Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -6 articles for you...
99
security advisorysecurity issuecriticalSlackware: wget2 Critical Remote Buffer Overflow SSA:2025-364-02
New wget2 packages are available for Slackware 15.0 and -current to fix security issues.. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] wget2 (SSA:2025-364-02) New wget2 packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: +--------------------------+ patches/packages/wget2-2.2.1-i586-1_slack15.0.txz: Upgraded. This update fixes bugs and the following security issues: Fix file overwrite issue with metalink. Fix remote buffer overflow in get_local_filename_real(), Fix buffer overflow in wget_iri_clone() after wget_iri_set_scheme(). Shared library .so-version bump. (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://www.slackware.com/ for additional mirror sites near you. Updated package for Slackware 15.0: ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/wget2-2.2.1-i586-1_slack15.0.txz Updated package for Slackware x86_64 15.0: ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/wget2-2.2.1-x86_64-1_slack15.0.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/wget2-2.2.1-i686-1.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/wget2-2.2.1-x86_64-1.txz MD5 signatures: +-------------+ Slackware 15.0 package: 06ccc5cb00d1bfae1cf28d8936f672e8 wget2-2.2.1-i586-1_slack15.0.txz Slackware x86_64 15.0 package: 64721c304ef80df73ad2dcd7b4086da2 wget2-2.2.1-x86_64-1_slack15.0.txz Slackware -current package: 1c46eafb055858059222b16252b4cb50 n/wget2-2.2.1-i686-1.txz Slackware x86_64 -current package: 4207ddd7bd3cce3e0eafe60c0a763d18 n/wget2-2.2.1-x86_64-1.txz Installationinstructions: +------------------------+ Upgrade the package as root: # upgradepkg wget2-2.2.1-i586-1_slack15.0.txz +-----+ . New wget2 packages address critical security issues in Slackware 15.0. Update recommended for all users to maintain safety.. Slackware wget2 update security critical issues buffer overflow. . Severity: Critical. LinuxSecurity.com Team
Dec 30, 2025
•Critical
Slackware
98
security advisoryupdatebuffer overflowRed Hat Enterprise Linux 8.1 RHSA-2021-3172 Important edk2 Update
An update for edk2 is now available for Red Hat Enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: edk2 security update Advisory ID: RHSA-2021:3172-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:3172 Issue date: 2021-08-17 ==================================================================== 1. Summary: An update for edk2 is now available for Red Hat Enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream EUS (v. 8.1) - noarch 3. Description: EDK (Embedded Development Kit) is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM. Security Fix(es): * edk2: remote buffer overflow in IScsiHexToBin function in NetworkPkg/IScsiDxe (BZ#1956284) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1956284 - edk2: remote buffer overflow in IScsiHexToBin function in NetworkPkg/IScsiDxe 6. Package List: Red Hat Enterprise Linux AppStream EUS (v.8.1): Source: edk2-20190308git89910a39dcfd-6.el8_1.1.src.rpm noarch: edk2-aarch64-20190308git89910a39dcfd-6.el8_1.1.noarch.rpm edk2-ovmf-20190308git89910a39dcfd-6.el8_1.1.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/updates/classification#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYRt0T9zjgjWX9erEAQjCiRAAgvQtsp9EGQc3vFoMGYtCdeWtJilvzTm2 pVytu6xCd38IVDgw38O5CKyJq7LxZhqzxdbdaCwo3w1zckc4wdyYsGQio3wauSUM cOmokpxYJ+yGlLEkEEpZ1/VYk1go8d+dflFoUJYPw63I+o/UHKTXeHrWyrC77Mk2 0X6cLfrubKKRhSOGgYUZsEsKLi3p6SvwKaz1VlLSiBhOfrwSfKz1DODBXCIRnKXy rGwzmT4UDfg0vtNssM4jk/UxEpZXAwUo7utC0jeiBEGvGAyfZaTq+xEv8U6q2wFK dTpGCcrt8FwY6cEgwJ/tR8sa1jSz6nlEUtaAE2TATUgEWXs0xy/Rp2sr1mmszFJE +Bl4df2lF2Gm8Y1RBDTZeWfL5+PhMOkWxrJWpzKYbORrXpKJs5Mp+vJiuSaJumwi Wd9HRZYn+2fc2bhu0CFFIuYdpaxqaoJQ4HuMnFjcuqT9rGJlb2HbI2iyr+FdzFnS Fk3klVqCc8N61hIm/w4quJQguhH3QDSykgVjHF2mdqaIKUmirowuOuAjEMoDcsfL 1givu4mx+kdq3EQ6Qnn0X+DkqVxSyIMudEcYOE3w6nnghTr0jq0q5UQXr5SPpnFU +JHFbvGiZ+KzOycurRpucFQICFSb8dxCRLYUnBOEDKW+/rB0Lbk+G1L8sLo7bvIr L/9qkGeLiR0=3zV/ -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Aug 17, 2021
•Important
Red Hat
99
