kernel security, bug fix, and enhancement update

3.10.0-514.21.1.OL7 - Oracle Linux certificates Alexey Petrenko - Oracle Linux RHCK Module Signing Key was compiled into kernel [email protected] - Update x509.genkey bug 24817676 3.10.0-514.21.1 - kernel sched/core: Fix an SMP ordering race in trytowakeup vs...

DEBIAN-CVE-2017-9214

In Open vSwitch OvS 2.7.0, while parsing an OFPTQUEUEGETCONFIGREPLY type OFP 1.0 message, there is a buffer over-read that is caused by an unsigned integer underflow in the function ofputilpullqueuegetconfigreply10 in lib/ofp-util.c...

UBUNTU-CVE-2017-9214

In Open vSwitch OvS 2.7.0, while parsing an OFPTQUEUEGETCONFIGREPLY type OFP 1.0 message, there is a buffer over-read that is caused by an unsigned integer underflow in the function ofputilpullqueuegetconfigreply10 in lib/ofp-util.c...

Google Android MediaTek command queue driver information disclosure vulnerability

Android is a Linux-based open source operating system jointly developed by Google and the Open Handset Alliance OHA.MediaTek command queue driver is one of MediaTek's command queue drivers. An information disclosure vulnerability exists in the MediaTek command queue driver in versions of Android...

CVE-2017-0625

An information disclosure vulnerability in the MediaTek command queue driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it could be used to access sensitive data without explicit user permission. Product: Android...

CVE-2017-0625

An information disclosure vulnerability in the MediaTek command queue driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it could be used to access sensitive data without explicit user permission. Product: Android...

CVE-2017-0618

An elevation of privilege vulnerability in the MediaTek command queue driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions:...

Information disclosure

An information disclosure vulnerability in the MediaTek command queue driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it could be used to access sensitive data without explicit user permission. Product: Android...

CVE-2017-0618

An elevation of privilege vulnerability in the MediaTek command queue driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions:...

CVE-2017-0625

The CVE-2017-0625 entry corresponds to an information disclosure vulnerability in the MediaTek command queue driver affecting Android. Connected CNVD records describe impact as local information disclosure enabling a malicious local app to access data outside its permissions, with Android version...

CVE-2017-0625

An information disclosure vulnerability in the MediaTek command queue driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it could be used to access sensitive data without explicit user permission. Product: Android...

Google Android MediaTek command queue driver elevation of privilege vulnerability

Google Android is a Linux-based operating system for smartphone devices. An elevation of privilege vulnerability exists in the Google Android MediaTek command queue driver, which can be exploited by a remote attacker to construct a malicious application that can be elevated in privilege by induci...

Denial Of Service (DoS)

github.com/jpmorganchase/quorum is vulnerable to denial of service DoS attacks. The library does not properly perform fetcher queue handling to protect against denial of service attacks...

GitLab: Missing/Breach of Internal Security Boundary - Access to Job Queue Results in Remote Code Execution

Test Conditions ============= This issue was tested in GitLab Community Edition using a combination of code review against git commit 6c65b63ca5, April 20 2017 and testing likely issues against a local deployment of Bitnami GitLab Community Edition 9.0.5-0, running on Ubuntu 14.04.5. These are...

CVE-2017-3793

A vulnerability in the TCP normalizer of Cisco Adaptive Security Appliance ASA Software 8.0 through 8.7 and 9.0 through 9.6 and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause Cisco ASA and FTD to drop any further incoming traffic on all...

Cisco ASA Software TCP Normalizer Denial of Service Vulnerability (cisco-sa-20170419-asa-norm)

A vulnerability in the TCP normalizer of Cisco Adaptive Security Appliance ASA Software could allow an unauthenticated, remote attacker to cause Cisco ASA to drop any further incoming traffic on all interfaces, resulting in a denial of service DoS condition. Copyright C 2017 Greenbone Networks Gm...

CVE-2017-7618

crypto/ahash.c in the Linux kernel through 4.10.9 allows attackers to cause a denial of service API operation calling its own callback, and infinite recursion by triggering EBUSY on a full queue...

DEBIAN-CVE-2017-7618

crypto/ahash.c in the Linux kernel through 4.10.9 allows attackers to cause a denial of service API operation calling its own callback, and infinite recursion by triggering EBUSY on a full queue...

CVE-2017-7618

crypto/ahash.c in the Linux kernel through 4.10.9 allows attackers to cause a denial of service API operation calling its own callback, and infinite recursion by triggering EBUSY on a full queue...

UBUNTU-CVE-2017-7618

crypto/ahash.c in the Linux kernel through 4.10.9 allows attackers to cause a denial of service API operation calling its own callback, and infinite recursion by triggering EBUSY on a full queue...