Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -4 articles for you...
203
security advisoryimportantvimMageia 9: Critical Vim Path Traversal Corrections for MGASA-2025-0226
MGASA-2025-0226 - Updated vim packages fix vulnerabilities. MGASA-2025-0226 - Updated vim packages fix vulnerabilities Publication date: 02 Sep 2025 URL: https://advisories.mageia.org/MGASA-2025-0226.html Type: security Affected Mageia releases: 9 CVE: CVE-2025-53905, CVE-2025-53906 Description: Path traversal issue with tar.vim and special crafted tar archives in Vim < 9.1.1552. (CVE-2025-53905) Path traversal issue with zip.vim and special crafted zip archives in Vim < v9.1.1551. (CVE-2025-53906) References: - https://bugs.mageia.org/show_bug.cgi?id=34486 - https://www.openwall.com/lists/oss-security/2025/07/15/1 - https://www.openwall.com/lists/oss-security/2025/07/15/2 - https://www.cve.org/CVERecord?id=CVE-2025-53905 - https://www.cve.org/CVERecord?id=CVE-2025-53906 SRPMS: - 9/core/vim-9.1.1552-1.mga9 . Enhancements for vim modules in Mageia address critical vulnerabilities linked to directory navigation flaws within certain compressed file types.. Mageia Security, Vim Packages, Path Traversal, Archive Exploits, Important Updates. . Severity: Critical. LinuxSecurity.com Team
Sep 02, 2025
•Critical
Mageia
203
security advisoryinformation disclosurearchive exploitMageia 7 MGASA-2020-0323 Critical: Ark File Path Exploit
A maliciously crafted archive with "../" in the file paths would install files anywhere in the user's home directory upon extraction (CVE-2020-16116). References: - https://bugs.mageia.org/show_bug.cgi?id=27023 . MGASA-2020-0323 - Updated ark packages fix security vulnerability Publication date: 18 Aug 2020 URL: https://advisories.mageia.org/MGASA-2020-0323.html Type: security Affected Mageia releases: 7 CVE: CVE-2020-16116 A maliciously crafted archive with "../" in the file paths would install files anywhere in the user's home directory upon extraction (CVE-2020-16116). References: - https://bugs.mageia.org/show_bug.cgi?id=27023 - https://kde.org/info/security/advisory-20200730-1.txt - https://www.cve.org/CVERecord?id=CVE-2020-16116 SRPMS: - 7/core/ark-19.04.0-1.1.mga7 . Mageia has released a security patch to address a vulnerability in the ark package that allowed unauthorized file changes during extraction. More details available. mageia security, ark package update, archive exploit, file path issue. . Severity: Critical. LinuxSecurity.com Team
Aug 18, 2020
•Critical
Mageia
172
security advisorymoderatefile overwriteUbuntu 18.04 LTS: 3684-1 Moderate: Perl Archive File Overwrite
Perl could be made to overwrite arbitrary files if it received a specially crafted archive file.. =========================================================================Ubuntu Security Notice USN-3684-1 June 13, 2018 perl vulnerability ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 18.04 LTS - Ubuntu 17.10 - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS Summary: Perl could be made to overwrite arbitrary files if it received a specially crafted archive file. Software Description: - perl: Practical Extraction and Report Language Details: It was discovered that Perl incorrectly handled certain archive files. An attacker could possibly use this to overwrite arbitrary files. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS: perl 5.26.1-6ubuntu0.1 Ubuntu 17.10: perl 5.26.0-8ubuntu1.2 Ubuntu 16.04 LTS: perl 5.22.1-9ubuntu0.5 Ubuntu 14.04 LTS: perl 5.18.2-2ubuntu1.6 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-3684-1 CVE-2018-12015 Package Information: https://launchpad.net/ubuntu/+source/perl/5.26.1-6ubuntu0.1 https://launchpad.net/ubuntu/+source/perl/5.26.0-8ubuntu1.2 https://launchpad.net/ubuntu/+source/perl/5.22.1-9ubuntu0.5 https://launchpad.net/ubuntu/+source/perl/5.18.2-2ubuntu1.6 . Uncover the June 2018 advisory for Ubuntu concerning perl weaknesses that permit file overwriting through specially crafted archive files.. Ubuntu Security Notice, Perl Exploit, File Overwrite Risk, Ubuntu Advisory. . LinuxSecurity.com Team
