[SECURITY] Fedora 28 Update: mingw-xerces-c-3.2.1-1.fc28

Xerces-C is a validating XML parser written in a portable subset of C++. Xerces-C makes it easy to give your application the ability to read and write XML data. A shared library is provided for parsing, generating, manipulating, and validating XML documents. Xerces-C is faithful to the XML 1.0...

USN-3619-2: Linux kernel (Xenial HWE) vulnerabilities

USN-3619-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. Jann Horn discovered that the Berkeley Packet Filter BPF implementation in the Linux...

Virtuozzo 7 : readykernel-patch (VZA-2017-115)

According to the version of the vzkernel package and the readykernel-patch installed, the Virtuozzo installation on the remote host is affected by the following vulnerability : - Potential use-after-free in the processing of namespaces. Note that Tenable Network Security has extracted the precedi...

Important kernel security update: Virtuozzo ReadyKernel patch 40.0 for Virtuozzo 7.0.4 and 7.0.4 HF3

The cumulative Virtuozzo ReadyKernel patch was updated with security and stability fixes. The patch applies to Virtuozzo kernels 3.10.0-514.16.1.vz7.30.10 Virtuozzo 7.0.4 and 3.10.0-514.16.1.vz7.30.15 Virtuozzo 7.0.4 HF3 Vulnerability id: PSBM-78904 Potential use-after-free in the processing of...

Important kernel security update: Virtuozzo ReadyKernel patch 40.0 for Virtuozzo 7.0.6

The cumulative Virtuozzo ReadyKernel patch was updated with security and stability fixes. The patch applies to Virtuozzo kernel 3.10.0-693.1.1.vz7.37.30 Virtuozzo 7.0.6. Vulnerability id: PSBM-78904 Potential use-after-free in the processing of namespaces...

CVE-2017-17449

The netlinkdelivertapskb function in net/netlink/afnetlink.c in the Linux kernel through 4.14.4, when CONFIGNLMON is enabled, does not restrict observations of Netlink messages to a single net namespace, which allows local users to obtain sensitive information by leveraging the CAPNETADMIN...

Linux kernel information disclosure vulnerability (CNVD-2018-00244)

The Linux kernel is a computer operating system kernel written in C and assembly language, compliant with the POSIX standard, and distributed under the GNU General Public License. An information disclosure vulnerability exists in 4.14.4 and earlier versions of the Linux kernel. The vulnerability...

UBUNTU-CVE-2017-17449

The netlinkdelivertapskb function in net/netlink/afnetlink.c in the Linux kernel through 4.14.4, when CONFIGNLMON is enabled, does not restrict observations of Netlink messages to a single net namespace, which allows local users to obtain sensitive information by leveraging the CAPNETADMIN...

CVE-2017-7517

An input validation vulnerability exists in Openshift Enterprise due to a 1:1 mapping of tenants in Hawkular Metrics and projects/namespaces in OpenShift. If a user creates a project called "MyProject", and then later deletes it another user can then create a project called "MyProject" and access...

Fedora 25 : php-pear-PHP-CodeSniffer (2017-ca3f01bd37)

Version 2.8.1 - This release contains a fix for a security advisory related to the improper handling of shell commands - Uses of shellexec and exec were not escaping filenames and configuration settings in most cases - A properly crafted filename or configuration option would allow for arbitrary...

Ubuntu 14.04 LTS / 16.04 LTS : LXC vulnerability (USN-3224-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-3224-1 advisory. Jann Horn discovered that LXC incorrectly verified permissions when creating virtual network interfaces. A local attacker could possibly use this issu...

Arbitrary shell execution

Security Advisory This release contains a fix for a security advisory related to the improper handling of shell commands Uses of shellexec and exec were not escaping filenames and configuration settings in most cases A properly crafted filename or configuration option would allow for arbitrary co...

[SECURITY] Fedora 22 Update: mingw-xerces-c-3.1.4-1.fc22

Xerces-C is a validating XML parser written in a portable subset of C++. Xerces-C makes it easy to give your application the ability to read and write XML data. A shared library is provided for parsing, generating, manipulating, and validating XML documents. Xerces-C is faithful to the XML 1.0...

[SECURITY] Fedora 24 Update: mingw-xerces-c-3.1.4-1.fc24

Xerces-C is a validating XML parser written in a portable subset of C++. Xerces-C makes it easy to give your application the ability to read and write XML data. A shared library is provided for parsing, generating, manipulating, and validating XML documents. Xerces-C is faithful to the XML 1.0...

[SECURITY] Fedora 24 Update: xerces-c-3.1.3-1.fc24

Xerces-C is a validating XML parser written in a portable subset of C++. Xerces-C makes it easy to give your application the ability to read and write XML data. A shared library is provided for parsing, generating, manipulating, and validating XML documents. Xerces-C is faithful to the XML 1.0...

Fedora 22 : pax-utils-1.1.4-1.fc22 (2015-6565f29415)

Changes since 1.0.5: security: whitelist the getcwd syscall security: fix build on systems w/out sisyscall security: whitelist the futex syscall security: whitelist dup syscalls security: do not warn when seccomp is disabled in the kernel security: whitelist fakeroot syscalls security: add a debu...

Phan - Static Analyzer For PHP

Phan is a static analyzer for PHP. Getting it running Phan requires PHP 7+ with the php-ast extension loaded. The code you analyze can be written for any version of PHP. To get phan running; 1. Clone the repo 2. Run composer install to load dependencies 3. Run ./test to run the test suite 4. Test...

[SECURITY] Fedora 23 Update: php-ZendFramework2-2.4.8-1.fc23

Zend Framework 2 is an open source framework for developing web applications and services using PHP 5.3+. Zend Framework 2 uses 100% object-oriented code and utilizes most of the new features of PHP 5.3, namely namespaces, late static binding, lambda functions and closures. Zend Framework 2 evolv...

[SECURITY] Fedora 21 Update: php-ZendFramework2-2.4.7-1.fc21

Zend Framework 2 is an open source framework for developing web applications and services using PHP 5.3+. Zend Framework 2 uses 100% object-oriented code and utilizes most of the new features of PHP 5.3, namely namespaces, late static binding, lambda functions and closures. Zend Framework 2 evolv...

[SECURITY] Fedora 23 Update: php-ZendFramework2-2.4.7-1.fc23

Zend Framework 2 is an open source framework for developing web applications and services using PHP 5.3+. Zend Framework 2 uses 100% object-oriented code and utilizes most of the new features of PHP 5.3, namely namespaces, late static binding, lambda functions and closures. Zend Framework 2 evolv...