K26346590: GNU C Library vulnerabilities CVE-2019-9192 and CVE-2018-20796

Security Advisory Description CVE-2019-9192 DISPUTED In the GNU C Library aka glibc or libc6 through 2.29, checkdstlimitscalcpos1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '|\\1\\1' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that...

K44650639: Binutils vulnerability CVE-2019-9076

Security Advisory Description An issue was discovered in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.32. It is an attempted excessive memory allocation in elfreadnotes in elf.c. CVE-2019-9076 Impact There is no impact; F5 products are not affected by this...

K37121474: Binutils vulnerability CVE-2019-9073

Security Advisory Description An issue was discovered in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.32. It is an attempted excessive memory allocation in bfdelfslurpversiontables in elf.c. CVE-2019-9073 Impact There is no impact; F5 products are not affect...

K95521879: screen vulnerability CVE-2017-5618

Security Advisory Description GNU screen before 4.5.1 allows local users to modify arbitrary files and consequently gain root privileges by leveraging improper checking of logfile permissions. CVE-2017-5618 Impact There is no impact; F5 products are not affected by this vulnerability. Security...

K19707805: glibc vulnerability CVE-2017-15804

Security Advisory Description The glob function in glob.c in the GNU C Library aka glibc or libc6 before 2.27 contains a buffer overflow during unescaping of user names with the operator. CVE-2017-15804 Impact BIG-IP, BIG-IQ, F5 iWorkflow, Enterprise Manager, LineRate, and ARX There is no impact;...

K72122162: Binutils vulnerabilities CVE-2018-7569 and CVE-2018-10373

Security Advisory Description CVE-2018-7569 dwarf2.c in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service integer underflow or overflow, and application crash via an ELF file with a corrupt DWARF FORM block...

K40977030: glibc vulnerability CVE-2020-6096

Security Advisory Description An exploitable signed comparison vulnerability exists in the ARMv7 memcpy implementation of GNU glibc 2.30.9000. Calling memcpy on ARMv7 targets that utilize the GNU glibc implementation with a negative value for the 'num' parameter results in a signed comparison...

K13534168: GNU Binutils vulnerability CVE-2019-9070

Security Advisory Description An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. It is a heap-based buffer over-read in dexpression1 in cp-demangle.c after many recursive calls. CVE-2019-9070 Impact Successful exploitation of this vulnerability may lead to disclosure o...

K87355575: glibc vulnerability CVE-2017-12132

Security Advisory Description The DNS stub resolver in the GNU C Library aka glibc or libc6 before version 2.26, when EDNS support is enabled, will solicit large UDP responses from name servers, potentially simplifying off-path DNS spoofing attacks due to IP fragmentation. CVE-2017-12132 Impact...

K16435: GNU C Library vulnerability CVE-2014-6040

Security Advisory Description GNU C Library aka glibc before 2.20 allows context-dependent attackers to cause a denial of service out-of-bounds read and crash via a multibyte character value of "0xffff" to the iconv function when converting 1 IBM933, 2 IBM935, 3 IBM937, 4 IBM939, or 5 IBM1364...

K38336243: Binutils vulnerabilities CVE-2018-20623, CVE-2018-20651, and CVE-2018-20712

Security Advisory Description CVE-2018-20623 In GNU Binutils 2.31.1, there is a use-after-free in the error function in elfcomm.c when called from the processarchive function in readelf.c via a crafted ELF file. CVE-2018-20651 A NULL pointer dereference was discovered in elflinkaddobjectsymbols i...

K00056379: GNU Binutils vulnerability CVE-2019-9077

Security Advisory Description An issue was discovered in GNU Binutils 2.32. It is a heap-based buffer overflow in processmipsspecific in readelf.c via a malformed MIPS option section. CVE-2019-9077 Impact Traffix SDC This vulnerability can be exploited to cause a denial-of-service DoS condition a...

K31211252: glibc vulnerability CVE-2014-9761

Security Advisory Description Multiple stack-based buffer overflows in the GNU C Library aka glibc or libc6 before 2.23 allow context-dependent attackers to cause a denial of service application crash or possibly execute arbitrary code via a long argument to the 1 nan, 2 nanf, or 3 nanl function...

K35710418: Binutils vulnerability CVE-2018-17985

Security Advisory Description An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a stack consumption problem caused by the cplusdemangletype function making recursive calls to itself in certain scenarios involving many 'P'...

K55245232: GNU glibc vulnerability CVE-2014-9984

Security Advisory Description nscd in the GNU C Library aka glibc or libc6 before version 2.20 does not correctly compute the size of an internal buffer when processing netgroup requests, possibly leading to an nscd daemon crash or code execution as the user running nscd. CVE-2014-9984 Impact The...

K23729200: Multiple GNU Binutils vulnerabilities

Security Advisory Description CVE-2017-9038 GNU Binutils 2.28 allows remote attackers to cause a denial of service heap-based buffer over-read and application crash via a crafted ELF file, related to the bytegetlittleendian function in elfcomm.c, the getunwindsectionword function in readelf.c, an...

K12794: GNU C Library vulnerability CVE-2010-4052

Security Advisory Description Note : For information about signing up to receive security notice updates from F5, refer to K9970: Subscribe to email notifications regarding F5 products and security announcements. Note : Versions that are not listed in this Solution have not been evaluated for...

K31130692: GNU Guile vulnerabilities CVE-2016-8605 and CVE-2016-8606

Security Advisory Description CVE-2016-8605 The mkdir procedure of GNU Guile temporarily changed the process umask to zero. During that time window, in a multithreaded application, other threads could end up creating files with insecure permissions. For example, mkdir without the optional mode...

OESA-2023-1106 tar security update

GNU Tar provides the ability to create tar archives, as well as various other kinds of manipulation. For example, you can use Tar on previously created archives to extract files, to store additional files, or to update or list files which were already stored. Security Fixes: GNU Tar through 1.34...

Moderate: Red Hat Security Advisory: tar security update

An update for tar is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CV...