DLA-680-2 bash - version number correction

Bulletin has no description...

Firejail Remote Elevation of Privilege Vulnerability

Firejail is a suite of SUID programs written in C that reduces the risk of security vulnerabilities by restricting the runtime environment of untrusted applications using the Linux namespace and seccomp-bpf. A security vulnerability exists in Firejail that allows a remote attacker to exploit the...

[SECURITY] [DLA 680-1] bash security update

Package : bash Version : 4.2+dfsg-0.1+deb7u3 CVE ID : CVE-2016-7543 An old attack vector has been corrected in bash, a sh-compatible command language interpreter. CVE-2016-7543 Specially crafted SHELLOPTS+PS4 environment variables in combination with insecure setuid binaries can result in root...

DLA-680-1 bash - security update

Bulletin has no description...

UCloud-2 0 1 6 1 0-0 0 1: kernel‘Dirty Cow’to mention the right vulnerability Security Alert-vulnerability warning-the black bar safety net

The Linux kernel recently the outbreak of the’Dirty Cow’Vulnerability, CVE-2 0 1 6-5 1 9 5, can lead to a low-rights user to achieve the local extraction rights. Please check you are using the kernel is in the affected range, and timely upgrades. The scope of the impact Linux kernel =2.6.22...

Linux Kernel 2.6.22 3.9 (x86x64) - Dirty COW procselfmem Race Condition Privilege Escalation (SUID Method)

Linux Kernel 2.6.22 3.9 x86x64 - Dirty COW procselfmem Race Condition Privilege Escalation SUID Method / EDB-Note: After getting a shell, doing "echo 0 /proc/sys/vm/dirtywritebackcentisecs" may make the system more stable. uncomment correct payload first x86 or x64! $ gcc cowroot.c -o cowroot...

CVE-2003-0583

Technical details for CVE-2003-0583 are not publicly available in the provided connected documents. Monitor for updates.

Design/Logic Flaw

Untrusted search path vulnerability in IBM DB2 9.7 through FP11, 10.1 through FP5, 10.5 before FP8, and 11.1 GA on Linux, AIX, and HP-UX allows local users to gain privileges via a Trojan horse library that is accessed by a setuid or setgid program...

IBM DB2 10.5 < Fix Pack 8 / 11.x < 11.1 Multiple Vulnerabilities

Binary data 9590.prm...

CVE-2016-7543

An arbitrary command injection flaw was found in the way bash processed the SHELLOPTS and PS4 environment variables. A local, authenticated attacker could use this flaw to exploit poorly written setuid programs to elevate their privileges under certain circumstances...

Multiple IBM DB2 Products Local Lift Vulnerabilities

IBM DB2 is a relational database management system from IBM in the United States. Multiple IBM DB2 products fail to properly validate input prior to loading into the library, allowing a local attacker to exploit the vulnerability to gain root privileges by constructing malicious libraries in a...

CVE-2016-5662

Accellion Kiteworks appliances before kw2016.03.00 use setuid-root permissions for /opt/bin/cli, which allows local users to gain privileges via unspecified vectors...

CVE-2016-5662

Accellion Kiteworks appliances before kw2016.03.00 use setuid-root permissions for /opt/bin/cli, which allows local users to gain privileges via unspecified vectors...

Design/Logic Flaw

Accellion Kiteworks appliances before kw2016.03.00 use setuid-root permissions for /opt/bin/cli, which allows local users to gain privileges via unspecified vectors...

CVE-2016-5662

Accellion Kiteworks appliances before kw2016.03.00 use setuid-root permissions for /opt/bin/cli, which allows local users to gain privileges via unspecified vectors...

Fontconfig Arbitrary Code Execution Vulnerability

fontconfig is a library of functions that provide system-wide font settings, customization and allow applications to access them. An arbitrary code execution vulnerability exists in fontconfig, which can be exploited to trigger an arbitrary free call, which can lead to a double free attack to...

DSA-3644-1 fontconfig - security update

Bulletin has no description...

CVE-2016-0392

IBM General Parallel File System GPFS in GPFS Storage Server 2.0.0 through 2.0.7 and Elastic Storage Server 2.5.x through 2.5.5, 3.x before 3.5.5, and 4.x before 4.0.3, as distributed in Spectrum Scale RAID, allows local users to gain privileges via a crafted parameter to a setuid program...

IBM Spectrum Scale and General Parallel File System Arbitrary Code Execution Vulnerability

IBM GPFS is an enterprise file management system optimized for petabyte-scale storage management.IBM Spectrum Scale is a data and file management solution based on IBM GPFS. A security vulnerability exists in IBM Spectrum Scale and GPFS that could be exploited by a local attacker to inject...

gnutls: arbitrary file overwrite

Setuid programs using GnuTLS could potentially allow an attacker to overwrite and corrupt arbitrary files in the filesystem. This issue was introduced in GnuTLS 3.4.12 with the GNUTLSKEYLOGFILE environment variable handling via getenv and fixed in GnuTLS 3.4.13 by switching to securegetenv where...