793 matches found
Login-utils Denial of Service Vulnerability
util-linux is a set of software packages for Linux systems and contains a variety of system administration tools, login-utils is one of the login tools. A security vulnerability exists in login-utils that could be exploited by a local attacker to cause a file name conflict and conduct a denial of...
MGASA-2015-0352 Updated util-linux packages fix CVE-2015-5224
Updated util-linux packages fix security vulnerability: The chfn and chsh commands in util-linux's login-utils are vulnerable to a file name collision due to incorrect mkstemp usage. If the chfn and chsh binaries are both setuid-root they eventually call mkostemp in such a way that an attacker...
Updated util-linux packages fix CVE-2014-9114
Updated util-linux packages fix security vulnerability: Sebastian Krahmer reported a command injection flaw in blkid. This could possibly result in command execution with root privileges CVE-2014-9114. The util-linux package has been updated to version 2.24.2 and patched to fix this issue and oth...
cfme: CFME 2.0 multiple zip file upload path traversal vulnerabilities
Multiple directory traversal vulnerabilities in the AgentController in Red Hat CloudForms Management Engine 2.0 allow remote attackers to create and overwrite arbitrary files via a .. dot dot in the filename parameter to the 1 log, 2 upload, or 3 linuxpkgs method...
RHEL 6 : krb5 (RHSA-2011:0200)
Updated krb5 packages that fix three security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are...
CVE-2009-2946
Eval injection vulnerability in scripts/uscan.pl before Rev 1984 in devscripts allows remote attackers to execute arbitrary Perl code via crafted pathnames on distribution servers for upstream source code used in Debian GNU/Linux packages...
CVE-2009-2946
Eval injection vulnerability in scripts/uscan.pl before Rev 1984 in devscripts allows remote attackers to execute arbitrary Perl code via crafted pathnames on distribution servers for upstream source code used in Debian GNU/Linux packages...
RHEL 2.1 : samba (RHSA-2003:096)
Updated Samba packages are now available to fix security vulnerabilities found during a code audit. Samba is a suite of utilities which provides file and printer sharing services to SMB/CIFS clients. Sebastian Krahmer discovered a security vulnerability present in unpatched versions of Samba prio...
[SECURITY] [DSA-358-2] New kernel packages fix potential "oops"
-------------------------------------------------------------------------- Debian Security Advisory DSA 358-2 [email protected] http://www.debian.org/security/ Matt Zimmerman August 5th, 2003 http://www.debian.org/security/faq -...
Important: Red Hat Security Advisory: : New util-linux packages available to fix /bin/login pam problem
New util-linux packages are available that fix a problem with /bin/login's PAM implementation. This could, in some non-default setups, cause users to receive credentials of other users. It is recommended that all users update to the fixed packages. 2001-10-22: Packages are now available for Red H...
Moderate: Red Hat Security Advisory: : New util-linux packages available to fix vipw permissions problems
New util-linux packages are available for Red Hat Linux 7.1. These packages fix a problem where vipw would leave the /etc/shadow file world-readable after editing it. It is recommended that all users update to the fixed packages. Also, if you have used vipw on Red Hat Linux 7.1 before, make sure ...
buffer overflow vulnerability in Pine
Pine versions 4.21 and before contain a buffer overflow vulnerability which allows a remote user to execute arbitrary code on the local client by the sending of a special-crafted email message. The overflow occurs during the periodic "new mail" checking of an open folder. By upgrading to Pine 4.3...
PT-2009-6739
Name of the Vulnerable Software and Affected Versions OpenSSL versions prior to 0.9.8l GnuTLS versions prior to 2.8.5 Apache HTTP Server versions prior to 2.2.14 Microsoft Internet Information Services IIS 7.0 OpenVPN versions prior to 2.3.1 Mozilla Network Security Services NSS versions prior to...