Important: Red Hat Security Advisory: kernel-rt security update

An update for kernel-rt is now available for Red Hat Enterprise Linux 8.2 Telecommunications Update Service. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

avahi: Local DoS by event-busy-loop from writing long lines to /run/avahi-daemon/socket

A flaw was found in avahi. The event used to signal the termination of the client connection on the avahi Unix socket is not correctly handled in the clientwork function, allowing a local attacker to trigger an infinite loop. The highest threat from this vulnerability is to the availability of th...

SUSE SLES15 / openSUSE 15 Security Update : redis7 (SUSE-SU-2024:0200-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2024:0200-1 advisory. - Redis is an in-memory database that persists on disk. On startup, Redis begins listening on a Unix socket before adjusting i...

SUSE-SU-2024:0200-1 Security update for redis7

This update for redis7 fixes the following issues: - CVE-2023-45145: Fixed a potential permission bypass due to a race condition during UNIX socket creation bsc1216376. The following non-security issues were fixed: - Redis services are no longer disabled after an upgrade bsc1212119...

DEBIAN-CVE-2023-6531

A use-after-free flaw was found in the Linux Kernel due to a race problem in the unix garbage collector's deletion of SKB races with unixstreamreadgeneric on the socket that the SKB is queued on...

DEBIAN-CVE-2022-2602

iouring UAF, Unix SCM garbage collection...

AZL-33262 CVE-2022-2602 affecting package kernel for versions less than 5.15.153.1-1

iouring UAF, Unix SCM garbage collection...

USN-6531-1 redis vulnerabilities

Seiya Nakata and Yudai Fujiwara discovered that Redis incorrectly handled certain specially crafted Lua scripts. An attacker could possibly use this issue to cause heap corruption and execute arbitrary code. CVE-2022-24834 SeungHyun Lee discovered that Redis incorrectly handled specially crafted...

Ubuntu 16.04 ESM / 18.04 ESM / 20.04 ESM / 22.04 ESM : Redis vulnerabilities (USN-6531-1)

The remote Ubuntu 16.04 ESM / 18.04 ESM / 20.04 ESM / 22.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6531-1 advisory. Seiya Nakata and Yudai Fujiwara discovered that Redis incorrectly handled certain specially crafted Lua scripts. An...

Oracle Linux 9 : avahi (ELSA-2023-6707)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-6707 advisory. - Fix CVE-2023-1981 2186689 - Fix CVE-2021-3502 1949949 Tenable has extracted the preceding description block directly from the Oracle Linux security...

avahi: Local DoS by event-busy-loop from writing long lines to /run/avahi-daemon/socket

A flaw was found in avahi. The event used to signal the termination of the client connection on the avahi Unix socket is not correctly handled in the clientwork function, allowing a local attacker to trigger an infinite loop. The highest threat from this vulnerability is to the availability of th...

Fedora 39 : redis (2023-fd75e4f307)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-fd75e4f307 advisory. Redis 7.2.2 Released Wed 18 Oct 2023 10:33:40 IDT Upgrade urgency SECURITY: See security fixes below. Security fixes CVE-2023-45145 The wrong order ...

Rocky Linux 9 : pcs (RLSA-2022:6313)

The remote Rocky Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2022:6313 advisory. - A vulnerability was found in the PCS project. This issue occurs due to incorrect permissions on a Unix socket used for internal communication between PCS...

SUSE-SU-2023:4376-1 Security update for redis

This update for redis fixes the following issues: - CVE-2023-45145: Fixed a potential permission bypass due to a race condition during UNIX socket creation bsc1216376...

SUSE-SU-2023:4290-1 Security update for redis

This update for redis fixes the following issues: - CVE-2023-45145: Fixed a potential permission bypass due to a race condition during UNIX socket creation bsc1216376...

BIT-2023-45145

Redis is an in-memory database that persists on disk. On startup, Redis begins listening on a Unix socket before adjusting its permissions to the user-provided configuration. If a permissive umask2 is used, this creates a race condition that enables, during a short period of time, another process...

SUSE CVE-2022-2735

A vulnerability was found in the PCS project. This issue occurs due to incorrect permissions on a Unix socket used for internal communication between PCS daemons. A privilege escalation could happen by obtaining an authentication token for a hacluster user. With the "hacluster" token, this flaw...

SUSE CVE-2022-33987

The got package before 12.1.0 also fixed in 11.8.5 for Node.js allows a redirect to a UNIX socket...

The vulnerability of the Redis database management system’s socket is related to the disclosure of information in the erroneous data area, allowing attackers to disclose protected information.

The vulnerability of the Redis database management system’s Unix socket is related to the use of a resolution mask. This creates a race condition that allows another process to establish an unauthorized connection within a short period of time. Exploiting this vulnerability can enable a hacker to...

ROS-20231030-06

The Unix socket vulnerability of the Redis database management system Redis is related to the use of a permissive mask, which creates a race condition that allows for a short period of time for another process to establish an unauthorized connection. Exploitation of the vulnerability could allow ...