USN-8094-1: Linux kernel vulnerabilities

Qualys discovered that several vulnerabilities existed in the AppArmor Linux kernel Security Module LSM. An unprivileged local attacker could use these issues to load, replace, and remove arbitrary AppArmor profiles causing denial of service, exposure of sensitive information kernel memory, local...

Apptainer ineffectively applies selinux and apparmor --security options

Impact In Apptainer versions less than 1.4.5, a container can disable two of the forms of the little used --security option, in particular the forms --security=apparmor: and --security=selinux: which otherwise put restrictions on operations that containers can do. The --security option has always...

GHSA-WWRX-W7C9-RF87 Singluarity ineffectively applies selinux / apparmor LSM process labels

Impact Native Mode default Singularity's default native runtime allows users to apply restrictions to container processes using the apparmor or selinux Linux Security Modules LSMs, via the --security selinux: or --security apparmor: flags. LSM labels are written to process or thread attrs/exec...

CVE-2025-65105 Apptainer ineffective application of selinux and apparmor --security options

Apptainer is an open source container platform. In Apptainer versions less than 1.4.5, a container can disable two of the forms of the little used --security option, in particular the forms --security=apparmor: and --security=selinux: which otherwise put restrictions on operations that containers...

USN-6940-2: snapd vulnerabilities

USN-6940-1 fixed vulnerabilities in snapd. This update provides the corresponding updates for Ubuntu 18.04 LTS and Ubuntu 16.04 LTS. Original advisory details: Neil McPhail discovered that snapd did not properly restrict writes to the /home/jslarraz/bin path in the AppArmor profile for snaps usin...

OESA-2024-1394 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: ALSA: hda: intel-sdw-acpi: harden detection of controller The existing code currently sets a pointer to an ACPI handle before checking that it's actually a...

GHSA-JQ35-85CJ-FJ4P /sys/devices/virtual/powercap accessible by default to containers

Intel's RAPL Running Average Power Limit feature, introduced by the Sandy Bridge microarchitecture, provides software insights into hardware energy consumption. To facilitate this, Intel introduced the powercap framework in Linux kernel 3.13, which reads values via relevant MSRs model specific...

SUSE-SU-2023:3875-1 Security update for SUSE Manager Client Tools

This update fixes the following issues: golang-github-lusitaniae-apacheexporter: - Security issues fixed: CVE-2022-32149: Fix denial of service vulnerability bsc1204501 CVE-2022-41723: Fix uncontrolled resource consumption bsc1208270 CVE-2022-46146: Fix authentication bypass vulnarability...

SUSE-SU-2023:3868-1 Security update for SUSE Manager Client Tools

This update fixes the following issues: golang-github-lusitaniae-apacheexporter: - Security issues fixed: CVE-2022-32149: Fix denial of service vulnerability bsc1204501 CVE-2022-41723: Fix uncontrolled resource consumption bsc1208270 CVE-2022-46146: Fix authentication bypass vulnarability...

Exploit for Improper Input Validation in Imagemagick

Container Escape Exploit This is a container escape exploit t...

OPENSUSE-SU-2021:0545-1 Security update for hostapd

This update for hostapd fixes the following issues: - CVE-2021-30004: forging attacks may occur because AlgorithmIdentifier parameters are mishandled in tls/pkcs1.c and tls/x509v3.c boo1184348 - CVE-2020-12695: UPnP SUBSCRIBE misbehavior in hostapd WPS AP boo1172700 - CVE-2019-16275: AP mode PMF...

Security update for hostapd (important)

openSUSE Security Update: Security update for hostapd Announcement ID: openSUSE-SU-2021:0545-1 Rating: important References: 1150934 1172700 1184348 Cross-References: CVE-2019-16275 CVE-2020-12695 CVE-2021-30004 CVSS scores: CVE-2019-16275 NVD : 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H...

Security update for hostapd (important)

openSUSE Security Update: Security update for hostapd Announcement ID: openSUSE-SU-2021:0519-1 Rating: important References: 1150934 1172700 1184348 Cross-References: CVE-2019-16275 CVE-2020-12695 CVE-2021-30004 CVSS scores: CVE-2019-16275 NVD : 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H...

OPENSUSE-SU-2021:0519-1 Security update for hostapd

This update for hostapd fixes the following issues: - CVE-2021-30004: forging attacks may occur because AlgorithmIdentifier parameters are mishandled in tls/pkcs1.c and tls/x509v3.c boo1184348 - CVE-2020-12695: UPnP SUBSCRIBE misbehavior in hostapd WPS AP boo1172700 - CVE-2019-16275: AP mode PMF...

USN-4737-2: Bind vulnerability

USN-4737-1 fixed a vulnerability in Bind. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: It was discovered that Bind incorrectly handled GSSAPI security policy negotiation. A remote attacker could use this issue to cause Bind to...

USN-4511-1 qemu vulnerability

Ziming Zhang, Xiao Wei, Gonglei Arei, and Yanyu Zhang discovered that QEMU incorrectly handled certain USB packets. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code on the host. In the default...

SUSE-SU-2020:1289-1 Security update for libvirt

This update for libvirt fixes the following issues: Security issue fixed: - CVE-2020-10703: Fixed a daemon crash caused by pools without target paths bsc1168683. Non-security issues fixed: - apparmor: avoid copying empty profile name bsc1149100. - logging: ensure virtlogd rollover takes priority...

USN-4047-2 libvirt vulnerability

USN-4047-1 fixed a vulnerability in libvirt. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: Matthias Gerstner and Ján Tomko discovered that libvirt incorrectly handled certain API calls. An attacker could possibly use this issue to check for arbitra...

Ubuntu 16.04 LTS / 18.04 LTS : libvirt vulnerabilities (USN-4047-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4047-1 advisory. Matthias Gerstner and Jn Tomko discovered that libvirt incorrectly handled certain API calls. An attacker could possibly use this issue to...

SUSE-SU-2019:1040-1 Security update for samba

This update for samba fixes the following issues: Security issue fixed: - CVE-2019-3880: Fixed a path/symlink traversal vulnerability, which allowed an unprivileged user to save registry files outside a share bsc1131060. ldb was updated to version 1.2.4 bsc1125410 bsc1131686: - Out of bound read ...