Jedesmal, wenn mit eingeschaltetem AdBlocker eine Webseite besucht wird, stirbt in einem Labor ein unschuldiges, niedliches Kaninchen einen grausamen Tod! Zusätzlich werden einige Funktionen dieser Webseite durch den AdBlocker blockiert. Bitte deaktivieren Sie Ihren AdBlocker für diese Webseite und retten Sie unschuldige Kaninchen!
Sie können durch Schliessen dieses Fensters natürlich mit AdBlocker weitermachen - wenn Sie mit dieser Schuld leben können .... es liegt an Ihnen - AdBlocker abschalten und ruhig schlafen können oder mit AdBlocker weitermachen und von übelsten Albträumen gequält werden!
Wir haben Sie gewarnt ....
Search - Review
plg_search_jdownloads
Search - K2
Suche - Kategorien
Suche - Kontakte
Suche - Inhalt
Suche - Newsfeeds
Suche - Schlagwörter
Linux Security (6)
Im Sinne der Aktualität sind diese News grösstenteils in englischer Sprache. Falls nötig, bitte die Übersetzungsfunktion verwenden.
-
Glibc Tunables Privilege Escalation
Operating System: Fedora ≈ Packet Storm Dec 21, 2023 | 14:20 pmA buffer overflow exists in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. It has been dubbed Looney Tunables. This issue allows an local attacker to use maliciously crafted GLIBC_TUNABLES when launching binaries with SUID[…]
Read more... -
GNOME Files 43.4 Privilege Escalation
Operating System: Fedora ≈ Packet Storm Aug 8, 2023 | 15:54 pmGNOME Files version 43.4 (nautilus) on Fedora 37 will extract zip archives with setuid files for other user identifiers that can be leveraged to escalate privileges.
Read more... -
Apache Tomcat Privilege Escalation
Operating System: Fedora ≈ Packet Storm Mar 14, 2023 | 14:39 pmThis Metasploit module exploits a vulnerability in RedHat based systems where improper file permissions are applied to /usr/lib/tmpfiles.d/tomcat.conf for Apache Tomcat versions before 7.0.54-8. The configuration files in tmpfiles.d are used by systemd-tmpfiles to manage temporary files including their creation.[…]
Read more... -
Sequoia: A Deep Root In Linux's Filesystem Layer
Operating System: Fedora ≈ Packet Storm Jul 21, 2021 | 16:10 pmQualys discovered a size_t-to-int conversion vulnerability in the Linux kernel's filesystem layer: by creating, mounting, and deleting a deep directory structure whose total path length exceeds 1GB, an unprivileged local attacker can write the 10-byte string "//deleted" to an offset[…]
Read more... -
Fedora / Gnome fscaps Issue
Operating System: Fedora ≈ Packet Storm Jun 22, 2021 | 19:20 pmFedora with Gnome has an issue where it is not using fscaps safely.
Read more... -
netkit-telnet 0.17 Remote Code Execution
Operating System: Fedora ≈ Packet Storm Mar 5, 2020 | 20:57 pmnetkit-telnet version 0.17 telnetd on Fedora 31 BraveStarr remote code execution exploit.
Read more... -
vReliable Datagram Sockets (RDS) rds_page_copy_user Privilege Escalation
Operating System: Fedora ≈ Packet Storm Dec 23, 2019 | 21:02 pmThis Metasploit module exploits a vulnerability in the rds_page_copy_user function in net/rds/page.c (RDS) in Linux kernel versions 2.6.30 to 2.6.36-rc8 to execute code as root (CVE-2010-3904). This module has been tested successfully on Fedora 13 (i686) kernel version 2.6.33.3-85.fc13.i686.PAE and[…]
Read more... -
Grub2 grub2-set-bootflag Environment Corruption
Operating System: Fedora ≈ Packet Storm Nov 27, 2019 | 23:02 pmGrub2 has grub2-set-bootflag setuid in the new Fedora release and has the ability to corrupt the environment.
Read more... -
SystemTap 1.3 MODPROBE_OPTIONS Privilege Escalation
Operating System: Fedora ≈ Packet Storm Apr 19, 2019 | 13:28 pmThis Metasploit module attempts to gain root privileges by exploiting a vulnerability in the staprun executable included with SystemTap version 1.3. The staprun executable does not clear environment variables prior to executing modprobe, allowing an arbitrary configuration file to be[…]
Read more... -
Linux Nested User Namespace idmap Limit Local Privilege Escalation
Operating System: Fedora ≈ Packet Storm Nov 28, 2018 | 01:51 amThis Metasploit module exploits a vulnerability in Linux kernels 4.15.0 to 4.18.18, and 4.19.0 to 4.19.1, where broken uid/gid mappings between nested user namespaces and kernel uid/gid mappings allow elevation to root (CVE-2018-18955). The target system must have unprivileged user[…]
Read more...
