Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -2 articles for you...
203
security advisoryupdatebuffer overflowMageia 8: 2023-0102 Moderate: gedit Potential Security Exposure
A potential buffer overflow exists in the file src/w_help.c at line 55. Specifically, the length of the string returned by getenv("LANG") may become very long and cause a buffer overflow while executing the sprintf() function. This vulnerability could potentially allow an attacker to execute arbitrary code or cause a denial-of-service condition. . MGASA-2023-0101 - Updated xfig packages fix security vulnerability Publication date: 18 Mar 2023 URL: https://advisories.mageia.org/MGASA-2023-0101.html Type: security Affected Mageia releases: 8 CVE: CVE-2021-40241 A potential buffer overflow exists in the file src/w_help.c at line 55. Specifically, the length of the string returned by getenv("LANG") may become very long and cause a buffer overflow while executing the sprintf() function. This vulnerability could potentially allow an attacker to execute arbitrary code or cause a denial-of-service condition. (CVE-2021-40241) References: - https://bugs.mageia.org/show_bug.cgi?id=31650 - https://lists.debian.org/debian-lts-announce/2023/03/msg00005.html - https://www.cve.org/CVERecord?id=CVE-2021-40241 SRPMS: - 8/core/xfig-3.2.7b-1.1.mga8 . Enhanced xfig software in Mageia resolves a possible buffer overflow issue that might permit arbitrary code execution or result in a Denial of Service.. Mageia Security Update, xfig Buffer Overflow, Security Advisory 2023-0101. . LinuxSecurity.com Team
Mar 18, 2023
Mageia
197
security advisorymoderatebuffer overflowDebian 10 Buster DLA-3353-1 Moderate: xfig Buffer Overflow Risk
A security issue has been discovered in xfig, a diagramming tool for the interactive generation of figures under X11. CVE-2021-40241: . - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3353-1
Mar 05, 2023
Debian LTS
89
security advisoryFedorapatchFedora 31 xfig: Security Advisory FEDORA-2020-5d0f0593ae Critical Threats
- Security fix for CVE-2019-19746, CVE-2019-19797 - New upstream release 3.2.7b - Add patch fixing CVE-2019-19746 (rhbz#1787040) - Add patch fixing CVE-2019-19797 (rhbz#1786726). --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2020-5d0f0593ae 2020-01-25 06:33:58.982369 --------------------------------------------------------------------------------Name : xfig Product : Fedora 31 Version : 3.2.7b Release : 1.fc31 URL : https://en.wikipedia.org/wiki/Xfig Summary : An X Window System tool for drawing basic vector graphics Description : Xfig is an X Window System tool for creating basic vector graphics, including bezier curves, lines, rulers and more. The resulting graphics can be saved, printed on PostScript printers or converted to a variety of other formats (e.g., X11 bitmaps, Encapsulated PostScript, LaTeX). You should install xfig if you need a simple program to create vector graphics. --------------------------------------------------------------------------------Update Information: - Security fix for CVE-2019-19746, CVE-2019-19797 - New upstream release 3.2.7b - Add patch fixing CVE-2019-19746 (rhbz#1787040) - Add patch fixing CVE-2019-19797 (rhbz#1786726) --------------------------------------------------------------------------------ChangeLog: * Thu Jan 16 2020 Hans de Goede - 3.2.7b-1 - New upstream release 3.2.7b --------------------------------------------------------------------------------References: [ 1 ] Bug #1786726 - CVE-2019-19797 transfig: out-of-bounds write in read_colordef in read.c https://bugzilla.redhat.com/show_bug.cgi?id=1786726 [ 2 ] Bug #1787040 - CVE-2019-19746 transfig: integer overflow leads to out-of-bounds write in make_arrow in arrow.c https://bugzilla.redhat.com/show_bug.cgi?id=1787040 --------------------------------------------------------------------------------This update can be installed with the "dnf" updateprogram. Use su -c 'dnf upgrade --advisory FEDORA-2020-5d0f0593ae' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Jan 25, 2020
•Critical
Fedora
89
security advisoryfedoraupdateFedora 30 xfig Security Advisory: FEDORA-2020-6a2824178e Moderate Threat
- Security fix for CVE-2019-19746, CVE-2019-19797 - New upstream release 3.2.7b - Add patch fixing CVE-2019-19746 (rhbz#1787040) - Add patch fixing CVE-2019-19797 (rhbz#1786726). --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2020-6a2824178e 2020-01-24 18:50:35.138863 --------------------------------------------------------------------------------Name : xfig Product : Fedora 30 Version : 3.2.7b Release : 1.fc30 URL : https://en.wikipedia.org/wiki/Xfig Summary : An X Window System tool for drawing basic vector graphics Description : Xfig is an X Window System tool for creating basic vector graphics, including bezier curves, lines, rulers and more. The resulting graphics can be saved, printed on PostScript printers or converted to a variety of other formats (e.g., X11 bitmaps, Encapsulated PostScript, LaTeX). You should install xfig if you need a simple program to create vector graphics. --------------------------------------------------------------------------------Update Information: - Security fix for CVE-2019-19746, CVE-2019-19797 - New upstream release 3.2.7b - Add patch fixing CVE-2019-19746 (rhbz#1787040) - Add patch fixing CVE-2019-19797 (rhbz#1786726) --------------------------------------------------------------------------------ChangeLog: * Thu Jan 16 2020 Hans de Goede - 3.2.7b-1 - New upstream release 3.2.7b * Sat Jul 27 2019 Fedora Release Engineering - 3.2.7a-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild --------------------------------------------------------------------------------References: [ 1 ] Bug #1786726 - CVE-2019-19797 transfig: out-of-bounds write in read_colordef in read.c https://bugzilla.redhat.com/show_bug.cgi?id=1786726 [ 2 ] Bug #1787040 - CVE-2019-19746 transfig: integer overflow leads to out-of-bounds write in make_arrow in arrow.c https://bugzilla.redhat.com/show_bug.cgi?id=1787040 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2020-6a2824178e' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Jan 24, 2020
