2017 matches found
Linux kernel memory leak vulnerability
The Linux kernel is the kernel used by the operating system Linux, released by the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a program's failure to properly keep buffer offsets and lengths synchronized after an atomic read failure. ...
kernel: pipe buffer state corruption after unsuccessful atomic read from pipe
It was found that the fix for CVE-2015-1805 incorrectly kept buffer offset and buffer length in sync on a failed atomic read, potentially resulting in a pipe buffer state corruption. A local, unprivileged user could use this flaw to crash the system or leak kernel memory to user space...
UBUNTU-CVE-2016-1964
Use-after-free vulnerability in the AtomicBaseIncDec function in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code or cause a denial of service heap memory corruption by leveraging mishandling of XML transformations...
Debian Security Advisory DSA 3503-1 (linux - security update)
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service, information leak or data loss. CVE-2013-4312 Tetsuo Handa discovered that users can use pipes queued on local Unix sockets to allocate an unfair share of kernel memory,...
DLA-439-1 linux-2.6 - security update
Bulletin has no description...
kernel: pipe buffer state corruption after unsuccessful atomic read from pipe
It was found that the fix for CVE-2015-1805 incorrectly kept buffer offset and buffer length in sync on a failed atomic read, potentially resulting in a pipe buffer state corruption. A local, unprivileged user could use this flaw to crash the system or leak kernel memory to user space...
kernel: pipe buffer state corruption after unsuccessful atomic read from pipe
It was found that the fix for CVE-2015-1805 incorrectly kept buffer offset and buffer length in sync on a failed atomic read, potentially resulting in a pipe buffer state corruption. A local, unprivileged user could use this flaw to crash the system or leak kernel memory to user space...
SUSE-SU-2015:1224-1 Security update for the Linux Kernel
The SUSE Linux Enterprise 11 SP3 Teradata kernel was updated to fix the following bugs and security issues. The following security issues have been fixed: - Update patches.fixes/udp-fix-behavior-of-wrong-checksums.patch bsc936831, CVE-2015-5364, CVE-2015-5366. - Btrfs: make xattr replace operatio...
kernel security, bug fix, and enhancement update
2.6.32-573 - security selinux: dont waste ebitmap space when importing NetLabel categories Paul Moore 1130197 - x86 Revert Add driver auto probing for x86 features v4 Prarit Bhargava 1231280 - net bridge: netfilter: dont call iptables on vlan packets if sysctl is off Florian Westphal 1236551 - ne...
Project Atomic Security Bypass Code Execution Vulnerability
Project Atomic is a suite of software that supports the creation and running of applications using Linux and Docker containers. A security vulnerability exists in Project Atomic that allows remote attackers to exploit the vulnerability to execute arbitrary code via a man-in-the-middle attack...
kernel: pipe: iovec overrun leading to memory corruption
It was found that the Linux kernel's implementation of vectored pipe read and write functionality did not take into account the I/O vectors that were already processed when retrying after a failed atomic access operation, potentially resulting in memory corruption due to an I/O vector array...
Multiple Local Memory Corruption Vulnerabilities in Linux Kernel 'fs/pipe.c'
The Linux Kernel is the kernel of the Linux operating system. A memory corruption vulnerability exists in the Linux kernel's implementation of the vectored pipe read/write function, which fails to take into account already processed I/O vectors when retrying after an atomic access operation has...
kexec-tools security, bug fix, and enhancement update
2.0.7-19.0.1.el71.2 - kdumpctl: exclude defaulthugepagesz setting from kdump kernel cmdline Sriharsha Yadagudde Orabug: 19134999 - kdumpctl: verify if kernel support securelevel interface Sriharsha Yadagudde Orabug: 18905671 2.0.7-19.2 - dracut-module-setup: Enhance kdump to support the bind...
Important: Red Hat Security Advisory: kernel security and bug fix update
Updated kernel packages that fix multiple security issues and two bugs are now available for Red Hat Enterprise Linux 6.4 Advanced Update Support. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give...
Low: Red Hat Security Advisory: docker security, bug fix, and enhancement update
Updated docker packages that fix two security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7 Extras. Red Hat Product Security has rated this update as having Low security impact. Common Vulnerability Scoring System CVSS base scores, which give...
RHEL 7 : docker (RHSA-2015:0623)
Updated docker packages that fix two security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7 Extras. Red Hat Product Security has rated this update as having Low security impact. Common Vulnerability Scoring System CVSS base scores, which give...
OpenJDK: AtomicReferenceFieldUpdater missing primitive type check (Libraries, 8039520)
Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries...
openSUSE Security Update : java-1_7_0-openjdk (openSUSE-SU-2014:1638-1)
This openjdk update fixes the following security and non security issues : - Upgrade to 2.4.8 bnc887530 - Changed back from gzipped tarball to xz - Changed the keyring file to add Andrew John Hughes that signed the icedtea package - Change ZERO to AARCH64 tarball - Removed patches : -...
CVE-2014-5955
The Atomic Fusion aka com.bytesized.fusion application 1.7 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...
Information disclosure
The Atomic Fusion aka com.bytesized.fusion application 1.7 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...