Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -2 articles for you...
91
security advisoryGentooarbitrary code executionGentoo: GLSA-202407-08 Normal: gzip Security Vulnerability Exploit
A vulnerability has been discovered in cpio, which can lead to arbitrary code execution.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202407-07 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: cpio: Arbitrary Code Execution Date: July 01, 2024 Bugs: #807088 ID: 202407-07 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== A vulnerability has been discovered in cpio, which can lead to arbitrary code execution. Background ========== cpio is a file archival tool which can also read and write tar files. Affected packages ================= Package Vulnerable Unaffected ------------- ------------ ------------ app-arch/cpio < 2.13-r1 > = 2.13-r1 Description =========== Multiple vulnerabilities have been discovered in cpio. Please review the CVE identifiers referenced below for details. Impact ====== GNU cpio allows attackers to execute arbitrary code via a crafted pattern file, because of a dstring.c ds_fgetstr integer overflow that triggers an out-of-bounds heap write. NOTE: it is unclear whether there are common cases where the pattern file, associated with the -E option, is untrusted data. Workaround ========== There is no known workaround at this time. Resolution ========== All cpio users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =app-arch/cpio-2.13-r1" References ========== [ 1 ] CVE-2016-2037 https://nvd.nist.gov/vuln/detail/CVE-2016-2037 [ 2 ] CVE-2019-14866 https://nvd.nist.gov/vuln/detail/CVE-2019-14866 [ 3 ] CVE-2021-38185 https://nvd.nist.gov/vuln/detail/CVE-2021-38185 Availability ============ This GLSA and any updates to it are available for viewing at theGentoo Security Website: https://security.gentoo.org/glsa/202407-07 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to
Jul 01, 2024
Gentoo
91
security advisoryGentooarbitrary code executionGentoo: GLSA-201709-23 Normal: Tcpdump Arbitrary Code Execution
Multiple vulnerabilities have been found in Tcpdump, the worst of which may allow execution of arbitrary code.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201709-23 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Tcpdump: Multiple vulnerabilities Date: September 25, 2017 Bugs: #624652, #626462, #630110 ID: 201709-23 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Multiple vulnerabilities have been found in Tcpdump, the worst of which may allow execution of arbitrary code. Background ========= Tcpdump is a tool for network monitoring and data acquisition. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-analyzer/tcpdump < 4.9.2 > = 4.9.2 Description ========== Multiple vulnerabilities have been discovered in Tcpdump. Please review the referenced CVE identifiers for details. Impact ===== A remote attacker could possibly execute arbitrary code with the privileges of the process or cause a Denial of Service condition. Workaround ========= There is no known workaround at this time. Resolution ========= All Tcpdump users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =net-analyzer/tcpdump-4.9.2" References ========= [ 1 ] CVE-2017-11108 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11108 [ 2 ] CVE-2017-11541 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11541 [ 3 ] CVE-2017-11542 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11542 [ 4 ] CVE-2017-11543 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11543 [ 5 ] CVE-2017-11544 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11544 [ 6 ] CVE-2017-12893 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12893 [ 7 ] CVE-2017-12894 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12894 [ 8 ] CVE-2017-12895 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12895 [ 9 ] CVE-2017-12896 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12896 [ 10 ] CVE-2017-12897 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12897 [ 11 ] CVE-2017-12898 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12898 [ 12 ] CVE-2017-12899 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12899 [ 13 ] CVE-2017-12900 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12900 [ 14 ] CVE-2017-12901 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12901 [ 15 ] CVE-2017-12902 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12902 [ 16 ] CVE-2017-12985 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12985 [ 17 ] CVE-2017-12986 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12986 [ 18 ] CVE-2017-12987 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12987 [ 19 ] CVE-2017-12988 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12988 [ 20 ] CVE-2017-12989 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12989 [ 21 ] CVE-2017-12990 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12990 [ 22 ] CVE-2017-12991 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12991 [ 23 ] CVE-2017-12992 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12992 [ 24 ] CVE-2017-12993 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12993 [ 25 ] CVE-2017-12994 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12994 [ 26 ] CVE-2017-12995 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12995 [ 27 ] CVE-2017-12996 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12996 [ 28 ] CVE-2017-12997 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12997 [ 29 ] CVE-2017-12998 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12998 [ 30 ] CVE-2017-12999 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12999 [ 31 ] CVE-2017-13000 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13000 [ 32 ] CVE-2017-13001 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13001 [ 33 ] CVE-2017-13002 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13002 [ 34 ] CVE-2017-13003 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13003 [ 35 ] CVE-2017-13004 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13004 [ 36 ] CVE-2017-13005 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13005 [ 37 ] CVE-2017-13006 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13006 [ 38 ] CVE-2017-13007 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13007 [ 39 ] CVE-2017-13008 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13008 [ 40 ] CVE-2017-13009 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13009 [ 41 ] CVE-2017-13010 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13010 [ 42 ] CVE-2017-13011 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13011 [ 43 ] CVE-2017-13012 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13012 [ 44 ] CVE-2017-13013 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13013 [ 45 ] CVE-2017-13014 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13014 [ 46 ] CVE-2017-13015 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13015 [ 47 ] CVE-2017-13016 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13016 [ 48 ] CVE-2017-13017 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13017 [ 49 ] CVE-2017-13018 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13018 [ 50 ] CVE-2017-13019 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13019 [ 51 ] CVE-2017-13020 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13020 [ 52 ] CVE-2017-13021 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13021 [ 53 ] CVE-2017-13022 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13022 [ 54 ] CVE-2017-13023 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13023 [ 55 ] CVE-2017-13024 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13024 [ 56 ] CVE-2017-13025 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13025 [ 57 ] CVE-2017-13026 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13026 [ 58 ] CVE-2017-13027 