SUSE SLES12 Security Update : kernel (SUSE-SU-2018:4157-1)

This update for the Linux Kernel 3.12.74-606493 fixes several issues. The following security issues were fixed : CVE-2018-9568: Prevent possible memory corruption due to type confusion in skclonelock. This could lead to local privilege escalation bsc1118319. CVE-2018-5848: Fixed an unsigned integ...

SUSE SLES12 Security Update : kernel (SUSE-SU-2018:4153-1)

This update for the Linux Kernel 3.12.74-606488 fixes several issues. The following security issues were fixed : CVE-2018-9568: Prevent possible memory corruption due to type confusion in skclonelock. This could lead to local privilege escalation bsc1118319. CVE-2018-5848: Fixed an unsigned integ...

SUSE-SU-2018:4127-1 Security update for the Linux Kernel (Live Patch 18 for SLE 12 SP2)

This update for the Linux Kernel 4.4.114-9264 fixes one issue. The following security issue was fixed: - CVE-2018-5848: Fixed an unsigned integer overflow in wmisetie. This could lead to a buffer overflow bsc1097356...

The vulnerability of the Windows operating system, related to errors in the driver authenticity verification mechanism, allows a hacker to load improperly signed drivers into the kernel.

The vulnerability of the Windows operating system is related to errors in the mechanism for verifying the authenticity of kernel drivers. Exploiting this vulnerability allows an attacker to load improperly signed drivers into the kernel...

OpenJDK: Incorrect handling of unsigned attributes in signed Jar manifests (Security, 8194534)

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: Security. Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181. Difficult to exploit vulnerability allows unauthenticated attacker with network access via...

harfbuzz/hb-shape-fuzzer: Use-of-uninitialized-value in CFF::Charset1_2<OT::IntType<unsigned char, 1u> >::get_glyph

Project: https://github.com/harfbuzz/harfbuzz.git Detailed report: https://oss-fuzz.com/testcase?key=5632586529898496 Project: harfbuzz Fuzzer: libFuzzerharfbuzzhb-shape-fuzzer Fuzz target binary: hb-shape-fuzzer Job Type: libfuzzermsanharfbuzz Platform Id: linux Crash Type:...

OpenJDK: Incorrect handling of unsigned attributes in signed Jar manifests (Security, 8194534)

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: Security. Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181. Difficult to exploit vulnerability allows unauthenticated attacker with network access via...

OpenJDK: Incorrect handling of unsigned attributes in signed Jar manifests (Security, 8194534)

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: Security. Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181. Difficult to exploit vulnerability allows unauthenticated attacker with network access via...

Microsoft Windows Security Feature Bypass Vulnerability (CNVD-2019-02774)

Windows is a set of operating systems developed by Microsoft Corporation in the U.S. Windows uses a graphical mode GUI. A security feature bypass vulnerability exists in Microsoft Windows. The vulnerability stems from Windows failing to properly verify kernel driver signatures. An attacker could...

RHEL 6 : java-1.8.0-ibm (RHSA-2018:3533)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:3533 advisory. IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE ...

RHEL 7 : java-1.8.0-ibm (RHSA-2018:3534)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:3534 advisory. - OpenJDK: Incorrect handling of unsigned attributes in signed Jar manifests Security, 8194534 CVE-2018-3136 - OpenJDK: Leak of sensitive...

OpenJDK: Incorrect handling of unsigned attributes in signed Jar manifests (Security, 8194534)

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: Security. Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181. Difficult to exploit vulnerability allows unauthenticated attacker with network access via...

OpenJDK: Incorrect handling of unsigned attributes in signed Jar manifests (Security, 8194534)

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: Security. Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181. Difficult to exploit vulnerability allows unauthenticated attacker with network access via...

OpenJDK: Incorrect handling of unsigned attributes in signed Jar manifests (Security, 8194534)

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: Security. Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181. Difficult to exploit vulnerability allows unauthenticated attacker with network access via...

OpenJDK: Incorrect handling of unsigned attributes in signed Jar manifests (Security, 8194534)

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: Security. Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181. Difficult to exploit vulnerability allows unauthenticated attacker with network access via...

Important: Red Hat Security Advisory: java-1.7.0-openjdk security update

An update for java-1.7.0-openjdk is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

OpenJDK: Incorrect handling of unsigned attributes in signed Jar manifests (Security, 8194534)

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: Security. Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181. Difficult to exploit vulnerability allows unauthenticated attacker with network access via...

kernel: Buffer overflow in hidp_process_report

A buffer overflow due to a singed-unsigned comparsion was found in hidpprocessreport in the net/bluetooth/hidp/core.c in the Linux kernel. The buffer length is an unsigned int but gets cast to a signed int which in certain conditions can lead to a system panic and a denial-of-service...

kernel: buffer overflow in drivers/net/wireless/ath/wil6210/wmi.c:wmi_set_ie() may lead to memory corruption

In the function wmisetie in the Linux kernel the length validation code does not handle unsigned integer overflow properly. As a result, a large value of the ‘ielen’ argument can cause a buffer overflow and thus a memory corruption leading to a system crash or other or unspecified impact. Due to...

CVE-2018-18710

An issue was discovered in the Linux kernel through 4.19. An information leak in cdromioctlselectdisc in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast from unsigned long to int interferes with bounds checking. This is similar to CVE-2018-10940 and...