EUVD-2013-0265

Malware in sbrugna...

Arbitrary File Read

sudo is vulnerable to arbitrary file read attacks. The vulnerability exists as sudo before 1.8.12 does not ensure that the TZ environment variable is associated with a zoneinfo file, which allows local users to open arbitrary files for read access but not view file contents by running a program...

Code injection

sudo before 1.8.12 does not ensure that the TZ environment variable is associated with a zoneinfo file, which allows local users to open arbitrary files for read access but not view file contents by running a program within an sudo session, as demonstrated by interfering with terminal output,...

CVE-2014-9680

sudo before 1.8.12 does not ensure that the TZ environment variable is associated with a zoneinfo file, which allows local users to open arbitrary files for read access but not view file contents by running a program within an sudo session, as demonstrated by interfering with terminal output,...

CVE-2014-9680

sudo before 1.8.12 does not ensure that the TZ environment variable is associated with a zoneinfo file, which allows local users to open arbitrary files for read access but not view file contents by running a program within an sudo session, as demonstrated by interfering with terminal output,...

kernel: security and bugfix update (important)

The Linux kernel was updated to fix various bugs and security issues: CVE-2013-0871: Race condition in the ptrace functionality in the Linux kernel allowed local users to gain privileges via a PTRACESETREGS ptrace system call in a crafted application, as demonstrated by ptracedeath. CVE-2013-0160...

Debian DSA-2632-1 : linux-2.6 - privilege escalation/denial of service

Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2013-0231 Jan Beulich provided a fix for an issue in the Xen PCI backend driver...

Debian Security Advisory DSA 2632-1 (linux-2.6 - privilege escalation/denial of service)

Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2013-0231 Jan Beulich provided a fix for an issue in the Xen PCI backend drivers...

CVE-2013-0231

The pcibackenablemsi function in the PCI backend driver drivers/xen/pciback/confspacecapabilitymsi.c in Xen for the Linux kernel 2.6.18 and 3.8 allows guest OS users with PCI device access to cause a denial of service via a large number of kernel log messages. NOTE: some of these details are...

Information disclosure

The pcibackenablemsi function in the PCI backend driver drivers/xen/pciback/confspacecapabilitymsi.c in Xen for the Linux kernel 2.6.18 and 3.8 allows guest OS users with PCI device access to cause a denial of service via a large number of kernel log messages. NOTE: some of these details are...