CVE-2015-5218

Buffer overflow in text-utils/colcrt.c in colcrt in util-linux before 2.27 allows local users to cause a denial of service crash via a crafted file, related to the page global variable...

Buffer overflow

Buffer overflow in text-utils/colcrt.c in colcrt in util-linux before 2.27 allows local users to cause a denial of service crash via a crafted file, related to the page global variable...

CVE-2015-5218

Buffer overflow in text-utils/colcrt.c in colcrt in util-linux before 2.27 allows local users to cause a denial of service crash via a crafted file, related to the page global variable...

CVE-2015-5218

Buffer overflow in text-utils/colcrt.c in colcrt in util-linux before 2.27 allows local users to cause a denial of service crash via a crafted file, related to the page global variable...

CVE-2015-5218

CVE-2015-5218 is a buffer overflow in util-linux's text-utils/colcrt.c (colcrt) that allows a local user to crash the system via a crafted file. The description states the issue and the mitigation path provided here is for CP4S: upgrade Cloud Pak for Security to 1.9.0 (per remediation section); n...

Mageia: Security Advisory (MGASA-2015-0434)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Updated util-linux packages fix security vulnerability

A buffer overflow in the colcrt command in util-linux can lead to a crash when given a large input CVE-2015-5218...

openSUSE Security Update : util-linux (openSUSE-2015-702)

util-linux was updated to fix one security issue. This security issue was fixed : - CVE-2015-5218: Prevent colcrt buffer overflow bsc949754. This non-security issue was fixed : - bsc903440: Calendar 'cal' crash with segmentation fault when execute in background. %NASLMINLEVEL 70300 C Tenable...

Mageia: Security Advisory (MGASA-2015-0352)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Oracle: Security Advisory (ELSA-2012-0307)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Gentoo Security Advisory GLSA 201405-15

Gentoo Linux Local Security Checks GLSA 201405-15 SPDX-FileCopyrightText: 2015 Eero Volotinen Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later ifdescription...

Updated util-linux packages fix CVE-2015-5224

Updated util-linux packages fix security vulnerability: The chfn and chsh commands in util-linux's login-utils are vulnerable to a file name collision due to incorrect mkstemp usage. If the chfn and chsh binaries are both setuid-root they eventually call mkostemp in such a way that an attacker...

Qualys Security Advisory - CVE-2015-3245 userhelper - CVE-2015-3246 libuser

Hello, it is July 23, 2015, 17:00 UTC, the Coordinated Release Date for CVE-2015-3245 and CVE-2015-3246. Please find our advisory below, and our exploit attached. Qualys Security Advisory CVE-2015-3245 userhelper chfn newline filtering CVE-2015-3246 libuser passwd file handling -- Summary...

util-linux Package 'hwclock(8)' local elevation of privilege vulnerability

The util-linux package is a suite of system administration tools for Linux that provides tools to load, unload, format, partition and manage hard drives, open tty ports and get kernel messages. The util-linux package is vulnerable to a local boost vulnerability. A local attacker could exploit thi...

hwclock Privilege Escalation

Hello, During a recent assessment I have stumbled across a system which had hwclock8 setuid root hwclock is a part of util-linux, all versions affected $ man hwclock | sed -n '223,231p' Users access and setuid Sometimes, you need to install hwclock setuid root. If you want users other than the...

SUSE SLED12 / SLES12 Security Update : util-linux (SUSE-SU-2015:0270-1)

util-linux was updated to fix one security issue. This security issue was fixed : - CVE-2014-9114: Using crafted block devices e.g. USB sticks it was possibly to inject code via libblkid. libblkid was fixed to care about unsafe chars and possible buffer overflow in cache bnc907434 The update...

util-linux blkid commands injection

No description provided...

[ MDVSA-2015:122 ] util-linux

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2015:122 http://www.mandriva.com/en/support/security/ Package : util-linux Date : March 29, 2015 Affected: Business Server 2.0 Problem Description: Updated util-linux packages fix security vulnerability: Sebastia...

Mandriva Linux Security Advisory : util-linux (MDVSA-2015:122)

Updated util-linux packages fix security vulnerability : Sebastian Krahmer reported a command injection flaw in blkid. This could possibly result in command execution with root privileges CVE-2014-9114. The util-linux package has been updated to version 2.24.2 and patched to fix this issue and...

util-linux: command injection

There is a command injection inside blkid. It uses caching files /dev/.blkid.tab or /run/blkid/blkid.tab to store info about the UUID, LABEL etc it finds on certain devices. However, it does not strip " character, so it can be confused to build variable names containing embedded shell metas, whic...