Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 10 articles for you...
91
security advisoryGentoohigh severityGentoo: GLSA-202501-07 High: libgsf arbitrary execution risk
Multiple vulnerabilities have been discovered in libgsf, the worst of which can lead to arbitrary code execution.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202501-07 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: libgsf: Multiple Vulnerabilities Date: January 23, 2025 Bugs: #940777 ID: 202501-07 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been discovered in libgsf, the worst of which can lead to arbitrary code execution. Background ========== The GNOME Structured File Library is an I/O library that can read and write common file types and handle structured formats that provide file- system-in-a-file semantics. Affected packages ================= Package Vulnerable Unaffected ------------------ ------------ ------------ gnome-extra/libgsf < 1.14.53 > = 1.14.53 Description =========== Multiple vulnerabilities have been discovered in libgsf. Please review the CVE identifiers referenced below for details. Impact ====== Please review the referenced CVE identifiers for details. Workaround ========== There is no known workaround at this time. Resolution ========== All libgsf users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =gnome-extra/libgsf-1.14.53" References ========== [ 1 ] CVE-2024-36474 https://nvd.nist.gov/vuln/detail/CVE-2024-36474 [ 2 ] CVE-2024-42415 https://nvd.nist.gov/vuln/detail/CVE-2024-42415 [ 3 ] TALOS-2024-2068 [ 4 ] TALOS-2024-2069 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202501-07 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to
Jan 23, 2025
Gentoo
100
security advisorysoftware updateimportantSUSE Linux 15: 2024:3922-1 important: libgsf integer overflow
* bsc#1231282 * bsc#1231283 Cross-References: * CVE-2024-36474 . # Security update for libgsf Announcement ID: SUSE-SU-2024:3922-1 Release Date: 2024-11-06T10:12:34Z Rating: important References: * bsc#1231282 * bsc#1231283 Cross-References: * CVE-2024-36474 * CVE-2024-42415 CVSS scores: * CVE-2024-36474 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-36474 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2024-36474 ( NVD ): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2024-36474 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2024-42415 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-42415 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2024-42415 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2024-42415 ( NVD ): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * Desktop Applications Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Workstation Extension 15 SP5 An update that solves two vulnerabilities can now be installed. ## Description: This update for libgsf fixes the following issues: * CVE-2024-42415, CVE-2024-36474: Fixed integer overflows affecting memory allocation (bsc#1231282,bsc#1231283). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2024-3922=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2024-3922=1 * Desktop Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP5-2024-3922=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2024-3922=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2024-3922=1 * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 zypper in -t patch SUSE-SLE-Product-SLED-15-SP4-LTSS-2024-3922=1 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3922=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2024-3922=1 * SUSE Linux Enterprise Workstation Extension 15 SP5 zypper in -t patch SUSE-SLE-Product-WE-15-SP5-2024-3922=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * libgsf-tools-1.14.50-150400.3.6.1 * libgsf-1-114-1.14.50-150400.3.6.1 * typelib-1_0-Gsf-1-1.14.50-150400.3.6.1 * gsf-office-thumbnailer-debuginfo-1.14.50-150400.3.6.1 * libgsf-1-114-debuginfo-1.14.50-150400.3.6.1 * libgsf-tools-debuginfo-1.14.50-150400.3.6.1 * libgsf-devel-1.14.50-150400.3.6.1 * libgsf-debugsource-1.14.50-150400.3.6.1 * gsf-office-thumbnailer-1.14.50-150400.3.6.1 * openSUSE Leap 15.4 (x86_64) * libgsf-1-114-32bit-1.14.50-150400.3.6.1 * libgsf-1-114-32bit-debuginfo-1.14.50-150400.3.6.1 * openSUSE Leap 15.4 (noarch) * libgsf-lang-1.14.50-150400.3.6.1 * openSUSE Leap 15.4 (aarch64_ilp32) *libgsf-1-114-64bit-1.14.50-150400.3.6.1 * libgsf-1-114-64bit-debuginfo-1.14.50-150400.3.6.