Alerts This Week
Warning Icon 1 540
Alerts This Week
Warning Icon 1 540

Stay Secure with the Latest Linux Advisories

Ubuntu Large Esm H800
Ubuntu

Ubuntu 26.04 LTS python-pip Moderate DoS Regression Fix USN-8344-3

Calendar White Jun 03, 2026
Important
Ubuntu Large Esm H900
Ubuntu

Ubuntu 20.04 LTS GStreamer Base Significant DoS Attack Vulnerability Alert

Calendar White Jun 03, 2026
Important
Ubuntu Large Esm H900
Ubuntu

Ubuntu 20.04 LTS MySQL Important Security Issues USN-8363-2

Calendar White Jun 03, 2026
Important
Ubuntu Large Esm H800
Ubuntu

Ubuntu 20.04 LTS nginx Security Advisory for Critical DoS Vulnerabilities

Calendar White Jun 03, 2026
Critical
Oracle Large Esm H900
Oracle

Oracle Linux 8 gnutls Important Buffer Overflow Auth Bypass ELSA-2026-20611

Calendar White Jun 03, 2026
Important
Oracle Large Esm H900
Oracle

Oracle Linux 8 ELSA-2026-22315 compat-openssl10 Moderate DoS Fix

Calendar White Jun 02, 2026
moderate
Oracle Large Esm H800
Oracle

Oracle Linux 8 httpd Important Denial of Service Vuln ELSA-2026-22140

Calendar White Jun 02, 2026
Important
Oracle Large Esm H900
Oracle

Oracle Linux 8 Important Kernel Security Advisory ELSA-2026-21706

Calendar White Jun 02, 2026
Important
Fedora Large Esm H900
Fedora

Fedora 43 hplip Major Update Addressing Possible Arbitrary Code Execution

Calendar White Jun 02, 2026
Important
Filter Icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found 3 articles for you...
200
Ls Advisories Scientific Esm H240
Price Tag 1security advisorysecurity updatebuffer overflow

Scientific Linux: CVE-2004-2541 Moderate Cscope Buffer Overflow

Moderate: cscope security update. Date: Tue, 16 Jun 2009 13:47:07 -0500 Reply-To: Troy Dawson Sender: Security Errata for Scientific Linux From: Troy Dawson Subject: Security ERRATA Moderate: cscope on SL3.x, SL4.x, SL5.x i386/x86_64 Comments: To: "This email address is being protected from spambots. You need JavaScript enabled to view it." Synopsis: Moderate: cscope security update Issue date: 2009-06-15 CVE Names: CVE-2004-2541 CVE-2006-4262 CVE-2009-0148 CVE-2009-1577 Multiple buffer overflow flaws were found in cscope. An attacker could create a specially crafted source code file that could cause cscope to crash or, possibly, execute arbitrary code when browsed with cscope. (CVE-2004-2541, CVE-2006-4262, CVE-2009-0148, CVE-2009-1577) All running instances of cscope must be restarted for this update to take effect. SL 3.0.x SRPMS: cscope-15.5-16.RHEL3.src.rpm i386: cscope-15.5-16.RHEL3.i386.rpm x86_64: cscope-15.5-16.RHEL3.x86_64.rpm SL 4.x SRPMS: cscope-15.5-10.RHEL4.3.src.rpm i386: cscope-15.5-10.RHEL4.3.i386.rpm x86_64: cscope-15.5-10.RHEL4.3.x86_64.rpm SL 5.x SRPMS: cscope-15.5-15.1.el5_3.1.src.rpm i386: cscope-15.5-15.1.el5_3.1.i386.rpm x86_64: cscope-15.5-15.1.el5_3.1.x86_64.rpm -Connie Sieh -Troy Dawson . Important security patch for cscope resolves critical buffer overflow vulnerabilities on Scientific Linux distributions. System reboot necessary.. Cscope Security Update, Scientific Linux Advisory, Moderate Severity Update. . LinuxSecurity.com Team

Calendar 2 Jun 16, 2009 Scientific Linux
98
Ls Advisories Redhat Esm H240
Price Tag 1security advisorymoderatesecurity update

