pgAdmin 4 File Manager has symbolic-link path traversal

Symbolic-link path traversal CWE-61, CWE-22 in pgAdmin 4 File Manager. checkaccesspermission used os.path.abspath, which resolves '..' but does not resolve symbolic links, while the subsequent kernel write follows symlinks. An authenticated user could plant a symbolic link inside their own storag...

Linux systemd Symlink Dereference Via chown_one() Exploit

Linux suffers from an issue with systemd where chownone can dereference symlinks. systemd: chownone can dereference symlinks CVE-2018-15687 I am sending this bug report to Ubuntu, even though it's an upstream bug, as requested at...

Updated libxfont/libxfont2 packages fix security vulnerability

Fixes open files with ONOFOLLOW. CVE-2017-16611...

[slackware-security] libXfont

New libXfont packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and 14.2 to fix a security issue. Here are the details from the Slackware 14.2 ChangeLog: patches/packages/libXfont-1.5.1-i486-2slack14.2.txz: Rebuilt. Open files with ONOFOLLOW. CVE-2017-16611 A non-privileged X...