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * libgsf-tools-1.14.50-150400.3.6.1 * libgsf-1-114-1.14.50-150400.3.6.1 * typelib-1_0-Gsf-1-1.14.50-150400.3.6.1 * gsf-office-thumbnailer-debuginfo-1.14.50-150400.3.6.1 * libgsf-1-114-debuginfo-1.14.50-150400.3.6.1 * libgsf-tools-debuginfo-1.14.50-150400.3.6.1 * libgsf-devel-1.14.50-150400.3.6.1 * libgsf-debugsource-1.14.50-150400.3.6.1 * gsf-office-thumbnailer-1.14.50-150400.3.6.1 * openSUSE Leap 15.5 (x86_64) * libgsf-1-114-32bit-1.14.50-150400.3.6.1 * libgsf-1-114-32bit-debuginfo-1.14.50-150400.3.6.1 * openSUSE Leap 15.5 (noarch) * libgsf-lang-1.14.50-150400.3.6.1 * Desktop Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64) * libgsf-1-114-1.14.50-150400.3.6.1 * libgsf-1-114-debuginfo-1.14.50-150400.3.6.1 * libgsf-debugsource-1.14.50-150400.3.6.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * libgsf-1-114-1.14.50-150400.3.6.1 * libgsf-1-114-debuginfo-1.14.50-150400.3.6.1 * libgsf-debugsource-1.14.50-150400.3.6.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * libgsf-1-114-1.14.50-150400.3.6.1 * libgsf-1-114-debuginfo-1.14.50-150400.3.6.1 * libgsf-debugsource-1.14.50-150400.3.6.1 * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (x86_64) * libgsf-1-114-1.14.50-150400.3.6.1 * typelib-1_0-Gsf-1-1.14.50-150400.3.6.1 * libgsf-1-114-debuginfo-1.14.50-150400.3.6.1 * libgsf-devel-1.14.50-150400.3.6.1 * libgsf-debugsource-1.14.50-150400.3.6.1 * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (noarch) * libgsf-lang-1.14.50-150400.3.6.1 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (aarch64 ppc64le s390x x86_64) * libgsf-1-114-1.14.50-150400.3.6.1 * libgsf-1-114-debuginfo-1.14.50-150400.3.6.1 * libgsf-debugsource-1.14.50-150400.3.6.1 * SUSELinux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * libgsf-1-114-1.14.50-150400.3.6.1 * libgsf-1-114-debuginfo-1.14.50-150400.3.6.1 * libgsf-debugsource-1.14.50-150400.3.6.1 * SUSE Linux Enterprise Workstation Extension 15 SP5 (x86_64) * typelib-1_0-Gsf-1-1.14.50-150400.3.6.1 * libgsf-devel-1.14.50-150400.3.6.1 * libgsf-debugsource-1.14.50-150400.3.6.1 * SUSE Linux Enterprise Workstation Extension 15 SP5 (noarch) * libgsf-lang-1.14.50-150400.3.6.1 ## References: * https://www.suse.com/security/cve/CVE-2024-36474.html * https://www.suse.com/security/cve/CVE-2024-42415.html * https://bugzilla.suse.com/show_bug.cgi?id=1231282 * https://bugzilla.suse.com/show_bug.cgi?id=1231283 . Critical patch released for libgsf targeting buffer overflow vulnerabilities. Promptly apply updates on SUSE Linux environments.. libgsf Security Update,SUSE Linux Integer Overflow,Software Patch 2024. . Severity: Important. LinuxSecurity.com Team
Nov 06, 2024
•Important
SuSE
100
security advisorypatchimportantSUSE: 2024:3920-1 important: libgsf integer overflow fixes
* bsc#1231282 * bsc#1231283 Cross-References: * CVE-2024-36474 . # Security update for libgsf Announcement ID: SUSE-SU-2024:3920-1 Release Date: 2024-11-06T10:11:30Z Rating: important References: * bsc#1231282 * bsc#1231283 Cross-References: * CVE-2024-36474 * CVE-2024-42415 CVSS scores: * CVE-2024-36474 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-36474 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2024-36474 ( NVD ): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2024-36474 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2024-42415 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-42415 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2024-42415 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2024-42415 ( NVD ): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * Desktop Applications Module 15-SP6 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Workstation Extension 15 SP6 An update that solves two vulnerabilities can now be installed. ## Description: This update for libgsf fixes the following issues: * CVE-2024-42415, CVE-2024-36474: Fixed integer overflows affecting memory allocation (bsc#1231282, bsc#1231283). