffload: incorrect flow offload action array size Florian Westphal 2056728 CVE-2022-25636 - RDMA/cma: Do not change...

Insecure Permissions in Phusion Passenger

An Insecure Permissions vulnerability in SpawningKit in Phusion Passenger 5.3.x before 5.3.2 causes information disclosure in the following situation: given a Passenger-spawned application process that reports that it listens on a certain Unix domain socket, if any of the parent directories of sa...

GHSA-J3HP-PV6V-RGRX Juju uses a UNIX domain socket without setting appropriate permissions

Juju before 1.25.12, 2.0.x before 2.0.4, and 2.1.x before 2.1.3 uses a UNIX domain socket without setting appropriate permissions, allowing privilege escalation by users on the system to root...

Juju uses a UNIX domain socket without setting appropriate permissions

Juju before 1.25.12, 2.0.x before 2.0.4, and 2.1.x before 2.1.3 uses a UNIX domain socket without setting appropriate permissions, allowing privilege escalation by users on the system to root...

Moderate: Red Hat Security Advisory: Release of containers for OSP 16.2.z director operator tech preview

Red Hat OpenStack Platform 16.2 Train director Operator containers are available for technology preview. Release osp-director-operator images Security Fixes: golang: kubernetes: YAML parsing vulnerable to "Billion Laughs" attack, allowing for remote CVE-2019-11253 golang: golang-github-miekg-dns:...

httpd: possible NULL dereference or SSRF in forward proxy configurations

There's a null pointer dereference and server-side request forgery flaw in httpd's modproxy module, when it is configured to be used as a forward proxy. A crafted packet could be sent on the adjacent network to the forward proxy that could cause a crash, or potentially SSRF via misdirected Unix...

kernel: fget: check that the fd still exists after getting a ref to it

A read-after-free memory flaw was found in the Linux kernel's garbage collection for Unix domain socket file handlers in the way users call close and fget simultaneously and can potentially trigger a race condition. This flaw allows a local user to crash the system or escalate their privileges on...

F5 Networks BIG-IP : Linux kernel vulnerability for (K52379673)

The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.3 / 17.5.1. It is, therefore, affected by a vulnerability as referenced in the K52379673 advisory. A read-after-free memory flaw was found in the Linux kernel's garbage collection for Unix domain socket file handlers ...

EulerOS 2.0 SP10 : kernel (EulerOS-SA-2022-1475)

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An out of memory bounds write flaw 1 or 2 bytes of memory in the Linux kernel NFS subsystem was found in the way users use mirroring replication...

The vulnerability of the Display Key Combination Fast Access swhkd mechanism in the Wayland display server protocol allows a hacker to gain access to protected information or cause a service failure.

The vulnerability of the Display Key Combination Fast Access daemon, swhkd, in the Wayland display server protocol is related to the ability to connect to the UNIX domain socket /tmp/swhkd.sock. Exploiting this vulnerability allows a remote attacker to gain access to protected information or caus...

[Important] [Security] Virtuozzo ReadyKernel patch 140.0 for Virtuozzo Hybrid Server 7.0, 7.5

The cumulative Virtuozzo ReadyKernel patch was updated with security fixes. The patch applies to all supported kernels of Virtuozzo Hybrid Server 7.x. NOTE: No more updates are planned for the kernel 3.10.0-1127.8.2.vz7.151.14. Vulnerability id: CVE-2021-4028 3.10.0-1127.8.2.vz7.158.8 to...

Oracle Linux 7 : kernel (ELSA-2022-1198)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-1198 advisory. - RDMA/cma: Do not change route.addr.srcaddr.ssfamily Kamal Heib 2032075 CVE-2021-4028 - fget: clarify and improve fgetfiles implementation Miklos...

USN-5361-1: Linux kernel vulnerabilities

It was discovered that the VFIO PCI driver in the Linux kernel did not properly handle attempts to access disabled memory spaces. A local attacker could use this to cause a denial of service system crash. CVE-2020-12888 Mathy Vanhoef discovered that the Linux kernel’s WiFi implementation did not...

kernel: fget: check that the fd still exists after getting a ref to it

A read-after-free memory flaw was found in the Linux kernel's garbage collection for Unix domain socket file handlers in the way users call close and fget simultaneously and can potentially trigger a race condition. This flaw allows a local user to crash the system or escalate their privileges on...

EulerOS 2.0 SP8 : httpd (EulerOS-SA-2022-1349)

According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A crafted URI sent to httpd configured as a forward proxy ProxyRequests on can cause a crash NULL pointer dereference or, for configurations mixi...