Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -2 articles for you...
91
security advisorygentooremote code executionGentoo: GLSA-202312-05 low: Arduino Remote Code Execution - Log4j Issue
A vulnerability has been found in Arduino which bundled a vulnerable version of log4j.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202312-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Arduino: Remote Code Execution Date: December 22, 2023 Bugs: #830716 ID: 202312-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== A vulnerability has been found in Arduino which bundled a vulnerable version of log4j. Background ========== Arduino is an open-source AVR electronics prototyping platform. Affected packages ================= Package Vulnerable Unaffected -------------------- ------------ ------------ dev-embedded/arduino < 1.8.19 > = 1.8.19 Description =========== A vulnerability has been discovered in Arduino. Please review the CVE identifier referenced below for details. Impact ====== Arduino bundles a vulnerable version of log4j that may lead to remote code execution. Workaround ========== There is no known workaround at this time. Resolution ========== All Arduino users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =dev-embedded/arduino-1.8.19" References ========== [ 1 ] CVE-2021-4104 https://nvd.nist.gov/vuln/detail/CVE-2021-4104 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202312-04 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to
Dec 22, 2023
•Medium
Gentoo
91
security advisoryGentoosoftware updateGentoo: GLSA-201701-61 Normal: WebP DoS Risks and Fixes
Multiple vulnerabilities have been discovered in WebP, the worst of which could allow a remote attacker to cause a Denial of Service condition. [More...]. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201701-61 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: WebP: Multiple vulnerabilities Date: January 24, 2017 Bugs: #598208 ID: 201701-61 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Multiple vulnerabilities have been discovered in WebP, the worst of which could allow a remote attacker to cause a Denial of Service condition. Background ========= WebP is an image format employing both lossy and lossless compression. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 media-libs/libwebp < 0.5.2 > = 0.5.2 Description ========== Multiple vulnerabilities have been discovered in WebP's gif2webp tool. Please review the CVE identifier and bug reference for details. Impact ===== A remote attacker, by enticing a user to process a specially crafted file using WebP's gif2webp tool, could possibly cause a Denial of Service condition or other unspecified impacts. Workaround ========= There is no known workaround at this time. Resolution ========= All WebP users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =media-libs/libwebp-0.5.2" References ========= [ 1 ] CVE-2016-9085 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9085 Availability =========== This GLSA and any updates to it are availablefor viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201701-61 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to
Jan 24, 2017
Gentoo
91
security advisorygentoocode executionGentoo: GLSA 201701-33 Normal: PostgreSQL Code Execution Risks
Multiple vulnerabilities have been found in PostgreSQL, the worst of which could result in execution of arbitrary code or privilege escalation. [More...]. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201701-33 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: PostgreSQL: Multiple vulnerabilities Date: January 12, 2017 Bugs: #562586, #574456, #602130 ID: 201701-33 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Multiple vulnerabilities have been found in PostgreSQL, the worst of which could result in execution of arbitrary code or privilege escalation. Background ========= PostgreSQL is an open source object-relational database management system. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-db/postgresql < 9.5.4 > = 9.5.4:9.5 > = 9.4.9:9.4 > = 9.3.14:9.3 > = 9.2.18:9.2 > = 9.1.23:9.1 Description ========== Multiple vulnerabilities have been discovered in PostgreSQL. Please review the CVE identifiers referenced below for details. Impact ===== A remote attacker could possibly execute arbitrary code with the privileges of the process, cause a Denial of Service condition, or escalate privileges. Workaround ========= There is no known workaround at this time. Resolution ========= All PostgreSQL 9.5.x usersshould upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =dev-db/postgresql-9.5.4:9.5" All PostgreSQL 9.4.x users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> dev-db/postgresql-9.4.9:9.4" All PostgreSQL 9.3.x users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> dev-db/postgresql-9.3.14:9.3" All PostgreSQL 9.2.x users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> dev-db/postgresql-9.2.18:9.2" All PostgreSQL 9.1.x users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> dev-db/postgresql-9.1.23:9.1" References ========= [ 1 ] CVE-2015-5288 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5288 [ 2 ] CVE-2015-5289 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5289 [ 3 ] CVE-2016-0766 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0766 [ 4 ] CVE-2016-0773 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0773 [ 5 ] CVE-2016-5423 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5423 [ 6 ] CVE-2016-5424 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5424 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201701-33 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to
