phpMyAdmin: Security bypass

Background phpMyAdmin is a web-based management tool for MySQL databases. Description A vulnerability was discovered where the restrictions caused by “$cfg‘Servers’$i‘AllowNoPassword’ = false” are bypassed under certain PHP versions. This can lead compromised user accounts, who have no passwords...

X.Org X11 library: Multiple vulnerabilities

Background X.Org is an implementation of the X Window System. The X.Org X11 library provides the X11 protocol library files. Description Multiple vulnerabilities have been discovered in X.Org X11 library. Please review the CVE identifiers referenced below for details. Impact A remote attacker, by...

OpenSSH: User enumeration vulnerability

Background OpenSSH is a complete SSH protocol implementation that includes SFTP client and server support. Description It was discovered that OpenSSH was prone to a user enumeration vulnerability. Impact A remote attacker could conduct user enumeration. Workaround There is no known workaround at...

Chromium, Google Chrome: User-assisted execution of arbitrary code

Background Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web. Google Chrome is one fast, simple, and secure browser for all your devices. Description An out of bounds flaw has discovered in Chromium and Chrome’s ...

Quassel: Multiple vulnerabilities

Background Quassel is a Qt4/KDE4 IRC client suppporting a remote daemon for 24/7 connectivity. Description Multiple vulnerabilities have been discovered in Quassel. Please review the CVE identifiers referenced below for details. Impact A remote attacker could cause arbitrary code execution or a...

Transmission: Remote code execution

Background Transmission is a cross-platform BitTorrent client. Description A vulnerability was discovered in how Transmission handles access control through the X-Transmission-Session-Id. Impact A remote attacker could execute arbitrary RFC commands or consequently conduct a DNS rebinding attack...

Python: Buffer overflow

Background Python is an interpreted, interactive, object-oriented programming language. Description A buffer overflow vulnerability have been discovered in Python. Please review the CVE identifiers referenced below for details. Impact A remote attacker, in special situations such as function as a...

OpenSSL: Denial of service

Background OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer SSL v2/v3 and Transport Layer Security TLS v1 as well as a general purpose cryptography library. Description It was discovered that OpenSSL allow malicious servers to send very large primes to a client during DHE...

Mozilla Firefox: Multiple vulnerabilities

Background Mozilla Firefox is a popular open-source web browser from the Mozilla Project. Description Multiple vulnerabilities have been discovered in Mozilla Firefox. Please review the CVE identifiers referenced below for details. Impact A remote attacker could entice a user to view a specially...

WebkitGTK+: Multiple vulnerabilities

Background WebKitGTK+ is a full-featured port of the WebKit rendering engine, suitable for projects requiring any kind of web integration, from hybrid HTML/CSS applications to full-fledged web browsers. Description Multiple vulnerabilities have been discovered in WebKitGTK+. Please review the...

Xen: Multiple vulnerabilities

Background Xen is a bare-metal hypervisor. Description Multiple vulnerabilities have been discovered in Xen. Please review the referenced CVE identifiers for details. Impact A local attacker could cause a Denial of Service condition or disclose sensitive information. Workaround There is no known...

PNP4Nagios: Root privilege escalation

Background PNP4Nagios is an addon for the Nagios Network Monitoring System. Description It was found that PHP4Nagios creates files owned by an unprivileged user that are used by root. Impact A local attacker could escalate privileges to root. Workaround There is no known workaround at this time...

Git: Multiple vulnerabilities

Background Git is a free and open source distributed version control system designed to handle everything from small to very large projects with speed and efficiency. Description Multiple vulnerabilities have been discovered in Git. Please review the CVE identifiers referenced below for details...

Mozilla Firefox: Multiple vulnerabilities

Background Mozilla Firefox is a popular open-source web browser from the Mozilla Project. Description Multiple vulnerabilities have been discovered in Mozilla Firefox. Please review the referenced CVE identifiers for details. Impact A remote attacker could entice a user to view a specially crafte...

tqdm: Arbitrary code execution

Background tqdm is a smart progress meter. Description A vulnerablility was discovered in tqdm.version that could allow a malicious git log within the current working directory. Impact A remote attacker could execute arbitrary commands by enticing a user to clone a crafted repo. Workaround There ...

Adobe Flash Player: Multiple vulnerabilities

Background The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Description Multiple vulnerabilities have been discovered in Adobe Flash Player. Please review the CVE identifiers referenced below for details. Impact A remote attacke...

SoX: Multiple vulnerabilities

Background SoX is a command line utility that can convert various formats of computer audio files in to other formats. Description Multiple vulnerabilities have been discovered in SoX. Please review the referenced CVE identifiers for details. Impact A remote attacker, by enticing a user to proces...

