Ubuntu Security Notice 6762-1 - It was discovered that GNU C Library incorrectly handled netgroup requests. An attacker could possibly use this issue to cause a crash or execute arbitrary code. This issue only affected Ubuntu 14.04 LTS. It was discovered that GNU C Library might allow context-dependent attackers to cause a denial of service. This issue only affected Ubuntu 14.04 LTS. It was discovered that GNU C Library when processing very long pathname arguments to the realpath function, could encounter an integer overflow on 32-bit architectures, leading to a stack-based buffer overflow and, potentially, arbitrary code execution. This issue only affected Ubuntu 14.04 LTS.
d27b3448167b5f41fb5b2319186a2bc0ba48401c34db2d5404f8fbe2f1e1273aUbuntu Security Notice 4416-1 - Florian Weimer discovered that the GNU C Library incorrectly handled certain memory operations. A remote attacker could use this issue to cause the GNU C Library to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS. It was discovered that the GNU C Library incorrectly handled certain SSE2-optimized memmove operations. A remote attacker could use this issue to cause the GNU C Library to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS. Various other issues were also addressed.
ad00074c48095e1094b2946c458fba7c26cd42996ac22eb17a94175a5a0b9a15Red Hat Security Advisory 2018-3092-01 - The glibc packages provide the standard C libraries, POSIX thread libraries, standard math libraries, and the name service cache daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Issues addressed include a buffer overflow vulnerability.
561369d453b4a016bf3445f7705a29497d24965308469531855154fac6ee4fa1Ubuntu Security Notice 3658-3 - USN-3658-1 fixed a vulnerability in procps-ng. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that the procps-ng top utility incorrectly read its configuration file from the current working directory. A local attacker could possibly use this issue to escalate privileges. Various other issues were also addressed.
a32a90f48926d3e6126d1244f916e94cebf95b7a6a2e7475e80023c4dc952f14Sourcetree suffers from multiple remote code execution vulnerabilities related to git submodules and argument injection. macOS versions 1.0b2 up to 2.7.6 and Windows versions 0.5.1.0 up to 2.6.10 are affected.
cde4d25e68a273c6d5c20d3578cda77f6c048e35cf3936b680f4f3eaecbffdd7Red Hat Security Advisory 2018-2147-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection. Issues addressed include a code execution vulnerability.
b457b588feadfc4250ff7e8b20756c19a71edbae2dea14ab3884c61bf5753eecRed Hat Security Advisory 2018-1957-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection. Issues addressed include a code execution vulnerability.
c0ccd2c712ca6f64979bef634b0b2d12e09be3bcba785dab1cd5951dc3890edbApple Security Advisory 2018-06-13-01 - Xcode 9.4.1 is now available and addresses code execution vulnerabilities.
a6a84db972550427bdbffef1187ca381b22ab72d451b794ffdc1428708a5aa70Ubuntu Security Notice 3671-1 - Etienne Stalmans discovered that git did not properly validate git submodules files. A remote attacker could possibly use this to craft a git repo that causes arbitrary code execution when "git clone --recurse-submodules" is used. It was discovered that an integer overflow existed in git's pathname sanity checking code when used on NTFS filesystems. An attacker could use this to cause a denial of service or expose sensitive information. Various other issues were also addressed.
454d7b545969f1658c8bdd086372809ae83e2b85fe911c0f38cf869af224baa4Slackware Security Advisory - New git packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix security issues.
1209868e8f4ea877b74baef0c51aea014b58302262e575a6785c58ea8d8a1f9cGit versions prior to 2.17.1 suffer from a code execution vulnerability.
8e196e2010e639c348e63cab733cd487161fca0cb304007e7c28a22785a24d3eGentoo Linux Security Advisory 201805-14 - Multiple vulnerabilities have been found in procps, the worst of which could result in the execution of arbitrary code. Versions less than 3.3.15-r1 are affected.
15e0a00065c277f09db78800b692b7275807850b07c19e60fa5dc852bc3b3eeeGentoo Linux Security Advisory 201805-13 - Git contains multiple vulnerabilities that allow for the remote execution of arbitrary code. Versions less than 2.16.4 are affected.
1fe4e7c064676ebafd9d90f44aa720dcd43b65e358b63d2c03603333ee051dc1Ubuntu Security Notice 3658-1 - It was discovered that the procps-ng top utility incorrectly read its configuration file from the current working directory. A local attacker could possibly use this issue to escalate privileges. It was discovered that the procps-ng ps tool incorrectly handled memory. A local user could possibly use this issue to cause a denial of service. It was discovered that libprocps incorrectly handled the file2strvec function. A local attacker could possibly use this to execute arbitrary code. Various other issues were also addressed.
6c482ce89fc0489037c921eae41b9c5bf25503ef49a7c0170a3d43294c052ca3GNU glibc versions prior to 2.27 suffer from a buffer overflow vulnerability.
b343af88553f32eaebef15dc533583e14be83f18b64bb6bc38800f729025d2e4Slackware Security Advisory - New procps-ng packages are available for Slackware 14.2 and -current to fix security issues.
86c9f72cfbdf45d053c83e679c76c11f4677fc9efa078a5c93eeef9ed5b8d140Qualys performed an extensive audit of procps-ng. They discovered hundreds of bugs and vulnerabilities.
6d895899f31fb860118c7f19ea72747036e5eb147127ca183af8defd7ed85effDebian Linux Security Advisory 4208-1 - The Qualys Research Labs discovered multiple vulnerabilities in procps, a set of command line and full screen utilities for browsing procfs.
e68fd20d426ce3b9af8dba966514831f2fd6dce2e702836ab9c951452f1788a8
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed