47 matches found
DEBIAN-CVE-2017-11565
debian/tor.init in the Debian tor0.2.9.11-1deb9u1 package for Tor was designed to execute aa-exec from the standard system pathname if the apparmor package is installed, but implements this incorrectly with a wrong assumption that the specific pathname would remain the same forever, which allows...
Fedora 26 : tigervnc (2017-2d0066d567)
Security fix for CVE-2017-7392 CVE-2017-7393 CVE-2017-7394 CVE-2017-7395 CVE-2017-7396. Add systemd unit file for Xvnc. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and...
UBUNTU-CVE-2017-6507
An issue was discovered in AppArmor before 2.12. Incorrect handling of unknown AppArmor profiles in AppArmor init scripts, upstart jobs, and/or systemd unit files allows an attacker to possibly have increased attack surfaces of processes that were intended to be confined by AppArmor. This is due ...
Code injection
The lxd-unix.socket systemd unit file in the Ubuntu lxd package before 0.20-0ubuntu4.1 uses world-readable permissions for /var/lib/lxd/unix.socket, which allows local users to gain privileges via unspecified vectors...
[ MDVSA-2015:211 ] glusterfs
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2015:211 http://www.mandriva.com/en/support/security/ Package : glusterfs Date : April 27, 2015 Affected: Business Server 2.0 Problem Description: Updated glusterfs packages fix security vulnerability: glusterfs...
Fedora 18 : zabbix-2.0.8-3.fc18 (2013-18348)
New upstream version 2.0.8 - Patch for CVE-2013-5743 SQL injection vulnerability, ZBX-7091 - Patch for ZBX-6922 Failing host XML import - SQL speed-up patch for graphs ZBX-6804 - Require php-ldap and ZBX-6992 Service SQL - Create and configure a spooling directory for fping files outside of /tmp...
Mandriva Linux Security Advisory : tor (MDVSA-2013:132)
Updated tor package fixes security vulnerabilities : Tor before 0.2.2.34, when configured as a client or bridge, sends a TLS certificate chain as part of an outgoing OR connection, which allows remote relays to bypass intended anonymity properties by reading this chain and then determining the se...