Jun 13, 2018
Ubuntu
172
security advisorycriticalfile handlingUbuntu: 953-1 Critical: Fastjar File Handling Overwrite Threat
Dan Rosenberg discovered that fastjar incorrectly handled file paths containing ".." when unpacking archives. If a user or an automated system were tricked into unpacking a specially crafted jar file, arbitrary files could be overwritten with user privileges. [More...]. ==========================================================Ubuntu Security Notice USN-953-1 June 21, 2010 fastjar vulnerability CVE-2010-0831 ========================================================== A security issue affects the following Ubuntu releases: Ubuntu 8.04 LTS Ubuntu 9.04 Ubuntu 9.10 Ubuntu 10.04 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 8.04 LTS: fastjar 2:0.95-1ubuntu2.1 Ubuntu 9.04: fastjar 2:0.97-3ubuntu0.1 Ubuntu 9.10: fastjar 2:0.98-1ubuntu0.9.10.1 Ubuntu 10.04 LTS: fastjar 2:0.98-1ubuntu0.10.04.1 In general, a standard system update will make all the necessary changes. Details follow: Dan Rosenberg discovered that fastjar incorrectly handled file paths containing ".." when unpacking archives. If a user or an automated system were tricked into unpacking a specially crafted jar file, arbitrary files could be overwritten with user privileges. Updated packages for Ubuntu 8.04 LTS: Source archives: Size/MD5: 14652 0bbecbfd445a41af5fac64225180626f Size/MD5: 688 37c0afbe767cd560f19f444c518f9e9a Size/MD5: 593955 92a70f9e56223b653bce0f58f90cf950 amd64 architecture (Athlon64, Opteron, EM64T Xeon): Size/MD5: 84840 92c639fcce37474a468a243a26a9ead6 i386 architecture (x86 compatible Intel/AMD): Size/MD5: 45128 b0d21c6467fe96f13ed0b6c71c96fd76 lpia architecture (Low Power Intel Architecture): Size/MD5: 45394082ac97eca4af7ed2e04576027240d98 powerpc architecture (Apple Macintosh G3/G4/G5): Size/MD5: 47688 b5b71b34bd0d6933356e0f667be92d34 sparc architecture (Sun SPARC/UltraSPARC): Size/MD5: 46654 cd6104ab543567ea3b9d3af71812cb64 Updated packages for Ubuntu 9.04: Source archives: Size/MD5: 4303 f685e7715cc6ef5f819cb1408d4fadba Size/MD5: 1077 4ea02be4634886678ad56803e595a74c Size/MD5: 676393 2659f09c2e43ef8b7d4406321753f1b2 amd64 architecture (Athlon64, Opteron, EM64T Xeon): Size/MD5: 91000 834e980e9d7f6f58ee0a861f96a374f2 i386 architecture (x86 compatible Intel/AMD): Size/MD5: 48910 416f5950f1d5f679aaf69977bdf3e893 lpia architecture (Low Power Intel Architecture): Size/MD5: 49010 4d5680c65c5b00559cfd11eb3d05ab18 powerpc architecture (Apple Macintosh G3/G4/G5): Size/MD5: 50538 e2dca54f24d0c4a0adc6f8b56639a7f4 sparc architecture (Sun SPARC/UltraSPARC): Size/MD5: 50536 6d85158ea3212a93e5dc36ee9829d5e1 Updated packages for Ubuntu 9.10: Source archives: Size/MD5: 4095 fa64ab3ca694288d157c37b4571a1781 Size/MD5: 1097 85d8021aa363a9a2ca0025b994408139 http://security.ubuntu.com/ubuntu/pool/main/f/fastjar/fastjar_0.98.orig.tar.gz Size/MD5: 717984 d2d264d343d4d0e1575832cc1023c3bf amd64 architecture (Athlon64, Opteron, EM64T Xeon): Size/MD5: 91004 ed7dedc416f0c2f94c9a941cbffb8f98 i386 architecture (x86 compatible Intel/AMD): Size/MD5: 48924 338dd4ba551b8217917e36846ef6e199 lpia architecture (Low Power Intel Architecture): Size/MD5: 49194 1cd1de1d62b913a4ceca1a7f9837d8c0 powerpc architecture (Apple Macintosh G3/G4/G5): Size/MD5: 50286 4b43f23dbac8b065e984e23906328671 sparc architecture (Sun SPARC/UltraSPARC): Size/MD5: 50428 30ff3e7a9e9a88383d2113fcd38a9f1a Updated packagesfor Ubuntu 10.04: Source archives: Size/MD5: 4192 d1079eedbcf9a0bfb3fd270a91e49fb9 Size/MD5: 1101 feeaadc1dc54e396da69a69ade68116a http://security.ubuntu.com/ubuntu/pool/main/f/fastjar/fastjar_0.98.orig.tar.gz Size/MD5: 717984 d2d264d343d4d0e1575832cc1023c3bf amd64 architecture (Athlon64, Opteron, EM64T Xeon): Size/MD5: 90958 a088a28e94c4d3240ffa5394d3ead692 i386 architecture (x86 compatible Intel/AMD): Size/MD5: 49018 567ebb9983b24d76b7e0149f8a03a959 powerpc architecture (Apple Macintosh G3/G4/G5): Size/MD5: 50532 47cf2e79000cb83f550d01e9748eedfc sparc architecture (Sun SPARC/UltraSPARC): Size/MD5: 51216 8ce8b35ae84d7f33fb499a99432ffb64 . Ubuntu Security Alert USN-953-1 addresses vulnerabilities associated with fastjar file directory concerns that can jeopardize user safety.. Fastjar Patch, Ubuntu Security Notice, File Handling Issue. . Severity: Critical. LinuxSecurity.com Team