security advisorysecurity issuebuffer overflowSlackware 14.x Security Notice: 2021-040-01 Severe Risk dnsmasq Overflow
New dnsmasq packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues. . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] dnsmasq (SSA:2021-040-01) New dnsmasq packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/dnsmasq-2.84-i586-1_slack14.2.txz: Upgraded. This update fixes bugs and remotely exploitable security issues: Use the values of --min-port and --max-port in outgoing TCP connections to upstream DNS servers. Fix a remote buffer overflow problem in the DNSSEC code. Any dnsmasq with DNSSEC compiled in and enabled is vulnerable to this, referenced by CVE-2020-25681, CVE-2020-25682, CVE-2020-25683 CVE-2020-25687. Be sure to only accept UDP DNS query replies at the address from which the query was originated. This keeps as much entropy in the {query-ID, random-port} tuple as possible, to help defeat cache poisoning attacks. Refer: CVE-2020-25684. Use the SHA-256 hash function to verify that DNS answers received are for the questions originally asked. This replaces the slightly insecure SHA-1 (when compiled with DNSSEC) or the very insecure CRC32 (otherwise). Refer: CVE-2020-25685. Handle multiple identical near simultaneous DNS queries better. Previously, such queries would all be forwarded independently. This is, in theory, inefficent but in practise not a problem, _except_ that is means that an answer for any of the forwarded queries will be accepted and cached. An attacker can send a query multiple times, and for each repeat, another {port, ID} becomes capable of accepting the answer he is sending in the blind, to random IDs and ports. The chance of a succesful attack is therefore multiplied by the number of repeats of the query. The new behaviour detects repeated queries and merely stores the clients sendingrepeats so that when the first query completes, the answer can be sent to all the clients who asked. Refer: CVE-2020-25686. For more information, see: https://www.cve.org/CVERecord?id=CVE-2020-25681 https://www.cve.org/CVERecord?id=CVE-2020-25682 https://www.cve.org/CVERecord?id=CVE-2020-25683 https://www.cve.org/CVERecord?id=CVE-2020-25684 https://www.cve.org/CVERecord?id=CVE-2020-25685 https://www.cve.org/CVERecord?id=CVE-2020-25686 https://www.cve.org/CVERecord?id=CVE-2020-25687 (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (https://osuosl.org/) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://www.slackware.com/ for additional mirror sites near you. Updated package for Slackware 14.0: Updated package for Slackware x86_64 14.0: Updated package for Slackware 14.1: Updated package for Slackware x86_64 14.1: Updated package for Slackware 14.2: Updated package for Slackware x86_64 14.2: Updated package for Slackware -current: Updated package for Slackware x86_64 -current: MD5 signatures: +-------------+ Slackware 14.0 package: 21656a83c165a785f6fadab6a1af1719 dnsmasq-2.84-i486-1_slack14.0.txz Slackware x86_64 14.0 package: 90cd9eda688df52f01a984506b1248b1 dnsmasq-2.84-x86_64-1_slack14.0.txz Slackware 14.1 package: 2bde4367a591308ecde01f438cd1c01e dnsmasq-2.84-i486-1_slack14.1.txz Slackware x86_64 14.1 package: b926b57679a8c420259c72fab90c73b6 dnsmasq-2.84-x86_64-1_slack14.1.txz Slackware 14.2 package: 433bd15bc94f577ac2235d246ec222c0 dnsmasq-2.84-i586-1_slack14.2.txz Slackware x86_64 14.2 package: 76081b1d11ac9b9ec3f8580163713163 dnsmasq-2.84-x86_64-1_slack14.2.txz Slackware -current package: 5dab2510f2d679a10b2b9881f8578053 n/dnsmasq-2.84-i586-1.txz Slackware x86_64 -current package: d1fca4e7b70ebdb7136288a3f1707813 n/dnsmasq-2.84-x86_64-1.txz Installationinstructions: +------------------------+ Upgrade the package as root: # upgradepkg dnsmasq-2.84-i586-1_slack14.2.txz Then restart dnsmasq if you are using it: # sh /etc/rc.d/rc.dnsmasq restart +-----+ . Enhanced dnsmasq versions for Slackware released to address significant security vulnerabilities. Ensure you update your systems now!. dnsmasq security, slackware update, buffer overflow fix. . Severity: Critical. LinuxSecurity.com Team
Feb 09, 2021
•Critical
Slackware
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!