The vulnerability of the dwarf::to_string function in the ELF and DWARF v4 file reading library Libelfin, which allows a attacker to cause a service denial

The vulnerability of the dwarf::tostring function in the ELF and DWARFv4 file reading library Libelfin is related to insufficient elimination of special elements in the request. Exploiting this vulnerability allows a remote attacker to trigger a service denial using a specially created ELF file...

Updated terminology package fixes security vulnerability CVE-2018-20167

Terminology before 1.3.1 allows Remote Code Execution because popmedia is mishandled, as demonstrated by an unsafe "cat README.md" command when \epn is used. A popmedia control sequence can allow the malicious execution of executable file formats registered in the X desktop share MIME types...