Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -2 articles for you...
172
security advisorydenial of servicecriticalUbuntu 22.04 LTS: Qt Critical Denial of Service Risk 2025:7923-1
Qt could be made to crash or run programs as your login if it opened a specially crafted file.. ========================================================================== Ubuntu Security Notice USN-7923-1 December 11, 2025 qtbase-opensource-src vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS Summary: Qt could be made to crash or run programs as your login if it opened a specially crafted file. Software Description: - qtbase-opensource-src: Qt 5 libraries Details: It was discovered that Qt did not correctly handle certain memory operations. If a user or automated system were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause a denial of service or execute arbitrary code. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 22.04 LTS libqt5core5a 5.15.3+dfsg-2ubuntu0.2+esm2 Available with Ubuntu Pro libqt5gui5 5.15.3+dfsg-2ubuntu0.2+esm2 Available with Ubuntu Pro Ubuntu 20.04 LTS libqt5core5a 5.12.8+dfsg-0ubuntu2.1+esm2 Available with Ubuntu Pro libqt5gui5 5.12.8+dfsg-0ubuntu2.1+esm2 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-7923-1 CVE-2024-25580 . Examine the critical Qt security advisory for Ubuntu, which may allow denial of service or execution of code.. Ubuntu Security, Qt Security Update, Denial of Service, Application Security, Software Exploit. . Severity: Critical. LinuxSecurity.com Team
Dec 11, 2025
•Critical
Ubuntu
87
security advisorydenial of servicedebianDebian 8: DSA-3869-1 Moderate: tnef Input Validation DoS
It was discovered that tnef, a tool used to unpack MIME attachments of type "application/ms-tnef", did not correctly validate its input. An attacker could exploit this by tricking a user into opening a malicious attachment, which would result in a denial-of-service by . - ------------------------------------------------------------------------- Debian Security Advisory DSA-3869-1
Jun 01, 2017
Debian
172
security advisorydenial of servicecriticalUbuntu 8.04 LTS: USN-1613-2 Critical Python 2.4 Exploits Detected
Several security issues were fixed in Python 2.4.. =========================================================================Ubuntu Security Notice USN-1613-2 October 17, 2012 python2.4 vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 8.04 LTS Summary: Several security issues were fixed in Python 2.4. Software Description: - python2.4: An interactive high-level object-oriented language (version 2.4) Details: USN-1613-1 fixed vulnerabilities in Python 2.5. This update provides the corresponding updates for Python 2.4. Original advisory details: It was discovered that Python would prepend an empty string to sys.path under certain circumstances. A local attacker with write access to the current working directory could exploit this to execute arbitrary code. (CVE-2008-5983) It was discovered that the audioop module did not correctly perform input validation. If a user or automatated system were tricked into opening a crafted audio file, an attacker could cause a denial of service via application crash. (CVE-2010-1634, CVE-2010-2089) Giampaolo Rodola discovered several race conditions in the smtpd module. A remote attacker could exploit this to cause a denial of service via daemon outage. (CVE-2010-3493) It