Red Hat: RHSA-2009:1101-01 Moderate: Cscope Buffer Overflow

An updated cscope package that fixes multiple security issues is now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team.. ==================================================================== Red Hat Security Advisory Synopsis: Moderate: cscope security update Advisory ID: RHSA-2009:1101-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2009:1101.html Issue date: 2009-06-15 CVE Names: CVE-2004-2541 CVE-2006-4262 CVE-2009-0148 CVE-2009-1577 ==================================================================== 1. Summary: An updated cscope package that fixes multiple security issues is now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Description: cscope is a mature, ncurses-based, C source-code tree browsing tool. Multiple buffer overflow flaws were found in cscope. An attacker could create a specially crafted source code file that could cause cscope to crash or, possibly, execute arbitrary code when browsed with cscope. (CVE-2004-2541, CVE-2006-4262, CVE-2009-0148, CVE-2009-1577) All users of cscope are advised to upgrade to this updated package, which contains backported patches to fix these issues. All running instances of cscope must be restarted for this update totake effect. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at 5. Bugs fixed (https://bugzilla.redhat.com/): 203645 - CVE-2006-4262 cscope: multiple buffer overflows 490667 - CVE-2004-2541, CVE-2009-0148 cscope: multiple buffer overflows 499174 - CVE-2009-1577 cscope: putstring buffer overflow 6. Package List: Red Hat Enterprise Linux AS version 3: Source: i386: cscope-15.5-16.RHEL3.i386.rpm cscope-debuginfo-15.5-16.RHEL3.i386.rpm ia64: cscope-15.5-16.RHEL3.ia64.rpm cscope-debuginfo-15.5-16.RHEL3.ia64.rpm ppc: cscope-15.5-16.RHEL3.ppc.rpm cscope-debuginfo-15.5-16.RHEL3.ppc.rpm s390: cscope-15.5-16.RHEL3.s390.rpm cscope-debuginfo-15.5-16.RHEL3.s390.rpm s390x: cscope-15.5-16.RHEL3.s390x.rpm cscope-debuginfo-15.5-16.RHEL3.s390x.rpm x86_64: cscope-15.5-16.RHEL3.x86_64.rpm cscope-debuginfo-15.5-16.RHEL3.x86_64.rpm Red Hat Desktop version 3: Source: i386: cscope-15.5-16.RHEL3.i386.rpm cscope-debuginfo-15.5-16.RHEL3.i386.rpm x86_64: cscope-15.5-16.RHEL3.x86_64.rpm cscope-debuginfo-15.5-16.RHEL3.x86_64.rpm Red Hat Enterprise Linux ES version 3: Source: i386: cscope-15.5-16.RHEL3.i386.rpm cscope-debuginfo-15.5-16.RHEL3.i386.rpm ia64: cscope-15.5-16.RHEL3.ia64.rpm cscope-debuginfo-15.5-16.RHEL3.ia64.rpm x86_64: cscope-15.5-16.RHEL3.x86_64.rpm cscope-debuginfo-15.5-16.RHEL3.x86_64.rpm Red Hat Enterprise Linux WS version 3: Source: i386: cscope-15.5-16.RHEL3.i386.rpm cscope-debuginfo-15.5-16.RHEL3.i386.rpm ia64: cscope-15.5-16.RHEL3.ia64.rpm cscope-debuginfo-15.5-16.RHEL3.ia64.rpm x86_64: cscope-15.5-16.RHEL3.x86_64.rpm cscope-debuginfo-15.5-16.RHEL3.x86_64.rpm Red Hat Enterprise Linux AS version4: Source: i386: cscope-15.5-10.RHEL4.3.i386.rpm cscope-debuginfo-15.5-10.RHEL4.3.i386.rpm ia64: cscope-15.5-10.RHEL4.3.ia64.rpm cscope-debuginfo-15.5-10.RHEL4.3.ia64.rpm ppc: cscope-15.5-10.RHEL4.3.ppc.rpm cscope-debuginfo-15.5-10.RHEL4.3.ppc.rpm s390: cscope-15.5-10.RHEL4.3.s390.rpm cscope-debuginfo-15.5-10.RHEL4.3.s390.rpm s390x: cscope-15.5-10.RHEL4.3.s390x.rpm cscope-debuginfo-15.5-10.RHEL4.3.s390x.rpm x86_64: cscope-15.5-10.RHEL4.3.x86_64.rpm cscope-debuginfo-15.5-10.RHEL4.3.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: i386: cscope-15.5-10.RHEL4.3.i386.rpm cscope-debuginfo-15.5-10.RHEL4.3.i386.rpm x86_64: cscope-15.5-10.RHEL4.3.x86_64.rpm cscope-debuginfo-15.5-10.RHEL4.3.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: i386: cscope-15.5-10.RHEL4.3.i386.rpm cscope-debuginfo-15.5-10.RHEL4.3.i386.rpm ia64: cscope-15.5-10.RHEL4.3.ia64.rpm cscope-debuginfo-15.5-10.RHEL4.3.ia64.rpm x86_64: cscope-15.5-10.RHEL4.3.x86_64.rpm cscope-debuginfo-15.5-10.RHEL4.3.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: i386: cscope-15.5-10.RHEL4.3.i386.rpm cscope-debuginfo-15.5-10.RHEL4.3.i386.rpm ia64: cscope-15.5-10.RHEL4.3.ia64.rpm cscope-debuginfo-15.5-10.RHEL4.3.ia64.rpm x86_64: cscope-15.5-10.RHEL4.3.x86_64.rpm cscope-debuginfo-15.5-10.RHEL4.3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key#package 7. References: https://www.cve.org/CVERecord?id=CVE-2004-2541 https://www.cve.org/CVERecord?id=CVE-2006-4262 https://www.cve.org/CVERecord?id=CVE-2009-0148 https://www.cve.org/CVERecord?id=CVE-2009-1577 https://access.redhat.com/security/updates/classification#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2009 Red Hat, Inc. . A crucial security alert for Red Hat users highlighting several cscope vulnerabilities that carry a moderateseverity assessment.. Red Hat, Cscope, Security Update, Advisory, Buffer Issues. . LinuxSecurity.com Team

