Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -2 articles for you...
91
security advisorydenial of servicegentooGentoo: 202201-05 Critical: Libcurl Buffer Overflow Vulnerability
A buffer overflow in ipmitool might allow remote attacker(s) to execute arbitrary code.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202101-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: ipmitool: Multiple vulnerabilities Date: January 10, 2021 Bugs: #708436 ID: 202101-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= A buffer overflow in ipmitool might allow remote attacker(s) to execute arbitrary code. Background ========= Utility for controlling IPMI enabled devices. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 sys-apps/ipmitool < 1.8.18_p20201004-r1> = 1.8.18_p20201004-r1 Description ========== Multiple vulnerabilities have been discovered in ipmiool. Please review the CVE identifiers referenced below for details. Impact ===== A remote attacker could possibly execute arbitrary code with the privileges of the process or cause a Denial of Service condition. Workaround ========= There is no known workaround at this time. Resolution ========= All ipmitool users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v "> =sys-apps/ipmitool-1.8.18_p20201004-r1" References ========= [ 1 ] CVE-2020-5208 https://nvd.nist.gov/vuln/detail/CVE-2020-5208 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202101-03 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and securityof our users' machines is of utmost importance to us. Any security concerns should be addressed to
Jan 10, 2021
•Critical
Gentoo
91
security advisoryprivilege escalationnormal severityGentoo: GLSA-201408-04 Normal: Catfish Privilege Escalation
Multiple vulnerabilities have been found in Catfish, allowing local attackers to escalate their privileges.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201408-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Catfish: Multiple Vulnerabilities Date: August 13, 2014 Bugs: #502536 ID: 201408-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Multiple vulnerabilities have been found in Catfish, allowing local attackers to escalate their privileges. Background ========= Catfish is a versatile file searching tool. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-util/catfish < 1.0.2 > = 1.0.2 Description ========== Multiple vulnerabilities have been discovered in Catfish. Please review the CVE identifiers referenced below for details. Impact ===== A local attacker could gain escalated privileges via a specially crafted shared library. Workaround ========= There is no known workaround at this time. Resolution ========= All Catfish users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =dev-util/catfish-1.0.2" References ========= [ 1 ] CVE-2014-2093 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2093 [ 2 ] CVE-2014-2094 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2094 [ 3 ] CVE-2014-2095 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2095 [ 4 ] CVE-2014-2096 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2096 Availability =========== This GLSA and any updatesto it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201408-04 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to
Aug 13, 2014
Gentoo
91
security advisorydenial of servicecommand injectionGentoo: GLSA-201110-25 Normal: Pure-FTPd Command Injection and DoS
Multiple vulnerabilities were found in Pure-FTPd allowing attackers to inject FTP commands or cause a Denial of Service.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201110-25 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Pure-FTPd: Multiple vulnerabilities Date: October 26, 2011 Bugs: #358375, #365751 ID: 201110-25 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Multiple vulnerabilities were found in Pure-FTPd allowing attackers to inject FTP commands or cause a Denial of Service. Background ========= Pure-FTPd is a fast, production-quality and standards-compliant FTP server. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-ftp/pure-ftpd < 1.0.32 > = 1.0.32 Description ========== Multiple vulnerabilities have been discovered in Pure-FTPd. Please review the CVE identifiers referenced below for details. Impact ===== Remote unauthenticated attackers may be able to inject FTP commands or cause a Denial of Service. Workaround ========= There is no known workaround at this time. Resolution ========= All pure-ftpd users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =net-ftp/pure-ftpd-1.0.32" NOTE: This is a legacy GLSA. Updates for all affected architectures are available since May 14, 2011. It is likely that your system is already no longer affected by this issue. References ========= [ 1 ] CVE-2011-0418 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0418 [ 2 ] CVE-2011-1575 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1575 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201110-25 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to
Oct 26, 2011
Gentoo
91
security advisoryhigh severitylocal executionGentoo: GLSA-201011-01 High: GNU C Library Local Execution Threat
Multiple vulnerabilities were found in glibc, the worst of which allowing local attackers to execute arbitrary code as root.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201011-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: GNU C library: Multiple vulnerabilities Date: November 15, 2010 Bugs: #285818, #325555, #330923, #335871, #341755 ID: 201011-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Multiple vulnerabilities were found in glibc, the worst of which allowing local attackers to execute arbitrary code as root. Background ========= The GNU C library is the standard C library used by Gentoo Linux systems. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 sys-libs/glibc < 2.11.2-r3 > = 2.11.2-r3 Description ========== Multiple vulnerabilities were found in glibc, amongst others the widely-known recent LD_AUDIT and $ORIGIN issues. For further information please consult the CVE entries referenced below. Impact ===== A local attacker could execute arbitrary code as root, cause a Denial of Service, or gain privileges. Additionally, a user-assisted remote attacker could cause the execution of arbitrary code, and a context-dependent attacker could cause a Denial of Service. Workaround ========= There is no known workaround at this time. Resolution ========= All GNU C library users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =sys-libs/glibc-2.11.2-r3" References ========= [ 1 ] CVE-2009-4880 https://www.cve.org/CVERecord?id=CVE-2009-4880 [ 2 ] CVE-2009-4881 https://www.cve.org/CVERecord?id=CVE-2009-4881 [ 3 ] CVE-2010-0296 https://www.cve.org/CVERecord?id=CVE-2010-0296 [ 4 ] CVE-2010-0830 https://www.cve.org/CVERecord?id=CVE-2010-0830 [ 5 ] CVE-2010-3847 https://www.cve.org/CVERecord?id=CVE-2010-3847 [ 6 ] CVE-2010-3856 https://www.cve.org/CVERecord?id=CVE-2010-3856 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201011-01 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to
