Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -2 articles for you...
202
security advisoryprivilege escalationcritical patchopenSUSE Leap 15.2 2021:0278-1 Critical: Docker Privilege Escalation
An update that solves three vulnerabilities and has 5 fixes is now available. . openSUSE Security Update: Security update for containerd, docker, docker-runc, golang-github-docker-libnetwork ______________________________________________________________________________ Announcement ID: openSUSE-SU-2021:0278-1 Rating: important References: #1174075 #1176708 #1178801 #1178969 #1180243 #1180401 #1181730 #1181732 Cross-References: CVE-2020-15257 CVE-2021-21284 CVE-2021-21285 CVSS scores: CVE-2020-15257 (NVD) : 5.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N CVE-2020-15257 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-21284 (NVD) : 6.8 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N CVE-2021-21284 (SUSE): 2.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:L/A:N CVE-2021-21285 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-21285 (SUSE): 5 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H Affected Products: openSUSE Leap 15.2 ______________________________________________________________________________ An update that solves three vulnerabilities and has 5 fixes is now available. Description: This update for containerd, docker, docker-runc, golang-github-docker-libnetwork fixes the following issues: Security issues fixed: - CVE-2020-15257: Fixed a privilege escalation in containerd (bsc#1178969). - CVE-2021-21284: potential privilege escalation when the root user in the remapped namespace has access to the host filesystem (bsc#1181732) - CVE-2021-21285: pulling a malformed Docker image manifest crashes the dockerd daemon (bsc#1181730) Non-security issues fixed: - Update Docker to 19.03.15-ce. See upstream changelog in the packaged /usr/share/doc/packages/docker/CHANGELOG.md. This update includes fixes for bsc#1181732(CVE-2021-21284) and bsc#1181730 (CVE-2021-21285). - Only apply the boo#1178801 libnetwork patch to handle firewalld on openSUSE. It appears that SLES doesn't like the patch. (bsc#1180401) - Update to containerd v1.3.9, which is needed for Docker v19.03.14-ce and fixes CVE-2020-15257. bsc#1180243 - Update to containerd v1.3.7, which is required for Docker 19.03.13-ce. bsc#1176708 - Update to Docker 19.03.14-ce. See upstream changelog in the packaged /usr/share/doc/packages/docker/CHANGELOG.md. CVE-2020-15257 bsc#1180243 https://github.com/docker-archive/docker-ce/releases/tag/v19.03.14 - Enable fish-completion - Add a patch which makes Docker compatible with firewalld with nftables backend. Backport of https://github.com/moby/libnetwork/pull/2548 (bsc#1178801, SLE-16460) - Update to Docker 19.03.13-ce. See upstream changelog in the packaged /usr/share/doc/packages/docker/CHANGELOG.md. bsc#1176708 - Fixes for %_libexecdir changing to /usr/libexec (bsc#1174075) - Emergency fix: %requires_eq does not work with provide symbols, only effective package names. Convert back to regular Requires. - Update to Docker 19.03.12-ce. See upstream changelog in the packaged /usr/share/doc/packages/docker/CHANGELOG.md. - Use Go 1.13 instead of Go 1.14 because Go 1.14 can cause all sorts of spurrious errors due to Go returning -EINTR from I/O syscalls much more often (due to Go 1.14's pre-emptive goroutine support). - Add BuildRequires for all -git dependencies so that we catch missing dependencies much more quickly. - Update to libnetwork 55e924b8a842, which is required for Docker 19.03.14-ce. bsc#1180243 - Add patch which makes libnetwork compatible with firewalld with nftables