Alerts This Week
Warning Icon 1 659
Alerts This Week
Warning Icon 1 659

Stay Secure with the Latest Linux Advisories

Debianlts Large Esm H800
Debian LTS

Debian Dovecot High Severity Service Disruption Info Leak Flaw DLA-4617-1

Calendar White Jun 05, 2026
Important
Debianlts Large Esm H900
Debian LTS

Debian 11 gsasl Critical DoS Threat Advisory DLA-4618-1 CVE-2026-48829

Calendar White Jun 05, 2026
Critical
Suse Large Esm H900
SuSE

SUSE MozillaThunderbird Important Memory Safety Fix Advisory 2026-2271-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H800
SuSE

SUSE Linux Micro 6.0 Ignition Key HTTP Transport Loop Patch 2026-21987-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro 6.0 Important Libzypp Libsolv Security Update 2026-21988-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Google-Guest-Agent Important Security Update 2026-21989-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H800
SuSE

SUSE Linux Micro Important Salt Multi-Linux Manager Vuln 2026-21990-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro Critical Ignition Patch CVE-2026-33814

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro 6.1 Security Update for libzypp libsolv Key 2026-21992-1

Calendar White Jun 05, 2026
Important
Filter Icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found -5 articles for you...
91
Ls Advisories Gentoo Esm H240
Price Tag 1security advisorygentoobuffer overflow

Gentoo: GLSA-200903-31 Normal: libcdaudio Remote Code Execution Risk

A vulnerability in libcdaudio might allow for the remote execution of arbitrary code.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200903-31 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: libcdaudio: User-assisted execution of arbitrary code Date: March 17, 2009 Bugs: #245649 ID: 200903-31 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= A vulnerability in libcdaudio might allow for the remote execution of arbitrary code. Background ========= libcdaudio is a library of CD audio related routines. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 media-libs/libcdaudio < 0.99.12-r1 > = 0.99.12-r1 Description ========== A heap-based buffer overflow has been reported in the cddb_read_disc_data() function in cddb.c when processing overly long CDDB data. Impact ===== A remote attacker could entice a user to connect to a malicious CDDB server, possibly resulting in the remote execution of arbitrary code with the privileges of the user running the application. Workaround ========= There is no known workaround at this time. Resolution ========= All libcdaudio users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =media-libs/libcdaudio-0.99.12-r1" References ========= [ 1 ] CVE-2008-5030 https://www.cve.org/CVERecord?id=CVE-2008-5030 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/200903-31 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to This email address is being protected from spambots. You need JavaScript enabled to view it. or alternatively, you may file a bug at https://bugs.gentoo.org/. License ====== Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5/ . The Red Hat advisory RHSA-2021:1522 concerns OpenSSL vulnerabilities that could permit unauthorized access through SSL applications.. libcdaudio, remote execution, gentoo advisory, buffer overflow. . LinuxSecurity.com Team

Calendar 2 Mar 17, 2009 Gentoo
89
Ls Advisories Fedora Esm H240
Price Tag 1security advisorybuffer overflowFedora

