Linux Kernel vmsplice_to_pipe()本地权限提升漏洞

BUGTRAQ ID: 27801 CVECAN ID: CVE-2008-0600 Linux Kernel是开放源码操作系统Linux所使用的内核。 Linux Kernel的实现上存在漏洞，本地攻击者可能利用此漏洞提升自己的权限。 Linux Kernel的fs/splice.c文件中的vmsplicetopipe没有正确地验证某些用户域指针，这允许本地攻击者通过特制的vmsplice系统调用获得root用户权限提升。 Linux kernel 2.6.17 - 2.6.24.1 厂商补丁： Debian ------...

[SECURITY] New versions of trn fixes /tmp race

All former versions of trn used a hardcoded filename in /tmp as temporary storage. If the file already exists as symbolic link to users files they will be overwritten. We recommend you upgrade your man2html package as soon as possible. wget url will fetch the file for you dpkg -i file.deb will...

[SECURITY] New versions of tcsh fixes buffer overflows

We have found that the tcsh shell had a problem with very long pathnames. When a very long path was encountered tcsh failed to check the result of getcwd in all places, which could be exploited. We recommend you upgrade your tcsh package immediately. wget url will fetch the file for you dpkg -i...