Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -5 articles for you...
203
security advisorybuffer overflowspice-gtkMageia: 2020-0408 Critical Advisory for Spice Buffer Overflow
Multiple buffer overflow vulnerabilities were found in the QUIC image decoding process of the SPICE remote display system, before spice-0.14.2-1. Both the SPICE client (spice-gtk) and server are affected by these flaws. These flaws allow a malicious client or server to send specially crafted messages that, when processed by the QUIC image compression algorithm, result in a process . MGASA-2020-0408 - Updated spice and spice-gtk packages fix a security vulnerability Publication date: 10 Nov 2020 URL: https://advisories.mageia.org/MGASA-2020-0408.html Type: security Affected Mageia releases: 7 CVE: CVE-202020-14355 Multiple buffer overflow vulnerabilities were found in the QUIC image decoding process of the SPICE remote display system, before spice-0.14.2-1. Both the SPICE client (spice-gtk) and server are affected by these flaws. These flaws allow a malicious client or server to send specially crafted messages that, when processed by the QUIC image compression algorithm, result in a process crash or potential code execution. (CVE-2020-14355) References: - https://bugs.mageia.org/show_bug.cgi?id=27368 - https://access.redhat.com/errata/RHSA-2020:4186 - https://www.openwall.com/lists/oss-security/2020/10/06/10 - https://ubuntu.com/security/notices/USN-4572-1 - https://www.cve.org/CVERecord?id=CVE-202020-14355 SRPMS: - 7/core/spice-0.14.2-1.1.mga7 - 7/core/spice-gtk-0.37-1.mga7 . Fedora's FSA-2021-0123 addresses vulnerabilities in libvirt and qemu, patching significant memory safety flaws that pose security risks.. Spice Remote Display, Buffer Overflow, Mageia Security, Spice-Gtk Update. . Severity: Critical. LinuxSecurity.com Team
Nov 10, 2020
•Critical
Mageia
203
security advisorysecurity issuecrash issueMageia: 2020-0171 Moderate: Libssh Malicious Client Crash Risk
Updated libssh packages fix security vulnerability: A malicious client or server could crash the counterpart implemented with libssh AES-CTR ciphers are used and don't get fully initialized. It will crash when it tries to cleanup the AES-CTR ciphers when . MGASA-2020-0171 - Updated libssh packages fix security vulnerability Publication date: 15 Apr 2020 URL: https://advisories.mageia.org/MGASA-2020-0171.html Type: security Affected Mageia releases: 7 CVE: CVE-2020-1730 Updated libssh packages fix security vulnerability: A malicious client or server could crash the counterpart implemented with libssh AES-CTR ciphers are used and don't get fully initialized. It will crash when it tries to cleanup the AES-CTR ciphers when closing the connection (CVE-2020-1730). References: - https://bugs.mageia.org/show_bug.cgi?id=26462 - - https://www.cve.org/CVERecord?id=CVE-2020-1730 SRPMS: - 7/core/libssh-0.8.9-1.mga7 . The security notice MGASA-2020-0171 from Mageia outlines a resolution for a libssh vulnerability to mitigate potential crash threats posed by nefarious actors.. Mageia Security Advisory, libssh Update, AES-CTR Vulnerability, Security Fix, Client Crash Issue. . LinuxSecurity.com Team
Apr 15, 2020
Mageia
100
security advisorymoderatesubversionSUSE: 2019:0195-1 Moderate Security Update for Subversion Crash
An update that fixes one vulnerability is now available. . SUSE Security Update: Security update for subversion ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0195-1 Rating: moderate References: #1122842 Cross-References: CVE-2018-11803 Affected Products: SUSE Linux Enterprise Module for Server Applications 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for subversion fixes the following issues: Security issue fixed: - CVE-2018-11803: Fixed a vulnerability that allowed malicious SVN clients to trigger a crash in mod_dav_svn by omitting the root path from a recursive directory listing request (bsc#1122842) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-2019-195=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-195=1 - SUSE Linux Enterprise Module for Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-2019-195=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-195=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15 (aarch64 ppc64le s390x x86_64): subversion-debuginfo-1.10.0-3.3.1 subversion-debugsource-1.10.0-3.3.1 subversion-server-1.10.0-3.3.1 subversion-server-debuginfo-1.10.0-3.3.