27 matches found
MiracleLinux 8 : rpm-4.14.3-28.el8_9 (AXSA:2024-7498:02)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-7498:02 advisory. rpm: TOCTOU race in checks for unsafe symlinks CVE-2021-35937 rpm: races with chown/chmod/capabilities calls during installation CVE-2021-35938 rpm:...
SUSE SLES12 Security Update : rsync (SUSE-SU-2025:0166-1)
The remote SUSE Linux SLES12 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:0166-1 advisory. - CVE-2024-12085: leak of uninitialized stack data on the server leading to possible ASLR bypass. bsc1234101 - CVE-2024-12086: leak of a client...
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : rsync (SUSE-SU-2025:0156-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:0156-1 advisory. - CVE-2024-12084: heap buffer overflow in checksum parsing. bsc1234100 - CVE-2024-12085: leak of...
Security update for rsync
This update for rsync fixes the following issues: CVE-2024-12085: leak of uninitialized stack data on the server leading to possible ASLR bypass. bsc1234101 CVE-2024-12086: leak of a client machine's file contents through the processing of checksum data. bsc1234102 CVE-2024-12087: arbitrary file...
SUSE-SU-2025:0157-1 Security update for rsync
This update for rsync fixes the following issues: - CVE-2024-12085: leak of uninitialized stack data on the server leading to possible ASLR bypass. bsc1234101 - CVE-2024-12086: leak of a client machine's file contents through the processing of checksum data. bsc1234102 - CVE-2024-12087: arbitrary...
SUSE-SU-2025:0156-1 Security update for rsync
This update for rsync fixes the following issues: - CVE-2024-12084: heap buffer overflow in checksum parsing. bsc1234100 - CVE-2024-12085: leak of uninitialized stack data on the server leading to possible ASLR bypass. bsc1234101 - CVE-2024-12086: leak of a client machine's file contents through...
Security update for rsync
This update for rsync fixes the following issues: NOTE: this update is broken and was retracted. New update will be published as followup update. CVE-2024-12084: heap buffer overflow in checksum parsing. bsc1234100 CVE-2024-12085: leak of uninitialized stack data on the server leading to possible...
Security update for rsync
This update for rsync fixes the following issues: CVE-2024-12085: leak of uninitialized stack data on the server leading to possible ASLR bypass. bsc1234101 CVE-2024-12086: leak of a client machine's file contents through the processing of checksum data. bsc1234102 CVE-2024-12087: arbitrary file...
rpm: checks for unsafe symlinks are not performed for intermediary directories
It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threa...
Moderate: Red Hat Security Advisory: rpm security update
An update for rpm is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CV...
rpm: TOCTOU race in checks for unsafe symlinks
A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and...
ALSA-2024:0647 Moderate: rpm security update
The RPM Package Manager RPM is a command-line driven package management system capable of installing, uninstalling, verifying, querying, and updating software packages. Security Fixes: rpm: TOCTOU race in checks for unsafe symlinks CVE-2021-35937 rpm: races with chown/chmod/capabilities calls...
Moderate: Red Hat Security Advisory: rpm security update
An update for rpm is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
rpm: checks for unsafe symlinks are not performed for intermediary directories
It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threa...
rpm: TOCTOU race in checks for unsafe symlinks
A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and...
rpm: checks for unsafe symlinks are not performed for intermediary directories
It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threa...
rpm: TOCTOU race in checks for unsafe symlinks
A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and...
rpm: checks for unsafe symlinks are not performed for intermediary directories
It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threa...
rpm: TOCTOU race in checks for unsafe symlinks
A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and...
rpm: checks for unsafe symlinks are not performed for intermediary directories
It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threa...