backend. Backport of https://github.com/moby/libnetwork/pull/2548 (bsc#1178801, SLE-16460) This update was imported from the SUSE:SLE-15:Update update project. Patch Instructions: To install this openSUSE SecurityUpdate use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.2: zypper in -t patch openSUSE-2021-278=1 Package List: - openSUSE Leap 15.2 (x86_64): containerd-1.3.9-lp152.2.3.1 containerd-ctr-1.3.9-lp152.2.3.1 docker-19.03.15_ce-lp152.2.3.1 docker-debuginfo-19.03.15_ce-lp152.2.3.1 docker-libnetwork-0.7.0.1+gitr2908_55e924b8a842-lp152.2.3.1 docker-libnetwork-debuginfo-0.7.0.1+gitr2908_55e924b8a842-lp152.2.3.1 docker-runc-1.0.0rc10+gitr3981_dc9208a3303f-lp152.2.3.1 docker-runc-debuginfo-1.0.0rc10+gitr3981_dc9208a3303f-lp152.2.3.1 docker-test-19.03.15_ce-lp152.2.3.1 docker-test-debuginfo-19.03.15_ce-lp152.2.3.1 fish-2.7.1-lp152.5.3.1 fish-debuginfo-2.7.1-lp152.5.3.1 fish-debugsource-2.7.1-lp152.5.3.1 fish-devel-2.7.1-lp152.5.3.1 golang-github-docker-libnetwork-0.7.0.1+gitr2908_55e924b8a842-lp152.2.3.1 - openSUSE Leap 15.2 (noarch): docker-bash-completion-19.03.15_ce-lp152.2.3.1 docker-fish-completion-19.03.15_ce-lp152.2.3.1 docker-zsh-completion-19.03.15_ce-lp152.2.3.1 References: https://www.suse.com/security/cve/CVE-2020-15257.html https://www.suse.com/security/cve/CVE-2021-21284.html https://www.suse.com/security/cve/CVE-2021-21285.html https://bugzilla.suse.com/1174075 https://bugzilla.suse.com/1176708 https://bugzilla.suse.com/1178801 https://bugzilla.suse.com/1178969 https://bugzilla.suse.com/1180243 https://bugzilla.suse.com/1180401 https://bugzilla.suse.com/1181730 https://bugzilla.suse.com/1181732 . Crucial Fedora update addresses significant Podman and Buildah vulnerabilities, improving overall safety and performance for users.. openSUSE update, critical Docker patch, containerd security, privilege escalation fix. . Severity: Critical. LinuxSecurity.com Team
Feb 12, 2021
•Critical
OpenSUSE
172
security advisorydenial of servicesecurity updateUbuntu: 4192-1 Moderate: ImageMagick Denial Of Service Risk
Several security issues were fixed in ImageMagick.. =========================================================================Ubuntu Security Notice USN-4192-1 November 14, 2019 imagemagick vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 19.10 - Ubuntu 19.04 - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS Summary: Several security issues were fixed in ImageMagick. Software Description: - imagemagick: Image manipulation programs and library Details: It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the program. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 19.10: imagemagick 8:6.9.10.23+dfsg-2.1ubuntu3.1 imagemagick-6.q16 8:6.9.10.23+dfsg-2.1ubuntu3.1 libmagick++-6.q16-8 8:6.9.10.23+dfsg-2.1ubuntu3.1 libmagickcore-6.q16-6 8:6.9.10.23+dfsg-2.1ubuntu3.1 libmagickcore-6.q16-6-extra 8:6.9.10.23+dfsg-2.1ubuntu3.1 Ubuntu 19.04: imagemagick 8:6.9.10.14+dfsg-7ubuntu2.3 imagemagick-6.q16 8:6.9.10.14+dfsg-7ubuntu2.3 libmagick++-6.q16-8 8:6.9.10.14+dfsg-7ubuntu2.3 libmagickcore-6.q16-6 8:6.9.10.14+dfsg-7ubuntu2.3 libmagickcore-6.q16-6-extra 8:6.9.10.14+dfsg-7ubuntu2.3 Ubuntu 18.04 LTS: imagemagick 8:6.9.7.4+dfsg-16ubuntu6.8 imagemagick-6.q16 8:6.9.7.4+dfsg-16ubuntu6.8 libmagick++-6.q16-7 8:6.9.7.4+dfsg-16ubuntu6.8 libmagickcore-6.q16-3 8:6.9.7.4+dfsg-16ubuntu6.8 libmagickcore-6.q16-3-extra 8:6.9.7.4+dfsg-16ubuntu6.8 Ubuntu 16.04 LTS: imagemagick 8:6.8.9.9-7ubuntu5.15 imagemagick-6.q16 8:6.8.9.9-7ubuntu5.15 libmagick++-6.q16-5v5 8:6.8.9.9-7ubuntu5.15 libmagickcore-6.q16-2 8:6.8.9.9-7ubuntu5.15 libmagickcore-6.q16-2-extra 8:6.8.9.9-7ubuntu5.15 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-4192-1 