was discovered that the CGIHTTPServer module did not properly perform input validation on certain HTTP GET requests. A remote attacker could potentially obtain access to CGI script source files. (CVE-2011-1015) Niels Heinen discovered that the urllib and urllib2 modules would process Location headers that specify a redirection to file: URLs. A remote attacker could exploit this to obtain sensitive information or cause a denial of service. (CVE-2011-1521) It was discovered that SimpleHTTPServer did not use a charset parameter in the Content-Type HTTP header. An attacker could potentially exploit this to conductcross-site scripting (XSS) attacks against Internet Explorer 7 users. (CVE-2011-4940) It was discovered that Python distutils contained a race condition when creating the ~/.pypirc file. A local attacker could exploit this to obtain sensitive information. (CVE-2011-4944) It was discovered that SimpleXMLRPCServer did not properly validate its input when handling HTTP POST requests. A remote attacker could exploit this to cause a denial of service via excessive CPU utilization. (CVE-2012-0845) It was discovered that the Expat module in Python 2.5 computed hash values without restricting the ability to trigger hash collisions predictably. If a user or application using pyexpat were tricked into opening a crafted XML file, an attacker could cause a denial of service by consuming excessive CPU resources. (CVE-2012-0876) Tim Boddy discovered that the Expat module in Python 2.5 did not properly handle memory reallocation when processing XML files. If a user or application using pyexpat were tricked into opening a crafted XML file, an attacker could cause a denial of service by consuming excessive memory resources. (CVE-2012-1148) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 8.04 LTS: python2.4 2.4.5-1ubuntu4.4 python2.4-minimal 2.4.5-1ubuntu4.4 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-1613-2 https://ubuntu.com/security/notices/USN-1613-1 CVE-2008-5983, CVE-2010-1634, CVE-2010-2089, CVE-2010-3493, CVE-2011-1015, CVE-2011-1521, CVE-2011-4940, CVE-2011-4944, CVE-2012-0845, CVE-2012-0876, CVE-2012-1148 Package Information: https://launchpad.net/ubuntu/+source/python2.4/2.4.5-1ubuntu4.4 . In Ubuntu, various vulnerabilities found in Python 2.4 have been resolved, detailing corrective measures for users. Following the update, precautions areadvised to ensure system safety.. Python Security Updates, Ubuntu Python Advisory, Application Exploit Fixes. . Severity: Critical. LinuxSecurity.com Team
Oct 17, 2012
•Critical
Ubuntu
172
security advisorycritical issueUbuntuUbuntu USN-789-1 Critical: GStreamer Application Crash Threat
Tielei Wang discovered that GStreamer Good Plugins did not correctly handle malformed PNG image files. If a user were tricked into opening a crafted PNG image file with a GStreamer application, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. [More...]. ==========================================================Ubuntu Security Notice USN-789-1 June 22, 2009 gst-plugins-good0.10 vulnerability CVE-2009-1932 ========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 8.04 LTS Ubuntu 8.10 Ubuntu 9.04 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: gstreamer0.10-plugins-good 0.10.3-0ubuntu4.2 Ubuntu 8.04 LTS: gstreamer0.10-plugins-good 0.10.7-3ubuntu0.3 Ubuntu 8.10: gstreamer0.10-plugins-good 0.10.10.4-1ubuntu1.2 Ubuntu 9.04: gstreamer0.10-plugins-good 0.10.14-1ubuntu0.