Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -2 articles for you...
100
security advisorybuffer overflowcriticalSUSE: 2022:4483-1 Important: Xorg-X11-Server Critical Access Issues
An update that solves 6 vulnerabilities and has one errata is now available. . SUSE Security Update: Security update for xorg-x11-server ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4483-1 Rating: important References: #1205874 #1205875 #1205876 #1205877 #1205878 #1205879 #1206017 Cross-References: CVE-2022-4283 CVE-2022-46340 CVE-2022-46341 CVE-2022-46342 CVE-2022-46343 CVE-2022-46344 CVSS scores: CVE-2022-4283 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-46340 (SUSE): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H CVE-2022-46341 (SUSE): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H CVE-2022-46342 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2022-46343 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L CVE-2022-46344 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N Affected Products: SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 ______________________________________________________________________________ An update that solves 6 vulnerabilities and has one errata is now available. Description: This update for xorg-x11-server fixes the following issues: - CVE-2022-46340: Server XTestSwapFakeInput stack overflow (bsc#1205874) - CVE-2022-46341: Server XIPassiveUngrabDevice out-of-bounds access (bsc#1205877) - CVE-2022-46342: Server XvdiSelectVideoNotify use-after-free (bsc#1205879) - CVE-2022-46343: Server ScreenSaverSetAttributes use-after-free (bsc#1205878) - CVE-2022-46344: Server XIChangeProperty out-of-bounds access (bsc#1205876) - CVE-2022-4283: Reset the radio_groups pointerto NULL after freeing it (bsc#1206017) - Xi: return an error from XI property changes if verification failed (bsc#1205875) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-4483=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-4483=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): xorg-x11-server-debuginfo-1.19.6-10.40.1 xorg-x11-server-debugsource-1.19.6-10.40.1 xorg-x11-server-sdk-1.19.6-10.40.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): xorg-x11-server-1.19.6-10.40.1 xorg-x11-server-debuginfo-1.19.6-10.40.1 xorg-x11-server-debugsource-1.19.6-10.40.1 xorg-x11-server-extra-1.19.6-10.40.1 xorg-x11-server-extra-debuginfo-1.19.6-10.40.1 References: https://www.suse.com/security/cve/CVE-2022-4283.html https://www.suse.com/security/cve/CVE-2022-46340.html https://www.suse.com/security/cve/CVE-2022-46341.html https://www.suse.com/security/cve/CVE-2022-46342.html https://www.suse.com/security/cve/CVE-2022-46343.html https://www.suse.com/security/cve/CVE-2022-46344.html https://bugzilla.suse.com/1205874 https://bugzilla.suse.com/1205875 https://bugzilla.suse.com/1205876 https://bugzilla.suse.com/1205877 https://bugzilla.suse.com/1205878 https://bugzilla.suse.com/1205879 https://bugzilla.suse.com/1206017 . An important SUSE update addresses critical issues in xorg-x11-server with detailed installation instructions.. SUSE Update, xorg-x11-server Patch, Critical Security Fix. . Severity: Important. LinuxSecurity.com Team
Dec 14, 2022
•Important
SuSE
202
security advisoryupdatemoderate severityopenSUSE: 2022:10001-1 Moderate: Pcmanfm Security Exploit Resolution
