Amazon Linux 2023 : containerd, containerd-stress (ALAS2023-2023-312)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-312 advisory. On Unix platforms, the Go runtime does not behave differently when a binary is run with the setuid/setgid bits. This can be dangerous in certain cases, such as when dumping memory state, or...

CVE-2023-40303

GNU inetutils before 2.5 may allow privilege escalation because of unchecked return values of setid family functions in ftpd, rcp, rlogin, rsh, rshd, and uucpd. This is, for example, relevant if the setuid system call fails when a process is trying to drop privileges before letting an ordinary us...

UBUNTU-CVE-2023-40303

GNU inetutils before 2.5 may allow privilege escalation because of unchecked return values of setid family functions in ftpd, rcp, rlogin, rsh, rshd, and uucpd. This is, for example, relevant if the setuid system call fails when a process is trying to drop privileges before letting an ordinary us...

CVE-2023-40303

GNU inetutils before 2.5 may allow privilege escalation because of unchecked return values of setid family functions in ftpd, rcp, rlogin, rsh, rshd, and uucpd. This is, for example, relevant if the setuid system call fails when a process is trying to drop privileges before letting an ordinary us...

CVE-2023-40303

GNU inetutils before 2.5 may allow privilege escalation because of unchecked return values of setid family functions in ftpd, rcp, rlogin, rsh, rshd, and uucpd. This is, for example, relevant if the setuid system call fails when a process is trying to drop privileges before letting an ordinary us...

GNOME Files 43.4 Privilege Escalation

Affected: GNOME Files 43.4 nautilus on fedora 37 Description: If an user A opens in GNOME files zip archive containing setuid file F, then F will be silently extracted to a subdirectory of CWD. If F is accessible by hostile local user B and B executes F, then F will be executed as from user A. ta...

GNOME Files 43.4 Privilege Escalation Vulnerability

GNOME Files version 43.4 nautilus on Fedora 37 will extract zip archives with setuid files for other user identifiers that can be leveraged to escalate privileges. Affected: GNOME Files 43.4 nautilus on fedora 37 Description: If an user A opens in GNOME files zip archive containing setuid file F,...

Important: golang

Issue Overview: html/template: improper handling of empty HTML attributes. The go command may generate unexpected code at build time when using cgo. This may result in unexpected behavior when running a go program which uses cgo. This may occur when running an untrusted module which contains...

Ineffective privileges drop when requesting container network

Impact Fix https://github.com/apptainer/apptainer/pull/1523 included in Apptainer 1.2.0-rc.2 has introduced an ineffective privilege drop when requesting container network setup, therefore subsequent functions are called with root privileges. The attack surface is rather limited for users but an...

GHSA-MMX5-32M4-WXVX Ineffective privileges drop when requesting container network

Impact Fix https://github.com/apptainer/apptainer/pull/1523 included in Apptainer 1.2.0-rc.2 has introduced an ineffective privilege drop when requesting container network setup, therefore subsequent functions are called with root privileges. The attack surface is rather limited for users but an...

Security Bulletin: IBM Event Streams is affected by multiple vulnerabilities in Golang Go

Summary Vulnerabilities in golang before 1.19.10 affect the golang component that is used by IBM Event Streams CVE-2023-29402, CVE-2023-29403, CVE-2023-29404, CVE-2023-29405. These vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2023-29403 DESCRIPTION: Golang Go could allow a...

Important: golang

Issue Overview: RESERVED NOTE: https://groups.google.com/g/golang-announce/c/V0aBFqaFsE CVE-2022-41724 Golang: net/http, mime/multipart: denial of service from excessive resource consumption https://groups.google.com/g/golang-announce/c/V0aBFqaFsE CVE-2022-41725 The ScalarMult and ScalarBaseMult...

Fedora 38 : golang (2023-eb60fcd505)

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-eb60fcd505 advisory. This update includes a security fix to the net/http package, as well as bug fixes to the compiler, cgo, the cover tool, the go command, the runtime,...

EulerOS 2.0 SP10 : screen (EulerOS-SA-2023-2393)

According to the versions of the screen package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - socket.c in GNU Screen through 4.9.0, when installed setuid or setgid the default on platforms such as Arch Linux and FreeBSD, allows local users...

EulerOS 2.0 SP9 : screen (EulerOS-SA-2023-2322)

According to the versions of the screen package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - socket.c in GNU Screen through 4.9.0, when installed setuid or setgid the default on platforms such as Arch Linux and FreeBSD, allows local users...

EulerOS 2.0 SP9 : screen (EulerOS-SA-2023-2342)

According to the versions of the screen package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - socket.c in GNU Screen through 4.9.0, when installed setuid or setgid the default on platforms such as Arch Linux and FreeBSD, allows local users...

RLSA-2023:3923 Critical: go-toolset and golang security update

Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. The golang packages provide the Go programming language compiler. Security Fixes: golang: cmd/go: go command may generate unexpected code at build time when using cgo CVE-2023-29402 golang:...

go-toolset and golang security update

An update is available for go-toolset, golang. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Go Toolset provides the Go programming language tools and librarie...

Rocky Linux 9 : go-toolset and golang (RLSA-2023:3923)

The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:3923 advisory. - The go command may generate unexpected code at build time when using cgo. This may result in unexpected behavior when running a go program which uses...

Oracle Linux 9 : go-toolset / and / golang (ELSA-2023-3923)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-3923 advisory. - New Go version 1.19.10 CVE-2023-29402 CVE-2023-29403 CVE-2023-29404 CVE-2023-29405 go-toolset Tenable has extracted the preceding description block...