The nvidia-modprobe utility, a setuid-root helper for the proprietary Nvidia GPU display driver, contained an information disclosure vulnerability in versions prior to 550.144.03. Unprivileged users were able to determine the existence of arbitrary files on the system via the wait3() system call.| SUSE Security Team Blog
Below is a tool for recording and displaying system data like hardware utilization and cgroup information. In Below versions up to and including version v0.8.1 a world writable log directory is created, which can lead to a local root exploit and other security issues.| SUSE Security Team Blog
kio-admin is a KDE component which allows to perform privileged file operations in GUI applications. A first request to add this package to openSUSE had been rejected by the SUSE security team in 2022. After careful reevaluation of the situation, this is about to change. This post explores the background of this development.| SUSE Security Team Blog
This PAM module allows to use smart cards as an authentication factor on Linux. In its 0.6.12 release the use of PAM_IGNORE return values introduced a regression that can lead to complete authentication bypass in some scenarios.| SUSE Security Team Blog
dde-api-proxy is a component of the Deepin desktop environment that provides backward compatibility for legacy D-Bus service and interface names. We discovered a major authentication flaw in the design of this D-Bus proxy component.| SUSE Security Team Blog
pam-u2f allows to use U2F (Universal 2nd Factor) devices like YubiKeys in the PAM authentication stack. Improper use of PAM_IGNORE return values in the module implementation could allow bypass of the second factor or password-less login without inserting the proper device.| SUSE Security Team Blog
SSSD (System Security Services Daemon) is a suite of daemons dealing with user authentication based on mechanisms like LDAP, Kerberos and FreeIPA. We found privilege escalation paths in a number of helper binaries running with raised Linux capabilities, when privilege separation is enabled.| SUSE Security Team Blog
In tuned version 2.23 new D-Bus methods have been added to its privileged daemon. We identified a couple of issues, including a local root exploit, in the additions.| SUSE Security Team Blog
Index ·| www.freedesktop.org