13 matches found
[slackware-security] kcron
New kcron packages are available for Slackware 15.0 to fix a security issue. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/kcron-21.12.3-i586-1slack15.0.txz: Upgraded. This update fixes a security issue: kcron: Invalid temporary file handling. Thanks to pbslxw for the...
SUSE CVE-2018-16539
In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use incorrect access checking in temp file handling to disclose contents of files on the system otherwise not readable...
ghostscript: incorrect access checking in temp file handling to disclose contents of files (699658)
It was discovered that the ghostscript did not properly restrict access to files open prior to enabling the -dSAFER mode. An attacker could possibly exploit this to bypass the -dSAFER protection and disclose the content of affected files via a specially crafted PostScript document...
Design/Logic Flaw
In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use incorrect access checking in temp file handling to disclose contents of files on the system otherwise not readable...
CVE-2018-16539
In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use incorrect access checking in temp file handling to disclose contents of files on the system otherwise not readable...
CVE-2018-16539
CVE-2018-16539 affects Artifex Ghostscript (prior to 9.24). A crafted PostScript file could bypass access checks in temp file handling, allowing disclosure of files on the system. Multiple advisories (Debian, Red Hat/CentOS, Gentoo, Fedora, IBM PowerKVM, Amazon Linux) document this vulnerability ...
SuSE 10 Security Update : pam_mount (ZYPP Patch Number 5911)
This update fixes the temp-flle handling in the passwdehd script that allowed a symlink attack. CVE-2008-5138 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description...
SuSE9 Security Update : perl-DBI (YOU Patch Number 9838)
This update fixes insecure temp. file handling. CVE-2005-0077 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid41346; scriptversion"1.9";...
SuSE9 Security Update : pam_mount (YOU Patch Number 12332)
This update fixes the temp-flle handling in the passwdehd script that allowed a symlink attack. CVE-2008-5138 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description...
openSUSE Security Update : pam_mount (pam_mount-427)
This update fixes the temp-flle handling in the passwdehd script that allowed a symlink attack. CVE-2008-5138 script was disabled for 11.0 and 11.1 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security...
openSUSE Security Update : pam_mount (pam_mount-427)
This update fixes the temp-flle handling in the passwdehd script that allowed a symlink attack. CVE-2008-5138 script was disabled for 11.0 and 11.1 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security...
[SECURITY] [DSA 1643-1] New feta packages fix denial of service
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1643-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff October 05, 2008 http://www.debian.org/security/faq -...
Debian DSA-1643-1 : feta - insecure temp file handling
Dmitry E. Oboukhov discovered that the 'to-upgrade' plugin of Feta, a simpler interface to APT, dpkg, and other Debian package tools creates temporary files insecurely, which may lead to local denial of service through symlink attacks. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The...