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Tielei Wang discovered that GStreamer Good Plugins did not correctly handle malformed PNG image files. If a user were tricked into opening a crafted PNG image file with a GStreamer application, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. Updated packages for Ubuntu 6.06 LTS: Source archives: Size/MD5: 27349 3a4dbe708038d20c1f2b177cbc664914 Size/MD5: 1471 c911e769ee2f817010cebf7b7c5366fe Size/MD5: 1782808 bfac20228cf6e9317a371a5f36feb8ae Architecture independent packages: Size/MD5: 75194 b275d98627d55e6b3fb258b6ef3dc55b amd64 architecture(Athlon64, Opteron, EM64T Xeon): Size/MD5: 33052 02b3482c6da81f7cea0bbd1f85c186bf Size/MD5: 1670366 88603470ab4c79ad7db6d2d13b59eff0 Size/MD5: 643272 9207ba28b58ad28eba3f630bf9b31cb2 i386 architecture (x86 compatible Intel/AMD): Size/MD5: 32444 d0097838c14cca9d9420d806dc11efe4 Size/MD5: 1524118 278d4afb0e2d8bd39ff6e6e69d5d1134 Size/MD5: 577144 88d88bba56fd8593e3f480d3098e9555 powerpc architecture (Apple Macintosh G3/G4/G5): Size/MD5: 34704 b79b032fb76435417b0fa45dfac341d3 Size/MD5: 1705318 4737fdad60a9d01504227d6738eb9f06 Size/MD5: 699764 f694f469d97bef0d297f5facbdb8f5b2 sparc architecture (Sun SPARC/UltraSPARC): Size/MD5: 32940 f28623b18f682b3e995a96c40f1a46d2 Size/MD5: 1546638 f451cb4a12cb0429a3e69c2ce213649a Size/MD5: 619150 42a63574860e88c4fab6377f4552eb59 Updated packages for Ubuntu 8.04 LTS: Source archives: Size/MD5: 27885 0fbeda89c2b4ece6080e43f9cd1b6cf8 Size/MD5: 2161 53c204e2d6b78ba44b58bcb09b8a7ed9 Size/MD5: 2679804 2832ded1d6be0356d77689b6ca1b5f83 Architecture independent packages: Size/MD5: 150412 b596937a505e07379fa570e23f4359cd amd64 architecture (Athlon64, Opteron, EM64T Xeon): Size/MD5: 45338 b7de8f68eb12e5a621daa17b4acc179b Size/MD5: 2409536 34397a0dfccd85d150070861387be8c9 Size/MD5: 933304 544e6799a7376275c9e522b75fa944a3 i386 architecture (x86 compatible Intel/AMD): Size/MD5: 45008 8173bc4d91e793f4f7643de2da8eb02e Size/MD5: 2314164 df2398a644d53bec87342b0e24ea665b Size/MD5: 873248 fda02e5dfeaecec7a60ed642563d7a02 lpia architecture (Low Power Intel Architecture): Size/MD5: 44830 1c44aef4dcb0a8ac853976f8cd4b2950 Size/MD5: 2344150 0fe5102f4c186a6e3b20a3c3d15b5fdb Size/MD5: 85992684b8b0e3148d626598e19295ef31deda powerpc architecture (Apple Macintosh G3/G4/G5): Size/MD5: 45958 503316da7a0f2ba4f9455a004585f541 Size/MD5: 2441708 dfa4a820e747f62d2953c841922143cb Size/MD5: 992152 0b6644292b0b9ba7d2f2e9576a45b18e sparc architecture (Sun SPARC/UltraSPARC): Size/MD5: 45034 cd07a442548532d76e20c3f335165f9f Size/MD5: 2281342 ba5bc8d0675bd2c3c5f1c17cfca28467 Size/MD5: 905468 41f4bd6a1cc342b91ee22c040f19ae4e Updated packages for Ubuntu 8.10: Source archives: Size/MD5: 33802 2c2756a7edd424dd081bb39803c74f92 Size/MD5: 2761 15ef48d59d3e350633052ae50ac9dcf6 Size/MD5: 3176916 1ed4e64beb386631a127af49a1e05946 Architecture independent packages: Size/MD5: 189464 ec6d4868fe27776140e681999c0ec6b6 amd64 architecture (Athlon64, Opteron, EM64T Xeon): Size/MD5: 49240 b92b4bd4eb61a0b388f7c9ef1360446f Size/MD5: 2972572 c02b82f35d22cd1c69adab5c39652683 Size/MD5: 1096896 4420ad63ff05e178f45eea9160d6c060 Size/MD5: 66966 6942e52dabb0cd50b904846d4fd1ae4a i386 architecture (x86 compatible Intel/AMD): Size/MD5: 49050 34a1b7d42744bb1d1179c7d7ca8adb68 Size/MD5: 2858518 