Calendar 2 Jun 16, 2009 Red Hat
Banner 4 1028x280 1708121825 1771600306
98
Ls Advisories Redhat Esm H240
Price Tag 1security advisorybuffer overflowsoftware update

Red Hat Enterprise Linux RHSA-2009:1101 Moderate: Cscope Buffer Overflow

An updated cscope package that fixes multiple security issues is now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team.. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: cscope security update Advisory ID: RHSA-2009:1101-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2009:1101.html Issue date: 2009-06-15 CVE Names: CVE-2004-2541 CVE-2006-4262 CVE-2009-0148 CVE-2009-1577 ==================================================================== 1. Summary: An updated cscope package that fixes multiple security issues is now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Description: cscope is a mature, ncurses-based, C source-code tree browsing tool. Multiple buffer overflow flaws were found in cscope. An attacker could create a specially crafted source code file that could cause cscope to crash or, possibly, execute arbitrary code when browsed with cscope. (CVE-2004-2541, CVE-2006-4262, CVE-2009-0148, CVE-2009-1577) All users of cscope are advised to upgrade to this updated package, which contains backported patches to fix these issues. All running instancesof cscope must be restarted for this update to take effect. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at 5. Bugs fixed (http://bugzilla.redhat.com/): 203645 - CVE-2006-4262 cscope: multiple buffer overflows 490667 - CVE-2004-2541, CVE-2009-0148 cscope: multiple buffer overflows 499174 - CVE-2009-1577 cscope: putstring buffer overflow 6. Package List: Red Hat Enterprise Linux AS version 3: Source: i386: cscope-15.5-16.RHEL3.i386.rpm cscope-debuginfo-15.5-16.RHEL3.i386.rpm ia64: cscope-15.5-16.RHEL3.ia64.rpm cscope-debuginfo-15.5-16.RHEL3.ia64.rpm ppc: cscope-15.5-16.RHEL3.ppc.rpm cscope-debuginfo-15.5-16.RHEL3.ppc.rpm s390: cscope-15.5-16.RHEL3.s390.rpm cscope-debuginfo-15.5-16.RHEL3.s390.rpm s390x: cscope-15.5-16.RHEL3.s390x.rpm cscope-debuginfo-15.5-16.RHEL3.s390x.rpm x86_64: cscope-15.5-16.RHEL3.x86_64.rpm cscope-debuginfo-15.5-16.RHEL3.x86_64.rpm Red Hat Desktop version 3: Source: i386: cscope-15.5-16.RHEL3.i386.rpm cscope-debuginfo-15.5-16.RHEL3.i386.rpm x86_64: cscope-15.5-16.RHEL3.x86_64.rpm cscope-debuginfo-15.5-16.RHEL3.x86_64.rpm Red Hat Enterprise Linux ES version 3: Source: i386: cscope-15.5-16.RHEL3.i386.rpm cscope-debuginfo-15.5-16.RHEL3.i386.rpm ia64: cscope-15.5-16.RHEL3.ia64.rpm cscope-debuginfo-15.5-16.RHEL3.ia64.rpm x86_64: cscope-15.5-16.RHEL3.x86_64.rpm