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): libsvn_auth_gnome_keyring-1-0-1.10.0-3.3.1 libsvn_auth_gnome_keyring-1-0-debuginfo-1.10.0-3.3.1 subversion-debuginfo-1.10.0-3.3.1 subversion-debugsource-1.10.0-3.3.1 subversion-python-ctypes-1.10.0-3.3.1 subversion-ruby-1.10.0-3.3.1 subversion-ruby-debuginfo-1.10.0-3.3.1 - SUSE Linux Enterprise Module for Development Tools 15 (aarch64 ppc64le s390x x86_64): subversion-debuginfo-1.10.0-3.3.1 subversion-debugsource-1.10.0-3.3.1 subversion-perl-1.10.0-3.3.1 subversion-perl-debuginfo-1.10.0-3.3.1 subversion-python-1.10.0-3.3.1 subversion-python-debuginfo-1.10.0-3.3.1 subversion-tools-1.10.0-3.3.1 subversion-tools-debuginfo-1.10.0-3.3.1 - SUSE Linux Enterprise Module for Development Tools 15 (noarch): subversion-bash-completion-1.10.0-3.3.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): subversion-1.10.0-3.3.1 subversion-debuginfo-1.10.0-3.3.1 subversion-debugsource-1.10.0-3.3.1 subversion-devel-1.10.0-3.3.1 References: https://www.suse.com/security/cve/CVE-2018-11803.html https://bugzilla.suse.com/1122842 _______________________________________________ sle-security-updates mailing list
Jan 29, 2019
SuSE
98
security advisorymoderatebuffer overflowRed Hat 6 & 7: RHSA-2014:1826-01 Moderate: libvncserver Buffer Overflow
Updated libvncserver packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Moderate security [More...]. ==================================================================== Red Hat Security Advisory Synopsis: Moderate: libvncserver security update Advisory ID: RHSA-2014:1826-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2014:1826.html Issue date: 2014-11-11 CVE Names: CVE-2014-6051 CVE-2014-6052 CVE-2014-6053 CVE-2014-6054 CVE-2014-6055 ==================================================================== 1. Summary: Updated libvncserver packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server (v. 7) - x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: LibVNCServer is a library that allows for easy creation of VNC server or client functionality. An integer overflow flaw, leading to aheap-based buffer overflow, was found in the way screen sizes were handled by LibVNCServer. A malicious VNC server could use this flaw to cause a client to crash or, potentially, execute arbitrary code in the client. (CVE-2014-6051) A NULL pointer dereference flaw was found in LibVNCServer's framebuffer setup. A malicious VNC server could use this flaw to cause a VNC client to crash. (CVE-2014-6052) A NULL pointer dereference flaw was found in the way LibVNCServer handled certain ClientCutText message. A remote attacker could use this flaw to crash the VNC server by sending a specially crafted ClientCutText message from a VNC client. (CVE-2014-6053) A divide-by-zero flaw was found in the way LibVNCServer handled the scaling factor when it was set to "0". A remote attacker could use this flaw to crash the VNC server using a malicious VNC client. (CVE-2014-6054) Two stack-based buffer overflow flaws were found in the way LibVNCServer handled file transfers. A remote attacker could use this flaw to crash the VNC server using a malicious VNC client. (CVE-2014-6055) Red Hat would like to thank oCERT for reporting these issues. oCERT acknowledges Nicolas Ruff as the original reporter. All libvncserver users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. All running applications linked against libvncserver must be restarted for this update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1144287 - CVE-2014-6051 libvncserver: integer overflow flaw, leading to a heap-based buffer overflow in screen size handling 1144288 - CVE-2014-6052 libvncserver: NULL pointer dereference flaw in framebuffer setup 1144289 - CVE-2014-6053 libvncserver: serverNULL pointer dereference flaw in ClientCutText message handling 1144291 - CVE-2014-6054 libvncserver: server divide-by-zero flaw in scaling factor handling 1144293 - CVE-2014-6055 libvncserver: server stacked-based buffer overflow flaws in file transfer handling 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: libvncserver-0.9.7-7.el6_6.1.src.rpm i386: libvncserver-0.9.7-7.el6_6.1.i686.rpm libvncserver-debuginfo-0.9.7-7.el6_6.1.i686.rpm x86_64: libvncserver-0.9.7-7.el6_6.1.x86_64.rpm libvncserver-debuginfo-0.9.7-7.el6_6.1.