c8e3173d8e0906a46b6b01d1b660aded Size/MD5: 1029580 b125b38ab088f72e801fa2df87afe8a5 Size/MD5: 64636 2e561a83a96defb42c017e3596aea353 lpia architecture (Low Power Intel Architecture): Size/MD5: 48974 24c3650c2936c806479dc6cd0069da0d Size/MD5: 2900892 008a606339d8158213d0365f9b2cc873 Size/MD5: 1016718 d927a710b52fc6f046b9c3dad44cb0a2 Size/MD5: 64770 92a96ea72fc6035dc1ada532428fc600 powerpc architecture (Apple Macintosh G3/G4/G5): Size/MD5: 50154 0ce937ab41a1a9fda1b5eaf1a95bd493 Size/MD5: 3014056 f49161a0eada3bc9e460363fa99db125 Size/MD5: 1167944 6156ff68cd58252daed3d5af827de1a5 Size/MD5: 66866 ced96995650e0286b400c38d8473b1ff sparc architecture (Sun SPARC/UltraSPARC): Size/MD5: 49086 f65d43ab98f959c85155528c50c1ba81 Size/MD5: 2806342 e7eeb33767762c7bc73bd1c110033321 Size/MD5: 1074570 4a1ab1b21323a958e5075ec4aa5ff749 Size/MD5: 64424 5ec9581a6de23b54ec6bdfc7f3f80707 Updated packages for Ubuntu 9.04: Source archives: Size/MD5: 27637 1c08f11db50720025ff19e1035ae00d5 Size/MD5: 2879 f62455d6fe7049f6eaa966454e51ecc6 Size/MD5: 3276723 62f629637bcfa82d47eb1baeb22a3d25 Architecture independent packages: Size/MD5: 216478 288ec8124f18796c215d4debf7170ddb amd64 architecture (Athlon64, Opteron, EM64T Xeon): Size/MD5: 52328 2636fccfee65237146501df73286a8f4 Size/MD5: 3064176 79e3245dbbecc46f770d3b67af1b8d82 Size/MD5: 1130840 3bc798ef7521214012fc79f11bc5f4ad Size/MD5: 73240 d4304455d75a3a6fb0bf6813e482851c i386 architecture (x86 compatible Intel/AMD): Size/MD5: 52130 ff75d8a2dcbf8cefa37c118162de7f5b Size/MD5: 2949808 ba444ea6fafda873627032372ec1bbe9 Size/MD5: 1064914 758b7936c41201e7d8fedbc95497a81b Size/MD5: 70332 f0833349e6ac2ce7ca3c123886887027 lpia architecture (Low Power Intel Architecture): Size/MD5: 52056 caac1c8098071caa1e2a671bd65830a0 Size/MD5: 2989510 77a33bce96ba901779e8eda3ae09886a Size/MD5: 1050842 03c739d9d21c5e19a98917dadc2c9c01 Size/MD5: 70310 7e66f9006bd55d586db653b68ebf27ec powerpc architecture (Apple Macintosh G3/G4/G5): Size/MD5: 53200 a5e43580173b54677654a624e07539a0 Size/MD5: 3119404 0e3f727eb6c234c72a47df9f96e0abb5 Size/MD5: 1207890 29f538f3c4775d22880bd58a551c47d9 Size/MD5: 73064 ba5108dc480d67c9926888e11047a81e sparc architecture (Sun SPARC/UltraSPARC): Size/MD5: 52142f403ac655bcf3cf816a50e910b0721fe Size/MD5: 2905714 5222ac761886e46e96b0339f23211d2d Size/MD5: 1100384 cd8b908f962d776cb120eae0e1ebf22b Size/MD5: 70324 980d2ebe8f970986ac86e26ec985dafc . Uncover the significant GStreamer Good Plugins vulnerability impacting Ubuntu users and the essential patches required to protect your environment.. GStreamer Good Plugins,Ubuntu Security,Denial of Service,Security Update. . Severity: Critical. LinuxSecurity.com Team
Jun 22, 2009
•Critical
Ubuntu
91
security advisoryGentoointeger overflowGentoo: GLSA-200903-37 Normal: Ghostscript Integer Overflow Security Risk
Multiple integer overflows in the Ghostscript ICC library might allow for user-assisted execution of arbitrary code.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200903-37 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Ghostscript: User-assisted execution of arbitrary code Date: March 23, 2009 Bugs: #261087 ID: 200903-37 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Multiple integer overflows in the Ghostscript ICC library might allow for user-assisted execution of arbitrary code. Background ========= Ghostscript is an interpreter for the PostScript language and the Portable Document Format (PDF). Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 app-text/ghostscript-gpl < 8.64-r2 > = 8.64-r2 2 app-text/ghostscript-gnu < 8.62.0 > = 8.62.0 3 app-text/ghostscript-esp
