Linux kernel null pointer dereference vulnerability (CNVD-2018-15656)

Linux kernel is the kernel used by Linux, the open source operating system released by the Linux Foundation in the United States. A null pointer dereference vulnerability exists in the 'hfsextreadextent' function of the hfs.ko file in Linux kernel version 4.15.0. An attacker can exploit this...

USN-3671-1: Git vulnerabilities | Cloud Foundry

Severity High Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description Etienne Stalmans discovered that git did not properly validate git submodules files. A remote attacker could possibly use this to craft a git repo that causes arbitrary code execution when “git clone...

June 12, 2018—KB4284878 (Security-only update)

June 12, 2018—KB4284878 Security-only update Improvements and fixes This security update includes quality improvements. No new operating system features are being introduced in this update. Key changes include: Security updates to Windows apps, remote code execution, Windows Server, Windows stora...

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : Git vulnerabilities (USN-3671-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3671-1 advisory. Etienne Stalmans discovered that git did not properly validate git submodules files. A remote attacker could possibly use this to...

[SECURITY] [DSA 4134-1] util-linux security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4134-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso March 10, 2018 https://www.debian.org/security/faq -...

Design/Logic Flaw

Red Hat OpenShift Enterprise version 3.7 is vulnerable to access control override for container network filesystems. An attacker could override the UserId and GroupId for GlusterFS and NFS to read and write any data on the network filesystem...

CVE-2018-1069

Red Hat OpenShift Enterprise version 3.7 is vulnerable to access control override for container network filesystems. An attacker could override the UserId and GroupId for GlusterFS and NFS to read and write any data on the network filesystem...

util-linux: User-assisted execution of arbitrary code

Background util-linux is a suite of Linux programs including mount and umount, programs used to mount and unmount filesystems. Description It was discovered that the umount bash-completion as provided by util-linux does not escap mount point paths. Impact An attacker controlling a volume label...

CVE-2018-1063

Context relabeling of filesystems is vulnerable to symbolic link attack, allowing a local, unprivileged malicious entity to change the SELinux context of an arbitrary file to a context with few restrictions. This only happens when the relabeling process is done, usually when taking SELinux state...

Ubuntu 14.04 LTS : Linux kernel (Xenial HWE) vulnerabilities (USN-3582-2)

The remote Ubuntu 14.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-3582-2 advisory. USN-3582-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enableme...

[SECURITY] Fedora 27 Update: dracut-046-8.git20180105.fc27

dracut contains tools to create a bootable initramfs for 2.6 Linux kernels. Unlike existing implementations, dracut does hard-code as little as possible into the initramfs. dracut contains various modules which are driven by the event-based udev. Having root on MD, DM, LVM2, LUKS is supported as...

fatcat - FAT Filesystems Explore, Extract, Repair, And Forensic Tool

This tool is designed to manipulate FAT filesystems, in order to explore, extract, repair, recover and forensic them. It currently supports FAT12, FAT16 and FAT32. Tutorials & examples Building and installing You can build fatcat this way: mkdir build cd build cmake .. make And then install it:...

CVE-2017-7495

A vulnerability was found in the Linux kernel where filesystems mounted with data=ordered mode may allow an attacker to read stale data from recently allocated blocks in new files after a system 'reset' by abusing ext4 mechanics of delayed allocation. Mitigation Alternative filesystems may be use...

OracleVM 3.3 / 3.4 : coreutils (OVMSA-2017-0052)

The remote OracleVM system is missing necessary patches to address critical security updates : - clean up empty file if cp is failed Orabug 15973168 - pure rebuild to bring back support for aclextendedfilenofollow on x8664 - su: deny killing other processes with root privileges CVE-2017-2616 - fi...

ntfs-3g - Unsanitized modprobe mention the right Vulnerability( CVE-2017-0358)

Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1072 ntfs-3g is installed by default e.g. on Ubuntu and comes with a setuid root program /bin/ntfs-3g. When this program is invoked on a system whose kernel does not support FUSE filesystems detected by getfusefstype, ntfs-3g...

util-linux: Arbitrary code execution

Background util-linux is a suite of Linux programs including mount and umount, programs used to mount and unmount filesystems. Description A command injection flaw was discovered in util-linux’s “blkid” utility. It uses caching files /dev/.blkid.tab or /run/blkid/blkid.tab to store info about the...

Unbreakable Enterprise kernel security update

kernel-uek 4.1.12-61.1.17 - sched: panic on corrupted stack end Jann Horn Orabug: 24971921 CVE-2016-1583 - ecryptfs: forbid opening files without mmap handler Jann Horn Orabug: 24971921 CVE-2016-1583 - proc: prevent stacking filesystems on top Jann Horn Orabug: 24971921 CVE-2016-1583...

Exploiting Recursion in the Linux Kernel

Posted by Jann Horn, Google Project Zero On June 1st, I reported an arbitrary recursion bug in the Linux kernel that can be triggered by a local user on Ubuntu if the system was installed with home directory encryption support. If you want to see the crasher, the exploit code and the shorter bug...

[SECURITY] Fedora 22 Update: dosfstools-3.0.27-2.fc22

The dosfstools package includes the mkdosfs and dosfsck utilities, which respectively make and check MS-DOS FAT filesystems on hard drives or on floppies...

USN-2986-1 dosfstools vulnerabilities

Hanno Böck discovered that dosfstools incorrectly handled certain malformed filesystems. A local attacker could use this issue to cause dosfstools to crash, resulting in a denial of service, or possibly execute arbitrary code...