Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -3 articles for you...
203
security advisorysecurity updatebuffer overflowMageia 9: MGASA-2025-0077 critical: iniparser heap overflow risk
A heap-based buffer overflow vulnerability in iniparser_dumpsection_ini() in iniparser allows an attacker to read out-of-bounds memory. (CVE-2025-0633) References: . MGASA-2025-0077 - Updated iniparser packages fix security vulnerability Publication date: 26 Feb 2025 URL: https://advisories.mageia.org/MGASA-2025-0077.html Type: security Affected Mageia releases: 9 CVE: CVE-2025-0633 A heap-based buffer overflow vulnerability in iniparser_dumpsection_ini() in iniparser allows an attacker to read out-of-bounds memory. (CVE-2025-0633) References: - https://bugs.mageia.org/show_bug.cgi?id=34047 - https://ubuntu.com/security/notices/USN-7286-1 - https://www.cve.org/CVERecord?id=CVE-2025-0633 SRPMS: - 9/core/iniparser-4.1-4.1.mga9 . Heap overflow vulnerability in iniparser permits unauthorized memory access. Remedial measures provided in subsequent patches.. Heap-Based Overflow, Iniparser Security, Mageia Update, Buffer Overflow Risk. . Severity: Critical. LinuxSecurity.com Team
Feb 26, 2025
•Critical
Mageia
202
security advisorysecurity updateDoSopenSUSE 13.2: 2016:2391-1 Important: OpenSSL Memory Risk Fix
An update that solves 11 vulnerabilities and has 5 fixes is An update that solves 11 vulnerabilities and has 5 fixes is An update that solves 11 vulnerabilities and has 5 fixes is now available. now available.. openSUSE Security Update: Security update for openssl ______________________________________________________________________________ Announcement ID: openSUSE-SU-2016:2391-1 Rating: important References: #979475 #982575 #983249 #988591 #990419 #993819 #994749 #994844 #995075 #995324 #995359 #995377 #998190 #999665 #999666 #999668 Cross-References: CVE-2016-2177 CVE-2016-2178 CVE-2016-2179 CVE-2016-2180 CVE-2016-2181 CVE-2016-2182 CVE-2016-2183 CVE-2016-6302 CVE-2016-6303 CVE-2016-6304 CVE-2016-6306 Affected Products: openSUSE 13.2 ______________________________________________________________________________ An update that solves 11 vulnerabilities and has 5 fixes is now available. Description: This update for openssl fixes the following issues: OpenSSL Security Advisory [22 Sep 2016] (boo#999665) Severity: High * OCSP Status Request extension unbounded memory growth (CVE-2016-6304) (boo#999666) Severity: Low * Pointer arithmetic undefined behaviour (CVE-2016-2177) (boo#982575) * Constant time flag not preserved in DSA signing (CVE-2016-2178) (boo#983249) * DTLS buffered message DoS (CVE-2016-2179) (boo#994844) * OOB read in TS_OBJ_print_bio() (CVE-2016-2180) (boo#990419) * DTLS replay protection DoS (CVE-2016-2181) (boo#994749) * OOB write in BN_bn2dec() (CVE-2016-2182) (boo#993819) * Birthday attack against 64-bit block ciphers (SWEET32) (CVE-2016-2183) (boo#995359) * Malformed SHA512 ticket DoS (CVE-2016-6302) (boo#995324) * OOB write in MDC2_Update() (CVE-2016-6303) (boo#995377) * Certificate message OOB reads (CVE-2016-6306) (boo#999668) More information can be found on https://openssl-library.org/news/secadv/20160922.txt * update expired S/MIME certs (boo#979475) * allow > = 64GB AESGCM transfers (boo#988591) * fix crash in print_notice (boo#998190) * resume reading from /dev/urandom when interrupted by a signal (boo#995075) Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 13.2: zypper in -t patch openSUSE-2016-1130=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 13.2 (i586 x86_64): libopenssl-devel-1.0.1k-2.39.1 libopenssl1_0_0-1.0.1k-2.39.1 libopenssl1_0_0-debuginfo-1.0.1k-2.39.1 libopenssl1_0_0-hmac-1.0.1k-2.39.1 openssl-1.0.1k-2.39.1 openssl-debuginfo-1.0.1k-2.39.1 openssl-debugsource-1.0.1k-2.39.1 - openSUSE 13.2 (x86_64): libopenssl-devel-32bit-1.0.1k-2.39.1 libopenssl1_0_0-32bit-1.0.1k-2.39.1 libopenssl1_0_0-debuginfo-32bit-1.0.1k-2.39.1 