Ubuntu 20.04 LTS / 22.04 LTS / 23.10 : GNU cpio vulnerabilities (USN-6755-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.10 host has packages installed that are affected by a vulnerability as referenced in the USN-6755-1 advisory. Ingo Brckl discovered that cpio contained a path traversal vulnerability. If a user or automated system were tricked into extracting a special...

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to denial of service in GNU Binutils [CVE-2022-4285]

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to denial of service in GNU Binutils, caused by a NULL pointer dereference in bfdelfgetsymbolversionstring, resulting in a segmentation fault when parsing ELF files. CVE-2022-4285. GNU Binutils is used in our...

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to denial of service in GNU Binutils [CVE-2022-44840]

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to denial of service in GNU Binutils, caused by a heap-based buffer overflow vulnerability in function findsectioninset in file readelf.c CVE-2022-44840. GNU Binutils is used in our Speech Services runtimes. Thi...

Updated glibc packages fix security vulnerability

The iconv function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable. CVE-2024-2961...

MGASA-2024-0147 Updated glibc packages fix security vulnerability

The iconv function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable. CVE-2024-2961...

Moderate: Red Hat Security Advisory: gnutls security update

An update for gnutls is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

PT-2024-40040 · Gnu · Gmp

Name of the Vulnerable Software and Affected Versions: PHPECC affected versions not specified Description: The issue concerns malleable ECDSA signature attacks. When generating new ECDSA signatures, the use of the GMPMath adapter, which wraps the GNU Multiple Precision arithmetic library GMP,...

ROS-20240425-02

A vulnerability in the GNU Tar archiver is related to improper handling of extension attributes in the PAX archive. Exploitation of the vulnerability could allow an attacker acting remotely to transmit special data to the application and cause a denial of service. special data to the application...

glibc 安全漏洞

glibc GNU C Library is the C standard library implemented by the GNU Project. A security vulnerability exists in glibc, which stems from an attempt by addgetnetgrentX to send a non-existent response after a cache insertion failure, which may result in a null pointer dereference that could cause t...

[SECURITY] [DSA 5673-1] glibc security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5673-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso April 23, 2024 https://www.debian.org/security/faq -...

ROS-20240423-03

Vulnerability in the /krb5/src/lib/rpc/pmaprmt.c component of the Kerberos network protocol implementation is related to memory freeing errors. Exploitation of the vulnerability could allow an attacker acting remotely, cause a denial of service Vulnerability in component...

GNU C Library Buffer Overflow Vulnerability

GNU C Library is an open source, free C compiler released under the LGPL license. GNU C Library suffers from a buffer overflow vulnerability that originates from a boundary error in the iconv function when handling untrusted input. An attacker could exploit the vulnerability to cause the...

ROS-20240422-05

The golang package vulnerability is related to errors returned from MarshalJSON methods containing data, controlled by the user. Exploitation of the vulnerability could allow an attacker acting remotely, exploit these errors to disrupt the contextual behavior of the automatic output of the packag...

The vulnerability of the iconv() function in the system library glibc, which allows a hacker to execute arbitrary code

The vulnerability of the iconv function in the glibc system library is related to the possibility of writing beyond the buffer’s boundaries in memory. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code by introducing a specially crafted PHP file...

Fedora 39 : glibc (2024-9be1b94714)

The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-9be1b94714 advisory. This update includes several bug fixes from the upstream glibc release branch, including a fix for CVE-2024-2961. Tenable has extracted the preceding...

EulerOS Virtualization 2.10.1 : tar (EulerOS-SA-2024-1558)

According to the versions of the tar package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - In GNU tar before 1.35, mishandled extension attributes in a PAX archive can lead to an application crash in xheader.c. CVE-2023-3980...

EulerOS Virtualization 2.10.0 : tar (EulerOS-SA-2024-1539)

According to the versions of the tar package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - In GNU tar before 1.35, mishandled extension attributes in a PAX archive can lead to an application crash in xheader.c. CVE-2023-3980...

USN-6737-1: GNU C Library vulnerability

Charles Fol discovered that the GNU C Library iconv feature incorrectly handled certain input sequences. An attacker could use this issue to cause the GNU C Library to crash, resulting in a denial of service, or possibly execute arbitrary code...

SUSE CVE-2024-2961

The iconv function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable...

gnutls: vulnerable to Minerva side-channel information leak

A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLSPRIVKEYFLAGREPRODUCIBLE flag, it can result in a noticeable step in nonce...