Fedora 9 2008-11956 Moderate: libcdaudio Buffer Overflow Threat

This update fixes a potential buffer overflow caused by large amount of CDDB replies (CVE-2005-0706).. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2008-11956 2008-12-30 22:34:22 --------------------------------------------------------------------------------Name : libcdaudio Product : Fedora 9 Version : 0.99.12p2 Release : 11.fc9 URL : Summary : Control operation of a CD-ROM when playing audio CDs Description : libcdaudio is a library designed to provide functions to control operation of a CD-ROM when playing audio CDs. It also contains functions for CDDB and CD Index lookup. --------------------------------------------------------------------------------Update Information: This update fixes a potential buffer overflow caused by large amount of CDDB replies (CVE-2005-0706). --------------------------------------------------------------------------------ChangeLog: * Sat Dec 27 2008 Axel Thimm - 0.99.12p2-11 - Fix CVE-2005-0706. * Wed May 21 2008 Tom "spot" Callaway - 0.99.12p2-10 - took COPYING out of doc (it is simply wrong) - fixed license tag --------------------------------------------------------------------------------References: [ 1 ] Bug #470552 - CVE-2005-0706 grip,libcdaudio: buffer overflow caused by large amount of CDDB replies https://bugzilla.redhat.com/show_bug.cgi?id=470552 --------------------------------------------------------------------------------This update can be installed with the "yum" update program. Use su -c 'yum update libcdaudio' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ Fedora-package-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./ . A patch addresses a heap-based overflow flaw in libcdaudio version 0.99.12p2 for Fedora 9 systems.. libcdaudio Update,Fedora 9,Buffer Overflow Fix,Security Patch. . Severity: Important. LinuxSecurity.com Team

Calendar 2 Feb 04, 2009 Important Fedora
Banner 1 1028x280 1708121660 1771599717
87
Ls Advisories Debian Esm H240
Price Tag 1security advisorydebianarbitrary code execution

Debian: DSA-1666-1 Severe: libxmp Memory Corruption Warning

It was discovered that a heap overflow in the CDDB retrieval code of libcdaudio, a library for controlling a CD-ROM when playing audio CDs, may result in the execution of arbitrary code.. - ------------------------------------------------------------------------Debian Security Advisory DSA-1665-1 This email address is being protected from spambots. You need JavaScript enabled to view it. http://www.debian.org/security/ Moritz Muehlenhoff November 12, 2008 http://www.debian.org/security/faq - ------------------------------------------------------------------------Package : libcdaudio Vulnerability : heap overflow Problem type : local(remote) Debian-specific: no CVE Id(s) : CVE-2008-5030 It was discovered that a heap overflow in the CDDB retrieval code of libcdaudio, a library for controlling a CD-ROM when playing audio CDs, may result in the execution of arbitrary code. For the stable distribution (etch), this problem has been fixed in version 0.99.12p2-2+etch1. A package for hppa will be provided later. For the upcoming stable distribution (lenny) and the unstable distribution (sid), this problem has been fixed in version 0.99.12p2-7. We recommend that you upgrade your libcdaudio packages. Upgrade instructions - --------------------wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - -------------------------------Stable updates are available for alpha, amd64, arm, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: Size/MD5 checksum: 637 4edcf130e77084b440f551d9a9afdc3a Size/MD5 checksum: 17703 6e523c81ea161401162d39d981e27cf2 Size/MD5 checksum: 356047 15de3830b751818a54a42899bd3ae72c alpha architecture (DEC Alpha) Size/MD5 checksum: 53334 1dc4587c71e25acb6b2dfd305de703e2 Size/MD5 checksum: 70916 83fa3fc0e729bba0a3319745960dc81a amd64 architecture (AMD x86_64 (AMD64)) Size/MD5 checksum: 46040 a75b35f50ad88e2b1ee36d0a3266406a Size/MD5 checksum: 50674 7baf7f19121adeb98bb2a0afacf7cf27 arm architecture (ARM) Size/MD5 checksum: 43132 ff9d61d012abc44a459eac7350cfb46a Size/MD5 checksum: 46664 3e023f637034444d6b8217bff8867f77 i386 architecture (Intel ia32) Size/MD5 checksum: 44708 87710ccd10182a65bae04f90071e56a1 Size/MD5 checksum: 46326 601bdafb162a116affa4111e3322caed ia64 architecture (Intel ia64) Size/MD5 checksum: 64314 65aa3e3f94daad3963d28214c4f36e7d Size/MD5 checksum: 73338 3ac92a48b4c0e7ac41b3307453a5ffcc mips architecture (MIPS (Big Endian)) Size/MD5 checksum: 56370 1539c8ca203536ef7199144c8ad95855 Size/MD5 checksum: 44942 25f255285e3fea6dc44f8e0637f54b84 mipsel architecture (MIPS (Little Endian)) Size/MD5 checksum: 56114 3e94f1d9586cfac7b25bc3b5f7dd604d Size/MD5 checksum: 45066 8323996086dd5a88a0877b6047fc9163 powerpc architecture (PowerPC) Size/MD5 checksum: 51406 f34b4f764921545c487bdde8f7af47ed Size/MD5 checksum: 46432 3f65b0704dbb59ff502376d84ba58be3 s390 architecture (IBM S/390) Size/MD5 checksum: 50238 c1bbc7d605a19ca7d806a81a3dd605f7 Size/MD5 checksum: 47156 6cb47c376172882afcd25f75387025e6 sparc architecture (Sun SPARC/UltraSPARC) Size/MD5 checksum: 46930 15e80ffff1a35904512d088476a99a50 Size/MD5 checksum: 42532 fff8099843f655f50c9caab7ebbcbad7 These files will probably be moved into the stable distribution on its next update. - ---------------------------------------------------------------------------------For apt-get: deb https://www.debian.org/security/stable/updates main For dpkg-ftp: dists/stable/updates/main Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . Critical vulnerability remediation implemented in libspeex package. Immediate upgrade advised for improved protection.. heap Overflow, libcdaudio, code Exploit, security Patch. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Nov 12, 2008 Critical Debian
91
Ls Advisories Gentoo Esm H240
Price Tag 1security advisorygentoobuffer overflow

