CLSA-2025-1759937401 Update of alt-php

Move gpg key and repo installation from debian/install to postinst Add support for multiple deb platforms...

CVE-2020-36770

pkgpostinst in the Gentoo ebuild for Slurm through 22.05.3 unnecessarily calls chown to assign root's ownership on files in the live root filesystem. This could be exploited by the slurm user to become the owner of root-owned files...

PT-2024-10822 · Gentoo +1 · Gentoo +1

Name of the Vulnerable Software and Affected Versions: Slurm versions through 22.05.3 Description: The issue arises from the pkg postinst in the Gentoo ebuild for Slurm, which unnecessarily calls chown to assign root's ownership on files in the live root filesystem. This could be exploited by the...

Citrix ADC VPX VM STATE Halted after upgrade to SDX 13.1

After upgrade to SDX 13.1 27.59 or lower 13.1 version firmware, you may find SDX booted with SVM running, but VPX in Halted state. Try launch the VM you get the following error: "INTERNALERROR xenopsd internal error: Unix.UnixerrorUnix.ENODEV. "write". "" Checking mpscontrol.log on SVM, you may...

USN-5259-1 cron vulnerabilities

It was discovered that the postinst maintainer script in Cron unsafely handled file permissions during package install or update operations. An attacker could possibly use this issue to perform a privilege escalation attack. CVE-2017-9525 Florian Weimer discovered that Cron incorrectly handled...

Privilege Escalation

systemd-cron:sid is vulnerable to privilege escalation. In the cron package, the postinst maintainer script allows for group-crontab-to-root privilege escalation via symlink attacks against unsafe usage of the chown and chmod programs...

CVE-2017-9525

In the cron package through 3.0pl1-128 on Debian, and through 3.0pl1-128ubuntu2 on Ubuntu, the postinst maintainer script allows for group-crontab-to-root privilege escalation via symlink attacks against unsafe usage of the chown and chmod programs...

DEBIAN-CVE-2017-9525

In the cron package through 3.0pl1-128 on Debian, and through 3.0pl1-128ubuntu2 on Ubuntu, the postinst maintainer script allows for group-crontab-to-root privilege escalation via symlink attacks against unsafe usage of the chown and chmod programs...

UBUNTU-CVE-2017-9525

In the cron package through 3.0pl1-128 on Debian, and through 3.0pl1-128ubuntu2 on Ubuntu, the postinst maintainer script allows for group-crontab-to-root privilege escalation via symlink attacks against unsafe usage of the chown and chmod programs...

CVE-2017-9525

In the cron package through 3.0pl1-128 on Debian, and through 3.0pl1-128ubuntu2 on Ubuntu, the postinst maintainer script allows for group-crontab-to-root privilege escalation via symlink attacks against unsafe usage of the chown and chmod programs...

CVE-2016-9774

The postinst script in the tomcat6 package before 6.0.45+dfsg-1deb7u4 on Debian wheezy, before 6.0.35-1ubuntu3.9 on Ubuntu 12.04 LTS and on Ubuntu 14.04 LTS; the tomcat7 package before 7.0.28-4+deb7u8 on Debian wheezy, before 7.0.56-3+deb8u6 on Debian jessie, before 7.0.52-1ubuntu0.8 on Ubuntu...

Debian DSA-2136-1 : tor - buffer overflow

Willem Pinckaers discovered that Tor, a tool to enable online anonymity, does not correctly handle all data read from the network. By supplying specially crafted packets a remote attacker can cause Tor to overflow its heap, crashing the process. Arbitrary code execution has not been confirmed but...

DEBIAN-CVE-2009-2939

The postfix.postinst script in the Debian GNU/Linux and Ubuntu postfix 2.5.5 package grants the postfix user write access to /var/spool/postfix/pid, which might allow local users to conduct symlink attacks that overwrite arbitrary files...

CVE-2009-2939

CVE-2009-2939 affects Postfix on Debian/Ubuntu where the postinst script grants the postfix user write access to /var/spool/postfix/pid, enabling local users to perform symlink attacks that can overwrite arbitrary files. Connected advisories confirm the issue across multiple distributions and rep...

HP Linux Imaging and Printing System Security Bypass Vulnerability

This host is installed with HP Linux Imaging and Printing System and is prone to Security Bypass vulnerability. OpenVAS Vulnerability Test $Id: secpodhplipsecbypassvuln.nasl 5055 2017-01-20 14:08:39Z teissa $ HP Linux Imaging and Printing System Security Bypass Vulnerability Authors: Sujit Ghosal...

CVE-2008-5366

The postinst script in ppp 2.4.4rel on Debian GNU/Linux allows local users to overwrite arbitrary files via a symlink attack on the 1 /tmp/probe-finished or 2 /tmp/ppp-errors temporary file...

CVE-2008-4998

postinst in twiki 4.1.2 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/twiki temporary file. NOTE: the vendor disputes this vulnerability, stating "this bug is invalid...

CVE-2008-4998

postinst in twiki 4.1.2 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/twiki temporary file. NOTE: the vendor disputes this vulnerability, stating "this bug is invalid...

Design/Logic Flaw

postinst in twiki 4.1.2 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/twiki temporary file. NOTE: the vendor disputes this vulnerability, stating "this bug is invalid...

Debian DSA-798-1 : phpgroupware - several vulnerabilities

Several vulnerabilities have been discovered in phpgroupware, a web-based groupware system written in PHP. The Common Vulnerabilities and Exposures project identifies the following problems : - CAN-2005-2498 Stefan Esser discovered another vulnerability in the XML-RPC libraries that allows...