Security
Headlines
HeadlinesLatestCVEs

Headline

Gentoo Linux Security Advisory 202311-10

Gentoo Linux Security Advisory 202311-10 - Multiple vulnerabilities have been discovered in RenderDoc, the worst of which leads to remote code execution. Versions greater than or equal to 1.27 are affected.

Packet Storm
#vulnerability#web#android#mac#windows#linux#rce

Gentoo Linux Security Advisory GLSA 202311-10


                                       https://security.gentoo.org/  

Severity: High
Title: RenderDoc: Multiple Vulnerabilities
Date: November 25, 2023
Bugs: #908031
ID: 202311-10


Synopsis

Multiple vulnerabilities have been discovered in RenderDoc, the worst of
which leads to remote code execution.

Background

RenderDoc is a free MIT licensed stand-alone graphics debugger that
allows quick and easy single-frame capture and detailed introspection of
any application using Vulkan, D3D11, OpenGL & OpenGL ES or D3D12 across
Windows, Linux, Android, or Nintendo Switch™.

Affected packages

Package Vulnerable Unaffected


media-gfx/renderdoc < 1.27 >= 1.27

Description

Multiple vulnerabilities have been discovered in GRUB. Please review the
CVE identifiers referenced below for details.

Impact

Please review the referenced CVE identifiers for details.

Workaround

There is no known workaround at this time.

Resolution

All RenderDoc users should upgrade to the latest version:

emerge --sync

emerge --ask --oneshot --verbose “>=media-gfx/renderdoc-1.27”

References

[ 1 ] CVE-2023-33863
https://nvd.nist.gov/vuln/detail/CVE-2023-33863
[ 2 ] CVE-2023-33864
https://nvd.nist.gov/vuln/detail/CVE-2023-33864
[ 3 ] CVE-2023-33865
https://nvd.nist.gov/vuln/detail/CVE-2023-33865

Availability

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

https://security.gentoo.org/glsa/202311-10

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users’ machines is of utmost
importance to us. Any security concerns should be addressed to
[email protected] or alternatively, you may file a bug at
https://bugs.gentoo.org.

License

Copyright 2023 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Related news

RenderDoc 1.26 Local Privilege Escalation / Remote Code Execution

RenderDoc versions 1.26 and below suffer from integer underflow, integer overflow, and symlink vulnerabilities.

RenderDoc 1.26 Local Privilege Escalation / Remote Code Execution

RenderDoc versions 1.26 and below suffer from integer underflow, integer overflow, and symlink vulnerabilities.

RenderDoc 1.26 Local Privilege Escalation / Remote Code Execution

RenderDoc versions 1.26 and below suffer from integer underflow, integer overflow, and symlink vulnerabilities.

Urgent Security Updates: Cisco and VMware Address Critical Vulnerabilities

VMware has released security updates to fix a trio of flaws in Aria Operations for Networks that could result in information disclosure and remote code execution. The most critical of the three vulnerabilities is a command injection vulnerability tracked as CVE-2023-20887 (CVSS score: 9.8) that could allow a malicious actor with network access to achieve remote code execution. Also patched by

Urgent Security Updates: Cisco and VMware Address Critical Vulnerabilities

VMware has released security updates to fix a trio of flaws in Aria Operations for Networks that could result in information disclosure and remote code execution. The most critical of the three vulnerabilities is a command injection vulnerability tracked as CVE-2023-20887 (CVSS score: 9.8) that could allow a malicious actor with network access to achieve remote code execution. Also patched by

Urgent Security Updates: Cisco and VMware Address Critical Vulnerabilities

VMware has released security updates to fix a trio of flaws in Aria Operations for Networks that could result in information disclosure and remote code execution. The most critical of the three vulnerabilities is a command injection vulnerability tracked as CVE-2023-20887 (CVSS score: 9.8) that could allow a malicious actor with network access to achieve remote code execution. Also patched by

CVE-2023-33863

RenderDoc through 1.26 allows an Integer Overflow with a resultant Buffer Overflow (issue 1 of 2).

CVE-2023-33863

RenderDoc through 1.26 allows an Integer Overflow with a resultant Buffer Overflow (issue 1 of 2).

CVE-2023-33863

RenderDoc through 1.26 allows an Integer Overflow with a resultant Buffer Overflow (issue 1 of 2).

Packet Storm: Latest News

Ivanti EPM Agent Portal Command Execution