Alerts This Week
Warning Icon 1 677
Alerts This Week
Warning Icon 1 677

Stay Secure with the Latest Linux Advisories

Debianlts Large Esm H800
Debian LTS

Debian Dovecot High Severity Service Disruption Info Leak Flaw DLA-4617-1

Calendar White Jun 05, 2026
Important
Debianlts Large Esm H900
Debian LTS

Debian 11 gsasl Critical DoS Threat Advisory DLA-4618-1 CVE-2026-48829

Calendar White Jun 05, 2026
Critical
Suse Large Esm H900
SuSE

SUSE MozillaThunderbird Important Memory Safety Fix Advisory 2026-2271-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H800
SuSE

SUSE Linux Micro 6.0 Ignition Key HTTP Transport Loop Patch 2026-21987-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro 6.0 Important Libzypp Libsolv Security Update 2026-21988-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Google-Guest-Agent Important Security Update 2026-21989-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H800
SuSE

SUSE Linux Micro Important Salt Multi-Linux Manager Vuln 2026-21990-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro Critical Ignition Patch CVE-2026-33814

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro 6.1 Security Update for libzypp libsolv Key 2026-21992-1

Calendar White Jun 05, 2026
Important
Filter Icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found -6 articles for you...
91
Ls Advisories Gentoo Esm H240
Price Tag 1security advisorydenial of servicegentoo linux

Gentoo 200903-40 Normal: Analog DoS Risk And Resolution

A Denial of Service vulnerability was discovered in Analog.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200903-40 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Analog: Denial of Service Date: March 29, 2009 Bugs: #249140 ID: 200903-40 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= A Denial of Service vulnerability was discovered in Analog. Background ========= Analog is a a webserver log analyzer. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 app-admin/analog < 6.0-r2 > = 6.0-r2 Description ========== Diego E. Petteno reported that the Analog package in Gentoo is built with its own copy of bzip2, making it vulnerable to CVE-2008-1372 (GLSA 200804-02). Impact ===== A local attacker could place specially crafted log files into a log directory being analyzed by analog, e.g. /var/log/apache, resulting in a crash when being processed by the application. Workaround ========= There is no known workaround at this time. Resolution ========= All Analog users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =app-admin/analog-6.0-r2" NOTE: Analog is now linked against the system bzip2 library. References ========= [ 1 ] CVE-2008-1372 https://www.cve.org/CVERecord?id=CVE-2008-1372 [ 2 ] GLSA 200804-02 https://security.gentoo.org/glsa/200804-02 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/200903-40 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to This email address is being protected from spambots. You need JavaScript enabled to view it. or alternatively, you may file a bug at https://bugs.gentoo.org/. License ====== Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5/ . Explore potential Denial of Service weaknesses in Analog on Gentoo systems, and discover effective strategies for bolstering security.. Analog Vulnerability, Gentoo Linux Advisory, Denial Of Service Issue. . LinuxSecurity.com Team

Calendar 2 Mar 29, 2009 Gentoo
98
Ls Advisories Redhat Esm H240
Price Tag 1security advisorydenial of serviceRed Hat Powertools