CVE-2019-12974, CVE-2019-12975, CVE-2019-12976, CVE-2019-12977, CVE-2019-12978, CVE-2019-12979, CVE-2019-13135, CVE-2019-13137, CVE-2019-13295, CVE-2019-13297, CVE-2019-13300, CVE-2019-13301, CVE-2019-13304, CVE-2019-13305, CVE-2019-13306, CVE-2019-13307, CVE-2019-13308, CVE-2019-13309, CVE-2019-13310, CVE-2019-13311, CVE-2019-13391, CVE-2019-13454, CVE-2019-14981, CVE-2019-15139, CVE-2019-15140, CVE-2019-16708, CVE-2019-16709, CVE-2019-16710, CVE-2019-16711, CVE-2019-16713 Package Information: https://launchpad.net/ubuntu/+source/imagemagick/8:6.9.10.23+dfsg-2.1ubuntu3.1 https://launchpad.net/ubuntu/+source/imagemagick/8:6.9.10.14+dfsg-7ubuntu2.3 https://launchpad.net/ubuntu/+source/imagemagick/8:6.9.7.4+dfsg-16ubuntu6.8 https://launchpad.net/ubuntu/+source/imagemagick/8:6.8.9.9-7ubuntu5.15 . Important vulnerabilities have been addressed in ImageMagick. Ensure you update your system promptly to reduce risks linked to Denial of Service or potential code execution threats.. ImageMagick Security Issues, Ubuntu Security Notice, Malformed Image Exploits. . LinuxSecurity.com Team
Nov 14, 2019
Ubuntu
172
security advisorydenial of serviceremote code executionUbuntu 18.10: USN-3906-1 Moderate: LibTIFF Remote Code Execution
LibTIFF could be made to crash or run programs as your login if it opened a specially crafted file.. =========================================================================Ubuntu Security Notice USN-3906-1 March 12, 2019 tiff vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 18.10 - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS Summary: LibTIFF could be made to crash or run programs as your login if it opened a specially crafted file. Software Description: - tiff: Tag Image File Format (TIFF) library Details: It was discovered that LibTIFF incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 18.10: libtiff-tools 4.0.9-6ubuntu0.2 libtiff5 4.0.9-6ubuntu0.2 Ubuntu 18.04 LTS: libtiff-tools 4.0.9-5ubuntu0.2 libtiff5 4.0.9-5ubuntu0.2 Ubuntu 16.04 LTS: libtiff-tools 4.0.6-1ubuntu0.6 libtiff5 4.0.6-1ubuntu0.6 Ubuntu 14.04 LTS: libtiff-tools 4.0.3-7ubuntu0.11 libtiff5 4.0.3-7ubuntu0.11 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-3906-1 CVE-2018-10779, CVE-2018-12900, CVE-2018-17000, CVE-2018-19210, CVE-2019-6128, CVE-2019-7663 Package Information: https://launchpad.net/ubuntu/+source/tiff/4.0.9-6ubuntu0.2 https://launchpad.net/ubuntu/+source/tiff/4.0.9-5ubuntu0.2 https://launchpad.net/ubuntu/+source/tiff/4.0.6-1ubuntu0.6 https://launchpad.net/ubuntu/+source/tiff/4.0.3-7ubuntu0.11 . =========================================================================Ubuntu Security Notice USN-. libtiff, crash, programs, login, opened, specially, crafted. . Severity: Important. LinuxSecurity.com Team
Mar 12, 2019
•Important
Ubuntu
172
security advisorydenial of servicesoftware updateUbuntu 14.04 LTS: USN-2205-2 Security: LibTIFF Image Vulnerabilities
LibTIFF could be made to crash or run programs as your login if it opened a specially crafted file.. =========================================================================Ubuntu Security Notice USN-2205-1 May 06, 2014 tiff vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 14.04 LTS - Ubuntu 13.10 - Ubuntu 12.10 - Ubuntu 12.04 LTS - Ubuntu 10.04 LTS Summary: LibTIFF could be made to crash or run programs as your login if it opened a specially crafted file. Software Description: - tiff: Tag Image File Format (TIFF) library Details: Pedro Ribeiro discovered that LibTIFF incorrectly handled certain malformed images when using the gif2tiff tool. If a user or automated system were tricked into opening a specially crafted