Mar 23, 2009
Gentoo
172
security advisorydenial of serviceUbuntu 6.06Ubuntu 6.06 LTS: USN-611-2 Critical: Vorbis-Tools DoS Threat
It was discovered that Speex did not properly validate its input when processing Speex file headers. If a user or automated system were tricked into opening a specially crafted Speex file, an attacker could create a denial of service in applications linked against Speex or possibly execute arbitrary code as the user invoking the program. . =========================================================== Ubuntu Security Notice USN-611-2 May 08, 2008 vorbis-tools vulnerability CVE-2008-1686 ========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 7.04 Ubuntu 7.10 Ubuntu 8.04 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: vorbis-tools 1.1.1-3ubuntu0.1 Ubuntu 7.04: vorbis-tools 1.1.1-6ubuntu0.1 Ubuntu 7.10: vorbis-tools 1.1.1-13ubuntu0.1 Ubuntu 8.04 LTS: vorbis-tools 1.1.1-15ubuntu0.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: USN-611-1 fixed a vulnerability in Speex. This update provides the corresponding update for ogg123, part of vorbis-tools. Original advisory details: It was discovered that Speex did not properly validate its input when processing Speex file headers. If a user or automated system were tricked into opening a specially crafted Speex file, an attacker could create a denial of service in applications linked against Speex or possibly execute arbitrary code as the user invoking the program. Updated packages for Ubuntu 6.06 LTS: Source archives: Size/MD5: 29084 20fb2753a882cb5770c352cd957f41c1 Size/MD5: 826 d40b247eda78ab928d2501e538c91b2d Size/MD5: 950614 6b4c7fea98b2cd12bef440d42fdfb2f1 amd64 architecture (Athlon64, Opteron, EM64T Xeon): Size/MD5: 107424 4fa2d0ff3ac663e039679bc3f947118e i386 architecture (x86 compatible Intel/AMD): Size/MD5: 92986 294efb535da9ff1dda7bc8d881e9d46e powerpc architecture (Apple Macintosh G3/G4/G5): Size/MD5: 109956 70ffe2ed8d86419387a15d77e589eef4 sparc architecture (Sun SPARC/UltraSPARC): Size/MD5: 95528 35e5d78f7b692863232e45e555da35b2 Updated packages for Ubuntu 7.04: Source archives: Size/MD5: 31401 3c24fe5828a5790f7f724ae98467c1a7 Size/MD5: 859 28c969727377cf6f1591c3f1e9fe5cdb Size/MD5: 950614 6b4c7fea98b2cd12bef440d42fdfb2f1 amd64 architecture (Athlon64, Opteron, EM64T Xeon): Size/MD5: 110322 d31b543e6a06d35e1b0297228660dcc1 i386 architecture (x86 compatible Intel/AMD): Size/MD5: 100934 56c48cb1157f2644fdc8954f07630b9e powerpc architecture (Apple Macintosh G3/G4/G5): Size/MD5: 125222 ed7a79c193355330d500b322d6a256d0 sparc architecture (Sun SPARC/UltraSPARC): Size/MD5: 102134 d0d3e30a89102d11ca88a656a5619978 Updated packages for Ubuntu 7.10: Source archives: Size/MD5: 40975 d7e5ba00f7629c843779ec00f50831e5 Size/MD5: 902 787ae85eff1f2533e68aa3b9377622a9 Size/MD5: 950614 6b4c7fea98b2cd12bef440d42fdfb2f1 amd64 architecture (Athlon64, Opteron, EM64T Xeon): Size/MD5: 108396 79fe314fab4f5e1afe658afece63d4f9 i386 architecture (x86 compatible Intel/AMD): Size/MD5: 99358 6a1222becc5ad41d8e26104c1770511d lpia architecture (Low Power Intel Architecture): Size/MD5: 98500 44203df14c92be6ff616d71c3843ffe4 powerpc architecture (Apple Macintosh G3/G4/G5): Size/MD5: 