BURP: Multiple vulnerabilities

Background A network backup and restore program. Description It was discovered that Gentoo’s BURP ebuild does not properly set permissions or place the pid file in a safe directory. Impact A local attacker could escalate privileges. Workaround Users should ensure the proper permissions are set as...

systemd: Multiple vulnerabilities

Background A system and service manager. Description Multiple vulnerabilities have been discovered in systemd. Please review the CVE identifiers referenced below for details. Impact An attacker could possibly execute arbitrary code, cause a Denial of Service condition, or gain escalated privilege...

Chromium, Google Chrome: Multiple vulnerabilities

Background Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web. Google Chrome is one fast, simple, and secure browser for all your devices. Description Multiple vulnerabilities have been discovered in Chromium and...

Icecast: Arbitrary code execution

Background Icecast is an open source alternative to SHOUTcast that supports MP3, OGG Vorbis/Theora and AAC streaming. Description Multiple buffer overflows have been discovered in Icecast. Please review the CVE identifier referenced below for details. Impact A remote attacker, by sending a...

GNU Wget: Cookie injection

Background GNU Wget is a free software package for retrieving files using HTTP, HTTPS and FTP, the most widely-used Internet protocols. Description A vulnerability was discovered in GNU Wget’s respnew function which does not validate \r\n sequences in continuation lines. Impact A remote attacker...

file: Denial of service

Background file is a utility that guesses a file format by scanning binary data for patterns. Description File does not properly utilize the docorenote function in readelf.c in libmagic.a. Impact A remote attacker could send a specially crafted ELF file possibly resulting in a Denial of Service...

cURL: Multiple vulnerabilities

Background A command line tool and library for transferring data with URLs. Description Multiple vulnerabilities have been discovered in cURL. Please review the CVE identifiers referenced below for details. Impact Remote attackers could cause a Denial of Service condition, obtain sensitive...

libde265: Multiple vulnerabilities

Background Open h.265 video codec implementation. Description Multiple vulnerabilities have been discovered in libde265. Please review libde265 changelog referenced below for details. Impact A remote attacker could entice a user to open a specially crafted media file using libde265 or linked...

cURL: Heap-based buffer overflow

Background A command line tool and library for transferring data with URLs. Description A heap-based buffer overflow was discovered in cURL’s Curlsmtpescapeeob function. Impact An attacker could cause a Denial of Service condition or execute arbitrary code via SMTP connections. Workaround There i...

Okular: Directory traversal

Background Okular is a universal document viewer based on KPDF for KDE 4. Description It was discovered that Okular contains a Directory Traversal vulnerability in function unpackDocumentArchive in core/document.cpp. Impact A remote attacker could entice a user to open a specially crafted Okular...

xkbcommon: Multiple vulnerabilities

Background xkbcommon is a library to handle keyboard descriptions, including loading them from disk, parsing them and handling their state. Description Multiple vulnerabilities have been discovered in libxkbcommon. Please review the CVE identifiers referenced below for details. Impact A local...

X.Org X Server: Privilege escalation

Background The X Window System is a graphical windowing system based on a client/server model. Description An incorrect permission check for -modulepath and -logfile options when starting Xorg. X server allows unprivileged users with the ability to log in to the system via physical console to...

LinuX Containers user space utilities: Arbitrary file read

Background LinuX Containers user space utilities. Description lxc-user-nic when asked to delete a network interface will unconditionally open a user provided path. This code path may be used by an unprivileged user to check for the existence of a path which they wouldn’t otherwise be able to reac...

procps: Multiple vulnerabilities

Background A bunch of small useful utilities that give information about processes using the /proc filesystem. Description Multiple vulnerabilities have been discovered in procps. Please review the CVE identifiers referenced below for details. Impact A local attacker could execute arbitrary code,...

Passenger: Multiple Vulnerabilities

Background Passenger runs and manages your Ruby, Node.js, and Python apps. Description Multiple vulnerabilities have been discovered in Passenger. Please review the CVE identifiers referenced below for details. Impact A remote attacker could escalate privileges, execute arbitrary code, cause a...

PHProjekt: Multiple vulnerabilities

Background PHProjekt is an application suite that supports communication and management of teams and companies. Description Multiple vulnerabilities have been discovered in PHProjekt due to embedded Zend Framework. Please review the GLSA identifiers referenced below for details. Impact Remote...