GIF image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges. This issue only affected Ubuntu 10.04 LTS, Ubunu 12.04 LTS, Ubuntu 12.10 and Ubuntu 13.10. (CVE-2013-4231) Pedro Ribeiro discovered that LibTIFF incorrectly handled certain malformed images when using the tiff2pdf tool. If a user or automated system were tricked into opening a specially crafted TIFF image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges. This issue only affected Ubuntu 10.04 LTS, Ubunu 12.04 LTS, Ubuntu 12.10 and Ubuntu 13.10. (CVE-2013-4232) Murray McAllister discovered that LibTIFF incorrectly handled certain malformed images when using the gif2tiff tool. If a user or automated system were tricked into opening a specially crafted GIF image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges. (CVE-2013-4243) Huzaifa Sidhpurwala discovered that LibTIFF incorrectly handled certain malformedimages when using the gif2tiff tool. If a user or automated system were tricked into opening a specially crafted GIF image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges. This issue only affected Ubuntu 10.04 LTS, Ubunu 12.04 LTS, Ubuntu 12.10 and Ubuntu 13.10. (CVE-2013-4244) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 LTS: libtiff5 4.0.3-7ubuntu0.1 Ubuntu 13.10: libtiff5 4.0.2-4ubuntu3.1 Ubuntu 12.10: libtiff5 4.0.2-1ubuntu2.3 Ubuntu 12.04 LTS: libtiff4 3.9.5-2ubuntu1.6 Ubuntu 10.04 LTS: libtiff4 3.9.2-2ubuntu0.14 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-2205-1 CVE-2013-4231, CVE-2013-4232, CVE-2013-4243, CVE-2013-4244 Package Information: https://launchpad.net/ubuntu/+source/tiff/4.0.3-7ubuntu0.1 https://launchpad.net/ubuntu/+source/tiff/4.0.2-4ubuntu3.1 https://launchpad.net/ubuntu/+source/tiff/4.0.2-1ubuntu2.3 https://launchpad.net/ubuntu/+source/tiff/3.9.5-2ubuntu1.6 https://launchpad.net/ubuntu/+source/tiff/3.9.2-2ubuntu0.14 . Recent weaknesses in LibTIFF for Ubuntu might allow application failures or unauthorized execution of code via specially designed image files.. LibTIFF Exploits, Ubuntu Security Notice, Image File Format Issues. . Severity: Important. LinuxSecurity.com Team
May 06, 2014
•Important
Ubuntu
172
security advisorydenial of servicecode executionUbuntu 960-1: Severe DoS And Code Execution Issues In Libpng
It was discovered that libpng did not properly handle certain malformed PNG images. If a user or automated system were tricked into opening a crafted PNG file, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2010-1205) [More...]. ==========================================================Ubuntu Security Notice USN-960-1 July 08, 2010 libpng vulnerabilities CVE-2010-1205, CVE-2010-2249 ========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 8.04 LTS Ubuntu 9.04 Ubuntu 9.10 Ubuntu 10.04 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: libpng12-0 1.2.8rel-5ubuntu0.6 Ubuntu 8.04 LTS: libpng12-0 1.2.15~beta5-3ubuntu0.3 Ubuntu 9.04: libpng12-0 1.2.27-2ubuntu2.2 Ubuntu 9.10: libpng12-0 1.2.37-1ubuntu0.2 Ubuntu 10.04 LTS: libpng12-0 1.2.42-1ubuntu2.1 After a standard system update you need to reboot your computer to make all the necessary changes. Details follow: It was discovered that libpng did not properly handle certain malformed PNG images. If a user or automated system were tricked into opening a crafted PNG file, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2010-1205) It was discovered that libpng did not properly handle certain malformed PNG images. If a user or automated system were tricked into processing a crafted PNG image, an attacker could possibly use this flaw to consume all available resources, resulting in a denial of service. (CVE-2010-2249) Updated