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13027 [ 59 ] CVE-2017-13028 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13028 [ 60 ] CVE-2017-13029 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13029 [ 61 ] CVE-2017-13030 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13030 [ 62 ] CVE-2017-13031 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13031 [ 63 ] CVE-2017-13032 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13032 [ 64 ] CVE-2017-13033 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13033 [ 65 ] CVE-2017-13034 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13034 [ 66 ] CVE-2017-13035 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13035 [ 67 ] CVE-2017-13036 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13036 [ 68 ] CVE-2017-13037 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13037 [ 69 ] CVE-2017-13038 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13038 [ 70 ] CVE-2017-13039 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13039 [ 71 ] CVE-2017-13040 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13040 [ 72 ] CVE-2017-13041 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13041 [ 73 ] CVE-2017-13042 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13042 [ 74 ] CVE-2017-13043 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13043 [ 75 ] CVE-2017-13044 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13044 [ 76 ] CVE-2017-13045 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13045 [ 77 ] CVE-2017-13046 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13046 [ 78 ] CVE-2017-13047 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13047 [ 79 ] CVE-2017-13048 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13048 [ 80 ] CVE-2017-13049 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13049 [ 81 ] CVE-2017-13050 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13050 [ 82 ] CVE-2017-13051 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13051 [ 83 ] CVE-2017-13052 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13052 [ 84 ] CVE-2017-13053 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13053 [ 85 ] CVE-2017-13054 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13054 [ 86 ] CVE-2017-13055 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13055 [ 87 ] CVE-2017-13687 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13687 [ 88 ] CVE-2017-13688 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13688 [ 89 ] CVE-2017-13689 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13689 [ 90 ] CVE-2017-13690 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13690 [ 91 ] CVE-2017-13725 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13725 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201709-23 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to
Sep 25, 2017
Gentoo
98
security advisorysecurity issueRed Hat EnterpriseRed Hat Enterprise: RHSA-2012:1351-01 Critical: Thunderbird Security Fix
An updated thunderbird package that fixes several security issues is now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical [More...]. ==================================================================== Red Hat Security Advisory Synopsis: Critical: thunderbird security update Advisory ID: RHSA-2012:1351-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2012:1351.html Issue date: 2012-10-09 CVE Names: CVE-2012-1956 CVE-2012-3982 CVE-2012-3986 CVE-2012-3988 CVE-2012-3990 CVE-2012-3991 CVE-2012-3992 CVE-2012-3993 CVE-2012-3994 CVE-2012-3995 CVE-2012-4179 CVE-2012-4180 CVE-2012-4181 CVE-2012-4182 CVE-2012-4183 CVE-2012-4184 CVE-2012-4185 CVE-2012-4186 CVE-2012-4187 CVE-2012-4188 ==================================================================== 1. Summary: An updated thunderbird package that fixes several security issues is now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: RHEL Optional Productivity