Ubuntu 14.04 LTS : Linux kernel (Wily HWE) vulnerabilities (USN-3002-1)

The remote Ubuntu 14.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-3002-1 advisory. Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the Linux kernel incorrectly enables scatter/gather I/O. A remote attacker could use th...

Ubuntu 14.04 LTS : Linux kernel (Xenial HWE) vulnerabilities (USN-3005-1)

The remote Ubuntu 14.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-3005-1 advisory. Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the Linux kernel incorrectly enables scatter/gather I/O. A remote attacker could use th...

Ubuntu 14.04 LTS : Linux kernel (Utopic HWE) vulnerabilities (USN-3000-1)

The remote Ubuntu 14.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-3000-1 advisory. Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the Linux kernel incorrectly enables scatter/gather I/O. A remote attacker could use th...

The vulnerability of the Firefox browser allows a perpetrator to gain access to protected information from the process’ memory.

The vulnerability of the TCP Socket API implementation in Firefox browsers is related to the lack of protection for service data. Exploiting this vulnerability allows a malicious actor to gain access to protected information from the process’s memory by reading data in network packets due to...

Mozilla Firefox TCP Socket API Implementation Information Disclosure Vulnerability

Mozilla Firefox is an open source web browser. The Mozilla Firefox TCP Socket API implementation fails to properly handle array boundaries, allowing remote attackers to exploit a vulnerability by reading packet data to obtain sensitive information in process memory...

Scientific Linux Security Update : kernel on SL5.x i386/x86_64 (20121204)

Security fixes : - A race condition in the way asynchronous I/O and fallocate interacted when using ext4 could allow a local, unprivileged user to obtain random data from a deleted file. CVE-2012-4508, Important - A flaw in the way the Xen hypervisor implementation range checked guest provided...

kernel security update

CentOS Errata and Security Advisory CESA-2012:1540 Updated kernel packages that fix multiple security issues, two bugs, and add two enhancements are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common...

Important: Red Hat Security Advisory: kernel security, bug fix, and enhancement update

Updated kernel packages that fix multiple security issues, two bugs, and add two enhancements are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System CVSS base scores, which...

kernel: crypto: ghash: null pointer deref if no key is set

crypto/ghash-generic.c in the Linux kernel before 3.1 allows local users to cause a denial of service NULL pointer dereference and OOPS or possibly have unspecified other impact by triggering a failed or missing ghashsetkey function call, followed by a 1 ghashupdate function call or 2 ghashfinal...