Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -4 articles for you...
87
security advisorycriticaldebianDebian: Ark Critical File Overwrite Issue CVE-2024-57966 DSA-6029-1
It was discovered that insecure path handling in the Ark archive utility could result in overwriting a user's files. For the oldstable distribution (bookworm), this problem has been fixed in version 4:22.12.3-1+deb12u1. We recommend that you upgrade your ark packages.. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6029-1
Oct 20, 2025
•Critical
Debian
197
security advisorydebianpath handlingDebian 11: DLA-4046-1 urgent fix for ark archive path issue
A flaw was discovered in ark, an archive utility for the KDE platform. Ark extracted archives with absolute paths to the corresponding location on the user's file system. Absolute paths are now treated as relative paths to prevent overwriting of sensitive information. . ------------------------------------------------------------------------- Debian LTS Advisory DLA-4046-1
Feb 08, 2025
•Important
Debian LTS
98
security advisorysecurity updateRed Hat EnterpriseRed Hat 9 RHSA-2023:2532 Low Severity: Libarchive NULL Pointer Issue
An update for libarchive is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Low: libarchive security update Advisory ID: RHSA-2023:2532-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2023:2532 Issue date: 2023-05-09 CVE Names: CVE-2022-36227 ==================================================================== 1. Summary: An update for libarchive is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream (v. 9) - aarch64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux BaseOS (v. 9) - aarch64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux CRB (v. 9) - aarch64, ppc64le, s390x, x86_64 3. Description: The libarchive programming library can create and read several different streaming archive formats, including GNU tar, cpio, and ISO 9660 CD-ROM images. Libarchive is used notably in the bsdtar utility, scripting language bindings such as python-libarchive, and several popular desktop file managers. Security Fix(es): * libarchive: NULL pointer dereference in archive_write.c (CVE-2022-36227) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailedinformation on changes in this release, see the Red Hat Enterprise Linux 9.2 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2144972 - CVE-2022-36227 libarchive: NULL pointer dereference in archive_write.c 6. Package List: Red Hat Enterprise Linux AppStream (v. 9): aarch64: bsdcat-debuginfo-3.5.3-4.el9.aarch64.rpm bsdcpio-debuginfo-3.5.3-4.el9.aarch64.rpm bsdtar-3.5.3-4.el9.aarch64.rpm bsdtar-debuginfo-3.5.3-4.el9.aarch64.rpm libarchive-debuginfo-3.5.3-4.el9.aarch64.rpm libarchive-debugsource-3.5.3-4.el9.aarch64.rpm ppc64le: bsdcat-debuginfo-3.5.3-4.el9.ppc64le.rpm bsdcpio-debuginfo-3.5.3-4.el9.ppc64le.rpm bsdtar-3.5.3-4.el9.ppc64le.rpm bsdtar-debuginfo-3.5.3-4.el9.ppc64le.rpm libarchive-debuginfo-3.5.3-4.el9.ppc64le.rpm libarchive-debugsource-3.5.3-4.el9.ppc64le.rpm s390x: bsdcat-debuginfo-3.5.3-4.el9.s390x.rpm bsdcpio-debuginfo-3.5.3-4.el9.s390x.rpm bsdtar-3.5.3-4.el9.s390x.rpm bsdtar-debuginfo-3.5.3-4.el9.s390x.rpm libarchive-debuginfo-3.5.3-4.el9.s390x.rpm libarchive-debugsource-3.5.3-4.el9.s390x.rpm x86_64: bsdcat-debuginfo-3.5.3-4.el9.x86_64.rpm bsdcpio-debuginfo-3.5.3-4.el9.x86_64.rpm bsdtar-3.5.3-4.el9.x86_64.rpm bsdtar-debuginfo-3.5.3-4.el9.x86_64.rpm libarchive-debuginfo-3.5.3-4.el9.x86_64.rpm libarchive-debugsource-3.5.3-4.el9.x86_64.rpm Red Hat Enterprise Linux BaseOS (v.9): Source: libarchive-3.5.3-4.el9.src.rpm aarch64: bsdcat-debuginfo-3.5.3-4.el9.aarch64.rpm bsdcpio-debuginfo-3.5.3-4.el9.aarch64.rpm bsdtar-debuginfo-3.5.3-4.el9.aarch64.rpm libarchive-3.5.3-4.el9.aarch64.rpm libarchive-debuginfo-3.5.3-4.el9.aarch64.rpm libarchive-debugsource-3.5.3-4.el9.aarch64.rpm