Applications (v. 5 server) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 3. Description: Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, executearbitrary code with the privileges of the user running Thunderbird. (CVE-2012-3982, CVE-2012-3988, CVE-2012-3990, CVE-2012-3995, CVE-2012-4179, CVE-2012-4180, CVE-2012-4181, CVE-2012-4182, CVE-2012-4183, CVE-2012-4185, CVE-2012-4186, CVE-2012-4187, CVE-2012-4188) Two flaws in Thunderbird could allow malicious content to bypass intended restrictions, possibly leading to information disclosure, or Thunderbird executing arbitrary code. Note that the information disclosure issue could possibly be combined with other flaws to achieve arbitrary code execution. (CVE-2012-3986, CVE-2012-3991) Multiple flaws were found in the location object implementation in Thunderbird. Malicious content could be used to perform cross-site scripting attacks, script injection, or spoofing attacks. (CVE-2012-1956, CVE-2012-3992, CVE-2012-3994) Two flaws were found in the way Chrome Object Wrappers were implemented. Malicious content could be used to perform cross-site scripting attacks or cause Thunderbird to execute arbitrary code. (CVE-2012-3993, CVE-2012-4184) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Christian Holler, Jesse Ruderman, Soroush Dalili, miaubiz, Abhishek Arya, Atte Kettunen, Johnny Stenback, Alice White, moz_bug_r_a4, and Mariusz Mlynski as the original reporters of these issues. Note: None of the issues in this advisory can be exploited by a specially-crafted HTML mail message as JavaScript is disabled by default for mail messages. They could be exploited another way in Thunderbird, for example, when viewing the full remote content of an RSS feed. All Thunderbird users should upgrade to this updated package, which contains Thunderbird version 10.0.8 ESR, which corrects these issues. After installing the update, Thunderbird must be restarted for the changes to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details onhow to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 851912 - CVE-2012-1956 Mozilla: Location object can be shadowed using Object.defineProperty (MFSA 2012-59) 863614 - CVE-2012-3982 Mozilla: Miscellaneous memory safety hazards (rv:10.0.8) (MFSA 2012-74) 863618 - CVE-2012-3986 Mozilla: Some DOMWindowUtils methods bypass security checks (MFSA 2012-77) 863619 - CVE-2012-3988 Mozilla: DOS and crash with full screen and history navigation (MFSA 2012-79) 863621 - CVE-2012-3991 Mozilla: GetProperty function can bypass security checks (MFSA 2012-81) 863622 - CVE-2012-3994 Mozilla: top object and location property accessible by plugins (MFSA 2012-82) 863623 - CVE-2012-3993 CVE-2012-4184 Mozilla: Chrome Object Wrapper (COW) does not disallow acces to privileged functions or properties (MFSA 2012-83) 863624 - CVE-2012-3992 Mozilla: Spoofing and script injection through location.hash (MFSA 2012-84) 863625 - CVE-2012-3995 CVE-2012-4179 CVE-2012-4180 CVE-2012-4181 CVE-2012-4182 CVE-2012-4183 Mozilla: Use-after-free, buffer overflow, and out of bounds read issues found using Address Sanitizer (MFSA 2012-85) 863626 - CVE-2012-4185 CVE-2012-4186 CVE-2012-4187 CVE-2012-4188 Mozilla: Heap memory corruption issues found using Address Sanitizer (MFSA 2012-86) 863628 - CVE-2012-3990 Mozilla: Use-after-free in the IME State Manager (MFSA 2012-87) 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: i386: thunderbird-10.0.8-1.el5_8.i386.rpm thunderbird-debuginfo-10.0.8-1.el5_8.i386.rpm x86_64: thunderbird-10.0.8-1.el5_8.x86_64.rpm thunderbird-debuginfo-10.0.8-1.el5_8.x86_64.rpm RHEL Optional Productivity Applications (v. 5 server): Source: i386: thunderbird-10.0.8-1.el5_8.i386.rpm thunderbird-debuginfo-10.0.8-1.el5_8.i386.rpm x86_64: thunderbird-10.0.8-1.el5_8.x86_64.rpm thunderbird-debuginfo-10.0.8-1.el5_8.x86_64.rpm Red Hat Enterprise Linux Desktop (v.6): Source: i386: thunderbird-10.0.8-1.el6_3.i686.rpm thunderbird-debuginfo-10.0.8-1.el6_3.i686.rpm x86_64: thunderbird-10.0.8-1.el6_3.x86_64.rpm thunderbird-debuginfo-10.0.8-1.el6_3.