8 matches found
EUVD-2026-25004
mknod: Device nodes created mislabeled on SELinux, with broken cleanup removedir on a node...
EUVD-2026-25028
A Time-of-Check to Time-of-Use TOCTOU vulnerability exists in the chcon utility of uutils coreutils during recursive operations. The implementation resolves recursive targets using a fresh path lookup via ftsaccpath rather than binding the traversal and label application to the specific directory...
GHSA-79RC-QPW3-JV92 Duplicate Advisory: uutils coreutils has an Improper Preservation of Permissions issue
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-r9hw-mj3w-phcq. This link is maintained to preserve external references. Original Description The mknod utility in uutils coreutils fails to handle security labels atomically by creating device nodes before...
CVE-2026-35361
The CVE-2026-35361 issue affects the mknod utility in uutils coreutils. It describes non-atomic handling of security labels for created device nodes: mknod creates the nodes before applying the SELinux context, and on labeling failure attempts cleanup via std::fs::remove_dir, which cannot remove ...
OESA-2024-1556 xorg-x11-server-xwayland security update
Xwayland is an X server for running X clients under Wayland. %package devel Summary: Development package Requires: pkgconfig %description devel The development package provides the developmental files which are necessary for developing Wayland compositors using Xwayland. %prep %autosetup -n...
USN-6587-2 xorg-server vulnerabilities
USN-6587-1 fixed several vulnerabilities in X.Org. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Original advisory details: Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled memory when processing the DeviceFocusEvent and...
ntp security, bug fix, and enhancement update
4.2.6p5-22 - check origin timestamp before accepting KoD RATE packet CVE-2015-7704 - allow only one step larger than panic threshold with -g CVE-2015-5300 4.2.6p5-20 - validate lengths of values in extension fields CVE-2014-9297 - drop packets with spoofed source address ::1 CVE-2014-9298 - rejec...
Moderate: Red Hat Bug Fix Advisory: docker bug fix update
Updated docker packages that fix several bugs are now available for Red Hat Enterprise Linux 7 Extras. Docker is an open-source engine that automates the deployment of any application as a lightweight, portable, self-sufficient container that will run virtually anywhere. This update fixes the...