packages for Ubuntu 6.06 LTS: Sourcearchives: Size/MD5: 24044 8979ca6b113137fe5ee051c1c70571eb Size/MD5: 661 92722fa973e92a99f982fe05b5826adf Size/MD5: 510681 cac1512878fb98f2456df6dc50bc9bc7 Architecture independent packages: Size/MD5: 842 dcbc7d24c8426e3b3024859ec157f57e amd64 architecture (Athlon64, Opteron, EM64T Xeon): Size/MD5: 114528 aea355e99e67b76c9464f8cc49b3560d Size/MD5: 247576 f0e52e10a663f9b1b04d9371d4a2cf14 Size/MD5: 69504 6536e83152b2cf00d0d961b9b095c2d5 i386 architecture (x86 compatible Intel/AMD): Size/MD5: 112048 b8f85cc6154602422a8841a5cad1a4a1 Size/MD5: 239628 fb6f6e62a9fa6114c50946c74cb2ed5d Size/MD5: 66946 501acb21d567d62608904e4272ff842d powerpc architecture (Apple Macintosh G3/G4/G5): Size/MD5: 111648 19cccb12fb968f40f04068b9da24f589 Size/MD5: 245230 ebdbfc860056170b7a165479d7905bb3 Size/MD5: 66458 24e918a95770150b4df72530bd6de095 sparc architecture (Sun SPARC/UltraSPARC): Size/MD5: 109156 510d17affd2c0cf3f5dce5379df57d49 Size/MD5: 240072 1ff11e0649a58bc7b809c86941aaafd7 Size/MD5: 63882 d7df02c540e66a536cbffca5d02645d5 Updated packages for Ubuntu 8.04 LTS: Source archives: Size/MD5: 22755 f5c0ba19b04eba8264ebb6b30c5617d6 Size/MD5: 832 d08a82b28411baa0184d3b8231fd8b61 Size/MD5: 829038 77ca14fcee1f1f4daaaa28123bd0b22d Architecture independent packages: Size/MD5: 940 7344fa4e61880636b014525f6e6482a1 amd64 architecture (Athlon64, Opteron, EM64T Xeon): Size/MD5: 190186 01f82b2b967c5212e834dd57c12c1a7c Size/MD5: 179752 c26e243dd21f5dd10b478c0415215c1c Size/MD5: 70534 5f7628d9b644ae953c515d18f7de9980 i386 architecture (x86 compatible Intel/AMD): Size/MD5: 188782 51354007cca0796218e3aaeba6142c41 Size/MD5: 171216b7a092ef2f5955b380adc015bfae6c81 Size/MD5: 69082 7612cd438ddfaab236de5f342f709b66 lpia architecture (Low Power Intel Architecture): Size/MD5: 189664 4825baf36c5d14b5066d548aaf050866 Size/MD5: 172962 b16b496d6553fbf28523147617011b95 Size/MD5: 70020 61f5d75c4435333ef586677a07d49915 powerpc architecture (Apple Macintosh G3/G4/G5): Size/MD5: 190300 8ac6e4c1efb73de848d5bc5457093e7a Size/MD5: 179166 d92637edf805d7d673a4440b2605dc57 Size/MD5: 70604 adf25dd26d85725ab3c74c4a80a7a541 sparc architecture (Sun SPARC/UltraSPARC): Size/MD5: 185622 ef3cf5486afe387d09bf05106893b371 Size/MD5: 173422 4b2f3476b423a3c5c31ee0738bfb4458 Size/MD5: 65928 ab5ac0b24d618dc432d1763a0e50ebda Updated packages for Ubuntu 9.04: Source archives: Size/MD5: 176459 b2f27af9534f3c5b9a120680cd41ce7c Size/MD5: 1296 b66efe2157ab6f3dad6e57b4fe9dbf13 Size/MD5: 783204 13a0de401db1972a8e68f47d5bdadd13 Architecture independent packages: Size/MD5: 932 1c66e49e2b875fa40c5556c19d076508 amd64 architecture (Athlon64, Opteron, EM64T Xeon): Size/MD5: 72852 a1bbcffd25c3ec87cbdf86be154962fc Size/MD5: 168576 9f40f2846c21aa5835f53ab6895ec5cf Size/MD5: 255784 d9060ad287e40ded1848b79284abbcc0 i386 architecture (x86 compatible Intel/AMD): Size/MD5: 71102 c18134055d747d066b60218b69e99d45 Size/MD5: 166904 e8151a3f79f0fff6d98bbb0675621594 Size/MD5: 247922 ae8412d1c420f1dd63cb436382cad51f lpia architecture (Low Power Intel Architecture): Size/MD5: 71488 5179307ffe74c10515e61503e647606f Size/MD5: 167370 dd07d7a09484eb7711da5cd874099abe Size/MD5: 248872 a34333b123f4d12e7872868111942cbd powerpc architecture (Apple Macintosh G3/G4/G5): Size/MD5: 71674 f742f2771d94ca29746906c1177d657d Size/MD5: 167514 478378fde5c7fd14fbffa1be072aa21c Size/MD5: 254642 ba3f255f4346a4483c5410d55acaac65 sparc architecture (Sun SPARC/UltraSPARC): Size/MD5: 66670 ee067298bc51471f06bcf1a74b557310 Size/MD5: 162336 ab167dcdbbd930a3d976af0ad57cbac2 Size/MD5: 248428 8b96f4ff4f0ad8e366ed4475d3890948 Updated packages for Ubuntu 9.10: Source archives: Size/MD5: 20129 