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2024-3920=1 openSUSE-SLE-15.6-2024-3920=1 * Desktop Applications Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP6-2024-3920=1 * SUSE Linux Enterprise WorkstationExtension 15 SP6 zypper in -t patch SUSE-SLE-Product-WE-15-SP6-2024-3920=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * libgsf-debuginfo-1.14.51-150600.4.3.1 * typelib-1_0-Gsf-1-1.14.51-150600.4.3.1 * libgsf-1-114-debuginfo-1.14.51-150600.4.3.1 * libgsf-tools-1.14.51-150600.4.3.1 * libgsf-debugsource-1.14.51-150600.4.3.1 * gsf-office-thumbnailer-debuginfo-1.14.51-150600.4.3.1 * libgsf-devel-1.14.51-150600.4.3.1 * gsf-office-thumbnailer-1.14.51-150600.4.3.1 * libgsf-1-114-1.14.51-150600.4.3.1 * libgsf-tools-debuginfo-1.14.51-150600.4.3.1 * openSUSE Leap 15.6 (noarch) * libgsf-lang-1.14.51-150600.4.3.1 * Desktop Applications Module 15-SP6 (aarch64 ppc64le s390x x86_64) * libgsf-debuginfo-1.14.51-150600.4.3.1 * libgsf-1-114-1.14.51-150600.4.3.1 * libgsf-1-114-debuginfo-1.14.51-150600.4.3.1 * libgsf-debugsource-1.14.51-150600.4.3.1 * SUSE Linux Enterprise Workstation Extension 15 SP6 (x86_64) * libgsf-debuginfo-1.14.51-150600.4.3.1 * typelib-1_0-Gsf-1-1.14.51-150600.4.3.1 * libgsf-devel-1.14.51-150600.4.3.1 * libgsf-debugsource-1.14.51-150600.4.3.1 * SUSE Linux Enterprise Workstation Extension 15 SP6 (noarch) * libgsf-lang-1.14.51-150600.4.3.1 ## References: * https://www.suse.com/security/cve/CVE-2024-36474.html * https://www.suse.com/security/cve/CVE-2024-42415.html * https://bugzilla.suse.com/show_bug.cgi?id=1231282 * https://bugzilla.suse.com/show_bug.cgi?id=1231283 . Crucial SUSE patches for libgsf address integer overflow vulnerabilities and bolster security across various impacted systems.. libgsf, security update, integer overflow, SUSE products, memory issue. . Severity: Important. LinuxSecurity.com Team
Nov 06, 2024
•Important
SuSE
100
security advisoryimportantinteger overflowSUSE: 2024:3921-1 important: libgsf integer overflow security update
* bsc#1231282 * bsc#1231283 Cross-References: * CVE-2024-36474 . # Security update for libgsf Announcement ID: SUSE-SU-2024:3921-1 Release Date: 2024-11-06T10:11:57Z Rating: important References: * bsc#1231282 * bsc#1231283 Cross-References: * CVE-2024-36474 * CVE-2024-42415 CVSS scores: * CVE-2024-36474 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-36474 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2024-36474 ( NVD ): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2024-36474 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2024-42415 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-42415 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2024-42415 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2024-42415 ( NVD ): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 An update that solves two vulnerabilities can now be installed. ## Description: This update for libgsf fixes the following issues: * CVE-2024-42415, CVE-2024-36474: Fixed integer overflows affecting memory allocation (bsc#1231282, bsc#1231283). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run thecommand listed for your product: * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2024-3921=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2024-3921=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2024-3921=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2024-3921=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2024-3921=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2024-3921=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2024-3921=1 ## Package List: * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * libgsf-debugsource-1.14.46-150200.3.3.1 * libgsf-1-114-1.14.46-150200.3.3.1 * libgsf-1-114-debuginfo-1.14.46-150200.3.3.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * libgsf-debugsource-1.14.46-150200.3.3.1 * libgsf-1-114-1.14.46-150200.3.3.1 * libgsf-1-114-debuginfo-1.14.46-150200.3.3.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * libgsf-debugsource-1.14.46-150200.3.3.1 * libgsf-1-114-1.14.46-150200.3.3.1 * libgsf-1-114-debuginfo-1.14.46-150200.3.3.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * libgsf-debugsource-1.14.46-150200.3.3.1 * libgsf-1-114-1.14.46-150200.3.3.1 * libgsf-1-114-debuginfo-1.14.46-150200.3.3.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * libgsf-debugsource-1.14.46-150200.3.3.1 * libgsf-1-114-1.14.46-150200.3.3.1 * libgsf-1-114-debuginfo-1.14.46-150200.3.3.1 *SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * libgsf-debugsource-1.14.46-150200.3.3.1 * libgsf-1-114-1.14.46-150200.3.3.1 * libgsf-1-114-debuginfo-1.14.46-150200.3.3.