Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -6 articles for you...
197
security advisorybuffer overflowDebianDebian 8: DLA-2261-1 Critical: php5 Disk Space Exploit Mitigation
It has been discovered, that a vulnerability in php5, a server-side, HTML-embedded scripting language, could lead to exhausted disk space on the server. When using overly long filenames or field names, a memory . Package : php5 Version : 5.6.40+dfsg-0+deb8u12 CVE ID : CVE-2019-11048 It has been discovered, that a vulnerability in php5, a server-side, HTML-embedded scripting language, could lead to exhausted disk space on the server. When using overly long filenames or field names, a memory limit could be hit which results in stopping the upload but not cleaning up behind. Further the embedded version of "file" is vulnerable to CVE-2019-18218. As it can not be exploited the same in php5 as in file, this issue is not handled as an own CVE but just as a bug, that has been fixed here (restrict the number of CDF_VECTOR elements to prevent a heap-based buffer overflow (4-byte out-of-bounds write)). For Debian 8 "Jessie", this problem has been fixed in version 5.6.40+dfsg-0+deb8u12. We recommend that you upgrade your php5 packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . Enhance PHP5 to address CVE-2019-11048 and mitigate disk usage issues on Debian 8 for improved efficiency.. php5 Security Update,Debian LTS,CVE-2019-11048,Buffer Overflow. . Severity: Critical. LinuxSecurity.com Team
Jun 29, 2020
•Critical
Debian LTS
172
security advisoryupdateattackUbuntu 8.10: USN-748-1 Moderate OpenJDK Service Denial of Service
It was discovered that font creation could leak temporary files.If a user were tricked into loading a malicious program or applet,a remote attacker could consume disk space, leading to a denial ofservice. (CVE-2006-2426, CVE-2009-1100) [More...]. ==========================================================Ubuntu Security Notice USN-748-1 March 26, 2009 openjdk-6 vulnerabilities CVE-2006-2426, CVE-2009-1093, CVE-2009-1094, CVE-2009-1095, CVE-2009-1096, CVE-2009-1097, CVE-2009-1098, CVE-2009-1100, CVE-2009-1101, CVE-2009-1102 ========================================================== A security issue affects the following Ubuntu releases: Ubuntu 8.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 8.10: icedtea6-plugin 6b12-0ubuntu6.4 openjdk-6-jdk 6b12-0ubuntu6.4 openjdk-6-jre 6b12-0ubuntu6.4 openjdk-6-jre-headless 6b12-0ubuntu6.4 openjdk-6-jre-lib 6b12-0ubuntu6.4 After a standard system upgrade you need to restart any Java applications to effect the necessary changes. Details follow: It was discovered that font creation could leak temporary files. If a user were tricked into loading a malicious program or applet, a remote attacker could consume disk space, leading to a denial of service. (CVE-2006-2426, CVE-2009-1100) It was discovered that the lightweight HttpServer did not correctly close files on dataless connections. A remote attacker could send specially crafted requests, leading to a denial of service. (CVE-2009-1101) Certain 64bit Java actions would crash an application. A local attacker might be able to cause a denial of service. (CVE-2009-1102) It was discovered that LDAP connections did not close correctly. A remote attacker could send specially crafted requests, leading to a denial of service. (CVE-2009-1093) Java LDAP routines did not unserialize certaindata correctly. A remote attacker could send specially crafted requests that could lead to arbitrary code execution. (CVE-2009-1094) Java did not correctly check certain JAR headers. If a user or automated system were tricked into processing a malicious JAR file, a remote attacker could crash the application, leading to a denial of service. (CVE-2009-1095, CVE-2009-1096) It was discovered that PNG and GIF decoding in Java could lead to memory corruption. If a user or automated system were tricked into processing a specially crafted image, a remote attacker could crash the application, leading to a denial of service. (CVE-2009-1097, CVE-2009-1098) Updated packages for Ubuntu 8.10: Source archives: Size/MD5: 257215 876f885acf37c0817a35956e6520de3a Size/MD5: 2355 d8a4b0fe60497fd1f61c978c3c78e571 Size/MD5: 54363262 f3aa01206f2192464b998fb7cc550686 Architecture independent packages: Size/MD5: 8469732 b032a764ce88bd155f9aaba02ecc6566 Size/MD5: 4709872 299164cb69aa3ec883867afb7d8d9054 Size/MD5: 25627544 e62afaf0e692fa587de0056cf014175d