Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -5 articles for you...
172
security advisorycriticalDoSUbuntu 20.04 LTS USN-6220-1 High: libxml2 Memory Corruption Vulnerability
lib3mf could be made to execute arbitrary code if it opens a specially crafted 3MF file.. =========================================================================Ubuntu Security Notice USN-6216-1 July 11, 2023 lib3mf vulnerability ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.04 LTS Summary: lib3mf could be made to execute arbitrary code if it opens a specially crafted 3MF file. Software Description: - lib3mf: Lib3MF is a C++ implementation of the 3D Manufacturing Format Details: It was discovered that lib3mf did not properly manage memory under certain circumstances. If a user were tricked into opening a specially crafted 3MF file, a local attacker could possibly use this issue to cause applications using lib3mf to crash, resulting in a denial of service, or possibly execute arbitrary code. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS: lib3mf-dev 1.8.1+ds-3ubuntu0.2 lib3mf1 1.8.1+ds-3ubuntu0.2 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-6216-1 CVE-2021-21772 Package Information: https://launchpad.net/ubuntu/+source/lib3mf/1.8.1+ds-3ubuntu0.2 . Vulnerability identified in lib3mf on Ubuntu 20.04, allowing arbitrary code execution through specifically crafted 3MF files when accessed by various applications.. lib3mf,Ubuntu Security Notice,critical threat. . LinuxSecurity.com Team
Jul 12, 2023
Ubuntu
91
security advisorygentoosoftware updateFedora: FEDORA-202208-01 Moderate: Foreign Code Compromise in lib3mf
A vulnerability in lib3mf could lead to remote code execution.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202208-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: 3MF Consortium lib3mf: Remote code execution Date: August 04, 2022 Bugs: #775362 ID: 202208-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= A vulnerability in lib3mf could lead to remote code execution. Background ========= lib3mf is an implementation of the 3D Manufacturing Format file standard. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 media-libs/lib3mf < 2.1.1 > = 2.1.1 Description ========== Incorrect memory handling within lib3mf could result in a use-after- free. Impact ===== An attacker that can provide malicious input to an application using 3MF Consortium's lib3mf could achieve remote code execution. Workaround ========= There is no known workaround at this time. Resolution ========= All 3MF Consortium lib3mf users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =media-libs/lib3mf-2.1.1" References ========= [ 1 ] CVE-2021-21772 https://nvd.nist.gov/vuln/detail/CVE-2021-21772 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202208-01 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us.Any security concerns should be addressed to
Aug 04, 2022
Gentoo
203
security advisorysoftware updatecode executionMageia: 2021-0368 Moderate Risk: Lib3mf Code Execution Threat
A use-after-free vulnerability exists in the NMR::COpcPackageReader::releaseZIP() functionality of 3MF Consortium lib3mf 2.0.0. A specially crafted 3MF file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability (CVE-2021-21772). . MGASA-2021-0368 - Updated lib3mf packages fix security vulnerability Publication date: 25 Jul 2021 URL: https://advisories.mageia.org/MGASA-2021-0368.html Type: security Affected Mageia releases: 8 CVE: CVE-2021-21772 A use-after-free vulnerability exists in the NMR::COpcPackageReader::releaseZIP() functionality of 3MF Consortium lib3mf 2.0.0. A specially crafted 3MF file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability (CVE-2021-21772). A new package 'act' is introduced to build newer version of lib3mf. Also, openscad is rebuilt against this updated library. References: - https://bugs.mageia.org/show_bug.cgi?id=29018 - https://lists.fedoraproject.org/archives/list/
Jul 25, 2021
Mageia
87
security advisorymoderatesoftware updateDebian: DSA-4887-1 Moderate: Lib3MF Use-After-Free Code Execution Threat
A use-after-free was discovered in Lib3MF, a C++ implementation of the 3D Manufacturing Format, which could result in the execution of arbitrary code if a malformed file is opened. . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4887-1
Apr 08, 2021
Debian
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!