Monthly Archive: July 2018

A flaw was found in the Linux kernel’s handling of clearing SELinux attributes on /proc/pid/attr files before 4.9.10. An empty (null) write to this file can crash the system by causing the system to...

A race condition was found in util-linux before 2.32.1 in the way su handled the management of child processes. A local authenticated attacker could use this flaw to kill other processes with root privileges...

When updating a password in the rhvm database the ovirt-aaa-jdbc-tool tools before 1.1.3 fail to correctly check for the current password if it is expired. This would allow access to an attacker with access...

It was found that the log file viewer in Red Hat JBoss Enterprise Application 6 and 7 allows arbitrary file read to authenticated user via path traversal. Date published : 2018-07-27 http://www.securityfocus.com/bid/98967 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2595

A vulnerability was found in ipa before 4.4. IdM’s ca-del, ca-disable, and ca-enable commands did not properly check the user’s permissions while modifying CAs in Dogtag. An authenticated, unauthorized attacker could use this flaw...

A memory allocation vulnerability was found in netpbm before 10.61. A maliciously crafted SVG file could cause the application to crash. Date published : 2018-07-27 http://www.securityfocus.com/bid/96702 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2587

A null pointer dereference vulnerability was found in netpbm before 10.61. A maliciously crafted SVG file could cause the application to crash. Date published : 2018-07-27 http://www.securityfocus.com/bid/96708 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2586

An out-of-bounds write vulnerability was found in netpbm before 10.61. A maliciously crafted file could cause the application to crash or possibly allow code execution. Date published : 2018-07-27 http://www.securityfocus.com/bid/96710 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2581

An out-of-bounds write vulnerability was found in netpbm before 10.61. A maliciously crafted file could cause the application to crash or possibly allow code execution. Date published : 2018-07-27 http://www.securityfocus.com/bid/96712 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2580

An out-of-bounds read vulnerability was found in netpbm before 10.61. The expandCodeOntoStack() function has an insufficient code value check, so that a maliciously crafted file could cause the application to crash or possibly allows...

A flaw was found in CloudForms before 5.9.0.22 in the self-service UI snapshot feature where the name field is not properly sanitized for HTML and JavaScript input. An attacker could use this flaw to...

An issue has been found in the parsing of authoritative answers in PowerDNS Recursor before 4.0.8, leading to a NULL pointer dereference when parsing a specially crafted answer containing a CNAME of a different...

The Network Block Device (NBD) server in Quick Emulator (QEMU) before 2.11 is vulnerable to a denial of service issue. It could occur if a client sent large option requests, making the server waste...

A stack-based buffer overflow vulnerability was found in NBD server implementation in qemu before 2.11 allowing a client to request an export name of size up to 4096 bytes, which in fact should be...