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: i386: thunderbird-10.0.8-1.el6_3.i686.rpm thunderbird-debuginfo-10.0.8-1.el6_3.i686.rpm ppc64: thunderbird-10.0.8-1.el6_3.ppc64.rpm thunderbird-debuginfo-10.0.8-1.el6_3.ppc64.rpm s390x: thunderbird-10.0.8-1.el6_3.s390x.rpm thunderbird-debuginfo-10.0.8-1.el6_3.s390x.rpm x86_64: thunderbird-10.0.8-1.el6_3.x86_64.rpm thunderbird-debuginfo-10.0.8-1.el6_3.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: i386: thunderbird-10.0.8-1.el6_3.i686.rpm thunderbird-debuginfo-10.0.8-1.el6_3.i686.rpm x86_64: thunderbird-10.0.8-1.el6_3.x86_64.rpm thunderbird-debuginfo-10.0.8-1.el6_3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key#package 7.References: https://access.redhat.com/security/cve/CVE-2012-1956 https://access.redhat.com/security/cve/CVE-2012-3982 https://access.redhat.com/security/cve/CVE-2012-3986 https://access.redhat.com/security/cve/CVE-2012-3988 https://access.redhat.com/security/cve/CVE-2012-3990 https://access.redhat.com/security/cve/CVE-2012-3991 https://access.redhat.com/security/cve/CVE-2012-3992 https://access.redhat.com/security/cve/CVE-2012-3993 https://access.redhat.com/security/cve/CVE-2012-3994 https://access.redhat.com/security/cve/CVE-2012-3995 https://access.redhat.com/security/cve/CVE-2012-4179 https://access.redhat.com/security/cve/CVE-2012-4180 https://access.redhat.com/security/cve/CVE-2012-4181 https://access.redhat.com/security/cve/CVE-2012-4182 https://access.redhat.com/security/cve/CVE-2012-4183 https://access.redhat.com/security/cve/CVE-2012-4184 https://access.redhat.com/security/cve/CVE-2012-4185 https://access.redhat.com/security/cve/CVE-2012-4186 https://access.redhat.com/security/cve/CVE-2012-4187 https://access.redhat.com/security/cve/CVE-2012-4188 https://access.redhat.com/security/updates/classification#critical 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2012 Red Hat, Inc. . Important security patch for Thunderbird: numerous vulnerabilities addressed for Red Hat Enterprise Linux 5 and 6. Users are recommended to upgrade.. Thunderbird Security Update, Critical Patch, Red Hat Security Advisory. . Severity: Critical. LinuxSecurity.com Team
Oct 09, 2012
•Critical
Red Hat
91
security advisoryhigh severitygentooGentoo GLSA-200701-21 High Severity: MIT Kerberos 5 Remote Code Execution
Multiple vulnerabilities in MIT Kerberos 5 could potentially result in the execution of arbitrary code.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200701-21 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: MIT Kerberos 5: Arbitrary Remote Code Execution Date: January 24, 2007 Bugs: #158810 ID: 200701-21 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Multiple vulnerabilities in MIT Kerberos 5 could potentially result in the execution of arbitrary code. Background ========= MIT Kerberos 5 is a suite of applications that implement the Kerberos network protocol. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 app-crypt/mit-krb5 < 1.5.2 > = 1.5.2 Description ========== The Kerberos administration daemon, and possibly other applications using the GSS-API or RPC libraries, could potentially call a function pointer in a freed heap buffer, or attempt to free an uninitialized pointer. Impact ===== A remote attacker may be able to crash an affected application, or potentially execute arbitrary code with root privileges. Workaround ========= There is no known workaround at this time. Resolution ========= All MIT Kerberos 5 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =app-crypt/mit-krb5-1.5.2" References ========= [ 1 ] CVE-2006-6143 https://www.cve.org/CVERecord?id=CVE-2006-6143 [ 2 ] CVE-2006-6144 https://www.cve.org/CVERecord?id=CVE-2006-6144 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/200701-21 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to