ZNC: Multiple Vulnerabilities

Background ZNC is an advanced IRC bouncer. Description Multiple vulnerabilities have been discovered in ZNC. Please review the CVE identifiers referenced below for details. Impact A remote attacker could read arbitary files and esclate privileges. Workaround There is no known workaround at this...

Mutt, NeoMutt: Multiple vulnerabilities

Background Mutt is a small but very powerful text-based mail client. NeoMutt is a command line mail reader or MUA. It’s a fork of Mutt with added features. Description Multiple vulnerabilities have been discovered in Mutt, and NeoMutt. Please review the CVE identifiers referenced below for detail...

ImageMagick: Security hardening

Background ImageMagick is a collection of tools and libraries for many image formats. Description If you process an image with ImageMagick and don’t validate the file before e.g. check magic byte, ImageMagick will call any coders found in the given file. So if ImageMagick will find Ghostscript fo...

NetworkManager VPNC plugin: Privilege escalation

Background NetworkManager is an universal network configuration daemon for laptops, desktops, servers and virtualization hosts. The VPNC plugin provides easy access Cisco Concentrator based VPN’s utilizing NetworkManager. Description When initiating a VPNC connection, NetworkManager spawns a new...

Pango: Denial of service

Background Library for layout and rendering of internationalized text. Description Processing certain invalid Emoji sequences in a GTK+ application can trigger a reachable assertion resulting in an application crash. Impact A remote attacker could provide a specially crafted Emoji sequences,...

PostgreSQL: Multiple vulnerabilities

Background PostgreSQL is an open source object-relational database management system. Description Multiple vulnerabilities have been discovered in PostgreSQL. Please review the referenced CVE identifiers for details. In addition it was discovered that Gentoo’s PostgreSQL installation suffered fro...

Samba: Multiple vulnerabilities

Background Samba is a suite of SMB and CIFS client/server programs. Description Multiple vulnerabilities have been discovered in Samba. Please review the CVE identifiers referenced below for details. Impact A remote attacker could possibly execute arbitrary code, cause a Denial of Service...

beep: Local privilege escalation

Background The advanced PC speaker beeper. Description A race condition, if setuid, was discovered in beep. Impact A local attacker could escalate privileges. Workaround There is no known workaround at this time. Resolution All beep users should upgrade to the latest version: emerge --sync emerge...

OpenSSH: Multiple vulnerabilities

Background OpenSSH is a complete SSH protocol implementation that includes SFTP client and server support. Description Multiple vulnerabilities have been discovered in OpenSSH. Please review the CVE identifiers referenced below for details. Impact A remote attacker, able to access the socket of t...

VirtualBox: Multiple vulnerabilities

Background VirtualBox is a powerful virtualization product from Oracle. Description Multiple vulnerabilities have been discovered in VirtualBox. Please review the CVE identifiers referenced below for details. Impact An attacker could take control of VirtualBox resulting in the execution of...

Qt WebEngine: Arbitrary code execution

Background Library for rendering dynamic web content in Qt5 C++ and QML applications. Description A use-after-free vulnerability has been found in the audio component of Qt WebEngine. Impact A remote attacker could entice a user to open a specially crafted media file in an application linked...

NTP: Multiple vulnerabilities

Background NTP contains software for the Network Time Protocol. Description Multiple vulnerabilities have been discovered in NTP. Please review the CVE identifiers referenced below for details. Impact A remote attacker could possibly execute arbitrary code or cause a Denial of Service condition...

Rootkit Hunter: User-assisted execution of arbitrary code

Background Scans for known and unknown rootkits, backdoors, and sniffers. Description A vulnerability was discovered in Rootkit Hunter that allows the downloading of mirror updates over insecure channels HTTP. Furthermore, the mirror update is then executed in Bash. Impact A remote attacker, by...

Zsh: Multiple vulnerabilities

Background A shell designed for interactive use, although it is also a powerful scripting language. Description Multiple vulnerabilities have been discovered in Zsh. Please review the CVE identifiers referenced below for details. Impact A local attacker could execute arbitrary code, escalate...

Chromium, Google Chrome: Multiple vulnerabilities

Background Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web. Google Chrome is one fast, simple, and secure browser for all your devices. Description Multiple vulnerabilities have been discovered in Chromium and...

Gitea: Multiple Vulnerabilities

Background Gitea is a painless self-hosted Git service. Description Multiple vulnerabilities have been discovered in Gitea. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workaround at...

Shadow: security bypass

Background Shadow is a set of tools to deal with user accounts. Description A local attacker could possibly bypass security restrictions if an administrator used “group blacklisting” to restrict access to file system paths. Impact A local attacker could possibly bypass security restrictions...