DTrace and Fuse updates for Gentoo

Gentoo 2531 Published by Philipp Esselbach 0

Gentoo Linux released two security advisories addressing critical flaws in DTrace and FUSE that could allow attackers to execute arbitrary code. The first advisory highlights a vulnerability in the dtprobed component where specially crafted USDT provider names can trigger unauthorized file creation, potentially paving the way for malicious code execution. Meanwhile, a separate issue within FUSE involves both a null pointer dereference and a use-after-free bug that may crash the system or be exploited for remote code execution. Administrators running affected versions should immediately sync their package repositories and upgrade DTrace to at least version 2.0.6 while updating FUSE to version 3.18.1 or higher.

[ GLSA 202604-04 ] DTrace: Arbitrary file creation via dtprobed
[ GLSA 202604-03 ] FUSE: Multiple Vulnerabilities

Commons-BeanUtils, Asterisk, GIMP, Vim, Inetutils updates for Gentoo

Gentoo 2531 Published by Philipp Esselbach 0

Gentoo Linux has released several security updates to address various vulnerabilities. The updates include patches for Commons-BeanUtils, which can lead to arbitrary code execution, and Asterisk, which is vulnerable to multiple issues. Additionally, GIMP and Vim are also affected by arbitrary code execution and multiple vulnerabilities, respectively. The inetutils package is another priority update due to a remote code execution vulnerability.

[ GLSA 202601-05 ] Commons-BeanUtils: Arbitary Code Execution
[ GLSA 202601-04 ] Asterisk: Multiple Vulnerabilities
[ GLSA 202601-03 ] GIMP: Arbitrary Code Execution
[ GLSA 202601-02 ] Vim, gVim: Multiple Vulnerabilities
[ GLSA 202601-01 ] inetutils: Remote Code Execution

Librnp update for Gentoo Linux

Gentoo 2531 Published by Philipp Esselbach 0

A security advisory has been issued for Gentoo Linux, warning users about a vulnerability in the librnp package due to weak random number generation that can be easily cracked. The affected version of librnp, 0.18.0, generates weak session keys for public key encryption, potentially allowing attackers with just the public key to read encrypted messages. Users are advised to upgrade to the latest version of librnp (0.18.1 or higher) as soon as possible and be aware that sensitive information sent using affected software may have been compromised.

[ GLSA 202511-07 ] librnp: Weak random number generation

UDisks, WebKitGTK+, qtsvg, Chromium, and Redis updates for Gentoo

Gentoo 2531 Published by Philipp Esselbach 0

Gentoo Linux has released security updates to address multiple vulnerabilities in various packages. The affected packages include UDisks, WebKitGTK+, qtsvg, Chromium, and Redis.

[ GLSA 202511-01 ] UDisks: Multiple Vulnerabilities
[ GLSA 202511-02 ] WebKitGTK+: Multiple Vulnerabilities
[ GLSA 202511-03 ] qtsvg: Multiple Vulnerabilities
[ GLSA 202511-04 ] Chromium, Google Chrome, Microsoft Edge. Opera: Multiple Vulnerabilities
[ GLSA 202511-05 ] redict, redis: Multiple Vulnerabilities

Composer, FontForge, PAM, and more updates for Gentoo

Gentoo 2531 Published by Philipp Esselbach 0

Gentoo Linux has been updated with several security vulnerabilities, including Composer, Spreadsheet-ParseExcel, Mozilla Network Security Service, FontForge, GPL Ghostscript, and PAM:

[ GLSA 202508-06 ] Composer: Multiple Vulnerabilities
[ GLSA 202508-05 ] Spreadsheet-ParseExcel: Arbitrary Code Execution
[ GLSA 202508-04 ] Mozilla Network Security Service (NSS): TLS RSA decryption timing attack
[ GLSA 202508-03 ] FontForge: Arbitrary Code Execution
[ GLSA 202508-02 ] GPL Ghostscript: Multiple Vulnerabilities
[ GLSA 202508-01 ] PAM: Multiple Vulnerabilities

ClamAV, strongSwan, NTP, Git, Chromium, REXML updates for Gentoo

Gentoo 2531 Published by Philipp Esselbach 0

Gentoo Linux has received multiple security updates addressing vulnerabilities in ClamAV, strongSwan, NTP, Git, Chromium, and REXML:

[ GLSA 202507-03 ] ClamAV: Multiple Vulnerabilities
[ GLSA 202507-04 ] strongSwan: Buffer Overflow
[ GLSA 202507-05 ] NTP: Multiple Vulnerabilities
[ GLSA 202507-09 ] Git: Multiple Vulnerabilities
[ GLSA 202507-07 ] Chromium, Google Chrome, Microsoft Edge. Opera: Multiple Vulnerabilities
[ GLSA 202507-08 ] REXML: Multiple Vulnerabilities

