Sunday, January 6, 2019

Linux Kernel issues fixed

USN-3836-2
the Linux kernel mishandles mapping UID or GID ranges inside nested user namespaces

 USN-3835-1
procfs file system implementation in the Linux kernel did not properly restrict the ability to inspect the kernel stack of an arbitrary task. A local attacker could use this to expose sensitive information. Jann Horn discovered that the mremap system call in the Linux kernel did not properly flush the TLB when completing, potentially leaving access to a physical page after it has been released to the page allocator. A local attacker could use this to cause a denial of service , expose sensitive information, or possibly execute arbitrary code.

USN-3839-1
WavPack incorrectly handled certain WAV files. An attacker could possibly use this issue to cause a denial of service.

USN-3846-1
an integer overflow vulnerability existed in the CDROM driver of the Linux kernel. A local attacker could use this to expose sensitive information.


FreeBSD

Due to insufficient validation of network-provided data it may be possible for a malicious attacker to craft a bootp packet which could cause a stack buffer overflow. It is possible that the buffer overflow could lead to a Denial of Service or remote code execution.

NTP
the ntpd service which continuously adjusts system time and utilities used to query and configure the ntpd service. Issues addressed include buffer overflow, code execution, and denial of service vulnerabilities.

USN-3847-1
an integer overrun vulnerability existed in the POSIX timers implementation in the Linux kernel. A local attacker could use this to cause a denial of service.

Red Hat Security Advisory 2018-3843-01
The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include denial of service and null pointer

Linux Security Advisory 4354-1
Mozilla - use-after-free vulnerabilities, execution of arbitrary code or bypass of the same-origin policy

Red Hat Security Advisory 2019-0010-01
Perl is a high-level programming language that is commonly used for system administration utilities and web programming. Issues addressed include a buffer overflow vulnerability.

CVE-2018-1888
An untrusted search path vulnerability in IBM i Access for Windows versions 7.1 and earlier on Windows can allow arbitrary code execution via a Trojan horse DLL in the current working directory, related to use of the LoadLibrary function. IBM X-Force ID: 152079.


No comments:

Post a Comment

Thank you for your comment. Will try to react as soon as possible.

Regards,

Networ King