Several issues have been discovered in libcgroup, a library to control and monitor control groups: CVE-2011-1006 Heap-based buffer overflow by converting list of controllers for given task into an array of strings could lead to privilege escalation by a local attacker. CVE-2011-1022 libcgroup did not properly check the origin of Netlink messages, allowing a local attacker to send crafted Netlink m ...
Stephane Chazelas discovered that the cronjob of the PHP 5 package in Debian suffers from a race condition which might be used to remove arbitrary files from a system . When upgrading your php5-common package take special care to _accept_ the changes to the /etc/cron.d/php5 file. Ignoring them would leave the system vulnerable.
Mathias Svensson discovered that tex-common, a package shipping a number of scripts and configuration files necessary for TeX, contains insecure settings for the "shell_escape_commands" directive. Depending on the scenario, this may result in arbitrary code execution when a victim is tricked into processing a malicious tex-file or this is done in an automated fashion. The oldstable distr ...
Emmanuel Bouillon discovered a double free in tgt, the Linux SCSI target user-space tools, which could lead to denial of service. The oldstable distribution doesn"t include tgt.
Two security issues have been discovered in Weechat a, fast, light and extensible chat client: CVE-2011-1428 X.509 certificates were incorrectly validated. CVE-2012-5534 The hook_process function in the plugin API allowed the execution of arbitrary shell commands.
Mathias Svensson discovered that the tex-common package contains an insecure shell_escape_commands configuration item. If a user or automated system were tricked into opening a specially crafted TeX file, a remote attacker could execute arbitrary code with user privileges.
The scsi-target-utils package contains the daemon and tools to set up and monitor SCSI targets. Currently, iSCSI software and iSER targets are supported. A double-free flaw was found in scsi-target-utils" tgtd daemon. A remote attacker could trigger this flaw by sending carefully-crafted network traffic, causing the tgtd daemon to crash. Red Hat would like to thank Emmanuel Bouillon of NATO C3 Ag ...
The scsi-target-utils package contains the daemon and tools to set up and monitor SCSI targets. Currently, iSCSI software and iSER targets are supported. A double-free flaw was found in scsi-target-utils" tgtd daemon. A remote attacker could trigger this flaw by sending carefully-crafted network traffic, causing the tgtd daemon to crash. Red Hat would like to thank Emmanuel Bouillon of NATO C3 Ag ...