ppc64le: bsdcat-debuginfo-3.5.3-4.el9.ppc64le.rpm bsdcpio-debuginfo-3.5.3-4.el9.ppc64le.rpm bsdtar-debuginfo-3.5.3-4.el9.ppc64le.rpm libarchive-3.5.3-4.el9.ppc64le.rpm libarchive-debuginfo-3.5.3-4.el9.ppc64le.rpm libarchive-debugsource-3.5.3-4.el9.ppc64le.rpm s390x: bsdcat-debuginfo-3.5.3-4.el9.s390x.rpm bsdcpio-debuginfo-3.5.3-4.el9.s390x.rpm bsdtar-debuginfo-3.5.3-4.el9.s390x.rpm libarchive-3.5.3-4.el9.s390x.rpm libarchive-debuginfo-3.5.3-4.el9.s390x.rpm libarchive-debugsource-3.5.3-4.el9.s390x.rpm x86_64: bsdcat-debuginfo-3.5.3-4.el9.i686.rpm bsdcat-debuginfo-3.5.3-4.el9.x86_64.rpm bsdcpio-debuginfo-3.5.3-4.el9.i686.rpm bsdcpio-debuginfo-3.5.3-4.el9.x86_64.rpm bsdtar-debuginfo-3.5.3-4.el9.i686.rpm bsdtar-debuginfo-3.5.3-4.el9.x86_64.rpm libarchive-3.5.3-4.el9.i686.rpm libarchive-3.5.3-4.el9.x86_64.rpm libarchive-debuginfo-3.5.3-4.el9.i686.rpm libarchive-debuginfo-3.5.3-4.el9.x86_64.rpm libarchive-debugsource-3.5.3-4.el9.i686.rpm libarchive-debugsource-3.5.3-4.el9.x86_64.rpm Red Hat Enterprise Linux CRB (v.9): aarch64: bsdcat-debuginfo-3.5.3-4.el9.aarch64.rpm bsdcpio-debuginfo-3.5.3-4.el9.aarch64.rpm bsdtar-debuginfo-3.5.3-4.el9.aarch64.rpm libarchive-debuginfo-3.5.3-4.el9.aarch64.rpm libarchive-debugsource-3.5.3-4.el9.aarch64.rpm libarchive-devel-3.5.3-4.el9.aarch64.rpm ppc64le: bsdcat-debuginfo-3.5.3-4.el9.ppc64le.rpm bsdcpio-debuginfo-3.5.3-4.el9.ppc64le.rpm bsdtar-debuginfo-3.5.3-4.el9.ppc64le.rpm libarchive-debuginfo-3.5.3-4.el9.ppc64le.rpm libarchive-debugsource-3.5.3-4.el9.ppc64le.rpm libarchive-devel-3.5.3-4.el9.ppc64le.rpm s390x: bsdcat-debuginfo-3.5.3-4.el9.s390x.rpm bsdcpio-debuginfo-3.5.3-4.el9.s390x.rpm bsdtar-debuginfo-3.5.3-4.el9.s390x.rpm libarchive-debuginfo-3.5.3-4.el9.s390x.rpm libarchive-debugsource-3.5.3-4.el9.s390x.rpm libarchive-devel-3.5.3-4.el9.s390x.rpm x86_64: bsdcat-debuginfo-3.5.3-4.el9.i686.rpm bsdcat-debuginfo-3.5.3-4.el9.x86_64.rpm bsdcpio-debuginfo-3.5.3-4.el9.i686.rpm bsdcpio-debuginfo-3.5.3-4.el9.x86_64.rpm bsdtar-debuginfo-3.5.3-4.el9.i686.rpm bsdtar-debuginfo-3.5.3-4.el9.x86_64.rpm libarchive-debuginfo-3.5.3-4.el9.i686.rpm libarchive-debuginfo-3.5.3-4.el9.x86_64.rpm libarchive-debugsource-3.5.3-4.el9.i686.rpm libarchive-debugsource-3.5.3-4.el9.x86_64.rpm libarchive-devel-3.5.3-4.el9.i686.rpm libarchive-devel-3.5.3-4.el9.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2022-36227 https://access.redhat.com/security/updates/classification/#low https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.2_release_notes/index 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBZFo1ftzjgjWX9erEAQhfUBAAm5IXBHFA4dic/dFst0KGosjGE8cxfedt j/JuxVTtKXDGLggrccUgQwyelpbrh+Zai/kb1mH6mLcBrmTfPGLR/SQmeWWH0M16 Q7lrMa838IvdTuQzXOa7aT48zLN2yJ1+itW+9yN12D6ij/PtdnUxvmpwbmst2TJs ZIDML8BzaCwBxdJ4JfGQ89Bmugu/Ojv3ivZ7rkAnkbQL/Sl7oN7jmQoEPWrA/k0j ipOfXnXTTmhIi4Jtmc5G6pLKusnFysNUxZ2bhBxH4Y0HQZ7hMA2ZOl9oYzJhS2FG wbTE+eWnoFHrLyoRSMqqBz8P6Br55Rhmb6CDx5uIiX29bjcl3aNyRBbhbgRxHCMz Ef8n0cSeLQ0GJTvhQ1VILHkywO9IzGZ1A0IUQEvNr77NX/WsatqUYThZxYic2pYj V0NyXRFYxklRbZgrh+qiZkuiSJV3GD66+0yM0vcqJYB3Czp19O6sGrMVhZWXAieD oUfo5+oLL04Ts10cBkSnvJoamAd30+kDGYUR/eO4xjKoRteHeiNNRyO/ljo6ebea ilHW+UTAp/MfX9inTY7OEQ4xkVpgII6+UcTr9Ivn2aX2sX0AHAYTUGURzHaaF7+u pJsbdFlI7zGjvrS5wJcvhcxtC9BetfZkC+0kyo4qKixne82mDCbFuCMg3r1ueSOS /fwwLveM+E4=QWQF -----END PGP SIGNATURE----- -- RHSA-announce mailing list
May 09, 2023
•Low
Red Hat
89
security advisorysecurity issueFedoraFedora 26 FEDORA-2018-4e657bf5e3 Critical: Sharutils Heap Overflow
