Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -6 articles for you...
197
security advisorydenial of serviceupdateDebian 8: DLA-1807-1 Critical: Vcftools Denial Of Service Issues
Webin security lab - dbapp security Ltd found three issues in vcftools, a collection of tools to work with VCF files. Different functions in header.cpp are vulnerable to denial of services due to use-after-free . Package : vcftools Version : 0.1.12+dfsg-1+deb8u1 CVE ID : CVE-2018-11099 CVE-2018-11129 CVE-2018-11130 Webin security lab - dbapp security Ltd found three issues in vcftools, a collection of tools to work with VCF files. Different functions in header.cpp are vulnerable to denial of services due to use-after-free issues or information disclosure due to heap-based buffer over-read. For Debian 8 "Jessie", these problems have been fixed in version 0.1.12+dfsg-1+deb8u1. We recommend that you upgrade your vcftools packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . Critical security advisory for vcftools: denial of service issues fixed in Debian 8 Jessie, CVE-2018-11099, CVE-2018-11129, CVE-2018-11130.. Debian LTS, vcftools, security update, denial of service. . Severity: Critical. LinuxSecurity.com Team
May 27, 2019
•Critical
Debian LTS
172
security advisoryUbuntuapplication crashUbuntu 16.04 LTS: USN-3974-1 Moderate: VCFtools Input Handling Crash
VCFTools could be made to crash if it received specially crafted input.. =========================================================================Ubuntu Security Notice USN-3974-1 May 13, 2019 VCFtools vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 LTS Summary: VCFTools could be made to crash if it received specially crafted input. Software Description: - vcftools: Collection of tools to work with VCF files Details: It was discovered that VCFtools improperly handled certain input. If a user was tricked into opening a crafted input file, VCFtools could be made to crash. (CVE-2018-11099, CVE-2018-11129, CVE-2018-11130) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 LTS: vcftools 0.1.14+dfsg-2ubuntu0.1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-3974-1 CVE-2018-11099, CVE-2018-11129, CVE-2018-11130 Package Information: https://launchpad.net/ubuntu/+source/vcftools/0.1.14+dfsg-2ubuntu0.1 -- ubuntu-security-announce mailing list
May 13, 2019
•Important
Ubuntu
89
security advisorycritical issuesoftware updateFedora 28: 2018:ea05fcd378 Critical: vcftools Use After Free Issue
- Update to latest upstream release 0.1.16. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2018-ea05fcd378 2018-12-30 01:38:50.660979 --------------------------------------------------------------------------------Name : vcftools Product : Fedora 28 Version : 0.1.16 Release : 1.fc28 URL : https://vcftools.github.io/ Summary : VCF file manipulation tools Description : A program package designed for working with VCF files, such as those generated by the 1000 Genomes Project. The aim of VCFtools is to provide methods for working with VCF files: validating, merging, comparing and calculate some basic population genetic statistics. --------------------------------------------------------------------------------Update Information: - Update to latest upstream release 0.1.16 --------------------------------------------------------------------------------ChangeLog: * Sun Aug 5 2018 Adam Huffman - 0.1.16-1 - Update to latest upstream release 0.1.16 * Sat Jul 14 2018 Fedora Release Engineering - 0.1.15-7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild * Mon Apr 9 2018 Filipe Rosset - 0.1.15-6 - added gcc-c++ as BR --------------------------------------------------------------------------------References: [ 1 ] Bug #1580228 - CVE-2018-11130 vcftools: Use after free in headerp.cpp:header::add_FORMAT_descriptor() [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1580228 [ 2 ] Bug #1580225 - CVE-2018-11129 vcftools: Use after free in header.cpp:header::add_INFO_descriptor() [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1580225 [ 3 ] Bug #1580222 - CVE-2018-11099 vcftools: Heap-based buffer over-read in header.cpp:header::add_INFO_descriptor() [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1580222 --------------------------------------------------------------------------------This update can be installed with the"dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2018-ea05fcd378' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Dec 30, 2018
•Critical
Fedora
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!