Jan 24, 2007
Gentoo
91
security advisorygentoowv libraryGentoo: GLSA-200612-01 Normal: wv Library Integer Overflow Risk
The wv library is vulnerable to multiple integer overflows which could lead to the execution of arbitrary code.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200612-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: wv library: Multiple integer overflows Date: December 07, 2006 Bugs: #153800 ID: 200612-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= The wv library is vulnerable to multiple integer overflows which could lead to the execution of arbitrary code. Background ========= wv is a library for conversion of MS Word DOC and RTF files. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 app-text/wv < 1.2.3-r1 > = 1.2.3-r1 Description ========== The wv library fails to do proper arithmetic checks in multiple places, possibly leading to integer overflows. Impact ===== An attacker could craft a malicious file that, when handled with the wv library, could lead to the execution of arbitrary code with the permissions of the user running the application. Workaround ========= There is no known workaround at this time. Resolution ========= All wv library users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =app-text/wv-1.2.3-r1" References ========= [ 1 ] CVE-2006-4513 https://www.cve.org/CVERecord?id=CVE-2006-4513 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/200612-01 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to
Dec 07, 2006
Gentoo
172
security advisorycriticalarbitrary code executionUbuntu 5.04 and 5.10 USN-361-1 Critical: Mozilla Code Execution Threat
Various flaws have been reported that allow an attacker to execute arbitrary code with user privileges by tricking the user into opening a malicious URL. The following CVEIDs are addressed: CVE-2006-2788, CVE-2006-3805, CVE-2006-3806, CVE-2006-3807, CVE-2006-3809, CVE-2006-3811, CVE-2006-4565, CVE-2006-4568, CVE-2006-4571, CVE-2006-3808, CVE-2006-4340, CVE-2006-4570 . =========================================================== Ubuntu Security Notice USN-361-1 October 10, 2006 mozilla vulnerabilities CVE-2006-2788, CVE-2006-3805, CVE-2006-3806, CVE-2006-3807, CVE-2006-3808, CVE-2006-3809, CVE-2006-3811, CVE-2006-4340, CVE-2006-4565, CVE-2006-4568, CVE-2006-4570, CVE-2006-4571 ========================================================== A security issue affects the following Ubuntu releases: Ubuntu 5.04 Ubuntu 5.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 5.04: libnspr4 2:1.7.13-0ubuntu05.04.2 libnss3 2:1.7.13-0ubuntu05.04.2 mozilla-browser 2:1.7.13-0ubuntu05.04.2 mozilla-mailnews 2:1.7.13-0ubuntu05.04.2 mozilla-psm 2:1.7.13-0ubuntu05.04.2 Ubuntu 5.10: libnspr4 2:1.7.13-0ubuntu5.10.2 libnss3 2:1.7.13-0ubuntu5.10.2 mozilla-browser 2:1.7.13-0ubuntu5.10.2 mozilla-mailnews 2:1.7.13-0ubuntu5.10.2 mozilla-psm 2:1.7.13-0ubuntu5.10.2 After a standard system upgrade you need to restart Mozilla to effect the necessary changes. Details follow: Various flaws have been reported that allow an attacker to execute arbitrary code with user privileges by tricking the user into opening a malicious URL. (CVE-2006-2788,CVE-2006-3805, CVE-2006-3806, CVE-2006-3807, CVE-2006-3809, CVE-2006-3811, CVE-2006-4565, CVE-2006-4568, CVE-2006-4571) A bug was found in the script handler for automatic proxy configuration. A malicious proxy could send scripts which could execute arbitrary code with the user's privileges. (CVE-2006-3808) The NSS library did not sufficiently check the padding of PKCS #1 v1.5 signatures if the exponent of the public key is 3 (which is widely used for CAs). This could be exploited to forge valid signatures without the need of the secret key. (CVE-2006-4340) Georgi Guninski discovered that even with JavaScript disabled, a malicous email could still execute JavaScript when the message is viewed, replied