Every curl security report starts out with someone submitting an issue to us on https://hackerone.com/curl. The reporter tells us what they suspect and what they think the problem is. This report is kept private, visible only to the curl security team and the reporter while we work on it. In recent months we have gotten … Continue reading From suspicion to published curl CVE →| daniel.haxx.se
Kea is the next generation DHCP server suite offered by the Internet Systems Consortium (ISC). During a routine review we found a local root exploit and a number of further local vulnerabilities in its REST API, affecting Kea packages found in many Linux and BSD distributions.| SUSE Security Team Blog
Screen is the traditional terminal multiplexer software used on Linux and Unix systems. We found a local root exploit in Screen 5.0.0 affecting Arch Linux and NetBSD, as well as a couple of other issues that partly also affect older Screen versions, which are still found in the majority of distributions.| SUSE Security Team Blog
Below is a tool for recording and displaying system data like hardware utilization and cgroup information. In Below versions up to and including version v0.8.1 a world writable log directory is created, which can lead to a local root exploit and other security issues.| SUSE Security Team Blog
This PAM module allows to use smart cards as an authentication factor on Linux. In its 0.6.12 release the use of PAM_IGNORE return values introduced a regression that can lead to complete authentication bypass in some scenarios.| SUSE Security Team Blog
Table of Contents| oss-security.openwall.org
