Several newly discovered vulnerabilities:
– In the Linux kernel detected vulnerability that allowed a local attacker to elevate their privileges in the system through the transfer of incorrect parameters through a system call perf_event_open (). The problem occurs only on a platform of ARM;
– In the implementation of the CIFS file system of the Linux kernel vulnerabilities detected, allowing one to write an extra byte in the allocated memory area and trigger a kernel crash when mounting external DFS-section. The problem manifests itself when building the kernel with options CONFIG_CIFS and CONFIG_CIFS_DFS_UPCALL;
– In the staffing component of upload files of the management system TYPO3 web-content found vulnerability that allowed to write a file in an arbitrary directory server in the plant hierarchy TYPO3. Using the vulnerability authenticated user with limited privileges can edit the download php-file in the directory that are allowed to run php-code and run it in the context of the current site. This issue is addressed in issues of TYPO3 6.0.8 and 6.1.3;
– In POP3-server from the Dovecot found vulnerability that allows to initiate a denial of service via a forced disconnection during processing commands LIST. The vulnerability is fixed in release 2.2.5;
– In an open cloud storage ownCloud 5.0.8 Vulnerability that allowed access to restricted areas, bypassing the authentication process;
– In the monitoring system Cacti 0.8.8b remedied vulnerabilities that can make a substitution SQL-code and execute arbitrary shell-command to the server.