[SECURITY] Fedora 24 Update: qemu-2.6.2-8.fc24

QEMU is a generic and open source processor emulator which achieves a good emulation speed by using dynamic translation. QEMU has two operating modes: Full system emulation. In this mode, QEMU emulates a full system for example a PC, including a processor and various peripherials. It can be used ...

EulerOS 2.0 SP2 : util-linux (EulerOS-SA-2017-1084)

According to the version of the util-linux packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A race condition was found in the way su handled the management of child processes. A local authenticated attacker could use this flaw to kill...

EulerOS 2.0 SP1 : util-linux (EulerOS-SA-2017-1083)

According to the version of the util-linux packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A race condition was found in the way su handled the management of child processes. A local authenticated attacker could use this flaw to kill...

Amazon Linux AMI : util-linux (ALAS-2017-823)

Sending SIGKILL to other processes with root privileges via su : A race condition was found in the way su handled the management of child processes. A local authenticated attacker could use this flaw to kill other processes with root privileges under specific conditions.CVE-2017-2616 C Tenable...

Medium: util-linux

Issue Overview: Sending SIGKILL to other processes with root privileges via su: A race condition was found in the way su handled the management of child processes. A local authenticated attacker could use this flaw to kill other processes with root privileges under specific conditions.CVE-2017-26...

Linksys Smart Wi-Fi Routers Authentication Bypass Vulnerability

Linksys Smart Wi-Fi Routers are smart Wi-Fi routers. An authentication bypass vulnerability exists in Linksys Smart Wi-Fi Routers. An attacker can bypass CGI scripts to collect sensitive information such as firmware version, Linux kernel version, runtime process list, connected USB devices, and P...

Microsoft Windows 10 - Runtime Broker ClipboardBroker Privilege Escalation

Microsoft Windows 10 - Runtime Broker ClipboardBroker Privilege Escalation Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1079 Windows: Runtime Broker ClipboardBroker EoP Platform: Windows 10 10586/14393 not tested 8.1 Update 2 Class: Elevation of Privilege Summary: The Runtime...

libblkid, libmount, libuuid, util, uuidd security update

CentOS Errata and Security Advisory CESA-2017:0907 An update for util-linux is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severi...

RHEL 7 : util-linux (RHSA-2017:0907)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2017:0907 advisory. The util-linux packages contain a large variety of low-level system utilities that are necessary for a Linux system to function. Among others, these...

Scientific Linux Security Update : util-linux on SL7.x x86_64 (20170412)

Security Fixes : - A race condition was found in the way su handled the management of child processes. A local authenticated attacker could use this flaw to kill other processes with root privileges under specific conditions. CVE-2017-2616 Bug Fixes : - The 'findmnt --target ' command prints all...

util-linux: Sending SIGKILL to other processes with root privileges via su

A race condition was found in the way su handled the management of child processes. A local authenticated attacker could use this flaw to kill other processes with root privileges under specific conditions...

Moderate: Red Hat Security Advisory: util-linux security and bug fix update

An update for util-linux is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

Microsoft Windows LDAP Elevation of Privilege Vulnerability (KB4015068)

This host is missing an important security update according to Microsoft April 2017 Security Updates. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

April 11, 2017—KB4015548 (Security-only update)

April 11, 2017—KB4015548 Security-only update Improvements and fixes This security update resolves security vulnerabilities in Scripting Engine, Hyper-V, Win32K, Adobe Type Manager Font Driver, Microsoft Outlook, Graphics component, Lightweight Directory Access Protocol and Windows OLE. For more...

IT Asset Inventory Systems and CMDBs: A Marriage Made in InfoSec Heaven

A key capability of an IT asset inventory system is being able to exchange data with CMDBs Configuration Management Databases. In fact, a common misconception is that organizations with CMDBs don’t need an IT asset inventory system because their functions overlap. While they have similar roles,...

The vulnerability of the Windows operating system, which allows a perpetrator to manipulate processes or cause service failures

The vulnerability of the Windows operating system’s kernel relates to incorrect access control. Exploiting this vulnerability allows a local attacker to manipulate processes, simulate communication between them, or cause service failures through a specially crafted application...

Dissecting One of APT29’s Fileless WMI and PowerShell Backdoors (POSHSPY)

Mandiant has observed APT29 using a stealthy backdoor that we call POSHSPY. POSHSPY leverages two of the tools the group frequently uses: PowerShell and Windows Management Instrumentation WMI. In the investigations Mandiant has conducted, it appeared that APT29 deployed POSHSPY as a secondary...

The vulnerability of the Cisco NX-OS network operating system, which runs on Cisco Nexus 9000 Series switches, allows a malicious actor to initiate unauthorized processes on the system.

The vulnerability of the Telnet function in the Cisco NX-OS network operating system, which is used in Cisco Nexus 9000 Series switches, arises from operations that go beyond the buffer in memory. Exploiting this vulnerability can allow a malicious actor to initiate unauthorized system access,...

The vulnerability of the Cisco NX-OS network operating system, which runs on Cisco Nexus 9000 Series switches, allows a malicious actor to initiate unauthorized processes on the system.

The vulnerability of the remote input function in the network operating system of Cisco NX-OS, which operates on Cisco Nexus 9000 Series switches, arises due to operations that go beyond the buffer in memory. Exploiting this vulnerability can allow a malicious actor to initiate unauthorized input...

coreutils security and bug fix update

8.4-46.0.1 - clean up empty file if cp is failed Orabug 15973168 8.4-46 - pure rebuild to bring back support for aclextendedfilenofollow on x8664 8.4-45 - su: deny killing other processes with root privileges CVE-2017-2616 8.4-44 - fix the functionality of 'sort -h -k ...' in multi-byte locales...