Published in: Linux Security
-
x11vnc -- access to shared memory segments
FreeBSD VuXML Nov 8, 2024 | 00:00 am
Read more... -
lrzsz -- Integer overflow in zmodem, crash and information leak
FreeBSD VuXML Nov 8, 2024 | 00:00 am
Read more... -
electron32 -- multiple vulnerabilities
FreeBSD VuXML Nov 8, 2024 | 00:00 am
Read more... -
gstreamer1-rtsp-server -- Potential Denial-of-Service (DoS) with specially crafted client requests
FreeBSD VuXML Nov 7, 2024 | 00:00 am
Read more... -
chromium -- multiple security fixes
FreeBSD VuXML Nov 6, 2024 | 00:00 am
Read more...
Published in: Linux Security
-
Ubuntu Security Notice USN-7102-1
Operating System: Ubuntu ≈ Packet Storm Nov 12, 2024 | 15:11 pmUbuntu Security Notice 7102-1 - Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 8.0.40 in Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS,[…]
Read more... -
Ubuntu Security Notice USN-7100-1
Operating System: Ubuntu ≈ Packet Storm Nov 11, 2024 | 17:25 pmUbuntu Security Notice 7100-1 - Supraja Sridhara, Benedict Schlüter, Mark Kuhne, Andrin Bertschi, and Shweta Shinde discovered that the Confidential Computing framework in the Linux kernel for x86 platforms did not properly handle 32-bit emulation on TDX and SEV. An[…]
Read more... -
Ubuntu Security Notice USN-7098-1
Operating System: Ubuntu ≈ Packet Storm Nov 11, 2024 | 15:58 pmUbuntu Security Notice 7098-1 - Andy Boothe discovered that the Networking component of OpenJDK 17 did not properly handle access under certain circumstances. An unauthenticated attacker could possibly use this issue to cause a denial of service. It was discovered[…]
Read more... -
Ubuntu Security Notice USN-7099-1
Operating System: Ubuntu ≈ Packet Storm Nov 11, 2024 | 15:58 pmUbuntu Security Notice 7099-1 - Andy Boothe discovered that the Networking component of OpenJDK 21 did not properly handle access under certain circumstances. An unauthenticated attacker could possibly use this issue to cause a denial of service. It was discovered[…]
Read more... -
Ubuntu Security Notice USN-7097-1
Operating System: Ubuntu ≈ Packet Storm Nov 11, 2024 | 15:57 pmUbuntu Security Notice 7097-1 - Andy Boothe discovered that the Networking component of OpenJDK 11 did not properly handle access under certain circumstances. An unauthenticated attacker could possibly use this issue to cause a denial of service. It was discovered[…]
Read more... -
Ubuntu Security Notice USN-7096-1
Operating System: Ubuntu ≈ Packet Storm Nov 11, 2024 | 15:55 pmUbuntu Security Notice 7096-1 - Andy Boothe discovered that the Networking component of OpenJDK 8 did not properly handle access under certain circumstances. An unauthenticated attacker could possibly use this issue to cause a denial of service. It was discovered[…]
Read more... -
Ubuntu Security Notice USN-7094-1
Operating System: Ubuntu ≈ Packet Storm Nov 11, 2024 | 15:54 pmUbuntu Security Notice 7094-1 - It was discovered that QEMU incorrectly handled memory during certain VNC operations. A remote attacker could possibly use this issue to cause QEMU to consume resources, resulting in a denial of service. This issue only[…]
Read more... -
Ubuntu Security Notice USN-6882-2
Operating System: Ubuntu ≈ Packet Storm Nov 8, 2024 | 17:01 pmUbuntu Security Notice 6882-2 - USN-6882-1 fixed vulnerabilities in Cinder. The update caused a regression in certain environments due to incorrect privilege handling. This update fixes the problem. Martin Kaesberger discovered that Cinder incorrectly handled QCOW2 image processing. An authenticated[…]
Read more... -
Ubuntu Security Notice USN-7088-4
Operating System: Ubuntu ≈ Packet Storm Nov 7, 2024 | 15:20 pmUbuntu Security Notice 7088-4 - Ziming Zhang discovered that the VMware Virtual GPU DRM driver in the Linux kernel contained an integer overflow vulnerability. A local attacker could use this to cause a denial of service. Several security issues were[…]
Read more... -
Ubuntu Security Notice USN-7095-1
Operating System: Ubuntu ≈ Packet Storm Nov 7, 2024 | 15:19 pmUbuntu Security Notice 7095-1 - Chenyuan Yang discovered that the USB Gadget subsystem in the Linux kernel did not properly check for the device to be enabled before writing. A local attacker could possibly use this to cause a denial[…]
Read more...
