EulerOS 2.0 SP8 : emacs (EulerOS-SA-2023-3124)

According to the versions of the emacs packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c...

EulerOS 2.0 SP11 : screen (EulerOS-SA-2023-2667)

According to the versions of the screen package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - socket.c in GNU Screen through 4.9.0, when installed setuid or setgid the default on platforms such as Arch Linux and FreeBSD, allows local users...

EulerOS 2.0 SP9 : glibc (EulerOS-SA-2023-3330)

According to the versions of the glibc packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A flaw was found in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an...

EulerOS 2.0 SP11 : binutils (EulerOS-SA-2023-3024)

According to the versions of the binutils package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.36. It is a stack-overflow issue in demangletype in rust-demangle.c...

EulerOS Virtualization 3.0.6.6 : emacs (EulerOS-SA-2023-3397)

According to the versions of the emacs packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because...

EulerOS Virtualization 2.11.1 : binutils (EulerOS-SA-2023-3354)

According to the versions of the binutils package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.36. It is a stack-overflow issue in demangletype in...

EulerOS Virtualization 2.11.0 : binutils (EulerOS-SA-2023-3373)

According to the versions of the binutils package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.36. It is a stack-overflow issue in demangletype in...

EulerOS 2.0 SP11 : binutils (EulerOS-SA-2023-3001)

According to the versions of the binutils package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.36. It is a stack-overflow issue in demangletype in rust-demangle.c...

EulerOS Virtualization 2.9.0 : binutils (EulerOS-SA-2024-1003)

According to the versions of the binutils package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - GNU Binutils before 2.40 was discovered to contain an excessive memory consumption vulnerability via the function...

USN-6581-1: GNU binutils vulnerabilities

It was discovered that GNU binutils was not properly performing bounds checks in several functions, which could lead to a buffer overflow. An attacker could possibly use this issue to cause a denial of service, expose sensitive information or execute arbitrary code. CVE-2022-44840, CVE-2022-45703...

Security Bulletin: IBM Automation Decision Services December 2023 - Multiple CVEs addressed

Summary IBM Automation Decision Services is vulnerable to denial of service attacks in third party and open source used in the product for various functions. See full list below. This vulnerability has been addressed. Vulnerability Details CVEID:CVE-2023-32681 DESCRIPTION: python-requests could...

Ubuntu 20.04 LTS / 22.04 LTS : GNU binutils vulnerabilities (USN-6581-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6581-1 advisory. It was discovered that GNU binutils was not properly performing bounds checks in several functions, which could lead to a buffer overflow. An...

[SECURITY] Fedora 39 Update: exim-4.97.1-1.fc39

Exim is a message transfer agent MTA developed at the University of Cambridge for use on Unix systems connected to the Internet. It is freely available under the terms of the GNU General Public Licence. In style it is similar to Smail 3, but its facilities are more general. There is a great deal ...

[SECURITY] Fedora 38 Update: exim-4.97.1-1.fc38

Exim is a message transfer agent MTA developed at the University of Cambridge for use on Unix systems connected to the Internet. It is freely available under the terms of the GNU General Public Licence. In style it is similar to Smail 3, but its facilities are more general. There is a great deal ...

Low: Red Hat Security Advisory: libarchive security update

An update for libarchive is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for ea...

USN-6541-2: GNU C Library regression

USN-6541-1 fixed vulnerabilities in the GNU C Library. Unfortunately, changes made to allow proper application of the fix for CVE-2023-4806 in Ubuntu 22.04 LTS introduced an issue in the NSCD service IPv6 processing functionalities. This update fixes the problem. We apologize for the inconvenienc...

Ubuntu 22.04 LTS : GNU C Library regression (USN-6541-2)

The remote Ubuntu 22.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6541-2 advisory. USN-6541-1 fixed vulnerabilities in the GNU C Library. Unfortunately, changes made to allow proper application of the fix for CVE-2023-4806 in Ubuntu 22.04 LTS...

Security Bulletin: A vulnerability in GNU Binutils may affect IBM Robotic Process Automation for Cloud Pak and result in a denial of service (CVE-2019-9074).

Summary GNU Binutils is used by IBM Robotic Process Automation for Cloud Pak as part of Watson NLP. CVE-2019-9074. Vulnerability Details CVEID:CVE-2019-9074 DESCRIPTION: GNU Binutils is vulnerable to a denial of service, caused by an out-of-bounds read leading to a SEGV in bfdgetl32 in libbfd.c i...

Security Bulletin: Vulnerabilities in Watson NLP and WebSphere Liberty may affect IBM Robotic Process Automation for Cloud Pak

Summary Python is used by IBM Robotic Process Automation for Cloud Pak as part of Watson NLP and WebSphere Liberty. CVE-2022-48565. GNU gdb is used by IBM Robotic Process Automation for Cloud Pak as part of WebSphere Liberty and base container images. CVE-2023-39129. Vulnerability Details...

glibc: buffer overflow in ld.so leading to privilege escalation

A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBCTUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBCTUNABLES environment variables when launching binaries with SUID permission to execute code...