to, or forwarded by putting the script in a remote XBL file loaded by the message. (CVE-2006-4570) Updated packages for Ubuntu 5.04: Source archives: Size/MD5: 403767 ad89e14a1a7063ffd40c7966f66f63e6 Size/MD5: 1140 62f9aae0950ae23ab127ed0c608a6cd0 Size/MD5: 38788839 db906560b5abe488286ad1edc21d52b6 amd64 architecture (Athlon64, Opteron, EM64T Xeon) Size/MD5: 168066 099a54a14163f7ffe0308530d7f513e8 Size/MD5: 142106 f8c747f219197d2fc62c7be7532dd09e Size/MD5: 184956 80462134e344661ebcdb10668703c8cf Size/MD5: 711066 2b27ce520e6e2c519145592da529d67c Size/MD5: 10618640 187ac84d04bad5af52788263ce85516f Size/MD5: 403276 72d272889c297249f811744536aece56 Size/MD5: 158328 1f81850675d5eb5df3c925b5b1b597ba Size/MD5: 3352872 63a790924643bed33c08e1a461978462 Size/MD5: 121184 1cd6cd71393fad002ac4835bd4d77bc9 Size/MD5: 204162 87a317642b4ecce9677cd0ed24efab5a Size/MD5: 1935960 adb803a894fa3a15852d0733afc74d4c Size/MD5: 204574 b3469c0df25b7aab832b7980141c5d37 Size/MD5: 1036 7e85f8a2bb24b7b598af457fa837a5d9 i386 architecture (x86 compatible Intel/AMD) Size/MD5: 168072c7690f437e4bd147259cda6352735c39 Size/MD5: 128792 e6b46d8085bb71e0a02bf4df562d5304 Size/MD5: 184958 e577ec3493ceece312868c1b1525a15f Size/MD5: 640944 58e1b7fa33efd64fc7e76882644d4043 Size/MD5: 9633508 d1e37ae68a659971781656f6538990a5 Size/MD5: 403276 e50f3bbac2e41bb104eb5cc295faaa6a Size/MD5: 158324 80ee24d10d7096535ca385c31e6c3e15 Size/MD5: 3345344 6fabf6cc2e004b1198e020955dd8ae8d Size/MD5: 115828 914b74534f1f1acc7ef824213e183207 Size/MD5: 204166 ef89a748349c8b6d8d34669299826c72 Size/MD5: 1780872 46d444ebdc9275f2f6af5e44386fda3a Size/MD5: 188690 fccd761b19b934c65b85692f48c1762f Size/MD5: 1040 7e8d5ad979310554776283e3214e3fca powerpc architecture (Apple Macintosh G3/G4/G5) Size/MD5: 168068 df3bd44e30b8879676bc16add8f8f8d7 Size/MD5: 127516 7581cd6555ad4361a5c71712ef033a3b Size/MD5: 184962 f4acb756cb1e06d318dd47fa116ceb95 Size/MD5: 715266 eba1496eaefd0d5518fbf760f2ab797d Size/MD5: 9185774 7ffeea84795d0e04d0c8f322986a93bc Size/MD5: 403266 1a4b5095e6189487f92759c56538a249 Size/MD5: 158326 f451a11b17886ab40ffc5a6318a1c3ed Size/MD5: 3340928 84ad67e980f33f3851be557e3925d117 Size/MD5: 114572 f0b66f845fa37fb4fe8446390a9febe2 Size/MD5: 204162 dbc4ea2f92922d2c4e971f93c0654a8b Size/MD5: 1643070 50861039ddbc58e3af7ea190a3741bc2 Size/MD5: 175956 c2ee0dd5fe36227e6ba889f536572404 Size/MD5: 1042 294f7978e129035d0ddd01d5c80a28b7 Updated packages for Ubuntu 5.10: Source archives: Size/MD5: 405485 13b07818d2a9c3a822a3ca8401a7bae1 Size/MD5: 1080 0a4ccbdb5a99be291f96831b89518c40 Size/MD5: 38788839 db906560b5abe488286ad1edc21d52b6 amd64 architecture (Athlon64, Opteron, EM64T Xeon) Size/MD5: 168034 7519d27e8092bb5580b1247f2fc5b5d2 Size/MD5: 144144 a6dc385f53c79685e2b279cb9e36b5d9 Size/MD5: 184944 7bf1d7cc91284ea519b7b12294ba06f6 Size/MD5: 719760 d8ad4ba840f6228d44721c4d6659bf03 Size/MD5: 10677284 95caf43274622ca4d152b69e41794768 Size/MD5: 403240 36bd0aa4b881b5b5ab233398b94c4b6c Size/MD5: 158304 fdb8c415490ed55058213509bef937a4 Size/MD5: 3348658 b9a541dee238a3ae69187d3fc2f86a99 Size/MD5: 122354 3bccc7529278385f8a08218911cb4941 Size/MD5: 204136 604e32b34b597cae8e6f5bb467adf760 Size/MD5: 1962890 9f389ecdb51eae26a216239cc41f7472 Size/MD5: 204424 8eb5609b154d3316f93c885869d256af Size/MD5: 1030 3a99313ff3bda75788f3c53a98703568 i386 architecture (x86 compatible Intel/AMD) Size/MD5: 168032 0ac1e3dcf83ed167c4dd5b753fc3f86e Size/MD5: 129510 288838a25b84ab3ef0ce8abb78826a70 Size/MD5: 184926 3739546c136ef47131c0c56f215f13b8 Size/MD5: 635804 f3a85be693448a98f32ade7ccf0d572a Size/MD5: 9192548 87ce9472ff327ee15c061ca894f4c502 Size/MD5: 403242 e10c7357c9abe4ff1c65b98ef04d8cca Size/MD5: 158306 da45278e8bbb9df31482e44355bb3022 Size/MD5: 3338184 2dc446ab7c26e4e16c06f39e4181b2d6 Size/MD5: 115300 969aeb4a686fe1706d62cac1a55c88ee Size/MD5: 204136 5c6604b2af81921b94dee9d6ab25fef4 Size/MD5: 1691542 a26eea78868e8b914fdeb244e0a5ce99 Size/MD5: 179006 