f230ec37944a0150ffc83cfdddc7c906 Size/MD5: 1293 fce0b2fd543aeff27d47fb91f12af053 Size/MD5: 805380 7480dbbf9f6c3297faf6fe52ec9b91ab Architecture independent packages: Size/MD5: 932 cee669d58ac9660e1fe71cf9e2eeda9d amd64 architecture (Athlon64, Opteron, EM64T Xeon): Size/MD5: 73938 15bb328beed6ab3287967c54e4177018 Size/MD5: 175088 f003cc7565826cfcc337ab409ffc6e8f Size/MD5: 265400 2d26dc0e9ddb6c2010776fbbcb82d791 i386 architecture (x86 compatible Intel/AMD): Size/MD5: 70444 a80af68dda6ff1aa3168040d33600e64 Size/MD5: 171594 3fca9df961cc3616b75f6518ab870a68 Size/MD5: 255474 1ab05dffaa25e1d9190d0ea872b0fbd8 lpia architecture (Low Power Intel Architecture): Size/MD5: 71066 0495b247d489438259937bee1f17761f Size/MD5: 172296 730fd7a16f9496e37ffee99ea68d15a6 Size/MD5: 257350 fff93fe6a558aef20e20b8b8f15227e7 powerpc architecture (Apple Macintosh G3/G4/G5): Size/MD5: 72524 8e92aaedc8e6fabafed81cca60a833e9 Size/MD5: 173720 055336debc8a5b9ff92e6cae9998ac94 Size/MD5: 264674 dbd6ca8bcdcf241c0629b7b27e0e1e5d sparc architecture (Sun SPARC/UltraSPARC): Size/MD5: 67348 44b9c2989661e116d78b809a8657a5c8 Size/MD5: 168516 b98b4872db6f90caf0f43da67197dec0 Size/MD5: 257634 eb673ad114284bbd9be37e1c322e1bfb Updated packages for Ubuntu 10.04: Source archives: Size/MD5: 19511ac49d7354c1ab87a91dbad607733629f Size/MD5: 1299 dae31f78418d5db8c3476d7562859658 Size/MD5: 670811 9a5cbe9798927fdf528f3186a8840ebe Architecture independent packages: Size/MD5: 926 602d7036448637b45c1eacbc31e05640 amd64 architecture (Athlon64, Opteron, EM64T Xeon): Size/MD5: 74124 82cc493f2b3d80b10ccf3f9fa2ec4ff6 Size/MD5: 180006 3b5339fe77bcdae97bb2a318496a192e Size/MD5: 271858 ae0c6a1e973dad2b0a0685fd863c096d i386 architecture (x86 compatible Intel/AMD): Size/MD5: 70692 b264bdd0086f3451e42df7f840ab894a Size/MD5: 176510 03c3d70135e907f21b2342972d8a9b40 Size/MD5: 261728 955b40272944dd988ee39b62d8c6606c powerpc architecture (Apple Macintosh G3/G4/G5): Size/MD5: 73380 ad2cda1c89c55c473121da33a40294f6 Size/MD5: 179272 b6623c3dcdc841a762308f889c8b478e Size/MD5: 271898 fcccfdb0eb4bc3a3470a83888f8bae28 sparc architecture (Sun SPARC/UltraSPARC): Size/MD5: 69258 ec2047ed5079933d6dbeb841a0207c59 Size/MD5: 175214 142020dfd126d2335bc93bad6a714799 Size/MD5: 265174 06843a4a028c5533e89d5562cbeb2047 . The Ubuntu Security Announcement for libpng flaws emphasizes vital security patches applicable to various versions.. Libpng Security Fixes, Ubuntu Security Advisory, Denial of Service Patches, Code Execution Vulnerabilities. . Severity: Critical. LinuxSecurity.com Team
Jul 08, 2010
•Critical
Ubuntu
172
security advisorycriticalcode executionUbuntu 6.06 LTS: USN-698-1 Severe: GIMP Memory Corruption Vulnerability
It was discovered that Blender did not correctly handle certain malformed Radiance RGBE images. If a user were tricked into opening a .blend file containing a specially crafted Radiance RGBE image, an attacker could execute arbitrary code with the user's privileges. (CVE-2008-1102) . ==========================================================Ubuntu Security Notice USN-699-1 December 22, 2008 blender vulnerabilities CVE-2008-1102, CVE-2008-4863 ========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: blender 2.41-1ubuntu4.1 After a standard system upgrade you need to restart Blender to effect the necessary changes. Details follow: It was discovered that Blender did not correctly handle certain malformed Radiance RGBE images. If a user were tricked into opening a .blend file containing a specially crafted Radiance RGBE image, an attacker could execute arbitrary code with the user's privileges. (CVE-2008-1102) It was discovered that Blender did not properly sanitize the Python