SUSE-SU-2016:1037-1 Security update for Linux Kernel Live Patch 7

This update for the Linux Kernel 3.12.44-52.18.1 fixes the following issues: - CVE-2016-2384: A malicious USB device could cause a kernel crash in the alsa usb-audio driver. bsc967773 - CVE-2015-8812: A flaw was found in the CXGB3 kernel driver when the network was considered congested. The kerne...

SUSE-SU-2016:1038-1 Security update for Linux Kernel Live Patch 6

This update for the Linux Kernel 3.12.44-52.10.1 fixes the following issues: - CVE-2016-2384: A malicious USB device could cause a kernel crash in the alsa usb-audio driver. bsc967773 - CVE-2015-8812: A flaw was found in the CXGB3 kernel driver when the network was considered congested. The kerne...

SUSE-SU-2016:1033-1 Security update for Linux Kernel Live Patch 3 for SP 1

This update for the Linux Kernel 3.12.53-60.30.1 fixes the following issues: - CVE-2016-2384: A malicious USB device could cause a kernel crash in the alsa usb-audio driver. bsc967773 - CVE-2015-8812: A flaw was found in the CXGB3 kernel driver when the network was considered congested. The kerne...

openSUSE Security Update : samba (openSUSE-2016-453) (Badlock)

samba was updated to fix seven security issues. These security issues were fixed : - CVE-2015-5370: DCERPC server and client were vulnerable to DOS and MITM attacks bsc936862. - CVE-2016-2110: A man-in-the-middle could have downgraded NTLMSSP authentication bsc973031. - CVE-2016-2111: Domain...

Illustrated CVE-2 0 1 5-1 8 0 5-vulnerability warning-the black bar safety net

CVE-2 0 1 5-1 8 0 5 is a General-purpose linux kernel to any address write arbitrary value of vulnerability, this vulnerability worthy of commemoration, here with four double figure intuitive description about it: ! The initial memory layout ! First copy ! redo the second copy after ! Third copy...

SUSE-SU-2016:1028-1 Security update for samba

samba was updated to fix seven security issues. These security issues were fixed: - CVE-2015-5370: DCERPC server and client were vulnerable to DOS and MITM attacks bsc936862. - CVE-2016-2110: A man-in-the-middle could have downgraded NTLMSSP authentication bsc973031. - CVE-2016-2111: Domain...

Security update for samba (important)

samba was updated to fix seven security issues. These security issues were fixed: - CVE-2015-5370: DCERPC server and client were vulnerable to DOS and MITM attacks bsc936862. - CVE-2016-2110: A man-in-the-middle could have downgraded NTLMSSP authentication bsc973031. - CVE-2016-2111: Domain...

SUSE: Security Advisory for samba (SUSE-SU-2016:1022-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

kernel: pipe buffer state corruption after unsuccessful atomic read from pipe

It was found that the fix for CVE-2015-1805 incorrectly kept buffer offset and buffer length in sync on a failed atomic read, potentially resulting in a pipe buffer state corruption. A local, unprivileged user could use this flaw to crash the system or leak kernel memory to user space...

UBUNTU-CVE-2016-2115

Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not require SMB signing within a DCERPC session over ncacnnp, which allows man-in-the-middle attackers to spoof SMB clients by modifying the client-server data stream...

USN-2949-1 linux-lts-vivid vulnerabilities

Venkatesh Pottem discovered a use-after-free vulnerability in the Linux kernel's CXGB3 driver. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2015-8812 Xiaofei Rex Guo discovered a timing side channel vulnerability in the Linux...

USN-2948-1 linux-lts-utopic vulnerabilities

Ralf Spenneberg discovered that the USB driver for Clie devices in the Linux kernel did not properly validate the endpoints reported by the device. An attacker with physical access could cause a denial of service system crash. CVE-2015-7566 Ralf Spenneberg discovered that the usbvision driver in...

USN-2947-3: Linux kernel (Raspberry Pi 2) vulnerabilities

Ralf Spenneberg discovered that the usbvision driver in the Linux kernel did not properly validate the interfaces and endpoints reported by the device. An attacker with physical access could cause a denial of service system crash. CVE-2015-7833 Venkatesh Pottem discovered a use-after-free...

USN-2947-2 linux-lts-wily vulnerabilities

Ralf Spenneberg discovered that the usbvision driver in the Linux kernel did not properly validate the interfaces and endpoints reported by the device. An attacker with physical access could cause a denial of service system crash. CVE-2015-7833 Venkatesh Pottem discovered a use-after-free...

USN-2946-1 linux vulnerabilities

Venkatesh Pottem discovered a use-after-free vulnerability in the Linux kernel's CXGB3 driver. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2015-8812 Xiaofei Rex Guo discovered a timing side channel vulnerability in the Linux...

Pipe Twister: Free Puzzle - Base64 encoded String, Dangerous filesystem permissions, WebView code execution vulnerabilities

HackApp vulnerability scanner discovered that application Pipe Twister: Free Puzzle published at the 'play' market has multiple vulnerabilities...

kernel, perf, python security update

CentOS Errata and Security Advisory CESA-2016:0494 Updated kernel packages that fix one security issue, several bugs, and add one enhancement are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability...

Oracle Linux 6 : kernel (ELSA-2016-0494)

The remote Oracle Linux 6 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2016-0494 advisory. - fs pipe: fix offset and len mismatch on pipeiovcopytouser failure Seth Jennings 1310148 1302223 CVE-2016-0774 Tenable has extracted the preceding description...

kernel: pipe buffer state corruption after unsuccessful atomic read from pipe

It was found that the fix for CVE-2015-1805 incorrectly kept buffer offset and buffer length in sync on a failed atomic read, potentially resulting in a pipe buffer state corruption. A local, unprivileged user could use this flaw to crash the system or leak kernel memory to user space...

Moderate: Red Hat Security Advisory: kernel security, bug fix, and enhancement update

Updated kernel packages that fix one security issue, several bugs, and add one enhancement are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a...