Jan 13, 2017
Gentoo
91
security advisoryGentoosoftware updateGentoo: GLSA-201006-07 Normal: SILC Toolkit Multiple Issues
Multiple vulnerabilities were discovered in SILC Toolkit and SILC Client, the worst of which allowing for execution of arbitrary code.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201006-07 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: SILC: Multiple vulnerabilities Date: June 01, 2010 Bugs: #284561 ID: 201006-07 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Multiple vulnerabilities were discovered in SILC Toolkit and SILC Client, the worst of which allowing for execution of arbitrary code. Background ========= SILC (Secure Internet Live Conferencing protocol) Toolkit is a software development kit for use in clients, and SILC Client is an IRSSI-based text client. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-im/silc-toolkit < 1.1.10 > = 1.1.10 2 net-im/silc-client < 1.1.8 > = 1.1.8 ------------------------------------------------------------------- 2 affected packages on all of their supported architectures. ------------------------------------------------------------------- Description ========== Multiple vulnerabilities were discovered in SILC Toolkit and SILC Client. For further information please consult the CVE entries referenced below. Impact ===== A remote attacker could overwrite stack locations and possibly execute arbitrary code via a crafted OID value, Content-Length header or format string specifiers in a nickname field or channelname. Workaround ========= There is no known workaround at this time. Resolution ========= All SILC Toolkit users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =net-im/silc-toolkit-1.1.10" All SILC Client users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =net-im/silc-client-1.1.8" References ========= [ 1 ] CVE-2008-7159 https://www.cve.org/CVERecord?id=CVE-2008-7159 [ 2 ] CVE-2008-7160 https://www.cve.org/CVERecord?id=CVE-2008-7160 [ 3 ] CVE-2009-3051 https://www.cve.org/CVERecord?id=CVE-2009-3051 [ 4 ] CVE-2009-3163 https://www.cve.org/CVERecord?id=CVE-2009-3163 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201006-07 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to
Jun 01, 2010
Gentoo
91
security advisoryGentoocode executionGentoo: GLSA-200807-13 Advisory: VLC Vulnerability & Execution Risk
Multiple vulnerabilities in VLC may allow for the execution of arbitrary code.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200807-13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: VLC: Multiple vulnerabilities Date: July 31, 2008 Bugs: #221959, #230692 ID: 200807-13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Multiple vulnerabilities in VLC may allow for the execution of arbitrary code. Background ========= VLC is a cross-platform media player and streaming server. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 media-video/vlc < 0.8.6i > = 0.8.6i Description ========== * Remi Denis-Courmont reported that VLC loads plugins from the current working directory in an unsafe manner (CVE-2008-2147). * Alin Rad Pop (Secunia Research) reported an integer overflow error in the Open() function in the file modules/demux/wav.c (CVE-2008-2430). Impact ===== A remote attacker could entice a user to open a specially crafted .wav file, and a local attacker could entice a user to run VLC from a directory containing specially crafted modules, possibly resulting in the execution of arbitrary code with the privileges of the user running the application. Workaround ========= There is no known workaround at this time. Resolution ========= All VLC users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =media-video/vlc-0.8.6i" References ========= [1 ] CVE-2008-2147 https://www.cve.org/CVERecord?id=CVE-2008-2147 [ 2 ] CVE-2008-2430 https://www.cve.org/CVERecord?id=CVE-2008-2430 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/200807-13 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to
Jul 31, 2008
Gentoo
91
security advisorygentookonquerorGentoo GLSA-200501-16 Normal: Konqueror Java Applet Access Risk
