GSD-2021-1000961 gpio: wcd934x: Fix shift-out-of-bounds error

gpio: wcd934x: Fix shift-out-of-bounds error This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.44 by commit...

Miniaudio 安全漏洞

Miniaudio is a single-file audio playback and capture library written in C. A buffer overflow vulnerability exists in Miniaudio version 0.10.35. The vulnerability stems from an out-of-bounds left shift of drwavbytestou32 in miniaudio.h. No detailed vulnerability details are currently available."...

Intentional Flaw in GPRS Encryption Algorithm GEA-1

General Packet Radio Service GPRS is a mobile data standard that was widely used in the early 2000s. The first encryption algorithm for that standard was GEA-1, a stream cipher built on three linear-feedback shift registers and a non-linear combining function. Although the algorithm has a 64-bit...

The road to secure crypto: start getting risk management priorities on your threat modeling radar

While attending the biggest event in crypto history earlier this month in Miami, it struck me that, although irrational over-exuberance was the mood, the reality is really sinking in: We are in a new payments industry paradigm shift. Its not a fad anymore, and its not going away. An exclamation t...

Upcoming Speaking Engagements

This is a current list of where and when I am scheduled to speak: Ill be part of a European Internet Forum virtual debate on June 17, 2021. The topic is "Decrypting the encryption debate: How to ensure public safety with a privacy-preserving and secure Internet?" I’m speaking at the all-online...

GSD-2021-1000374 sched/fair: Fix shift-out-of-bounds in load_balance()

sched/fair: Fix shift-out-of-bounds in loadbalance This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.37 by commit...

UVI-2021-1000426 liquidio: Fix unintented sign extension of a left shift of a u16

liquidio: Fix unintented sign extension of a left shift of a u16 This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.4.119 by commit...

UVI-2021-1000470 liquidio: Fix unintented sign extension of a left shift of a u16

liquidio: Fix unintented sign extension of a left shift of a u16 This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.14.233 by commit...

UVI-2021-1000454 liquidio: Fix unintented sign extension of a left shift of a u16

liquidio: Fix unintented sign extension of a left shift of a u16 This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.19.191 by commit...

UVI-2021-1000107 NFS: fs_context: validate UDP retrans to prevent shift out-of-bounds

NFS: fscontext: validate UDP retrans to prevent shift out-of-bounds This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.11.20 by commit...

The vulnerability of the GateManager communication server, related to a single shift error, allows a perpetrator to execute arbitrary code or cause a service failure.

The vulnerability of the GateManager communication server is related to a single-shift error. Exploiting this vulnerability allows a malicious actor to execute arbitrary code or cause service failures remotely...

The vulnerability of the communication server GateManager is related to a single shift error, which allows an attacker to execute arbitrary commands on behalf of the user root.

The vulnerability of the communication server GateManager is related to a single-shift error. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands on behalf of the user root remotely...

DevSecOps and the New Scope of Application Development

Hand in hand: Application development and application security As expectations of developers change, so too do those of security teams. It’s more of a collective effort than ever as business dependence on applications continues to grow. Security must shift further left into the software developme...

USN-4915-1 linux-oem-5.6 vulnerabilities

It was discovered that the overlayfs implementation in the Linux kernel did not properly validate the application of file system capabilities with respect to user namespaces. A local attacker could use this to gain elevated privileges. CVE-2021-3493 Vincent Dehors discovered that the shiftfs file...

GO-2021-0071 Race condition in github.com/lxc/lxd

A race between chown and chmod operations during a container filesystem shift may allow a user who can modify the filesystem to chmod an arbitrary path of their choice, rather than the expected path...

SUSE-SU-2021:1165-1 Security update for glibc

This update for glibc fixes the following issues: - CVE-2020-27618: Accept redundant shift sequences in IBM1364 bsc1178386 - CVE-2020-29562: Fix incorrect UCS4 inner loop bounds bsc1179694 - CVE-2020-29573: Harden printf against non-normal long double values bsc1179721 - Check vector support in...

openSUSE Security Update : openexr (openSUSE-2021-536)

This update for openexr fixes the following issues : - CVE-2021-3474: Undefined-shift in Imf25::FastHufDecoder::FastHufDecoder bsc1184174 - CVE-2021-3475: Integer-overflow in Imf25::calculateNumTiles bsc1184173 - CVE-2021-3476: Undefined-shift in Imf25::unpack14 bsc1184172 This update was importe...

Security update for openexr (moderate)

openSUSE Security Update: Security update for openexr Announcement ID: openSUSE-SU-2021:0536-1 Rating: moderate References: 1184172 1184173 1184174 Cross-References: CVE-2021-3474 CVE-2021-3475 CVE-2021-3476 CVSS scores: CVE-2021-3474 NVD : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L...

OPENSUSE-SU-2021:0536-1 Security update for openexr

This update for openexr fixes the following issues: - CVE-2021-3474: Undefined-shift in Imf25::FastHufDecoder::FastHufDecoder bsc1184174 - CVE-2021-3475: Integer-overflow in Imf25::calculateNumTiles bsc1184173 - CVE-2021-3476: Undefined-shift in Imf25::unpack14 bsc1184172 This update was imported...

SUSE SLED15 / SLES15 Security Update : openexr (SUSE-SU-2021:1097-1)

This update for openexr fixes the following issues : CVE-2021-3474: Undefined-shift in Imf25::FastHufDecoder::FastHufDecoder bsc1184174 CVE-2021-3475: Integer-overflow in Imf25::calculateNumTiles bsc1184173 CVE-2021-3476: Undefined-shift in Imf25::unpack14 bsc1184172 Note that Tenable Network...