Important: gzip

Issue Overview: An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name for example, a crafted file name, this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to...

Important: emacs

Issue Overview: GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the etags program. For example, a victim may use the "etags -u " command...

Amazon Linux AMI : tar (ALAS-2023-1704)

The version of tar installed on the remote host is prior to 1.26-31.23. It is, therefore, affected by a vulnerability as referenced in the ALAS-2023-1704 advisory. GNU Tar through 1.34 has a one-byte out-of-bounds read that results in use of uninitialized memory for a conditional jump. Exploitati...

Important: tar

Issue Overview: GNU Tar through 1.34 has a one-byte out-of-bounds read that results in use of uninitialized memory for a conditional jump. Exploitation to change the flow of control has not been demonstrated. The issue occurs in fromheader in list.c via a V7 archive in which mtime has approximate...

Amazon Linux 2023 : cpio (ALAS2023-2023-021)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-021 advisory. GNU cpio through 2.13 allows attackers to execute arbitrary code via a crafted pattern file, because of a dstring.c dsfgetstr integer overflow that triggers an out-of-bounds heap write. NOTE: it is...

Amazon Linux 2023 : binutils, binutils-devel, binutils-gprofng (ALAS2023-2023-119)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-119 advisory. In GNU Binutils before 2.40, there is a heap-buffer-overflow in the error function bfdgetl32 when called from the stripmain function in strip-new via a crafted file. CVE-2022-38533 Tenable has extracted...

Amazon Linux 2023 : less (ALAS2023-2023-123)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-123 advisory. 2024-02-29: CVE-2022-48624 was added to this advisory. In GNU Less before 609, crafted data can result in less -R not filtering ANSI escape sequences sent to the terminal. CVE-2022-46663...

Amazon Linux 2023 : emacs, emacs-common, emacs-devel (ALAS2023-2023-108)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-108 advisory. GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation o...

Amazon Linux 2023 : xz, xz-devel, xz-libs (ALAS2023-2023-042)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-042 advisory. An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name for example, a crafted file name, this can overwrite an attacker's...

Important: tar

Issue Overview: GNU Tar through 1.34 has a one-byte out-of-bounds read that results in use of uninitialized memory for a conditional jump. Exploitation to change the flow of control has not been demonstrated. The issue occurs in fromheader in list.c via a V7 archive in which mtime has approximate...

CBL Mariner 2.0 Security Update: less (CVE-2022-46663)

The version of less installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-46663 advisory. - In GNU Less before 609, crafted data can result in less -R not filtering ANSI escape sequences sent to the...

CVE-2023-28617

org-babel-execute:latex in ob-latex.el in Org Mode through 9.6.1 for GNU Emacs allows attackers to execute arbitrary commands via a file name or directory name that contains shell metacharacters...

CVE-2023-28617

org-babel-execute:latex in ob-latex.el in Org Mode through 9.6.1 for GNU Emacs allows attackers to execute arbitrary commands via a file name or directory name that contains shell metacharacters...

Design/Logic Flaw

org-babel-execute:latex in ob-latex.el in Org Mode through 9.6.1 for GNU Emacs allows attackers to execute arbitrary commands via a file name or directory name that contains shell metacharacters...

CVE-2023-28617

org-babel-execute:latex in ob-latex.el in Org Mode through 9.6.1 for GNU Emacs allows attackers to execute arbitrary commands via a file name or directory name that contains shell metacharacters...

CVE-2023-28617

org-babel-execute:latex in ob-latex.el in Org Mode through 9.6.1 for GNU Emacs allows attackers to execute arbitrary commands via a file name or directory name that contains shell metacharacters...

CVE-2023-28617

CVE-2023-28617 affects Org-Mode's ob-latex.el in GNU Emacs (pre-9.6.1) where org-babel-execute:latex can be triggered to run attacker-controlled commands if a file or directory name contains shell metacharacters. The issue is a code-injection path via shell metacharacters in filenames, leading to...

CVE-2023-28617

org-babel-execute:latex in ob-latex.el in Org Mode through 9.6.1 for GNU Emacs allows attackers to execute arbitrary commands via a file name or directory name that contains shell metacharacters...

Ubuntu 16.04 ESM : Emacs vulnerability (USN-5955-1)

The remote Ubuntu 16.04 ESM host has packages installed that are affected by a vulnerability as referenced in the USN-5955-1 advisory. It was discovered that Emacs did not properly manage certain files when using htmlfontify functionality. A local attacker could possibly use this issue to cause a...

Moderate: Red Hat Security Advisory: gnutls security and bug fix update

An update for gnutls is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...