Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -3 articles for you...
91
security advisorydenial of servicegentooGentoo GLSA-202408-16: re2c Denial of Service Risk Notification
A vulnerability has been discovered in re2c, which can lead to a denial of service.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202408-16 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: re2c: Denial of Service Date: August 09, 2024 Bugs: #719872 ID: 202408-16 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== A vulnerability has been discovered in re2c, which can lead to a denial of service. Background ========== re2c is a tool for generating C-based recognizers from regular expressions. Affected packages ================= Package Vulnerable Unaffected ------------- ------------ ------------ dev-util/re2c < 2.0 > = 2.0 Description =========== Please review the CVE identifier referenced below for details. Impact ====== Please review the CVE identifier referenced below for details. Workaround ========== There is no known workaround at this time. Resolution ========== All re2c users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =dev-util/re2c-2.0" References ========== [ 1 ] CVE-2018-21232 https://nvd.nist.gov/vuln/detail/CVE-2018-21232 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202408-16 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to
Aug 09, 2024
Gentoo
202
security advisorymoderate severityvulnerabilityopenSUSE 15.5: 2023:3354-1 Critical: LibX11 Out-of-Bounds Read Issue
This update for re2c fixes the following issues: CVE-2018-21232: Fixed excess stack consumption due to uncontrolled recursion in find_fixed_tags (bsc#1170890).. # Security update for re2c Announcement ID: SUSE-SU-2023:3353-1 Rating: moderate References: * #1170890 Cross-References: * CVE-2018-21232 CVSS scores: * CVE-2018-21232 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for re2c fixes the following issues: * CVE-2018-21232: Fixed excess stack consumption due to uncontrolled recursion in find_fixed_tags (bsc#1170890). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-3353=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-3353=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-3353=1 * Basesystem Module 15-SP5 zypper in -t patchSUSE-SLE-Module-Basesystem-15-SP5-2023-3353=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-3353=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-3353=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-3353=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * re2c-debugsource-1.0.3-150000.3.3.1 * re2c-debuginfo-1.0.3-150000.3.3.1 * re2c-1.0.3-150000.3.3.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * re2c-debugsource-1.0.3-150000.3.3.1 * re2c-debuginfo-1.0.3-150000.3.3.1 * re2c-1.0.3-150000.3.3.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * re2c-debugsource-1.0.3-150000.3.3.1 * re2c-debuginfo-1.0.3-150000.3.3.1 * re2c-1.0.3-150000.3.3.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * re2c-debugsource-1.0.3-150000.3.3.1 * re2c-debuginfo-1.0.3-150000.3.3.1 * re2c-1.0.3-150000.3.3.1 * SUSE Manager Proxy 4.2 (x86_64) * re2c-debugsource-1.0.3-150000.3.3.1 * re2c-debuginfo-1.0.3-150000.3.3.1 * re2c-1.0.3-150000.3.3.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * re2c-debugsource-1.0.3-150000.3.3.1 * re2c-debuginfo-1.0.3-150000.3.3.1 * re2c-1.0.3-150000.3.3.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * re2c-debugsource-1.0.3-150000.3.3.1 * re2c-debuginfo-1.0.3-150000.3.3.1 * re2c-1.0.3-150000.3.3.1 ## References: * https://www.suse.com/security/cve/CVE-2018-21232.html * https://bugzilla.suse.com/show_bug.cgi?id=1170890 . Re2c has updated to fix CVE-2018-21232, a vulnerability causing excessive stack usage and potential denial of service. Update for better stability. re2c Update, openSUSE Patch, Security Fix, Stack Consumption. . LinuxSecurity.com Team
Aug 18, 2023
OpenSUSE
203
security advisorymoderateMageiaMageia: 2021-0300 Moderate: libxyz Buffer Overflow Vulnerability
re2c before 2.0 has uncontrolled recursion that causes stack consumption in find_fixed_tags (CVE-2018-21232). References: - https://bugs.mageia.org/show_bug.cgi?id=26549 . MGASA-2021-0299 - Updated re2c package fixes a security vulnerability Publication date: 29 Jun 2021 URL: https://advisories.mageia.org/MGASA-2021-0299.html Type: security Affected Mageia releases: 7 CVE: CVE-2018-21232 re2c before 2.0 has uncontrolled recursion that causes stack consumption in find_fixed_tags (CVE-2018-21232). References: - https://bugs.mageia.org/show_bug.cgi?id=26549 - https://github.com/skvadrik/re2c/issues/219 - https://www.cve.org/CVERecord?id=CVE-2018-21232 SRPMS: - 7/core/re2c-2.0.3-1.mga7 . The revised re2c software resolves a significant stack overflow vulnerability, enhancing the protection for Mandriva users.. re2c Update, Mageia Security, Stack Consumption Issue, Software Patch. . LinuxSecurity.com Team
