Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -5 articles for you...
91
security advisoryhigh severitysecurity issueGentoo: GLSA-202212-01 High: Curl Code Execution Risk Advisory
Multiple vulnerabilities have been found in curl, the worst of which could result in arbitrary code execution.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202212-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: curl: Multiple Vulnerabilities Date: December 19, 2022 Bugs: #803308, #813270, #841302, #843824, #854708, #867679, #878365 ID: 202212-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Multiple vulnerabilities have been found in curl, the worst of which could result in arbitrary code execution. Background ========= A command line tool and library for transferring data with URLs. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-misc/curl < 7.86.0 > = 7.86.0 Description ========== Multiple vulnerabilities have been discovered in curl. Please review the CVE identifiers referenced below for details. Impact ===== Please review the referenced CVE identifiers for details. Workaround ========= There is no known workaround at this time. Resolution ========= All curl users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =net-misc/curl-7.86.0" References ========= [ 1 ] CVE-2021-22922 https://nvd.nist.gov/vuln/detail/CVE-2021-22922 [ 2 ] CVE-2021-22923 https://nvd.nist.gov/vuln/detail/CVE-2021-22923 [ 3 ] CVE-2021-22925 https://nvd.nist.gov/vuln/detail/CVE-2021-22925 [ 4 ] CVE-2021-22926 https://nvd.nist.gov/vuln/detail/CVE-2021-22926 [ 5 ] CVE-2021-22945 https://nvd.nist.gov/vuln/detail/CVE-2021-22945 [ 6 ] CVE-2021-22946 https://nvd.nist.gov/vuln/detail/CVE-2021-22946 [ 7 ] CVE-2021-22947 https://nvd.nist.gov/vuln/detail/CVE-2021-22947 [ 8 ] CVE-2022-22576 https://nvd.nist.gov/vuln/detail/CVE-2022-22576 [ 9 ] CVE-2022-27774 https://nvd.nist.gov/vuln/detail/CVE-2022-27774 [ 10 ] CVE-2022-27775 https://nvd.nist.gov/vuln/detail/CVE-2022-27775 [ 11 ] CVE-2022-27776 https://nvd.nist.gov/vuln/detail/CVE-2022-27776 [ 12 ] CVE-2022-27779 https://nvd.nist.gov/vuln/detail/CVE-2022-27779 [ 13 ] CVE-2022-27780 https://nvd.nist.gov/vuln/detail/CVE-2022-27780 [ 14 ] CVE-2022-27781 https://nvd.nist.gov/vuln/detail/CVE-2022-27781 [ 15 ] CVE-2022-27782 https://nvd.nist.gov/vuln/detail/CVE-2022-27782 [ 16 ] CVE-2022-30115 https://nvd.nist.gov/vuln/detail/CVE-2022-30115 [ 17 ] CVE-2022-32205 https://nvd.nist.gov/vuln/detail/CVE-2022-32205 [ 18 ] CVE-2022-32206 https://nvd.nist.gov/vuln/detail/CVE-2022-32206 [ 19 ] CVE-2022-32207 https://nvd.nist.gov/vuln/detail/CVE-2022-32207 [ 20 ] CVE-2022-32208 https://nvd.nist.gov/vuln/detail/CVE-2022-32208 [ 21 ] CVE-2022-32221 https://nvd.nist.gov/vuln/detail/CVE-2022-32221 [ 22 ] CVE-2022-35252 https://nvd.nist.gov/vuln/detail/CVE-2022-35252 [ 23 ] CVE-2022-35260 https://nvd.nist.gov/vuln/detail/CVE-2022-35260 [ 24 ] CVE-2022-42915 https://nvd.nist.gov/vuln/detail/CVE-2022-42915 [ 25 ] CVE-2022-42916 https://nvd.nist.gov/vuln/detail/CVE-2022-42916 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202212-01 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to
Dec 19, 2022
Gentoo
91
security advisorygentooremote code executionGentoo: GLSA-201903-11 Moderate: XRootD Remote Command Execution
A vulnerability was discovered in XRootD which could lead to the remote execution of code.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201903-11 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: XRootD: Remote code execution Date: March 14, 2019 Bugs: #638420 ID: 201903-11 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= A vulnerability was discovered in XRootD which could lead to the remote execution of code. Background ========= A project that aims at giving high performance, scalable, and fault tolerant access to data repositories of many kinds. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-libs/xrootd < 4.8.3 > = 4.8.3 Description ========== A shell command injection was discovered in XRootD. Impact ===== A remote attacker could execute arbitrary code. Workaround ========= There is no known workaround at this time. Resolution ========= All XRootD users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =net-libs/xrootd-4.8.3" References ========= [ 1 ] CVE-2017-1000215 https://nvd.nist.gov/vuln/detail/CVE-2017-1000215 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201903-11 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should beaddressed to
Mar 14, 2019
Gentoo
198
security advisorycriticalremote accessArch Linux: ASA-201512-14 Critical: Thunderbird Remote Access Risks