Published in: Linux Security
-
Debian Security Advisory 5810-1
Operating System: Debian ≈ Packet Storm Nov 12, 2024 | 15:11 pmDebian Linux Security Advisory 5810-1 - Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure.
Read more... -
Debian Security Advisory 5809-1
Operating System: Debian ≈ Packet Storm Nov 12, 2024 | 15:10 pmDebian Linux Security Advisory 5809-1 - Multiple vulnerabilities have been found in the Symfony PHP framework which could lead to privilege escalation, information disclosure, incorrect validation or an open redirect.
Read more... -
Debian Security Advisory 5811-1
Operating System: Debian ≈ Packet Storm Nov 12, 2024 | 15:10 pmDebian Linux Security Advisory 5811-1 - An out-of-bounds write vulnerability when handling crafted streams was discovered in mpg123, a real time MPEG 1.0/2.0/2.5 audio player/decoder for layers 1, 2 and 3, which could result in the execution of arbitrary code.
Read more... -
Debian: DSA-5811-1: mpg123 Security Advisory Updates
Stay Vigilant with Timely Linux Security Advisories Nov 11, 2024 | 19:25 pm
Read more...
An out-of-bounds write vulnerability when handling crafted streams was discovered in mpg123, a real time MPEG 1.0/2.0/2.5 audio player/decoder for layers 1, 2 and 3, which could result in the execution of arbitrary code. -
Debian: DSA-5809-1: symfony Security Advisory Updates
Stay Vigilant with Timely Linux Security Advisories Nov 11, 2024 | 19:06 pm
Read more...
Multiple vulnerabilities have been found in the Symfony PHP framework which could lead to privilege escalation, information disclosure, incorrect validation or an open redirect. -
Debian Security Advisory 5808-1
Operating System: Debian ≈ Packet Storm Nov 11, 2024 | 17:26 pmDebian Linux Security Advisory 5808-1 - Multiple security issues were discovered in Ghostscript, the GPL PostScript/PDF interpreter, which could result in denial of service and potentially the execution of arbitrary code if malformed document files are processed.
Read more... -
Debian: DSA-5808-1: ghostscript Security Advisory Updates
Stay Vigilant with Timely Linux Security Advisories Nov 11, 2024 | 16:57 pm
Read more...
Multiple security issues were discovered in Ghostscript, the GPL PostScript/PDF interpreter, which could result in denial of service and potentially the execution of arbitrary code if malformed document files are processed. -
Debian Security Advisory 5807-1
Operating System: Debian ≈ Packet Storm Nov 11, 2024 | 15:53 pmDebian Linux Security Advisory 5807-1 - Several vulnerabilities were discovered in NSS, a set of cryptographic libraries, which may result in denial of service or potentially the execution of arbitrary code.
Read more... -
Debian: DSA-5807-1: nss Security Advisory Updates
Stay Vigilant with Timely Linux Security Advisories Nov 10, 2024 | 19:04 pm
Read more...
Several vulnerabilities were discovered in NSS, a set of cryptographic libraries, which may result in denial of service or potentially the execution of arbitary code. -
Debian Security Advisory 5806-1
Operating System: Debian ≈ Packet Storm Nov 9, 2024 | 15:12 pmDebian Linux Security Advisory 5806-1 - A heap-based out-of-bounds write vulnerability was discovered in libarchive, a multi-format archive and compression library, which may result in the execution of arbitrary code if a specially crafted RAR archive is processed.
Read more... -
Debian Security Advisory 5805-1
Operating System: Debian ≈ Packet Storm Nov 9, 2024 | 15:11 pmDebian Linux Security Advisory 5805-1 - It was discovered that the daemon of the GNU Guix functional package manager was susceptible to privilege escalation.
Read more... -
Debian: DSA-5806-1: libarchive Security Advisory Updates
Stay Vigilant with Timely Linux Security Advisories Nov 9, 2024 | 08:49 am
Read more...
A heap-based out-of-bounds write vulnerability was discovered in libarchive, a multi-format archive and compression library, which may result in the execution of arbitrary code if a specially crafted RAR archive is processed. -
Debian: DSA-5805-1: guix Security Advisory Updates
Stay Vigilant with Timely Linux Security Advisories Nov 8, 2024 | 19:40 pm
Read more...