cscope-debuginfo-15.5-16.RHEL3.x86_64.rpm Red Hat Enterprise Linux WS version 3: Source: i386: cscope-15.5-16.RHEL3.i386.rpm cscope-debuginfo-15.5-16.RHEL3.i386.rpm ia64: cscope-15.5-16.RHEL3.ia64.rpm cscope-debuginfo-15.5-16.RHEL3.ia64.rpm x86_64: cscope-15.5-16.RHEL3.x86_64.rpm cscope-debuginfo-15.5-16.RHEL3.x86_64.rpm Red Hat Enterprise Linux AS version4: Source: i386: cscope-15.5-10.RHEL4.3.i386.rpm cscope-debuginfo-15.5-10.RHEL4.3.i386.rpm ia64: cscope-15.5-10.RHEL4.3.ia64.rpm cscope-debuginfo-15.5-10.RHEL4.3.ia64.rpm ppc: cscope-15.5-10.RHEL4.3.ppc.rpm cscope-debuginfo-15.5-10.RHEL4.3.ppc.rpm s390: cscope-15.5-10.RHEL4.3.s390.rpm cscope-debuginfo-15.5-10.RHEL4.3.s390.rpm s390x: cscope-15.5-10.RHEL4.3.s390x.rpm cscope-debuginfo-15.5-10.RHEL4.3.s390x.rpm x86_64: cscope-15.5-10.RHEL4.3.x86_64.rpm cscope-debuginfo-15.5-10.RHEL4.3.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: i386: cscope-15.5-10.RHEL4.3.i386.rpm cscope-debuginfo-15.5-10.RHEL4.3.i386.rpm x86_64: cscope-15.5-10.RHEL4.3.x86_64.rpm cscope-debuginfo-15.5-10.RHEL4.3.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: i386: cscope-15.5-10.RHEL4.3.i386.rpm cscope-debuginfo-15.5-10.RHEL4.3.i386.rpm ia64: cscope-15.5-10.RHEL4.3.ia64.rpm cscope-debuginfo-15.5-10.RHEL4.3.ia64.rpm x86_64: cscope-15.5-10.RHEL4.3.x86_64.rpm cscope-debuginfo-15.5-10.RHEL4.3.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: i386: cscope-15.5-10.RHEL4.3.i386.rpm cscope-debuginfo-15.5-10.RHEL4.3.i386.rpm ia64: cscope-15.5-10.RHEL4.3.ia64.rpm cscope-debuginfo-15.5-10.RHEL4.3.ia64.rpm x86_64: cscope-15.5-10.RHEL4.3.x86_64.rpm cscope-debuginfo-15.5-10.RHEL4.3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key#package 7. References: https://www.cve.org/CVERecord?id=CVE-2004-2541 https://www.cve.org/CVERecord?id=CVE-2006-4262 https://www.cve.org/CVERecord?id=CVE-2009-0148 https://www.cve.org/CVERecord?id=CVE-2009-1577 https://access.redhat.com/security/updates/classification#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2009 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4(GNU/Linux) iD8DBQFKNrzAXlSAg2UNWIIRArrIAJ0WxNf68eHd2MqqPEju6qsRaUsr2ACggfJ9 NgvDE6TPlnbWhos+yKjJ2os=jBA3 -----END PGP SIGNATURE----- -- Enterprise-watch-list mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. . Red Hat issues a significant security patch for cscope to address critical buffer overflow vulnerabilities. Instructions for implementing the update.. Red Hat Update,Cscope Fix,Open Source Security. . LinuxSecurity.com Team

Calendar 2 Jun 15, 2009 Red Hat
98
Ls Advisories Redhat Esm H240
Price Tag 1security advisorysecurity updateRed Hat