libopenssl1_0_0-hmac-32bit-1.0.1k-2.39.1 - openSUSE 13.2 (noarch): openssl-doc-1.0.1k-2.39.1 References: https://www.suse.com/security/cve/CVE-2016-2177.html https://www.suse.com/security/cve/CVE-2016-2178.html https://www.suse.com/security/cve/CVE-2016-2179.html https://www.suse.com/security/cve/CVE-2016-2180.html https://www.suse.com/security/cve/CVE-2016-2181.html https://www.suse.com/security/cve/CVE-2016-2182.html https://www.suse.com/security/cve/CVE-2016-2183.html https://www.suse.com/security/cve/CVE-2016-6302.html https://www.suse.com/security/cve/CVE-2016-6303.html https://www.suse.com/security/cve/CVE-2016-6304.html https://www.suse.com/security/cve/CVE-2016-6306.html https://bugzilla.suse.com/979475 https://bugzilla.suse.com/982575 https://bugzilla.suse.com/983249 https://bugzilla.suse.com/988591 https://bugzilla.suse.com/990419 https://bugzilla.suse.com/993819 https://bugzilla.suse.com/994749 https://bugzilla.suse.com/994844 https://bugzilla.suse.com/995075 https://bugzilla.suse.com/995324 https://bugzilla.suse.com/995359 https://bugzilla.suse.com/995377 https://bugzilla.suse.com/998190 https://bugzilla.suse.com/999665 https://bugzilla.suse.com/999666 https://bugzilla.suse.com/999668 . Fedora has released an important patch for libxml2 tackling 9 vulnerabilities; serious buffer overflows and denial of service risks highlighted.. openSUSE Security, OpenSSL Patch, DoS Risk, Memory Fixes. . Severity: Important. LinuxSecurity.com Team
Sep 27, 2016
•Important
OpenSUSE
98
security advisoryRed HatkernelRed Hat 6.2 RHSA-2016:1617-01 Important: Local Access Risk Escalation
An update for kernel is now available for Red Hat Enterprise Linux 6.2 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Important: kernel security update Advisory ID: RHSA-2016:1617-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2016:1617.html Issue date: 2016-08-16 CVE Names: CVE-2016-4565 ==================================================================== 1. Summary: An update for kernel is now available for Red Hat Enterprise Linux 6.2 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Server AUS (v. 6.2) - noarch, x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 6.2) - x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * A flaw was found in the way certain interfaces of the Linux kernel's Infiniband subsystem used write() as bi-directional ioctl() replacement, which could lead to insufficient memory security checks when being invoked using the splice() system call. A local unprivileged user on a system with either Infiniband hardware present or RDMA Userspace Connection Manager Access module explicitly loaded, could use this flaw to escalate their privileges on the system. (CVE-2016-4565, Important) Red Hat would like to thank Jann Horn for reporting this issue. 4. Solution: For details on how to apply this update, which includes thechanges described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1310570 - CVE-2016-4565 kernel: infiniband: Unprivileged process can overwrite kernel memory using rdma_ucm.ko 6. Package List: Red Hat Enterprise Linux Server AUS (v. 6.2): Source: kernel-2.6.32-220.67.1.el6.src.rpm noarch: kernel-doc-2.6.32-220.67.1.el6.noarch.rpm kernel-firmware-2.6.32-220.67.1.el6.noarch.rpm x86_64: kernel-2.6.32-220.67.1.el6.x86_64.rpm kernel-debug-2.6.32-220.67.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-220.67.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-220.67.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-220.67.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-220.67.1.el6.x86_64.rpm kernel-devel-2.6.32-220.67.1.el6.x86_64.rpm kernel-headers-2.6.32-220.67.1.el6.x86_64.rpm perf-2.6.32-220.67.1.el6.x86_64.rpm perf-debuginfo-2.6.32-220.67.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-220.67.1.el6.x86_64.rpm Red Hat Enterprise Linux Server Optional AUS (v. 6.2): Source: kernel-2.6.32-220.67.1.el6.src.rpm x86_64: kernel-debug-debuginfo-2.6.32-220.67.