Jun 29, 2021
Mageia
91
security advisorygentoobuffer overflowGentoo: GLSA 202007-28 Normal: re2c Buffer Overflow Denial of Service
A vulnerability in re2c could lead to a Denial of Service condition.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202007-28 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: re2c: Buffer overflow Date: July 27, 2020 Bugs: #718350 ID: 202007-28 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= A vulnerability in re2c could lead to a Denial of Service condition. Background ========= re2c is a tool for generating C-based recognizers from regular expressions. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-util/re2c < 1.3-r1 > = 1.3-r1 Description ========== A heap buffer overflow vulnerability was discovered in re2c. Impact ===== An attacker could possibly cause a Denial of Service condition. Workaround ========= There is no known workaround at this time. Resolution ========= All re2c users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =dev-util/re2c-1.3-r1" References ========= [ 1 ] CVE-2020-11958 https://nvd.nist.gov/vuln/detail/CVE-2020-11958 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202007-28 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to
Jul 26, 2020
Gentoo
172
security advisorysecurity issuesoftware updateUbuntu 20.04 LTS USN-4338-2 Critical: re2c Code Execution Issue
re2c could be made to execute arbitrary code if it received a specially crafted file.. =========================================================================Ubuntu Security Notice USN-4338-2 April 28, 2020 re2c vulnerability ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.04 LTS Summary: re2c could be made to execute arbitrary code if it received a specially crafted file. Software Description: - re2c: tool for generating fast C-based recognizers Details: USN-4338-1 fixed vulnerabilities in re2c. This update provides the corresponding update for Ubuntu 20.04 LTS. Original advisory details: Agostino Sarubbo discovered that re2c incorrectly handled certain files. An attacker could possibly use this issue to execute arbitrary code. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS: re2c 1.3-1ubuntu0.1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-4338-2 https://ubuntu.com/security/notices/USN-4338-1 CVE-2020-11958 Package Information: https://launchpad.net/ubuntu/+source/re2c/1.3-1ubuntu0.1 . The Ubuntu Security Notice USN-4444-1 describes a vulnerability in libxml2 that may lead to remote code execution via specially crafted XML documents.. Ubuntu Security, re2c Vulnerability, Software Update, Code Execution, Security Notice. . Severity: Critical. LinuxSecurity.com Team
Apr 28, 2020
•Critical
Ubuntu
172
security advisorycriticalsoftware updateUbuntu: 4338-1 Critical Vulnerability in re2c Allows Code Execution
re2c could be made to execute arbitrary code if it received a specially crafted file.. =========================================================================Ubuntu Security Notice USN-4338-1 April 22, 2020 re2c vulnerability ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 19.10 Summary: re2c could be made to execute arbitrary code if it received a specially crafted file. Software Description: - re2c: tool for generating fast C-based recognizers Details: Agostino Sarubbo discovered that re2c incorrectly handled certain files. An attacker could possibly use this issue to execute arbitrary code. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 19.10: re2c 1.2.1-1ubuntu0.1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-4338-1 CVE-2020-11958 Package Information: https://launchpad.net/ubuntu/+source/re2c/1.2.1-1ubuntu0.1 . The Ubuntu Security Notice USN-4338-1 highlights a serious vulnerability found in the re2c tool, emphasizing essential update protocols to mitigate risks.. Ubuntu Security Notice,re2c vulnerability,arbitrary code execution,security update. . Severity: Critical. LinuxSecurity.com Team
Apr 22, 2020
•Critical
Ubuntu
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!