#linux

Ubuntu Security Notice 6699-1 - Reima Ishii discovered that the nested KVM implementation for Intel x86 processors in the Linux kernel did not properly validate control registers in certain situations. An attacker in a guest VM could use this to cause a denial of service. It was discovered that the Quick Fair Queueing scheduler implementation in the Linux kernel did not properly handle network packets in certain conditions, leading to a use after free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

ZoneMinder Snapshots versions prior to 1.37.33 suffer from an unauthenticated remote code execution vulnerability.

A new variant of a data wiping malware called AcidRain has been detected in the wild that's specifically designed for targeting Linux x86 devices. The malware, dubbed AcidPour, is compiled for Linux x86 devices, SentinelOne's Juan Andres Guerrero-Saade said in a series of posts on X. "The new variant [...] is an ELF binary compiled for x86 (not MIPS) and while it refers to similar devices/

### Summary Symfony 1 has a gadget chain due to vulnerable Swift Mailer dependency that would enable an attacker to get remote code execution if a developer unserialize user input in his project. ### Details This vulnerability present no direct threat but is a vector that will enable remote code execution if a developper deserialize user untrusted data. For example: ```php public function executeIndex(sfWebRequest $request) { $a = unserialize($request->getParameter('user')); } ``` We will make the assumption this is the case in the rest of this explanation. Symfony 1 depends on Swift Mailer which is bundled by default in `vendor` directory in the default installation since 1.3.0. Swift Mailer classes implement some `__destruct()` methods like for instance `Swift_KeyCache_DiskKeyCache` : ```php public function __destruct() { foreach ($this->_keys as $nsKey=>$null) { $this->clearAll($nsKey); } } ``` This method is called when php destroy the object in...

### Summary RCE due to improper input validation in TranformGraph().to_dot_graph function ### Details Due to improper input validation a malicious user can provide a command or a script file as a value to `savelayout` argument, which will be placed as the first value in a list of arguments passed to `subprocess.Popen`. https://github.com/astropy/astropy/blob/9b97d98802ee4f5350a62b681c35d8687ee81d91/astropy/coordinates/transformations.py#L539 Although an error will be raised, the command or script will be executed successfully. ### PoC ```shell $ cat /tmp/script #!/bin/bash echo astrorce > /tmp/poc.txt ``` ```shell $ python3 Python 3.9.2 (default, Feb 28 2021, 17:03:44) [GCC 10.2.1 20210110] on linux Type "help", "copyright", "credits" or "license" for more information. >>> from astropy.coordinates.transformations import TransformGraph >>> tg = TransformGraph() >>> tg.to_dot_graph(savefn="/tmp/1.txt", savelayout="/tmp/script") Traceback (most recent call last): File "<stdin>", l...

By Waqas Another day, another malware threat emerges in a country already at war. This is a post from HackRead.com Read the original post: New AcidRain Linux Malware Variant “AcidPour” Found Targeting Ukraine

Red Hat Security Advisory 2024-1348-03 - An update for the postgresql:10 module is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.

UPS Network Management Card version 4 suffers from a path traversal vulnerability.

Nokia BMC Log Scanner version 13 suffers from a remote command injection vulnerability.

The Red Hat Advanced Cluster Security (RHACS) engineering team is excited to announce the pending release of the latest RHACS version, packed with brand-new features and updates. The team continues to build on the 4.0 major release and RHACS Cloud Service announcements last year with a feature-packed release to kick off 2024. The RHACS 4.4 release will focus on increased consistency of scan results, strengthened security posture management, and more automated security features to alleviate monotonous security tasks.Significant updates include:A new vulnerability scanner termed “Scanner V4”