FreeBSD : FreeBSD -- Reference count overflow in mqueue filesystem (deb6e164-b30b-11e9-a87f-a4badb2f4699)

System calls operating on file descriptors obtain a reference to relevant struct file which due to a programming error was not always put back, which in turn could be used to overflow the counter of affected struct file. Impact : A local user can use this flaw to obtain access to files,...

FreeBSD -- Reference count overflow in mqueue filesystem

Problem Description: System calls operating on file descriptors obtain a reference to relevant struct file which due to a programming error was not always put back, which in turn could be used to overflow the counter of affected struct file. Impact: A local user can use this flaw to obtain access...

FreeBSD-SA-19:15.mqueuefs

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-19:15.mqueuefs Security Advisory The FreeBSD Project Topic: Reference count overflow in mqueue filesystem Category: core Module: kernel Announced: 2019-07-24...

Linux Kernel 4.11.8 - mq_notify: double sock_put() Local Privilege Escalation

Linux Kernel 4.11.8 - mqnotify: double sockput Local Privilege Escalation / CVE-2017-11176: "mqnotify: double sockput" by LEXFO 2018. DISCLAIMER: The following code is for EDUCATIONAL purpose only. Do not use it on a system without authorizations. WARNING: The exploit WILL NOT work on your target...

OracleVM 3.3 : Unbreakable / etc (OVMSA-2017-0173) (BlueBorne) (Stack Clash)

The remote OracleVM system is missing necessary patches to address critical security updates : - tty: Fix race in ptywrite leading to NULL deref Todd Vierling - ocfs2/dlm: ignore cleaning the migration mle that is inuse xuejiufei Orabug: 26479780 - KEYS: fix dereferencing NULL payload with nonzer...

Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2017-3658)

The remote Oracle Linux 5 / 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2017-3658 advisory. - ping: implement proper locking Eric Dumazet Orabug: 26540288 CVE-2017-2671 - mm: Tighten x86 /dev/mem with zeroing reads Kees Cook Orabug: 266759...

Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2017-3657)

The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2017-3657 advisory. - mm: Tighten x86 /dev/mem with zeroing reads Kees Cook Orabug: 26675925 CVE-2017-7889 - more biomapuseriov leak fixes Al Viro Orabug: 27069042...

Unbreakable Enterprise kernel security update

kernel-uek 3.8.13-118.20.1 - tty: Fix race in ptywrite leading to NULL deref Todd Vierling Orabug: 25392692 - ocfs2/dlm: ignore cleaning the migration mle that is inuse xuejiufei Orabug: 26479780 - KEYS: fix dereferencing NULL payload with nonzero length Eric Biggers Orabug: 26592025 - oracleasm:...

OracleVM 3.3 : Unbreakable / etc (OVMSA-2017-0164)

The remote OracleVM system is missing necessary patches to address critical security updates : - mqueue: fix a use-after-free in sysmqnotify Cong Wang Orabug: 26643556 CVE-2017-11176 - ipv6: avoid overflow of offset in ip6find1stfragopt Sabrina Dubroca Orabug: 27011273 CVE-2017-7542 - packet: fix...

Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2017-3633)

The remote Oracle Linux 5 / 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2017-3633 advisory. - mqueue: fix a use-after-free in sysmqnotify Cong Wang Orabug: 26643562 CVE-2017-11176 - ipv6: avoid overflow of offset in ip6find1stfragopt Sabri...

Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2017-3632)

The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2017-3632 advisory. - mqueue: fix a use-after-free in sysmqnotify Cong Wang Orabug: 26643556 CVE-2017-11176 - ipv6: avoid overflow of offset in ip6find1stfragopt Sabri...

Unbreakable Enterprise kernel security update

2.6.39-400.297.11 - mqueue: fix a use-after-free in sysmqnotify Cong Wang Orabug: 26643562 CVE-2017-11176 - ipv6: avoid overflow of offset in ip6find1stfragopt Sabrina Dubroca Orabug: 27011278 CVE-2017-7542 - packet: fix tpreserve race in packetsetring Willem de Bruijn Orabug: 27002453...

Oracle Linux 7 : kernel (ELSA-2017-2930)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2017-2930 advisory. - net tcp: initialize rcvmss to TCPMINMSS instead of 0 Davide Caratti 1488341 1487061 CVE-2017-14106 - net tcp: fix 0 divide in tcpselectwindow Davide...

Scientific Linux Security Update : sendmail on SL4.x i386/x86_64

A flaw was found in the way sendmail handled NUL characters in the CommonName field of X.509 certificates. An attacker able to get a carefully-crafted certificate signed by a trusted Certificate Authority could trick sendmail into accepting it by mistake, allowing the attacker to perform a...

sendmail security and bug fix update

8.13.1-6 - rpm attributes S,5,T not recorded for statistics file - fix specfile for passing rpm -V test 8.13.1-5 - recompile with -fno-strict-aliasing - fix typo, purge-mqueue script - remove README.certcnnul 8.13.1-4 - fix CVE-2009-4565 554987 - fix MAXHOSTNAMELEN 485380 - fix stale files in...