SUSE-SU-2023:4833-1 Security update for the Linux Kernel (Live Patch 32 for SLE 15 SP2)

This update for the Linux Kernel 5.3.18-15020024139 fixes several issues. The following security issues were fixed: - CVE-2023-4622: Fixed a use-after-free vulnerability in the Unix domain sockets component which could be exploited to achieve local privilege escalation bsc1215442. - CVE-2023-2163...

SUSE SLES15 Security Update : kernel (Live Patch 18 for SLE 15 SP4) (SUSE-SU-2023:4801-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:4801-1 advisory. - Incorrect verifier pruning in BPF in Linux Kernel =5.4 leads to unsafe code paths being incorrectly marked as safe, resulting in arbitrary...

kernel: bpf: Incorrect verifier pruning leads to unsafe code paths being incorrectly marked as safe

An incorrect verifier pruning flaw was found in BPF in the Linux Kernel that may lead to unsafe code paths incorrectly marked as safe, resulting in arbitrary read/writes in kernel memory, lateral privilege escalation, and container escape...

Important: kernel security and bug fix update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: bpf: Incorrect verifier pruning leads to unsafe code paths being incorrectly marked as safe CVE-2023-2163 kernel: tun: bugs for oversize packet when napi frags enabled in tunnapiallocfrag...

CVE-2023-2163

Incorrect verifier pruning in BPF in Linux Kernel =5.4 leads to unsafe code paths being incorrectly marked as safe, resulting in arbitrary read/write in kernel memory, lateral privilege escalation, and container escape...

GitPython blind local file inclusion

Summary In order to resolve some git references, GitPython reads files from the .git directory, in some places the name of the file being read is provided by the user, GitPython doesn't check if this file is located outside the .git directory. This allows an attacker to make GitPython read any fi...

CVE-2022-2191

In Eclipse Jetty versions 10.0.0 thru 10.0.9, and 11.0.0 thru 11.0.9 versions, SslConnection does not release ByteBuffers from configured ByteBufferPool in case of error code paths...

SystemDS CPU exhaustion vulnerability

The Security Team noticed that the termination condition of the for loop in the readExternal method is a controllable variable, which, if tampered with, may lead to CPU exhaustion. As a fix, we added an upper bound and termination condition in the read and write logic. We classify it as a...

GHSA-M43H-HFRQ-X8WX SystemDS CPU exhaustion vulnerability

The Security Team noticed that the termination condition of the for loop in the readExternal method is a controllable variable, which, if tampered with, may lead to CPU exhaustion. As a fix, we added an upper bound and termination condition in the read and write logic. We classify it as a...

Updated mediawiki packages fix security vulnerability

In MediaWiki before 1.31.11, the messages userrights-expiry-current and userrights-expiry-none can contain raw HTML. XSS can happen when a user visits Special:UserRights but does not have rights to change all userrights, and the table on the left side has unchangeable groups in it. The right colu...

UBUNTU-CVE-2020-35480

An issue was discovered in MediaWiki before 1.35.1. Missing users accounts that don't exist and hidden users accounts that have been explicitly hidden due to being abusive, or similar that the viewer cannot see are handled differently, exposing sensitive information about the hidden status to...

CVE-2020-35480

An issue was discovered in MediaWiki before 1.35.1. Missing users accounts that don't exist and hidden users accounts that have been explicitly hidden due to being abusive, or similar that the viewer cannot see are handled differently, exposing sensitive information about the hidden status to...

kdeconnect -- packet manipulation can be exploited in a Denial of Service attack

Albert Astals Cid reports: KDE Project Security Advisory Title KDE Connect: packet manipulation can be exploited in a Denial of Service attack Risk Rating Important CVE CVE-2020-26164 Versions kdeconnect Date 2 October 2020 Overview An attacker on your local network could send maliciously crafted...

openSUSE: Security Advisory for xen (openSUSE-SU-2020:0985-1)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

SUSE SLED15 / SLES15 Security Update : xen (SUSE-SU-2020:1902-1)

This update for xen fixes the following issues : CVE-2020-15563: Fixed inverted code paths in x86 dirty VRAM tracking bsc1173377. CVE-2020-15565: Fixed insufficient cache write-back under VT-d bsc1173378. CVE-2020-15566: Fixed incorrect error handling in event channel port allocation bsc1173376...

Prusa Research PrusaSlicer _3MF_Importer::_handle_end_model() use-after-free vulnerability

Summary A use-after-free vulnerability exists in the 3MFImporter::handleendmodel functionality of Prusa Research PrusaSlicer 2.2.0 and Master commit 4b040b856. A specially crafted 3MF file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. Tested...

Unspecified vulnerability in Squid (CNVD-2020-25819)

Squid is a suite of proxy server and web caching server software. The software provides features such as caching the World Wide Web, filtering traffic, and proxying the Internet. A security vulnerability exists in Squid 4.7 and earlier versions. The vulnerability can be exploited by an attacker t...

EulerOS Virtualization 3.0.2.2 : openssl (EulerOS-SA-2020-1274)

According to the versions of the openssl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker,...

Huawei EulerOS: Security Advisory for openssl110h (EulerOS-SA-2019-2218)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Kernel: page cache side channel attacks

A new software page cache side channel attack scenario was discovered in operating systems that implement the very common 'page cache' caching mechanism. A malicious user/process could use 'in memory' page-cache knowledge to infer access timings to shared memory and gain knowledge which can be us...