Posts Tagged ‘Linux Kernel’

Linux TuxTwo vulnerabilities in the Linux Kernel

Danger level: Low
Availability Fixes: Instructions on corrective action
Quantity of vulnerabilities: 2

CVSSv2 Rating:
1.  (AV: L / AC: L / Au: N / C: N / I: N / A: P / E: U / RL: W / RC: C) = Base: 2.1 / Temporal: 1.7
2. (AV:L/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:W/RC:C) = Base:2.1/Temporal:1.7

1. CVE-2014-7970
2. CVE-2014-7975 (more…)

New Vulnerabilities

New Vulnerabilities

Several newly discovered vulnerabilities:

– In the Linux kernel detected vulnerability that allowed a local attacker to elevate their privileges in the system through the transfer of incorrect parameters through a system call perf_event_open (). The problem occurs only on a platform of ARM;

– In the implementation of the CIFS file system of the Linux kernel vulnerabilities detected, allowing one to write an extra byte in the allocated memory area and trigger a kernel crash when mounting external DFS-section. The problem manifests itself when building the kernel with options CONFIG_CIFS and CONFIG_CIFS_DFS_UPCALL;

– In the staffing component of upload files of the management system TYPO3 web-content found vulnerability that allowed to write a file in an arbitrary directory server in the plant hierarchy TYPO3. Using the vulnerability authenticated user with limited privileges can edit the download php-file in the directory that are allowed to run php-code and run it in the context of the current site. This issue is addressed in issues of TYPO3 6.0.8 and 6.1.3; (more…)

Critical vulnerabilities

Critical vulnerabilities

Published a notice of detected critical vulnerability in the database PostgreSQL.

No details and data on the nature of the problem is not reported prior to release official updates that are scheduled for April 4. Apparently the vulnerability is very dangerous, because the first time in the history of the project repository access will be limited, and the updates will be prepared and tested for release in high secrecy in private committers to avoid premature leak. PostgreSQL users should prepare for the April 4 unplanned upgrade their systems. Issue affects all supported editions of PostgreSQL. (more…)

Linux Kernel VulnerabilityVulnerability: Disclosures in the Linux kernel

Danger: Low
Number of vulnerabilities: 1
CVE ID: CVE-2012-0957
Impact: Disclosure of system information
Affected products: Linux Kernel 3.2.x, Linux Kernel 3.5.x
Affected versions: Linux kernel 3.2.x, 3.5.x (more…)

Linux Kernel VulnerabilityPrivilege escalation in Linux Kernel

Affected products:

– Linux Kernel 3.2.x;
– Linux Kernel 3.4.x;
– Linux Kernel 3.5.x.

Affected versions: (more…)