118 matches found
DEBIAN-CVE-2016-9604
It was discovered in the Linux kernel before 4.11-rc8 that root can gain direct access to an internal keyring, such as '.dnsresolver' in RHEL-7 or '.builtintrustedkeys' upstream, by joining it as its session keyring. This allows root to bypass module signature verification by adding a new public...
Design/Logic Flaw
It was discovered in the Linux kernel before 4.11-rc8 that root can gain direct access to an internal keyring, such as '.dnsresolver' in RHEL-7 or '.builtintrustedkeys' upstream, by joining it as its session keyring. This allows root to bypass module signature verification by adding a new public...
CVE-2016-9604
It was discovered in the Linux kernel before 4.11-rc8 that root can gain direct access to an internal keyring, such as '.dnsresolver' in RHEL-7 or '.builtintrustedkeys' upstream, by joining it as its session keyring. This allows root to bypass module signature verification by adding a new public...
CVE-2016-9604
It was discovered in the Linux kernel before 4.11-rc8 that root can gain direct access to an internal keyring, such as '.dnsresolver' in RHEL-7 or '.builtintrustedkeys' upstream, by joining it as its session keyring. This allows root to bypass module signature verification by adding a new public...
CVE-2016-9604
CVE-2016-9604 affects the Linux kernel prior to 4.11-rc8. A local attacker who can join the kernel session keyring can access internal keyrings (e.g., .dns_resolver, .builtin_trusted_keys) and bypass module signature verification by adding a self-generated public key to the keyring, enabling loca...
EulerOS 2.0 SP1 : kernel (EulerOS-SA-2017-1159)
According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The mqnotify function in the Linux kernel through 4.11.9 does not set the sock pointer to NULL upon entry into the retry logic. During a...
kernel: security: The built-in keyrings for security tokens can be joined as a session and then modified by the root user
It was discovered that root can gain direct access to an internal keyring, such as '.dnsresolver' in RHEL-7 or '.builtintrustedkeys' upstream, by joining it as its session keyring. This allows root to bypass module signature verification by adding a new public key of its own devising to the keyri...
CVE-2016-9604
It was discovered in the Linux kernel before 4.11-rc8 that root can gain direct access to an internal keyring, such as '.dnsresolver' in RHEL-7 or '.builtintrustedkeys' upstream, by joining it as its session keyring. This allows root to bypass module signature verification by adding a new public...
openSUSE Security Update : perl-Module-Signature (openSUSE-2016-61)
This update to perl-Module-Signature 0.79 fixes the following security issues : - More protection of @INC from relative paths. CVE-2015-3409 - Fix GPG signature parsing logic. CVE-2015-3406 - MANIFEST.SKIP is no longer consulted unless --skip is given. CVE-2015-3407 - Properly use open modes to...
Gentoo Security Advisory GLSA 201310-01
Gentoo Linux Local Security Checks GLSA 201310-01 SPDX-FileCopyrightText: 2015 Eero Volotinen Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later ifdescription...
Fedora Update for perl-Module-Signature FEDORA-2015-5904
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
DLA-264-1 libmodule-signature-perl - security update
Bulletin has no description...
Ubuntu: Security Advisory (USN-2607-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
DEBIAN-CVE-2015-3409
Untrusted search path vulnerability in Module::Signature before 0.75 allows local users to gain privileges via a Trojan horse module under the current working directory, as demonstrated by a Trojan horse Text::Diff module...
CVE-2015-3409
Untrusted search path vulnerability in Module::Signature before 0.75 allows local users to gain privileges via a Trojan horse module under the current working directory, as demonstrated by a Trojan horse Text::Diff module...
CVE-2015-3408
Module::Signature before 0.74 allows remote attackers to execute arbitrary shell commands via a crafted SIGNATURE file which is not properly handled when generating checksums from a signed manifest...
DEBIAN-CVE-2015-3408
Module::Signature before 0.74 allows remote attackers to execute arbitrary shell commands via a crafted SIGNATURE file which is not properly handled when generating checksums from a signed manifest...
CVE-2015-3407
Module::Signature before 0.74 allows remote attackers to bypass signature verification for files via a signature file that does not list the files...
CVE-2015-3407
Module::Signature before 0.74 allows remote attackers to bypass signature verification for files via a signature file that does not list the files...
DEBIAN-CVE-2015-3407
Module::Signature before 0.74 allows remote attackers to bypass signature verification for files via a signature file that does not list the files...