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): i386: libvncserver-debuginfo-0.9.7-7.el6_6.1.i686.rpm libvncserver-devel-0.9.7-7.el6_6.1.i686.rpm x86_64: libvncserver-0.9.7-7.el6_6.1.i686.rpm libvncserver-debuginfo-0.9.7-7.el6_6.1.i686.rpm libvncserver-debuginfo-0.9.7-7.el6_6.1.x86_64.rpm libvncserver-devel-0.9.7-7.el6_6.1.i686.rpm libvncserver-devel-0.9.7-7.el6_6.1.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: libvncserver-0.9.7-7.el6_6.1.src.rpm i386: libvncserver-0.9.7-7.el6_6.1.i686.rpm libvncserver-debuginfo-0.9.7-7.el6_6.1.i686.rpm ppc64: libvncserver-0.9.7-7.el6_6.1.ppc64.rpm libvncserver-debuginfo-0.9.7-7.el6_6.1.ppc64.rpm s390x: libvncserver-0.9.7-7.el6_6.1.s390x.rpm libvncserver-debuginfo-0.9.7-7.el6_6.1.s390x.rpm x86_64: libvncserver-0.9.7-7.el6_6.1.x86_64.rpm libvncserver-debuginfo-0.9.7-7.el6_6.1.x86_64.rpm Red Hat Enterprise Linux Server Optional (v.6): i386: libvncserver-debuginfo-0.9.7-7.el6_6.1.i686.rpm libvncserver-devel-0.9.7-7.el6_6.1.i686.rpm ppc64: libvncserver-0.9.7-7.el6_6.1.ppc.rpm libvncserver-debuginfo-0.9.7-7.el6_6.1.ppc.rpm libvncserver-debuginfo-0.9.7-7.el6_6.1.ppc64.rpm libvncserver-devel-0.9.7-7.el6_6.1.ppc.rpm libvncserver-devel-0.9.7-7.el6_6.1.ppc64.rpm s390x: libvncserver-0.9.7-7.el6_6.1.s390.rpm libvncserver-debuginfo-0.9.7-7.el6_6.1.s390.rpm libvncserver-debuginfo-0.9.7-7.el6_6.1.s390x.rpm libvncserver-devel-0.9.7-7.el6_6.1.s390.rpm libvncserver-devel-0.9.7-7.el6_6.1.s390x.rpm x86_64: libvncserver-0.9.7-7.el6_6.1.i686.rpm libvncserver-debuginfo-0.9.7-7.el6_6.1.i686.rpm libvncserver-debuginfo-0.9.7-7.el6_6.1.x86_64.rpm libvncserver-devel-0.9.7-7.el6_6.1.i686.rpm libvncserver-devel-0.9.7-7.el6_6.1.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: libvncserver-0.9.7-7.el6_6.1.src.rpm i386: libvncserver-0.9.7-7.el6_6.1.i686.rpm libvncserver-debuginfo-0.9.7-7.el6_6.1.i686.rpm x86_64: libvncserver-0.9.7-7.el6_6.1.x86_64.rpm libvncserver-debuginfo-0.9.7-7.el6_6.1.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): i386: libvncserver-debuginfo-0.9.7-7.el6_6.1.i686.rpm libvncserver-devel-0.9.7-7.el6_6.1.i686.rpm x86_64: libvncserver-0.9.7-7.el6_6.1.i686.rpm libvncserver-debuginfo-0.9.7-7.el6_6.1.i686.rpm libvncserver-debuginfo-0.9.7-7.el6_6.1.x86_64.rpm libvncserver-devel-0.9.7-7.el6_6.1.i686.rpm libvncserver-devel-0.9.7-7.el6_6.1.x86_64.rpm Red Hat Enterprise Linux Client (v. 7): Source: libvncserver-0.9.9-9.el7_0.1.src.rpm x86_64: libvncserver-0.9.9-9.el7_0.1.i686.rpm libvncserver-0.9.9-9.el7_0.1.x86_64.rpm libvncserver-debuginfo-0.9.9-9.el7_0.1.i686.rpm libvncserver-debuginfo-0.9.9-9.el7_0.1.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: libvncserver-debuginfo-0.9.9-9.el7_0.1.i686.rpm libvncserver-debuginfo-0.9.9-9.el7_0.1.x86_64.rpm libvncserver-devel-0.9.9-9.el7_0.1.i686.rpm libvncserver-devel-0.9.9-9.el7_0.1.x86_64.rpm Red Hat Enterprise Linux Server (v.7): Source: libvncserver-0.9.9-9.el7_0.1.src.rpm x86_64: libvncserver-0.9.9-9.el7_0.1.i686.rpm libvncserver-0.9.9-9.el7_0.1.x86_64.rpm libvncserver-debuginfo-0.9.9-9.el7_0.1.i686.rpm libvncserver-debuginfo-0.9.9-9.el7_0.1.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): x86_64: libvncserver-debuginfo-0.9.9-9.el7_0.1.i686.rpm libvncserver-debuginfo-0.9.9-9.el7_0.1.x86_64.rpm libvncserver-devel-0.9.9-9.el7_0.1.i686.rpm libvncserver-devel-0.9.9-9.el7_0.1.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: libvncserver-0.9.9-9.el7_0.1.src.rpm x86_64: libvncserver-0.9.9-9.el7_0.1.i686.rpm libvncserver-0.9.9-9.el7_0.1.x86_64.rpm libvncserver-debuginfo-0.9.9-9.el7_0.1.i686.rpm libvncserver-debuginfo-0.9.9-9.el7_0.1.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: libvncserver-debuginfo-0.9.9-9.el7_0.1.i686.rpm libvncserver-debuginfo-0.9.9-9.el7_0.1.x86_64.rpm libvncserver-devel-0.9.9-9.el7_0.1.i686.rpm libvncserver-devel-0.9.9-9.el7_0.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2014-6051 https://access.redhat.com/security/cve/CVE-2014-6052 https://access.redhat.com/security/cve/CVE-2014-6053 https://access.redhat.com/security/cve/CVE-2014-6054 https://access.redhat.com/security/cve/CVE-2014-6055 https://access.redhat.com/security/updates/classification#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2014 Red Hat, Inc. . The recent libvncserver patch fixes Moderate severity security vulnerabilities. Red Hat users should apply this update swiftly to maintain system security. libvncserver Update, Red Hat Advisory, Security Flaws. . LinuxSecurity.com Team
Nov 11, 2014
Red Hat
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!