Fedora
198
security advisorymedium severityinformation disclosureArch Linux: 201804-9 Moderate: xfig Info Leak Information Disclosure
The package xfig before version 3.2.7-1 is vulnerable to information disclosure. . Arch Linux Security Advisory ASA-201804-9 ======================================== Severity: Medium Date : 2018-04-19 CVE-ID : CVE-2017-16899 Package : xfig Type : information disclosure Remote : Yes Link : https://security.archlinux.org/AVG-513 Summary ====== The package xfig before version 3.2.7-1 is vulnerable to information disclosure. Resolution ========= Upgrade to 3.2.7-1. # pacman -Syu "xfig> =3.2.7-1" The problem has been fixed upstream in version 3.2.7. Workaround ========= None. Description ========== An array index error in the fig2dev program in Xfig 3.2.6a allows remote attackers to cause a denial-of-service attack or information disclosure with a maliciously crafted Fig format file, related to a negative font value in dev/gentikz.c, and the read_textobject functions in read.c and read1_3.c. Impact ===== A remote attacker is able to crash the application or possibly disclose sensitive information on the affected host. References ========= https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=881143 https://security.archlinux.org/CVE-2017-16899 . Enhance xfig to fix vulnerabilities linked to information exposure as stated in Arch Linux Security Advisory ASA-201804-9, assigned a Medium risk level.. Arch Linux Advisory,Xfig Security Update,Info Leak Patch. . Severity: Medium. LinuxSecurity.com Team
Apr 23, 2018
•Medium
ArchLinux
91
security advisorydenial of servicegentooGentoo: 201412-14 Normal: Xfig Arbitrary Code Execution Threat
Two vulnerabilities have been found in Xfig, possibly resulting in execution of arbitrary code or Denial of Service.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201412-14 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Xfig: User-assisted execution of arbitrary code Date: December 13, 2014 Bugs: #297379 ID: 201412-14 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Two vulnerabilities have been found in Xfig, possibly resulting in execution of arbitrary code or Denial of Service. Background ========= Xfig is an interactive drawing tool. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 media-gfx/xfig < 3.2.5c > = 3.2.5c Description ========== A stack-based buffer overflow and a stack consumption vulnerability have been found in Xfig. Impact ===== A remote attacker could entice a user to open a specially-crafted file, potentially resulting in arbitrary code execution or a Denial of Service condition. Workaround ========= There is no known workaround at this time. Resolution ========= All Xfig users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =media-gfx/xfig-3.2.5c" References ========= [ 1 ] CVE-2009-4227 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4227 [ 2 ] CVE-2009-4228 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4228 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201412-14 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to
Dec 13, 2014
Gentoo
91
security advisorygentoobuffer overflowGentoo: GLSA-201312-16 Normal: Xfig Code Execution Advisory
A vulnerability in Xfig could result in execution of arbitrary code or Denial of Service.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201312-16 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Xfig: Arbitrary code execution Date: December 27, 2013 Bugs: #348344 ID: 201312-16 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= A vulnerability in Xfig could result in execution of arbitrary code or Denial of Service. Background ========= Xfig is an interactive drawing tool. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 media-gfx/xfig < 3.2.5b-r1 > = 3.2.5b-r1 Description ========== Xfig contains a buffer overflow vulnerability in processing certain FIG images. Impact ===== A remote attacker could entice a user to open a specially-crafted file, potentially resulting in arbitrary code execution or a Denial of Service condition. Workaround ========= There is no known workaround at this time. Resolution ========= All Xfig users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =media-gfx/xfig-3.2.5b-r1" NOTE: This is a legacy GLSA. Updates for all affected architectures are available since January 09, 2011. It is likely that your system is already no longer affected by this issue. References ========= [ 1 ] CVE-2010-4262 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4262 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo SecurityWebsite: https://security.gentoo.org/glsa/201312-16 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to
Dec 27, 2013
Gentoo
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!