It was discovered that the daemon of the GNU Guix functional package manager was susceptible to privilege escalation. For additional information please refer to https://guix.gnu.org/en/blog/2024/build-user-takeover-vulnerability/ -
Debian Security Advisory 5804-1
Operating System: Debian ≈ Packet Storm Nov 8, 2024 | 17:01 pmDebian Linux Security Advisory 5804-1 - The following vulnerabilities have been discovered in the WebKitGTK web engine. An anonymous researcher, Q1IQ (@q1iqF) and P1umer discovered that processing maliciously crafted web content may lead to an unexpected process crash. Narendra Bhati[…]
Read more... -
Debian: DSA-5804-1: webkit2gtk Security Advisory Updates
Stay Vigilant with Timely Linux Security Advisories Nov 7, 2024 | 23:58 pm
Read more...
The following vulnerabilities have been discovered in the WebKitGTK web engine: CVE-2024-44244 -
Debian Security Advisory 5803-1
Operating System: Debian ≈ Packet Storm Nov 6, 2024 | 19:19 pmDebian Linux Security Advisory 5803-1 - Multiple security issues were discovered in Thunderbird, which could result in denial of service or the execution of arbitrary code.
Read more... -
Debian: DSA-5803-1: thunderbird Security Advisory Updates
Stay Vigilant with Timely Linux Security Advisories Nov 5, 2024 | 18:59 pm
Read more...
Multiple security issues were discovered in Thunderbird, which could result in denial of service or the execution of arbitrary code. Debian follows the Thunderbird upstream releases. Support for the -
Debian Security Advisory 5802-1
Operating System: Debian ≈ Packet Storm Nov 4, 2024 | 16:35 pmDebian Linux Security Advisory 5802-1 - Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure.
Read more... -
Debian: DSA-5802-1: chromium Security Advisory Updates
Stay Vigilant with Timely Linux Security Advisories Nov 3, 2024 | 23:26 pm
Read more...
Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. -
Debian: DSA-5801-1: firefox-esr Security Advisory Updates
Stay Vigilant with Timely Linux Security Advisories Oct 31, 2024 | 13:36 pm
Read more...
Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, cross-site scripting, spoofing or information disclosure.
Published in: Linux Security
-
Red Hat Security Advisory 2024-9333-03
Operating System: RedHat ≈ Packet Storm Nov 12, 2024 | 15:11 pmRed Hat Security Advisory 2024-9333-03 - An update for openssl and openssl-fips-provider is now available for Red Hat Enterprise Linux 9. Issues addressed include a use-after-free vulnerability.
Read more... -
Red Hat Security Advisory 2024-9439-03
Operating System: RedHat ≈ Packet Storm Nov 12, 2024 | 15:11 pmRed Hat Security Advisory 2024-9439-03 - An update for fontforge is now available for Red Hat Enterprise Linux 9. Issues addressed include a code execution vulnerability.
Read more... -
Red Hat Security Advisory 2024-9102-03
Operating System: RedHat ≈ Packet Storm Nov 12, 2024 | 15:10 pmRed Hat Security Advisory 2024-9102-03 - An update for podman is now available for Red Hat Enterprise Linux 9. Issues addressed include denial of service and information leakage vulnerabilities.
Read more... -
Red Hat Security Advisory 2024-9114-03
Operating System: RedHat ≈ Packet Storm Nov 12, 2024 | 15:10 pmRed Hat Security Advisory 2024-9114-03 - An update for gnome-shell and gnome-shell-extensions is now available for Red Hat Enterprise Linux 9. Issues addressed include a code execution vulnerability.
Read more... -
Red Hat Security Advisory 2024-9317-03
Operating System: RedHat ≈ Packet Storm Nov 12, 2024 | 15:10 pmRed Hat Security Advisory 2024-9317-03 - An update for NetworkManager is now available for Red Hat Enterprise Linux 9. Issues addressed include a denial of service vulnerability.
Read more... -
Red Hat Security Advisory 2024-9325-03
Operating System: RedHat ≈ Packet Storm Nov 12, 2024 | 15:10 pmRed Hat Security Advisory 2024-9325-03 - An update for cockpit is now available for Red Hat Enterprise Linux 9.
Read more... -
Red Hat Security Advisory 2024-9331-03
Operating System: RedHat ≈ Packet Storm Nov 12, 2024 | 15:10 pmRed Hat Security Advisory 2024-9331-03 - An update for krb5 is now available for Red Hat Enterprise Linux 9. Issues addressed include a memory leak vulnerability.
