ite this detailed analysis! We are
extremely happy that our advisory has been useful.
With best regards,
--
the Qualys Security Advisory team
Qualys Security Advisory
regreSSHion: RCE in OpenSSH's server, on glibc-based Linux systems
(CVE-2024-6387)
Contents
Summary
SSH-2.0-OpenSSH_
g limits along the way, but the first
one is PACKET_MAX_SIZE, which limits the size of a packet (and hence the
strings it contains) to 256KB (and this is pre-authentication, so no
compression tricks are possible, here).
Thank you very much! With best regards,
--
the Qualys Security Advisory team
With best regards,
--
the Qualys Security Advisory team
s Qualys for the outstanding research and detailed report (as always).
Thank you very much for your kind words! With best regards,
--
the Qualys Security Advisory team
Qualys Security Advisory
LPEs in needrestart (CVE-2024-48990, CVE-2024-48991, CVE-2024-48992,
CVE-2024-10224, and CVE-2024-11003)
Contents
Summary
curity team. We are of course at your
disposal for questions, comments, and further discussions. Thank you
very much!
With best regards,
-- the Qualys Security Advisory team
While looking into commit 6f0ea84 ("assert:
Hi all,
On Wed, Jan 22, 2025 at 01:41:36PM +, Qualys Security Advisory wrote:
> Today (January 22, 2025) a Bugzilla entry and a patch proposal for this
> vulnerability have been published:
The final patch has already been committed and backported, all the links
are available in Bu
Qualys Security Advisory
Three bypasses of Ubuntu's unprivileged user namespace restrictions
Contents
Summary
Bypass via aa-exec
Bypas
icular C)
> software: it kills and will kill again.
:-) Also:
https://www.openwall.com/lists/oss-security/2025/03/15/1
Thank you very much! With best regards,
--
the Qualys Security Advisory team
be exploitable, but
we have not investigated it further for now because we do not know any
multithreaded SUID program that contains a reachable assertion failure.
Thanks again, and hopefully this helps! With best regards,
--
the Qualys Security Advisory team
Qualys Security Advisory
CVE-2025-26465: MitM attack against OpenSSH's VerifyHostKeyDNS-enabled
client
CVE-2025-26466: DoS attack against OpenSSH's client and server
===
appearance of such issues?
Maybe someone from CodeQL or GitHub Security Lab could chime in or help
with this? Again, just thinking out loud.
Thank you very much! With best regards,
--
the Qualys Security Advisory team
--
the Qualys Security Advisory team
Qualys Security Advisory
Local information disclosure in apport and systemd-coredump
(CVE-2025-5054 and CVE-2025-4598)
Contents
Summary
Mitigation
Qualys Security Advisory
CVE-2025-6018: LPE from unprivileged to allow_active in *SUSE 15's PAM
CVE-2025-6019: LPE from allow_active to root in libblockdev via udisks
Con
Hi all,
Attached to this email are the two libblockdev/udisks patches that we
sent to the linux-distros@openwall last week.
Thank you very much! We are at your disposal for questions, comments,
and further discussions.
With best regards,
--
the Qualys Security Advisory team
From
17 matches
Mail list logo
