107 matches found
Security update for connman (moderate)
openSUSE Security Update: Security update for connman Announcement ID: openSUSE-SU-2021:0452-1 Rating: moderate References: 1181751 Cross-References: CVE-2021-26675 CVE-2021-26676 CVSS scores: CVE-2021-26675 NVD : 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-26676 NVD : 6.5...
openSUSE Security Update : connman (openSUSE-2021-416)
This update for connman fixes the following issues : Update to 1.39 boo1181751 : - Fix issue with scanning state synchronization and iwd. - Fix issue with invalid key with 4-way handshake offloading. - Fix issue with DNS proxy length checks to prevent buffer overflow. CVE-2021-26675 - Fix issue...
Security update for connman (moderate)
openSUSE Security Update: Security update for connman Announcement ID: openSUSE-SU-2021:0416-1 Rating: moderate References: 1181751 Cross-References: CVE-2021-26675 CVE-2021-26676 CVSS scores: CVE-2021-26675 NVD : 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-26676 NVD : 6.5...
systemd: systemd-resolved allows unprivileged users to configure DNS
An improper authorization flaw was discovered in systemd-resolved in the way it configures the exposed DBus interface org.freedesktop.resolve1. An unprivileged local attacker could call all DBus methods, even when marked as privileged operations. An attacker could abuse this flaw by changing the...
Important: Red Hat Security Advisory: OpenShift Container Platform 4.1.24 machine-os-content-container security update
Red Hat OpenShift Container Platform release 4.1.24 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, whic...
systemd: systemd-resolved allows unprivileged users to configure DNS
An improper authorization flaw was discovered in systemd-resolved in the way it configures the exposed DBus interface org.freedesktop.resolve1. An unprivileged local attacker could call all DBus methods, even when marked as privileged operations. An attacker could abuse this flaw by changing the...
Fedora 31 : systemd (2019-d5bd5f0aa4)
Update to latest release - Emission of Session property-changed notifications from logind is fixed this was breaking the switching of sessions to and from gnome. - Security issue: unprivileged users were allowed to change DNS servers configured in systemd-resolved. Now proper polkit authorization...
Fedora 29 : systemd (2019-8a7dfdf1f3)
Security issue: unprivileged users were allowed to change DNS servers configured in systemd-resolved CVE-2019-15718 - hwdb entries for keyboards are updated to the latest version 1725717 No need to log out or reboot. Note that Tenable Network Security has extracted the preceding description block...
Design/Logic Flaw
In systemd 240, busopensystemwatchbindwithdescription in shared/bus-util.c as used by systemd-resolved to connect to the system D-Bus instance, calls sdbussettrusted, which disables access controls for incoming D-Bus messages. An unprivileged user can exploit this by executing D-Bus methods that...
CVE-2019-15718
An improper authorization flaw was discovered in systemd-resolved in the way it configures the exposed DBus interface org.freedesktop.resolve1. An unprivileged local attacker could call all DBus methods, even when marked as privileged operations. An attacker could abuse this flaw by changing the...
USN-4120-1: systemd vulnerability
It was discovered that the systemd-resolved D-Bus interface did not enforce appropriate access controls. A local unprivileged user could exploit this to modify a system's DNS resolver settings...
USN-4120-1 systemd vulnerability
It was discovered that the systemd-resolved D-Bus interface did not enforce appropriate access controls. A local unprivileged user could exploit this to modify a system's DNS resolver settings...
RHEL 7 : systemd (RHSA-2019:1502)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2019:1502 advisory. The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides aggressive...
RHEL 7 : systemd (RHSA-2019:0204)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:0204 advisory. The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides...
Fedora 27 : systemd (2018-eea8cb8b0e)
a few memory leaks and uninitialized memory accesses - systemd-networkd Remote= must be a unicast address upstream issue 8088 - add /run/systemd/user to the unit lookup path upstream issue 8119 - various fixes for journalctl leaking file descriptors on very quick file rotation upstream issues...
Ubuntu: Security Advisory (USN-3558-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora 27 : systemd (2017-6263c938c7)
Use infinite timeouts for passwords during boot when JobTimeoutSec=0 - Some tty utf8-mode fixes - Only send one auxillary fd set over dbus - Various network-manager crash and spurious assert fixes - Do not remount network filesystems ro during shutdown and unmount DM devices better - Fix...
systemd Network Name Resolution Manager NSEC Resource Record Pseudo-Types Denial of Service Vulnerability
This vulnerability allows remote attackers to cause a denial of service condition on vulnerable installations of systemd Network Name Resolution Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NSEC resource records in...
Fedora 26 : systemd (2017-6f8fcff58c)
systemd-detect-virt QEMU CPUID logic update - Fix cryptsetup devices disappearing when used for btrfs - Fix rfkill on some thinkpads - Extend dbus timeouts to handle slow dbus daemon startup - Fix systemd-resolved DOS with crafted NSEC packets LP1725351 - Backport /etc/crypttab netdev feature...
Systemd Denial of Service Vulnerability
systemd is a system and service manager for the Linux operating system. A denial of service vulnerability exists in systemd 223-235. The vulnerability arises because a remote DNS server can respond with a customized DNS NSEC resource record, which triggers an infinite loop in the...