An update that fixes one vulnerability is now available. . openSUSE Security Update: Security update for pcmanfm ______________________________________________________________________________ Announcement ID: openSUSE-SU-2022:10001-1 Rating: moderate References: #1039140 Cross-References: CVE-2017-8934 CVSS scores: CVE-2017-8934 (NVD) : 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: openSUSE Backports SLE-15-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for pcmanfm fixes the following issues: update to 1.3.2: * Fixed case when some keyboard shortcuts stopped working: Alt+Home, Alt+Up * Fixed sytem reboot delayed for 90 seconds in some cases new upstream release of pcmanfm 1.3.1 * fixed crash on reload while directory changes * changed size of large thumbnails to 512 * added application/gzip to archivers.list * added image/x-compressed-xcf to archivers.list * allowed bigger sizes of icons and thumbnails new upstream release of pcmanfm 1.3.0 * Fixed potential access violation, use runtime user dir instead of tmp diri for single instance socket. boo#1039140 CVE-2017-8934 * Fixed an issue with losing icons on desktop, when file name has a ???[??? char. * Added a missing tooltip for ???New Window??? toolbar button. * Fixed an issue when single instance socket directory did not exist Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP3: zypper in -t patch openSUSE-2022-10001=1 Package List: - openSUSE Backports SLE-15-SP3 (aarch64 ppc64le s390x x86_64): pcmanfm-1.3.2-bp153.2.3.1 pcmanfm-devel-1.3.2-bp153.2.3.1 - openSUSE Backports SLE-15-SP3 (noarch): pcmanfm-lang-1.3.2-bp153.2.3.1 References: https://www.suse.com/security/cve/CVE-2017-8934.html https://bugzilla.suse.com/1039140 . The recent upgrade for pcmanfm resolves a significant access violation problem, with enhancements deployed for openSUSE Backports SLE.. pcmanfm Update, Access Violation Fix, OpenSUSE Advisory. . LinuxSecurity.com Team
May 31, 2022
OpenSUSE
217
security advisorydenial of servicesecurity issueOracle Linux 8 ELSA-2022-0332 Critical: Samba Access Violation Fixes
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: . Oracle Linux Security Advisory ELSA-2022-0332 https://linux.oracle.com/errata/ELSA-2022-0332.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable LinuxNetwork: x86_64: ctdb-4.14.5-9.el8_5.x86_64.rpm libsmbclient-4.14.5-9.el8_5.i686.rpm libsmbclient-4.14.5-9.el8_5.x86_64.rpm libwbclient-4.14.5-9.el8_5.i686.rpm libwbclient-4.14.5-9.el8_5.x86_64.rpm python3-samba-4.14.5-9.el8_5.i686.rpm python3-samba-4.14.5-9.el8_5.x86_64.rpm python3-samba-test-4.14.5-9.el8_5.x86_64.rpm samba-4.14.5-9.el8_5.x86_64.rpm samba-client-4.14.5-9.el8_5.x86_64.rpm samba-client-libs-4.14.5-9.el8_5.i686.rpm samba-client-libs-4.14.5-9.el8_5.x86_64.rpm samba-common-4.14.5-9.el8_5.noarch.rpm samba-common-libs-4.14.5-9.el8_5.x86_64.rpm samba-common-tools-4.14.5-9.el8_5.x86_64.rpm samba-krb5-printing-4.14.5-9.el8_5.x86_64.rpm samba-libs-4.14.5-9.el8_5.i686.rpm samba-libs-4.14.5-9.el8_5.x86_64.rpm samba-pidl-4.14.5-9.el8_5.noarch.rpm samba-test-4.14.5-9.el8_5.x86_64.rpm samba-test-libs-4.14.5-9.el8_5.x86_64.rpm samba-vfs-iouring-4.14.5-9.el8_5.x86_64.rpm samba-winbind-4.14.5-9.el8_5.x86_64.rpm samba-winbind-clients-4.14.5-9.el8_5.x86_64.rpm samba-winbind-krb5-locator-4.14.5-9.el8_5.x86_64.rpm samba-winbind-modules-4.14.5-9.el8_5.i686.rpm samba-winbind-modules-4.14.5-9.el8_5.x86_64.rpm samba-winexe-4.14.5-9.el8_5.x86_64.rpm libsmbclient-devel-4.14.5-9.el8_5.i686.rpm libsmbclient-devel-4.14.5-9.el8_5.x86_64.rpm libwbclient-devel-4.14.5-9.el8_5.i686.rpm libwbclient-devel-4.14.5-9.el8_5.x86_64.rpm samba-devel-4.14.5-9.el8_5.i686.rpm samba-devel-4.14.5-9.el8_5.x86_64.rpm aarch64: ctdb-4.14.5-9.el8_5.aarch64.rpm libsmbclient-4.14.5-9.el8_5.aarch64.rpm libwbclient-4.14.5-9.el8_5.aarch64.rpm python3-samba-4.14.5-9.el8_5.aarch64.rpm python3-samba-test-4.14.5-9.el8_5.aarch64.rpm samba-4.14.5-9.el8_5.aarch64.rpm samba-client-4.14.5-9.el8_5.aarch64.rpm