Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -5 articles for you...
87
security advisorycode executiondebianDebian: DSA-5763-1 Low: Pymatgen Code Execution Risk Detected
William Khem-Marquez discovered that Pymatgen, a Python library for materials analysis, could be tricked into running arbitrary code if a malformed CIF file is processed. . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-5763-1
Aug 30, 2024
•Low
Debian
89
security advisoryfedorarisk managementFedora 33: FEDORA-2021-dd62918333 Moderate: Python Yara Software Risk
Update to bugfix release 4.1.0 Security fix for CVE-2017-9438, CVE-2021-3402, CVE-2019-19648, CVE-2017-9438. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2021-dd62918333 2021-05-06 00:52:28.374770 --------------------------------------------------------------------------------Name : python-yara Product : Fedora 33 Version : 4.1.0 Release : 1.fc33 URL : https://github.com/VirusTotal/yara-python/ Summary : Python binding for the YARA pattern matching tool Description : Python binding for the YARA pattern matching tool. YARA is a tool aimed at (but not limited to) helping malware researchers to identify and classify malware samples. With YARA you can create descriptions of malware families (or whatever you want to describe) based on textual or binary patterns. Each description, a.k.a rule, consists of a set of strings and a Boolean expression which determine its logic. --------------------------------------------------------------------------------Update Information: Update to bugfix release 4.1.0 Security fix for CVE-2017-9438, CVE-2021-3402, CVE-2019-19648, CVE-2017-9438 --------------------------------------------------------------------------------ChangeLog: * Tue Apr 27 2021 Michal Ambroz - 4.1.0-1 - bump the python-yara as well to 4.1.0 * Tue Apr 27 2021 Michal Ambroz - 4.0.5-3 - rebuild for new version of yara 4.1.0 * Sun Apr 25 2021 Michal Ambroz - 4.0.5-2 - rebuild for epel * Sat Mar 13 2021 Michal Ambroz - 4.0.5-1 - bump to version 4.0.5 * Wed Feb 10 2021 Michal Ambroz - 4.0.4-1 - bump to version 4.0.4 * Thu Feb 4 2021 Michal Ambroz - 4.0.3-1 - bump to version 4.0.3 * Wed Jan 27 2021 Fedora Release Engineering - 4.0.2-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild --------------------------------------------------------------------------------References: [ 1 ] Bug #1459012 - CVE-2017-9438 yara: Stack consumption via acrafted rule mishandled in the _ur_re_emit function https://bugzilla.redhat.com/show_bug.cgi?id=1459012 [ 2 ] Bug #1930175 - CVE-2021-3402 libyara: Integer overflow in libyara/modules/macho/macho.c via a malicious Mach-O file https://bugzilla.redhat.com/show_bug.cgi?id=1930175 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2021-dd62918333' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
May 05, 2021
Fedora
202
security advisorymoderatesecurity updateopenSUSE Leap 15.1: 2020:2111-1 Moderate: FontForge Use-After-Free Risk
An update that fixes two vulnerabilities is now available. . openSUSE Security Update: Security update for fontforge ______________________________________________________________________________ Announcement ID: openSUSE-SU-2020:2111-1 Rating: moderate References: #1160220 #1178308 Cross-References: CVE-2020-25690 CVE-2020-5395 Affected Products: openSUSE Leap 15.1 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for fontforge fixes the following issues: - fix for Use-after-free (heap) in the SFD_GetFontMetaData() function and the crash (bsc#1178308 CVE-2020-25690). This update was imported from the SUSE:SLE-15:Update update project. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.1: zypper in -t patch openSUSE-2020-2111=1 Package List: - openSUSE Leap 15.1 (i586 x86_64): fontforge-20170731-lp151.4.6.1 fontforge-debuginfo-20170731-lp151.4.6.1 fontforge-debugsource-20170731-lp151.4.6.1 fontforge-devel-20170731-lp151.4.6.1 - openSUSE Leap 15.1 (noarch): fontforge-doc-20170731-lp151.4.6.1 References: https://www.suse.com/security/cve/CVE-2020-25690.html https://www.suse.com/security/cve/CVE-2020-5395.html https://bugzilla.suse.com/1160220 https://bugzilla.suse.com/1178308 _______________________________________________ openSUSE Security Announce mailing list --
Nov 29, 2020
OpenSUSE
91
security advisorygentoobuffer overflowGentoo: GLSA 202301-05 Normal: Scribus Memory Corruption Vulnerability
A buffer overflow vulnerability in Calligra could result in the execution of arbitrary code.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201209-10 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Calligra: User-assisted execution of arbitrary code Date: September 25, 2012 Bugs: #428890 ID: 201209-10 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= A buffer overflow vulnerability in Calligra could result in the execution of arbitrary code. Background ========= Calligra is an office suite by KDE. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 app-office/calligra < 2.4.3-r1 > = 2.4.3-r1 Description ========== An error in the read() function in styles.cpp could cause a heap-based buffer overflow. Impact ===== A remote attacker could entice a user to open a specially crafted ODF file, possibly resulting in execution of arbitrary code with the privileges of the process or a Denial of Service condition. Workaround ========= There is no known workaround at this time. Resolution ========= All Calligra users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =app-office/calligra-2.4.3-r1" References ========= [ 1 ] CVE-2012-3456 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3456 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201209-10 Concerns? ======== Security is a primary focus of GentooLinux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to
Sep 25, 2012
Gentoo
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!