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-220.67.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-220.67.1.el6.x86_64.rpm perf-debuginfo-2.6.32-220.67.1.el6.x86_64.rpm python-perf-2.6.32-220.67.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-220.67.1.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-4565 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iD8DBQFXsvZfXlSAg2UNWIIRAp0BAJ4p0Kf+t7DwkMn/Tn1CLfedos0nWgCfRhKU X0nvzO4iImbN7v9J4IMfYto=fclQ -----END PGP SIGNATURE----- -- Enterprise-watch-list mailing list
Aug 16, 2016
•Important
Red Hat
98
security advisorysecurity issuecriticalCritical Memory Vulnerability in Seamonkey for Red Hat Enterprise Linux 4
Updated seamonkey packages that fix two security issues are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Critical: seamonkey security update Advisory ID: RHSA-2012:0084-01 Product: Red Hat EnterprisLinux Advisory URL: https://access.redhat.com/errata/RHSA-2012:0084.html Issudate: 2012-02-01 CVE Names: CVE-2011-3670 CVE-2012-0442 ==================================================================== 1Summary: Updated seamonkey packages that fitwsecurity issues arnow available for Red Hat EnterprisLinu4. ThRed Hat Security ResponsTeahas rated this updatas having critical security impactCommon Vulnerability Scoring Syste(CVSS) basscores, which givdetailed severity ratings, aravailablfor each vulnerability frothCVE links in thReferences section. 2Relevant releases/architectures: Red Hat EnterprisLinuAS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat EnterprisLinuDesktoversion 4 - i386, x86_64 Red Hat EnterprisLinuES version 4 - i386, ia64, x86_64 Red Hat EnterprisLinuWS version 4 - i386, ia64, x86_64 3Description: SeaMonkey is an open sourcweb browser, e-maiand newsgrouclient, IRC chat client, and HTML editor. A flaw was found in thprocessing of malformed web contentA web page containing malicious content could causSeaMonkey tcrash or, potentially, executarbitrary codwith thprivileges of thuser running SeaMonkey(CVE-2012-0442) Thsame-origin policy in SeaMonkey treated and as interchangeableA malicious script could possibly usthis flaw tgain access tsensitivinformation (such as client's IP and user e-maiaddress, or httpOnly cookies) that may bincluded in HTTP proxy error replies, generated in responstinvalid URLsusing squarbrackets(CVE-2011-3670) AlSeaMonkey users should upgradtthesupdated packages, which correct thesissuesAfter installing thupdate, SeaMonkey must brestarted for thchanges ttakeffect. 4Solution: Beforapplying this update, maksuralpreviously-released errata relevant tyour systehavbeen applied. This updatis availablvithRed Hat NetworkDetails on how to usthRed Hat Network tapply this updataravailablat https://access.redhat.com/kb/docs/DOC-11259 5Bugs fixed (http://bugzilla.redhat.com/): 785085 - CVE-2012-0442 Mozilla: memory safety hazards in 10.0/1.9.2.26 (MFSA 2012-01) 785464 - CVE-2011-3670 Mozilla: Same-origin bypass using IPv6-likhostnamsynta(MFSA 2012-02) 6PackagList: Red Hat EnterprisLinuAS version4: Source: i386: seamonkey-1.0.9-78.el4.i386.rpm seamonkey-chat-1.0.9-78.el4.i386.rpm seamonkey-debuginfo-1.0.9-78.el4.i386.rpm seamonkey-devel-1.0.9-78.el4.i386.rpm seamonkey-dom-inspector-1.0.9-78.el4.i386.rpm seamonkey-js-debugger-1.0.9-78.el4.i386.rpm seamonkey-mail-1.0.9-78.el4.i386.rpm ia64: seamonkey-1.0.9-78.el4.ia64.rpm seamonkey-chat-1.0.9-78.el4.ia64.rpm seamonkey-debuginfo-1.0.9-78.el4.ia64.rpm seamonkey-devel-1.0.9-78.el4.ia64.rpm seamonkey-dom-inspector-1.0.9-78.el4.ia64.rpm seamonkey-js-debugger-1.0.9-78.el4.ia64.rpm seamonkey-mail-1.0.9-78.el4.ia64.rpm ppc: seamonkey-1.0.9-78.el4.ppc.rpm seamonkey-chat-1.0.9-78.el4.ppc.rpm seamonkey-debuginfo-1.0.9-78.el4.ppc.rpm seamonkey-devel-1.0.9-78.el4.ppc.rpm seamonkey-dom-inspector-1.0.9-78.el4.ppc.rpm