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * libgsf-debugsource-1.14.46-150200.3.3.1 * libgsf-1-114-1.14.46-150200.3.3.1 * libgsf-1-114-debuginfo-1.14.46-150200.3.3.1 ## References: * https://www.suse.com/security/cve/CVE-2024-36474.html * https://www.suse.com/security/cve/CVE-2024-42415.html * https://bugzilla.suse.com/show_bug.cgi?id=1231282 * https://bugzilla.suse.com/show_bug.cgi?id=1231283 . Major security patch released for libgsf tackling two significant vulnerabilities. Discover details in the advisory along with guidance for installation.. SUSE Linux, libgsf update, integer overflow fix, security patch, memory issues. . Severity: Important. LinuxSecurity.com Team
Nov 06, 2024
•Important
SuSE
100
security advisorybuffer overflowheap overflowSUSE 12 SP5: 2024:3770-1 important: libgsf buffer overflow advisory
* bsc#1014609 * bsc#1231282 * bsc#1231283 Cross-References: . # Security update for libgsf Announcement ID: SUSE-SU-2024:3770-1 Release Date: 2024-10-29T12:55:17Z Rating: important References: * bsc#1014609 * bsc#1231282 * bsc#1231283 Cross-References: * CVE-2016-9888 * CVE-2024-36474 * CVE-2024-42415 CVSS scores: * CVE-2016-9888 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2024-36474 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-36474 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2024-36474 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2024-36474 ( NVD ): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2024-42415 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-42415 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2024-42415 ( NVD ): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2024-42415 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS 12-SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security 12-SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves three vulnerabilities can now be installed. ## Description: This update for libgsf fixes the following issues: * CVE-2016-9888: Fixed null pointer dereference with corrupted tar files (bsc#1014609) * CVE-2024-36474: Fixed out-of-bounds index when processing a directory via an integer overflow in the compound document binary file format parser (bsc#1231282) * CVE-2024-42415: Fixed heap-based buffer overflow when processing the sector allocation table via an integer overflow in the compound document binary file format parser (bsc#1231283) ## Patch Instructions: To installthis SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP5 LTSS 12-SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-2024-3770=1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security 12-SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2024-3770=1 ## Package List: * SUSE Linux Enterprise Server 12 SP5 LTSS 12-SP5 (aarch64 ppc64le s390x x86_64) * libgsf-1-114-debuginfo-1.14.40-8.3.1 * libgsf-debugsource-1.14.40-8.3.1 * libgsf-1-114-1.14.40-8.3.1 * SUSE Linux Enterprise Server 12 SP5 LTSS 12-SP5 (noarch) * libgsf-lang-1.14.40-8.3.1 * SUSE Linux Enterprise Server 12 SP5 LTSS 12-SP5 (s390x x86_64) * libgsf-1-114-debuginfo-32bit-1.14.40-8.3.1 * libgsf-1-114-32bit-1.14.40-8.3.1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security 12-SP5 (x86_64) * libgsf-1-114-debuginfo-1.14.40-8.3.1 * libgsf-1-114-debuginfo-32bit-1.14.40-8.3.1 * libgsf-1-114-1.14.40-8.3.1 * libgsf-debugsource-1.14.40-8.3.1 * libgsf-1-114-32bit-1.14.40-8.3.1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security 12-SP5 (noarch) * libgsf-lang-1.14.40-8.3.1 ## References: * https://www.suse.com/security/cve/CVE-2016-9888.html * https://www.suse.com/security/cve/CVE-2024-36474.html * https://www.suse.com/security/cve/CVE-2024-42415.html * https://bugzilla.suse.com/show_bug.cgi?id=1014609 * https://bugzilla.suse.com/show_bug.cgi?id=1231282 * https://bugzilla.suse.com/show_bug.cgi?id=1231283 . Critical security patch for libgsf resolves various vulnerabilities affecting SUSE platforms. Ensure to implement the required updates.. libgsf, security advisory, SUSE updates, buffer overflow, patch management. . Severity: Important. LinuxSecurity.com Team
Oct 29, 2024
•Important
SuSE
172
security advisorysecurity issuecriticalUbuntu 24.10: USN-7062-2 critical: libgsf remote execution