Gentoo: 200504-07 Update: GnomeVFS and libcdaudio Critical Buffer Overrun

The GnomeVFS and libcdaudio libraries contain a buffer overflow that can be triggered by a large CDDB response, potentially allowing the execution of arbitrary code. [More...]. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200504-07 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: GnomeVFS, libcdaudio: CDDB response overflow Date: April 08, 2005 Bugs: #84936 ID: 200504-07 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= The GnomeVFS and libcdaudio libraries contain a buffer overflow that can be triggered by a large CDDB response, potentially allowing the execution of arbitrary code. Background ========= GnomeVFS is a filesystem abstraction library for the GNOME desktop environment. libcdaudio is a multi-platform CD player development library. They both include code to query CDDB servers to get Audio CD track titles. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 gnome-base/gnome-vfs < 2.8.4-r1 > = 2.8.4-r1 2 media-libs/libcdaudio < 0.99.10-r1 > = 0.99.10-r1 ------------------------------------------------------------------- 2 affected packages on all of their supported architectures. ------------------------------------------------------------------- Description ========== Joseph VanAndel has discovered a buffer overflow in Grip when processing large CDDB results (see GLSA 200503-21). The same overflow is present in GnomeVFS and libcdaudio code. Impact ===== A malicious CDDB server could causeapplications making use of GnomeVFS or libcdaudio libraries to crash, potentially allowing the execution of arbitrary code with the privileges of the user running the application. Workaround ========= There is no known workaround at this time. Resolution ========= All GnomeVFS users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =gnome-base/gnome-vfs-2.8.4-r1" All libcdaudio users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =media-libs/libcdaudio-0.99.10-r1" References ========= [ 1 ] CAN-2005-0706 https://www.cve.org/CVERecord?id=CVE-CAN-2005-0706 [ 2 ] GLSA 200503-21 https://security.gentoo.org/glsa/200503-21 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/200504-07 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to This email address is being protected from spambots. You need JavaScript enabled to view it. or alternatively, you may file a bug at https://bugs.gentoo.org/. License ====== Copyright 2005 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.0/ . GnomeVFS and libcdaudio experience a medium-level security risk due to a buffer overflow vulnerability that may allow for unauthorized code execution.. buffer overflow,GnomeVFS,libcdaudio,Gentoo Linux,security advisory. . LinuxSecurity.com Team

Calendar 2 Apr 08, 2005 Gentoo
Banner 1 1028x280 1708121660 1771599717
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200

Search Topics

Your message here