samba-client-libs-4.14.5-9.el8_5.aarch64.rpm samba-common-4.14.5-9.el8_5.noarch.rpm samba-common-libs-4.14.5-9.el8_5.aarch64.rpm samba-common-tools-4.14.5-9.el8_5.aarch64.rpm samba-krb5-printing-4.14.5-9.el8_5.aarch64.rpm samba-libs-4.14.5-9.el8_5.aarch64.rpm samba-pidl-4.14.5-9.el8_5.noarch.rpm samba-test-4.14.5-9.el8_5.aarch64.rpm samba-test-libs-4.14.5-9.el8_5.aarch64.rpm samba-vfs-iouring-4.14.5-9.el8_5.aarch64.rpm samba-winbind-4.14.5-9.el8_5.aarch64.rpm samba-winbind-clients-4.14.5-9.el8_5.aarch64.rpm samba-winbind-krb5-locator-4.14.5-9.el8_5.aarch64.rpm samba-winbind-modules-4.14.5-9.el8_5.aarch64.rpm libsmbclient-devel-4.14.5-9.el8_5.aarch64.rpm libwbclient-devel-4.14.5-9.el8_5.aarch64.rpm samba-devel-4.14.5-9.el8_5.aarch64.rpm SRPMS: https://oss.oracle.com:443/ol8/SRPMS-updates/samba-4.14.5-9.el8_5.src.rpm Related CVEs: CVE-2021-44142 Description of changes: [4.14.5-9] - resolves: rhbz#2046174 - Fix username map script regression of CVE-2020-25717 - resolves: rhbz#2046160 - Fix possible segfault while joining a domain - resolves: rhbz#2046152 - Fix CVE-2021-44142 [4.14.5-8] - resolves: rhbz#2026717 - Dir containing dangling symlinks cannot be deleted _______________________________________________ El-errata mailing list
Feb 01, 2022
Oracle
91
security advisorygentooprivilege escalationGentoo: GLSA-201612-51 Normal: Icinga Privilege Escalation Threat
A vulnerability in Icinga could lead to privilege escalation.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201612-51 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Icinga: Privilege escalation Date: December 31, 2016 Bugs: #603534 ID: 201612-51 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= A vulnerability in Icinga could lead to privilege escalation. Background ========= Icinga is an open source computer system and network monitoring application. It was originally created as a fork of the Nagios system monitoring application in 2009. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-analyzer/icinga < 1.13.4 > = 1.13.4 Description ========== Icinga daemon was found to perform unsafe operations when handling the log file. Impact ===== A local attacker, who either is already Icinga's system user or belongs to Icinga's group, could potentially escalate privileges. Workaround ========= There is no known workaround at this time. Resolution ========= All Icinga users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =net-analyzer/icinga-1.13.4" References ========= [ 1 ] CVE-2016-9566 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9566 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201612-51 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuringthe confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to
Dec 31, 2016
Gentoo
87
security advisorymoderatetiming attackDebian: DSA-3721-1 Moderate: Tomcat7 Timing Attacks and Access Violations
Multiple security vulnerabilities have been discovered in the Tomcat servlet and JSP engine, which may result in possible timing attacks to determine valid user names, bypass of the SecurityManager, disclosure of system properties, unrestricted access to global resources, arbitrary . - ------------------------------------------------------------------------- Debian Security Advisory DSA-3721-1
Nov 21, 2016
Debian
200
security advisoryprivilege escalationimportant updateScientific Linux: SLSA-2015:0729-1 Important Setroubleshoot Update
