PT-2016-7111 · Linux +1 · Linux Kernel +1

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 4.0 Description: The issue is related to the mismanagement of locks during certain migrations in the performance subsystem of the Linux kernel. This allows local users to gain privileges via a crafted applicatio...

SUSE SLES11 Security Update : glibc (SUSE-SU-2015:0164-1)

glibc has been updated to fix one security issue and several bugs : Security issue fixed : - Fix crashes on invalid input in IBM gconv modules CVE-2014-6040, CVE-2012-6656 - Fixed a stack overflow during hosts parsing CVE-2013-4357 Bugs fixed : - don't touch user-controlled stdio locks in forked...

SUSE SLES11 Security Update : glibc (SUSE-SU-2015:0167-1)

glibc has been updated to fix a security issue and two bugs : Security issue fixed : - Copy filename argument in posixspawnfileactionsaddopen CVE-2014-4043 Bugs fixed : - don't touch user-controlled stdio locks in forked child bsc864081, GLIBC BZ 12847 - Fix infinite loop in checkpf bsc909053,...

openSUSE Security Update : percona-toolkit / xtrabackup (openSUSE-2015-217)

Percona Toolkit and XtraBackup were updated to fix bugs and security issues. Percona XtraBackup was vulnerable to MITM attack which could allow exfiltration of MySQL configuration information via the --version-check option. boo919298 CVE-2015-1027 lp1408375. The openSUSE package has the version...

PYSEC-2015-33

RhodeCode before 2.2.7 allows remote authenticated users to obtain API keys and other sensitive information via the 1 updaterepo, 2 getlocks, or 3 getusergroups API method...

SuSE 11.3 Security Update : glibc (SAT Patch Number 10259)

glibc has been updated to fix security issues and bugs : - Fix crashes on invalid input in IBM gconv modules. CVE-2014-6040 / CVE-2012-6656, bsc894553, bsc894556, GLIBC BZ 17325, GLIBC BZ 14134 - Avoid infinite loop in nssdns getnetbyname. CVE-2014-9402 - Don't touch user-controlled stdio locks i...

CentOS 7 : kernel (CESA-2015:0102)

Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity...

Ubuntu: Security Advisory (USN-2475-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 14.04 LTS : GTK+ update (USN-2475-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-2475-1 advisory. Clemens Fries discovered that GTK+ allowed bypassing certain screen locks by using the menu key. An attacker with physical access could possibly use this flaw to...

USN-2475-1: GTK+ update

Clemens Fries discovered that GTK+ allowed bypassing certain screen locks by using the menu key. An attacker with physical access could possibly use this flaw to gain access to a locked session...

CVE-2014-9066

Xen 4.4.x and earlier, when using a large number of VCPUs, does not properly handle read and write locks, which allows local x86 guest users to cause a denial of service write denial or NMI watchdog timeout and host crash via a large number of read requests, a different vulnerability than...

DEBIAN-CVE-2014-9065

common/spinlock.c in Xen 4.4.x and earlier does not properly handle read and write locks, which allows local x86 guest users to cause a denial of service write denial or NMI watchdog timeout and host crash via a large number of read requests, a different vulnerability to CVE-2014-9066...

UBUNTU-CVE-2014-9065

common/spinlock.c in Xen 4.4.x and earlier does not properly handle read and write locks, which allows local x86 guest users to cause a denial of service write denial or NMI watchdog timeout and host crash via a large number of read requests, a different vulnerability to CVE-2014-9066...

CVE-2014-9066

Xen 4.4.x and earlier, when using a large number of VCPUs, does not properly handle read and write locks, which allows local x86 guest users to cause a denial of service write denial or NMI watchdog timeout and host crash via a large number of read requests, a different vulnerability than...

UBUNTU-CVE-2014-9066

Xen 4.4.x and earlier, when using a large number of VCPUs, does not properly handle read and write locks, which allows local x86 guest users to cause a denial of service write denial or NMI watchdog timeout and host crash via a large number of read requests, a different vulnerability than...

CVE-2014-9065

common/spinlock.c in Xen 4.4.x and earlier does not properly handle read and write locks, which allows local x86 guest users to cause a denial of service write denial or NMI watchdog timeout and host crash via a large number of read requests, a different vulnerability to CVE-2014-9066...

CVE-2013-6271

Android 4.0 through 4.3 allows attackers to bypass intended access restrictions and remove device locks via a crafted application that invokes the updateUnlockMethodAndFinish method in the com.android.settings.ChooseLockGeneric class with the PASSWORDQUALITYUNSPECIFIED option...

SuSE 11.2 Security Update : Xen (SAT Patch Number 8577)

Xen has been updated to fix a security issue and a bug : - XSA-73: A lock order reversal between page allocation and grant table locks could lead to host crashes or even host code execution. CVE-2013-4494 A non-security bug has also been fixed : - It is possible to start a VM twice on the same no...

Bug Allows Apps to Bypass Android Security Locks

There is a vulnerability in Android 4.3 Jelly Bean that enables a malicious app to disable all of the security locks on a given device, leaving it open to further attacks. Jelly Bean is the most widely deployed version of Android right now. The vulnerability in Android exists in the way that the...

Vulnerability in Android 4.3 allows apps to Remove Device Locks, POC app released

None...