PT-2026-44114

Name of the Vulnerable Software and Affected Versions pam usb versions prior to 0.9.0 Description The deny remote feature incorrectly classifies IPv4-mapped IPv6 remote connections as local sessions. This occurs because the system checks the ut addr v6 field of utmpx using a guard if utent-ut add...

MiracleLinux 3 : util-linux-2.13-0.59.0.1.AXS3 (AXSA:2012-269:01)

The remote MiracleLinux 3 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2012-269:01 advisory. The util-linux package contains a large variety of low-level system utilities that are necessary for a Linux system to function. Among others,...

SUSE CVE-2004-0233

Utempter allows device names that contain .. dot dot directory traversal sequences, which allows local users to overwrite arbitrary files via a symlink attack on device names in combination with an application that trusts the utmp or wtmp files...

SUSE CVE-2006-0224

Buffer overflow in Library of Assorted Spiffy Things LibAST 0.6.1 and earlier, as used in Eterm and possibly other software, allows local users to execute arbitrary code as the utmp user via a long -X command line argument alternative configuration file name...

SUSE CVE-2008-5394

/bin/login in shadow 4.0.18.1 in Debian GNU/Linux, and probably other Linux distributions, allows local users in the utmp group to overwrite arbitrary files via a symlink attack on a temporary file referenced in a line aka utline field in a utmp entry...

SUSE-SU-2022:3382-1 Security update for permissions

This update for permissions fixes the following issues: - CVE-2022-31252: Fixed chkstat group controlled paths bsc1203018. - Add capability for prometheus-blackboxexporter bsc1191194. - Make btmp root:utmp bsc1050467...

systemd security and bug fix update

219-78.0.1 - Backport upstream patches related to private-tmp Sushmita Bhattacharya Orabug: 31561883 - backport upstream pstore tmpfiles patch Eric DeVolder Orabug: 31414539 - udev rules: fix memory hot add and remove Orabug: 31309730 - enable and start the pstore service Orabug: 30950903 - fix t...

Fedora 31 : glibc (2020-1a3bdfde17)

This update fixes a minor security vulnerability LDPREFERMAP32BITEXEC not ignored in setuid binaries and addresses are long-standing bug where missing shared objects could cause crashes due to incorrectly handled dlopen failures RHBZ1395758. The latter fix also causes lazy binding failures in ELF...

systemd security, bug fix, and enhancement update

219-67.0.1 - do not create utmp update symlinks for reboot and poweroff Orabug: 27854896 - OL7 udev rule for virtio net standby interface Orabug: 28826743 - fix netdev is missing for iscsi entry in /etc/fstab Orabug: 25897792 [email protected] - set 'RemoveIPC=no' in logind.conf as default fo...

systemd security update

219-62.0.4 - do not create utmp update symlinks for reboot and poweroff Orabug: 27854896 - OL7 udev rule for virtio net standby interface Orabug: 28826743 - fix netdev is missing for iscsi entry in /etc/fstab Orabug: 25897792 [email protected] - set 'RemoveIPC=no' in logind.conf as default fo...

systemd security update

219-62.0.4 - do not create utmp update symlinks for reboot and poweroff Orabug: 27854896 - OL7 udev rule for virtio net standby interface Orabug: 28826743 - fix netdev is missing for iscsi entry in /etc/fstab Orabug: 25897792 [email protected] - set 'RemoveIPC=no' in logind.conf as default fo...

systemd security update

219-62.0.4 - do not create utmp update symlinks for reboot and poweroff Orabug: 27854896 - OL7 udev rule for virtio net standby interface Orabug: 28826743 - fix netdev is missing for iscsi entry in /etc/fstab Orabug: 25897792 [email protected] - set 'RemoveIPC=no' in logind.conf as default fo...

Updated shadow-utils packages fix security vulnerabilities

It was found that shadow-utils-4.2.1 had a potentially unsafe use of getlogin with the concern that the utmp entry might have a spoofed username associated with a correct uid CVE-2016-6251. It was found that shadow-utils-4.2.1 had an incorrect integer handling problem where it looks like the int...

CVE-2008-5394

/bin/login in shadow 4.0.18.1 in Debian GNU/Linux, and probably other Linux distributions, allows local users in the utmp group to overwrite arbitrary files via a symlink attack on a temporary file referenced in a line aka utline field in a utmp entry...

OracleVM 3.3 : pam (OVMSA-2015-0117)

The remote OracleVM system is missing necessary patches to address critical security updates : - fix CVE-2015-3238 - DoS due to blocking pipe with very long password - make pampwhistory and pamunix tolerant of opasswd file corruption - pamuserdb: allow any crypt hash algorithm to be used 1119289 ...

Gnome-PTY-Helper UTMP Hostname Spoofing Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/15004/info 'gnome-pty-helper' is susceptible to a local UTMP hostname spoofing vulnerability. This issue is due to the failure of the application to properly validate user-supplied data prior to using it to update UTMP...

[SECURITY] Fedora 19 Update: chkrootkit-0.49-9.fc19

chkrootkit is a tool to locally check for signs of a rootkit. It contains: chkrootkit: shell script that checks system binaries for rootkit modification. ifpromisc: checks if the network interface is in promiscuous mode. chklastlog: checks for lastlog deletions. chkwtmp: checks for wtmp deletions...

util-linux security, bug fix, and enhancement update

2.13-0.59.0.1.el5 - Merge UEK modification fix 10104470 - Import hwclock from util-linux-ng Kris Van Hees 2.13-0.59 - fix 768382 - CVE-2011-1675 CVE-2011-1677 util-linux various flaws 2.13-0.58 - fix 677452 - util-linux fails to build with gettext-0.17 2.13-0.57 - fix 646300 - login doesn't updat...

CVE-2011-1496

tmux 1.3 and 1.4 does not properly drop group privileges, which allows local users to gain utmp group privileges via a filename to the -S command-line option...

CVE-2011-1496

CVE-2011-1496 affects tmux 1.3 and 1.4. The issue is that tmux does not drop group privileges correctly, enabling a local user to gain utmp group privileges by supplying a crafted filename to the -S option. The vulnerability is confirmed by multiple advisories (Debian DSA-2212-1 and Fedora update...