Important: setroubleshoot security update. Date: Thu, 26 Mar 2015 19:45:25 +0000 Reply-To: scientific-linux-users@ Sender: Security Errata for Scientific Linux From: Pat Riehecky Subject: Security ERRATA Important: setroubleshoot on SL5.x, SL6.x, SL7.x i386/x86_64 MIME-Version: 1.0 Synopsis: Important: setroubleshoot security update Advisory ID: SLSA-2015:0729-1 Issue Date: 2015-03-26 CVE Numbers: CVE-2015-1815 -- It was found that setroubleshoot did not sanitize file names supplied in a shell command look-up for RPMs associated with access violation reports. An attacker could use this flaw to escalate their privileges on the system by supplying a specially crafted file to the underlying shell command. (CVE-2015-1815) -- SL5 noarch setroubleshoot-2.0.5-7.el5_11.noarch.rpm setroubleshoot-server-2.0.5-7.el5_11.noarch.rpm SL6 x86_64 setroubleshoot-3.0.47-6.el6_6.1.x86_64.rpm setroubleshoot-debuginfo-3.0.47-6.el6_6.1.x86_64.rpm setroubleshoot-server-3.0.47-6.el6_6.1.x86_64.rpm setroubleshoot-doc-3.0.47-6.el6_6.1.x86_64.rpm i386 setroubleshoot-3.0.47-6.el6_6.1.i686.rpm setroubleshoot-debuginfo-3.0.47-6.el6_6.1.i686.rpm setroubleshoot-server-3.0.47-6.el6_6.1.i686.rpm setroubleshoot-doc-3.0.47-6.el6_6.1.i686.rpm SL7 x86_64 setroubleshoot-3.2.17-4.1.el7_1.x86_64.rpm setroubleshoot-debuginfo-3.2.17-4.1.el7_1.x86_64.rpm setroubleshoot-server-3.2.17-4.1.el7_1.x86_64.rpm - Scientific Linux Development Team . Essential patching protocol announced for Scientific Linux targeting vulnerabilities linked to privilege escalation threats.. setroubleshoot Update, Scientific Linux Security, privilege escalation, Important Security Advisory. . Severity: Important. LinuxSecurity.com Team
Mar 26, 2015
•Important
Scientific Linux
98
security advisorycritical issueRed Hat PowertoolsRed Hat Powertools 6.1/6.2 RHSA-2000:016-03 Critical Imwheel Access Flaws
Access and process violations with imwheel package exist.. ` --------------------------------------------------------------------- Red Hat, Inc. Security Advisory Synopsis: Multiple local imwheel vulnerabilities Advisory ID: RHSA-2000:016-03 Issue date: 2000-04-20 Updated on: 2000-07-03 Product: Red Hat Powertools Keywords: imwheel buffer imwheel-solo Cross references: N/A --------------------------------------------------------------------- 1. Topic: Multiple vulnerabilities exist in imwheel. 2. Relevant releases/architectures: Red Hat Powertools 6.1 - i386 alpha sparc Red Hat Powertools 6.2 - i386 alpha sparc 3. Problem description: Multiple local vulnerabilities exist in imwheel. * Read access violations where there is no checking of the file itself, it follows a symlink blindly. * Perl wrapper might allow other users on the machine to kill the imwheel process. 4. Solution: Because the core functionality of imwheel has been incorporated into many existing applications, removing imwheel will not incur a significant loss of functionality. If the machine which has imwheel installed is not a single user machine we recommend removing imwheel. To remove imwheel run this command: rpm -e imwheel 5. Bug IDs fixed ( for more info): N/A 6. RPMs required: N/A 7. Verification: MD5 sum Package Name -------------------------------------------------------------------------- N/A These packages are GPG signed by Red Hat, Inc. for security. Our key is available at: You can verify each package with the following command: rpm --checksig If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command: rpm --checksig --nogpg 8. References: N/A `. Red Hat security advisory outlines several local vulnerabilities in imwheel, detailing security risks and offering step-by-step guidance for users to address them. RedHat Powertools, Imwheel Security, Local Issues, Access Violations, Buffer Overflow. . Severity: Critical. LinuxSecurity.com Team
Jul 04, 2000
•Critical
Red Hat
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!