Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -4 articles for you...
172
security advisoryUbuntuexecute codeUbuntu 18.04 LTS: USN-4357-1 Moderate: IPRoute Arbitrary Code Execution
IPRoute could be made to execute arbitrary code if it received a specially crafted input.. =========================================================================Ubuntu Security Notice USN-4357-1 May 13, 2020 iproute2 vulnerability ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 18.04 LTS Summary: IPRoute could be made to execute arbitrary code if it received a specially crafted input. Software Description: - iproute2: networking and traffic control tools Details: It was discovered that IPRoute incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS: iproute2 4.15.0-2ubuntu1.1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-4357-1 CVE-2019-20795 Package Information: https://launchpad.net/ubuntu/+source/iproute2/4.15.0-2ubuntu1.1 . The IPRoute flaw permits attackers to execute arbitrary code through specially designed input. It is recommended to upgrade Ubuntu 18.04 LTS to protect your system.. IPRoute, Arbitrary Code, Ubuntu Update, Security Patch, System Vulnerability. . LinuxSecurity.com Team
May 13, 2020
Ubuntu
91
security advisoryGentoolocal attackGentoo: GLSA-201805-10 Moderate: Zsh Local Code Execution Risk
Multiple vulnerabilities have been found in Zsh, the worst of which could allow local attackers to execute arbitrary code.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201805-10 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Zsh: Multiple vulnerabilities Date: May 26, 2018 Bugs: #649614, #651860, #655708 ID: 201805-10 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Multiple vulnerabilities have been found in Zsh, the worst of which could allow local attackers to execute arbitrary code. Background ========= A shell designed for interactive use, although it is also a powerful scripting language. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 app-shells/zsh < 5.5 > = 5.5 Description ========== Multiple vulnerabilities have been discovered in Zsh. Please review the CVE identifiers referenced below for details. Impact ===== A local attacker could execute arbitrary code, escalate privileges, or cause a Denial of Service condition. Workaround ========= There is no known workaround at this time. Resolution ========= All Zsh users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =app-shells/zsh-5.5" References ========= [ 1 ] CVE-2017-18205 https://nvd.nist.gov/vuln/detail/CVE-2017-18205 [ 2 ] CVE-2017-18206 https://nvd.nist.gov/vuln/detail/CVE-2017-18206 [ 3 ] CVE-2018-1071 https://nvd.nist.gov/vuln/detail/CVE-2018-1071 [ 4 ] CVE-2018-1083 https://nvd.nist.gov/vuln/detail/CVE-2018-1083 [ 5 ] CVE-2018-1100 https://nvd.nist.gov/vuln/detail/CVE-2018-1100 [ 6 ] CVE-2018-7548 https://nvd.nist.gov/vuln/detail/CVE-2018-7548 [ 7 ] CVE-2018-7549 https://nvd.nist.gov/vuln/detail/CVE-2018-7549 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201805-10 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to
May 26, 2018
Gentoo
98
security advisoryaccess flawRed Hat Enterprise LinuxRed Hat Enterprise: RHSA-2016-0999-01 Important: QEMU-KVM-RHEV Access Flaw
An update for qemu-kvm-rhev is now available for Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Important: qemu-kvm-rhev security update Advisory ID: RHSA-2016:0999-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://access.redhat.com/errata/RHSA-2016:0999.html Issue date: 2016-05-10 CVE Names: CVE-2016-3710 ==================================================================== 1. Summary: An update for qemu-kvm-rhev is now available for Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 7 - x86_64 3. Description: KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM in environments managed by Red Hat Enterprise Virtualization Manager. Security Fix(es): * An out-of-bounds read/write access flaw was found in the way QEMU's VGA emulation with VESA BIOS Extensions (VBE) support performed read/write operations via I/O port methods. A privileged guest user could use this flaw to execute arbitrary code on the host with the privileges of the host's QEMU process. (CVE-2016-3710) Red Hat would like to thank Wei Xiao (360 Marvel Team) and Qinghao Tang (360 Marvel Team)for reporting this issue. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1331401 - CVE-2016-3710 qemu: incorrect banked access bounds checking in vga module 6. Package List: Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 7: Source: qemu-kvm-rhev-2.3.0-31.el7_2.13.src.rpm x86_64: libcacard-devel-rhev-2.3.0-31.el7_2.13.x86_64.rpm libcacard-rhev-2.3.0-31.el7_2.13.x86_64.rpm libcacard-tools-rhev-2.3.0-31.el7_2.13.x86_64.rpm qemu-img-rhev-2.3.0-31.el7_2.13.x86_64.rpm qemu-kvm-common-rhev-2.3.0-31.el7_2.13.x86_64.rpm qemu-kvm-rhev-2.3.0-31.el7_2.13.x86_64.rpm qemu-kvm-rhev-debuginfo-2.3.0-31.el7_2.13.x86_64.rpm qemu-kvm-tools-rhev-2.3.0-31.el7_2.13.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-3710 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXMXBUXlSAg2UNWIIRAlO8AKCyAlE6sWMkWo0/E7lQz64g2Kp+WwCggF68 BP+dYgUdnmWTqbMbQyRTa/A=fi5T -----END PGP SIGNATURE----- -- Enterprise-watch-list mailing list
May 10, 2016
•Important
Red Hat
87
security advisoryupdatebuffer overflowDebian 3.1 DSA 1186-1 Critical: Cscope Buffer Overflow Issue
Updated package.. - --------------------------------------------------------------------------Debian Security Advisory DSA 1186-1
Sep 30, 2006
•Critical
Debian
91
security advisorygentoomultiple issuesGentoo 200503-05 Normal: xli, xloadimage Execute Code Risk
xli and xloadimage are vulnerable to multiple issues, potentially leading to the execution of arbitrary code.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200503-05 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: xli, xloadimage: Multiple vulnerabilities Date: March 02, 2005 Bugs: #79762 ID: 200503-05 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= xli and xloadimage are vulnerable to multiple issues, potentially leading to the execution of arbitrary code. Background ========= xli and xloadimage are X11 utilities for displaying and manipulating a wide range of image formats. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 media-gfx/xloadimage < 4.1-r2 > = 4.1-r2 2 media-gfx/xli < 1.17.0-r1 > = 1.17.0-r1 ------------------------------------------------------------------- 2 affected packages on all of their supported architectures. ------------------------------------------------------------------- Description ========== Tavis Ormandy of the Gentoo Linux Security Audit Team has reported that xli and xloadimage contain a flaw in the handling of compressed images, where shell meta-characters are not adequately escaped. Rob Holland of the Gentoo Linux Security Audit Team has reported that an xloadimage vulnerability in the handling of Faces Project images discovered by zen-parse in 2001 remained unpatched in xli. Additionally, it has been reported that insufficient validation of imageproperties in xli could potentially result in buffer management errors. Impact ===== Successful exploitation would permit a remote attacker to execute arbitrary shell commands, or arbitrary code with the privileges of the xloadimage or xli user. Workaround ========= There is no known workaround at this time. Resolution ========= All xli users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =media-gfx/xli-1.17.0-r1" All xloadimage users should also upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =media-gfx/xloadimage-4.1-r2" References ========= [ 1 ] CAN-2001-0775 https://www.cve.org/CVERecord?id=CAN-2001-0775 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/200503-05 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to
Mar 02, 2005
Gentoo
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!