Alerts This Week
Warning Icon 1 525
Alerts This Week
Warning Icon 1 525

Stay Secure with the Latest Linux Advisories

Fedora Large Esm H800
Fedora

Fedora 43 hplip Major Update Addressing Possible Arbitrary Code Execution

Calendar White Jun 02, 2026
Important
Oracle Large Esm H900
Oracle

Oracle Linux 8 Important Kernel Security Advisory ELSA-2026-21706

Calendar White Jun 02, 2026
Important
Oracle Large Esm H900
Oracle

Oracle Linux 8 httpd Important Denial of Service Vuln ELSA-2026-22140

Calendar White Jun 02, 2026
Important
Oracle Large Esm H800
Oracle

Oracle Linux 8 ELSA-2026-22315 compat-openssl10 Moderate DoS Fix

Calendar White Jun 02, 2026
moderate
Oracle Large Esm H900
Oracle

Oracle Linux 8 gnutls Important Buffer Overflow Auth Bypass ELSA-2026-20611

Calendar White Jun 03, 2026
Important
Ubuntu Large Esm H900
Ubuntu

Ubuntu 20.04 LTS nginx Security Advisory for Critical DoS Vulnerabilities

Calendar White Jun 03, 2026
Critical
Ubuntu Large Esm H800
Ubuntu

Ubuntu 20.04 LTS MySQL Important Security Issues USN-8363-2

Calendar White Jun 03, 2026
Important
Ubuntu Large Esm H900
Ubuntu

Ubuntu 20.04 LTS GStreamer Base Significant DoS Attack Vulnerability Alert

Calendar White Jun 03, 2026
Important
Ubuntu Large Esm H900
Ubuntu

Ubuntu 26.04 LTS python-pip Moderate DoS Regression Fix USN-8344-3

Calendar White Jun 03, 2026
Important
Filter Icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found -6 articles for you...
87
Ls Advisories Debian Esm H240
Price Tag 1security advisorybuffer overflowdebian

Debian: 515-1 Moderate: LHA Buffer Overflows And Directory Traversal

Fixes multiple buffer overflows and multiple directory traversal vulnerabilities.. Debian Security Advisory DSA 515-1 This email address is being protected from spambots. You need JavaScript enabled to view it. Debian -- Security Information Matt Zimmerman June 5th, 2004 Debian -- Debian security FAQ - -------------------------------------------------------------------------- Package : lha Vulnerability : several Problem-Type : local Debian-specific: no CVE Ids : CAN-2004-0234 CAN-2004-0235 Two vulnerabilities were discovered in lha: - CAN-2004-0234 - Multiple stack-based buffer overflows in the get_header function in header.c for LHA 1.14 allow remote attackers or local users to execute arbitrary code via long directory or file names in an LHA archive, which triggers the overflow when testing or extracting the archive. - CAN-2004-0235 - Multiple directory traversal vulnerabilities in LHA 1.14 allow remote attackers or local users to create arbitrary files via an LHA archive containing filenames with (1) .. sequences or (2) absolute pathnames with double leading slashes ("//absolute/path"). For the current stable distribution (woody), these problems have been fixed in version 1.14i-2woody1. For the unstable distribution (sid), these problems have been fixed in version 1.14i-8. We recommend that you update your lha package. Upgrade Instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.0 alias woody - -------------------------------- Source archives: Size/MD5 checksum: 556 22b59156de011ddb84b0eaed4f174d2c Size/MD5 checksum: 21414 0f990fd920ea4770dd088a97c1c87f18 Size/MD5 checksum: 64196 10410742b0169f3357ef9a3f0f032037 Alpha architecture: Size/MD5 checksum: 64820 b7e55241026435e0c882178f6606f33b ARM architecture: Size/MD5 checksum: 55542 62be18e035d6faedb4d990f16081d74e Intel IA-32 architecture: Size/MD5 checksum: 50090 7548e83cb7049fe43243f804eb456ed7 Intel IA-64 architecture: Size/MD5 checksum: 73588 32e62b8fbd0cf2ef64d7838d005ef19e Motorola 680x0 architecture: Size/MD5 checksum: 48632 bd5ce2c34a44952abf757993153fe238 PowerPC architecture: Size/MD5 checksum: 55160 9d8225135b7c6abe443a4d0d4fc27245 IBM S/390 architecture: Size/MD5 checksum: 53930 02c5e52b834539a30bd76f2e90265fb8 Sun Sparc architecture: Size/MD5 checksum: 56526 8323a0469ef41c7fcf8b84c4b5f1a7ce These files will probably be moved into the stable distribution on its next revision. - --------------------------------------------------------------------------------- For apt-get: deb Debian -- Security Information stable/updates main For dpkg-ftp: dists/stable/updates/main Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. Package info: `apt-cache show ' and https://www.debian.org/distrib/packages . This security update for LHA in Debian addresses critical vulnerabilities, urging users to upgrade for better protection against exploits and risks.. Debian Security,LHA Update,Buffer Overflow Fix. . LinuxSecurity.com Team

Calendar 2 Jun 08, 2004 Debian
91
Ls Advisories Gentoo Esm H240
Price Tag 1security advisoryhigh severitygentoo

