RHEL 7 : transfig (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - transfig: Buffer underwrite in read.c:getline via crafted FIG file CVE-2018-16140 - An array index error ...

RHEL 6 : transfig (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - transfig: Buffer underwrite in read.c:getline via crafted FIG file CVE-2018-16140 - An array index error ...

RHEL 5 : transfig (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - transfig: Buffer underwrite in read.c:getline via crafted FIG file CVE-2018-16140 - An array index error ...

kernel: ip6mr: Fix skb_under_panic in ip6mr_cache_report()

A buffer underwrite vulnerability exists in the linux kernel in the function skbunderpanic in ip6mrcachereport, leading to an attacker, via crafting a payload, could result in damage to system availability and integrity...

CentOS 9 : c-ares-1.19.1-1.el9

The remote CentOS Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the c-ares-1.19.1-1.el9 build changelog. - AutoTools does not set CARESRANDOMFILE during cross compilation rhel-9 CVE-2023-31124 - Buffer Underwrite in aresinetnetpton rhel-9...

c-ares security update

An update is available for c-ares. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The c-ares C library defines asynchronous DNS Domain Name System requests and...

Moderate: Red Hat Security Advisory: c-ares security update

An update for c-ares is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

c-ares: Buffer Underwrite in ares_inet_net_pton()

A vulnerability was found in c-ares. This issue occurs in the aresinetnetpton function, which is vulnerable to a buffer underflow for certain ipv6 addresses. "0::00:00:00/2" in particular was found to cause an issue. C-ares only uses this function internally for configuration purposes, which woul...

c-ares security update

1.13.0-9.1 - Resolves: RHEL-11931 - Buffer Underwrite in aresinetnetpton rhel-8.9.0.z 1.13.0-9 - Resolves: rhbz2238293 - CVE-2020-22217 c-ares: read-heap-buffer-overflow in aresparsesoareply rhel-8 rhel-8.9.0.z...

Moderate: Red Hat Security Advisory: c-ares security update

An update for c-ares is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

c-ares: Buffer Underwrite in ares_inet_net_pton()

A vulnerability was found in c-ares. This issue occurs in the aresinetnetpton function, which is vulnerable to a buffer underflow for certain ipv6 addresses. "0::00:00:00/2" in particular was found to cause an issue. C-ares only uses this function internally for configuration purposes, which woul...

Moderate: Red Hat Security Advisory: c-ares security update

An update for c-ares is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

Moderate: c-ares security update

The c-ares C library defines asynchronous DNS Domain Name System requests and provides name resolving API. Security Fixes: c-ares: Heap buffer over read in aresparsesoareply CVE-2020-22217 c-ares: Buffer Underwrite in aresinetnetpton CVE-2023-31130 For more details about the security issues,...

ALSA-2023:7207 Moderate: c-ares security update

The c-ares C library defines asynchronous DNS Domain Name System requests and provides name resolving API. Security Fixes: c-ares: Heap buffer over read in aresparsesoareply CVE-2020-22217 c-ares: Buffer Underwrite in aresinetnetpton CVE-2023-31130 For more details about the security issues,...

Moderate: c-ares security, bug fix, and enhancement update

The c-ares C library defines asynchronous DNS Domain Name System requests and provides name resolving API. The following packages have been upgraded to a later upstream version: c-ares 1.19.1. BZ2210370 Security Fixes: c-ares: buffer overflow in configsortlist due to missing string length check...

ALSA-2023:6635 Moderate: c-ares security, bug fix, and enhancement update

The c-ares C library defines asynchronous DNS Domain Name System requests and provides name resolving API. The following packages have been upgraded to a later upstream version: c-ares 1.19.1. BZ2210370 Security Fixes: c-ares: buffer overflow in configsortlist due to missing string length check...

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : poppler vulnerability (USN-3905-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-3905-1 advisory. It was discovered that poppler incorrectly handled certain PDF files. An attacker could possibly use this issue to cause a denial of...

USN-6355-1 grub2-signed, grub2-unsigned, shim, and shim-signed vulnerability

Daniel Axtens discovered that specially crafted images could cause a heap-based out-of-bonds write. A local attacker could possibly use this to circumvent secure boot protections. CVE-2021-3695 Daniel Axtens discovered that specially crafted images could cause out-of-bonds read and write. A local...

USN-6355-1: GRUB2 vulnerabilities

Daniel Axtens discovered that specially crafted images could cause a heap-based out-of-bonds write. A local attacker could possibly use this to circumvent secure boot protections. CVE-2021-3695 Daniel Axtens discovered that specially crafted images could cause out-of-bonds read and write. A local...

RLSA-2023:4035 Important: nodejs:18 security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: c-ares: 0-byte UDP payload Denial of Service CVE-2023-32067 c-ares: buffer overflow in configsortlist due to missing string length check...