[SECURITY] [DSA 4551-1] golang-1.11 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4551-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff October 25, 2019 https://www.debian.org/security/faq -...

FreeBSD : FreeBSD -- IPv6 remote Denial-of-Service (4d3d4f64-f680-11e9-a87f-a4badb2f4699)

Due do a missing check in the code of mpulldown9 data returned may not be contiguous as requested by the caller. Impact : Extra checks in the IPv6 code catch the error condition and trigger a kernel panic leading to a remote DoS denial-of-service attack with certain Ethernet interfaces. At this...

CVE-2019-17596

Go before 1.12.11 and 1.3.x before 1.13.2 can panic upon an attempt to process network traffic containing an invalid DSA public key. There are several attack scenarios, such as traffic from a client to a server that verifies client certificates...

CVE-2019-17596

Removed by vendor...

[ASA-201910-11] go-pie: denial of service

Arch Linux Security Advisory ASA-201910-11 ========================================== Severity: Medium Date : 2019-10-21 CVE-ID : CVE-2019-17596 Package : go-pie Type : denial of service Remote : Yes Link : https://security.archlinux.org/AVG-1051 Summary ======= The package go-pie before version...

[ASA-201910-12] go: denial of service

Arch Linux Security Advisory ASA-201910-12 ========================================== Severity: Medium Date : 2019-10-21 CVE-ID : CVE-2019-17596 Package : go Type : denial of service Remote : Yes Link : https://security.archlinux.org/AVG-1051 Summary ======= The package go before version 2:1.13.3...

CVE-2018-1065

A flaw was found in the netfilter/iptables subsystem. A user with the netfilter modification capabilities could insert a rule which could panic the system...

F5 Networks BIG-IP : Linux SACK Panic vulnerability (K78234183)

Jonathan Looney discovered that the TCPSKBCBskb-tcpgsosegs value was subject to an integer overflow in the Linux kernel when handling TCP Selective Acknowledgments SACKs. A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182,...

FreeBSD -- Improper checking in SCTP-AUTH shared key update

Problem Description: The SCTP layer does improper checking when an application tries to update a shared key. Therefore an unprivileged local user can trigger a use-after- free situation, for example by specific sequences of updating shared keys and closing the SCTP association. Impact: Triggering...

CentOS 7 : kernel (CESA-2019:2600)

An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

CentOS Update for bpftool CESA-2019:2600 centos7

The remote host is missing an update for the SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Stream callback function is not unwind safe

Affected versions of this crate is not panic safe within callback functions streamcallback and streamfinishedcallback. The call to user-provided closure might panic before a mem::forget call, which then causes a use after free that grants attacker to control the callback function pointer. This...

Important: Red Hat Security Advisory: kernel security and bug fix update

An update for kernel is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

kernel: nfs: use-after-free in svc_process_common()

A flaw was found in the Linux kernel's NFS41+ subsystem. NFS41+ shares mounted in different network namespaces at the same time can make bcsvcprocess use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious container user can cause a host kernel memory corruption and ...

kernel: nfs: NULL pointer dereference due to an anomalized NFS message sequence

A flaw was found in the Linux kernel's NFS implementation. An attacker, who is able to mount an exported NFS filesystem, is able to trigger a null pointer dereference by using an invalid NFS sequence. This can panic the machine and deny access to the NFS server. Any outstanding disk writes to the...

kernel: nfs: use-after-free in svc_process_common()

A flaw was found in the Linux kernel's NFS41+ subsystem. NFS41+ shares mounted in different network namespaces at the same time can make bcsvcprocess use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious container user can cause a host kernel memory corruption and ...

kernel: nfs: NULL pointer dereference due to an anomalized NFS message sequence

A flaw was found in the Linux kernel's NFS implementation. An attacker, who is able to mount an exported NFS filesystem, is able to trigger a null pointer dereference by using an invalid NFS sequence. This can panic the machine and deny access to the NFS server. Any outstanding disk writes to the...

CVE-2019-16141

An issue was discovered in the oncecell crate before 1.0.1 for Rust. There is a panic during initialization of Lazy...

CVE-2019-16141

An issue was discovered in the oncecell crate before 1.0.1 for Rust. There is a panic during initialization of Lazy...

CVE-2019-16141

An issue was discovered in the oncecell crate before 1.0.1 for Rust. There is a panic during initialization of Lazy...