Headline
Gentoo Linux Security Advisory 202311-10
Gentoo Linux Security Advisory 202311-10 - Multiple vulnerabilities have been discovered in RenderDoc, the worst of which leads to remote code execution. Versions greater than or equal to 1.27 are affected.
Gentoo Linux Security Advisory GLSA 202311-10
https://security.gentoo.org/
Severity: High
Title: RenderDoc: Multiple Vulnerabilities
Date: November 25, 2023
Bugs: #908031
ID: 202311-10
Synopsis
Multiple vulnerabilities have been discovered in RenderDoc, the worst of
which leads to remote code execution.
Background
RenderDoc is a free MIT licensed stand-alone graphics debugger that
allows quick and easy single-frame capture and detailed introspection of
any application using Vulkan, D3D11, OpenGL & OpenGL ES or D3D12 across
Windows, Linux, Android, or Nintendo Switch™.
Affected packages
Package Vulnerable Unaffected
media-gfx/renderdoc < 1.27 >= 1.27
Description
Multiple vulnerabilities have been discovered in GRUB. Please review the
CVE identifiers referenced below for details.
Impact
Please review the referenced CVE identifiers for details.
Workaround
There is no known workaround at this time.
Resolution
All RenderDoc users should upgrade to the latest version:
emerge --sync
emerge --ask --oneshot --verbose “>=media-gfx/renderdoc-1.27”
References
[ 1 ] CVE-2023-33863
https://nvd.nist.gov/vuln/detail/CVE-2023-33863
[ 2 ] CVE-2023-33864
https://nvd.nist.gov/vuln/detail/CVE-2023-33864
[ 3 ] CVE-2023-33865
https://nvd.nist.gov/vuln/detail/CVE-2023-33865
Availability
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/202311-10
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users’ machines is of utmost
importance to us. Any security concerns should be addressed to
[email protected] or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
Copyright 2023 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
Related news
RenderDoc versions 1.26 and below suffer from integer underflow, integer overflow, and symlink vulnerabilities.
RenderDoc versions 1.26 and below suffer from integer underflow, integer overflow, and symlink vulnerabilities.
RenderDoc versions 1.26 and below suffer from integer underflow, integer overflow, and symlink vulnerabilities.
VMware has released security updates to fix a trio of flaws in Aria Operations for Networks that could result in information disclosure and remote code execution. The most critical of the three vulnerabilities is a command injection vulnerability tracked as CVE-2023-20887 (CVSS score: 9.8) that could allow a malicious actor with network access to achieve remote code execution. Also patched by
VMware has released security updates to fix a trio of flaws in Aria Operations for Networks that could result in information disclosure and remote code execution. The most critical of the three vulnerabilities is a command injection vulnerability tracked as CVE-2023-20887 (CVSS score: 9.8) that could allow a malicious actor with network access to achieve remote code execution. Also patched by
VMware has released security updates to fix a trio of flaws in Aria Operations for Networks that could result in information disclosure and remote code execution. The most critical of the three vulnerabilities is a command injection vulnerability tracked as CVE-2023-20887 (CVSS score: 9.8) that could allow a malicious actor with network access to achieve remote code execution. Also patched by
RenderDoc through 1.26 allows an Integer Overflow with a resultant Buffer Overflow (issue 1 of 2).
RenderDoc through 1.26 allows an Integer Overflow with a resultant Buffer Overflow (issue 1 of 2).
RenderDoc through 1.26 allows an Integer Overflow with a resultant Buffer Overflow (issue 1 of 2).