This release fixes a heap buffer overflow when processing a shar archive by unshar tool if the arhive contains overlong lines.. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2018-4e657bf5e3 2018-03-06 17:26:39.510865 --------------------------------------------------------------------------------Name : sharutils Product : Fedora 26 Version : 4.15.2 Release : 6.fc26 URL : http://www.gnu.org/software/sharutils/ Summary : The GNU shar utilities for packaging and unpackaging shell archives Description : The sharutils package contains the GNU shar utilities, a set of tools for encoding and decoding packages of files (in binary or text format) in a special plain text format called shell archives (shar). This format can be sent through e-mail (which can be problematic for regular binary files). The shar utility supports a wide range of capabilities (compressing, uuencoding, splitting long files for multi-part mailings, providing check-sums), which make it very flexible at creating shar files. After the files have been sent, the unshar tool scans mail messages looking for shar files. Unshar automatically strips off mail headers and introductory text and then unpacks the shar files. --------------------------------------------------------------------------------Update Information: This release fixes a heap buffer overflow when processing a shar archive by unshar tool if the arhive contains overlong lines. --------------------------------------------------------------------------------References: [ 1 ] Bug #1548018 - sharutils: heap-buffer-overflow in find_archive in unshar.c https://bugzilla.redhat.com/show_bug.cgi?id=1548018 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade sharutils' at the command line. For more information, refer to the dnf documentationavailable at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list --
Mar 06, 2018
•Critical
Fedora
89
security advisorybuffer overflowFedoraFedora: 2004-119 Critical: LHA Buffer Overflow And Directory Threat
Ulf Härnhammar discovered two stack buffer overflows and two directory traversal flaws in LHA.. Fedora Update Notification FEDORA-2004-119 2004-05-11 --------------------------------------------------------------------- Name : lha Version : 1.14i Release : 12.1 Summary : An archiving and compression utility for LHarc format archives. Description : LHA is an archiving and compression utility for LHarc format archives. LHA is mostly used in the DOS world, but can be used under Linux to extract DOS files from LHA archives. Install the lha package if you need to extract DOS files from LHA archives. --------------------------------------------------------------------- Update Information: Ulf Härnhammar discovered two stack buffer overflows and two directory traversal flaws in LHA. An attacker could exploit the buffer overflows by creating a carefully crafted LHA archive in such a way that arbitrary code would be executed when the archive is tested or extracted by a victim. CAN-2004-0234. An attacker could exploit the directory traversal issues to create files as the victim outside of the expected directory. CAN-2004-0235. --------------------------------------------------------------------- * Wed May 05 2004 Than Ngo 1.14i-12.1 - fix security vulnerabilities, CAN-2004-0234, CAN-2004-0235 --------------------------------------------------------------------- This update can be downloaded from: 298cc75d90f489e4b71432bfb349162b SRPMS/lha-1.14i-12.1.src.rpm 57238f4d4ec1779fb54c8e36433f9351 i386/lha-1.14i-12.1.i386.rpm 242bf89b6fdc64405e4d9d33a1720934 i386/debug/lha-debuginfo-1.14i-12.1.i386.rpm 2aac21d1d3cc6b1c70d71e275c8f477c x86_64/lha-1.14i-12.1.x86_64.rpm f00e196233a73f4093856ecd29b921d4 x86_64/debug/lha-debuginfo-1.14i-12.1.x86_64.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. --------------------------------------------------------------------- . Multiple security flaws discovered in lha,enabling unpermitted code execution and file creation outside of specified directories.. LHA Exploit, Fedora Security Update, Buffer Overflow, Directory Issue. . Severity: Critical. LinuxSecurity.com Team
May 14, 2004
•Critical
Fedora
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!