Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -5 articles for you...
172
security advisorymoderateDoSUbuntu 21.04 & 20.04 LTS USN-5097-1 Moderate: LedgerSMB DoS Risk
ledgersmb could be made to crash if it received specially crafted input.. =========================================================================Ubuntu Security Notice USN-5097-1 September 30, 2021 ledgersmb vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 21.04 - Ubuntu 20.04 LTS Summary: ledgersmb could be made to crash if it received specially crafted input. Software Description: - ledgersmb: financial accounting and ERP program Details: It was discovered that LedgerSMB incorrectly handled certain inputs. An attacker could use this to leak sensitive information, cause a DoS, or execute arbitrary code. (CVE-2021-3693, CVE-2021-3694, CVE-2021-3731) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 21.04: ledgersmb 1.6.9+ds-2ubuntu0.1 Ubuntu 20.04 LTS: ledgersmb 1.6.9+ds-1ubuntu0.1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-5097-1 CVE-2021-3693, CVE-2021-3694, CVE-2021-3731 Package Information: https://launchpad.net/ubuntu/+source/ledgersmb/1.6.9+ds-2ubuntu0.1 https://launchpad.net/ubuntu/+source/ledgersmb/1.6.9+ds-1ubuntu0.1 . Recent security flaws in LedgerSMB have uncovered a severe Denial of Service vulnerability that may cause system failures. Make sure to upgrade your Ubuntu installations to maintain security.. ledger, DoS threat, ubuntu 21.04, ubuntu 20.04, ledger vulnerabilities. . LinuxSecurity.com Team
Oct 04, 2021
Ubuntu
91
security advisorygentoocode executionGentoo: GLSA 202004-05 Normal: Ledger Code Execution Issue
Multiple vulnerabilities have been found in ledger, the worst of which could result in the arbitrary execution of code.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202004-05 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: ledger: Multiple vulnerabilities Date: April 01, 2020 Bugs: #627060 ID: 202004-05 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Multiple vulnerabilities have been found in ledger, the worst of which could result in the arbitrary execution of code. Background ========= Ledger is a powerful, double-entry accounting system that is accessed from the UNIX command-line. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 app-office/ledger < 3.1.2 > = 3.1.2 Description ========== Multiple vulnerabilities have been discovered in ledger. Please review the CVE identifiers referenced below for details. Impact ===== A remote attacker could entice a user to process a specially crafted file using ledger, possibly resulting in execution of arbitrary code with the privileges of the process or a Denial of Service condition. Workaround ========= There is no known workaround at this time. Resolution ========= All ledger users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =app-office/ledger-3.1.2" References ========= [ 1 ] CVE-2017-12481 https://nvd.nist.gov/vuln/detail/CVE-2017-12481 [ 2 ] CVE-2017-12482 https://nvd.nist.gov/vuln/detail/CVE-2017-12482 [ 3 ]CVE-2017-2807 https://nvd.nist.gov/vuln/detail/CVE-2017-2807 [ 4 ] CVE-2017-2808 https://nvd.nist.gov/vuln/detail/CVE-2017-2808 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202004-05 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to
Apr 01, 2020
Gentoo
202
security advisorymoderateupdateopenSUSE: 2019:1895-1 Moderate: Ledger Security Issues Update
An update that fixes four vulnerabilities is now available.. openSUSE Security Update: Security update for ledger ______________________________________________________________________________ Announcement ID: openSUSE-SU-2019:1895-1 Rating: moderate References: #1052478 #1052484 #1105084 Cross-References: CVE-2017-12481 CVE-2017-12482 CVE-2017-2807 CVE-2017-2808 Affected Products: openSUSE Backports SLE-15-SP1 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for ledger fixes the following issues: ledger was updated to 3.1.3: + Properly reject postings with a comment right after the flag (bug #1753) + Make sorting order of lot information deterministic (bug #1747) + Fix bug in tag value parsing (bug #1702) + Remove the org command, which was always a hack to begin with (bug #1706) + Provide Docker information in README + Various small documentation improvements This also includes the update to 3.1.2: + Increase maximum length for regex from 255 to 4095 (bug #981) + Initialize periods from from/since clause rather than earliest transaction date (bug #1159) + Check balance assertions against the amount after the posting (bug #1147) + Allow balance assertions with multiple posts to same account (bug #1187) + Fix period duration of "every X days" and similar statements (bug #370) + Make option --force-color not require --color anymore (bug #1109) + Add quoted_rfc4180 to allow CVS output with RFC 4180 compliant quoting. + Add support for --prepend-format in accounts command + Fix handling of edge cases in trim function (bug #520) + Fix auto xact posts not getting applied to account total during journal parse (bug #552) + Transfer null_post flags to generated postings + Fix segfault when using --market with --group-by + Use amount_width variable forbudget report + Keep pending items in budgets until the last day they apply + Fix bug where .total used in value expressions breaks totals + Make automated transactions work with assertions (bug #1127) + Improve parsing of date tokens (bug #1626) + Don't attempt to invert a value if it's already zero (bug #1703) + Do not parse user-specified init-file twice + Fix parsing issue of effective dates (bug #1722, TALOS-2017-0303, CVE-2017-2807) + Fix use-after-free issue with deferred postings (bug #1723, TALOS-2017-0304, CVE-2017-2808) + Fix possible stack overflow in option parsing routine (bug #1222, CVE-2017-12481) + Fix possible stack overflow in date parsing routine (bug #1224, CVE-2017-12482) + Fix use-after-free when using --gain (bug #541) + Python: Removed double quotes from Unicode values. + Python: Ensure that parse errors produce useful RuntimeErrors + Python: Expose journal expand_aliases + Python: Expose journal_t::register_account + Improve bash completion + Emacs Lisp files have been moved to https://github.com/ledger/ledger-mode + Various documentation improvements This update was imported from the openSUSE:Leap:15.0:Update update project. