Security update for go1.12 (moderate)

openSUSE Security Update: Security update for go1.12 Announcement ID: openSUSE-SU-2019:2522-1 Rating: moderate References: 1141689 1152082 1154402 Cross-References: CVE-2019-16276 CVE-2019-17596 Affected Products: openSUSE Leap 15.1 An update that solves two vulnerabilities and has one errata is...

Security update for go1.12 (moderate)

openSUSE Security Update: Security update for go1.12 Announcement ID: openSUSE-SU-2019:2521-1 Rating: moderate References: 1141689 1152082 1154402 Cross-References: CVE-2019-16276 CVE-2019-17596 Affected Products: openSUSE Leap 15.0 An update that solves two vulnerabilities and has one errata is...

CVE-2019-18680

A flaw was found in the Linux kernel's implementation of RDS over TCP. A system that has the rdstcp kernel module that is loaded through an autoload via a local process running listen, or manual loading, could possibly cause a kernel panic. Mitigation While this is a network protocol being...

SUSE SLES12 Security Update : kernel (SUSE-SU-2019:2950-1) (SACK Panic)

The SUSE Linux Enterprise 12 SP1 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : CVE-2018-12207: Untrusted virtual machines on Intel CPUs could exploit a race condition in the Instruction Fetch Unit of the Intel CPU to cause a Machine Exceptio...

SUSE-SU-2019:2940-1 Security update for go1.12

This update for go1.12 fixes the following issues: Security issues fixed: - CVE-2019-16276: Fixed the handling of invalid HTTP headers, which had allowed request smuggling bsc1152082. - CVE-2019-17596: Fixed a panic in dsa.Verify caused by invalid public keys bsc1154402. Non-security issue fixed:...

CVE-2018-1092

The Linux kernel is vulnerable to a NULL pointer dereference in the ext4/mballoc.c:ext4processfreeddata function. An attacker could trick a legitimate user or a privileged attacker could exploit this by mounting a crafted ext4 image to cause a kernel panic...

kernel: denial of service in arch/powerpc/kernel/signal_32.c and arch/powerpc/kernel/signal_64.c via sigreturn() system call

A flaw was found in the PowerPc platform, where the kernel will panic if the transactional memory is disabled. An attacker could use this flaw to panic the system by constructing a signal context through the transactional memory MSR bits set...

kernel: nfs: use-after-free in svc_process_common()

A flaw was found in the Linux kernel's NFS41+ subsystem. NFS41+ shares mounted in different network namespaces at the same time can make bcsvcprocess use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious container user can cause a host kernel memory corruption and ...

kernel: nfs: use-after-free in svc_process_common()

A flaw was found in the Linux kernel's NFS41+ subsystem. NFS41+ shares mounted in different network namespaces at the same time can make bcsvcprocess use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious container user can cause a host kernel memory corruption and ...

kernel: memory leak in register_queue_kobjects() in net/core/net-sysfs.c leads to denial of service

A flaw that allowed an attacker to leak kernel memory was found in the network subsystem where an attacker with permissions to create tun/tap devices can create a denial of service and panic the system...

CVE-2019-15098

A flaw was found in the Linux kernel's implementation of the ath6kl wireless network driver implementation, which could allow an attacker with physical access with custom USB hardware to plug into a rogue USB device that can create a condition where the kernel will panic. Mitigation No mitigation...

CVE-2019-0210

In Apache Thrift 0.9.3 to 0.12.0, a server implemented in Go using TJSONProtocol or TSimpleJSONProtocol may panic when feed with invalid input data...

CVE-2019-0210

In Apache Thrift 0.9.3 to 0.12.0, a server implemented in Go using TJSONProtocol or TSimpleJSONProtocol may panic when feed with invalid input data...

DEBIAN-CVE-2019-0210

In Apache Thrift 0.9.3 to 0.12.0, a server implemented in Go using TJSONProtocol or TSimpleJSONProtocol may panic when feed with invalid input data...

CVE-2019-0210

In Apache Thrift 0.9.3 to 0.12.0, a server implemented in Go using TJSONProtocol or TSimpleJSONProtocol may panic when feed with invalid input data...

Input validation

In Apache Thrift 0.9.3 to 0.12.0, a server implemented in Go using TJSONProtocol or TSimpleJSONProtocol may panic when feed with invalid input data...

Out-of-bounds Read

In Apache Thrift, a server implemented in Go using TJSONProtocol or TSimpleJSONProtocol may panic when feed with invalid input data...

CVE-2019-0210

In Apache Thrift 0.9.3 to 0.12.0, a server implemented in Go using TJSONProtocol or TSimpleJSONProtocol may panic when feed with invalid input data...

CVE-2019-0210

Apache Thrift in versions 0.9.3–0.12.0 has an out-of-bounds read in a Go server using TJSONProtocol/TSimpleJSONProtocol that may panic on invalid input data (CVE-2019-0210). Mitigation via upgrade to newer Thrift versions; Gentoo GLSA 202107-32 recommends >= thrift-0.14.1. Other advisories cor...

CVE-2019-0210

In Apache Thrift 0.9.3 to 0.12.0, a server implemented in Go using TJSONProtocol or TSimpleJSONProtocol may panic when feed with invalid input data...