Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -3 articles for you...
91
security advisorysecurity issuegentooGentoo: GLSA-202408-26 Normal: matio Code Execution Risk
Multiple vulnerabilities have been discovered in matio, the worst of which could lead to arbitrary code execution.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202408-26 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: matio: Multiple Vulnerabilities Date: August 11, 2024 Bugs: #803131 ID: 202408-26 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been discovered in matio, the worst of which could lead to arbitrary code execution. Background ========== matio is a library for reading and writing matlab files. Affected packages ================= Package Vulnerable Unaffected -------------- ------------ ------------ sci-libs/matio < 1.5.22 > = 1.5.22 Description =========== Multiple vulnerabilities have been discovered in matio. Please review the CVE identifiers referenced below for details. Impact ====== Please review the referenced CVE identifiers for details. Workaround ========== There is no known workaround at this time. Resolution ========== All matio users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =sci-libs/matio-1.5.22" References ========== [ 1 ] CVE-2020-36428 https://nvd.nist.gov/vuln/detail/CVE-2020-36428 [ 2 ] CVE-2021-36977 https://nvd.nist.gov/vuln/detail/CVE-2021-36977 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202408-26 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should beaddressed to
Aug 11, 2024
Gentoo
203
security advisorybuffer overflowMageiaMageia 8 MGASA-2022-0465 Critical: Matio Heap Buffer Overflow
matio (aka MAT File I/O Library) 1.5.18 through 1.5.21 has a heap-based buffer overflow in ReadInt32DataDouble (called from ReadInt32Data and Mat_VarRead4). (CVE-2020-36428) matio (aka MAT File I/O Library) 1.5.20 and 1.5.21 has a heap-based . MGASA-2022-0465 - Updated matio packages fix security vulnerability Publication date: 13 Dec 2022 URL: https://advisories.mageia.org/MGASA-2022-0465.html Type: security Affected Mageia releases: 8 CVE: CVE-2020-36428, CVE-2021-36977 matio (aka MAT File I/O Library) 1.5.18 through 1.5.21 has a heap-based buffer overflow in ReadInt32DataDouble (called from ReadInt32Data and Mat_VarRead4). (CVE-2020-36428) matio (aka MAT File I/O Library) 1.5.20 and 1.5.21 has a heap-based buffer overflow in H5MM_memcpy (called from H5MM_malloc and H5C_load_entry), related to use of HDF5 1.12.0. (CVE-2021-36977) References: - https://bugs.mageia.org/show_bug.cgi?id=31246 - - https://www.cve.org/CVERecord?id=CVE-2020-36428 - https://www.cve.org/CVERecord?id=CVE-2021-36977 SRPMS: - 8/core/matio-1.5.23-1.mga8 . Recent matio package updates resolve several security vulnerabilities. Critical patches were issued on December 13, 2022, specifically for Mageia 8.. matio security, buffer overflow, heap-based attack, mageia updates. . Severity: Critical. LinuxSecurity.com Team
Dec 13, 2022
•Critical
Mageia
202
security advisorybuffer overflowimportant fixesopenSUSE Backports SLE-15-SP4: 2022:10235-1 Important Buffer Overflow Fix
An update that fixes two vulnerabilities is now available. . openSUSE Security Update: Security update for matio ______________________________________________________________________________ Announcement ID: openSUSE-SU-2022:10235-1 Rating: important References: #1193873 #1193874 Cross-References: CVE-2020-36428 CVE-2021-36977 CVSS scores: CVE-2020-36428 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-36977 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: openSUSE Backports SLE-15-SP4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for matio fixes the following issues: Update to version 1.5.23: * Fixed testsuite regression from version 1.5.22. Changes from version 1.5.22: * Added support for reading large MAT file. * Updated cmake-conan to version 0.17.0. * Fixed CMake build with Conan (MATIO_USE_CONAN:BOOL=ON). * Fixed data type when reading 16-bit character data from HDF5 MAT file. * Fixed heap-based buffer overflows when reading (crafted) MAT file (CVE-2020-36428, CVE-2021-36977). * Confirmed compatibility with HDF5 v1.13.0 and v1.13.1. * Several other fixes, for example for memory leaks. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP4: zypper in -t patch openSUSE-2022-10235=1 Package List: - openSUSE Backports SLE-15-SP4 (aarch64 i586 ppc64le s390x x86_64): libmatio-devel-1.5.23-bp154.2.3.1 libmatio11-1.5.23-bp154.2.3.1 matio-tools-1.5.23-bp154.2.3.1 References: https://www.suse.com/security/cve/CVE-2020-36428.html https://www.suse.com/security/cve/CVE-2021-36977.html https://bugzilla.suse.com/1193873 https://bugzilla.suse.com/1193874 . The recent matio update addresses major issues within openSUSE, tackling critical vulnerabilities alongside essential patches.. openSUSE, matio fixes, buffer overflow patch. . Severity: Important. LinuxSecurity.com Team