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP1: zypper in -t patch openSUSE-2019-1895=1 Package List: - openSUSE Backports SLE-15-SP1 (ppc64le s390x x86_64): ledger-3.1.3-bp151.4.3.1 References: https://www.suse.com/security/cve/CVE-2017-12481.html https://www.suse.com/security/cve/CVE-2017-12482.html https://www.suse.com/security/cve/CVE-2017-2807.html https://www.suse.com/security/cve/CVE-2017-2808.html https://bugzilla.suse.com/1052478 https://bugzilla.suse.com/1052484 https://bugzilla.suse.com/1105084 -- . This revisionaddresses three concerns in Ledger for openSUSE. Information regarding the amendment is provided.. openSUSE Update, ledger security, software fixes, system security adjustments. . LinuxSecurity.com Team
Aug 14, 2019
OpenSUSE
202
security advisorymoderateupdateopenSUSE: 2019:1779-1 Moderate Ledger Security Update Advisory
An update that fixes four vulnerabilities is now available.. openSUSE Security Update: Security update for ledger ______________________________________________________________________________ Announcement ID: openSUSE-SU-2019:1779-1 Rating: moderate References: #1052478 #1052484 #1105084 Cross-References: CVE-2017-12481 CVE-2017-12482 CVE-2017-2807 CVE-2017-2808 Affected Products: openSUSE Leap 15.1 openSUSE Leap 15.0 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for ledger fixes the following issues: ledger was updated to 3.1.3: + Properly reject postings with a comment right after the flag (bug #1753) + Make sorting order of lot information deterministic (bug #1747) + Fix bug in tag value parsing (bug #1702) + Remove the org command, which was always a hack to begin with (bug #1706) + Provide Docker information in README + Various small documentation improvements This also includes the update to 3.1.2: + Increase maximum length for regex from 255 to 4095 (bug #981) + Initialize periods from from/since clause rather than earliest transaction date (bug #1159) + Check balance assertions against the amount after the posting (bug #1147) + Allow balance assertions with multiple posts to same account (bug #1187) + Fix period duration of "every X days" and similar statements (bug #370) + Make option --force-color not require --color anymore (bug #1109) + Add quoted_rfc4180 to allow CVS output with RFC 4180 compliant quoting. + Add support for --prepend-format in accounts command + Fix handling of edge cases in trim function (bug #520) + Fix auto xact posts not getting applied to account total during journal parse (bug #552) + Transfer null_post flags to generated postings + Fix segfault when using --market with --group-by +Use amount_width variable for budget report + Keep pending items in budgets until the last day they apply + Fix bug where .total used in value expressions breaks totals + Make automated transactions work with assertions (bug #1127) + Improve parsing of date tokens (bug #1626) + Don't attempt to invert a value if it's already zero (bug #1703) + Do not parse user-specified init-file twice + Fix parsing issue of effective dates (bug #1722, TALOS-2017-0303, CVE-2017-2807) + Fix use-after-free issue with deferred postings (bug #1723, TALOS-2017-0304, CVE-2017-2808) + Fix possible stack overflow in option parsing routine (bug #1222, CVE-2017-12481) + Fix possible stack overflow in date parsing routine (bug #1224, CVE-2017-12482) + Fix use-after-free when using --gain (bug #541) + Python: Removed double quotes from Unicode values. + Python: Ensure that parse errors produce useful RuntimeErrors + Python: Expose journal expand_aliases + Python: Expose journal_t::register_account + Improve bash completion + Emacs Lisp files have been moved to https://github.com/ledger/ledger-mode + Various documentation improvements Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.1: zypper in -t patch openSUSE-2019-1779=1 - openSUSE Leap 15.0: zypper in -t patch openSUSE-2019-1779=1 Package List: - openSUSE Leap 15.1 (x86_64): ledger-3.1.3-lp151.3.3.1 ledger-debuginfo-3.1.3-lp151.3.3.1 ledger-debugsource-3.1.3-lp151.3.3.1 - openSUSE Leap 15.0 (x86_64): ledger-3.1.3-lp150.2.3.1 ledger-debuginfo-3.1.3-lp150.2.3.1 ledger-debugsource-3.1.3-lp150.2.3.1 References: https://www.suse.com/security/cve/CVE-2017-12481.html https://www.suse.com/security/cve/CVE-2017-12482.html https://www.suse.com/security/cve/CVE-2017-2807.html https://www.suse.com/security/cve/CVE-2017-2808.html https://bugzilla.suse.com/1052478 https://bugzilla.suse.com/1052484 https://bugzilla.suse.com/1105084 -- . Vital openSUSE patch for ledger addresses numerous vulnerabilities with comprehensive guidelines for deployment.. openSUSE update, ledger security, software fix, security advisory. . LinuxSecurity.com Team
Jul 21, 2019
OpenSUSE
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!