Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -5 articles for you...
91
security advisorygentoocode executionGentoo GLSA 202403-02 Normal: Blender Code Execution Risk
Multiple vulnerabilities have been discovered in Blender, the worst of which could lead to arbitrary code execution.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202403-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Blender: Multiple Vulnerabilities Date: March 03, 2024 Bugs: #834011 ID: 202403-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been discovered in Blender, the worst of which could lead to arbitrary code execution. Background ========== Blender is a 3D Creation/Animation/Publishing System. Affected packages ================= Package Vulnerable Unaffected ----------------- ------------ ------------ media-gfx/blender < 3.1.0 > = 3.1.0 Description =========== Multiple vulnerabilities have been discovered in Blender. Please review the CVE identifiers referenced below for details. Impact ====== Please review the referenced CVE identifiers for details. Workaround ========== There is no known workaround at this time. Resolution ========== All Blender users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =media-gfx/blender-3.1.0" References ========== [ 1 ] CVE-2022-0544 https://nvd.nist.gov/vuln/detail/CVE-2022-0544 [ 2 ] CVE-2022-0545 https://nvd.nist.gov/vuln/detail/CVE-2022-0545 [ 3 ] CVE-2022-0546 https://nvd.nist.gov/vuln/detail/CVE-2022-0546 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202403-02 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of ourusers' machines is of utmost importance to us. Any security concerns should be addressed to
Mar 03, 2024
Gentoo
91
security advisorygentoosoftware updateGentoo GLSA-201701-67: a2ps Arbitrary Code Execution Risk Review
A vulnerability in a2ps' fixps script might allow remote attackers to execute arbitrary code.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201701-67 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: a2ps: Arbitrary code execution Date: January 29, 2017 Bugs: #506352 ID: 201701-67 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= A vulnerability in a2ps' fixps script might allow remote attackers to execute arbitrary code. Background ========= a2ps is an Any to PostScript filter. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 app-text/a2ps < 4.14-r5 > = 4.14-r5 Description ========== a2ps' fixps script does not invoke gs with the -dSAFER option. Impact ===== Remote attackers, by enticing a user to process a specially crafted PostScript file, could delete arbitrary files or execute arbitrary code with the privileges of the process. Workaround ========= There is no known workaround at this time. Resolution ========= All a2ps users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =app-text/a2ps-4.14-r5" References ========= [ 1 ] CVE-2014-0466 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0466 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201701-67 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines isof utmost importance to us. Any security concerns should be addressed to
Jan 29, 2017
Gentoo
91
security advisorydenial of servicegentooGentoo: 201606-04 Moderate: GnuPG Key Exposure and Threats
Multiple vulnerabilities have been found in GnuPG and libgcrypt, the worst of which may allow a local attacker to obtain confidential key information. [More...]. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201606-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: GnuPG: Multiple vulnerabilities Date: June 05, 2016 Bugs: #534110, #541564, #541568 ID: 201606-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Multiple vulnerabilities have been found in GnuPG and libgcrypt, the worst of which may allow a local attacker to obtain confidential key information. Background ========= The GNU Privacy Guard, GnuPG, is a free replacement for the PGP suite of cryptographic software. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 app-crypt/gnupg < 2.0.26-r3 *> = 1.4.19 > = 2.0.26-r3 2 dev-libs/libgcrypt < 1.6.3-r4 > = 1.6.3-r4 ------------------------------------------------------------------- 2 affected packages Description ========== Multiple vulnerabilities have been discovered in GnuPG and libgcrypt, please review the CVE identifiers referenced below for details. Impact ===== A local attacker could possibly cause a Denial of Service condition. Side-channel attacks could be leveraged to obtain key material. Workaround ========= There is no known workaround at this time. Resolution ========= All GnuPG 2 users should upgrade to the latest version: #emerge --sync # emerge --ask --oneshot --verbose "> =app-crypt/gnupg-2.0.26-r3" All GnuPG 1 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =app-crypt/gnupg-1.4.19" All libgcrypt users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =dev-libs/libgcrypt-1.6.3-r4" References ========= [ 1 ] CVE-2014-3591 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3591 [ 2 ] CVE-2015-0837 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0837 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201606-04 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to
Jun 05, 2016
Gentoo
91
security advisorygentoobuffer overflowGentoo GLSA-200603-06 Normal Risk: GNU Tar Code Execution
A malicious tar archive could trigger a Buffer overflow in GNU tar, potentially resulting in the execution of arbitrary code.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200603-06 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: GNU tar: Buffer overflow Date: March 10, 2006 Bugs: #123038 ID: 200603-06 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= A malicious tar archive could trigger a Buffer overflow in GNU tar, potentially resulting in the execution of arbitrary code. Background ========= GNU tar is the standard GNU utility for creating and manipulating tar archives, a common format used for creating backups and distributing files on UNIX-like systems. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 app-arch/tar < 1.15.1-r1 > = 1.15.1-r1 Description ========== Jim Meyering discovered a flaw in the handling of certain header fields that could result in a buffer overflow when extracting or listing the contents of an archive. Impact ===== A remote attacker could construct a malicious tar archive that could potentially execute arbitrary code with the privileges of the user running GNU tar. Workaround ========= There is no known workaround at this time. Resolution ========= All GNU tar users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =app-arch/tar-1.15.1-r1" References ========= [ 1 ] CVE-2006-0300 Availability =========== This GLSA and any updates to it areavailable for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/200603-06 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to
Mar 10, 2006
Gentoo
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!