Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -5 articles for you...
172
security advisorydenial of serviceubuntuUbuntu 16.04 ESM USN-5433-1 Critical: Multiple Vim DoS Threats
Several security issues were fixed in Vim.. =========================================================================Ubuntu Security Notice USN-5433-1 May 23, 2022 vim vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 ESM Summary: Several security issues were fixed in Vim. Software Description: - vim: Vi IMproved - enhanced vi editor Details: It was discovered that Vim incorrectly handled parsing of filenames in its search functionality. If a user were tricked into opening a specially crafted file, an attacker could crash the application, leading to a denial of service. (CVE-2021-3973) It was discovered that Vim incorrectly handled memory when opening and searching the contents of certain files. If a user were tricked into opening a specially crafted file, an attacker could crash the application, leading to a denial of service, or possibly achieve code execution with user privileges. (CVE-2021-3974) It was discovered that Vim incorrectly handled memory when opening and editing certain files. If a user were tricked into opening a specially crafted file, an attacker could crash the application, leading to a denial of service, or possibly achieve code execution with user privileges. (CVE-2021-3984, CVE-2021-4019, CVE-2021-4069) It was discovered that Vim was using freed memory when dealing with regular expressions inside a visual selection. If a user were tricked into opening a specially crafted file, an attacker could crash the application, leading to a denial of service, or possibly achieve code execution with user privileges. (CVE-2021-4192) It was discovered that Vim was incorrectly performing read and write operations when in visual block mode, going beyond the end of a line and causing a heap buffer overflow. If a user were tricked into opening a specially crafted file, an attacker could crash the application, leading to a denial of service, or possibly achieve code execution with user privileges. (CVE-2022-0261, CVE-2022-0318) It was discovered that Vim was using freed memory when dealing with regular expressions through its old regular expression engine. If a user were tricked into opening a specially crafted file, an attacker could crash the application, leading to a denial of service, or possibly achieve code execution with user privileges. (CVE-2022-1154) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 ESM: vim 2:7.4.1689-3ubuntu1.5+esm4 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-5433-1 CVE-2021-3973, CVE-2021-3974, CVE-2021-3984, CVE-2021-4019, CVE-2021-4069, CVE-2021-4192, CVE-2022-0261, CVE-2022-0318, CVE-2022-1154 . Several significant security flaws in Vim for Ubuntu 16.04 ESM have been addressed to safeguard against Denial of Service attacks and potential exploits.. Ubuntu 16.04 Vim Updates, Critical Security Issues, Code Exploits. . Severity: Critical. LinuxSecurity.com Team
May 23, 2022
•Critical
Ubuntu
202
security advisoryremote code executionDenial of ServiceopenSUSE Leap 15.3: 2021:2617-1 Important: MariaDB DoS and Code Concerns
An update that solves four vulnerabilities and has two fixes is now available. . openSUSE Security Update: Security update for mariadb ______________________________________________________________________________ Announcement ID: openSUSE-SU-2021:2617-1 Rating: important References: #1182739 #1183770 #1185868 #1185870 #1185872 #1188300 Cross-References: CVE-2021-2154 CVE-2021-2166 CVE-2021-2180 CVE-2021-27928 CVSS scores: CVE-2021-2154 (NVD) : 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2021-2154 (SUSE): 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2021-2166 (NVD) : 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2021-2166 (SUSE): 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2021-2180 (NVD) : 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2021-2180 (SUSE): 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2021-27928 (NVD) : 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-27928 (SUSE): 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Affected Products: openSUSE Leap 15.3 ______________________________________________________________________________ An update that solves four vulnerabilities and has two fixes is now available. Description: This update for mariadb fixes the following issues: - Update to 10.2.39 (bsc#1182739) - CVE-2021-2166: DML unspecified vulnerability lead to complete DOS. (bsc#1185870) - CVE-2021-2154: DML unspecified vulnerability can lead to complete DOS. (bsc#1185872) - CVE-2021-2180: InnoDB unspecified vulnerability lead to complete DOS. (bsc#1185868) - CVE-2021-27928: Fixed a remote code execution issue. (bsc#1183770) Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaSTonline_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2021-2617=1 Package List: - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): libmysqld-devel-10.2.39-3.40.1 libmysqld19-10.2.39-3.40.1 libmysqld19-debuginfo-10.2.39-3.40.1 References: https://www.suse.com/security/cve/CVE-2021-2154.html https://www.suse.com/security/cve/CVE-2021-2166.html https://www.suse.com/security/cve/CVE-2021-2180.html https://www.suse.com/security/cve/CVE-2021-27928.html https://bugzilla.suse.com/1182739 https://bugzilla.suse.com/1183770 https://bugzilla.suse.com/1185868 https://bugzilla.suse.com/1185870 https://bugzilla.suse.com/1185872 https://bugzilla.suse.com/1188300 . Address several key concerns in MariaDB through the most recent openSUSE upgrade, prioritizing improved security measures and system stability.. openSUSE Security Update,MariaDB Denial of Service,Remote Code Execution,patch. . Severity: Important. LinuxSecurity.com Team
Aug 05, 2021
•Important
OpenSUSE
91
security advisoryGentooremote code executionGentoo GLSA 201601-02 Normal: WebKitGTK+ Code Issues and DoS
Multiple vulnerabilities have been found in WebKitGTK+, allowing remote attackers to execute arbitrary code or cause a Denial of Service condition. [More...]. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201601-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: WebKitGTK+: Multiple vulnerabilities Date: January 26, 2016 Bugs: #536234 ID: 201601-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Multiple vulnerabilities have been found in WebKitGTK+, allowing remote attackers to execute arbitrary code or cause a Denial of Service condition. Background ========= WebKitGTK+ is a full-featured port of the WebKit rendering engine. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-libs/webkit-gtk < 2.4.9 > = 2.4.9 Description ========== Multiple vulnerabilities have been discovered in WebKitGTK+. Please review the CVE identifiers referenced below for details. Impact ===== A remote attack can use multiple vectors to execute arbitrary code or cause a denial of service condition. Workaround ========= There is no known workaround at this time. Resolution ========= All WebKitGTK+ 3 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =net-libs/webkit-gtk-2.4.9:3" All WebKitGTK+ 2 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v "> =net-libs/webkit-gtk-2.4.9-r200:2" References ========= [ 1 ] CVE-2014-1344 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1344 [ 2 ] CVE-2014-1384 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1384 [ 3 ] CVE-2014-1385 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1385 [ 4 ] CVE-2014-1386 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1386 [ 5 ] CVE-2014-1387 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1387 [ 6 ] CVE-2014-1388 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1388 [ 7 ] CVE-2014-1389 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1389 [ 8 ] CVE-2014-1390 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1390 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201601-02 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to
Jan 26, 2016
Gentoo
98
security advisorysecurity updateRed HatRed Hat EL 5, 6, 7 RHSA-2014:1924-01 Important: Thunderbird Code Issues
