38 matches found
EUVD-2017-1530
Malware in sbrugna...
K97457339: Linux kernel vulnerabilities CVE-2017-1000370 and CVE-2017-1000371
Security Advisory Description CVE-2017-1000370 The offset2lib patch as used in the Linux Kernel contains a vulnerability that allows a PIE binary to be execveed with 1GB of arguments or environmental strings then the stack occupies the address 0x80000000 and the PIE binary is mapped above...
NewStart CGSL MAIN 4.06 : kernel Multiple Vulnerabilities (NS-SA-2022-0075)
The remote NewStart CGSL host, running version MAIN 4.06, has kernel packages installed that are affected by multiple vulnerabilities: - The offset2lib patch as used by the Linux Kernel contains a vulnerability, if RLIMITSTACK is set to RLIMINFINITY and 1 Gigabyte of memory is allocated the maxim...
NewStart CGSL CORE 5.04 / MAIN 5.04 : kernel Multiple Vulnerabilities (NS-SA-2019-0034)
The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has kernel packages installed that are affected by multiple vulnerabilities: - The Linux Kernel imposes a size restriction on the arguments and environmental strings passed through RLIMITSTACK/RLIMITINFINITY, but does not take...
EulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1500)
According to the versions of the kernel packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - The IPv6 DCCP implementation in the Linux kernel mishandles inheritance, which allows local users to cause a denial of...
Virtuozzo 6 : parallels-server-bm-release / vzkernel / etc (VZA-2018-075)
According to the versions of the parallels-server-bm-release / vzkernel / etc packages installed, the Virtuozzo installation on the remote host is affected by the following vulnerabilities : - A flaw named FragmentSmack was found in the way the Linux kernel handled reassembly of fragmented IPv4 a...
Important kernel security update: CVE-2018-5391 and other issues; new kernel 2.6.32-042stab134.3; Virtuozzo 6.0 Update 12 Hotfix 33 (6.0.12-3724)
This update provides a new kernel 2.6.32-042stab134.3 for Virtuozzo 6.0. The new kernel introduces security and stability fixes. Vulnerability id: CVE-2018-5391 A flaw named FragmentSmack was found in the way the Linux kernel handled reassembly of fragmented IPv4 and IPv6 packets. A remote attack...
Important kernel security update: CVE-2018-5391 and other issues; new kernel 2.6.32-042stab134.3 for Virtuozzo Containers for Linux 4.7, Server Bare Metal 5.0
This update provides a new kernel 2.6.32-042stab134.3 for Virtuozzo Containers for Linux 4.7 and Server Bare Metal 5.0. The new kernel introduces security and stability fixes. Vulnerability id: CVE-2018-5391 A flaw named FragmentSmack was found in the way the Linux kernel handled reassembly of...
CVE-2017-1085
CVE-2017-1085 affects FreeBSD prior to 11.2-RELEASE: when an application calls setrlimit() to raise RLIMIT_STACK, a read-only memory region below the stack can be turned into read-write, enabling a specially crafted executable to execute arbitrary code in the user context. A PoC exists (Exploit-D...
CVE-2017-1085
In FreeBSD before 11.2-RELEASE, an application which calls setrlimit to increase RLIMITSTACK may turn a read-only memory region below the stack into a read-write region. A specially crafted executable could be exploited to execute arbitrary code in the user context...
Ubuntu 14.04 LTS : Linux kernel vulnerabilities (USN-3381-1)
The remote Ubuntu 14.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-3381-1 advisory. Peter Pi discovered that the colormap handling for frame buffer devices in the Linux kernel contained an integer overflow. A local attacker could use thi...
Ubuntu: Security Advisory (USN-3381-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-3381-2: Linux kernel (Trusty HWE) vulnerabilities
USN-3381-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 ESM. Peter Pi discovered that the colormap handling for frame buffer devices in the Linux...
USN-3381-1: Linux kernel vulnerabilities
Peter Pi discovered that the colormap handling for frame buffer devices in the Linux kernel contained an integer overflow. A local attacker could use this to disclose sensitive information kernel memory. CVE-2016-8405 It was discovered that the Linux kernel did not properly restrict RLIMITSTACK...
Debian DSA-3927-1 : linux - security update (Stack Clash)
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. - CVE-2017-7346 Li Qiang discovered that the DRM driver for VMware virtual GPUs does not properly check user-controlled values in the...
Ubuntu 16.04 LTS : Linux kernel (HWE) vulnerabilities (USN-3377-2)
The remote Ubuntu 16.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-3377-2 advisory. USN-3377-1 fixed vulnerabilities in the Linux kernel for Ubuntu 17.04. This update provides the corresponding updates for the Linux Hardware Enablement H...
Ubuntu 17.04 : linux, linux-raspi2 vulnerabilities (USN-3377-1) (Stack Clash)
Fan Wu and Shixiong Zhao discovered a race condition between inotify events and vfs rename operations in the Linux kernel. An unprivileged local attacker could use this to cause a denial of service system crash or execute arbitrary code. CVE-2017-7533 It was discovered that the Linux kernel did n...
USN-3378-1: Linux kernel vulnerabilities
Fan Wu and Shixiong Zhao discovered a race condition between inotify events and vfs rename operations in the Linux kernel. An unprivileged local attacker could use this to cause a denial of service system crash or execute arbitrary code. CVE-2017-7533 It was discovered that the Linux kernel did n...
Security update for the Linux Kernel (important)
The openSUSE Leap 42.2 kernel was updated to 4.4.74 to receive various security and bugfixes. This update fixes some long standing btrfs issues. The following security bugs were fixed: - CVE-2017-7518: A KVM debug exception in the syscall handling was fixed which might have been used for local...
Updated kernel-tmb packages fixes critical security vulnerabilities
This kernel-tmb update is based on upstream 4.4.74 and fixes at least the following security issues: The ipxitfioctl function in net/ipx/afipx.c in the Linux kernel through 4.11.1 mishandles reference counts, which allows local users to cause a denial of service use-after-free or possibly have...