Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -6 articles for you...
203
security advisorybug fixmedium severityMageia 9: 2025-0138 Medium Risk of HAProxy Overflow Vulnerability
BUG/MEDIUM: sample: fix risk of overflow when replacing multiple regex back-refsAleandro Prudenzano of Doyensec and Edoardo Geraci of Codean Labs reported a bug in sample_conv_regsub(), which can cause replacements of multiple back-references to overflow the temporary trash buffer. The problem happens when doing "regsub(match,replacement,g)": . MGASA-2025-0138 - Updated haproxy packages fix security vulnerability Publication date: 25 Apr 2025 URL: https://advisories.mageia.org/MGASA-2025-0138.html Type: security Affected Mageia releases: 9 CVE: CVE-2025-32464 BUG/MEDIUM: sample: fix risk of overflow when replacing multiple regex back-refsAleandro Prudenzano of Doyensec and Edoardo Geraci of Codean Labs reported a bug in sample_conv_regsub(), which can cause replacements of multiple back-references to overflow the temporary trash buffer. The problem happens when doing "regsub(match,replacement,g)": we're replacing every occurrence of "match" with "replacement" in the input sample, which requires a length check. For this, a max is applied, so that a replacement may not use more than the remaining length in the buffer. However, the length check is made on the replaced pattern and not on the temporary buffer used to carry the new string. This results in the remaining size to be usable for each input match, which can go beyond the temporary buffer size if more than one occurrence has to be replaced with something that's larger than the remaining room. References: - https://bugs.mageia.org/show_bug.cgi?id=34186 - https://ubuntu.com/security/notices/USN-7431-1 - - https://www.cve.org/CVERecord?id=CVE-2025-32464 SRPMS: - 9/core/haproxy-2.8.14-1.1.mga9 . Newly released HAProxy updates tackle buffer overflow vulnerabilities in Mageia related to CVE-2025-32464. Check for complete resolution information.. Haproxy Update,Mageia Security,Security Advisory,Overflow Vulnerability,Medium Severity Advisory. . Severity: Medium. LinuxSecurity.com Team
Apr 25, 2025
•Medium
Mageia
100
security advisorysecurity issuecritical updateSUSE: 2022:2639-1 Critical Update for suse/sle15 Container Security
The container suse/sle15 was updated. The following patches have been included in this update:. SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2639-1 Container Tags : suse/sle15:15.0 , suse/sle15:15.0.4.22.628 Container Release : 4.22.628 Severity : critical Type : security References : 1204357 CVE-2022-3515 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3683-1 Released: Fri Oct 21 11:48:39 2022 Summary: Security update for libksba Type: security Severity: critical References: 1204357,CVE-2022-3515 This update for libksba fixes the following issues: - CVE-2022-3515: Fixed a possible overflow in the TLV parser (bsc#1204357). The following package changes have been done: - libksba8-1.3.5-150000.4.3.1 updated . SUSE Container Update Notification for suse/sle15 tackles severe vulnerabilities related to libksba along with overflow threats.. SUSE Update, Container Security, Critical Patch, libksba Issue. . Severity: Critical. LinuxSecurity.com Team
Oct 23, 2022
•Critical
SuSE
91
security advisoryGentoosoftware upgradeGentoo: GLSA-200401-04 Normal: GAIM 0.75 Remote Overflow Advisory
Various overflows in the handling of AIM DirectIM packets was revealed in GAIM that could lead to a remote compromise of the IM client.. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200401-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - ~ https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - ~ Severity: Normal ~ Title: GAIM 0.75 Remote overflows ~ Date: January 27, 2004 ~ Bugs: #39470 ~ ID: 200401-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Various overflows in the handling of AIM DirectIM packets was revealed in GAIM that could lead to a remote compromise of the IM client. Background ========= Gaim is a multi-platform and multi-protocol instant messaging client. It is compatible with AIM , ICQ, MSN Messenger, Yahoo, IRC, Jabber, Gadu-Gadu, and the Zephyr networks. Description ========== Yahoo changed the authentication methods to their IM servers, rendering GAIM useless. The GAIM team released a rushed release solving this issue, however, at the same time a code audit revealed 12 vulnerabilities [ 1 ]. Impact ===== Due to the nature of instant messaging many of these bugs require man-in-the-middle attacks between the client and the server. But the underlying protocols are easy to implement and attacking ordinary TCP sessions is a fairly simple task. As a result, all users are advised to upgrade their GAIM installation. [ * ] Users of GAIM 0.74 or below are affected by 7 of the ~ vulnerabilities and are encouraged to upgrade. [ * ] Users of GAIM 0.75 are affected by 11 of the vulnerabilities ~ and are encouraged to upgrade to the patched version of GAIM ~ offered by Gentoo. [ * ] Users of GAIM 0.75-r6 are only affected by 4 of the ~ vulnerabilities, but arestill urged to upgrade to maintain ~ security. Workaround ========= There is no immediate workaround; a software upgrade is required. Resolution ========= All users are recommended to upgrade GAIM to 0.75-r7. ~ $> emerge sync ~ $> emerge -pv "> =net-im/gaim-0.75-r7" ~ $> emerge "> =net-im/gaim-0.75-r7" References ========= ~ [ 1 ] : Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to
Jan 27, 2004
Gentoo
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!