Read more... -
Red Hat Security Advisory 2024-9093-03
Operating System: RedHat ≈ Packet Storm Nov 12, 2024 | 15:09 pmRed Hat Security Advisory 2024-9093-03 - An update for xorg-x11-server-Xwayland is now available for Red Hat Enterprise Linux 9. Issues addressed include a use-after-free vulnerability.
Read more... -
Red Hat Security Advisory 2024-9097-03
Operating System: RedHat ≈ Packet Storm Nov 12, 2024 | 15:09 pmRed Hat Security Advisory 2024-9097-03 - An update for buildah is now available for Red Hat Enterprise Linux 9. Issues addressed include a denial of service vulnerability.
Read more... -
Red Hat Security Advisory 2024-9098-03
Operating System: RedHat ≈ Packet Storm Nov 12, 2024 | 15:09 pmRed Hat Security Advisory 2024-9098-03 - An update for skopeo is now available for Red Hat Enterprise Linux 9. Issues addressed include a denial of service vulnerability.
Read more... -
The Product Security Blog has moved!
Red Hat Security Blog Blog Posts Mar 19, 2019 | 19:38 pmRed Hat Product Security has joined forces with other security teams inside Red Hat to publish our content in a common venue using the Security channel of the Red Hat Blog.This move provides a wider variety of important Security topics,[…]
Read more... -
New Red Hat Product Security OpenPGP key
Red Hat Security Blog Blog Posts Aug 22, 2018 | 13:30 pmRed Hat Product Security has transitioned from using its old 1024-bit DSA OpenPGP key to a new 4096-bit RSA OpenPGP key.This was done to improve the long-term security of our communications with our customers and also to meet current key[…]
Read more... -
SPECTRE Variant 1 scanning tool
Red Hat Security Blog Blog Posts Jul 18, 2018 | 13:30 pmAs part of Red Hat's commitment to product security we have developed a tool internally that can be used to scan for variant 1 SPECTRE vulnerabilities. As part of our commitment to the wider user community, we are introducing this[…]
Read more... -
Red Hat’s disclosure process
Red Hat Security Blog Blog Posts Jul 10, 2018 | 13:00 pmLast week, a vulnerability (CVE-2018-10892) that affected CRI-O, Buildah, Podman, and Docker was made public before some affected upstream projects were notified. We regret that this was not handled in a way that lives up to our own standards around[…]
Read more... -
Join us in San Francisco at the 2018 Red Hat Summit
Red Hat Security Blog Blog Posts Apr 23, 2018 | 14:30 pmThis year’s Red Hat Summit will be held on May 8-10 in beautiful San Francisco, USA.Product Security will be joining many Red Hat security experts in presenting and assisting subscribers and partners at the show.Here is a sneak peek at[…]
Read more... -
Certificate Transparency and HTTPS
Red Hat Security Blog Blog Posts Apr 17, 2018 | 15:00 pmGoogle has announced that on April 30, 2018, Chrome will:“...require that all TLS server certificates issued after 30 April, 2018 be compliant with the Chromium CT Policy. After this date, when Chrome connects to a site serving a publicly-trusted certificate[…]
Read more... -
Let's talk about PCI-DSS
Red Hat Security Blog Blog Posts Feb 28, 2018 | 14:30 pmFor those who aren’t familiar with Payment Card Industry Data Security Standard (PCI-DSS), it is the standard that is intended to protect our credit card data as it flows between systems and is stored in company databases.PCI-DSS requires that all[…]
Read more... -
Security is from Mars, Developers are from Venus…...or ARE they?
Red Hat Security Blog Blog Posts Nov 16, 2017 | 15:00 pmIt is a tale as old as time.Developers and security personnel view each other withsuspicion.The perception is that a vast gulf of understanding and ability lies between the two camps.“They can’t possibly understand what it is to do my job!”[…]
Read more... -
Abuse of RESTEasy Default Providers in JBoss EAP
Red Hat Security Blog Blog Posts Oct 18, 2017 | 13:30 pmRed Hat JBoss Enterprise Application Platform (EAP) is a commonly used host for Restful webservices. A powerful but potentially dangerous feature of Restful webservices on JBoss EAP is the ability to accept any media type. If not configured to accept[…]
Read more... -
Kernel Stack Protector and BlueBorne
Red Hat Security Blog Blog Posts Sep 12, 2017 | 11:51 amToday, a security issue called BlueBorne was disclosed, a vulnerability that could be used to attack sensitive systems via the Bluetooth protocol. Specifically, BlueBorne is a flaw where a remote (but physically quite close) attacker could get root on a[…]
Read more...
Published in: Linux Security