search path. A local attacker could execute arbitrary code by inserting a specially crafted Python file in the Blender working directory. (CVE-2008-4863) Updated packages for Ubuntu 6.06 LTS: Source archives: Size/MD5: 25321 a6a2c9e48b5c274d1744d740b0d0501e Size/MD5: 947 2c501e9883db205fab612b6cd7b50d27 Size/MD5: 9464385 f6b54ff73c37aaca4d3f5babdd156fbf amd64 architecture (Athlon64, Opteron, EM64T Xeon): Size/MD5: 5399852 ee9c0adcf8fb0cf7021dd3d5132dab41 i386 architecture (x86 compatible Intel/AMD): Size/MD5: 4848820 f68c68e0db4b4ea0b7c8eed29217e398 powerpc architecture (Apple Macintosh G3/G4/G5): Size/MD5: 5467466 aee78b058760935e9cbe92e069c3ae19 sparc architecture (Sun SPARC/UltraSPARC): Size/MD5: 5110704 5f03470392a9c258d2116995b0a6e605 . Ubuntu Security Notice USN-700-1 addresses vulnerabilities in GIMP that could potentially allow unauthorized code execution. Update immediately.. Blender Exploit, Ubuntu Update, Image Processing Risk, Security Advisory. . Severity: Important. LinuxSecurity.com Team
Dec 22, 2008
•Important
Ubuntu
98
security advisorysecurity updatebuffer overflowRed Hat Enterprise Linux: RHSA-2005:802-01 Low: xloadimage Buffer Overflow
A new xloadimage package that fixes bugs in handling malformed tiff and pbm/pnm/ppm images, and in handling metacharacters in file names is now available.. - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Low: xloadimage security update Advisory ID: RHSA-2005:802-01 Advisory URL: https://access.redhat.com/errata/RHSA-2005:802.html Issue date: 2005-10-18 Updated on: 2005-10-18 Product: Red Hat Enterprise Linux CVE Names: CAN-2005-3178 - ---------------------------------------------------------------------1. Summary: A new xloadimage package that fixes bugs in handling malformed tiff and pbm/pnm/ppm images, and in handling metacharacters in file names is now available. This update has been rated as having low security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64 Red Hat Linux Advanced Workstation 2.1 - ia64 Red Hat Enterprise Linux ES version 2.1 - i386 Red Hat Enterprise Linux WS version 2.1 - i386 Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Problem description: The xloadimage utility displays images in an X Window System window, loads images into the root window, or writes images into a file. Xloadimage supports many image types (including GIF, TIFF, JPEG, XPM, and XBM). A flaw was discovered in xloadimage via which an attacker can construct a NIFF image with a very long embedded imagetitle. This image can cause a buffer overflow. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-3178 to this issue. All users of xloadimage should upgrade to this erratum package, which contains backported patches to correct these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command: up2date For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system: https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/10 5. Bug IDs fixed (http://bugzilla.redhat.com/): 170150 - CAN-2005-3178 xloadimage NIFF buffer overflow 6. RPMs required: Red Hat Enterprise Linux AS (Advanced Server) version 2.1: SRPMS: f4bdaa4b58be68996b76cb459a3bd6cb xloadimage-4.1-36.RHEL2.1.src.rpm i386: 033bde30356036eb2bb3a18f045e908c xloadimage-4.1-36.RHEL2.1.i386.rpm ia64: 24959bb056e6f8647c133790b785528d xloadimage-4.1-36.RHEL2.1.ia64.rpm Red Hat Linux Advanced Workstation 2.1: SRPMS: f4bdaa4b58be68996b76cb459a3bd6cb xloadimage-4.1-36.RHEL2.1.src.rpm ia64: 24959bb056e6f8647c133790b785528d xloadimage-4.1-36.RHEL2.1.ia64.rpm Red Hat Enterprise Linux ES version 2.1: SRPMS: f4bdaa4b58be68996b76cb459a3bd6cb xloadimage-4.1-36.RHEL2.1.src.rpm i386: 033bde30356036eb2bb3a18f045e908c