Security Bulletin: Multiple security vulnerabilities are addressed with IBM Process Mining Interim Fix for May 2025

Summary In addition to many updates of operating system level packages, the following security vulnerabilities are addressed with IBM Process Mining 2.0.1 IF001 Vulnerability Details CVEID:CVE-2025-31651 DESCRIPTION: Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in...

USN-7541-1: GNU C Library vulnerability

It was discovered that the GNU C Library incorrectly search LDLIBRARYPATH to determine which library to load when statically linked setuid binary calls dlopen. A local attacker could possibly use this issue to cause a denial of service or execute arbitrary code...

USN-7541-1 glibc vulnerability

It was discovered that the GNU C Library incorrectly search LDLIBRARYPATH to determine which library to load when statically linked setuid binary calls dlopen. A local attacker could possibly use this issue to cause a denial of service or execute arbitrary code...

Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS : GNU C Library vulnerability (USN-7541-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-7541-1 advisory. It was discovered that the GNU C Library incorrectly search LDLIBRARYPATH to determine which library to load when statically linked setuid...

Gnu Screen Arbitrary File Creation Vulnerability

Gnu Screen is an application from the American GNU community. It provides the effect of getting multiple virtual terminals on one physical terminal. Gnu Screen suffers from an arbitrary file creation vulnerability that stems from the logfilereopen function not properly dropping permissions, no...

Unspecified Vulnerability in Gnu Screen

Gnu Screen is an application from the American GNU community. It provides the effect of getting multiple virtual terminals on one physical terminal. Gnu Screen suffers from a security vulnerability that stems from TTY hijacking, but no details of the vulnerability are available at this time...

Unspecified Vulnerability in Gnu Screen

Gnu Screen is an application from the American GNU community. It provides the effect of getting multiple virtual terminals on one physical terminal. Gnu Screen suffers from a security vulnerability that stems from a pseudo-terminal default mode change, which can be exploited by an attacker to cau...

GNU PSPP Input Validation Error Vulnerability

GNU PSPP is an application for data sampling, statistics and analysis from the American GNU community. An input validation error vulnerability exists in GNU PSPP that stems from improper parameter handling, and no details of the vulnerability are provided at this time...

CVE-2025-5278

A flaw was found in GNU Coreutils. The sort utility's begfield function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitiv...

CVE-2025-5278

A flaw was found in GNU Coreutils. The sort utility's begfield function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitiv...

UBUNTU-CVE-2025-5278

A flaw was found in GNU Coreutils. The sort utility's begfield function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitiv...

CVE-2025-5278 Coreutils: heap buffer under-read in gnu coreutils sort via key specification

A flaw was found in GNU Coreutils. The sort utility's begfield function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitiv...

CVE-2025-5278 Coreutils: heap buffer under-read in gnu coreutils sort via key specification

A flaw was found in GNU Coreutils. The sort utility's begfield function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitiv...

CVE-2025-5278

CVE-2025-5278 (GNU Coreutils) : The sort utility’s begfield() is vulnerable to a heap buffer under-read, allowing access to memory outside the allocated buffer when a crafted command uses the traditional key format. The result can be a crash or leakage of sensitive data. Connected sources (EulerO...

CVE-2025-5278

A flaw was found in GNU Coreutils. The sort utility's begfield function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitiv...

ALPINE-CVE-2025-5245

A vulnerability classified as critical has been found in GNU Binutils up to 2.44. This affects the function debugtypesamep of the file /binutils/debug.c of the component objdump. The manipulation leads to memory corruption. Local access is required to approach this attack. The exploit has been...

CVE-2025-5245

A vulnerability classified as critical has been found in GNU Binutils up to 2.44. This affects the function debugtypesamep of the file /binutils/debug.c of the component objdump. The manipulation leads to memory corruption. Local access is required to approach this attack. The exploit has been...

AZL-61983 CVE-2025-5245 affecting package binutils for versions less than 2.37-15

A vulnerability classified as critical has been found in GNU Binutils up to 2.44. This affects the function debugtypesamep of the file /binutils/debug.c of the component objdump. The manipulation leads to memory corruption. Local access is required to approach this attack. The exploit has been...

AZL-61988 CVE-2025-5245 affecting package binutils for versions less than 2.41-6

A vulnerability classified as critical has been found in GNU Binutils up to 2.44. This affects the function debugtypesamep of the file /binutils/debug.c of the component objdump. The manipulation leads to memory corruption. Local access is required to approach this attack. The exploit has been...

CVE-2025-5245

A vulnerability classified as critical has been found in GNU Binutils up to 2.44. This affects the function debugtypesamep of the file /binutils/debug.c of the component objdump. The manipulation leads to memory corruption. Local access is required to approach this attack. The exploit has been...