Fedora 26 : coreutils (2017-b17d54561b)

tail: revert to polling if a followed directory is replaced 1283760 ---- - date, touch: fix out-of-bounds write via large TZ variable CVE-2017-7476 ---- - do not obsolete coreutils-single, so it can be installed by DNF2 1444802 Note that Tenable Network Security has extracted the preceding...

CVE-2017-7476

Gnulib before 2017-04-26 has a heap-based buffer overflow with the TZ environment variable. The error is in the saveabbr function in timerz.c...

CVE-2014-9680

sudo before 1.8.12 does not ensure that the TZ environment variable is associated with a zoneinfo file, which allows local users to open arbitrary files for read access but not view file contents by running a program within an sudo session, as demonstrated by interfering with terminal output,...

Debian DLA-160-1 : sudo security update

This update fixes the CVEs described below. CVE-2014-0106 Todd C. Miller reported that if the envreset option is disabled in the sudoers file, the envdelete option is not correctly applied to environment variables specified on the command line. A malicious user with sudo permissions may be able t...

[SECURITY] [DSA 3167-1] sudo security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3167-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso February 22, 2015 http://www.debian.org/security/faq -...

[SECURITY] [DLA 160-1] sudo security update

Package : sudo Version : 1.7.4p4-2.squeeze.5 CVE ID : CVE-2014-0106 CVE-2014-9680 Debian Bug : 772707 This update fixes the CVEs described below. CVE-2014-0106 Todd C. Miller reported that if the envreset option is disabled in the sudoers file, the envdelete option is not correctly applied to...

Debian DSA-3167-1 : sudo - security update

Jakub Wilk reported that sudo, a program designed to provide limited super user privileges to specific users, preserves the TZ variable from a user's environment without any sanitization. A user with sudo access may take advantage of this to exploit bugs in the C library functions which parse the...

Debian Security Advisory DSA 3167-1 (sudo - security update)

Jakub Wilk reported that sudo, a program designed to provide limited super user privileges to specific users, preserves the TZ variable from a user OpenVAS Vulnerability Test $Id: deb3167.nasl 6609 2017-07-07 12:05:59Z cfischer $ Auto-generated from advisory DSA 3167-1 using nvtgen 1.0 Script...

CVE-2001-0423

CVE-2001-0423 concerns a buffer overflow in Solaris 7 x86 ‘ipcs’ that local users can exploit by supplying a long TZ environment variable, enabling arbitrary code execution on the affected host. The vulnerability is specific to Solaris 7 x86; it is described as a local privilege escalation/vector...