xloadimage-4.1-36.RHEL2.1.i386.rpm Red Hat Enterprise Linux WS version 2.1: SRPMS: f4bdaa4b58be68996b76cb459a3bd6cb xloadimage-4.1-36.RHEL2.1.src.rpm i386: 033bde30356036eb2bb3a18f045e908c xloadimage-4.1-36.RHEL2.1.i386.rpm Red Hat Enterprise Linux AS version 3: SRPMS: 895a319259026ab6e0055da88ff36ec4 xloadimage-4.1-36.RHEL3.src.rpm i386: 1583103f2ffc69b306d7132e5efb07c7 xloadimage-4.1-36.RHEL3.i386.rpm ia64: ca43a806311d82f8bbb8cc6c4b29d17b xloadimage-4.1-36.RHEL3.ia64.rpm ppc: d217140299cc54a63b8bc726c4d377f5 xloadimage-4.1-36.RHEL3.ppc.rpm s390: eddf36c9504ab03c885820e30708bce7 xloadimage-4.1-36.RHEL3.s390.rpm s390x: e1809c5d715113f0ec8459281048f719 xloadimage-4.1-36.RHEL3.s390x.rpm x86_64: 0e83a7874cdde13a33c02316310b7a17 xloadimage-4.1-36.RHEL3.x86_64.rpm Red Hat Desktop version 3: SRPMS: 895a319259026ab6e0055da88ff36ec4 xloadimage-4.1-36.RHEL3.src.rpm i386: 1583103f2ffc69b306d7132e5efb07c7 xloadimage-4.1-36.RHEL3.i386.rpm x86_64: 0e83a7874cdde13a33c02316310b7a17 xloadimage-4.1-36.RHEL3.x86_64.rpm Red Hat Enterprise Linux ES version 3: SRPMS: 895a319259026ab6e0055da88ff36ec4 xloadimage-4.1-36.RHEL3.src.rpm i386: 1583103f2ffc69b306d7132e5efb07c7 xloadimage-4.1-36.RHEL3.i386.rpm ia64: ca43a806311d82f8bbb8cc6c4b29d17b xloadimage-4.1-36.RHEL3.ia64.rpm x86_64: 0e83a7874cdde13a33c02316310b7a17 xloadimage-4.1-36.RHEL3.x86_64.rpm Red Hat Enterprise Linux WS version 3: SRPMS: 895a319259026ab6e0055da88ff36ec4 xloadimage-4.1-36.RHEL3.src.rpm i386: 1583103f2ffc69b306d7132e5efb07c7 xloadimage-4.1-36.RHEL3.i386.rpm ia64: ca43a806311d82f8bbb8cc6c4b29d17b xloadimage-4.1-36.RHEL3.ia64.rpm x86_64: 0e83a7874cdde13a33c02316310b7a17 xloadimage-4.1-36.RHEL3.x86_64.rpm Red Hat Enterprise Linux AS version 4: SRPMS: 5b5f66c4ef8c5da3034be168c1a6059f xloadimage-4.1-36.RHEL4.src.rpm i386: a51440101c1cd09a0756b80ec693f315 xloadimage-4.1-36.RHEL4.i386.rpm ia64: b344364d5f9ff3e8f417c17ab88b2f20 xloadimage-4.1-36.RHEL4.ia64.rpm ppc: 5a4203df880864a802d937fbb0e226d7 xloadimage-4.1-36.RHEL4.ppc.rpm s390: 7c41b2aaa82fb17d621795b4c17bfb32 xloadimage-4.1-36.RHEL4.s390.rpm s390x: 25b3b931c2ce4f79d88981e7c81040f8 xloadimage-4.1-36.RHEL4.s390x.rpm x86_64: 915879a24a47ffb2f19f272ee7fdc698 xloadimage-4.1-36.RHEL4.x86_64.rpm Red Hat Enterprise Linux Desktop version4: SRPMS: 5b5f66c4ef8c5da3034be168c1a6059f xloadimage-4.1-36.RHEL4.src.rpm i386: a51440101c1cd09a0756b80ec693f315 xloadimage-4.1-36.RHEL4.i386.rpm x86_64: 915879a24a47ffb2f19f272ee7fdc698 xloadimage-4.1-36.RHEL4.x86_64.rpm Red Hat Enterprise Linux ES version 4: SRPMS: 5b5f66c4ef8c5da3034be168c1a6059f xloadimage-4.1-36.RHEL4.src.rpm i386: a51440101c1cd09a0756b80ec693f315 xloadimage-4.1-36.RHEL4.i386.rpm ia64: b344364d5f9ff3e8f417c17ab88b2f20 xloadimage-4.1-36.RHEL4.ia64.rpm x86_64: 915879a24a47ffb2f19f272ee7fdc698 xloadimage-4.1-36.RHEL4.x86_64.rpm Red Hat Enterprise Linux WS version 4: SRPMS: 5b5f66c4ef8c5da3034be168c1a6059f xloadimage-4.1-36.RHEL4.src.rpm i386: a51440101c1cd09a0756b80ec693f315 xloadimage-4.1-36.RHEL4.i386.rpm ia64: b344364d5f9ff3e8f417c17ab88b2f20 xloadimage-4.1-36.RHEL4.ia64.rpm x86_64: 915879a24a47ffb2f19f272ee7fdc698 xloadimage-4.1-36.RHEL4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key#package 7. References: https://www.cve.org/CVERecord?id=CAN-2005-3178 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2005 Red Hat, Inc. . Debian has issued a security notice regarding the libpng library, targeting a potential memory leak caused by specially crafted PNG files.. xloadimage, Red Hat, buffer overflow, security advisory, low severity. . Severity: Low. LinuxSecurity.com Team
Oct 18, 2005
•Low
Red Hat
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!