1320 matches found
VMSA-2017-0006 : VMware ESXi, Workstation and Fusion updates address critical and moderate security issues
a. ESXi, Workstation, Fusion SVGA memory corruption ESXi, Workstation, Fusion have a heap buffer overflow and uninitialized stack memory usage in SVGA. These issues may allow a guest to execute code on the host. VMware would like to thank ZDI and Team 360 Security from Qihoo for reporting these...
VMSA-2017-0006:VMware ESXi, Workstation and Fusion updates address CRITICAL and MEDIUM security issues
VMSA-2017-0006 VMware ESXi, Workstation and Fusion updates address critical and moderate security issues VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2017-0006 VMware Security Advisory Severity: Critical VMware Security Advisory Synopsis: VMware ESXi, Workstation and Fusion...
Information Disclosure
OpenSSL is vulnerable to information disclosure. When pretty printing through the OBJobj2txt function in crypto/objects/objdat.c is it possible for attackers to read from the process stack memory. This is caused because OpenSSL does not ensure the presence of \0 characters...
CVE-2016-9932
CMPXCHG8B emulation in Xen 3.3.x through 4.7.x on x86 systems allows local HVM guest OS users to obtain sensitive information from host stack memory via a "supposedly-ignored" operand size prefix...
CVE-2016-9932
CMPXCHG8B emulation in Xen 3.3.x through 4.7.x on x86 systems allows local HVM guest OS users to obtain sensitive information from host stack memory via a "supposedly-ignored" operand size prefix...
CVE-2016-9932
CVE-2016-9932 affects the Xen hypervisor (CMPXCHG8B emulation) from Xen 3.3.x through 4.7.x on x86. It allows local HVM guest OS users to disclose sensitive host stack memory via a supposedly-ignored operand size prefix. Connected advisories note this as XSA-200 and document patched versions in X...
Design/Logic Flaw
arch/x86/kvm/emulate.c in the Linux kernel before 4.8.12 does not properly initialize Code Segment CS in certain error cases, which allows local users to obtain sensitive information from kernel stack memory via a crafted application...
DEBIAN-CVE-2016-9756
arch/x86/kvm/emulate.c in the Linux kernel before 4.8.12 does not properly initialize Code Segment CS in certain error cases, which allows local users to obtain sensitive information from kernel stack memory via a crafted application...
UBUNTU-CVE-2016-9756
arch/x86/kvm/emulate.c in the Linux kernel before 4.8.12 does not properly initialize Code Segment CS in certain error cases, which allows local users to obtain sensitive information from kernel stack memory via a crafted application...
openSUSE Security Update : the Linux Kernel (openSUSE-2016-1426)
The openSUSE Leap 42.2 kernel was updated to 4.4.36 to receive various security and bugfixes. The following security bugs were fixed : - CVE-2015-1350: The VFS subsystem in the Linux kernel 3.x provides an incomplete set of requirements for setattr operations that underspecifies removing extended...
Updated kernel-tmb-4.4.32 packages fix security vulnerability
This update is based on upstream 4.4.32 and fixes alteast the following security issues: The prockeysshow function in security/keys/proc.c in the Linux kernel through 4.8.2, when the GNU Compiler Collection gcc stack protector is enabled, uses an incorrect buffer size for certain timeout data,...
MGASA-2016-0411 Updated kernel-linus-4.4.32 packages fix security vulnerability
This update is based on upstream 4.4.32 and fixes alteast the following security issues: Vladimir Bene discovered an unbounded recursion in the VLAN and TEB Generic Receive Offload GRO processing implementations in the Linux kernel, A remote attacker could use this to cause a stack corruption,...
Security update for the Linux Kernel (important)
The openSUSE 13.1 kernel was updated to 3.12.67 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2013-5634: arch/arm/kvm/arm.c in the Linux kernel on the ARM platform, when KVM is used, allowed host OS users to cause a denial of service NULL pointer...
SUSE SLES11 Security Update : kernel (SUSE-SU-2016:2976-1)
The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. For the PowerPC64 a new 'bigmem' flavor has been added to support big Power machines. FATE319026 The following security bugs were fixed : - CVE-2016-7042: The prockeysshow function in security/keys/proc....
CVE-2016-9178
The getuserasmex macro in arch/x86/include/asm/uaccess.h in the Linux kernel before 4.7.5 does not initialize a certain integer variable, which allows local users to obtain sensitive information from kernel stack memory by triggering failure of a getuserex call...
CVE-2016-8650
CVE-2016-8650 affects the Linux kernel: the mpi_powm function in lib/mpi/mpi-pow.c can fail to allocate memory for limb data, permitting a local attacker to trigger a denial of service (stack memory corruption/panic) via an add_key RSA operation with a zero exponent. Public advisories (F5) confir...
CVE-2016-9178
The getuserasmex macro in arch/x86/include/asm/uaccess.h in the Linux kernel before 4.7.5 does not initialize a certain integer variable, which allows local users to obtain sensitive information from kernel stack memory by triggering failure of a getuserex call...
SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2016:2912-1)
The SUSE Linux Enterprise 12 kernel was updated to 3.12.67 to receive various security and bugfixes. The following security bugs were fixed : - CVE-2016-7042: The prockeysshow function in security/keys/proc.c in the Linux kernel used an incorrect buffer size for certain timeout data, which allowe...
CVE-2016-9178
The getuserasmex macro in arch/x86/include/asm/uaccess.h in the Linux kernel before 4.7.5 does not initialize a certain integer variable, which allows local users to obtain sensitive information from kernel stack memory by triggering failure of a getuserex call...
UBUNTU-CVE-2016-9178
The getuserasmex macro in arch/x86/include/asm/uaccess.h in the Linux kernel before 4.7.5 does not initialize a certain integer variable, which allows local users to obtain sensitive information from kernel stack memory by triggering failure of a getuserex call...