Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 1 articles for you...
202
security advisorysecurity updatelow severityopenSUSE Leap 42.3: 2019:0061-1 Low Severity: libunwind Off-By-One
An update that solves one vulnerability and has one errata is now available.. openSUSE Security Update: Security update for libunwind ______________________________________________________________________________ Announcement ID: openSUSE-SU-2019:0061-1 Rating: low References: #1122012 #936786 Cross-References: CVE-2015-3239 Affected Products: openSUSE Leap 42.3 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for libunwind fixes one minor security issue and one bug. The following security issue was fixed: - CVE-2015-3239: off-by-one error that could be triggered when reading untrusted binaries (boo#936786) The following packaging bug was fixed: - boo#1122012: The 32 bit were not generated on Leap 42.3 Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 42.3: zypper in -t patch openSUSE-2019-61=1 Package List: - openSUSE Leap 42.3 (i586 x86_64): libunwind-1.1-15.3.1 libunwind-debuginfo-1.1-15.3.1 libunwind-debugsource-1.1-15.3.1 libunwind-devel-1.1-15.3.1 - openSUSE Leap 42.3 (x86_64): libunwind-32bit-1.1-15.3.1 libunwind-debuginfo-32bit-1.1-15.3.1 References: https://www.suse.com/security/cve/CVE-2015-3239.html https://bugzilla.suse.com/1122012 https://bugzilla.suse.com/936786 -- . openSUSE Security Update: Security update for libunwind ____________________________________________. update, solves, vulnerability, errata, opensuse, security, updat. . Severity: Low. LinuxSecurity.com Team
Jan 18, 2019
•Low
OpenSUSE
198
security advisoryDenial of ServiceArch LinuxArch Linux ASA-201510-1 Low Risk: Libunwind Denial Of Service
The package libunwind before version 1.1-3 is vulnerable to denial of service due to an off-by-one error. . Arch Linux Security Advisory ASA-201510-1 ======================================== Severity: Low Date : 2015-10-05 CVE-ID : CVE-2015-3239 Package : libunwind Type : denial of service Remote : No Link : https://wiki.archlinux.org/title/CVE Summary ====== The package libunwind before version 1.1-3 is vulnerable to denial of service due to an off-by-one error. Resolution ========= Upgrade to 1.1-3. # pacman -Syu "libunwind> =1.1-3" Workaround ========= None. Description ========== - CVE-2015-3239 (Unspecified Impact): Off-by-one error in the dwarf_to_unw_regnum function in include/dwarf_i.h in libunwind 1.1 allows local users to have unspecified impact via invalid dwarf opcodes. Impact ===== An attacker could crash the library. References ========= https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-3239 https://bugzilla.redhat.com/show_bug.cgi?id=1232265 https://bugs.archlinux.org/task/46474 . Fedora Security Advisory FSA-202310-7 identifies a minor severity vulnerability concerning systemd. Users are encouraged to apply updates.. Arch Linux Security, libunwind Denial of Service, CVE-2015-3239 Risk. . Severity: Low. LinuxSecurity.com Team
Oct 05, 2015
•Low
ArchLinux
98
security advisorysecurity updatelow severityRed Hat Enterprise Linux 6: RHSA-2015:1768 Low: libunwind Security Update
Updated libunwind packages that fix one security issue are now available for Red Hat Enterprise Linux OpenStack Platform 5.0 for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Low security. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Low: libunwind security update Advisory ID: RHSA-2015:1768-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://access.redhat.com/errata/RHSA-2015:1768.html Issue date: 2015-09-10 CVE Names: CVE-2015-3239 ==================================================================== 1. Summary: Updated libunwind packages that fix one security issue are now available for Red Hat Enterprise Linux OpenStack Platform 5.0 for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux OpenStack Platform 5.0 for RHEL 6 - x86_64 3. Description: Libunwind provides a C ABI to determine the call-chain of a program. An off-by-one array indexing error was found in the libunwind API, which could cause an error when reading untrusted binaries or dwarf debug info data. Red Hat products do not call the API in this way; and it is unlikely that any exploitable attack vector exists in current builds or supported usage. (CVE-2015-3239) This issue was discovered by Paolo Bonzini of Red Hat. All users of libunwind are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, referto: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1232265 - CVE-2015-3239 libunwind: off-by-one in dwarf_to_unw_regnum() 6. Package List: Red Hat Enterprise Linux OpenStack Platform 5.0 for RHEL 6: Source: libunwind-1.1-4.1.el6ost.src.rpm x86_64: libunwind-1.1-4.1.el6ost.x86_64.rpm libunwind-debuginfo-1.1-4.1.el6ost.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-3239 https://access.redhat.com/security/updates/classification/#low 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFV8fC0XlSAg2UNWIIRAiJPAJ9zsMQMgM34lS9eUyf9D0K4X0rL9QCfcTMX LdFtheAu17m2G54YX3sYW3M=GYbN -----END PGP SIGNATURE----- -- Enterprise-watch-list mailing list
Sep 10, 2015
•Low
Red Hat
98
security advisorysecurity updatered hatRed Hat OpenStack Platform: RHSA-2015:1769-01 Low Security Libunwind Issue
