xinetd security and bug fix update

2:2.3.14-19 - Correctly backport patches that fix the descriptor leakage - Related: 852274 -2:2.3.14-18 - Fix leaking file descriptors 852274 - Fix: Service disabled due to bind failure 811000 - CVE-2012-0862 xinetd: enables unintentional services over tcpmux port 788795...

Low: Red Hat Security Advisory: sssd security and bug fix update

Updated sssd packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity ratin...

Moderate: Red Hat Security Advisory: jboss-remoting security update

An update for the JBoss Remoting component of Red Hat JBoss SOA Platform 5.3.1 GA that fixes one security issue is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVS...

Moderate: Red Hat Security Advisory: jboss-remoting security update

An update for the JBoss Remoting component of Red Hat JBoss BRMS 5.3.1 that fixes one security issue is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base scor...

Moderate: Red Hat Security Advisory: jboss-remoting security update

An update for the JBoss Remoting component of Red Hat JBoss Enterprise Application Platform 5.2.0 that fixes one security issue is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability...

Moderate: Red Hat Security Advisory: jboss-remoting security update

An updated jboss-remoting package that fixes one security issue is now available for Red Hat JBoss Web Platform 5.2.0 for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS...

Amazon Linux AMI : kernel (ALAS-2011-22)

The epoll implementation in the Linux kernel 2.6.37.2 and earlier does not properly traverse a tree of epoll file descriptors, which allows local users to cause a denial of service CPU consumption via a crafted application that makes epollcreate and epollctl system calls. Buffer overflow in the...

Oracle Linux 6 : libvirt (ELSA-2013-0831)

The remote Oracle Linux 6 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2013-0831 advisory. - daemon: Fix leak after listing volumes CVE-2013-1962 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory...

Updated libvirt packages fix security vulnerability

It was found that libvirtd leaked file descriptors when listing all volumes for a particular pool. A remote attacker able to establish a read-only connection to libvirtd could use this flaw to cause libvirtd to consume all available file descriptors, preventing other users from using libvirtd...

Moderate: Red Hat Security Advisory: libvirt security and bug fix update

Updated libvirt packages that fix one security issue and two bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

RHEL 5 : hypervkvpd (RHSA-2013:0807)

An updated hypervkvpd package that fixes one security issue and one bug is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

Low: Red Hat Security Advisory: hypervkvpd security and bug fix update

An updated hypervkvpd package that fixes one security issue and one bug is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

CVE-2013-2777

sudo before 1.7.10p5 and 1.8.x before 1.8.6p6, when the ttytickets option is enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to hijack the authorization of another terminal via vectors related to a session without a controlling...

CVE-2013-2777

sudo before 1.7.10p5 and 1.8.x before 1.8.6p6, when the ttytickets option is enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to hijack the authorization of another terminal via vectors related to a session without a controlling...

DEBIAN-CVE-2013-0288

nss-pam-ldapd before 0.7.18 and 0.8.x before 0.8.11 allows context-dependent attackers to cause a denial of service application crash and possibly execute arbitrary code by performing a name lookup on an application with a large number of open file descriptors, which triggers a stack-based buffer...

UBUNTU-CVE-2013-0288

nss-pam-ldapd before 0.7.18 and 0.8.x before 0.8.11 allows context-dependent attackers to cause a denial of service application crash and possibly execute arbitrary code by performing a name lookup on an application with a large number of open file descriptors, which triggers a stack-based buffer...

Important: Red Hat Security Advisory: nss-pam-ldapd security update

Updated nss-pam-ldapd packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating,...

nss-pam-ldapd: FD_SET array index error, leading to stack-based buffer overflow

nss-pam-ldapd before 0.7.18 and 0.8.x before 0.8.11 allows context-dependent attackers to cause a denial of service application crash and possibly execute arbitrary code by performing a name lookup on an application with a large number of open file descriptors, which triggers a stack-based buffer...

CVE-2013-0288

nss-pam-ldapd before 0.7.18 and 0.8.x before 0.8.11 allows context-dependent attackers to cause a denial of service application crash and possibly execute arbitrary code by performing a name lookup on an application with a large number of open file descriptors, which triggers a stack-based buffer...

qpid-cpp: not closing incomplete connections exhausts file descriptors, leading to DoS

Apache Qpid 0.17 and earlier does not properly restrict incoming client connections, which allows remote attackers to cause a denial of service file descriptor consumption via a large number of incomplete connections...