USN-6088-2: runC vulnerabilities

USN-6088-1 fixed vulnerabilities in runC. This update provides the corresponding updates for Ubuntu 16.04 LTS. It was discovered that runC incorrectly performed access control when mounting /proc to non-directories. An attacker could possibly use this issue to escalate privileges. CVE-2019-19921...

CVE-2023-25809

A flaw was found in runc, where it is vulnerable to a denial of service caused by improper access control in the /sys/fs/cgroup endpoint. This flaw allows a local authenticated attacker to cause a denial of service. Mitigation Condition 1: Unshare the cgroup namespace docker|podman|nerdctl run...

DEBIAN-CVE-2023-25809

runc is a CLI tool for spawning and running containers according to the OCI specification. In affected versions it was found that rootless runc makes /sys/fs/cgroup writable in following conditons: 1. when runc is executed inside the user namespace, and the config.json does not specify the cgroup...

CVE-2023-25809 rootless: `/sys/fs/cgroup` is writable when cgroupns isn't unshared in runc

runc is a CLI tool for spawning and running containers according to the OCI specification. In affected versions it was found that rootless runc makes /sys/fs/cgroup writable in following conditons: 1. when runc is executed inside the user namespace, and the config.json does not specify the cgroup...

CVE-2023-25809 rootless: `/sys/fs/cgroup` is writable when cgroupns isn't unshared in runc

runc is a CLI tool for spawning and running containers according to the OCI specification. In affected versions it was found that rootless runc makes /sys/fs/cgroup writable in following conditons: 1. when runc is executed inside the user namespace, and the config.json does not specify the cgroup...

[SECURITY] Fedora 36 Update: golang-github-sophaskins-efs2tar-0-0.5.20210317git4db1b0f.fc36

efs2tar is a tool that converts SGI EFS-formatted filesystem images ie, the result of dd-ing a whole device in to a file in to tarballs. It was based entirely on NetBSD's sys/fs/efs...

[SECURITY] Fedora 35 Update: golang-github-sophaskins-efs2tar-0-0.4.20210317git4db1b0f.fc35

efs2tar is a tool that converts SGI EFS-formatted filesystem images ie, the result of dd-ing a whole device in to a file in to tarballs. It was based entirely on NetBSD's sys/fs/efs...

f2fs-tools: Multiple vulnerabilities

Background Tools for Flash-Friendly File System F2FS. Description Multiple vulnerabilities have been discovered in f2fs-tools. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workaround a...

fuseiso: Multiple vulnerabilities

Background FuseISO is a FUSE module to mount ISO filesystem images .iso, .nrg, .bin, .mdf and .img files. Description Multiple vulnerabilities have been discovered in fuseiso. Please review the CVE identifiers referenced below for details. Impact A remote attacker could entice a user to open a...

Denial Of Service (DoS)

The kernel package is vulnerable to denial of service DoS. The RHSA-2009:0225 update introduced a rewrite attack flaw in the docoredump function. A local attacker able to guess the file name a process is going to dump its core to, prior to the process crashing, could use this flaw to append data ...

Security update for qemu (important)

openSUSE Security Update: Security update for qemu Announcement ID: openSUSE-SU-2019:0254-1 Rating: important References: 1063993 1079730 1100408 1101982 1112646 1114957 1116717 1117275 1119493 1121600 1123156 1123179 Cross-References: CVE-2018-16872 CVE-2018-18954 CVE-2018-19364 CVE-2018-19489...

glibc ld.so - Memory Leak / Buffer Overflow Vulnerability

Exploit for linux platform in category local exploits Qualys Security Advisory Buffer overflow in glibc's ld.so ======================================================================== Contents ======================================================================== Summary Memory Leak Buffer...

Qualys Security Advisory - GNU C Library Memory Leak / Buffer Overflow

Qualys Security Advisory Buffer overflow in glibc's ld.so ======================================================================== Contents ======================================================================== Summary Memory Leak Buffer Overflow Exploitation Acknowledgments...

GLSA-201701-73 : SQUASHFS: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-201701-73 SQUASHFS: Multiple vulnerabilities Multiple vulnerabilities have been discovered in SQUASHFS. Please review the CVE identifiers referenced below for details. Impact : Remote attackers, by enticing a user to process a...

e2fsprogs: Heap-based buffer overflow

Background e2fsprogs is a set of utilities for maintaining the ext2, ext3 and ext4 file systems. Description A heap-based buffer overflow was discovered in openfs.c in the libext2fs library in e2fsprogs. Impact A remote attacker could entice a user to use ext2fs library for example, fsck on a...

exFAT: Multiple vulnerabilities

Background A full-featured exFAT file system implementation for Unix-like systems. Description Two vulnerabilities were found in exFAT. A malformed input can cause a write heap overflow or cause an endless loop. Impact Remote attackers could execute arbitrary code or cause Denial of Service...

Gentoo Security Advisory GLSA 200511-17 (FUSE)

The remote host is missing updates announced in advisory GLSA 200511-17. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...

Gentoo Security Advisory GLSA 200411-22 (davfs2)

The remote host is missing updates announced in advisory GLSA 200411-22. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...

Gentoo Security Advisory GLSA 200511-17 (FUSE)

The remote host is missing updates announced in advisory GLSA 200511-17. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[ GLSA 200511-17 ] FUSE: mtab corruption through fusermount

Gentoo Linux Security Advisory GLSA 200511-17 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity:...