Red Hat Powertools RHSA-2002:059-13 Critical: Analog Cross-Site Scripting

Updated packages for analog are available which fix a cross-site scripting problem and a denial of service problem.. ` --------------------------------------------------------------------- Red Hat, Inc. Red Hat Security Advisory Synopsis: Updated analog packages are available Advisory ID: RHSA-2002:059-13 Issue date: 2002-04-09 Updated on: 2002-09-26 Product: Red Hat Powertools Keywords: analog cross-site scripting Cross references: Obsoletes: CVE Names: CVE-2002-0166 CAN-2002-1154 --------------------------------------------------------------------- 1. Topic: Updated packages for analog are available which fix a cross-site scripting problem and a denial of service problem. 2. Relevant releases/architectures: Red Hat Powertools 7.1 - alpha, i386 3. Problem description: Analog is a web server logfile analysis program. Yuji Takahashi discovered a bug in analog versions prior to 5.2.2 which allows a cross-site scripting attack when an attacker can insert arbitrary strings into a web server logfile. Analog then performs an analysis on all strings in the logfile and reports it. An attacker can exploit this vulnerability, for example, by introducing arbitrary Javascript code into an analog report produced by one user and read by a third person. Additionally a problem was discovered in the optional CGI front end form interface to analog, anlgform.pl in versions prior to 5.23. An attacker who has access to this program could cause the web server error log to fill. All users of analog are advised to upgrade to the errata packages containing analog version 5.24 which is not affected by these vulnerabilities. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. To update all RPMs for your particular architecture, run: rpm -Fvh [filenames] where [filenames] is a list of the RPMs you wish to upgrade. Only those RPMs which are currentlyinstalled will be updated. Those RPMs which are not installed but included in the list will not be updated. Note that you can also use wildcards (*.rpm) if your current directory *only* contains the desired RPMs. Please note that this update is also available via Red Hat Network. Many people find this an easier way to apply updates. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. 5. RPMs required: Red Hat Powertools 7.1: SRPMS: alpha: i386: 6. Verification: MD5 sum Package Name -------------------------------------------------------------------------- 5e816ff01a41d588178e2971d1fb12a6 7.1/en/powertools/SRPMS/analog-5.24-1.src.rpm b01876dce46ed92c8e5177eddef31a48 7.1/en/powertools/alpha/analog-5.24-1.alpha.rpm 015d4ea8f3bf01d441f7a3d10e9c7840 7.1/en/powertools/alpha/analog-form-5.24-1.alpha.rpm 0218cfd9eef61f3a3025dd934801be07 7.1/en/powertools/i386/analog-5.24-1.i386.rpm 70175466a734180b76ad056e83924a79 7.1/en/powertools/i386/analog-form-5.24-1.i386.rpm These packages are GPG signed by Red Hat, Inc. for security. Our key is available at: About You can verify each package with the following command: rpm --checksig If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command: rpm --checksig --nogpg 7. References: http://mildb-yvk.com/ CVE -CVE-2002-0166 CVE -CVE-2002-1154 Copyright(c) 2000, 2001, 2002 Red Hat, Inc. _______________________________________________ Red Hat-watch-list mailing list To unsubscribe, visit: `. Recent firmware enhancements tackle issues surrounding cross-site optical breaches and connectivity failures. Upgrade to edition 5.24 for improved protection.. Analog Security, Red Hat Updates, Software Advisories. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Oct 10, 2002 Critical Red Hat
Banner 3 1028x280 1708121785 1771599793
87
Ls Advisories Debian Esm H240
Price Tag 1security advisorybuffer overflowremote exploit

Debian 2.2: DSA-033-1 Critical: Analog Buffer Overflow Remote Exploit

The author of analog, Stephen Turner, has found a buffer overflow bug in all versions of analog except of version 4.16.. ---------------------------------------------------------------------------- Debian Security Advisory DSA-033-1 This email address is being protected from spambots. You need JavaScript enabled to view it. Debian -- Security Information Martin Schulze March 7, 2001 ---------------------------------------------------------------------------- Package : analog Vulnerability : Buffer overflow Type : Remote exploit Debian-specific: no The author of analog, Stephen Turner, has found a buffer overflow bug in all versions of analog except of version 4.16. A malicious user could use an ALIAS command to construct very long strings which were not checked for length and boundaries. This bug is particularly dangerous if the form interface (which allows unknown users to run the program via a CGI script) has been installed. There doesn't seem to be a known exploit. The bugfix has been backported to the version of analog from Debian 2.2. Version 4.01-1potato1 is fixed. We recommend you upgrade your analog packages immediately. wget url will fetch the file for you dpkg -i file.deb will install the referenced file. You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 2.2 alias potato ------------------------------------ Potato was released for the alpha, arm, i386, m68k, powerpc and sparc architectures. Source archives: MD5 checksum: 7bfd2e731d39bf5073f2ca5d83f27c03 MD5 checksum: 943c6acbea97b7c2f36f45be947f4c7f MD5 checksum: ca589f176699884d97d8297a2bda2e38 Intel ia32 architecture: MD5 checksum: 67250cafaeca7404a219a9ebf49f3e54 Motorola 680x0 architecture: MD5 checksum: 06722f7b432bee16c99d24141e96d76c Sun Sparc architecture: MD5 checksum: 267891eda02bf3c54fc76645b7f093c2 Alpha architecture: MD5checksum: 8c2312f9216cc20bd2495a7e9b8e9855 PowerPC architecture: MD5 checksum: deb1cbbafa9daac403b6f2e3ab024fc7 ARM architecture: MD5 checksum: a15022522f60a878958d5a3243fcc1c2 These files will be moved into soon. For not yet released architectures please refer to the appropriate directory . ---------------------------------------------------------------------------- For apt-get: deb Debian -- Security Information stable/updates main For dpkg-ftp: dists/stable/updates/main Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. Package info: `apt-cache show ' and https://www.debian.org/distrib/packages . Upgrade the security arsenal for Debian platforms to address a heap overflow flaw. Examine the solution detailed in this advisory.. Buffer Overflow, Debian Update, Analog Bugfix. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Mar 07, 2001 Critical Debian
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200

Search Topics

Your message here