FreeBSD -- ICMPv6 use-after-free in error message handling

Problem Description: When an ICMPv6 error message is received, the FreeBSD ICMPv6 stack may extract information from the message to hand to upper-layer protocols. As a part of this operation, it may parse IPv6 header options from a packet embedded in the ICMPv6 message. The handler for a routing...

FreeBSD-SA-20:31.icmp6

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-20:31.icmp6 Security Advisory The FreeBSD Project Topic: ICMPv6 use-after-free in error message handling Category: core Module: icmp6 Announced: 2020-12-01...

CVE-2020-27815

A flaw was found in the JFS filesystem code in the Linux Kernel which allows a local attacker with the ability to set extended attributes to panic the system, causing memory corruption or escalating privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well a...

UBUNTU-CVE-2020-27815

A flaw was found in the JFS filesystem code in the Linux Kernel which allows a local attacker with the ability to set extended attributes to panic the system, causing memory corruption or escalating privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well a...

openSUSE Security Update : xen (openSUSE-2020-2017)

This update for xen fixes the following issues : Security issue fixed : - CVE-2020-28368: Fixed the Intel RAPL sidechannel attack, aka PLATYPUS attack, aka XSA-351 bsc1178591. Non-security issues fixed : - Updated to Xen 4.13.2 bug fix release bsc1027519. - Fixed a panic during MSI cleanup on AMD...

RUSTSEC-2020-0075 Unexpected panic when decoding tokens

Prior to 0.10.0 it was possible to have both decoding functions panic unexpectedly, by supplying tokens with an incorrect base62 encoding. The documentation stated that an error should have been reported instead...

Unexpected panic when decoding tokens

Prior to 0.10.0 it was possible to have both decoding functions panic unexpectedly, by supplying tokens with an incorrect base62 encoding. The documentation stated that an error should have been reported instead...

Denial Of Service (DoS)

math/big in github.com/golang/go is vulnerable to denial of service. An attacker can send a divisor or modulo argument larger than 3168 bits on 32-bit architectures or 6336 bits on 64-bit architectures to a number of math/big.Int methods Div, Exp, DivMod, Quo, Rem, QuoRem, Mod, ModInverse, ModSqr...

Security update for xen (important)

openSUSE Security Update: Security update for xen Announcement ID: openSUSE-SU-2020:2017-1 Rating: important References: 1027519 1177950 1178591 Cross-References: CVE-2020-28368 Affected Products: openSUSE Leap 15.2 An update that solves one vulnerability and has two fixes is now available...

Moderate: Red Hat Security Advisory: kernel security and bug fix update

An update for kernel is now available for Red Hat Enterprise Linux 7.7 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

CentOS: Security Advisory for bpftool (CESA-2020:5023)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] [DLA 2453-1] restic security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-2453-1 [email protected] https://www.debian.org/lts/security/ Brian May November 17, 2020 https://wiki.debian.org/LTS -...

FreeBSD : go -- math/big: panic during recursive division of very large numbers; cmd/go: arbitrary code execution at build time through cgo (db4b2f27-252a-11eb-865c-00155d646400)

The Go project reports : A number of math/big.Int methods Div, Exp, DivMod, Quo, Rem, QuoRem, Mod, ModInverse, ModSqrt, Jacobi, and GCD can panic when provided crafted large inputs. For the panic to happen, the divisor or modulo argument must be larger than 3168 bits on 32-bit architectures or 63...

Unbreakable Enterprise kernel-container security update

4.14.35-2025.402.2.1.el7 - powercap: restrict energy meter to root access Kanth Ghatraju Orabug: 32040805 CVE-2020-8694 CVE-2020-8695 4.14.35-2025.402.2.el7 - ocfs2: fix remounting needed after setfacl command Gang He - Fix multiple variable definition with syzkaller Hans Westgaard Ry Orabug:...

Unbreakable Enterprise kernel-container security update

4.14.35-2025.402.2.1.el7 - powercap: restrict energy meter to root access Kanth Ghatraju Orabug: 32040805 CVE-2020-8694 CVE-2020-8695 4.14.35-2025.402.2.el7 - ocfs2: fix remounting needed after setfacl command Gang He - Fix multiple variable definition with syzkaller Hans Westgaard Ry Orabug:...

openGauss: Configuring the Client Log Message Level

The parameter clientminmessages specifies the level of messages to be sent to the client. The valid values include DEBUG5, DEBUG4, DEBUG3, DEBUG2, DEBUG1, LOG, NOTICE, WARNING, ERROR, FATAL, and PANIC. It must be NOTICE at least. After a level is selected, messages at this level and its lower...

openGauss: Configuring the Level of Error-Deriving SQL Statements to Be Logged

The logminerrorstatement parameter specifies which level of SQL statements that cause an error will be recorded into server logs. SQL statements whose levels are higher than or equal to the configured level will be recorded into server logs. The valid values include DEBUG5, DEBUG4, DEBUG3, DEBUG2...

PT-2020-16802 · Linux +5 · Linux Kernel +5

Name of the Vulnerable Software and Affected Versions: Linux Kernel affected versions not specified Description: A flaw was found in the JFS filesystem code, allowing a local attacker with the ability to set extended attributes to panic the system, causing memory corruption or escalating...

Moderate: Red Hat Security Advisory: kernel security and bug fix update

An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

go -- math/big: panic during recursive division of very large numbers; cmd/go: arbitrary code execution at build time through cgo

The Go project reports: A number of math/big.Int methods Div, Exp, DivMod, Quo, Rem, QuoRem, Mod, ModInverse, ModSqrt, Jacobi, and GCD can panic when provided crafted large inputs. For the panic to happen, the divisor or modulo argument must be larger than 3168 bits on 32-bit architectures or 633...