Gentoo: GLSA-200405-01 Critical: LHa Security Vulnerability Exposure

Two stack-based buffer overflows and two directory traversal problems have been found in LHa. These vulnerabilities can be used to execute arbitrary code or as a denial of service attack. [More...]. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200405-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: Multiple vulnerabilities in LHa Date: May 09, 2004 Bugs: #49961 ID: 200405-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Two stack-based buffer overflows and two directory traversal problems have been found in LHa. These vulnerabilities can be used to execute arbitrary code or as a denial of service attack. Background ========= LHa is a console-based program for packing and unpacking LHarc archives. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 app-arch/lha = 114i-r2 Description ========== Ulf Harnhammar found two stack overflows and two directory traversal vulnerabilities in LHa version 1.14 and 1.17. A stack overflow occurswhen testing or extracting archives containing long file or directory names. Furthermore, LHa doesn't contain sufficient protection against relative or absolute archive paths. Impact ===== The stack overflows can be exploited to execute arbitrary code with the rights of the user testing or extracting the archive. The directory traversal vulnerabilities can be used to overwrite files in the filesystem with the rights of the user extracting the archive, potentially leading todenial of service or privilege escalation. Since LHa is often interfaced to other software like an email virus scanner, this attack can be used remotely. Workaround ========= There is no known workaround at this time. All users are advised to upgrade to the latest available version of LHa. Resolution ========= All users of LHa should upgrade to the latest stable version: # emerge sync # emerge -pv "> =app-arch/lha-114i-r2" # emerge "> =app-arch/lha-114i-r2" References ========= [ 1 ] CAN-2004-0234 https://www.cve.org/CVERecord?id=CVE-CAN-2004-0234 [ 2 ] CAN-2004-0235 https://www.cve.org/CVERecord?id=CVE-CAN-2004-0235 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/200405-02 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to This email address is being protected from spambots. You need JavaScript enabled to view it. or alternatively, you may file a bug at https://bugs.gentoo.org/. License ====== Copyright 2004 Gentoo Technologies, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/1.0/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - iD8DBQFAnm0AvcL1obalX08RAmW1AKCMX56LupqZSWbF/FfwJcjM0aYVZQCaAtiP CwZqDSOo0VdmZWufjjM40co=+FA1 -----END PGP SIGNATURE----- . Numerous security flaws discovered in LHa may result in unauthorized code execution or service disruption. Updating is recommended.. LHa Vulnerabilities,Gentoo Security,Code Execution Risk,Buffer Overflow,Directory Traversal. . LinuxSecurity.com Team

Calendar 2 May 09, 2004 Gentoo
Banner 4 1028x280 1708121825 1771600306
99
Ls Advisories Slackware Esm H240
Price Tag 1security advisorymoderatebuffer overflow

Slackware: 2004-125-01 Moderate: Lha Directory Traversal Threat

New bin- packages are available for Slackware 8.1, 9.0, 9.1, and -current to fix buffer overflows and directory traversal vulnerabilities in the 'lha' archive utility. Sites using 'lha' should upgrade to the new bin package right away. . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] lha update in bin package (SSA:2004-125-01) New bin- packages are available for Slackware 8.1, 9.0, 9.1, and -current to fix buffer overflows and directory traversal vulnerabilities in the 'lha' archive utility. Sites using 'lha' should upgrade to the new bin package right away. More details about these issues may be found in the Common Vulnerabilities and Exposures (CVE) database: https://www.cve.org/CVERecord?id=CVE-CAN-2004-0234 https://www.cve.org/CVERecord?id=CVE-CAN-2004-0235 Here are the details from the Slackware 9.1 ChangeLog: +--------------------------+ Tue May 4 13:11:26 PDT 2004 patches/packages/bin-8.5.0-i486-2.tgz: Fixed buffer overflows and directory traversal vulnerabilities in the 'lha' archive utility. Sites using 'lha' should upgrade to the new bin package right away. For more details, see: https://www.cve.org/CVERecord?id=CVE-CAN-2004-0234 https://www.cve.org/CVERecord?id=CVE-CAN-2004-0235 (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Updated package for Slackware 8.1: ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/bin-8.3.0-i386-3.tgz Updated package for Slackware 9.0: ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/bin-8.5.0-i386-2.tgz Updated package for Slackware 9.1: ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/bin-8.5.0-i486-2.tgz Updated package for Slackware -current: MD5 signatures: +-------------+ Slackware 8.1 package: 3384ae4bc983d18ee003a8e2445b7879 bin-8.3.0-i386-3.tgz Slackware 9.0 package: 809e3c75d913a39e886f3a38a41e36f3 bin-8.5.0-i386-2.tgz Slackware 9.1 package: 3db010726fafe7112ff509bd6c1c2909 bin-8.5.0-i486-2.tgz Slackware -current package: 572f9835f4e2833688482ce866a7b7d4 bin-9.0.0-i486-2.tgz Installation instructions: +------------------------+ Upgrade the package as root: # upgradepkg bin-8.5.0-i486-2.tgz +-----+ . Immediate patch released for 'lha' within Slackware to tackle potential memory overflow and path traversal vulnerabilities.. Slackware Security Update, Buffer Overflow Fix, Archive Utility Update. . Severity: Important. LinuxSecurity.com Team

Calendar 2 May 04, 2004 Important Slackware
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200

Search Topics

Your message here