478f4d4935d60cf5b540bbf2b9584015 Size/MD5: 1032 b0690b4026428358310227b62e86a201 powerpc architecture (Apple Macintosh G3/G4/G5) Size/MD5: 168044 4b49416501a5cf3dde11c85bca9d4003 Size/MD5: 131208 8ae16b24d772df785f7ac7b45994bf81 Size/MD5: 184944 c605f3e46e6eec714c52bdca024bf5cd Size/MD5: 697346 57c40323da49beb71ee92e628c513412 Size/MD5: 9271350 ab423ec59fdc70062f5475abdf224450 Size/MD5: 403248638114d07b0e92e0dbf53889a93db2e9 Size/MD5: 158316 82cf9eec804814c40b80743cfaa40c0c Size/MD5: 3337212 c77a728d100e4a814292c1ebf058b206 Size/MD5: 115338 ee431929c1d42fea57deed6af5821222 Size/MD5: 204132 d320df4c82bec0dbea9e23eac86e0c52 Size/MD5: 1671452 6cfcd9843412b61bb38cc8b6e6347d36 Size/MD5: 175960 445a0a66e665dd7fa1e19b17ebbc68e7 Size/MD5: 1030 2f1b913bfec084dce97507bcb316184c sparc architecture (Sun SPARC/UltraSPARC) Size/MD5: 168044 b0283b659cac7e9fda0a52903183cc1a Size/MD5: 127776 dc6a2efef62c01494a86ce8d1db0cf0d Size/MD5: 184934 216d6c3730e6814bb553319b2c38a4a5 Size/MD5: 631150 18932e443011e4d18ab953eab47fb9b9 Size/MD5: 9017638 35b2c93ab3e9f139971fc78230d8caf6 Size/MD5: 403236 89978443b4a64d64da69b7d771baa4b1 Size/MD5: 158310 f8a4927cb65d95afa9a700214d98cf6d Size/MD5: 3336676 0d0b547f174249216f06176b06e6ca1b Size/MD5: 113838 a676537e1727286d1cdbe93072d120d2 Size/MD5: 204134 678ada2642462d3267403d1459e77b54 Size/MD5: 1629864 ee75fea2ad24654db58d59a72a4a0086 Size/MD5: 170498 95c70a127d1b1c63e8530d1804e71cf2 Size/MD5: 1038 0e2e0a04322e4f24d7982cd10e16669d . =========================================================== Ubuntu Security Notice USN-361-1 October. various, flaws, reported, allow, attacker, execute, arbitrary, privileg. . Severity: Critical. LinuxSecurity.com Team
Oct 16, 2006
•Critical
Ubuntu
91
security advisoryhigh severitygentooGentoo: GLSA-202303-13 Critical: OpenSSL SSL Certificate Verification Flaw
Some buffer overflows were discovered in the CID font parser, potentially resulting in the execution of arbitrary code with elevated privileges. [More...]. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200609-07 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: LibXfont, monolithic X.org: Multiple integer overflows Date: September 13, 2006 Bugs: #145513 ID: 200609-07 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Some buffer overflows were discovered in the CID font parser, potentially resulting in the execution of arbitrary code with elevated privileges. Background ========= libXfont is the X.Org Xfont library, some parts are based on the FreeType code base. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 x11-libs/libXfont < 1.2.1 > = 1.2.1 2 x11-base/xorg-x11 < 7.0 > = 7.0 ------------------------------------------------------------------- 2 affected packages on all of their supported architectures. ------------------------------------------------------------------- Description ========== Several integer overflows have been found in the CID font parser. Impact ===== A remote attacker could exploit this vulnerability by enticing a user to load a malicious font file resulting in the execution of arbitrary code with the permissions of the user running the X server which typically is the root user. A local user could exploit this vulnerability to gain elevatedprivileges. Workaround ========= Disable CID-encoded Type 1 fonts by removing the "type1" module and replacing it with the "freetype" module in xorg.conf. Resolution ========= All libXfont users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =x11-libs/libXfont-1.2.1" All monolithic X.org users are advised to migrate to modular X.org. References ========= [ 1 ] CVE-2006-3739 https://www.cve.org/CVERecord?id=CVE-2006-3739 [ 2 ] CVE-2006-3740 https://www.cve.org/CVERecord?id=CVE-2006-3740 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/200609-07 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to
Sep 13, 2006
Gentoo
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!