Size/MD5: 49156004 2de3d037ef595b34ccb98324b11f1159 amd64 architecture (Athlon64, Opteron, EM64T Xeon): Size/MD5: 81028 8952bc76c555dc8d950b2d3bfa940b7c Size/MD5: 47372520 d70f9ed68d2837e2f3f107a607b5cc96 Size/MD5: 2366132 75294026f904346ec76397cd388252c3 Size/MD5: 9944822 cfd88c5f3fe97c67d8eca19908344823 Size/MD5: 24099904 24468c4793c974819f83b06fb41adc90 Size/MD5: 241642 240d8346bb895f9623091c94c81ae466 i386 architecture (x86 compatible Intel/AMD): Size/MD5: 71516 5c67a03b0011a3bd117fae210ca27cd9 Size/MD5: 101847192 302ab3721553014290ce4bfdee6cb6fb Size/MD5: 2348630 1a4c103e4d235f7d641f2e0f2ddfe4c3 Size/MD5: 9952338 c6bc056c5fa988f8841542a6801aa84d Size/MD5: 25177778 41fa22a436950239955756efe7bc9112 Size/MD5: 230774 5c5188e21a7a5a76763d7f651162dc3a lpia architecture (Low Power Intel Architecture): Size/MD5: 72110 1b419781fc73fe42b85ff180f520edc2 Size/MD5: 101930130 abc646dc9df27f3415ff07dcb0c38e51 Size/MD5: 2345400 ef0b99c18c2ce4cd1ae68f1f20d08566 Size/MD5: 9947530 6bb618600d7c1f7ec68a68519094e0d9 Size/MD5: 25207906 1b334898157a834ab05ee74593ce57e4 Size/MD5: 227556 ad49784b480e88550c61dfc069cb4d2a powerpc architecture (Apple Macintosh G3/G4/G5): Size/MD5: 77056 11313904c64bee4204f6369b4ffd5e66 Size/MD5: 35898024 50945e6c1cbed766ea52b78fb7ed2ac5 Size/MD5: 2393022 c04df84eeb2373a7f0cd84ad85610188 Size/MD5: 8600518 197d84aae1eaafdab671a5749b42b86c Size/MD5: 22988430 27721c39140811fd6ef9b00124c10b70 Size/MD5: 255542 a7d6deeb5ef7143bb8631c593f4c36c6 sparc architecture (Sun SPARC/UltraSPARC): Size/MD5: 70098 44eca12cf6d8ed10e02a755772052b5b Size/MD5: 103688730 0034a5b63b78e38f3c5bb0d0b920b9cf Size/MD5: 2355160 e8adc4df2d4bc39f66da967b5272d455 Size/MD5: 9940784 c35a4115f4587df050af4c16de829674 Size/MD5: 25193444 0e4de129d523ef09bed9e3a22c6cecf3 Size/MD5: 233052 1773a666f39a632f458e850fb300ef12 . Ubuntu releases a security patch for OpenJDK to mitigate vulnerabilities, preventing possible exploitation and service failures.. OpenJDK security, Ubuntu updates, denial of service risks. . LinuxSecurity.com Team
Mar 26, 2009
Ubuntu
89
security advisoryfedora corecriticalFedora Core 4: FEDORA-2005-729 Critical: xpdf Disk Space DoS
A flaw was discovered in Xpdf in that an attacker could construct a carefully crafted PDF file that would cause Xpdf to consume all available disk space in /tmp when opened.. ---------------------------------------------------------------------Fedora Update Notification FEDORA-2005-729 2005-08-15 ---------------------------------------------------------------------Product : Fedora Core 4 Name : xpdf Version : 3.00 Release : 20.FC4.2 Summary : A PDF file viewer for the X Window System. Description : Xpdf is an X Window System based viewer for Portable Document Format (PDF) files. Xpdf is a small and efficient program which uses standard X fonts. ---------------------------------------------------------------------Update Information: A flaw was discovered in Xpdf in that an attacker could construct a carefully crafted PDF file that would cause Xpdf to consume all available disk space in /tmp when opened. The Common Vulnerabilities and Exposures project assigned the name CAN-2005-2097 to this issue. Users of xpdf should upgrade to this updated package, which contains a patch to resolve this issue. ---------------------------------------------------------------------* Wed Jul 27 2005 Than Ngo 1:3.00-20.FC4.2 - better patch to fix CAN-2005-2097, #163918 - fix build problem with gcc4 * Tue Jul 26 2005 Than Ngo 3.00-20.FC4.1 - backport patch to fix xpdf DoS, CAN-2005-2097, #163918 - fix xpdf crash #163807 ---------------------------------------------------------------------This update can be downloaded from: 45702d839a744d7e47a1fe03bf6e4e40 SRPMS/xpdf-3.00-20.FC4.2.src.rpm 1a726ed1bd8b5dc3141a1614258ebff1 ppc/xpdf-3.00-20.FC4.2.ppc.rpm 61348dbd1b1c3d798f6862446242a7ec ppc/debug/xpdf-debuginfo-3.00-20.FC4.2.ppc.rpm ff2f134d6361527f9d18d94e46796ebf x86_64/xpdf-3.00-20.FC4.2.x86_64.rpm 11e6090deb68034abb58429a1c415d46 x86_64/debug/xpdf-debuginfo-3.00-20.FC4.2.x86_64.rpm db028d8f8f8d8242e6ccccdeb26408c7 i386/xpdf-3.00-20.FC4.2.i386.rpm 2aafd3c99dc2931060df6e7aedacff9a i386/debug/xpdf-debuginfo-3.00-20.FC4.2.i386.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. -----------------------------------------------------------------------fedora-announce-list mailing list
Aug 15, 2005
•Critical
Fedora
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!