The Java sandbox environment in Konqueror can be bypassed to access arbitrary packages, allowing untrusted Java applets to perform unrestricted actions on the host system. [More...]. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200501-16 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Konqueror: Java sandbox vulnerabilities Date: January 11, 2005 Bugs: #72750 ID: 200501-16 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= The Java sandbox environment in Konqueror can be bypassed to access arbitrary packages, allowing untrusted Java applets to perform unrestricted actions on the host system. Background ========= KDE is a feature-rich graphical desktop environment for Linux and Unix-like Operating Systems. Konqueror is the KDE web browser and file manager. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 kde-base/kdelibs < 3.3.2 > = 3.3.2 Description ========== Konqueror contains two errors that allow JavaScript scripts and Java applets to have access to restricted Java classes. Impact ===== A remote attacker could embed a malicious Java applet in a web page and entice a victim to view it. This applet can then bypass security restrictions and execute any command, or access any file with the rights of the user running Konqueror. Workaround ========= There is no known workaround at this time. Resolution ========= All kdelibs users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbosekde-base/kdelibs Note: There is currently no fixed stable version for sparc. References ========= [ 1 ] KDE Security Advisory: Konqueror Java Vulnerability https://kde.org/info/security/advisory-20041220-1.txt [ 2 ] CAN 2004-1145 https://www.cve.org/CVERecord?id=CVE-CAN-2004-1145 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/200501-16 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to
Jan 11, 2005
Gentoo
91
security advisoryGentooprivilege escalationGentoo: GLSA 200411-38 Normal: Java Applet Escalation Threat
The Java plug-in security in Sun and Blackdown Java environments can be bypassed to access arbitrary packages, allowing untrusted Java applets to perform unrestricted actions on the host system. [More...]. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200411-38 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Sun and Blackdown Java: Applet privilege escalation Date: November 29, 2004 Bugs: #72172, #72221 ID: 200411-38 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= The Java plug-in security in Sun and Blackdown Java environments can be bypassed to access arbitrary packages, allowing untrusted Java applets to perform unrestricted actions on the host system. Background ========= Sun and Blackdown both provide implementations of Java Development Kits (JDK) and Java Runtime Environments (JRE). All these implementations provide a Java plug-in that can be used to execute Java applets in a restricted environment for web browsers. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-java/sun-jdk < 1.4.2.06 > = 1.4.2.06 2 dev-java/sun-jre-bin < 1.4.2.06 > = 1.4.2.06 3 dev-java/blackdown-jdk < 1.4.2.01 > = 1.4.2.01 4 dev-java/blackdown-jre < 1.4.2.01 > = 1.4.2.01 ------------------------------------------------------------------- # Package 1 [dev-java/sun-jdk] only applies to x86 and AMD64 users. # Package 2 [dev-java/sun-jre-bin] only applies to x86 andAMD64 users. # Package 3 [dev-java/blackdown-jdk] only applies to x86 and AMD64 users. # Package 4 [dev-java/blackdown-jre] only applies to x86 and AMD64 users. ------------------------------------------------------------------- 4 affected packages; please see the notes above... ------------------------------------------------------------------- Description ========== All Java plug-ins are subject to a vulnerability allowing unrestricted Java package access. Impact ===== A remote attacker could embed a malicious Java applet in a web page and entice a victim to view it. This applet can then bypass security restrictions and execute any command or access any file with the rights of the user running the web browser. Workaround ========= As a workaround you could disable Java applets on your web browser. Resolution ========= All Sun JDK users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =dev-java/sun-jdk-1.4.2.06" All Sun JRE users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =dev-java/sun-jre-bin-1.4.2.06" All Blackdown JDK users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =dev-java/blackdown-jdk-1.4.2.01" All Blackdown JRE users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =dev-java/blackdown-jre-1.4.2.01" Note: You should unmerge all vulnerable versions to be fully protected. References ========= [ 1 ] iDEFENSE Security Advisory 11.22.04 ;type=vulnerabilities [ 2 ] CAN-2004-1029 [ 3 ] Blackdown Security Advisory 2004-01 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/200411-38 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines isof utmost importance to us. Any security concerns should be addressed to
Nov 29, 2004
Gentoo
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!