Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -7 articles for you...
197
security advisorydenial of servicebuffer overflowDebian 10: DLA-3223-1 Critical: giflib Buffer Overflow and DoS Risk
This update fixes two file format vulnerabilities in giflib. CVE-2018-11490 . ------------------------------------------------------------------------- Debian LTS Advisory DLA-3223-1 debian-lts@lists.debian.org https://www.debian.org/lts/security/ Helmut Grohne December 05, 2022 https://wiki.debian.org/LTS ------------------------------------------------------------------------- Package : giflib Version : 5.1.4-3+deb10u1 CVE ID : CVE-2018-11490 CVE-2019-15133 Debian Bug : 904114 This update fixes two file format vulnerabilities in giflib. CVE-2018-11490 The DGifDecompressLine function in dgif_lib.c, as later shipped in cgif.c in sam2p 0.49.4, has a heap-based buffer overflow because a certain "Private-> RunningCode - 2" array index is not checked. This will lead to a denial of service or possibly unspecified other impact. CVE-2019-15133 A malformed GIF file triggers a divide-by-zero exception in the decoder function DGifSlurp in dgif_lib.c if the height field of the ImageSize data structure is equal to zero. For Debian 10 buster, these problems have been fixed in version 5.1.4-3+deb10u1. We recommend that you upgrade your giflib packages. For the detailed security status of giflib please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/giflib Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . Enhance giflib to rectify issues related to file formats, such as buffer overflow vulnerabilities and Denial of Service threats, following the guidance of Debian LTS DLA-3223-1.. giflib security update, debian advisory, file format issues, buffer overflow fix. . Severity: Critical. LinuxSecurity.com Team
Dec 05, 2022
•Critical
Debian LTS
89
security advisorysoftware updatemoderate impactFedora Core 4: gedit Update 2.10.2 Moderate: File Format Issue
An updated gedit package that fixes a file name format string vulnerability is now available.. ---------------------------------------------------------------------Fedora Update Notification FEDORA-2005-403 2005-06-26 ---------------------------------------------------------------------Product : Fedora Core 4 Name : gedit Version : 2.10.2 Release : 4 Summary : gEdit is a small but powerful text editor for GNOME. Description : gEdit is a small but powerful text editor designed specifically for the GNOME GUI desktop. gEdit includes a plug-in API (which supports extensibility while keeping the core binary small), support for editing multiple documents using notebook tabs, and standard text editor functions. You'll need to have GNOME and GTK+ installed to use gEdit. ---------------------------------------------------------------------Update Information: An updated gedit package that fixes a file name format string vulnerability is now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team gEdit is a small text editor designed specifically for the GNOME GUI desktop. A file name format string vulnerability has been discovered in gEdit. It is possible for an attacker to create a file with a carefully crafted name which, when the file is opened, executes arbitrary instructions on a victim's machine. Although it is unlikely that a user would manually open a file with such a carefully crafted file name, a user could, for example, be tricked into opening such a file from within an email client. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-1686 to this issue. Users of gEdit should upgrade to this updated package, which contains a backported patch to correct this issue. ---------------------------------------------------------------------* Tue Jun 7 2005 Ray Strode 1:2.10.2-4 - Dont pass user inputas format specifiers to gtk_message_dialog_new (bug 159657). ---------------------------------------------------------------------This update can be downloaded from: 291c49505ea82dec5340de227d1203ec SRPMS/gedit-2.10.2-4.src.rpm 93fda2f09dec2e2fc6428d50bdc7d669 ppc/gedit-2.10.2-4.ppc.rpm 6e300eda8afb5264ebed2d58a52676cd ppc/gedit-devel-2.10.2-4.ppc.rpm 1e584bd71f8a898be0307527e57f4774 ppc/debug/gedit-debuginfo-2.10.2-4.ppc.rpm d5236c9ad6c4fecef9ff43fc388c89ba x86_64/gedit-2.10.2-4.x86_64.rpm 08e1a0e684d3a6746b4ce6451d6b2b3d x86_64/gedit-devel-2.10.2-4.x86_64.rpm ff2961c1627c57a8390a38377525ae5b x86_64/debug/gedit-debuginfo-2.10.2-4.x86_64.rpm 4feaa7449692b5c33ab38d2e7304f236 i386/gedit-2.10.2-4.i386.rpm be814fb7204f079767960071ca248ff7 i386/gedit-devel-2.10.2-4.i386.rpm 271dc9d8beacf6e5121d7497aa0a02c1 i386/debug/gedit-debuginfo-2.10.2-4.i386.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. ---------------------------------------------------------------------Thanks go to Bernd Bartmann for reminding me to send this announcement out. Sorry for the delay. Ray Strode --fedora-announce-list mailing list
Jun 27, 2005
Fedora
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!