Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -4 articles for you...
89
security advisoryfedorabuffer overflowFedora 28: FEDORA-2018-9dd3f7c013 Critical: unrtf Buffer Overflow
Patch for CVE-2016-10091. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2018-9dd3f7c013 2019-01-16 01:41:55.187670 --------------------------------------------------------------------------------Name : unrtf Product : Fedora 28 Version : 0.21.9 Release : 8.fc28 URL : Summary : RTF (Rich Text Format) to other formats converter Description : UnRTF is a command-line program written in C which converts documents in Rich Text Format (.rtf) to HTML, LaTeX, troff macros, and RTF itself. Converting to HTML, it supports a number of features of Rich Text Format: * Changes in the text's font, size, weight (bold), and slant (italic) * Underlines and strikethroughs * Partial support for text shadowing, outlining, embossing, or engraving * Capitalizations * Superscripts and subscripts * Expanded and condensed text * Changes in the foreground and background colors * Conversion of special characters to HTML entities --------------------------------------------------------------------------------Update Information: Patch for CVE-2016-10091 --------------------------------------------------------------------------------ChangeLog: * Fri Jun 8 2018 Ken Dreyer - 0.21.9-8 - Switch to %autosetup - Patch for CVE-2016-10091 --------------------------------------------------------------------------------References: [ 1 ] Bug #1409546 - CVE-2016-10091 unrtf: stack-based buffer overflows in cmd_* functions https://bugzilla.redhat.com/show_bug.cgi?id=1409546 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2018-9dd3f7c013' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. Moredetails on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Jan 16, 2019
•Critical
Fedora
91
security advisorydenial of servicegentooGentoo: GLSA 201507-06 Normal: UnRTF Code Execution Threats
Multiple vulnerabilities have been found in UnRTF, the worst of which may result in execution of arbitrary code.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201507-06 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: UnRTF: Multiple vulnerabilities Date: July 07, 2015 Bugs: #531544 ID: 201507-06 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Multiple vulnerabilities have been found in UnRTF, the worst of which may result in execution of arbitrary code. Background ========= UnRTF is a command-line program which converts RTF documents to other formats. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 app-text/unrtf < 0.21.9 > = 0.21.9 Description ========== Multiple vulnerabilities have been discovered in UnRTF. Please review the CVE identifiers referenced below for details. Impact ===== A remote attacker may be able to execute arbitrary code with the privileges of the process or cause a Denial of Service condition. Workaround ========= There is no known workaround at this time. Resolution ========= All UnRTF users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =app-text/unrtf-0.21.9" References ========= [ 1 ] CVE-2014-9274 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9274 [ 2 ] CVE-2014-9275 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9275 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201507-06 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to
Jul 07, 2015
Gentoo
87
security advisorydenial of servicecriticalDebian: DSA-5231-1 Urgent: Libxml2 Denial of Service Vulnerability
Michal Zalewski and Hanno Boeck discovered several vulnerabilities in unrtf, a RTF to other formats converter, leading to a denial of service (application crash) or, potentially, the execution of arbitrary code. . - ------------------------------------------------------------------------- Debian Security Advisory DSA-3158-1
Feb 09, 2015
•Critical
Debian
198
security advisoryhigh severitysecurity issueUbuntu Security: USN-1234-1 Critical: python3 Low Privilege Escalation
The package unrtf before version 0.21.7-1 is vulnerable to arbitrary code execution. . Arch Linux Security Advisory ASA-201412-20 ========================================= Severity: High Date : 2014-12-16 CVE-ID : CVE-2014-9274 CVE-2014-9275 Package : unrtf Type : arbitrary code execution Remote : No Link : https://wiki.archlinux.org/title/CVE-2014 Summary ====== The package unrtf before version 0.21.7-1 is vulnerable to arbitrary code execution. Resolution ========= Upgrade to 0.21.7-1. # pacman -Syu "unrtf> =0.21.7-1" The problems have been fixed upstream in version 0.21.7. Workaround ========= None. Description ========== - CVE-2014-9274 (arbitrary code execution) A flaw allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code as demonstrated by a file containing the string "{\cb-999999999". - CVE-2014-9275 (arbitrary code execution) A flaw allows remote attackers to cause a denial of service (out-of-bounds memory access and crash) and possibly execute arbitrary code via a crafted RTF file. Impact ===== An attacker able to craft a RTF file could use those issues to cause a crash or execute arbitrary code while accessing a pointer that may be under the attacker's control. References ========= https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9274 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9275 https://bugzilla.redhat.com/show_bug.cgi?id=1170233 https://seclists.org/oss-sec/2014/q4/904 https://bugs.archlinux.org/task/43131 . The Fedora Security Alert FSA-202305-10 brings attention to the critical flaw in the unrtf software, necessitating immediate upgrades to ensure security compliance.. Arch Linux Advisory, unrtf Patch, High Severity Exploit, Code Execution Risk. . LinuxSecurity.com Team
Dec 16, 2014
ArchLinux
91
security advisorybuffer overflowgentoo linuxGentoo 200501-15 Normal: UnRTF Buffer Overflow Allowing Code Execution
A buffer overflow in UnRTF allows an attacker to execute arbitrary code by way of a specially crafted RTF file.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200501-15 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: UnRTF: Buffer overflow Date: January 10, 2005 Bugs: #74480 ID: 200501-15 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= A buffer overflow in UnRTF allows an attacker to execute arbitrary code by way of a specially crafted RTF file. Background ========= UnRTF is a utility to convert files in the Rich Text Format into other formats. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 app-text/unrtf < 0.19.3-r1 > = 0.19.3-r1 Description ========== An unchecked strcat() in unrtf may overflow the bounds of a static buffer. Impact ===== Using a specially crafted file, possibly delivered by e-mail or over the web, an attacker may execute arbitrary code with the permissions of the user running UnRTF. Workaround ========= There is no known workaround at this time. Resolution ========= All unrtf users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =app-text/unrtf-0.19.3-r1" References ========= [ 1 ] Original Announcement Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/200501-15 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuringthe confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to
Jan 11, 2005
Gentoo
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!