Updated libunwind packages that fix one security issue are now available for Red Hat Enterprise Linux OpenStack Platform 5.0 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Low security. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Low: libunwind security update Advisory ID: RHSA-2015:1769-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://access.redhat.com/errata/RHSA-2015:1769.html Issue date: 2015-09-10 CVE Names: CVE-2015-3239 ==================================================================== 1. Summary: Updated libunwind packages that fix one security issue are now available for Red Hat Enterprise Linux OpenStack Platform 5.0 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux OpenStack Platform 5.0 for RHEL 7 - x86_64 3. Description: Libunwind provides a C ABI to determine the call-chain of a program. An off-by-one array indexing error was found in the libunwind API, which could cause an error when reading untrusted binaries or dwarf debug info data. Red Hat products do not call the API in this way; and it is unlikely that any exploitable attack vector exists in current builds or supported usage. (CVE-2015-3239) This issue was discovered by Paolo Bonzini of Red Hat. All users of libunwind are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, referto: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1232265 - CVE-2015-3239 libunwind: off-by-one in dwarf_to_unw_regnum() 6. Package List: Red Hat Enterprise Linux OpenStack Platform 5.0 for RHEL 7: Source: libunwind-1.1-4.1.el7ost.src.rpm x86_64: libunwind-1.1-4.1.el7ost.x86_64.rpm libunwind-debuginfo-1.1-4.1.el7ost.x86_64.rpm libunwind-devel-1.1-4.1.el7ost.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-3239 https://access.redhat.com/security/updates/classification/#low 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFV8fDaXlSAg2UNWIIRAu2cAJ0bVBh0/PZmuR0LqvVs2d6fv8QU4gCfV1es IUqjA1rVQA50Wk0XYWb2TMk=4S0l -----END PGP SIGNATURE----- -- Enterprise-watch-list mailing list
Sep 10, 2015
•Low
Red Hat
98
security advisorysecurity issueRed HatRed Hat Advisory RHSA-2015:1769 Addresses Low-Level Libunwind Vulnerability
Updated libunwind packages that fix one security issue are now available for Red Hat Enterprise Linux OpenStack Platform 5.0 for Red Hat Enterprise Linux 7. [More...]. ==================================================================== Red Hat Security Advisory Synopsis: Low: libunwind security update Advisory ID: RHSA-2015:1769-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://access.redhat.com/errata/RHSA-2015:1769.html Issue date: 2015-09-10 CVE Names: CVE-2015-3239 ==================================================================== 1. Summary: Updated libunwind packages that fix one security issue are now available for Red Hat Enterprise Linux OpenStack Platform 5.0 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux OpenStack Platform 5.0 for RHEL 7 - x86_64 3. Description: Libunwind provides a C ABI to determine the call-chain of a program. An off-by-one array indexing error was found in the libunwind API, which could cause an error when reading untrusted binaries or dwarf debug info data. Red Hat products do not call the API in this way; and it is unlikely that any exploitable attack vector exists in current builds or supported usage. (CVE-2015-3239) This issue was discovered by Paolo Bonzini of Red Hat. All users of libunwind are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1232265 - CVE-2015-3239 libunwind:off-by-one in dwarf_to_unw_regnum() 6. Package List: Red Hat Enterprise Linux OpenStack Platform 5.0 for RHEL 7: Source: libunwind-1.1-4.1.el7ost.src.rpm x86_64: libunwind-1.1-4.1.el7ost.x86_64.rpm libunwind-debuginfo-1.1-4.1.el7ost.x86_64.rpm libunwind-devel-1.1-4.1.el7ost.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-3239 https://access.redhat.com/security/updates/classification/#low 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. . Oracle unveils new patches for vulnerability remediation in Cloud Infrastructure 7.2, targeting a minor threat.. libunwind update, Red Hat security, OpenStack fix. . Severity: Low. LinuxSecurity.com Team
Sep 10, 2015
•Low
Red Hat
98
security advisorysecurity updateRed HatRed Hat 6 RHSA-2015:1768-01 Low Severity: Libunwind Off-By-One Issue
Updated libunwind packages that fix one security issue are now available for Red Hat Enterprise Linux OpenStack Platform 5.0 for Red Hat Enterprise Linux 6. [More...]. ==================================================================== Red Hat Security Advisory Synopsis: Low: libunwind security update Advisory ID: RHSA-2015:1768-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://access.redhat.com/errata/RHSA-2015:1768.html Issue date: 2015-09-10 CVE Names: CVE-2015-3239 ==================================================================== 1. Summary: Updated libunwind packages that fix one security issue are now available for Red Hat Enterprise Linux OpenStack Platform 5.0 for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux OpenStack Platform 5.0 for RHEL 6 - x86_64 3. Description: Libunwind provides a C ABI to determine the call-chain of a program. An off-by-one array indexing error was found in the libunwind API, which could cause an error when reading untrusted binaries or dwarf debug info data. Red Hat products do not call the API in this way; and it is unlikely that any exploitable attack vector exists in current builds or supported usage. (CVE-2015-3239) This issue was discovered by Paolo Bonzini of Red Hat. All users of libunwind are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1232265 - CVE-2015-3239 libunwind:off-by-one in dwarf_to_unw_regnum() 6. Package List: Red Hat Enterprise Linux OpenStack Platform 5.0 for RHEL 6: Source: libunwind-1.1-4.1.el6ost.src.rpm x86_64: libunwind-1.1-4.1.el6ost.x86_64.rpm libunwind-debuginfo-1.1-4.1.el6ost.