GNU Tar 安全漏洞

GNU Tar is a set of tools for creating tar-formatted files from the American GNU community. GNU Tar suffers from a directory traversal vulnerability that originates in a specially crafted TAR archive, which can be exploited by an attacker to access locations outside of restricted directories and...

CVE-2025-45582

GNU Tar through 1.35 allows file overwrite via directory traversal in crafted TAR archives, with a certain two-step process. First, the victim must extract an archive that contains a ../ symlink to a critical directory. Second, the victim must extract an archive that contains a critical file,...

SUSE CVE-2025-32989

A heap-buffer-overread vulnerability was found in GnuTLS in how it handles the Certificate Transparency CT Signed Certificate Timestamp SCT extension during X.509 certificate parsing. This flaw allows a malicious user to create a certificate containing a malformed SCT extension OID...

CVE-2025-32990

A heap-buffer-overflow off-by-one flaw was found in the GnuTLS software in the template parsing logic within the certtool utility. When it reads certain settings from a template file, it allows an attacker to cause an out-of-bounds OOB NULL pointer write, resulting in memory corruption and a...

GNU Binutils ld elflink.c elf_gc_sweep memory corruption

...

EulerOS 2.0 SP10 : emacs (EulerOS-SA-2025-1771)

According to the versions of the emacs package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In elisp-mode.el in GNU Emacs before 30.1, a user who chooses to invoke elisp-completion-at-point for code completion on untrusted Emacs Lisp source...

SUSE-SU-2025:02259-1 Recommended update for gpg2

This update for gpg2 fixes the following issues: - CVE-2025-30258: Fixed DoS due to a malicious subkey in the keyring bsc1239119. Other bugfixes: - Do not install expired sks certificate bsc1243069. - gpg hangs when importing a key bsc1236931...

PT-2025-29846 · Gnu +1 · Gpac +1

Уязвимость функции gf filter pid inst swap delete task утилиты MP4Box мультимедийной платформы GPAC связана с использованием памяти после освобождения. Эксплуатация уязвимости может позволить нарушителю вызвать отказ в обслуживании...

GNU Glibc Vulnerable to Memory Corruption via Heap Buffer Overflow during 'assert()' Failure (CVE-2025-0395)

GNU Glibc contains a memory corruption vulnerability that overflows the heap buffer by one or several bytes. The corruption occurs when the assert function fails under specific conditions. Heap buffer overflows are known to result in severe damage to the program's confidentiality, integrity, and...

SUSE-SU-2025:20465-1 Security update for gpg2

This update for gpg2 fixes the following issues: - gpg: Allow the use of an ADSK subkey as ADSK subkey. bsc1239119 CVE-2025-30258 - Don't install expired sks certificate bsc1243069...

RVISmith: Fuzzing Compilers for RVV Intrinsics

Modern processors are equipped with single instruction multiple data SIMD instructions for fine-grained data parallelism. Compiler auto-vectorization techniques that target SIMD instructions face performance limitations due to insufficient information available at compile time, requiring...

Security Bulletin: IBM Instana Observability is affected by multiple vulnerabilities within Instana Agent container image

Summary Multiple vulnerabilities were remediated in IBM Observability with Instana within Instana Agent container image build 1.0.298 Vulnerability Details CVEID:CVE-2025-27817 DESCRIPTION: A possible arbitrary file read and SSRF vulnerability has been identified in Apache Kafka Client. Apache...

glibc: static setuid binary dlopen may incorrectly search LD_LIBRARY_PATH

A flaw was found in the glibc library. A statically linked setuid binary that calls dlopen, including internal dlopen calls after setlocale or calls to NSS functions such as getaddrinfo, may incorrectly search LDLIBRARYPATH to determine which library to load, allowing a local attacker to load...

glibc: static setuid binary dlopen may incorrectly search LD_LIBRARY_PATH

A flaw was found in the glibc library. A statically linked setuid binary that calls dlopen, including internal dlopen calls after setlocale or calls to NSS functions such as getaddrinfo, may incorrectly search LDLIBRARYPATH to determine which library to load, allowing a local attacker to load...

Security Bulletin: GNU Wget through 1.21.1 could affect watsonx.data

Summary GNU Wget through 1.21.1 does not omit the Authorization header upon a redirect to a different origin. These could affect watsonx.data. Vulnerability Details CVEID:CVE-2021-31879 DESCRIPTION: GNU Wget through 1.21.1 does not omit the Authorization header upon a redirect to a different...

SUSE-SU-2025:20454-1 Security update for gpg2

This update for gpg2 fixes the following issues: Fix regression for the recent malicious subkey DoS fix in CVE-2025-30258. bsc1236931, bsc1239119, CVE-2025-30258...

Security update for gpg2

This update for gpg2 fixes the following issues: Fix regression for the recent malicious subkey DoS fix in CVE-2025-30258. bsc1236931, bsc1239119, CVE-2025-30258 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...

The vulnerability of the socket.c component of the GNU Screen terminal manager allows a attacker to cause a service failure.

The vulnerability of the socket.c component of the GNU Screen terminal manager is related to the improper assignment of permissions for critical resources. Exploiting this vulnerability can allow an attacker to cause a service failure...

Nix、lix和GNU Guix 竞争条件问题漏洞

GNU Guix is a product of the U.S. et all is a product of the U.S. GNU community.GNU Guix is an open source, cross-platform program package manager. lix et all is a product of the lix open source.lix is a package manager.Nix et all is a product of the Nix open source.Nix is a powerful package...

Nix、lix和GNU Guix 安全漏洞

GNU Guix is a product of the United States et all is a product of the United States GNU community. gnu guix is an open source, cross-platform program package manager. lix et all is a product of the lix open source. lix is a package manager. nix et all is a product of the nix open source. nix is a...