YAML-LibYAML, File-Find-Rule, OpenImageIO, and more updates for Gentoo

Gentoo 2531 Published by Philipp Esselbach 0

The latest security updates for Gentoo Linux include YAML-LibYAML, File-Find-Rule, OpenImageIO, Node.js, Python, PyPy, Qt, GTK+ 3, X.Org X server, XWayland, LibreOffice, GStreamer, GStreamer Plugins, and Emacs, addressing various vulnerabilities:

[ GLSA 202506-11 ] YAML-LibYAML: Shell injection
[ GLSA 202506-10 ] File-Find-Rule: Shell Injection
[ GLSA 202506-09 ] OpenImageIO: Multiple Vulnerabilities
[ GLSA 202506-08 ] Node.js: Multiple Vulnerabilities
[ GLSA 202506-07 ] Python, PyPy: Multiple Vulnerabilities
[ GLSA 202506-06 ] Qt: Multiple Vulnerabilities
[ GLSA 202506-05 ] GTK+ 3: Search path vulnerability
[ GLSA 202506-04 ] X.Org X server, XWayland: Multiple Vulnerabilities
[ GLSA 202506-03 ] LibreOffice: Multiple Vulnerabilities
[ GLSA 202506-02 ] GStreamer, GStreamer Plugins: Multiple Vulnerabilities
[ GLSA 202506-01 ] Emacs: Multiple Vulnerabilities

Spidermonkey, FreeType, Atop, Node.js, and Tracker Miners updates for Gentoo

Gentoo 2531 Published by Philipp Esselbach 0

Gentoo Linux has been updated with several security vulnerabilities, including Spidermonkey, FreeType, Atop, Node.js, and Tracker miners:

[ GLSA 202505-08 ] Spidermonkey: Multiple Vulnerabilities
[ GLSA 202505-07 ] FreeType: Remote Code Execution
[ GLSA 202505-09 ] Atop: Heap Corruption
[ GLSA 202505-11 ] Node.js: Multiple Vulnerabilities
[ GLSA 202505-10 ] Tracker miners: Sandbox weakness

PAM, Firefox, Thunderbird, Orc, NVIDIA Drivers, Glibc updates for Gentoo

Gentoo 2531 Published by Philipp Esselbach 0

Gentoo Linux has received an update addressing various security vulnerabilities, including multiple issues found in PAM, Mozilla Firefox, Mozilla Thunderbird, Orc, NVIDIA Drivers, and glibc:

[ GLSA 202505-01 ] PAM: Multiple Vulnerabilities
[ GLSA 202505-02 ] Mozilla Firefox: Multiple Vulnerabilities
[ GLSA 202505-03 ] Mozilla Thunderbird: Multiple Vulnerabilities
[ GLSA 202505-05 ] Orc: Arbitrary Code Execution
[ GLSA 202505-04 ] NVIDIA Drivers: Multiple Vulnerabilities
[ GLSA 202505-06 ] glibc: Buffer Overflow

Firefox, QT, Ghostscript, and more updates for Gentoo

Gentoo 2531 Published by Philipp Esselbach 0

Gentoo Linux has received multiple updates addressing several security vulnerabilities, which include issues in Mozilla Firefox, QtWebEngine, Qt: Buffer Overflow, libgsf, GPL Ghostscript, libuv, and Yubico pam-u2f:

[ GLSA 202501-10 ] Mozilla Firefox: Multiple Vulnerabilities
[ GLSA 202501-09 ] QtWebEngine: Multiple Vulnerabilities
[ GLSA 202501-08 ] Qt: Buffer Overflow
[ GLSA 202501-07 ] libgsf: Multiple Vulnerabilities
[ GLSA 202501-06 ] GPL Ghostscript: Multiple Vulnerabilities
[ GLSA 202501-05 ] libuv: Hostname Truncation
[ GLSA 202501-04 ] Yubico pam-u2f: Partial Authentication Bypass

Distrobox, eza, idna, libvirt, OpenSC updates for Gentoo Linux

Gentoo 2531 Published by Philipp Esselbach 0

Gentoo Linux has received updates that include multiple security patches, such as eza, Distrobox, idna, libvirt, and OpenSC, which address a range of vulnerabilities:

[ GLSA 202412-19 ] eza: Arbitrary Code Execution
[ GLSA 202412-18 ] Distrobox: Arbitrary Code Execution
[ GLSA 202412-17 ] idna: Denial of Service
[ GLSA 202412-16 ] libvirt: Multiple Vulnerabilities
[ GLSA 202412-15 ] OpenSC: Multiple Vulnerabilities

Next Page

Windows

Linux

macOS

Community

  • Lexonight
    Hey everyone,Wanted to share a project I've been b ...
  • SeveG
    need some help here... situationPC= Packard BellOS= win1 ...
  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...