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-3239 https://access.redhat.com/security/updates/classification/#low 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. . The advisory from Red Hat concerns a minor libunwind modification for RHEL 6, rectifying an off-by-one mistake within the API.. Red Hat, Libunwind Update, OpenStack Security. . Severity: Low. LinuxSecurity.com Team
Sep 10, 2015
•Low
Red Hat
98
security advisoryred hatsecurity fixRed Hat: RHSA-2015-1675-01 Low: Libunwind Security Flaw Fix
Updated libunwind packages that fix a security flaw are now available for Red Hat Enterprise Linux OpenStack Platform 6.0. Red Hat Product Security has rated this update as having Low security impact. Common Vulnerability Scoring System (CVSS) base scores, which give. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Low: libunwind security update Advisory ID: RHSA-2015:1675-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://access.redhat.com/errata/RHSA-2015:1675.html Issue date: 2015-08-24 CVE Names: CVE-2015-3239 ==================================================================== 1. Summary: Updated libunwind packages that fix a security flaw are now available for Red Hat Enterprise Linux OpenStack Platform 6.0. Red Hat Product Security has rated this update as having Low security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux OpenStack Platform 6.0 for RHEL 7 - x86_64 3. Description: Libunwind provides a C ABI to determine the call-chain of a program. An off by one array indexing error was found in libunwind. It is unlikely that any exploitable attack vector exists in current builds or supported usage. (CVE-2015-3239) This issue was discovered by Paolo Bonzini of Red Hat. All users of libunwind are advised to upgrade to these updated packages, which correct this issue. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1232265 - CVE-2015-3239 libunwind: off-by-one in dwarf_to_unw_regnum() 6.Package List: Red Hat Enterprise Linux OpenStack Platform 6.0 for RHEL 7: Source: libunwind-1.1-4.1.el7ost.src.rpm x86_64: libunwind-1.1-4.1.el7ost.x86_64.rpm libunwind-debuginfo-1.1-4.1.el7ost.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-3239 https://access.redhat.com/security/updates/classification/#low 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFV23zcXlSAg2UNWIIRAvYsAJ9ye9xmfwm5nlFL5KgQD7eD3Zsi8QCfXGo5 bW0Lt5R9PTLikHX2uuxqZZk=gtzW -----END PGP SIGNATURE----- -- Enterprise-watch-list mailing list
Aug 24, 2015
•Low
Red Hat
98
security advisorysecurity updatelow severityRed Hat OpenStack 6.0: RHSA-2015:1675-01 Low: Libunwind Security Fix
Updated libunwind packages that fix a security flaw are now available for Red Hat Enterprise Linux OpenStack Platform 6.0. Red Hat Product Security has rated this update as having Low security [More...]. ==================================================================== Red Hat Security Advisory Synopsis: Low: libunwind security update Advisory ID: RHSA-2015:1675-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://access.redhat.com/errata/RHSA-2015:1675.html Issue date: 2015-08-24 CVE Names: CVE-2015-3239 ==================================================================== 1. Summary: Updated libunwind packages that fix a security flaw are now available for Red Hat Enterprise Linux OpenStack Platform 6.0. Red Hat Product Security has rated this update as having Low security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux OpenStack Platform 6.0 for RHEL 7 - x86_64 3. Description: Libunwind provides a C ABI to determine the call-chain of a program. An off by one array indexing error was found in libunwind. It is unlikely that any exploitable attack vector exists in current builds or supported usage. (CVE-2015-3239) This issue was discovered by Paolo Bonzini of Red Hat. All users of libunwind are advised to upgrade to these updated packages, which correct this issue. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1232265 - CVE-2015-3239 libunwind: off-by-one in dwarf_to_unw_regnum() 6. Package List: Red Hat Enterprise Linux OpenStack Platform 6.0 for RHEL7: Source: libunwind-1.1-4.1.el7ost.src.rpm x86_64: libunwind-1.1-4.1.el7ost.x86_64.rpm libunwind-debuginfo-1.1-4.1.el7ost.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-3239 https://access.redhat.com/security/updates/classification/#low 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. . Enhanced libunwind packages address a vulnerability in Red Hat OpenStack Platform 6.0, carrying minimal security implications alongside a published advisory.. libunwind Update, Red Hat Advisory, OpenStack Fix. . Severity: Low. LinuxSecurity.com Team
Aug 24, 2015
•Low
Red Hat
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!