kernel security and bug fix update

3.10.0-693.21.1.OL7 - Oracle Linux certificates Alexey Petrenko - Oracle Linux RHCK Module Signing Key was compiled into kernel [email protected] - Update x509.genkey bug 24817676 3.10.0-693.21.1 - x86 platform/uv: Mark tscchecksync as an init function Frank Ramsay...

Security update for openssl-steam (important)

This update for openssl-steam fixes the following issues: - Merged changes from upstream openssl Factory rev 137 into this fork for Steam. Updated to openssl 1.0.2k: CVE-2016-7055: Montgomery multiplication may produce incorrect results boo1009528 CVE-2016-7056: ECSDA P-256 timing attack key...

Race condition

In xtqtaguid.c, there is a race condition due to insufficient locking. This could lead to local elevation of privileges with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-65853158...

Schneider Electric IGSS Mobile Security Misconfiguration Vulnerability

Schneider Electric IGSS Mobile is a suite of mobile applications for managing IGSS Shared Services Platform from Schneider Electric, France. A security vulnerability exists in Schneider Electric IGSS Mobile 3.01 and prior versions, which stems from a lack of certificate locking during TLS/SSL...

macOS Kernel - Use-After-Free Due to Lack of Locking in AppleEmbeddedOSSupportHostClient::registerNo

Exploit for macOS platform in category dos / poc / AppleEmbeddedOSSupportHost.kext is presumably involved in the communication with the OS running on the touch bar on new MBP models. Here's the userclient's registerNotificationPort method: text:0000000000002DE4 ;...

macOS Kernel - Use-After-Free Due to Lack of Locking in 'AppleEmbeddedOSSupportHostClient::registerNotificationPort'

/ AppleEmbeddedOSSupportHost.kext is presumably involved in the communication with the OS running on the touch bar on new MBP models. Here's the userclient's registerNotificationPort method: text:0000000000002DE4 ; AppleEmbeddedOSSupportHostClient::registerNotificationPortipcport , unsigned int,...

macOS Kernel - Use-After-Free Due to Lack of Locking in AppleEmbeddedOSSupportHostClient::registerNotificationPort

macOS Kernel - Use-After-Free Due to Lack of Locking in AppleEmbeddedOSSupportHostClient::registerNotificationPort / AppleEmbeddedOSSupportHost.kext is presumably involved in the communication with the OS running on the touch bar on new MBP models. Here's the userclient's registerNotificationPort...

Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2018-4022)

The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2018-4022 advisory. - x86: Add another set of MSR accessor functions Borislav Petkov Orabug: 27444923 CVE-2017-5753 - userns: prevent speculative execution Elena...

kernel security and bug fix update

3.10.0-693.17.1.OL7 - Oracle Linux certificates Alexey Petrenko - Oracle Linux RHCK Module Signing Key was compiled into kernel [email protected] - Update x509.genkey bug 24817676 3.10.0-693.17.1 - s390 locking/barriers: remove old gmb macro definition Denys Vlasenko...

CVE-2017-13216

In ashmemioctl of ashmem.c, there is an out-of-bounds write due to insufficient locking when accessing asma. This could lead to a local elevation of privilege enabling code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for...

Design/Logic Flaw

In ashmemioctl of ashmem.c, there is an out-of-bounds write due to insufficient locking when accessing asma. This could lead to a local elevation of privilege enabling code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for...

UBUNTU-CVE-2017-13216

In ashmemioctl of ashmem.c, there is an out-of-bounds write due to insufficient locking when accessing asma. This could lead to a local elevation of privilege enabling code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for...

CVE-2017-9705

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, concurrent rx notifications and read operations in the G-Link PKT driver can result in a double free condition due to missing locking resulting in listdel and listadd overlapping and...

Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2017-3657)

The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2017-3657 advisory. - mm: Tighten x86 /dev/mem with zeroing reads Kees Cook Orabug: 26675925 CVE-2017-7889 - more biomapuseriov leak fixes Al Viro Orabug: 27069042...

Unbreakable Enterprise kernel security update

kernel-uek 3.8.13-118.20.1 - tty: Fix race in ptywrite leading to NULL deref Todd Vierling Orabug: 25392692 - ocfs2/dlm: ignore cleaning the migration mle that is inuse xuejiufei Orabug: 26479780 - KEYS: fix dereferencing NULL payload with nonzero length Eric Biggers Orabug: 26592025 - oracleasm:...

RHEL 6 : kernel-rt (RHSA-2017:3295)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2017:3295 advisory. The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Securi...

Amazon Promises Fix to Stop Key Service Hack

Researchers at Rhino Security Labs identified a flaw in Amazon’s Key delivery service and Cloud Cam security camera that allows a rogue courier to tamper with the camera and knock it offline, making it appear no one is entering home, when that’s not the case. Amazon Key service allows homeowners ...

Fedora 26 : SDL2 (2017-5b132e3803)

Added audio stream conversion functions : - SDLNewAudioStream - SDLAudioStreamPut - SDLAudioStreamGet - SDLAudioStreamAvailable - SDLAudioStreamFlush - SDLAudioStreamClear - SDLFreeAudioStream - Added functions to query and set the SDL memory allocation functions : - SDLGetMemoryFunctions -...

CVE-2017-7139

An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the "Phone" component. It allows attackers to obtain sensitive information by leveraging a timing bug to read a secure-content screenshot that occurred during a locking action...

CVE-2017-11191

DISPUTED FreeIPA 4.x with API version 2.213 allows a remote authenticated users to bypass intended account-locking restrictions via an unlock action with an old session ID for the same user account that had been created for an earlier session. NOTE: Vendor states that issue does not exist in...