Dec 08, 2022
•Important
OpenSUSE
203
security advisoryupdatememory leakMageia 8 MGASA-2021-0558 Moderate: Matio Memory Leak Risk
Updated matio packages fix security vulnerability: A memory leak was discovered in Mat_VarCalloc in mat.c in matio 1.5.17 because SafeMulDims does not consider the rank==0 case (CVE-2019-20052). . MGASA-2021-0558 - Updated matio packages fix security vulnerability Publication date: 19 Dec 2021 URL: https://advisories.mageia.org/MGASA-2021-0558.html Type: security Affected Mageia releases: 8 CVE: CVE-2019-20052 Updated matio packages fix security vulnerability: A memory leak was discovered in Mat_VarCalloc in mat.c in matio 1.5.17 because SafeMulDims does not consider the rank==0 case (CVE-2019-20052). References: - https://bugs.mageia.org/show_bug.cgi?id=29164 - https://www.cve.org/CVERecord?id=CVE-2019-20052 SRPMS: - 8/core/matio-1.5.21-1.mga8 . Recent updates for matio packages have addressed a memory leak vulnerability found in Mageia, impacting version 1.5.17 and logged as CVE-2019-20052.. Mageia Security Advisory, matio Update, memory Leak Vulnerability, security Patch. . LinuxSecurity.com Team
Dec 19, 2021
Mageia
203
security advisoryheap overflowbuffer over-readMageia 7: 2020-0299 Critical: Matio Buffer Over-Read (CVE-2019-17533)
Mat_VarReadNextInfo4 in mat4.c in MATIO 1.5.17 omits a certain '\0' character, leading to a heap-based buffer over-read in strdup_vprintf when uninitialized memory is accessed. (CVE-2019-17533) References: . MGASA-2020-0299 - Updated matio packages fix security vulnerability Publication date: 31 Jul 2020 URL: https://advisories.mageia.org/MGASA-2020-0299.html Type: security Affected Mageia releases: 7 CVE: CVE-2019-17533 Mat_VarReadNextInfo4 in mat4.c in MATIO 1.5.17 omits a certain '\0' character, leading to a heap-based buffer over-read in strdup_vprintf when uninitialized memory is accessed. (CVE-2019-17533) References: - https://bugs.mageia.org/show_bug.cgi?id=26883 - https://lists.debian.org/debian-lts-announce/2020/06/msg00037.html - https://www.cve.org/CVERecord?id=CVE-2019-17533 SRPMS: - 7/core/matio-1.5.16-1.1.mga7 . Mageia 2020-0300 updates released for matio to address significant buffer overflow issue identified in CVE-2019-17534.. matio update, security advisory, buffer over-read, Mageia security. . Severity: Critical. LinuxSecurity.com Team
Jul 31, 2020
•Critical
Mageia
89
security advisoryFedorainteger overflowFedora 31: FEDORA-2019-a1a2f55fc Critical: matio Integer Overflow
1.5.7, fix for CVE-2019-13107. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2019-a1a2f55fcf 2020-01-12 01:40:13.408976 --------------------------------------------------------------------------------Name : matio Product : Fedora 31 Version : 1.5.17 Release : 1.fc31 URL : https://sourceforge.net/projects/matio/ Summary : Library for reading/writing Matlab MAT files Description : matio is an open-source library for reading/writing Matlab MAT files. This library is designed for use by programs/libraries that do not have access or do not want to rely on Matlab's libmat shared library. --------------------------------------------------------------------------------Update Information: 1.5.7, fix for CVE-2019-13107 --------------------------------------------------------------------------------ChangeLog: * Mon Dec 23 2019 Gwyn Ciesla - 1.5.17-1 - 1.5.17 --------------------------------------------------------------------------------References: [ 1 ] Bug #1431008 - matio-1.5.17 is available https://bugzilla.redhat.com/show_bug.cgi?id=1431008 [ 2 ] Bug #1728479 - CVE-2019-13107 matio: multiple interger overflow in mat.c, mat4.c, mat5.c, mat73.c and matvar_struct.c [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1728479 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2019-a1a2f55fcf' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Jan 11, 2020
•Critical
Fedora
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!