June 9, 2020—KB4561621 (OS Build 17134.1550)

June 9, 2020—KB4561621 OS Build 17134.1550 IMPORTANT We have been evaluating the public health situation, and we understand this is impacting our customers. In response to these challenges, we are prioritizing our focus on security updates. Starting in May 2020, we are pausing all optional...

June 9, 2020—KB4561649 (OS Build 10240.18608)

June 9, 2020—KB4561649 OS Build 10240.18608 For more information about the various types of Windows updates, such as critical, security, driver, service packs, and so on, please see the following article. Highlights Updates to improve security when using Internet Explorer. Updates to improve...

Debian: Security Advisory (DLA-2224-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2020-10744

An incomplete fix was found for the fix of the flaw CVE-2020-1733 ansible: insecure temporary directory when running becomeuser from become directive. The provided fix is insufficient to prevent the race condition on systems using ACLs and FUSE filesystems. Ansible Engine 2.7.18, 2.8.12, and 2.9....

CVE-2020-10744

An incomplete fix was found for the fix of the flaw CVE-2020-1733 ansible: insecure temporary directory when running becomeuser from become directive. The provided fix is insufficient to prevent the race condition on systems using ACLs and FUSE filesystems. Ansible Engine 2.7.18, 2.8.12, and 2.9....

CVE-2020-10744

An incomplete fix was found for the fix of the flaw CVE-2020-1733 ansible: insecure temporary directory when running becomeuser from become directive. The provided fix is insufficient to prevent the race condition on systems using ACLs and FUSE filesystems. Ansible Engine 2.7.18, 2.8.12, and 2.9....

Race condition

An incomplete fix was found for the fix of the flaw CVE-2020-1733 ansible: insecure temporary directory when running becomeuser from become directive. The provided fix is insufficient to prevent the race condition on systems using ACLs and FUSE filesystems. Ansible Engine 2.7.18, 2.8.12, and 2.9....

CVE-2020-10744

An incomplete fix was found for the fix of the flaw CVE-2020-1733 ansible: insecure temporary directory when running becomeuser from become directive. The provided fix is insufficient to prevent the race condition on systems using ACLs and FUSE filesystems. Ansible Engine 2.7.18, 2.8.12, and 2.9....

CVE-2020-10744

CVE-2020-10744 concerns a race condition in Ansible where an insecure temporary directory is created during become_user, enabling potential takeover of the become user. Connected documents confirm affected versions (Ansible Engine 2.7.18, 2.8.12, 2.9.9; Ansible Tower 3.4.5/3.5.6/3.6.4) and descri...

Ansible -- Insecure Temporary File

NVD reports: An incomplete fix was found for the fix of the flaw CVE-2020-1733 ansible: insecure temporary directory when running becomeuser from become directive. The provided fix is insufficient to prevent the race condition on systems using ACLs and FUSE filesystems...

CVE-2020-10744

An incomplete fix was found for the fix of the flaw CVE-2020-1733, Ansible: insecure temporary directory when running becomeuser from the become directive. The provided fix is insufficient to prevent the race condition on systems using ACLs and FUSE filesystems. Mitigation Currently, there is no...

Moderate: Red Hat Security Advisory: openstack-manila security update

An update for openstack-manila is now available for Red Hat OpenStack Platform 16 Train. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

RHEL 8 : openstack-manila (RHSA-2020:2165)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:2165 advisory. OpenStack Shared Filesystem Service Manila provides services to manage network filesystems for use by Virtual Machine instances. Security Fixes: User...

May 12, 2020—KB4556846 (Monthly Rollup)

May 12, 2020—KB4556846 Monthly Rollup IMPORTANT We have been evaluating the public health situation, and we understand this is impacting our customers. In response to these challenges, we are prioritizing our focus on security updates. Starting in May 2020, we are pausing all optional non-securit...

CVE-2019-19447

A flaw was found in the Linux kernel's ext4unlink function. An attacker could corrupt memory or escalate privileges when deleting a file from a recently unmounted specially crafted ext4 filesystem, including local, USB, and iSCSI. Mitigation Ext4 filesytems are built into the kernel so it is not...

Huawei EulerOS: Security Advisory for policycoreutils (EulerOS-SA-2020-1423)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP3 : policycoreutils (EulerOS-SA-2020-1423)

According to the version of the policycoreutils packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Context relabeling of filesystems is vulnerable to symbolic link attack, allowing a local, unprivileged malicious entity to change the...

CVE-2019-9637

An issue was discovered in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. Due to the way rename across filesystems is implemented, it is possible that file being renamed is briefly available with wrong permissions while the rename is ongoing, thus enabling unauthorized users to...

CVE-2018-18397

A flaw was found in the Linux kernel with files on tmpfs and hugetlbfs. An attacker is able to bypass file permissions on filesystems mounted with tmpfs/hugetlbs to modify a file and possibly disrupt normal system behavior. At this time there is an understanding there is no crash or privilege...

RHEL 8 : openstack-manila (RHSA-2020:1326)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:1326 advisory. OpenStack Shared Filesystem Service Manila provides services to manage network filesystems for use by Virtual Machine instances. Security Fixes: User...