Nov 15, 2010
Gentoo
91
security advisorycode executionnormal severityGentoo: GLSA-200805-11 Normal: Chicken Multiple Code Risks
Multiple vulnerabilities in Chicken could result in the execution of arbitrary code.. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200805-11 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Chicken: Multiple vulnerabilities Date: May 12, 2008 Bugs: #198979 ID: 200805-11 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Multiple vulnerabilities in Chicken could result in the execution of arbitrary code. Background ========= Chicken is a Scheme interpreter and native Scheme to C compiler. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-scheme/chicken < 3.1.0 > = 3.1.0 Description ========== Chicken includes a copy of PCRE which is vulnerable to multiple buffer overflows and memory corruption vulnerabilities (GLSA 200711-30). Impact ===== An attacker could entice a user to process specially crafted regular expressions with Chicken, which could possibly lead to the execution of arbitrary code, a Denial of Service or the disclosure of sensitive information. Workaround ========= There is no known workaround at this time. Resolution ========= All Chicken users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =dev-scheme/chicken-3.1.0" References ========= [ 1 ] GLSA 200711-30 https://security.gentoo.org/glsa/200711-30 Availability =========== This GLSA and any updates to it are available for viewing at the GentooSecurity Website: https://security.gentoo.org/glsa/200805-11 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to
May 12, 2008
Gentoo
91
security advisorydenial of servicenormal severityGentoo: GLSA-202309-15:03 Moderate: Explorers Internet Disruption Risk
The fixed ebuild proposed in the original version of this Security Advisory did not address all the vulnerabilities of the Pioneers package. All users of the Pioneers package should upgrade to games-board/pioneers-0.11.3-r1. [More...] [More...]. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory [ERRATA UPDATE] GLSA 200711-20:04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Pioneers: Multiple Denials of Service Date: November 14, 2007 Updated: November 29, 2007 Bugs: #198807 ID: 200711-20:04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Errata ===== The fixed ebuild proposed in the original version of this Security Advisory did not address all the vulnerabilities of the Pioneers package. All users of the Pioneers package should upgrade to games-board/pioneers-0.11.3-r1. The corrected sections appear below. Synopsis ======= Two Denial of Service vulnerabilities were discovered in Pioneers. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 games-board/pioneers < 0.11.3-r1 > = 0.11.3-r1 Description ========== Roland Clobus discovered that the Pioneers server may free sessions objects while they are still in use, resulting in access to invalid memory zones (CVE-2007-5933). Bas Wijnen discovered an error when closing connections which can lead to a failed assertion (CVE-2007-6010). Resolution ========= All Pioneers users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=games-board/pioneers-0.11.3-r1" References ========= [ 1 ] CVE-2007-5933 https://www.cve.org/CVERecord?id=CVE-2007-5933 [ 2 ] CVE-2007-6010 https://www.cve.org/CVERecord?id=CVE-2007-6010 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/200711-20 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to
Nov 29, 2007
Gentoo
91
security advisoryroot compromisenormal severityGentoo: GLSA-200408-15 Normal: Tomcat Insecure Installation Risk
Improper file ownership may allow a member of the tomcat group to execute scripts as root.. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200408-15 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Tomcat: Insecure Installation Date: August 15, 2004 Bugs: #59232 ID: 200408-15 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Improper file ownership may allow a member of the tomcat group to execute scripts as root. Background ========= Tomcat is the Apache Jakarta Project's official implementation of Java Servlets and Java Server Pages. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-www/tomcat < 5.0.27-r3 > = 5.0.27-r3 *> = 4.1.30-r4 *> = 3.3.2-r2 Description ========== The Gentoo ebuild for Tomcat sets the ownership of the Tomcat init scripts as tomcat:tomcat, but those scripts are executed with root privileges when the system is started. This may allow a member of the tomcat group to run arbitrary code with root privileges when the Tomcat init scripts are run. Impact ===== This could lead to a local privilege escalation or root compromise by authenticated users. Workaround ========= Users may change the ownership of /etc/init.d/tomcat* and /etc/conf.d/tomcat* to be root:root: # chown -R root:root /etc/init.d/tomcat* # chown -R root:root/etc/conf.d/tomcat* Resolution ========= All Tomcat users can upgrade to the latest stable version, or simply apply the workaround: # emerge sync # emerge -pv "> =net-www/tomcat-5.0.27-r3" # emerge "> =net-www/tomcat-5.0.27-r3" Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/200408-15 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to
Aug 15, 2004
Gentoo
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!