EulerOS 2.0 SP3 : coreutils (EulerOS-SA-2019-2563)

According to the version of the coreutils package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - In GNU Coreutils through 8.29, chown-core.c in chown and chgrp does not prevent replacement of a plain file with a symlink during use of the POSI...

EulerOS 2.0 SP2 : coreutils (EulerOS-SA-2019-2417)

According to the version of the coreutils package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - In GNU Coreutils through 8.29, chown-core.c in chown and chgrp does not prevent replacement of a plain file with a symlink during use of the POSI...

EulerOS Virtualization for ARM 64 3.0.3.0 : coreutils (EulerOS-SA-2019-2333)

According to the version of the coreutils packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - In GNU Coreutils through 8.29, chown-core.c in chown and chgrp does not prevent replacement of a plain file with a...

CVE-2019-19191

Shibboleth Service Provider SP 3.x before 3.1.0 shipped a spec file that calls chown on files in a directory controlled by the service user the shibd account after installation. This allows the user to escalate to root by pointing symlinks to files such as /etc/shadow...

CVE-2019-19191

Shibboleth Service Provider SP 3.x before 3.1.0 shipped a spec file that calls chown on files in a directory controlled by the service user the shibd account after installation. This allows the user to escalate to root by pointing symlinks to files such as /etc/shadow...

DEBIAN-CVE-2019-19191

Shibboleth Service Provider SP 3.x before 3.1.0 shipped a spec file that calls chown on files in a directory controlled by the service user the shibd account after installation. This allows the user to escalate to root by pointing symlinks to files such as /etc/shadow...

CVE-2019-19191

Shibboleth Service Provider SP 3.x before 3.1.0 shipped a spec file that calls chown on files in a directory controlled by the service user the shibd account after installation. This allows the user to escalate to root by pointing symlinks to files such as /etc/shadow...

EulerOS 2.0 SP5 : coreutils (EulerOS-SA-2019-2134)

According to the version of the coreutils package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - In GNU Coreutils through 8.29, chown-core.c in chown and chgrp does not prevent replacement of a plain file with a symlink during use of the POSI...

UBUNTU-CVE-2019-15538

An issue was discovered in xfssetattrnonsize in fs/xfs/xfsiops.c in the Linux kernel through 5.2.9. XFS partially wedges when a chgrp fails on account of being out of disk quota. xfssetattrnonsize is failing to unlock the ILOCK after the xfsqmvopchownreserve call fails. This is primarily a local...

CVE-2016-10775

cPanel before 60.0.25 allows arbitrary file-chown operations via reassignpostterminatecruft SEC-173...

CVE-2016-10775

cPanel before 60.0.25 allows arbitrary file-chown operations via reassignpostterminatecruft SEC-173...

Code injection

cPanel before 60.0.25 allows arbitrary file-chown operations via reassignpostterminatecruft SEC-173...

CVE-2016-10775

CVE-2016-10775 affects cPanel prior to 60.0.25. The vulnerability allows arbitrary file ownership changes via reassign_post_terminate_cruft (SEC-173), with impact described as high confidentiality risk and no reported impact to availability. Public details across sources consistently identify the...

CVE-2016-10775

cPanel before 60.0.25 allows arbitrary file-chown operations via reassignpostterminatecruft SEC-173...

CVE-2016-10846

cPanel before 11.54.0.4 allows arbitrary file-chown and file-chmod operations during Roundcube database conversions SEC-79...

CVE-2016-10846

CVE-2016-10846 affects cPanel prior to 11.54.0.4, enabling arbitrary file-chown and file-chmod operations during Roundcube database conversions (SEC-79). The issue is rooted in the Roundcube database conversion process and allows limited privileges to perform file ownership and permission changes...

Homebrew: Homebrew privilege escalation vulnerability

Additional symlinks/directories that were not chownd by brew services needed to be added to avoid the replacement of the opt prefix link. Homebrew has a privilege escalation vulnerability which can cause an attacker easily gain root permission...

Updated coreutils packages fix security vulnerabilities

A flaw was found in GNU Coreutils through 8.29 in chown-core.c. The functions chown and chgrp do not prevent replacement of a plain file with a symlink during use of the POSIX "-R -L" options, which allows local users to modify the ownership of arbitrary files by leveraging a race condition...

Fedora 29 : systemd (2018-c402eea18b)

Fix a local vulnerability from a race condition in chown-recursive CVE-2018-15687, 1639076 - Fix a local vulnerability from invalid handling of long lines in state deserialization CVE-2018-15686, 1639071 - Fix a remote vulnerability in DHCPv6 in systemd-networkd CVE-2018-15688, 1639067 - The DHCP...

USN-3816-2 systemd vulnerability

USN-3816-1 fixed several vulnerabilities in systemd. However, the fix for CVE-2018-6954 was not sufficient. This update provides the remaining fixes. We apologize for the inconvenience. Original advisory details: Jann Horn discovered that unitdeserialize incorrectly handled status messages above ...