OESA-2023-1342 libcap security update

This is a library for getting and setting POSIX.1e formerly POSIX 6 draft 15 capabilities. Security Fixes: A vulnerability was found in the pthreadcreate function in libcap. This issue may allow a malicious actor to use cause realpthreadcreate to return an error, which can exhaust the process...

A vulnerability was found in the pthread_create() function in libcap. This issue may allow a malicious actor to use cause __real_pthread_create() to return an error which can exhaust the process memory.

...

CVE-2023-2602

A vulnerability was found in the pthreadcreate function in libcap. This issue may allow a malicious actor to use cause realpthreadcreate to return an error, which can exhaust the process memory...

DEBIAN-CVE-2023-2602

A vulnerability was found in the pthreadcreate function in libcap. This issue may allow a malicious actor to use cause realpthreadcreate to return an error, which can exhaust the process memory...

ALPINE-CVE-2023-2602

A vulnerability was found in the pthreadcreate function in libcap. This issue may allow a malicious actor to use cause realpthreadcreate to return an error, which can exhaust the process memory...

The vulnerability in the `libavcodec/pthread_frame.c` component of the multimedia library FFmpeg, related to the use of memory after it is freed, allows a hacker to execute arbitrary code.

The vulnerability of the libavcodec/pthreadframe.c component in the FFmpeg multimedia library is related to the use of memory after it is freed during the processing of working threads by the decoder hwaccel. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...

SUSE CVE-2023-2602

A vulnerability was found in the pthreadcreate function in libcap. This issue may allow a malicious actor to use cause realpthreadcreate to return an error, which can exhaust the process memory...

UBUNTU-CVE-2023-2602

A vulnerability was found in the pthreadcreate function in libcap. This issue may allow a malicious actor to use cause realpthreadcreate to return an error, which can exhaust the process memory...

Exploit for Out-of-bounds Write in Linux Linux_Kernel

My POC for CVE-2022-...

SUSE CVE-2019-1010025

GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthreadcreated thread. The component is: glibc. NOTE: the vendor's position is "ASLR bypass itself is not a vulnerability...

SUSE CVE-2020-12658

gssproxy aka gss-proxy before 0.8.3 does not unlock condmutex before pthread exit in gpworkermain in gpworkers.c. NOTE: An upstream comment states "We are already on a shutdown path when running the code in question, so a DoS there doesn't make any sense, and there has been no additional...

ALPINE-CVE-2022-31622

MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/dscompress.cc, when an error occurs pthreadcreate returns a nonzero value while executing the method createworkerthreads, the held lock is not released correctly, which allows local users to trigger a denial of...

SUSE-SU-2022:0832-1 Security update for glibc

glibc was updated to fix the following issues: Security issues fixed: - CVE-2022-23219: Fixed Buffer overflow in sunrpc clntcreate for 'unix' bsc1194768 - CVE-2022-23218: Buffer overflow in sunrpc svcunixcreate bsc1194770 - CVE-2021-3999: Fixed getcwd to set errno to ERANGE for size == 1 bsc11946...

SUSE: Security Advisory (SUSE-SU-2021:4063-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

glibc security update

2.28-164.0.1 - Merge of RH patches for ol8-u5 beta release Review-exception: Routine merge - Provide glibc.pthread.mutexspincount tunable for pthread adaptive - spin mutex Orabug: 27982358. Reviewed-by: Qing Zhao - add Ampere emag to tunable cpu list Patrick McGehearty - add optimized memset for...

glibc security, bug fix, and enhancement update

2.28-164.0.1 - Merge of RH patches for ol8-u5 beta release Review-exception: Routine merge - Provide glibc.pthread.mutexspincount tunable for pthread adaptive - spin mutex Orabug: 27982358. Reviewed-by: Qing Zhao - add Ampere emag to tunable cpu list Patrick McGehearty - add optimized memset for...

CLSA-2021-1635459213 Fix CVE(s): CVE-2021-33574, CVE-2021-38604, CVE-2021-35942

debian/patches/any/add-pthread-attr-copy.patch: adopt pthreadattrcopy functionality. debian/patches/any/add-test-for-pthread-attr-copy.patch: add test case for it. SECURITY UPDATE: Use-after-free in mqnotify - debian/patches/any/CVE-2021-33574.patch: use pthreadattrcopy to completely duplicate...

CLSA-2021-1635459187 Fix CVE(s): CVE-2021-33574, CVE-2021-38604, CVE-2021-35942

debian/patches/any/add-pthread-attr-copy.patch: adopt pthreadattrcopy functionality. debian/patches/any/add-test-for-pthread-attr-copy.patch: add test case for it. SECURITY UPDATE: Use-after-free in mqnotify - debian/patches/any/CVE-2021-33574.patch: use pthreadattrcopy to completely duplicate...

CLSA-2021-1634922609 Fixed CVEs in glibc: CVE-2021-38604, CVE-2021-35942, CVE-2021-33574

Adopt pthreadattrcopy functionality, test case is included - CVE-2021-33574: avoid use-after-free vulnerability - CVE-2021-35942: avoid out-of-bounds read via signed integer overflow in array index - CVE-2021-38604: considered. No NULL pointer dereference is possible...

SUSE-SU-2021:2480-1 Security update for glibc

This update for glibc fixes the following issues: Security issues fixed: - CVE-2021-35942: wordexp: Fixed handle overflow in positional parameter number bsc1187911 - CVE-2016-10228: Rewrite iconv option parsing bsc1027496 Other fixes: - Fixed race in pthreadmutexlock while promoting to...