Jun 21, 2010
•Critical
Ubuntu
98
security advisorymoderatesecurity issueRed Hat: RHSA-2010:0142-01 Moderate: Tar Heap Overflow Issue
An updated tar package that fixes one security issue is now available for Red Hat Enterprise Linux 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team.. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: tar security update Advisory ID: RHSA-2010:0142-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2010:0142.html Issue date: 2010-03-15 CVE Names: CVE-2010-0624 ==================================================================== 1. Summary: An updated tar package that fixes one security issue is now available for Red Hat Enterprise Linux 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 3. Description: The GNU tar program saves many files together in one archive and can restore individual files (or all of the files) from that archive. A heap-based buffer overflow flaw was found in the way tar expanded archive files. If a user were tricked into expanding a specially-crafted archive, it could cause the tar executable to crash or execute arbitrary code with the privileges of the user running tar. (CVE-2010-0624) Red Hat would like to thank Jakob Lell for responsibly reporting this issue. Users of tar are advised to upgrade to this updated package, which contains a backported patch to correct this issue. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network toapply this update are available at 5. Bugs fixed (http://bugzilla.redhat.com/): 564368 - CVE-2010-0624 tar, cpio: Heap-based buffer overflow by expanding a specially-crafted archive 6. Package List: Red Hat Enterprise Linux AS version 3: Source: i386: tar-1.13.25-16.RHEL3.i386.rpm tar-debuginfo-1.13.25-16.RHEL3.i386.rpm ia64: tar-1.13.25-16.RHEL3.ia64.rpm tar-debuginfo-1.13.25-16.RHEL3.ia64.rpm ppc: tar-1.13.25-16.RHEL3.ppc.rpm tar-debuginfo-1.13.25-16.RHEL3.ppc.rpm s390: tar-1.13.25-16.RHEL3.s390.rpm tar-debuginfo-1.13.25-16.RHEL3.s390.rpm s390x: tar-1.13.25-16.RHEL3.s390x.rpm tar-debuginfo-1.13.25-16.RHEL3.s390x.rpm x86_64: tar-1.13.25-16.RHEL3.x86_64.rpm tar-debuginfo-1.13.25-16.RHEL3.x86_64.rpm Red Hat Desktop version 3: Source: i386: tar-1.13.25-16.RHEL3.i386.rpm tar-debuginfo-1.13.25-16.RHEL3.i386.rpm x86_64: tar-1.13.25-16.RHEL3.x86_64.rpm tar-debuginfo-1.13.25-16.RHEL3.x86_64.rpm Red Hat Enterprise Linux ES version 3: Source: i386: tar-1.13.25-16.RHEL3.i386.rpm tar-debuginfo-1.13.25-16.RHEL3.i386.rpm ia64: tar-1.13.25-16.RHEL3.ia64.rpm tar-debuginfo-1.13.25-16.RHEL3.ia64.rpm x86_64: tar-1.13.25-16.RHEL3.x86_64.rpm tar-debuginfo-1.13.25-16.RHEL3.x86_64.rpm Red Hat Enterprise Linux WS version 3: Source: i386: tar-1.13.25-16.RHEL3.i386.rpm tar-debuginfo-1.13.25-16.RHEL3.i386.rpm ia64: tar-1.13.25-16.RHEL3.ia64.rpm tar-debuginfo-1.13.25-16.RHEL3.ia64.rpm x86_64: tar-1.13.25-16.RHEL3.x86_64.rpm tar-debuginfo-1.13.25-16.RHEL3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key#package 7. References: https://access.redhat.com/security/cve/CVE-2010-0624 https://access.redhat.com/security/updates/classification#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2010 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4(GNU/Linux) iD8DBQFLnuFQXlSAg2UNWIIRAgbvAJ98oRGGhjJh/xXVedtAB3+weX4I2wCfahVI cN37+S0WW2sl8HkUhJAFG+A=mXrH -----END PGP SIGNATURE----- -- Enterprise-watch-list mailing list
Mar 16, 2010
Red Hat
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!