seamonkey-js-debugger-1.0.9-78.el4.ppc.rpm seamonkey-mail-1.0.9-78.el4.ppc.rpm s390: seamonkey-1.0.9-78.el4.s390.rpm seamonkey-chat-1.0.9-78.el4.s390.rpm seamonkey-debuginfo-1.0.9-78.el4.s390.rpm seamonkey-devel-1.0.9-78.el4.s390.rpm seamonkey-dom-inspector-1.0.9-78.el4.s390.rpm seamonkey-js-debugger-1.0.9-78.el4.s390.rpm seamonkey-mail-1.0.9-78.el4.s390.rpm s390x: seamonkey-1.0.9-78.el4.s390x.rpm seamonkey-chat-1.0.9-78.el4.s390x.rpm seamonkey-debuginfo-1.0.9-78.el4.s390x.rpm seamonkey-devel-1.0.9-78.el4.s390x.rpm seamonkey-dom-inspector-1.0.9-78.el4.s390x.rpm seamonkey-js-debugger-1.0.9-78.el4.s390x.rpm seamonkey-mail-1.0.9-78.el4.s390x.rpm x86_64: seamonkey-1.0.9-78.el4.x86_64.rpm seamonkey-chat-1.0.9-78.el4.x86_64.rpm seamonkey-debuginfo-1.0.9-78.el4.x86_64.rpm seamonkey-devel-1.0.9-78.el4.x86_64.rpm seamonkey-dom-inspector-1.0.9-78.el4.x86_64.rpm seamonkey-js-debugger-1.0.9-78.el4.x86_64.rpm seamonkey-mail-1.0.9-78.el4.x86_64.rpm Red Hat EnterprisLinuDesktoversion4: Source: i386: seamonkey-1.0.9-78.el4.i386.rpm seamonkey-chat-1.0.9-78.el4.i386.rpm seamonkey-debuginfo-1.0.9-78.el4.i386.rpm seamonkey-devel-1.0.9-78.el4.i386.rpm seamonkey-dom-inspector-1.0.9-78.el4.i386.rpm seamonkey-js-debugger-1.0.9-78.el4.i386.rpm seamonkey-mail-1.0.9-78.el4.i386.rpm x86_64: seamonkey-1.0.9-78.el4.x86_64.rpm seamonkey-chat-1.0.9-78.el4.x86_64.rpm seamonkey-debuginfo-1.0.9-78.el4.x86_64.rpm seamonkey-devel-1.0.9-78.el4.x86_64.rpm seamonkey-dom-inspector-1.0.9-78.el4.x86_64.rpm seamonkey-js-debugger-1.0.9-78.el4.x86_64.rpm seamonkey-mail-1.0.9-78.el4.x86_64.rpm Red Hat EnterprisLinuES version 4: Source: i386: seamonkey-1.0.9-78.el4.i386.rpm seamonkey-chat-1.0.9-78.el4.i386.rpm seamonkey-debuginfo-1.0.9-78.el4.i386.rpm seamonkey-devel-1.0.9-78.el4.i386.rpm seamonkey-dom-inspector-1.0.9-78.el4.i386.rpm seamonkey-js-debugger-1.0.9-78.el4.i386.rpm seamonkey-mail-1.0.9-78.el4.i386.rpm ia64: seamonkey-1.0.9-78.el4.ia64.rpm seamonkey-chat-1.0.9-78.el4.ia64.rpm seamonkey-debuginfo-1.0.9-78.el4.ia64.rpm seamonkey-devel-1.0.9-78.el4.ia64.rpm seamonkey-dom-inspector-1.0.9-78.el4.ia64.rpm seamonkey-js-debugger-1.0.9-78.el4.ia64.rpm seamonkey-mail-1.0.9-78.el4.ia64.rpm x86_64: seamonkey-1.0.9-78.el4.x86_64.rpm seamonkey-chat-1.0.9-78.el4.x86_64.rpm seamonkey-debuginfo-1.0.9-78.el4.x86_64.rpm seamonkey-devel-1.0.9-78.el4.x86_64.rpm seamonkey-dom-inspector-1.0.9-78.el4.x86_64.rpm seamonkey-js-debugger-1.0.9-78.el4.x86_64.rpm seamonkey-mail-1.0.9-78.el4.x86_64.rpm Red Hat EnterprisLinuWS version4: Source: i386: seamonkey-1.0.9-78.el4.i386.rpm seamonkey-chat-1.0.9-78.el4.i386.rpm seamonkey-debuginfo-1.0.9-78.el4.i386.rpm seamonkey-devel-1.0.9-78.el4.i386.rpm seamonkey-dom-inspector-1.0.9-78.el4.i386.rpm seamonkey-js-debugger-1.0.9-78.el4.i386.rpm seamonkey-mail-1.0.9-78.el4.i386.rpm ia64: seamonkey-1.0.9-78.el4.ia64.rpm seamonkey-chat-1.0.9-78.el4.ia64.rpm seamonkey-debuginfo-1.0.9-78.el4.ia64.rpm seamonkey-devel-1.0.9-78.el4.ia64.rpm seamonkey-dom-inspector-1.0.9-78.el4.ia64.rpm seamonkey-js-debugger-1.0.9-78.el4.ia64.rpm seamonkey-mail-1.0.9-78.el4.ia64.rpm x86_64: seamonkey-1.0.9-78.el4.x86_64.rpm seamonkey-chat-1.0.9-78.el4.x86_64.rpm seamonkey-debuginfo-1.0.9-78.el4.x86_64.rpm seamonkey-devel-1.0.9-78.el4.x86_64.rpm seamonkey-dom-inspector-1.0.9-78.el4.x86_64.rpm seamonkey-js-debugger-1.0.9-78.el4.x86_64.rpm seamonkey-mail-1.0.9-78.el4.x86_64.rpm Thespackages arGPG signed by Red Hat for security Our key and details on how tverify thsignaturaravailablfrom https://access.redhat.com/security/team/key#package 7References: https://access.redhat.com/security/cve/CVE-2011-3670 https://access.redhat.com/security/cve/CVE-2012-0442 https://access.redhat.com/security/updates/classification#critical 8Contact: ThRed Hat security contact is Morcontact details at https://access.redhat.com/security/team/contact Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFPKPcoXlSAg2UNWIIRAtqTAKC3n9KoTOm2t/qukrnH+cd04iswBgCeIu8r IceFLSepAEZDsTcaPufEfgc=QPg3 -----END PGP SIGNATURE----- -- Enterprise-watch-list mailing list
