OESA-2024-1844 glibc security update

The GNU C Library project provides the core libraries for the GNU system and GNU/Linux systems, as well as many other systems that use Linux as the kernel. These libraries provide critical APIs including ISO C11, POSIX.1-2008, BSD, OS-specific APIs and more. These APIs include such foundational...

OESA-2024-1843 glibc security update

The GNU C Library project provides the core libraries for the GNU system and GNU/Linux systems, as well as many other systems that use Linux as the kernel. These libraries provide critical APIs including ISO C11, POSIX.1-2008, BSD, OS-specific APIs and more. These APIs include such foundational...

[SECURITY] Fedora 39 Update: cockpit-320-1.fc39

The Cockpit Web Console enables users to administer GNU/Linux servers using a web browser. It offers network configuration, log inspection, diagnostic reports, SELinux troubleshooting, interactive command-line sessions, and more...

GNU Coreutils: Buffer Overflow Vulnerability

Background The GNU Core Utilities are the basic file, shell and text manipulation utilities of the GNU operating system. Description A vulnerability has been discovered in the Coreutils "split" program that can lead to a heap buffer overflow and possibly arbitrary code execution. Impact Please...

BusyBox: Multiple Vulnerabilities

Background BusyBox is set of tools for embedded systems and is a replacement for GNU Coreutils. Description Multiple vulnerabilities have been discovered in BusyBox. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details...

GLSA-202407-16 : GNU Coreutils: Buffer Overflow Vulnerability

The remote host is affected by the vulnerability described in GLSA-202407-16 GNU Coreutils: Buffer Overflow Vulnerability A vulnerability has been discovered in the Coreutils split program that can lead to a heap buffer overflow and possibly arbitrary code execution. Tenable has extracted the...

CBL Mariner 2.0 Security Update: patch (CVE-2018-1000156)

The version of patch installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2018-1000156 advisory. - GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specificall...

CBL Mariner 2.0 Security Update: patch (CVE-2019-13638)

The version of patch installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2019-13638 advisory. - GNU patch through 2.7.6 is vulnerable to OS shell command injection that can be exploited by opening a crafte...

CBL Mariner 2.0 Security Update: patch (CVE-2018-20969)

The version of patch installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2018-20969 advisory. - doedscript in pch.c in GNU patch through 2.7.6 does not block strings beginning with a ! character. NOTE: thi...

CBL Mariner 2.0 Security Update: patch (CVE-2018-6951)

The version of patch installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2018-6951 advisory. - An issue was discovered in GNU patch through 2.7.6. There is a segmentation fault, associated with a NULL...

CBL Mariner 2.0 Security Update: coreutils (CVE-2016-2781)

The version of coreutils installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2016-2781 advisory. - chroot in GNU coreutils, when used with --userspec, allows local users to escape to the parent session via...

Updated gdb packages fix security vulnerabilities

An illegal memory access flaw was found in the binutils package. Parsing an ELF file containing corrupt symbol version information may result in a denial of service. This issue is the result of an incomplete fix for CVE-2020-16599. CVE-2022-4285 A potential heap based buffer overflow was found in...

GNU Emacs, Org Mode: Multiple Vulnerabilities

Background GNU Emacs is a highly extensible and customizable text editor. Description Multiple vulnerabilities have been discovered in GNU Emacs. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no...

GLSA-202407-08 : GNU Emacs, Org Mode: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202407-08 GNU Emacs, Org Mode: Multiple Vulnerabilities Multiple vulnerabilities have been discovered in GNU Emacs. Please review the CVE identifiers referenced below for details. Tenable has extracted the preceding description...

Race Condition

Overview Affected versions of this package are vulnerable to Race Condition in OpenSSH's server sshd due to a signal handler race condition when a client does not authenticate within LoginGraceTime seconds 120 by default, 600 in old OpenSSH versions. An attacker can execute arbitrary code as root...

Glibc: off-by-one heap-based buffer overflow in __vsyslog_internal()

...

Glibc: heap-based buffer overflow in __vsyslog_internal()

...

[SECURITY] [DLA 3849-1] org-mode security update

Debian LTS Advisory DLA-3849-1 [email protected] https://www.debian.org/lts/security/ Sean Whitton June 29, 2024 https://wiki.debian.org/LTS Package : emacs Version : emacs 1:26.1+1-3.2+deb10u6 CVE ID : CVE-2024-39331 Debian Bug : 1074136 A vulnerability was discovered in GNU Emacs, the...

Debian dla-3848 : elpa-org - security update

The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3848 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3848-1 [email protected] https://www.debian.org/lts/security/...

OESA-2024-1754 aspell security update

GNU Aspell is a spell checker intended to replace Ispell. It can be used as a library and spell checker. Its main feature is that it provides much better suggestions than other inspectors, including Ispell and Microsoft Word. It also has many other technical enhancements to Ispell, such as the us...