Security update for systemd (important)

openSUSE Security Update: Security update for systemd Announcement ID: openSUSE-SU-2019:1450-1 Rating: important References: 1080919 1121563 1125352 1126056 1127557 1128657 1130230 1132348 1132400 1132721 955942 Cross-References: CVE-2018-6954 CVE-2019-3842 CVE-2019-6454 Affected Products: openSU...

SUSE SLED12 / SLES12 Security Update : systemd (SUSE-SU-2019:1265-1)

This update for systemd fixes the following issues : Security issues fixed : CVE-2018-6954: Fixed a vulnerability in the symlink handling of systemd-tmpfiles which allowed a local user to obtain ownership of arbitrary files bsc1080919. CVE-2019-3842: Fixed a vulnerability in pamsystemd which...

Important: Red Hat Security Advisory: kernel security and bug fix update

An update for kernel is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

PT-2019-4498 · Linux +5 · Linux Kernel +5

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.0.6 Description: The issue is related to a NULL pointer dereference in the drop sysctl table function in the Linux kernel, specifically in fs/proc/proc sysctl.c, and is connected to the put links command. This...

iOS / macOS 10.13.6 - if_ports_used_update_wakeuuid() 16-byte Uninitialized Kernel Stack Disclosure

/ macOS 10.13.4 introduced the file bsd/net/ifportsused.c, which defines sysctls for inspecting ports, and added the function IOPMCopySleepWakeUUIDKey to the file iokit/Kernel/IOPMrootDomain.cpp. Here's the code of the latter function: extern "C" bool IOPMCopySleepWakeUUIDKeychar buffer, sizet...

Linux: ICMP Redirect (accept)

ICMP Redirects are used to update a hosts routing information, if e.g. an alternative and possible more direct route is available. If the host does not act as a router, ICMP Redirects are not needed. Further more, an attacker could use corrupt routing to have users access a system set up by the...

Linux: IP Forwarding

The net.ipv4.ipforward and net.ipv6.conf.all.forwarding flags are used to tell the system whether it can forward packets or not. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

Linux Kernel 4.4.0-21 < 4.4.0-51 (Ubuntu 14.04/16.04 x64) - 'AF_PACKET' Race Condition Privilege Escalation

/ chocoboroot.c linux AFPACKET race condition exploit for CVE-2016-8655. Includes KASLR and SMEP/SMAP bypasses. For Ubuntu 14.04 / 16.04 x8664 kernels 4.4.0 before 4.4.0-53.74. All kernel offsets have been tested on Ubuntu / Linux Mint. vroom vroom ============================== user@ubuntu:$ una...

CVE-2018-17156

In FreeBSD before 11.2-STABLEr340268 and 11.2-RELEASE-p5, due to incorrectly accounting for padding on 64-bit platforms, a buffer underwrite could occur when constructing an ICMP reply packet when using a non-standard value for the net.inet.icmp.quotelen sysctl...

CVE-2018-17156

CVE-2018-17156 affects FreeBSD releases prior to 11.2-STABLE (r340268) and 11.2-RELEASE-p5. The issue stems from incorrect padding accounting on 64-bit platforms when constructing an ICMP reply packet using a non-standard value for net.inet.icmp.quotelen, which can lead to a buffer underwrite. Af...

OracleVM 3.3 / 3.4 : procps (OVMSA-2018-0226)

The remote OracleVM system is missing necessary patches to address critical security updates : - vmstat: fix invalid CPU utilization stats after vCPU hot-plug/unplug Konrad Rzeszutek Wilk bug 18011019 - drop leftover assignment in fix for CVE-2018-1124 causing a severe regression - Resolves:...

CVE-2017-18188

CVE-2017-18188 affects OpenRC opentmpfiles up to version 0.1.3. When the fs.protected_hardlinks sysctl is disabled, local users can cause a file ownership change by creating a hard link inside a directory that will later be processed by a recursive chown -R. The root cause is the interaction betw...

CVE-2018-6954

systemd-tmpfiles in systemd through 237 mishandles symlinks present in non-terminal path components, which allows local users to obtain ownership of arbitrary files via vectors involving creation of a directory and a file under that directory, and later replacing that directory with a symlink. Th...

openSUSE Security Update : systemd (openSUSE-2018-117)

This update for systemd fixes several issues. This security issue was fixed : - CVE-2018-1049: Prevent race that can lead to DoS when using automounts bsc1076308. These non-security issues were fixed : - core: don't choke if a unit another unit triggers vanishes during reload - delta: don't ignor...

CVE-2017-18078

systemd-tmpfiles in systemd before 237 attempts to support ownership/permission changes on hardlinked files even if the fs.protectedhardlinks sysctl is turned off, which allows local users to bypass intended access restrictions via vectors involving a hard link to a file for which the user lacks...

systemd (systemd-tmpfiles) < 236 - 'fs.protected_hardlinks=0' Local Privilege Escalation

Product: systemd systemd-tmpfiles Versions-affected: 236 and earlier Author: Michael Orlitzky Fixed-in: commit 5579f85 , version 237 Bug-report: https://github.com/systemd/systemd/issues/7736 Acknowledgments: Lennart Poettering who, instead of calling me an idiot for not realizing that systemd...

OracleVM 3.4 : Unbreakable / etc (OVMSA-2018-0007) (Spectre)

The remote OracleVM system is missing necessary patches to address critical security updates : - x86/ibrs: Remove 'ibrsdump' and remove the prdebug Konrad Rzeszutek Wilk Orabug: 27350825 - kABI: Revert kABI: Make the bootcpudata look normal Konrad Rzeszutek Wilk CVE-2017-5715 - userns: prevent...

CVE-2017-16995

The checkaluop function in kernel/bpf/verifier.c in the Linux kernel through 4.4 allows local users to cause a denial of service memory corruption or possibly have unspecified other impact by leveraging incorrect sign extension...

Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2017-3651)

The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2017-3651 advisory. - mm, thp: Do not make page table dirty unconditionally in followtranshugepmd Kirill A. Shutemov Orabug: 27200879 CVE-2017-1000405 - fix unbalanced...

OracleVM 3.4 : Unbreakable / etc (OVMSA-2017-0169)

The remote OracleVM system is missing necessary patches to address critical security updates : - thp: run vmaadjusttranshuge outside immaprwsem Kirill A. Shutemov Orabug: 27026180 - selinux: fix off-by-one in setprocattr Stephen Smalley Orabug: 27001717 CVE-2017-2618 CVE-2017-2618 CVE-2017-2618 -...