An updated thunderbird package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Important: thunderbird security update Advisory ID: RHSA-2014:1924-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2014:1924.html Issue date: 2014-12-02 CVE Names: CVE-2014-1587 CVE-2014-1590 CVE-2014-1592 CVE-2014-1593 CVE-2014-1594 ==================================================================== 1. Summary: An updated thunderbird package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 3. Description: Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2014-1587, CVE-2014-1590, CVE-2014-1592, CVE-2014-1593) A flaw was found in the Alarm API, which could allow applications to schedule actions to be run in the future. Amalicious web application could use this flaw to bypass the same-origin policy. (CVE-2014-1594) Note: All of the above issues cannot be exploited by a specially crafted HTML mail message as JavaScript is disabled by default for mail messages. They could be exploited another way in Thunderbird, for example, when viewing the full remote content of an RSS feed. This update disables SSL 3.0 support by default in Thunderbird. Details on how to re-enable SSL 3.0 support are available at: https://access.redhat.com/articles/1284233 Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Gary Kwong, Randell Jesup, Nils Ohlmeier, Jesse Ruderman, Max Jonas Werner, Joe Vennix, Berend-Jan Wever, Abhishek Arya, and Boris Zbarsky as the original reporters of these issues. For technical details regarding these flaws, refer to the Mozilla security advisories for Thunderbird 31.3.0. You can find a link to the Mozilla advisories in the References section of this erratum. All Thunderbird users should upgrade to this updated package, which contains Thunderbird version 31.3.0, which corrects these issues. After installing the update, Thunderbird must be restarted for the changes to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1169201 - CVE-2014-1587 Mozilla: Miscellaneous memory safety hazards (rv:31.3) (MFSA 2014-83) 1169206 - CVE-2014-1590 Mozilla: XMLHttpRequest crashes with some input streams (MFSA 2014-85) 1169208 - CVE-2014-1592 Mozilla: Use-after-free during HTML5 parsing (MFSA 2014-87) 1169209 - CVE-2014-1593 Mozilla: Buffer overflow while parsing media content (MFSA 2014-88) 1169210 - CVE-2014-1594 Mozilla: Bad casting from the BasicThebesLayer to BasicContainerLayer(MFSA 2014-89) 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: thunderbird-31.3.0-1.el5_11.src.rpm i386: thunderbird-31.3.0-1.el5_11.i386.rpm thunderbird-debuginfo-31.3.0-1.el5_11.i386.rpm x86_64: thunderbird-31.3.0-1.el5_11.x86_64.rpm thunderbird-debuginfo-31.3.0-1.el5_11.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 6): Source: thunderbird-31.3.0-1.el6_6.src.rpm i386: thunderbird-31.3.0-1.el6_6.i686.rpm thunderbird-debuginfo-31.3.0-1.el6_6.i686.rpm x86_64: thunderbird-31.3.0-1.el6_6.x86_64.rpm thunderbird-debuginfo-31.3.0-1.el6_6.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: thunderbird-31.3.0-1.el6_6.src.rpm i386: thunderbird-31.3.0-1.el6_6.i686.rpm thunderbird-debuginfo-31.3.0-1.el6_6.i686.rpm ppc64: thunderbird-31.3.0-1.el6_6.ppc64.rpm thunderbird-debuginfo-31.3.0-1.el6_6.ppc64.rpm s390x: thunderbird-31.3.0-1.el6_6.s390x.rpm thunderbird-debuginfo-31.3.0-1.el6_6.s390x.rpm x86_64: thunderbird-31.3.0-1.el6_6.x86_64.rpm thunderbird-debuginfo-31.3.0-1.el6_6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: thunderbird-31.3.0-1.el6_6.src.rpm i386: thunderbird-31.3.0-1.el6_6.i686.rpm thunderbird-debuginfo-31.3.0-1.el6_6.i686.rpm x86_64: thunderbird-31.3.0-1.el6_6.x86_64.rpm thunderbird-debuginfo-31.3.0-1.el6_6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2014-1587 https://access.redhat.com/security/cve/CVE-2014-1590 https://access.redhat.com/security/cve/CVE-2014-1592 https://access.redhat.com/security/cve/CVE-2014-1593 https://access.redhat.com/security/cve/CVE-2014-1594 https://access.redhat.com/security/updates/classification#important https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/ https://access.redhat.com/articles/1284233 8. Contact: The Red Hat security contact is . More contact details athttps://access.redhat.com/security/team/contact Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFUflC+XlSAg2UNWIIRAgygAJ9g68SydaFxO3AUHc0ewD3lSa5pmwCdH7nm KpRbIUTQbd8DuKShztWmkMg=AiP9 -----END PGP SIGNATURE----- -- Enterprise-watch-list mailing list
Dec 02, 2014
•Important
Red Hat
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!