Azure Linux 3.0 Security Update: kernel (CVE-2024-49859)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-49859 advisory. - In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to check atomicfile in f2fs...

EUVD-2023-60158

In the Linux kernel, the following vulnerability has been resolved: f2fs: synchronize atomic write aborts To fix a race condition between atomic write aborts, I use the inode lock and make COW inode to be re-usable thoroughout the whole atomic file inode lifetime...

EUVD-2023-60167

In the Linux kernel, the following vulnerability has been resolved: f2fs: flush inode if atomic file is aborted Let's flush the inode being aborted atomic operation to avoid stale dirty inode during eviction in this call stack: f2fsmarkinodedirtysync+0x22/0x40 f2fs f2fsabortatomicwrite+0xc4/0xf0...

CVE-2025-32797 Conda-build Insecure Build Script Permissions Enabling Arbitrary Code Execution

Conda-build contains commands and tools to build conda packages. Prior to version 25.3.1, the writebuildscripts function in conda-build creates the temporary build script condabuild.sh with overly permissive file permissions 0o766, allowing write access to all users. Attackers with filesystem...

CVE-2025-32797 Conda-build Insecure Build Script Permissions Enabling Arbitrary Code Execution

Conda-build contains commands and tools to build conda packages. Prior to version 25.3.1, the writebuildscripts function in conda-build creates the temporary build script condabuild.sh with overly permissive file permissions 0o766, allowing write access to all users. Attackers with filesystem...

CVE-2025-32797

Conda-build before 25.3.1 creates a temporary build script (conda_build.sh) with overly permissive 0o766 permissions. A local attacker with filesystem access can race between creation and execution to overwrite the script, enabling arbitrary code execution under the victim’s privileges. Fedora an...

f2fs: fix to check atomic_file in f2fs ioctl interfaces

...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a missing check for atomicfile status in the f2fs subsystem ioctl interface...

Amazon Linux 2022 : curl, curl-minimal, libcurl (ALAS2022-2022-206)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2022-206 advisory. A vulnerability was found in curl. This issue occurs because a malicious server can serve excessive amounts of Set-Cookie: headers in an HTTP response to curl, which stores all of them. This fl...

OESA-2022-1744 curl security update

Security Fixes: A vulnerability was found in curl. This issue occurs because it mishandles message verification failures when curl does FTP transfers secured by krb5. This flaw makes it possible for a Man-in-the-middle attack to go unnoticed and allows data injection into the client.CVE-2022-3220...