123072 bb20a39e83b5c5e80904b77abe35be0b sparc architecture (Sun SPARC/UltraSPARC): Size/MD5: 100534 00e0b3c6fc2aed27afda7db0573b1277 Updated packagesfor Ubuntu 8.04 LTS: Source archives: Size/MD5: 41129 adee01388a841943dfc773e69aa7c991 Size/MD5: 902 ced28a3a9262f207bf920767f2076c9d Size/MD5: 950614 6b4c7fea98b2cd12bef440d42fdfb2f1 amd64 architecture (Athlon64, Opteron, EM64T Xeon): Size/MD5: 108286 fc09e3da4299f2d872307f4d560ac3fa i386 architecture (x86 compatible Intel/AMD): Size/MD5: 99124 80df06b6c861b4ff067b732ef7dd1714 lpia architecture (Low Power Intel Architecture): Size/MD5: 98766 8ed8a4db3d6c8e187082fc419b6f064a powerpc architecture (Apple Macintosh G3/G4/G5): Size/MD5: 123398 ffad34172472d3a81afad2e4ad5b4814 sparc architecture (Sun SPARC/UltraSPARC): Size/MD5: 100092 7f5f744ffacb4f27fb1b3ebfb3c86ea2 . An update from Ubuntu Security Notice highlights a vulnerability in the input validation of Speex that could lead to denial of service and the possibility of executing malicious code.. vorbis tools, Speex security, denial of service threat, Speex vulnerability. . Severity: Critical. LinuxSecurity.com Team
May 08, 2008
•Critical
Ubuntu
91
security advisorygentoobuffer overflowGentoo: GLSA 200407-11 Normal: wv Buffer Overflow Risk For Code Execution
A buffer overflow vulnerability exists in the wv library that can allow an attacker to execute arbitrary code with the privileges of the user running the vulnerable application. [More...]. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200407-11 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: wv: Buffer overflow vulnerability Date: July 14, 2004 Bugs: #56595 ID: 200407-11 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= A buffer overflow vulnerability exists in the wv library that can allow an attacker to execute arbitrary code with the privileges of the user running the vulnerable application. Background ========= The wv library allows access to MS Word files. It can parse Word files and allow other applications, such as abiword, to import those files into their native formats. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 app-text/wv < 1.0.0-r1 > = 1.0.0-r1 Description ========== A use of strcat without proper bounds checking leads to an exploitable buffer overflow. The vulnerable code is executed when wv encounters an unrecognized token, so a specially crafted file, loaded in wv, can trigger the vulnerable code and execute it's own arbitrary code. This exploit is only possible when the user loads the document into HTML view mode. Impact ===== By inducing a user into running wv on a special file, an attacker can execute arbitrary code with the permissions of the userrunning the vulnerable program. Workaround ========= Users should not view untrusted documents with wvHtml or applications using wv. When loading an untrusted document in an application using the wv library, make sure HTML view is disabled. Resolution ========= All users should upgrade to the latest available version. # emerge sync # emerge -pv "> =app-text/wv-1.0.0-r1" # emerge "> =app-text/wv-1.0.0-r1" References ========= [ 1 ] iDEFENSE Security Advisory ;type=vulnerabilities&flashstatus=true Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/200407-11 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to
Jul 14, 2004
Gentoo
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!