[Forgot Password]
Login  Register Subscribe

30481

 
 

423868

 
 

255227

 
 

909

 
 

198741

 
 

282

 
 
 
Paid content will be excluded from the download.

Filter
Matches : 44079 Download | Alert*

This update for rpmlint fixes the following issues: - Whitelist PAM modules and DBUS rules for cockpit

The sudo utility allows system administrators to give certain users the ability to run commands as root. A flaw was found in the way sudo handled Runas specifications containing both a user and a group list. If a local user were authorized by the sudoers file to perform their sudo commands with the privileges of a specified user and group, they could use this flaw to run those commands with the p ...

A vulnerability has been found and corrected in sudo: Sudo 1.7.0 through 1.7.4p3, when a Runas group is configured, does not properly handle use of the -u option in conjunction with the -g option, which allows local users to gain privileges via a command line containing a -u root sequence . The updated packages have been patched to correct this issue.

rpcbind: converts RPC program numbers into universal addresses Details: USN-4986-1 fixed a vulnerability in rpcbind. The update caused a regression resulting in rpcbind crashing in certain environments. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-4986-1 caused a regression in rpcbind.

gnome-autoar: Archive integration support for GNOME Details: USN-4937-1 fixed a vulnerability in GNOME Autoar. The update caused a regression when extracting certain archives. This update fixes the problem. Original advisory USN-4937-1 introduced a regression in GNOME Autoar.

network-manager: Network connection manager NetworkManager would allow unintended access to files and modem device configuration.

It was discovered that ruby-mixlib-archive, a Chef Software"s library used to handle various archive formats, was vulnerable to a directory traversal attack. This allowed attackers to overwrite arbitrary files by using a malicious tar archive containing .. in its entries.

Jann Horn discovered a directory traversal vulnerability in cgit, a fast web frontend for git repositories written in C. A remote attacker can take advantage of this flaw to retrieve arbitrary files via a specially crafted request, when "enable-http-clone=1" is not turned off.

Michael Kaczmarczik discovered a vulnerability in the web interface template editing function of Sympa, a mailing list manager. Owner and listmasters could use this flaw to create or modify arbitrary files in the server with privileges of sympa user or owner view list config files even if edit_list.conf prohibits it.

ruby-rack-cors: provides support for Cross-Origin Resource Sharing for Rack compatible web applications rack-cors would allow unintended access to files over the network.


Pages:      Start    4247    4248    4249    4250    4251    4252    4253    4254    4255    4256    4257    4258    4259    4260    ..   4407

© SecPod Technologies