SUSE-SU-2020:3230-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP2 kernel RT was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-25212: Fixed getxattr kernel panic and memory overflow bsc1176381. - CVE-2020-25643: Added range checks in pppcpparsecr bsc1177206. - CVE-2020-25641:...

SUSE-SU-2020:2580-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP2 Azure kernel was updated to receive various security and bugfixes. The following security bug was fixed: - CVE-2020-14386: Fixed a potential local privilege escalation via memory corruption bsc1176069. The following non-security bugs were fixed: - bcache: allocate...

CVE-2019-1010024

GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate "this is being treated as a non-security bug and no real threat...

OPENSUSE-SU-2019:2271-1 Security update for php7

This update for php7 fixes the following issues: Security issues fixed: - CVE-2019-11041: Fixed heap buffer over-read in exifscanthumbnail bsc1146360. - CVE-2019-11042: Fixed heap buffer over-read in exifprocessusercomment bsc1145095. Non-security issue fixed: - Drop -n from php invocation from...

CVE-2019-1010024

GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate "this is being treated as a non-security bug and no real threat...

CVE-2019-1010022

GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard. NOTE: Upstream comments indicate "this ...

CVE-2019-1010023

GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstrea...

Design/Logic Flaw

DISPUTED GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate "this is being treated as a non-security bug and no real threat."...

UBUNTU-CVE-2019-1010022

GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard. NOTE: Upstream comments indicate "this ...

CVE-2019-1010023

GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstrea...

openSUSE Security Update : tomcat (openSUSE-2017-1299)

This update for tomcat fixes the following issues : Security issues fixed : - CVE-2017-5664: A problem in handling error pages was fixed, to avoid potential file overwrites during error page handling. bsc1042910. - CVE-2017-7674: A CORS Filter issue could lead to client and server side cache...

SUSE SLED12 / SLES12 Security Update : sudo (SUSE-SU-2017:1626-1)

This update for sudo fixes the following security issue : - CVE-2017-1000368: A follow-up fix to CVE-2017-1000367, the Linux process name could also contain a newline, which could be used to trick sudo to read/write to an arbitrary open terminal. bsc1042146 Also the following non security bug was...

SUSE-SU-2017:1626-1 Security update for sudo

This update for sudo fixes the following security issue: - CVE-2017-1000368: A follow-up fix to CVE-2017-1000367, the Linux process name could also contain a newline, which could be used to trick sudo to read/write to an arbitrary open terminal. bsc1042146 Also the following non security bug was...

SUSE-SU-2017:0786-1 Security update for Linux Kernel Live Patch 12 for SLE 12 SP1

This update for the Linux Kernel 3.12.69-606429 fixes several issues. The following security bug was fixed: - CVE-2017-5970: The ipv4pktinfoprepare function in net/ipv4/ipsockglue.c in the Linux kernel allowed attackers to cause a denial of service system crash via 1 an application that made...

SUSE-SU-2017:0779-1 Security update for Linux Kernel Live Patch 4 for SLE 12 SP2

This update for the Linux Kernel 4.4.38-93 fixes several issues. The following security bug was fixed: - CVE-2017-5970: The ipv4pktinfoprepare function in net/ipv4/ipsockglue.c in the Linux kernel allowed attackers to cause a denial of service system crash via 1 an application that made crafted...

SUSE-SU-2017:0777-1 Security update for Linux Kernel Live Patch 1 for SLE 12 SP2

This update for the Linux Kernel 4.4.21-81 fixes several issues. The following security bug was fixed: - CVE-2017-5970: The ipv4pktinfoprepare function in net/ipv4/ipsockglue.c in the Linux kernel allowed attackers to cause a denial of service system crash via 1 an application that made crafted...

SUSE-SU-2017:0778-1 Security update for Linux Kernel Live Patch 2 for SLE 12 SP2

This update for the Linux Kernel 4.4.21-84 fixes several issues. The following security bug was fixed: - CVE-2017-5970: The ipv4pktinfoprepare function in net/ipv4/ipsockglue.c in the Linux kernel allowed attackers to cause a denial of service system crash via 1 an application that made crafted...

SUSE-SU-2017:0781-1 Security update for Linux Kernel Live Patch 3 for SLE 12 SP2

This update for the Linux Kernel 4.4.21-90 fixes several issues. The following security bug was fixed: - CVE-2017-5970: The ipv4pktinfoprepare function in net/ipv4/ipsockglue.c in the Linux kernel allowed attackers to cause a denial of service system crash via 1 an application that made crafted...

SUSE-SU-2017:0764-1 Security update for Linux Kernel Live Patch 10 for SLE 12 SP1

This update for the Linux Kernel 3.12.67-606421 fixes several issues. The following security bug was fixed: - CVE-2017-5970: The ipv4pktinfoprepare function in net/ipv4/ipsockglue.c in the Linux kernel allowed attackers to cause a denial of service system crash via 1 an application that made...

SUSE-SU-2017:0279-1 Security update for systemd

This update for systemd fixes the following issues: This security issue was fixed: - CVE-2016-10156: Fix permissions set on permanent timer timestamp files, preventing local unprivileged users from escalating privileges bsc1020601. These non-security issues were fixed: - Fix permission set on...