Feb 01, 2012
•Critical
Red Hat
89
security advisoryFedoraupdate informationFedora: 2009-3099 Moderate: Firefox Memory Flaw Remote Execution Risk
Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A memory corruption flaw was discovered in the way Firefox handles XML files containing an XSLT transform. A remote attacker could use this flaw to crash Firefox or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1169) A flaw was discovered in the way Firefox handles certain XUL garbage collection events. A remote attacker could use this flaw to crash Firefox or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1044) This update also provides depending packages rebuilt against new Firefox version. Miro updates to upstream 2.0.3. Provides new features and fixes various bugs in 1.2.x series. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2009-3099 2009-03-28 00:57:36 --------------------------------------------------------------------------------Name : mozvoikko Product : Fedora 9 Version : 0.9.5 Release : 8.fc9 URL : https://voikko.puimula.org/ Summary : Finnish Voikko spell-checker extension for Mozilla programs Description : This is mozvoikko, an extension for Mozilla programs for using the Finnish spell-checker Voikko. --------------------------------------------------------------------------------Update Information: Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A memory corruption flaw was discovered in the way Firefox handles XML files containing an XSLT transform. A remote attacker could use this flaw to crash Firefox or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1169) A flaw was discovered in the way Firefox handles certain XUL garbage collection events. A remote attacker could use this flaw to crash Firefox or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1044) This update also provides depending packages rebuilt against new Firefox version. Miro updates to upstream 2.0.3. Provides new features and fixes various bugs in 1.2.x series --------------------------------------------------------------------------------This update can be installed with the "yum" update program. Use su -c 'yum update mozvoikko' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ Fedora-package-announce mailing list
Mar 28, 2009
Fedora
91
security advisorycritical issuegentooGentoo: GLSA-202310-01 Critical: OpenSSH Escalation Issue
A missing boundary check in Samba might lead to the disclosure of memory contents.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200903-07 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Samba: Data disclosure Date: March 07, 2009 Bugs: #247620 ID: 200903-07 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= A missing boundary check in Samba might lead to the disclosure of memory contents. Background ========= Samba is a suite of SMB and CIFS client/server programs. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-fs/samba < 3.0.33 > = 3.0.33 Description ========== Samba does not properly check memory boundaries when handling trans, rans2, and nttrans requests. Impact ===== A remote attacker could send specially crafted requests to a Samba daemon, leading to the disclosure of arbitrary memory or to a Denial of Service. Workaround ========= There is no known workaround at this time. Resolution ========= All Samba users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =net-fs/samba-3.0.33" References ========= [ 1 ] CVE-2008-4314 https://www.cve.org/CVERecord?id=CVE-2008-4314 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/200903-07 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our usersmachines is of utmost importance to us. Any security concerns should be addressed to
Mar 07, 2009
•Important
Gentoo
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!