CVE-2017-6001

Race condition in kernel/events/core.c in the Linux kernel before 4.9.7 allows local users to gain privileges via a crafted application that makes concurrent perf_event_open system calls for moving a software group into a hardware context. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-6786.

Read More

CVE-2017-6074

The dccp_rcv_state_process function in net/dccp/input.c in the Linux kernel through 4.9.11 mishandles DCCP_PKT_REQUEST packet data structures in the LISTEN state, which allows local users to cause a denial of service (invalid free) or possibly have unspecified other impact via an application that makes an IPV6_RECVPKTINFO setsockopt system call.

Read More

CVE-2017-5986

Race condition in the sctp_wait_for_sndbuf function in net/sctp/socket.c in the Linux kernel before 4.9.11 allows local users to cause a denial of service (assertion failure and panic) via a multithreaded application that peels off an association in a certain buffer-full state.

Read More

A Typo in Zerocoin's Source Code helped Hackers Steal ZCoins worth $585,000

Are you a programmer?

If yes, then you would know the actual pain of… “forgetting a semicolon,” the hide and seek champion since 1958.

Typos annoy everyone. Remember how a hacker’s typo stopped the biggest bank heist in the history, saved $1 billion of Bangladesh bank from getting stolen.

But this time a typo in the Zerocoin source code costs the company more than $585,000 in losses.
<!–

Read More

Software and Security Information