Security update for glibc

This update for glibc fixes the following issues: CVE-2025-4802: possible execution of attacker controlled code when statically linked setuid binaries using dlopen search for libraries to load in LDLIBRARYPATH bsc1243317. Patch Instructions: To install this SUSE update use the SUSE recommended...

PT-2025-40457

Name of the Vulnerable Software and Affected Versions Unity versions 2017.1 through 6000.3 Description A critical vulnerability exists in the Unity Runtime, potentially allowing attackers to execute arbitrary code on systems running applications built with affected versions of the engine. This...

Security update for glibc

This update for glibc fixes the following issues: Security issues fixed: CVE-2025-4802: possible execution of attacker controlled code when statically linked setuid binaries using dlopen search for libraries to load in LDLIBRARYPATH bsc1243317. Other issues fixed: Multi-threaded application hang...

Security update for glibc

This update for glibc fixes the following issues: CVE-2025-4802: possible execution of attacker controlled code when statically linked setuid binaries using dlopen search for libraries to load in LDLIBRARYPATH bsc1243317. Patch Instructions: To install this SUSE update use the SUSE recommended...

SUSE-SU-2025:01702-1 Security update for glibc

This update for glibc fixes the following issues: - CVE-2025-4802: possible execution of attacker controlled code when statically linked setuid binaries using dlopen search for libraries to load in LDLIBRARYPATH bsc1243317...

SUSE CVE-2025-4802

Untrusted LDLIBRARYPATH environment variable vulnerability in the GNU C Library version 2.27 to 2.38 allows attacker controlled loading of dynamically shared library in statically compiled setuid binaries that call dlopen including internal dlopen calls after setlocale or calls to NSS functions...

The vulnerability of the dlopen() function in the system library glibc, which allows a hacker to execute arbitrary code

The vulnerability of the dlopen function in the glibc system library is related to the use of an insecure path for searching executable programs when processing the LDLIBRARYPATH variable. Exploiting this vulnerability allows a remote attacker to execute arbitrary code by sending a specially...

DEBIAN-CVE-2025-4802

Untrusted LDLIBRARYPATH environment variable vulnerability in the GNU C Library version 2.27 to 2.38 allows attacker controlled loading of dynamically shared library in statically compiled setuid binaries that call dlopen including internal dlopen calls after setlocale or calls to NSS functions...

AZL-61873 CVE-2025-4802 affecting package glibc 2.35-10

Untrusted LDLIBRARYPATH environment variable vulnerability in the GNU C Library version 2.27 to 2.38 allows attacker controlled loading of dynamically shared library in statically compiled setuid binaries that call dlopen including internal dlopen calls after setlocale or calls to NSS functions...

CVE-2025-4802

Untrusted LDLIBRARYPATH environment variable vulnerability in the GNU C Library version 2.27 to 2.38 allows attacker controlled loading of dynamically shared library in statically compiled setuid binaries that call dlopen including internal dlopen calls after setlocale or calls to NSS functions...

AZL-61877 CVE-2025-4802 affecting package glibc for versions less than 2.38-14

Untrusted LDLIBRARYPATH environment variable vulnerability in the GNU C Library version 2.27 to 2.38 allows attacker controlled loading of dynamically shared library in statically compiled setuid binaries that call dlopen including internal dlopen calls after setlocale or calls to NSS functions...

UBUNTU-CVE-2025-4802

Untrusted LDLIBRARYPATH environment variable vulnerability in the GNU C Library version 2.27 to 2.38 allows attacker controlled loading of dynamically shared library in statically compiled setuid binaries that call dlopen including internal dlopen calls after setlocale or calls to NSS functions...

RHEL 5 : ruby (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - ruby: Command injection vulnerability in Net::FTP CVE-2017-17405 - ruby: OpenSSL::X509::Name equality che...

RHEL 6 : ruby (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - ruby: Command injection vulnerability in Net::FTP CVE-2017-17405 - ruby: OpenSSL::X509::Name equality che...

CLSA-2023-1691606104 openssh: Fix of CVE-2023-38408

CVE-2023-38408: checks libraries before dlopen and separate ssh-pkcs11-helpers for each p11 module...

openssh: Fix of CVE-2023-38408

CVE-2023-38408: checks libraries before dlopen...

CLSA-2023-1691576939 openssh: Fix of CVE-2023-38408

CVE-2023-38408: checks libraries before dlopen...

CLSA-2023-1691576785 openssh: Fix of CVE-2023-38408

CVE-2023-38408: checks libraries before dlopen...

anchor-client (=0.26.0), basejmp (=0.1.0) +250 more potentially affected by unknown CVE via dlopen_derive (=0.1.4)

dlopenderive CARGO version =0.1.4 is affected by a known vulnerability. The following packages have a transitive dependency on dlopenderive and may be impacted: - anchor-client =0.26.0 - basejmp =0.1.0 - bonfida-test-utils =0.1.0 - bonfida-utils =0.2.3, =0.2.0, =1.0.4, =2.0.16, =1.4.2, =1.3.0,...

PT-2023-36095 · Quote +3 · Quote +3

Name of the Vulnerable Software and Affected Versions: dlopen derive affected versions not specified Description: The issue concerns the dlopen derive crate, which has not been updated since June 9, 2019. It depends on outdated versions of quote and syn, specifically quote = "0.6.12" and syn =...