SlackwareThis Forum is for the discussion of Slackware Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
The target's backtrace indicates that libc has detected a heap error or that the target
was executing a heap function when it stopped. This could be due to heap corruption, passing
a bad pointer to a heap function such as free(), etc. Since heap errors might include buffer
overflows, use-after-free situations, etc. they are generally considered exploitable.
GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters
in the name of a source-code file, because lib-src/etags.c uses the system C library
function in its implementation of the ctags program. For example, a victim may use
the "ctags *" command (suggested in the ctags documentation) in a situation where the
current working directory has contents that depend on untrusted input.
GNU Emacs
GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the ctags program.
Use of system() has been discouraged for decades for precisely this sort of reason. I'm surprised these vulnerabilities are still showing up.
Anyway, thanks for the report, just patched my build.
Distribution: slackware, slackware from scratch, LFS, slackware [arm], linux Mint...
Posts: 1,564
Rep:
screen
bugfix CVE-2021-26937
It allows remote attackers to cause a denial of service
(invalid write access and application crash) or possibly
have unspecified other impact via a crafted UTF-8
character sequence.
Distribution: slackware, slackware from scratch, LFS, slackware [arm], linux Mint...
Posts: 1,564
Rep:
indent
Fix buffer overflow
Normally the CHECK_COM_SIZE macro is used to ensure that there is
enough space for whatever is being written to combuf, reallocating
if necessary. However, it is possible to pass through the entire
print_comment function without calling CHECK_COM_SIZE, while still
adding two characters to the buffer. In the case of nested comments,
this overflows the buffer.
Add another call to CHECK_COM_SIZE in the appropriate section of
print_comment.
x11-base/xorg-server: backport BadIDChoice fix w/ MaxClients
I was hoping this would slip into a release but it hasn't yet.
In any case, this fix has been on master for a while & I've
been running with it for months.
This commit follows many other major distributions in using DT_RUNPATH over
DT_RPATH. If DT_RUNPATH is present, LD_LIBRARY_PATH is searched before
DT_RUNPATH (DT_RPATH would be searched before LD_LIBRARY_PATH). So injecting
malicious shared objects is way harder with DT_RUNPATH.
fixes FS#76274
In libarchive 3.6.1, the software does not check for an error after calling calloc function
that can return with a NULL pointer if the function fails, which leads to a resultant NULL
pointer dereference or, in some cases, even arbitrary code execution.
Heap based buffer overflow in vim/vim 9.0.0946 and below by allowing an attacker to CTRL-W gf
in the expression used in the RHS of the substitute command.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