Red Hat 5: RHSA-2009-1102 Moderate: Cscope Buffer Overflow Advisory

An updated cscope package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team.. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: cscope security update Advisory ID: RHSA-2009:1102-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2009:1102.html Issue date: 2009-06-15 CVE Names: CVE-2004-2541 CVE-2009-0148 ==================================================================== 1. Summary: An updated cscope package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 3. Description: cscope is a mature, ncurses-based, C source-code tree browsing tool. Multiple buffer overflow flaws were found in cscope. An attacker could create a specially crafted source code file that could cause cscope to crash or, possibly, execute arbitrary code when browsed with cscope. (CVE-2004-2541, CVE-2009-0148) All users of cscope are advised to upgrade to this updated package, which contains backported patches to fix these issues. All running instances of cscope must be restarted for this update to take effect. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at 5. Bugs fixed (http://bugzilla.redhat.com/): 490667 - CVE-2004-2541, CVE-2009-0148 cscope: multiple buffer overflows 6. PackageList: RHEL Desktop Workstation (v. 5 client): Source: i386: cscope-15.5-15.1.el5_3.1.i386.rpm cscope-debuginfo-15.5-15.1.el5_3.1.i386.rpm x86_64: cscope-15.5-15.1.el5_3.1.x86_64.rpm cscope-debuginfo-15.5-15.1.el5_3.1.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: i386: cscope-15.5-15.1.el5_3.1.i386.rpm cscope-debuginfo-15.5-15.1.el5_3.1.i386.rpm ia64: cscope-15.5-15.1.el5_3.1.ia64.rpm cscope-debuginfo-15.5-15.1.el5_3.1.ia64.rpm ppc: cscope-15.5-15.1.el5_3.1.ppc.rpm cscope-debuginfo-15.5-15.1.el5_3.1.ppc.rpm s390x: cscope-15.5-15.1.el5_3.1.s390x.rpm cscope-debuginfo-15.5-15.1.el5_3.1.s390x.rpm x86_64: cscope-15.5-15.1.el5_3.1.x86_64.rpm cscope-debuginfo-15.5-15.1.el5_3.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key#package 7. References: https://www.cve.org/CVERecord?id=CVE-2004-2541 https://www.cve.org/CVERecord?id=CVE-2009-0148 https://access.redhat.com/security/updates/classification#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2009 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFKNrzqXlSAg2UNWIIRAmInAKCZFlnENfsuLC89lL/j10bKFm2/jACgty67 9U52SOXdexxIHvt6Akvf1qo=wq3i -----END PGP SIGNATURE----- -- Enterprise-watch-list mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. . Red Hat has released advisory RHSA-2009-1103 regarding ncurses to mitigate several security vulnerabilities. Please upgrade your software and safeguard your environment promptly.. Red Hat cscope update, moderate security advisory, buffer overflow issues, cscope package security. . LinuxSecurity.com Team

Calendar 2 Jun 15, 2009 Red Hat
Banner 4 1028x280 1708121825 1771600306
91
Ls Advisories Gentoo Esm H240
Price Tag 1security advisorysecurity issuegentoo

Gentoo: GLSA-200905-02 Normal: Cscope Arbitrary Code Execution Risk

Multiple vulnerabilities in Cscope might allow for the remote execution of arbitrary code.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200905-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Cscope: User-assisted execution of arbitrary code Date: May 24, 2009 Bugs: #263023 ID: 200905-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Multiple vulnerabilities in Cscope might allow for the remote execution of arbitrary code. Background ========= Cscope is a developer's tool for browsing source code. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-util/cscope < 15.7a > = 15.7a Description ========== James Peach of Apple discovered a stack-based buffer overflow in cscope's handling of long file system paths (CVE-2009-0148). Multiple stack-based buffer overflows were reported in the putstring function when processing an overly long function name or symbol in a source code file (CVE-2009-1577). Impact ===== A remote attacker could entice a user to open a specially crafted source file, possibly resulting in the remote execution of arbitrary code with the privileges of the user running the application. Workaround ========= There is no known workaround at this time. Resolution ========= All Cscope users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =dev-util/cscope-15.7a" References ========= [ 1 ] CVE-2009-0148 https://www.cve.org/CVERecord?id=CVE-2009-0148 [ 2 ] CVE-2009-1577 https://www.cve.org/CVERecord?id=CVE-2009-1577 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/200905-02 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to This email address is being protected from spambots. You need JavaScript enabled to view it. or alternatively, you may file a bug at https://bugs.gentoo.org/. License ====== Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5/ . GLSA 200905-02 highlights critical vulnerabilities in Cscope, a tool for C/C++ code examination, urging users to upgrade to prevent potential remote code execution attacks. Gentoo Advisory, Cscope Risk, Arbitrary Code Execution. . LinuxSecurity.com Team

