Backdoor in upstream xz/liblzma leading to ssh server compromise openwall.com/lists/oss-secu…
Open Source Security mailing list
23.7K posts
Open Source Security mailing list
@oss_security
@Openwall oss-security mailing list thread summaries, currently maintained by @solardiz. Originally setup and maintained as an automated feed by @eugeneteo.
Joined August 2009
- Re: double-free vulnerability in OpenSSH server 9.1 (CVE-2023-25136): Posted by Qualys Security Advisory on Feb 13Hi all, Quick update: we were able to gain arbitrary control of the "rip" register through this bug (i.e., we can jump wherever we want… dlvr.it/SjLhky
- CVE-2024-31497: PuTTY: Secret Key Recovery of NIST P-521 Private Keys Through Biased ECDSA Nonces openwall.com/lists/oss-secu… Affected Products - PuTTY 0.68 - 0.80 - FileZilla 3.24.1 - 3.66.5 - WinSCP 5.9.5 - 6.3.2 - TortoiseGit 2.4.0.2 - 2.15.0 - TortoiseSVN 1.10.0 - 1.14.6
- CVE-2018-6954: systemd-tmpfiles root privilege escalation by following non-terminal symlinks: Posted by Michael Orlitzky on Dec 21Product: systemd (tmpfiles) Versions-affected: 239 and earlier Author: Michael Orlitzky Fixed-in: v240 Bug-report:… dlvr.it/Qv88sr
- CVE-2025-55188: 7-Zip: Arbitrary file write on extraction, may lead to code execution openwall.com/lists/oss-secu…
- zlib memory corruption on deflate (i.e. compress): Posted by Tavis Ormandy on Mar 23Greetings list, I was recently trying to track down a reproducible crash in a compressor. Believe it or not, it really was a bug in zlib-1.2.11 when compressing (not… dlvr.it/SMGbHF
- CVE-2022-1972: out-of-bound write in Linux netfilter subsystem leads to local privilege escalation: Posted by 张子明(明程) on Jun 02Hello, An out-of-bound write vulnerability was identified within the netfilter subsystem which can be exploited to… dlvr.it/SRV16J
- OpenVPN CVE-2017-12166: remote buffer overflow: Posted by Guido Vranken on Sep 28This concerns a remote buffer… dlvr.it/Pr0qFy
- CVE-2025-54988: Apache Tika PDF parser module: XXE vulnerability in PDFParser's handling of XFA openwall.com/lists/oss-secu… Severity: critical
- Re: Linux Kernel eBPF Improper Input Validation Vulnerability: Posted by tr3e wang on Jun 07Hi, The exploit code can be found at github.com/tr3ee/CVE-2022… Alexander, thanks for the update and for helping me post the exploit code, I suffered from… dlvr.it/SRlwLT
- CVE-2024-0582: Linux kernel use-after-free vulnerability in io_uring, writeup and exploit strategy openwall.com/lists/oss-secu…Just published a post on exploiting CVE-2024-0582, a vulnerability in the Linux kernel that remained unpatched in Ubuntu for over two months. Hope you enjoy it! blog.exodusintel.com/2024/03/27/min…
- Linux Kernel: Race Condition in snd_pcm_hw_free leading to use-after-free: Posted by Hu Jiahui on Mar 28This is the original report about CVE-2022-1048. Patch: lore.kernel.org/all/2022032217… () suse de/#t ---------- Forwarded message --------- 发件人:… dlvr.it/SMWgW3
- Re: Our learnings from 42 Linux kernel exploits, we are limiting io_uring: Posted by Marcus Meissner on Jul 25Hi, yanglingxi1993.github.io/dirty_pagetabl… has been updated with exploit information. I tried to backtrack through kernel git to find the exact commit… dlvr.it/Ssj5Tb
- CVE-2022-1462: Linux kernel: A race condition vulnerability in drivers/tty/tty_buffers.c: Posted by 一只狗 on May 27this vulnerability comes from commit( github.com/torvalds/linux…) this commit suggest do tty_flip_buffer_push without port->lock in… dlvr.it/SR9hGk