The package thunderbird before version 38.5.0-1 is vulnerable to multiple issues. . Arch Linux Security Advisory ASA-201512-14 ========================================= Severity: Critical Date : 2015-12-25 CVE-ID : CVE-2015-7201 CVE-2015-7205 CVE-2015-7212 CVE-2015-7213 CVE-2015-7214 Package : thunderbird Type : multiple issues Remote : Yes Link : https://wiki.archlinux.org/title/CVE Summary ====== The package thunderbird before version 38.5.0-1 is vulnerable to multiple issues. Resolution ========= Upgrade to 38.5.0-1. # pacman -Syu "thunderbird> =38.5.0-1" The problem has been fixed upstream in version 38.5.0. Workaround ========= None. Description ========== - CVE-2015-7201 (cross-origin restriction bypass using data: and view-source: uri scheme): Security researcher Tsubasa Iinuma reported a mechanism to violate same-origin policy to content using data: and view-source: URIs to confuse protections and bypass restrictions. This resulted in the ability to read data from cross-site URLs and local files. - CVE-2015-7205 (overflow in MPEG4Extractor::readMetaData causes memory-safety bug): Security researcher Ronald Crane reported a vulnerability found through code inspection. This issue is an integer overflow while processing an MP4 format video file when an a erroneously-small buffer is allocated and then overrun, resulting in a potentially exploitable crash. - CVE-2015-7212 (underflow in RTPReceiverVideo::ParseRtpPacket causes memory-safety bug and information leak): Security researcher Ronald Crane reported an underflow found through code inspection. This does not all have a clear mechanism to be exploited through web content but could be vulnerable if a means can be found to trigger it. - CVE-2015-7213 (integer overflow allocating extremely large textures): Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team used the Address Sanitizer tool to discover an integer overflow when when allocating texturesof extremely larges sizes during graphics operations. This results in a potentially exploitable crash when triggered. - CVE-2015-7214 (miscellaneous memory safety hazards): Mozilla developers and community identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. Andrei Vaida, Jesse Ruderman, and Bob Clary reported memory safety problems and crashes that affect Firefox ESR 38.4 and Firefox 42. Impact ===== A remote attacker might be able to bypass the same-origin policy to access sensitive data, or execute arbitrary code on the affected host. References ========= https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/#thunderbird38.5 https://access.redhat.com/security/cve/CVE-2015-7201 https://access.redhat.com/security/cve/CVE-2015-7205 https://access.redhat.com/security/cve/CVE-2015-7212 https://access.redhat.com/security/cve/CVE-2015-7213 https://access.redhat.com/security/cve/CVE-2015-7214 . Heads up for Arch Linux users: a crucial security alert concerning various vulnerabilities in Thunderbird has been issued. Immediate upgrade recommended to maintain system integrity.. Arch Linux, Thunderbird, Remote Access, Security Advisory, Critical Issues. . Severity: Critical. LinuxSecurity.com Team
Dec 25, 2015
•Critical
ArchLinux
91
security advisorydenial of servicegentooGentoo: 200711-13 Notice: 3proxy Denial of Service Advisory Issued
A vulnerability has been discovered in 3proxy, possibly resulting in a Denial of Service.. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200711-13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: 3proxy: Denial of Service Date: November 08, 2007 Bugs: #196772 ID: 200711-13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= A vulnerability has been discovered in 3proxy, possibly resulting in a Denial of Service. Background ========= 3proxy is a really tiny cross-platform proxy servers set, including HTTP, HTTPS, FTP, SOCKS and POP3 support. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-proxy/3proxy < 0.5.3j > = 0.5.3j Description ========== 3proxy contains a double free vulnerability in the ftpprchild() function, which frees param-> hostname and calls the parsehostname() function, which in turn attempts to free param-> hostname again. Impact ===== A remote attacker could send a specially crafted request to the proxy, possibly resulting in a Denial of Service. Under typical configuration, the scope of this vulnerability is limited to the local network. Workaround ========= There is no known workaround at this time. Resolution ========= All 3proxy users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =net-proxy/3proxy-0.5.3j" References ========= [ 1 ] CVE-2007-5622 https://www.cve.org/CVERecord?id=CVE-2007-5622 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/200711-13 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to
Nov 08, 2007
Gentoo
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!