Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -6 articles for you...
91
security advisorysecurity issuegentooGentoo: GLSA-202101-24 Normal: cfitsio Code Multiple Threats
Multiple vulnerabilities have been found in cfitsio, the worst of which could result in the arbitrary execution of code.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202101-24 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: cfitsio: Multiple vulnerabilities Date: January 26, 2021 Bugs: #673944 ID: 202101-24 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Multiple vulnerabilities have been found in cfitsio, the worst of which could result in the arbitrary execution of code. Background ========= A C and Fortran library for manipulating FITS files. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 sci-libs/cfitsio < 3.490 > = 3.490 Description ========== Multiple vulnerabilities have been discovered in cfitsio. Please review the CVE identifiers referenced below for details. Impact ===== Please review the referenced CVE identifiers for details. Workaround ========= There is no known workaround at this time. Resolution ========= All cfitsio users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =sci-libs/cfitsio-3.490" References ========= [ 1 ] CVE-2018-3846 https://nvd.nist.gov/vuln/detail/CVE-2018-3846 [ 2 ] CVE-2018-3847 https://nvd.nist.gov/vuln/detail/CVE-2018-3847 [ 3 ] CVE-2018-3848 https://nvd.nist.gov/vuln/detail/CVE-2018-3848 [ 4 ] CVE-2018-3849 https://nvd.nist.gov/vuln/detail/CVE-2018-3849 Availability =========== This GLSA and any updates to it areavailable for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202101-24 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to
Jan 25, 2021
Gentoo
89
security advisorybuffer overflowcriticalFedora 28: FEDORA-2019-3c1aed2aa9 Critical: Cfitsio Buffer Overflow
This update backports security fixes from cfitsio 3.440. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2019-3c1aed2aa9 2019-03-27 03:26:43.386641 --------------------------------------------------------------------------------Name : cfitsio Product : Fedora 28 Version : 3.430 Release : 2.fc28 URL : Summary : Library for manipulating FITS data files Description : CFITSIO is a library of C and FORTRAN subroutines for reading and writing data files in FITS (Flexible Image Transport System) data format. CFITSIO simplifies the task of writing software that deals with FITS files by providing an easy to use set of high-level routines that insulate the programmer from the internal complexities of the FITS file format. At the same time, CFITSIO provides many advanced features that have made it the most widely used FITS file programming interface in the astronomical community. --------------------------------------------------------------------------------Update Information: This update backports security fixes from cfitsio 3.440 --------------------------------------------------------------------------------ChangeLog: * Mon Mar 4 2019 Sergio Pascual - 3.430-2 - Backport security fixes from 3.440 (rhbz #1570484) --------------------------------------------------------------------------------References: [ 1 ] Bug #1570484 - Rebase cfitsio package to 3.44 upstream to resolve security issues. https://bugzilla.redhat.com/show_bug.cgi?id=1570484 [ 2 ] Bug #1568189 - CVE-2018-3849 cfitsio: Stack-based buffer overflow in ffghtb() allows for potential code execution [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1568189 [ 3 ] Bug #1568184 - CVE-2018-3848 cfitsio: Stack-based buffer overflow in ffghbn() allows for potential code execution [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1568184 [ 4 ] Bug #1563915 - CVE-2018-3846 cfitsio:Unsafe use of sprintf() can allow a remote unauthenticated attacker to execute arbitrary code [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1563915 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c ''dnf upgrade --advisory FEDORA-2019-3c1aed2aa9'' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Mar 26, 2019
•Critical
Fedora
202
security advisoryremote code executioncritical updateopenSUSE 42.3: 2018:1038-1 Important cfitsio Remote Code Execution
An update that solves one vulnerability and has one errata is now available.. openSUSE Security Update: Security update for cfitsio ______________________________________________________________________________ Announcement ID: openSUSE-SU-2018:1038-1 Rating: important References: #1082318 #1088590 Cross-References: CVE-2018-1000166 Affected Products: openSUSE Leap 42.3 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for cfitsio fixes the following issues: Security issues fixed: - CVE-2018-1000166: Unsafe use of sprintf() can allow a remote unauthenticated attacker to execute arbitrary code (boo#1088590) This update to version 3.430 also contains a number of upstream bug fixes. The following tracked packaging changes are included: - boo#1082318: package licence text as license, not as documentation Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 42.3: zypper in -t patch openSUSE-2018-383=1 Package List: - openSUSE Leap 42.3 (i586 x86_64): cfitsio-3.430-4.3.1 cfitsio-debuginfo-3.430-4.3.1 cfitsio-debugsource-3.430-4.3.1 cfitsio-devel-3.430-4.3.1 cfitsio-devel-doc-3.430-4.3.1 libcfitsio5-3.430-4.3.1 libcfitsio5-debuginfo-3.430-4.3.1 References: https://www.suse.com/security/cve/CVE-2018-1000166.html https://bugzilla.suse.com/1082318 https://bugzilla.suse.com/1088590 -- . Important patch released for cfitsio in openSUSE addressing vulnerability that could lead to remote code execution, improving overall system security.. openSUSE Security Update, cfitsio patch, remote code execution fix. . Severity: Important. LinuxSecurity.com Team
Apr 21, 2018
•Important
OpenSUSE
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!