Security Bulletin: Multiple vulnerabilities affect IBM Db2® REST

Summary IBM has released the below fix for IBM Db2® REST in response to multiple vulnerabilities found in multiple components. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2021-35942 DESCRIPTION: GNU C Library aka glibc could allow a local attacker to obtain sensitive...

OESA-2024-1594 glibc security update

The GNU C Library project provides the core libraries for the GNU system and GNU/Linux systems, as well as many other systems that use Linux as the kernel. These libraries provide critical APIs including ISO C11, POSIX.1-2008, BSD, OS-specific APIs and more. These APIs include such foundational...

Huawei EulerOS: Security Advisory for binutils (EulerOS-SA-2024-1674)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for gdb (EulerOS-SA-2024-1681)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS Virtualization 3.0.6.0 : gdb (EulerOS-SA-2024-1681)

According to the versions of the gdb packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - GNU Binutils before 2.40 was discovered to contain an excessive memory consumption vulnerability via the function...

EulerOS Virtualization 3.0.6.6 : gdb (EulerOS-SA-2024-1648)

According to the versions of the gdb packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in GNU Binutils 2.34. It is a memory leak when process microblaze-dis.c. This one will consume memory on eac...

The vulnerability in the compilation of compilers for various programming languages in the GNU Compiler Collection (GCC) relates to the incorrect handling of the sum of a pointer and an integer. This vulnerability allows an attacker to trigger a service failure or cause other adverse effects.

The vulnerability in the compiler set for various programming languages in the GNU Compiler Collection GCC relates to the incorrect handling of the sum of a pointer and an integer, when the sum is greater than or equal to the pointer, without using transformations. This can lead to the...

Huawei EulerOS: Security Advisory for gdb (EulerOS-SA-2024-1648)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 39 Update: nano-7.2-5.fc39

GNU nano is a small and friendly text editor...

EulerOS Virtualization 2.11.1 : tar (EulerOS-SA-2024-1623)

According to the versions of the tar package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - In GNU tar before 1.35, mishandled extension attributes in a PAX archive can lead to an application crash in xheader.c. CVE-2023-3980...

EulerOS Virtualization 2.11.0 : tar (EulerOS-SA-2024-1642)

According to the versions of the tar package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - In GNU tar before 1.35, mishandled extension attributes in a PAX archive can lead to an application crash in xheader.c. CVE-2023-3980...

SUSE CVE-2021-46019

An untrusted pointer dereference in recdbdestroy at rec-db.c of GNU Recutils v1.8.90 can lead to a segmentation fault or application crash...

The vulnerability of the NSCCD server caching daemon in the GNU C Library allows a attacker to cause a service failure.

The vulnerability of the NSCCD daemon, a caching service for system names in the GNU C Library, involves returning a pointer beyond the expected range. Exploiting this vulnerability could allow an attacker to cause a service failure...

RHEL 5 : emacs (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - emacs: command injection flaw within enriched mode handling CVE-2017-14482 - GNU Emacs version 25.3.1 and...

RHEL 6 : emacs (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - emacs: command injection flaw within enriched mode handling CVE-2017-14482 - emacs: command execution via...

RHEL 5 : gdb (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - gdb: buffer overflow while opening an ELF for debugging leads to Dos, information dislosure and code...

RHEL 6 : libtasn1 (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - libtasn1: Stack-based buffer overflow in asn1findnode CVE-2017-6891 - The asn1extractderoctet function in...

RHEL 5 : patch (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - patch: OS shell command injection when processing crafted patch files CVE-2019-13638 - An issue was...

RHEL 4 : binutils (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 4 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - binutils: Address violation in aarch64extldstreglist function when disassembling corrupt aarch64 binary...

RHEL 6 : mailman (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - mailman: CSRF token bypass allows to perform CSRF attacks and account takeover CVE-2021-42097 - mailman:...