Ubuntu 16.04 ESM / 18.04 ESM : GNU Screen vulnerability (USN-6198-1)

The remote Ubuntu 16.04 ESM / 18.04 ESM host has a package installed that is affected by a vulnerability as referenced in the USN-6198-1 advisory. It was discovered that GNU Screen was not properly checking user identifiers before sending certain signals to target processes. If GNU Screen was...

USN-6101-1: GNU binutils vulnerabilities | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Canonical Ubuntu 22.04 Description It was discovered that GNU binutils incorrectly handled certain DWARF files. An attacker could possibly use this issue to cause a crash or execute arbitrary...

Critical Photon OS Security Update - PHSA-2023-4.0-0417

Updates of 'binutils-aarch64-linux-gnu', 'bindutils', 'docker-compose', 'samba-client', 'binutils', 'ntp', 'kube-bench', 'libtiff', 'libXi', 'protobuf', 'nodejs', 'libarchive' packages of Photon OS have been released...

CVE-2023-36476

calamares-nixos-extensions provides Calamares branding and modules for NixOS, a distribution of GNU/Linux. Users of calamares-nixos-extensions version 0.3.12 and prior who installed NixOS through the graphical calamares installer, with an unencrypted /boot, on either non-UEFI systems or with a LU...

CVE-2023-36476

Calamares-Nixos-extensions (CVE-2023-36476) is affected: versions 0.3.12 and earlier may place the LUKS key file in /boot as a plaintext CPIO archive attached to the NixOS initrd when booting on legacy BIOS or when the LUKS partition is not the root. A patch is available and expected to be backpo...

Security Bulletin: IBM MQ Appliance is vulnerable to heap-based buffer overflow (CVE-2022-48303)

Summary IBM MQ Appliance has resolved a heap-based buffer overflow. Vulnerability Details CVEID:CVE-2022-48303 DESCRIPTION: GNU Tar is vulnerable to a heap-based buffer overflow, caused by an out-of-bounds read in the fromheader function in list.c when processing of V7 archive files. By persuadin...

Amazon Linux 2023 : screen (ALAS2023-2023-224)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-224 advisory. socket.c in GNU Screen through 4.9.0, when installed setuid or setgid the default on platforms such as Arch Linux and FreeBSD, allows local users to send a privileged SIGHUP signal to any PID, causing a...

openSUSE 15 Security Update : guile1, lilypond (openSUSE-SU-2023:0137-1)

The remote openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2023:0137-1 advisory. - The mkdir procedure of GNU Guile temporarily changed the process' umask to zero. During that time window, in a multithreaded application, other...

Low: screen

Issue Overview: socket.c in GNU Screen through 4.9.0, when installed setuid or setgid the default on platforms such as Arch Linux and FreeBSD, allows local users to send a privileged SIGHUP signal to any PID, causing a denial of service or disruption of the target process. CVE-2023-24626 Affected...

CVE-2015-20109

A vulnerability was found in the GNU C Library glibc. The endpattern called from internalfnmatch might allow context-dependent attackers to cause a denial of service application crash, as demonstrated by the use of the fnmatch library function with the ! pattern...

The vulnerability in the implementation of the Kerberos network protocol on Debian GNU/Linux, Red Hat Enterprise Linux, Ubuntu, Fedora, and Alt 8 SP operating systems allows a perpetrator to cause a service failure.

The vulnerability of the Kerberos network protocol implementation in Debian GNU/Linux, Red Hat Enterprise Linux, Ubuntu, Fedora, and Alt 8 SP is related to an uncontrolled recursion. Exploiting this vulnerability could allow a malicious actor to cause service failures remotely...

The vulnerability of the _bfd_elf_parse_gnu_properties function in the elf-properties.c library of the GNU Binutils development toolset allows a attacker to cause a service failure.

The vulnerability of the bfdelfparsegnuproperties function in the elf-properties.c library of the GNU Binutils development toolset is related to reading beyond the buffer boundaries in memory. Exploiting this vulnerability could allow an attacker to cause a system failure...

CVE-2015-20109

endpattern called from internalfnmatch in the GNU C Library aka glibc or libc6 before 2.22 might allow context-dependent attackers to cause a denial of service application crash, as demonstrated by use of the fnmatch library function with the ! pattern. NOTE: this is not the same as CVE-2015-8984...

CVE-2015-20109

CVE-2015-20109 is a glibc (GNU C Library) local denial-of-service issue tied to end_pattern usage in internal_fnmatch, potentially causing application crashes when fnmatch is used with the (!()) pattern. The description specifies affected component (glibc) and version class (before 2.22). Public ...

Ubuntu: Security Advisory (USN-6169-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-6169-1 gsasl vulnerability

It was discovered that GNU SASL's GSSAPI server could make an out-of-bounds reads if given specially crafted GSS-API authentication data. A remote attacker could possibly use this issue to cause a denial of service or to expose sensitive information...

Ubuntu 16.04 ESM / 18.04 ESM / 20.04 ESM / 22.04 ESM : GNU SASL vulnerability (USN-6169-1)

The remote Ubuntu 16.04 ESM / 18.04 ESM / 20.04 ESM / 22.04 ESM host has packages installed that are affected by a vulnerability as referenced in the USN-6169-1 advisory. It was discovered that GNU SASL's GSSAPI server could make an out-of-bounds reads if given specially crafted GSS-API...

USN-6160-1 binutils vulnerability

It was discovered that GNU binutils incorrectly performed bounds checking operations when parsing stabs debugging information. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code...

USN-6160-1: GNU binutils vulnerability

It was discovered that GNU binutils incorrectly performed bounds checking operations when parsing stabs debugging information. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code...

EulerOS Virtualization 3.0.6.0 : binutils (EulerOS-SA-2023-2207)

According to the versions of the binutils packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Assertion fail in the displaydebugnames function in binutils/dwarf.c may lead to program crash and denial of service.CVE-2022-381...