Red Hat Security Blog: July 2015 archives

  • Remote code execution via serialized data

    Most programming languages contain powerful features, that used correctly are incredibly powerful, but used incorrectly can be incredibly dangerous. Serialization (and deserialization) is one such feature available in most modern programming languages. As mentioned in a previous article: “Serialization is a feature of programming languages that allows the state of in-memory objects to be represented in a standard format, which can be written to disk or transmitted across a network.”   So...
    Posted 2015-07-29T13:30:31+00:00 - 0
  • libuser vulnerabilities

    Updated 2015-07-24 @ 12:33 UTC It was discovered that the libuser library contains two vulnerabilities which, in combination, allow unprivileged local users to gain root privileges. libuser is a library that provides read and write access to files like /etc/passwd, which constitute the system user and group database. On Red Hat Enterprise Linux it is a central system component. What is being disclosed today? Qualys reported two vulnerabilities: CVE-2015-3245: The userhelper program allows...
    Posted 2015-07-23T18:00:56+00:00 - 0