libgsf could be made to run programs as your login if it opened a specially crafted file.. ========================================================================== Ubuntu Security Notice USN-7062-2 October 21, 2024 libgsf vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 24.10 Summary: libgsf could be made to run programs as your login if it opened a specially crafted file. Software Description: - libgsf: GObject introspection data for the Structured File Library Details: USN-7062-1 fixed vulnerabilities in libgsf. This update provides the corresponding updates for Ubuntu 24.10. Original advisory details: It was discovered that libgsf incorrectly handled certain Compound Document Binary files. If a user or automated system were tricked into opening a specially crafted file, a remote attacker could possibly use this issue to execute arbitrary code. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 24.10 libgsf-1-114 1.14.52-1ubuntu0.1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-7062-2 https://ubuntu.com/security/notices/USN-7062-1 CVE-2024-36474, CVE-2024-42415 Package Information: . Ubuntu Security Notice USN-7063-1 tackles vulnerabilities in libjpeg, providing essential patches for Ubuntu 24.10 users.. libgsf security, ubuntu update, remote code execution, software vulnerabilities, security notice. . Severity: Critical. LinuxSecurity.com Team
Oct 21, 2024
•Critical
Ubuntu
89
security advisoryFedoraupdate informationFedora 41: FEDORA-2024-ff08c2b41a moderate: libgsf memory issue
Fixes for memory vulnerabilities.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2024-ff08c2b41a 2024-10-15 00:15:42.652959 -------------------------------------------------------------------------------- Name : libgsf Product : Fedora 41 Version : 1.14.53 Release : 1.fc41 URL : Summary : GNOME Structured File library Description : A library for reading and writing structured files (e.g. MS OLE and Zip) -------------------------------------------------------------------------------- Update Information: Fixes for memory vulnerabilities. -------------------------------------------------------------------------------- ChangeLog: * Fri Oct 11 2024 Gwyn Ciesla - 1.14.53-1 - 1.14.53 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2317953 - (CVE-2024-42415) - CVE-2024-42415 libgsf: Compound Document Binary File Sector Allocation Table integer overflow vulnerability https://bugzilla.redhat.com/show_bug.cgi?id=2317953 [ 2 ] Bug #2317954 - (CVE-2024-36474) - CVE-2024-36474 libgsf: Compound Document Binary File Directory integer overflow vulnerability https://bugzilla.redhat.com/show_bug.cgi?id=2317954 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-ff08c2b41a' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list
Oct 15, 2024
Fedora
172
security advisorycriticalremote code executionUbuntu 24.04: USN-7062-1 critical: libgsf remote code execution risk
libgsf could be made to run programs as your login if it opened a specially crafted file.. ========================================================================== Ubuntu Security Notice USN-7062-1 October 10, 2024 libgsf vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS Summary: libgsf could be made to run programs as your login if it opened a specially crafted file. Software Description: - libgsf: GObject introspection data for the Structured File Library Details: It was discovered that libgsf incorrectly handled certain Compound Document Binary files. If a user or automated system were tricked into opening a specially crafted file, a remote attacker could possibly use this issue to execute arbitrary code. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 24.04 LTS libgsf-1-114 1.14.51-2ubuntu0.1 Ubuntu 22.04 LTS libgsf-1-114 1.14.47-1ubuntu0.1 Ubuntu 20.04 LTS libgsf-1-114 1.14.46-1ubuntu0.1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-7062-1 CVE-2024-36474, CVE-2024-42415 Package Information: https://launchpad.net/ubuntu/+source/libgsf/1.14.51-2ubuntu0.1 https://launchpad.net/ubuntu/+source/libgsf/1.14.47-1ubuntu0.1 https://launchpad.net/ubuntu/+source/libgsf/1.14.46-1ubuntu0.1 . Weaknesses in Libgsf impact Ubuntu systems, enabling malicious code execution through specifically designed files.. libgsf Security Update, Ubuntu 20.04, Ubuntu 22.04, Ubuntu 24.04, program execution flaw. . Severity: Critical. LinuxSecurity.com Team
Oct 10, 2024
•Critical
Ubuntu
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!