radare2-5.8.8-2.fc37
cherrypick from upstream master patches for known vulnerabilities:
CVE-2023-4322 – heap-buffer-overflow in the brainfuck dissassembler
CVE-2023-5686 – heap-buffer-overflow in /radare2/shlr/java/code.c
radare2-5.8.8-2.el7
cherrypick from upstream master patches for known vulnerabilities:
CVE-2023-4322 – heap-buffer-overflow in the brainfuck dissassembler
CVE-2023-5686 – heap-buffer-overflow in /radare2/shlr/java/code.c
radare2-5.8.8-2.el9
cherrypick from upstream master patches for known vulnerabilities:
CVE-2023-4322 – heap-buffer-overflow in the brainfuck dissassembler
CVE-2023-5686 – heap-buffer-overflow in /radare2/shlr/java/code.c
radare2-5.8.8-2.el8
cherrypick from upstream master patches for known vulnerabilities:
CVE-2023-4322 – heap-buffer-overflow in the brainfuck dissassembler
CVE-2023-5686 – heap-buffer-overflow in /radare2/shlr/java/code.c
Francois Diakhate reported that a race condition in pmix, a library
implementing Process Management Interface (PMI) Exascale API, could
allow a malicious user to obtain ownership of an arbitrary file on the
filesystem when parts of the PMIx library are called by a process with
elevated privileges, resulting in privilege escalation. This may
happen under the default configuration of certain workload managers,
including Slurm.
Francois Diakhate reported that a race condition in pmix, a library
implementing Process Management Interface (PMI) Exascale API, could
allow a malicious user to obtain ownership of an arbitrary file on the
filesystem when parts of the PMIx library are called by a process with
elevated privileges, resulting in privilege escalation. This may
happen under the default configuration of certain workload managers,
including Slurm.
It’s not actually alive, but it twitches in response to soy sauce.
As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.
Read my blog posting guidelines here.
A locally authenticated attacker with low privileges can bypass authentication due to insecure inter-process communication.
Ivanti Avalanche Printer Device Service Missing Authentication Local Privilege Escalation Vulnerability
Ivanti Avalanche Smart Device Service Missing Authentication Local Privilege Escalation Vulnerability
