[SECURITY] Fedora 40 Update: nano-7.2-7.fc40

GNU nano is a small and friendly text editor...

CVE-2024-33600

nscd: Null pointer crashes after notfound response If the Name Service Cache Daemon's nscd cache fails to add a not-found netgroup response to the cache, the client request can result in a null pointer dereference. This flaw was introduced in glibc 2.15 when the cache was added to nscd. This...

AZL-40316 CVE-2024-33601 affecting package glibc for versions less than 2.35-7

nscd: netgroup cache may terminate daemon on memory allocation failure The Name Service Cache Daemon's nscd netgroup cache uses xmalloc or xrealloc and these functions may terminate the process due to a memory allocation failure resulting in a denial of service to the clients. The flaw was...

AZL-40291 CVE-2024-33600 affecting package glibc for versions less than 2.38-11

nscd: Null pointer crashes after notfound response If the Name Service Cache Daemon's nscd cache fails to add a not-found netgroup response to the cache, the client request can result in a null pointer dereference. This flaw was introduced in glibc 2.15 when the cache was added to nscd. This...

AZL-40288 CVE-2024-33599 affecting package glibc for versions less than 2.38-11

nscd: Stack-based buffer overflow in netgroup cache If the Name Service Cache Daemon's nscd fixed size cache is exhausted by client requests then a subsequent client request for netgroup data may result in a stack-based buffer overflow. This flaw was introduced in glibc 2.15 when the cache was...

UBUNTU-CVE-2024-33601

nscd: netgroup cache may terminate daemon on memory allocation failure The Name Service Cache Daemon's nscd netgroup cache uses xmalloc or xrealloc and these functions may terminate the process due to a memory allocation failure resulting in a denial of service to the clients. The flaw was...

glibc: Multiple Vulnerabilities

Background glibc is a package that contains the GNU C library. Description Multiple vulnerabilities have been discovered in glibc. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workarou...

glibc 安全漏洞

glibc GNU C Library is the C standard library implemented by the GNU Project. A security vulnerability exists in glibc version 2.15, which stems from a potential stack-based buffer overflow if the fixed-size cache of the Name Service Cache Daemon nscd is exhausted...

Ubuntu: Security Advisory (USN-6762-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-6762-1: GNU C Library vulnerabilities

It was discovered that GNU C Library incorrectly handled netgroup requests. An attacker could possibly use this issue to cause a crash or execute arbitrary code. This issue only affected Ubuntu 14.04 LTS. CVE-2014-9984 It was discovered that GNU C Library might allow context-dependent attackers t...

USN-6762-1 eglibc, glibc vulnerabilities

It was discovered that GNU C Library incorrectly handled netgroup requests. An attacker could possibly use this issue to cause a crash or execute arbitrary code. This issue only affected Ubuntu 14.04 LTS. CVE-2014-9984 It was discovered that GNU C Library might allow context-dependent attackers t...

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : GNU C Library vulnerabilities (USN-6762-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6762-1 advisory. It was discovered that GNU C Library incorrectly handled netgroup requests. An attacker could possibly use this issue to cause a...

Moderate: Red Hat Security Advisory: gnutls security update

An update for gnutls is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

[SECURITY] [DLA 3802-1] org-mode security update

Debian LTS Advisory DLA-3802-1 [email protected] https://www.debian.org/lts/security/ Sean Whitton April 30, 2024 https://wiki.debian.org/LTS Package : org-mode Version : 9.1.14+dfsg-3+deb10u2 CVE ID : CVE-2024-30203 CVE-2024-30204 CVE-2024-30205 Debian Bug : 1067663 Multiple problems...

Important: glibc

Issue Overview: The iconv function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable. CVE-2024-2961...

Moderate: gnutls security update

The gnutls package provide the GNU Transport Layer Security GnuTLS library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS. Security Fixes: gnutls: vulnerable to Minerva side-channel information leak CVE-2024-28834 gnutls: potential crash during chain...

USN-6737-2 glibc vulnerability

USN-6737-1 fixed a vulnerability in the GNU C Library. This update provides the corresponding update for Ubuntu 24.04 LTS. Original advisory details: Charles Fol discovered that the GNU C Library iconv feature incorrectly handled certain input sequences. An attacker could use this issue to cause...

USN-6737-2: GNU C Library vulnerability

USN-6737-1 fixed a vulnerability in the GNU C Library. This update provides the corresponding update for Ubuntu 24.04 LTS. Original advisory details: Charles Fol discovered that the GNU C Library iconv feature incorrectly handled certain input sequences. An attacker could use this issue to cause...

USN-6755-1: GNU cpio vulnerabilities

Ingo Brückl discovered that cpio contained a path traversal vulnerability. If a user or automated system were tricked into extracting a specially crafted cpio archive, an attacker could possibly use this issue to write arbitrary files outside the target directory on the host, even if using the...

Ubuntu 24.04 LTS. : GNU C Library vulnerability (USN-6737-2)

The remote Ubuntu 24.04 LTS. host has packages installed that are affected by a vulnerability as referenced in the USN-6737-2 advisory. USN-6737-1 fixed a vulnerability in the GNU C Library. This update provides the corresponding update for Ubuntu 24.04 LTS. Tenable has extracted the preceding...