Red Hat Security Advisory 2021-3024-01 - Red Hat OpenShift distributed tracing is Red Hat's distribution of the Jaeger project, tailored for installation into an on-premise OpenShift Container Platform installation. Issues addressed include a denial of service vulnerability.
1c8f6df36ae49d885688d7f147871495821ee391dfed98793abf0c2fb210ca0cDebian Linux Security Advisory 4942-1 - The Qualys Research Labs discovered that an attacker-controlled allocation using the alloca() function could result in memory corruption, allowing to crash systemd and hence the entire operating system.
a2e04b6dd6b4135945ca528b3aaaa92706651638cca02879f67327677470b03dRed Hat Security Advisory 2021-2763-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Ansible is a SSH-based configuration management, deployment, and task execution system. The openshift-ansible packages contain Ansible code and playbooks for installing and upgrading OpenShift Container Platform 3.
dd5bf4b47619cb7cf6a4d8e1c487c6dc69a9bf1975a74bdb6e734c3924fcf545Red Hat Security Advisory 2021-2736-01 - The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. Issues addressed include a use-after-free vulnerability.
1fa632f28d5e605ea0ec82cfb7ecd3c710ed64a96ecae4e68f689247c4013aa9Qualys discovered a size_t-to-int conversion vulnerability in the Linux kernel's filesystem layer: by creating, mounting, and deleting a deep directory structure whose total path length exceeds 1GB, an unprivileged local attacker can write the 10-byte string "//deleted" to an offset of exactly -2GB-10B below the beginning of a vmalloc()ated kernel buffer. They successfully exploited this uncontrolled out-of-bounds write, and obtained full root privileges on default installations of Ubuntu 20.04, Ubuntu 20.10, Ubuntu 21.04, Debian 11, and Fedora 34 Workstation; other Linux distributions are certainly vulnerable, and probably exploitable. A basic proof of concept (a crasher) is attached to this advisory.
0c0b69962c7c4951fd574d5a8b85049490d77ada7568b05cfb4bce7ca40aa09aRed Hat Security Advisory 2021-2717-01 - The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides aggressive parallelism capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, and keeps track of processes using Linux cgroups.
49357106858273625c50cbbbf7aa805b520a15a7f756cc4afa05d739032bd5bcRed Hat Security Advisory 2021-2721-01 - The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides aggressive parallelism capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, and keeps track of processes using Linux cgroups.
b434204d13d7e57c7c834c8075051a3e5bd7194369cfa679d2f7ce2d3662fe1aRed Hat Security Advisory 2021-2724-01 - The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides aggressive parallelism capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, and keeps track of processes using Linux cgroups.
d91867261d30b47df42a330032e8ef1ae59753ce7866bbd5a19f346561012513Gentoo Linux Security Advisory 202107-48 - Multiple vulnerabilities have been found in systemd, the worst of which could result in a Denial of Service condition. Versions less than 248.5 are affected.
25e1bbbcade540161205016cfceaba05de79ff1f950598f4886465d9e893b747Ubuntu Security Notice 5013-2 - USN-5013-1 fixed several vulnerabilities in systemd. This update provides the corresponding update for Ubuntu 16.04 ESM. It was discovered that systemd incorrectly handled certain mount paths. A local attacker could possibly use this issue to cause systemd to crash, resulting in a denial of service. Various other issues were also addressed.
287e4074d79de02cd3d766899e09bac7f5427350422d727fb07ad78d7377f631Ubuntu Security Notice 5013-1 - It was discovered that systemd incorrectly handled certain mount paths. A local attacker could possibly use this issue to cause systemd to crash, resulting in a denial of service. Mitchell Frank discovered that systemd incorrectly handled DHCP FORCERENEW packets. A remote attacker could possibly use this issue to reconfigure servers.
fe61eaf938741caa2ac40aecda03248812fea81b222956ff21110da95e7b7368
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed