22 matches found
SUSE-SU-2026:2714-1 Security update for tar
This update for tar fixes the following issues Security fixes: - CVE-2026-5704: crafted archives can be used to to hide file injection bsc1261900. Other fixes: - Fix tar changing dir permissions temporarily even when using --no-overwrite-dir. - Fix --dereference/-h not working properly after...
GHSA-F2R5-5M7W-P5CX opentelemetry-ebpf-profiler: Unprivileged process can trigger a denial of service on the ebpf-profiler agent
Summary An unprivileged process can easily trigger the processPIDEvents goroutine to be blocked indefinitely, preventing the goroutine from analyzing any new ELF file. The goroutine stays blocked in the openat2 syscall forever and the profiler can no longer work properly, it is a denial of servic...
PT-2026-51617
Name of the Vulnerable Software and Affected Versions opentelemetry-ebpf-profiler versions prior to 0.0.202622 Description An unprivileged process can cause a denial of service on the ebpf-profiler agent by triggering the processPIDEvents goroutine to block indefinitely. This occurs when the...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: Audit: Do not dereference the syscall arguments when checking the openat2 openhow::flags. According to Jeff, dereferencing the openat2 syscall argument in auditmatchperm to obtain the openhow::flags can lead to an oops/page-fault...
UBUNTU-CVE-2026-43619
Rsync version 3.4.2 and prior contain symlink race condition vulnerabilities in path-based system calls including chmod, lchown, utimes, rename, unlink, mkdir, symlink, mknod, link, rmdir, and lstat that allow local attackers to redirect operations to files outside the exported rsync module...
OCI layer symlink escape → arbitrary host write
Affected versions of boxlite extract OCI image layer tarballs without fully containing path resolution to the extraction root. A crafted layer containing a symlink whose target is an absolute on-host path e.g. escape - /tmp followed by a file entry that resolves through that symlink e.g...
Oracle Linux 9 : tar (ELSA-2026-0067)
The remote Oracle Linux 9 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2026-0067 advisory. 2:1.34-9 - Fix the last patch to solve a regression with -x and --xattrs: RHEL-136277 also, fix another tiny mistake in the patch w/o visible consequences...
tar security update
2:1.34-9 - Fix the last patch to solve a regression with -x and --xattrs: RHEL-136277 also, fix another tiny mistake in the patch w/o visible consequences 2:1.34-8 - Backport upstream changes to jailify extraction directory Includes related gnulib changes to add openat2 Fixes CVE-2025-45582...
Oracle Linux 10 : tar (ELSA-2026-0002)
The remote Oracle Linux 10 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2026-0002 advisory. 2:1.35-9 - Fix a tiny mistake in the last patch affecting hardling extraction w/o visible consequences 2:1.35-8 - Backport upstream changes to jailify extracti...
SUSE CVE-2022-48832
In the Linux kernel, the following vulnerability has been resolved: audit: don't deref the syscall args when checking the openat2 openhow::flags As reported by Jeff, dereferencing the openat2 syscall argument in auditmatchperm to obtain the openhow::flags can result in an oops/page-fault. This...
CVE-2022-48832
In the Linux kernel, the following vulnerability has been resolved: audit: don't deref the syscall args when checking the openat2 openhow::flags As reported by Jeff, dereferencing the openat2 syscall argument in auditmatchperm to obtain the openhow::flags can result in an oops/page-fault. This...
DEBIAN-CVE-2022-48832
In the Linux kernel, the following vulnerability has been resolved: audit: don't deref the syscall args when checking the openat2 openhow::flags As reported by Jeff, dereferencing the openat2 syscall argument in auditmatchperm to obtain the openhow::flags can result in an oops/page-fault. This...
CVE-2022-48832
In the Linux kernel, the following vulnerability has been resolved: audit: don't deref the syscall args when checking the openat2 openhow::flags As reported by Jeff, dereferencing the openat2 syscall argument in auditmatchperm to obtain the openhow::flags can result in an oops/page-fault. This...
UBUNTU-CVE-2022-48832
In the Linux kernel, the following vulnerability has been resolved: audit: don't deref the syscall args when checking the openat2 openhow::flags As reported by Jeff, dereferencing the openat2 syscall argument in auditmatchperm to obtain the openhow::flags can result in an oops/page-fault. This...
CVE-2022-48832 audit: don't deref the syscall args when checking the openat2 open_how::flags
In the Linux kernel, the following vulnerability has been resolved: audit: don't deref the syscall args when checking the openat2 openhow::flags As reported by Jeff, dereferencing the openat2 syscall argument in auditmatchperm to obtain the openhow::flags can result in an oops/page-fault. This...
CVE-2022-48832
In CVE-2022-48832, the Linux kernel audit subsystem was fixed to prevent dereferencing the openat2 open_how.args in audit_match_perm(), which could cause an oops/page-fault. The root cause was unsafe access to syscall arguments when checking permissions, leading to potential instability. The reso...
PT-2024-11810 · Linux +1 · Linux Kernel +1
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue arises from dereferencing the openat2 syscall argument in audit match perm to obtain the open how::flags, which can result in an oops/page-fault. This is resolved by using th...
CVE-2023-52793
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...
CVE-2023-52793
CVE-2023-52793 is rejected by its CVE Numbering Authority and does not represent an active vulnerability entry.
CVE-2023-52793
Removed by vendor...