Calendar 2 May 24, 2009 Gentoo
87
Ls Advisories Debian Esm H240
Price Tag 1security advisorybuffer overflowsoftware update

Debian: DSA-1806-1 Critical: Cscope Buffer Overflow Code Execution

Matt Murphy discovered that cscope, a source code browsing tool, does not verify the length of file names sourced in include statements, which may potentially lead to the execution of arbitrary code through specially crafted source code files. . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1806-1 This email address is being protected from spambots. You need JavaScript enabled to view it. http://www.debian.org/security/ Moritz Muehlenhoff May 24, 2009 http://www.debian.org/security/faq - ------------------------------------------------------------------------ Package : cscope Vulnerability : buffer overflows Problem type : local(remote) Debian-specific: no CVE Id(s) : CVE-2009-0148 Debian Bug : 528510 Matt Murphy discovered that cscope, a source code browsing tool, does not verify the length of file names sourced in include statements, which may potentially lead to the execution of arbitrary code through specially crafted source code files. For the stable distribution (lenny), this problem has been fixed in version 15.6-6+lenny1. Due to a technical limitation in the Debian archive management scripts the update for the old stable distribution (etch) cannot be released synchronously. It will be fixed in version 15.6-2+etch1 soon. For the unstable distribution (sid), this problem will be fixed soon. We recommend that you upgrade your cscope package. Upgrade instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 5.0 alias lenny - -------------------------------- Stable updates areavailable for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: Size/MD5 checksum: 1175 bf5b3b5991280df7520db37a6ce8c8c6 Size/MD5 checksum: 391223 db87833f90d8267b1fc0c419cfc4d219 Size/MD5 checksum: 30315 08f6bc421b1e8dd3eebb3fa8cd9b817b alpha architecture (DEC Alpha) Size/MD5 checksum: 170266 3b13e268cd5564f9afa60b879bd79d8c amd64 architecture (AMD x86_64 (AMD64)) Size/MD5 checksum: 161762 c9c8cf78c0b062a05417223aefce23c3 arm architecture (ARM) Size/MD5 checksum: 156238 68c4cd9fba37cb7a0482e19aecce8c5f armel architecture (ARM EABI) Size/MD5 checksum: 157660 318f6a7fc67df0ffc65944abe87c809e hppa architecture (HP PA RISC) Size/MD5 checksum: 165382 cde153b1444051187275bdbdee34fe57 i386 architecture (Intel ia32) Size/MD5 checksum: 151112 a5283fb2f802e17bafeed14cdd17e7b4 ia64 architecture (Intel ia64) Size/MD5 checksum: 193944 1742e60d0c5cd49021ac3cdf4614cb82 mips architecture (MIPS (Big Endian)) Size/MD5 checksum: 166234 03ea9e811e284cdb1a79f3ee9aa9ed94 mipsel architecture (MIPS (Little Endian)) Size/MD5 checksum: 165018 ad72b467d114029b499d85f67cc91907 powerpc architecture (PowerPC) Size/MD5 checksum: 165280 6f6997805a9b70dbcac46fab353bc34b s390 architecture (IBM S/390) Size/MD5 checksum: 164250 c6b60c11774775d27b44377947a70951 sparc architecture (Sun SPARC/UltraSPARC) Size/MD5 checksum: 157986 91e6c07942348657e90c411d04dc5ebc These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb https://www.debian.org/security/ stable/updates main For dpkg-ftp: dists/stable/updates/main Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. Package info: `apt-cache show ' and https://www.debian.org/distrib/packages . Urgent action required: upgrading cscope fixes critical vulnerabilitiesrelated to code execution flaws that need addressing immediately. Debian Security Advisory,Cscope Update,Critical Threat,Bufffer Overflow. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 May 24, 2009 Critical Debian
Banner 4 1028x280 1708121825 1771600306
91
Ls Advisories Gentoo Esm H240
Price Tag 1security advisorysecurity issuegentoo

