Flatpak: Multiple Vulnerabilities

Background Flatpak is a Linux application sandboxing and distribution framework. Description Multiple vulnerabilities have been discovered in Flatpak. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There ...

GLSA-202310-08 : man-db: privilege escalation

The remote host is affected by the vulnerability described in GLSA-202310-08 man-db: privilege escalation - man-db before 2.8.5 on Gentoo allows local users with access to the man user account to gain root privileges because /usr/bin/mandb is executed by root but not owned by root. Also, the owne...

Shadow: TOCTOU Race

Background Shadow contains utilities to deal with user accounts Description A TOCTOU race condition was discovered in shadow. A local attacker with write privileges in a directory removed or copied by usermod/userdel could potentially exploit this flaw when the administrator invokes...

GLSA-202012-17 : D-Bus: Denial of service

The remote host is affected by the vulnerability described in GLSA-202012-17 D-Bus: Denial of service It was discovered that D-Bus did not properly handle the situation when two usernames have the same numeric UID. Impact : An attacker could possibly cause a Denial of Service condition or trigger...

iproute2: Denial of service

Background iproute2 is a set of tools for managing Linux network routing and advanced features. Description iproute2 was found to contain a use-after-free in getnetnsidfromname in ip/ipnetns.c. Impact A remote attacker, able to feed iproute2 crafted data, may be able to cause a Denial of Service...

file: Heap-based buffer overflow

Background file is a utility that guesses a file format by scanning binary data for patterns. Description It was discovered that file incorrectly handled certain malformed files. Impact A remote attacker could entice a user to process a specially crafted file via libmagic or file, possibly...

file: Denial of service

Background file is a utility that guesses a file format by scanning binary data for patterns. Description File does not properly utilize the docorenote function in readelf.c in libmagic.a. Impact A remote attacker could send a specially crafted ELF file possibly resulting in a Denial of Service...

Shadow: security bypass

Background Shadow is a set of tools to deal with user accounts. Description A local attacker could possibly bypass security restrictions if an administrator used “group blacklisting” to restrict access to file system paths. Impact A local attacker could possibly bypass security restrictions...

file: Stack-based buffer overflow

Background file is a utility that guesses a file format by scanning binary data for patterns. Description An issue discovered in file allows attackers to write 20 bytes to the stack buffer via a specially crafted .notes section. Impact A remote attacker, by using a specially crafted .notes sectio...

GLSA-201503-02 : D-Bus: Denial of Service

The remote host is affected by the vulnerability described in GLSA-201503-02 D-Bus: Denial of Service D-Bus doesnt validate the source of ActivationFailure signals. Impact : A local attacker could possibly cause a Denial of Service condition. Workaround : There is no known workaround at this time...

D-Bus: Denial of service

Background D-Bus is a message bus system, a simple way for applications to talk to one another. Description D-Bus doesn’t validate the source of ActivationFailure signals. Impact A local attacker could possibly cause a Denial of Service condition. Workaround There is no known workaround at this...

grep: Denial of service

Background grep is the GNU regular expression matcher. Description A heap buffer overrun has been fixed in the bmexectrans function in kwset.c. Impact A local user can cause Denial of Service. Workaround There is no known workaround at this time. Resolution All grep users should upgrade to the...

D-Bus, GLib: Privilege escalation

Background D-Bus is a daemon providing a framework for applications to communicate with one another. GLib is a library providing a number of GNOME’s core objects and functions. Description When libdbus is used in a setuid program, a user can gain escalated privileges by leveraging the...

file: Denial of service

Background file is a utility that guesses a file format by scanning binary data for patterns. Description Multiple out-of-bounds read errors and invalid pointer dereference errors have been found in cdf.c. Impact A remote attacker could entice a user to open a specially crafted Composite Document...

GLSA-201110-14 : D-Bus: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-201110-14 D-Bus: Multiple vulnerabilities Multiple vulnerabilities have been discovered in D-Bus. Please review the CVE identifiers referenced below for details. Impact : The vulnerabilities allow for local Denial of Service daemo...

D-Bus: Multiple vulnerabilities

Background D-Bus is a message bus system, a simple way for applications to talk to each other. Description Multiple vulnerabilities have been discovered in D-Bus. Please review the CVE identifiers referenced below for details. Impact The vulnerabilities allow for local Denial of Service daemon...

Gentoo Security Advisory GLSA 200911-04 (dstat)

The remote host is missing updates announced in advisory GLSA 200911-04. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2009 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...

Gentoo Security Advisory GLSA 200903-24 (shadow)

The remote host is missing updates announced in advisory GLSA 200903-24. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only OR GPL-3.0-only...

Gentoo Security Advisory GLSA 200705-25 (file)

The remote host is missing updates announced in advisory GLSA 200705-25. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Gentoo Security Advisory GLSA 200405-05 (utempter)

The remote host is missing updates announced in advisory GLSA 200405-05. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...