OESA-2022-1891 libvirt security update

Libvirt is a C toolkit to interact with the virtualization capabilities of recent versions of Linux and other OSes. The main package includes the libvirtd server exporting the virtualization support. Security Fixes: A use-after-free flaw was found in libvirt. The qemuMonitorUnregister function in...

PVS Streamprocess: Login failed (error code: 4) for device <devicename>

Target devices are stuck at booting: Application event log is flooded with StreamProcess Event ID 10 that reads: "Login failed error code: 4 for device targetdevice1: No servers available for disk" Application event log will also have Streamprocess event ID 11's which read: "Detected one or more...

virt:ol and virt-devel:ol security, bug fix, and enhancement update

libvirt 8.0.0-5.2.0.1 - Set SOURCEDATEEPOCH from changelog Orabug: 32019554 - Add runtime deps for pkg librbd1 = 1:10.2.5 Keshav Sharma 8.0.0-5.2.el8 - cpumap: Disable cpu64-rhel for host-model and baseline rhbz2084030 - cputest: Drop some old artificial baseline tests rhbz2084030 - cputest: Give...

mariadb: improper locking due to the unreleased lock in extra/mariabackup/ds_compress.cc

MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/dscompress.cc, when an error occurs i.e., going to the err label while executing the method createworkerthreads, the held lock thd-ctrlmutex is not released correctly, which allows local users to trigger a denial ...

Fedora: Security Advisory for golang-starlark (FEDORA-2022-3e1ade35db)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

The vulnerability of the `create_worker_threads` method in the MariaDB database management system allows a hacker to cause a service failure.

The vulnerability of the createworkerthreads method in the MariaDB database management system exists due to improper cleanup or resource release. Exploiting this vulnerability can allow an attacker to cause service failures...

The vulnerability of the `create_worker_threads` method in the MariaDB database management system allows a hacker to cause a service failure.

The vulnerability of the createworkerthreads method in the MariaDB database management system exists due to improper cleanup or resource release. Exploiting this vulnerability can allow an attacker to cause service failures...

Hakoriginfinder - Tool For Discovering The Origin Host Behind A Reverse Proxy. Useful For Bypassing Cloud WAFs!

Tool for discovering the origin host behind a reverse proxy. Useful for bypassing WAFs and other reverse proxies. How does it work? This tool will first make a HTTP request to the hostname that you provide and store the response, then it will make a request to every IP address that you provide vi...

MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc when an error occurs (pthread_create returns a nonzero value) while executing the method create_worker_threads the held lock is not released correctly which allows local users to trigger a denial of service due to the deadlock. Note: The vendor argues this is just an improper locking bug and not a vulnerability with adverse effects.

...

MariaDB 安全漏洞

MariaDB is the database management system of the Mariadb Foundation and a version of the MySQL branch that uses the Maria storage engine. a denial of service vulnerability exists in versions of MariaDB Server prior to 10.7, which originates in extra/mariabackup/dscompress.cc, and can be exploited...

new packages: perl-threads-shared

An update is available for perl-threads-shared. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rock...

new packages: perl-threads

An update is available for perl-threads. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky...

GHSA-9785-W233-X6HV Improper Resource Shutdown or Release in Apache Tomcat

In Apache Tomcat 9.0.0.M1 to 9.0.0.M18 and 8.5.0 to 8.5.12, the handling of an HTTP/2 GOAWAY frame for a connection did not close streams associated with that connection that were currently waiting for a WINDOWUPDATE before allowing the application to write more data. These waiting streams each...

USN-5399-1: libvirt vulnerabilities

It was discovered that libvirt incorrectly handled certain locking operations. A local attacker could possibly use this issue to cause libvirt to stop accepting connections, resulting in a denial of service. This issue only affected Ubuntu 20.04 LTS. CVE-2021-3667 It was discovered that libvirt...

Apache Tomcat DoS Via Requests Including Null Characters

Apache Tomcat 4.0.3, and possibly other versions before 4.1.3 beta, allows remote attackers to cause a denial of service resource exhaustion via a large number of requests to the server with null characters, which causes the working threads to hang...

GSD-2022-1001983 NFS: Avoid writeback threads getting stuck in mempool_alloc()

NFS: Avoid writeback threads getting stuck in mempoolalloc This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.111 by commit...

GSD-2022-1001694 NFS: Avoid writeback threads getting stuck in mempool_alloc()

NFS: Avoid writeback threads getting stuck in mempoolalloc This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.34 by commit...

GSD-2022-1001368 NFS: Avoid writeback threads getting stuck in mempool_alloc()

NFS: Avoid writeback threads getting stuck in mempoolalloc This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.16.20 by commit...

GSD-2022-1001025 NFS: Avoid writeback threads getting stuck in mempool_alloc()

NFS: Avoid writeback threads getting stuck in mempoolalloc This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.17.3 by commit...

Qakbot Botnet Sprouts Fangs, Injects Malware into Email Threads

The Qakbot botnet is getting more dangerous, sinking its fangs into email threads and injecting malicious modules to pump up the core botnet’s powers. On Thursday, Sophos published a deep dive into the botnet, describing how researchers have recently seen it spreading through email thread hijacki...