Gentoo: GLSA-202203-12 Moderate Severity for Screen Capture Tool Flaw

Cscope is vulnerable to multiple buffer overflows that could lead to the execution of arbitrary code.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200610-08 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Cscope: Multiple buffer overflows Date: October 20, 2006 Bugs: #144869 ID: 200610-08 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Cscope is vulnerable to multiple buffer overflows that could lead to the execution of arbitrary code. Background ========= Cscope is a developer's tool for browsing source code. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-util/cscope < 15.5.20060927 > = 15.5.20060927 Description ========== Unchecked use of strcpy() and *scanf() leads to several buffer overflows. Impact ===== A user could be enticed to open a carefully crafted file which would allow the attacker to execute arbitrary code with the permissions of the user running Cscope. Workaround ========= There is no known workaround at this time. Resolution ========= All Cscope users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =dev-util/cscope-15.5.20060927" References ========= [ 1 ] CVE-2006-4262 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/200610-08 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our usersmachines is of utmost importance to us. Any security concerns should be addressed to This email address is being protected from spambots. You need JavaScript enabled to view it. or alternatively, you may file a bug at https://bugs.gentoo.org/. License ====== Copyright 2006 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5/ . Gentoo Security Advisory GLSA 202310-22 highlights vulnerabilities in the Xtool software, posing risks of unauthorized access and potential data breaches.. Cscope, Buffer Overflow, Gentoo Advisory, Code Execution, Security Issue. . LinuxSecurity.com Team

Calendar 2 Oct 20, 2006 Gentoo
87
Ls Advisories Debian Esm H240
Price Tag 1security advisoryupdatebuffer overflow

Debian 3.1 DSA 1186-1 Critical: Cscope Buffer Overflow Issue

Updated package.. - --------------------------------------------------------------------------Debian Security Advisory DSA 1186-1 This email address is being protected from spambots. You need JavaScript enabled to view it. http://www.debian.org/security/ Moritz Muehlenhoff September 30th, 2006 http://www.debian.org/security/faq - --------------------------------------------------------------------------Package : cscope Vulnerability : buffer overflows Problem-Type : local(remote) Debian-specific: no CVE ID : CVE-2006-4262 Debian Bug : 385893 Will Drewry of the Google Security Team discovered several buffer overflows in cscope, a source browsing tool, which might lead to the execution of arbitrary code. For the stable distribution (sarge) this problem has been fixed in version cscope_15.5-1.1sarge2. For the unstable distribution (sid) this problem has been fixed in version 15.5+cvs20060902-1. We recommend that you upgrade your cscope package. Upgrade Instructions - --------------------wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.1 alias sarge - -------------------------------- Source archives: Size/MD5 checksum: 597 288d126f1a8e75401bec5758d21fca6e Size/MD5 checksum: 22685 efce07e2dbfdba7329ec88a143c811ad Size/MD5 checksum: 243793 beb6032a301bb11524aec74bfb5e4840 Alpha architecture: Size/MD5 checksum: 164514 0a49e059085c6b7935d19ade91441abf AMD64 architecture: Size/MD5 checksum: 152934 a10ede3f65739ef21806fd2eb139c572 ARM architecture: Size/MD5 checksum: 14722405f695127f6fcc7a934a4835c18d215c HP Precision architecture: Size/MD5 checksum: 158482 faf5225195dcb6b89fb22711ff45547e Intel IA-32 architecture: Size/MD5 checksum: 143350 94dda40490e976fb3ba9a7aac7ea92d7 Intel IA-64 architecture: Size/MD5 checksum: 181116 52a1b55bcaa05bfe5731e53c14316620 Motorola 680x0 architecture: Size/MD5 checksum: 140118 762aebb7ffbdee7c6787c750b53cd02e Big endian MIPS architecture: Size/MD5 checksum: 157354 87e2ffcf7dc6ebc10523391b29e1ab27 Little endian MIPS architecture: Size/MD5 checksum: 155750 a566cbfcd6689dca81b8730148f59965 PowerPC architecture: Size/MD5 checksum: 154680 2a959a398cff553b7a7c51ce554b516e IBM S/390 architecture: Size/MD5 checksum: 154500 6dd06b7d5ba9b119a1daf0f23fc65d79 Sun Sparc architecture: Size/MD5 checksum: 148314 585ad5bb0f6e591e7f54ce8c147d1cfb These files will probably be moved into the stable distribution on its next update. - ---------------------------------------------------------------------------------For apt-get: deb https://www.debian.org/security/ stable/updates main For dpkg-ftp: dists/stable/updates/main Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . Debian advisory DSA 1204-2 highlights security enhancements in vim that address command injection vulnerabilities. Update promptly!. Debian Security,Cscope Patch,Code Execution Risk,Buffer Overflow Fix. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Sep 30, 2006 Critical Debian
Banner 4 1028x280 1708121825 1771600306
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200

Search Topics

Your message here